@cyclonedx/cdxgen 10.3.5 → 10.4.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "10.3.5",
+  "version": "10.4.0",
   "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
   "homepage": "http://github.com/cyclonedx/cdxgen",
   "author": "Prabhu Subramanian <prabhu@appthreat.com>",
@@ -43,8 +43,8 @@
     "docs": "docsify serve docs",
     "test": "node --experimental-vm-modules node_modules/jest/bin/jest.js --inject-globals false docker.test.js utils.test.js display.test.js postgen.test.js",
     "watch": "node --experimental-vm-modules node_modules/jest/bin/jest.js --watch --inject-globals false",
-    "lint": "eslint *.js *.test.js bin/*.js --fix",
-    "pretty": "prettier --write jsr.json deno.json *.js data/*.json bin/*.js *.md docs/*.md data/*.md",
+    "lint:check": "biome check *",
+    "lint": "biome check --apply *",
     "gen-types": "npx -p typescript tsc"
   },
   "engines": {
@@ -60,7 +60,7 @@
   "dependencies": {
     "@babel/parser": "^7.24.4",
     "@babel/traverse": "^7.24.1",
-    "@npmcli/arborist": "7.4.1",
+    "@npmcli/arborist": "7.4.2",
     "ajv": "^8.12.0",
     "ajv-formats": "^3.0.1",
     "cheerio": "^1.0.0-rc.12",
@@ -86,7 +86,7 @@
   },
   "optionalDependencies": {
     "@appthreat/atom": "2.0.9",
-    "@appthreat/cdx-proto": "^0.0.4",
+    "@appthreat/cdx-proto": "1.0.1",
     "@cyclonedx/cdxgen-plugins-bin": "^1.5.8",
     "@cyclonedx/cdxgen-plugins-bin-arm64": "^1.5.8",
     "@cyclonedx/cdxgen-plugins-bin-darwin-amd64": "^1.5.8",
@@ -101,19 +101,11 @@
     "sequelize": "^6.37.2",
     "sqlite3": "^5.1.7"
   },
-  "files": [
-    "*.js",
-    "bin/",
-    "data/",
-    "types/"
-  ],
+  "files": ["*.js", "bin/", "data/", "types/"],
   "devDependencies": {
+    "@biomejs/biome": "1.6.4",
     "docsify-cli": "^4.4.4",
-    "eslint": "^8.57.0",
-    "eslint-config-prettier": "^9.1.0",
-    "eslint-plugin-prettier": "^5.1.3",
     "jest": "^29.7.0",
-    "prettier": "3.2.5",
-    "typescript": "^5.4.4"
+    "typescript": "^5.4.5"
   }
 }

package/piptree.js

@@ -1,3 +1,4 @@
+import { spawnSync } from "node:child_process";
 /**
  * The idea behind this plugin came from the excellent pipdeptree package
  * https://github.com/tox-dev/pipdeptree
@@ -9,11 +10,10 @@ import {
   mkdtempSync,
   readFileSync,
   rmSync,
-  writeFileSync
+  writeFileSync,
 } from "node:fs";
-import { join } from "node:path";
 import { tmpdir } from "node:os";
-import { spawnSync } from "node:child_process";
+import { join } from "node:path";
 
 const PIP_TREE_PLUGIN_CONTENT = `
 import importlib.metadata as importlib_metadata
@@ -129,7 +129,7 @@ export const getTreeWithPlugin = (env, python_cmd, basePath) => {
   const result = spawnSync(python_cmd, pipPluginArgs, {
     cwd: basePath,
     encoding: "utf-8",
-    env
+    env,
   });
   if (result.status !== 0 || result.error) {
     console.log(result.stdout, result.stderr);
@@ -137,8 +137,8 @@ export const getTreeWithPlugin = (env, python_cmd, basePath) => {
   if (existsSync(pipTreeJson)) {
     tree = JSON.parse(
       readFileSync(pipTreeJson, {
-        encoding: "utf-8"
-      })
+        encoding: "utf-8",
+      }),
     );
   }
   if (rmSync) {

package/postgen.js

@@ -87,7 +87,7 @@ export const filterBom = (bomJson, options) => {
         const newdepson = (adep.dependsOn || []).filter((d) => newPkgMap[d]);
         const obj = {
           ref: adep.ref,
-          dependsOn: newdepson
+          dependsOn: newdepson,
         };
         // Filter provides array if needed
         if (adep.provides && adep.provides.length) {
@@ -110,7 +110,7 @@ export const filterBom = (bomJson, options) => {
       }
       bomJson.compositions.push({
         "bom-ref": bomJson.metadata.component["bom-ref"],
-        aggregate: options.only ? "incomplete_first_party_only" : "incomplete"
+        aggregate: options.only ? "incomplete_first_party_only" : "incomplete",
       });
     }
   }

