@cyclonedx/cdxgen 10.4.0 → 10.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/analyzer.js +10 -13
- package/bin/cdxgen.js +2 -1
- package/bin/repl.js +4 -4
- package/bin/verify.js +3 -4
- package/binary.js +19 -19
- package/cbomutils.js +2 -2
- package/display.js +6 -7
- package/docker.js +57 -64
- package/envcontext.js +6 -7
- package/evinser.js +33 -33
- package/index.js +924 -1011
- package/package.json +4 -4
- package/postgen.js +3 -6
- package/protobom.test.js +1 -1
- package/types/analyzer.d.ts.map +1 -1
- package/types/binary.d.ts.map +1 -1
- package/types/db.d.ts +2 -1
- package/types/db.d.ts.map +1 -1
- package/types/display.d.ts.map +1 -1
- package/types/docker.d.ts +1 -1
- package/types/docker.d.ts.map +1 -1
- package/types/evinser.d.ts +12 -12
- package/types/evinser.d.ts.map +1 -1
- package/types/index.d.ts.map +1 -1
- package/types/postgen.d.ts.map +1 -1
- package/types/utils.d.ts +25 -1
- package/types/utils.d.ts.map +1 -1
- package/types/validator.d.ts.map +1 -1
- package/utils.js +260 -323
- package/utils.test.js +11 -8
- package/validator.js +11 -14
package/utils.test.js
CHANGED
|
@@ -98,11 +98,10 @@ test("SSRI test", () => {
|
|
|
98
98
|
"2ca532a6bc655663344004ba102436d29031018eab236247678db1d8978627bf",
|
|
99
99
|
);
|
|
100
100
|
ss = parse(
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
).toString("base64"),
|
|
101
|
+
`sha256-${Buffer.from(
|
|
102
|
+
"2ca532a6bc655663344004ba102436d29031018eab236247678db1d8978627bf",
|
|
103
|
+
"hex",
|
|
104
|
+
).toString("base64")}`,
|
|
106
105
|
);
|
|
107
106
|
expect(ss.sha256[0].digest).toStrictEqual(
|
|
108
107
|
"LKUyprxlVmM0QAS6ECQ20pAxAY6rI2JHZ42x2JeGJ78=",
|
|
@@ -1526,7 +1525,7 @@ test("parse github actions workflow data", () => {
|
|
|
1526
1525
|
let dep_list = parseGitHubWorkflowData(
|
|
1527
1526
|
readFileSync("./.github/workflows/nodejs.yml", { encoding: "utf-8" }),
|
|
1528
1527
|
);
|
|
1529
|
-
expect(dep_list.length).toEqual(
|
|
1528
|
+
expect(dep_list.length).toEqual(4);
|
|
1530
1529
|
expect(dep_list[0]).toEqual({
|
|
1531
1530
|
group: "actions",
|
|
1532
1531
|
name: "checkout",
|
|
@@ -2221,8 +2220,8 @@ test("parsePkgLock v3", async () => {
|
|
|
2221
2220
|
projectName: "cdxgen",
|
|
2222
2221
|
});
|
|
2223
2222
|
deps = parsedList.pkgList;
|
|
2224
|
-
expect(deps.length).toEqual(
|
|
2225
|
-
expect(parsedList.dependenciesList.length).toEqual(
|
|
2223
|
+
expect(deps.length).toEqual(1005);
|
|
2224
|
+
expect(parsedList.dependenciesList.length).toEqual(1005);
|
|
2226
2225
|
});
|
|
2227
2226
|
|
|
2228
2227
|
test("parseBowerJson", async () => {
|
|
@@ -3377,6 +3376,10 @@ test("parse container spec like files", () => {
|
|
|
3377
3376
|
expect(dep_list[0]).toEqual({
|
|
3378
3377
|
image: "gcr.io/google-samples/microservices-demo/adservice",
|
|
3379
3378
|
});
|
|
3379
|
+
dep_list = parseContainerSpecData(
|
|
3380
|
+
readFileSync("./test/data/service.yaml", { encoding: "utf-8" }),
|
|
3381
|
+
);
|
|
3382
|
+
expect(dep_list.length).toEqual(0);
|
|
3380
3383
|
});
|
|
3381
3384
|
|
|
3382
3385
|
test("parse containerfiles / dockerfiles", () => {
|
package/validator.js
CHANGED
|
@@ -70,7 +70,7 @@ export const validateBom = (bomJson) => {
|
|
|
70
70
|
export const validateMetadata = (bomJson) => {
|
|
71
71
|
const errorList = [];
|
|
72
72
|
const warningsList = [];
|
|
73
|
-
if (bomJson
|
|
73
|
+
if (bomJson?.metadata) {
|
|
74
74
|
if (
|
|
75
75
|
!bomJson.metadata.component ||
|
|
76
76
|
!Object.keys(bomJson.metadata.component).length
|
|
@@ -80,20 +80,17 @@ export const validateMetadata = (bomJson) => {
|
|
|
80
80
|
if (bomJson.metadata.component) {
|
|
81
81
|
// Do we have a purl and bom-ref for metadata.component
|
|
82
82
|
if (!bomJson.metadata.component.purl) {
|
|
83
|
-
warningsList.push(
|
|
83
|
+
warningsList.push("purl is missing for metadata.component");
|
|
84
84
|
}
|
|
85
85
|
if (!bomJson.metadata.component["bom-ref"]) {
|
|
86
|
-
warningsList.push(
|
|
86
|
+
warningsList.push("bom-ref is missing for metadata.component");
|
|
87
87
|
}
|
|
88
88
|
// Do we have a version for metadata.component
|
|
89
89
|
if (!bomJson.metadata.component.version) {
|
|
90
|
-
warningsList.push(
|
|
90
|
+
warningsList.push("Version is missing for metadata.component");
|
|
91
91
|
}
|
|
92
92
|
// Is the same component getting repeated inside the components block
|
|
93
|
-
if (
|
|
94
|
-
bomJson.metadata.component.components &&
|
|
95
|
-
bomJson.metadata.component.components.length
|
|
96
|
-
) {
|
|
93
|
+
if (bomJson.metadata.component.components?.length) {
|
|
97
94
|
for (const comp of bomJson.metadata.component.components) {
|
|
98
95
|
if (comp["bom-ref"] === bomJson.metadata.component["bom-ref"]) {
|
|
99
96
|
warningsList.push(
|
|
@@ -112,7 +109,7 @@ export const validateMetadata = (bomJson) => {
|
|
|
112
109
|
console.log("===== WARNINGS =====");
|
|
113
110
|
console.log(warningsList);
|
|
114
111
|
}
|
|
115
|
-
if (errorList.length
|
|
112
|
+
if (errorList.length !== 0) {
|
|
116
113
|
console.log(errorList);
|
|
117
114
|
return false;
|
|
118
115
|
}
|
|
@@ -127,10 +124,10 @@ export const validateMetadata = (bomJson) => {
|
|