package/postgen.test.js

@@ -5,7 +5,7 @@ import { expect, test } from "@jest/globals";
 
 test("filter bom tests", () => {
   const bomJson = JSON.parse(
-    readFileSync("./test/data/bom-postgen-test.json", "utf-8")
+    readFileSync("./test/data/bom-postgen-test.json", "utf-8"),
   );
   let newBom = filterBom(bomJson, {});
   expect(bomJson).toEqual(newBom);
@@ -21,7 +21,7 @@ test("filter bom tests", () => {
 
 test("filter bom tests2", () => {
   const bomJson = JSON.parse(
-    readFileSync("./test/data/bom-postgen-test2.json", "utf-8")
+    readFileSync("./test/data/bom-postgen-test2.json", "utf-8"),
   );
   let newBom = filterBom(bomJson, {});
   expect(bomJson).toEqual(newBom);
@@ -53,7 +53,7 @@ test("filter bom tests2", () => {
   newBom = filterBom(bomJson, {
     only: ["org.springframework"],
     specVersion: 1.5,
-    autoCompositions: true
+    autoCompositions: true,
   });
   for (const comp of newBom.components) {
     if (!comp.purl.includes("org.springframework")) {
@@ -64,7 +64,7 @@ test("filter bom tests2", () => {
   expect(newBom.compositions).toEqual([
     {
       aggregate: "incomplete_first_party_only",
-      "bom-ref": "pkg:maven/sec/java-sec-code@1.0.0?type=jar"
-    }
+      "bom-ref": "pkg:maven/sec/java-sec-code@1.0.0?type=jar",
+    },
   ]);
 });

package/protobom.js

@@ -1,6 +1,12 @@
-import { Bom } from "@appthreat/cdx-proto";
 import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { cdx_15, cdx_16 } from "@appthreat/cdx-proto";
 
+/**
+ * Stringify the given bom json based on the type.
+ *
+ * @param {string | Object} bomJson string or object
+ * @returns {string} BOM json string
+ */
 const stringifyIfNeeded = (bomJson) => {
   if (typeof bomJson === "string" || bomJson instanceof String) {
     return bomJson;
@@ -8,26 +14,50 @@ const stringifyIfNeeded = (bomJson) => {
   return JSON.stringify(bomJson);
 };
 
+/**
+ * Method to convert the given bom json to proto binary
+ *
+ * @param {string | Object} bomJson BOM Json
+ * @param {string} binFile Binary file name
+ */
 export const writeBinary = (bomJson, binFile) => {
   if (bomJson && binFile) {
-    const bomObject = new Bom();
+    let bomObject = undefined;
+    if (+bomJson.specVersion === 1.6) {
+      bomObject = new cdx_16.Bom();
+    } else {
+      bomObject = new cdx_15.Bom();
+    }
     writeFileSync(
       binFile,
       bomObject
         .fromJsonString(stringifyIfNeeded(bomJson), {
-          ignoreUnknownFields: true
+          ignoreUnknownFields: true,
         })
-        .toBinary({ writeUnknownFields: true })
+        .toBinary({ writeUnknownFields: true }),
     );
   }
 };
 
-export const readBinary = (binFile, asJson = true) => {
+/**
+ * Method to read a serialized binary
+ *
+ * @param {string} binFile Binary file name
+ * @param {boolean} asJson Convert to JSON
+ * @param {number} specVersion Specification version. Defaults to 1.5
+ */
+export const readBinary = (binFile, asJson = true, specVersion = 1.5) => {
   if (!existsSync(binFile)) {
     return undefined;
   }
-  const bomObject = new Bom().fromBinary(readFileSync(binFile), {
-    readUnknownFields: true
+  let bomLib = undefined;
+  if (specVersion === 1.6) {
+    bomLib = new cdx_16.Bom();
+  } else {
+    bomLib = new cdx_15.Bom();
+  }
+  const bomObject = bomLib.fromBinary(readFileSync(binFile), {
+    readUnknownFields: true,
   });
   if (asJson) {
     return bomObject.toJson({ emitDefaultValues: true });

package/protobom.test.js

@@ -1,13 +1,13 @@
-import { expect, test } from "@jest/globals";
-import { tmpdir } from "node:os";
 import { existsSync, mkdtempSync, readFileSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
 import { join } from "node:path";
+import { expect, test } from "@jest/globals";
 
 import { readBinary, writeBinary } from "./protobom.js";
 
 const tempDir = mkdtempSync(join(tmpdir(), "bin-tests-"));
 const testBom = JSON.parse(
-  readFileSync("./test/data/bom-java.json", { encoding: "utf-8" })
+  readFileSync("./test/data/bom-java.json", { encoding: "utf-8" }),
 );
 
 test("proto binary tests", () => {
@@ -19,12 +19,12 @@ test("proto binary tests", () => {
   let bomObject = readBinary(binFile);
   expect(bomObject).toBeDefined();
   expect(bomObject.serialNumber).toEqual(
-    "urn:uuid:cc8b5a04-2698-4375-b04c-cedfa4317fee"
+    "urn:uuid:cc8b5a04-2698-4375-b04c-cedfa4317fee",
   );
-  bomObject = readBinary(binFile, false);
+  bomObject = readBinary(binFile, false, 1.5);
   expect(bomObject).toBeDefined();
   expect(bomObject.serialNumber).toEqual(
-    "urn:uuid:cc8b5a04-2698-4375-b04c-cedfa4317fee"
+    "urn:uuid:cc8b5a04-2698-4375-b04c-cedfa4317fee",
   );
   if (tempDir && tempDir.startsWith(tmpdir()) && rmSync) {
     rmSync(tempDir, { recursive: true, force: true });

package/server.js

@@ -1,12 +1,12 @@
-import connect from "connect";
-import http from "node:http";
-import bodyParser from "body-parser";
-import url from "node:url";
 import { spawnSync } from "node:child_process";
-import os from "node:os";
 import fs from "node:fs";
+import http from "node:http";
+import os from "node:os";
 import path from "node:path";
 import process from "node:process";
+import url from "node:url";
+import bodyParser from "body-parser";
+import connect from "connect";
 import { createBom, submitBom } from "./index.js";
 import { postProcess } from "./postgen.js";
 
@@ -14,21 +14,21 @@ import compression from "compression";
 
 // Timeout milliseconds. Default 10 mins
 const TIMEOUT_MS =
-  parseInt(process.env.CDXGEN_SERVER_TIMEOUT_MS) || 10 * 60 * 1000;
+  Number.parseInt(process.env.CDXGEN_SERVER_TIMEOUT_MS) || 10 * 60 * 1000;
 
 const app = connect();
 
 app.use(
   bodyParser.json({
     deflate: true,
-    limit: "1mb"
-  })
+    limit: "1mb",
+  }),
 );
 app.use(compression());
 
 const gitClone = (repoUrl, branch = null) => {
   const tempDir = fs.mkdtempSync(
-    path.join(os.tmpdir(), path.basename(repoUrl))
+    path.join(os.tmpdir(), path.basename(repoUrl)),
   );
 
   if (branch == null) {
@@ -38,8 +38,8 @@ const gitClone = (repoUrl, branch = null) => {
       ["clone", repoUrl, "--depth", "1", tempDir],
       {
         encoding: "utf-8",
-        shell: false
-      }
+        shell: false,
+      },
     );
     if (result.status !== 0 || result.error) {
       console.log(result.error);
@@ -51,8 +51,8 @@ const gitClone = (repoUrl, branch = null) => {
       ["clone", repoUrl, "--branch", branch, "--depth", "1", tempDir],
       {
         encoding: "utf-8",
-        shell: false
-      }
+        shell: false,
+      },
     );
     if (result.status !== 0 || result.error) {
       console.log(result.error);
@@ -85,7 +85,7 @@ const parseQueryString = (q, body, options = {}) => {
     "only",
     "autoCompositions",
     "gitBranch",
-    "active"
+    "active",
   ];
 
   for (const param of queryParams) {
@@ -125,13 +125,13 @@ const start = (options) => {
     const reqOptions = parseQueryString(
       q,
       req.body,
-      Object.assign({}, options)
+      Object.assign({}, options),
     );
     const filePath = q.path || q.url || req.body.path || req.body.url;
     if (!filePath) {
       res.writeHead(500, { "Content-Type": "application/json" });
       return res.end(
-        "{'error': 'true', 'message': 'path or url is required.'}\n"
+        "{'error': 'true', 'message': 'path or url is required.'}\n",
       );
     }
     res.writeHead(200, { "Content-Type": "application/json" });

package/types/analyzer.d.ts

@@ -1,5 +1,8 @@
-export function findJSImportsExports(src: any, deep: any): Promise<{
-    allImports: {};
-    allExports: {};
+export function findJSImportsExports(
+  src: any,
+  deep: any,
+): Promise<{
+  allImports: {};
+  allExports: {};
 }>;
-//# sourceMappingURL=analyzer.d.ts.map
+//# sourceMappingURL=analyzer.d.ts.map

package/types/binary.d.ts

@@ -1,12 +1,12 @@
 export function getGoBuildInfo(src: any): string;
 export function getCargoAuditableInfo(src: any): string;
 export function getOSPackages(src: any): {
-    osPackages: any[];
-    dependenciesList: {
-        ref: any;
-        dependsOn: any[];
-    }[];
-    allTypes: any[];
+  osPackages: any[];
+  dependenciesList: {
+    ref: any;
+    dependsOn: any[];
+  }[];
+  allTypes: any[];
 };
 export function executeOsQuery(query: any): any;
 /**
@@ -26,5 +26,9 @@ export function getDotnetSlices(src: string, slicesFile: string): boolean;
  *
  * @return {boolean} Result of the generation
  */
-export function getBinaryBom(src: string, binaryBomFile: string, deepMode: boolean): boolean;
-//# sourceMappingURL=binary.d.ts.map
+export function getBinaryBom(
+  src: string,
+  binaryBomFile: string,
+  deepMode: boolean,
+): boolean;
+//# sourceMappingURL=binary.d.ts.map

package/types/cbomutils.d.ts

@@ -12,4 +12,4 @@ export function collectOSCryptoLibs(options: any): any[];
  * @returns {Array} Arary of crypto algorithm objects with oid and description
  */
 export function findCryptoAlgos(code: any): any[];
-//# sourceMappingURL=cbomutils.d.ts.map
+//# sourceMappingURL=cbomutils.d.ts.map

package/types/db.d.ts

@@ -1,19 +1,31 @@
-export function createOrLoad(dbName: any, dbPath: any, logging?: boolean): Promise<{
-    sequelize: Sequelize;
-    Namespaces: typeof Namespaces;
-    Usages: typeof Usages;
-    DataFlows: typeof DataFlows;
+export function createOrLoad(
+  dbName: any,
+  dbPath: any,
+  logging?: boolean,
+): Promise<{
+  sequelize: Sequelize;
+  Namespaces: typeof Namespaces;
+  Usages: typeof Usages;
+  DataFlows: typeof DataFlows;
 }>;
-import { Sequelize } from "sequelize";
+import type { Sequelize } from "sequelize";
 declare class Namespaces extends Model<any, any> {
-    constructor(values?: import("sequelize").Optional<any, string>, options?: import("sequelize").BuildOptions);
+  constructor(
+    values?: import("sequelize").Optional<any, string>,
+    options?: import("sequelize").BuildOptions,
+  );
 }
 declare class Usages extends Model<any, any> {
-    constructor(values?: import("sequelize").Optional<any, string>, options?: import("sequelize").BuildOptions);
+  constructor(
+    values?: import("sequelize").Optional<any, string>,
+    options?: import("sequelize").BuildOptions,
+  );
 }
 declare class DataFlows extends Model<any, any> {
-    constructor(values?: import("sequelize").Optional<any, string>, options?: import("sequelize").BuildOptions);
+  constructor(
+    values?: import("sequelize").Optional<any, string>,
+    options?: import("sequelize").BuildOptions,
+  );
 }
 import { Model } from "sequelize";
-export {};
-//# sourceMappingURL=db.d.ts.map
+//# sourceMappingURL=db.d.ts.map

package/types/display.d.ts

@@ -5,4 +5,4 @@ export function printOccurrences(bomJson: any): void;
 export function printCallStack(bomJson: any): void;
 export function printDependencyTree(bomJson: any): void;
 export function printReachables(sliceArtefacts: any): void;
-//# sourceMappingURL=display.d.ts.map
+//# sourceMappingURL=display.d.ts.map

package/types/docker.d.ts

@@ -1,44 +1,64 @@
 export const isWin: boolean;
-export function getDirs(dirPath: string, dirName: string, hidden?: boolean, recurse?: boolean): string[];
+export function getDirs(
+  dirPath: string,
+  dirName: string,
+  hidden?: boolean,
+  recurse?: boolean,
+): string[];
 export function getOnlyDirs(srcpath: any, dirName: any): any;
 export function getConnection(options: any, forRegistry: any): Promise<any>;
-export function makeRequest(path: any, method: string, forRegistry: any): Promise<any>;
+export function makeRequest(
+  path: any,
+  method: string,
+  forRegistry: any,
+): Promise<any>;
 export function parseImageName(fullImageName: any): {
-    registry: string;
-    repo: string;
-    tag: string;
-    digest: string;
-    platform: string;
-    group: string;
-    name: string;
+  registry: string;
+  repo: string;
+  tag: string;
+  digest: string;
+  platform: string;
+  group: string;
+  name: string;
 };
 export function getImage(fullImageName: any): Promise<any>;
 export function extractTar(fullImageName: any, dir: any): Promise<boolean>;
-export function exportArchive(fullImageName: any): Promise<{
-    manifest: {};
-    allLayersDir: string;
-    allLayersExplodedDir: string;
-    lastLayerConfig: {};
-    lastWorkingDir: string;
-} | {
-    inspectData: any;
-    manifest: any;
-    allLayersDir: any;
-    allLayersExplodedDir: any;
-    lastLayerConfig: {};
-    lastWorkingDir: string;
-}>;
-export function extractFromManifest(manifestFile: any, localData: any, tempDir: any, allLayersExplodedDir: any): Promise<{
-    inspectData: any;
-    manifest: any;
-    allLayersDir: any;
-    allLayersExplodedDir: any;
-    lastLayerConfig: {};
-    lastWorkingDir: string;
+export function exportArchive(fullImageName: any): Promise<
+  | {
+      manifest: {};
+      allLayersDir: string;
+      allLayersExplodedDir: string;
+      lastLayerConfig: {};
+      lastWorkingDir: string;
+    }
+  | {
+      inspectData: any;
+      manifest: any;
+      allLayersDir: any;
+      allLayersExplodedDir: any;
+      lastLayerConfig: {};
+      lastWorkingDir: string;
+    }
+>;
+export function extractFromManifest(
+  manifestFile: any,
+  localData: any,
+  tempDir: any,
+  allLayersExplodedDir: any,
+): Promise<{
+  inspectData: any;
+  manifest: any;
+  allLayersDir: any;
+  allLayersExplodedDir: any;
+  lastLayerConfig: {};
+  lastWorkingDir: string;
 }>;
 export function exportImage(fullImageName: any): Promise<any>;
 export function getPkgPathList(exportData: any, lastWorkingDir: any): any[];
 export function removeImage(fullImageName: any, force?: boolean): Promise<any>;
 export function getCredsFromHelper(exeSuffix: any, serverAddress: any): any;
-export function addSkippedSrcFiles(skippedImageSrcs: any, components: any): void;
-//# sourceMappingURL=docker.d.ts.map
+export function addSkippedSrcFiles(
+  skippedImageSrcs: any,
+  components: any,
+): void;
+//# sourceMappingURL=docker.d.ts.map

package/types/envcontext.d.ts

@@ -5,58 +5,58 @@ export function gitTreeHashes(dir: string): {};
 export function listFiles(dir: string): any[];
 export function execGitCommand(dir: string, args: any[]): string;
 export function collectJavaInfo(dir: string): {
-    type: string;
-    name: string;
-    version: string;
-    description: string;
-    properties: {
-        name: string;
-        value: any;
-    }[];
+  type: string;
+  name: string;
+  version: string;
+  description: string;
+  properties: {
+    name: string;
+    value: any;
+  }[];
 };
 export function collectDotnetInfo(dir: string): {
-    type: string;
-    name: string;
-    version: string;
-    description: any;
+  type: string;
+  name: string;
+  version: string;
+  description: any;
 };
 export function collectPythonInfo(dir: string): {
-    type: string;
-    name: string;
-    version: string;
-    description: any;
+  type: string;
+  name: string;
+  version: string;
+  description: any;
 };
 export function collectNodeInfo(dir: string): {
-    type: string;
-    name: string;
-    version: string;
-    description: string;
+  type: string;
+  name: string;
+  version: string;
+  description: string;
 };
 export function collectGccInfo(dir: string): {
-    type: string;
-    name: string;
-    version: string;
-    description: any;
+  type: string;
+  name: string;
+  version: string;
+  description: any;
 };
 export function collectRustInfo(dir: string): {
-    type: string;
-    name: string;
-    version: string;
-    description: string;
+  type: string;
+  name: string;
+  version: string;
+  description: string;
 };
 export function collectGoInfo(dir: string): {
-    type: string;
-    name: string;
-    version: string;
+  type: string;
+  name: string;
+  version: string;
 };
 export function collectEnvInfo(dir: any): {
-    type: string;
-    name: string;
-    version: string;
-    description: string;
-    properties: {
-        name: string;
-        value: any;
-    }[];
+  type: string;
+  name: string;
+  version: string;
+  description: string;
+  properties: {
+    name: string;
+    value: any;
+  }[];
 }[];
-//# sourceMappingURL=envcontext.d.ts.map
+//# sourceMappingURL=envcontext.d.ts.map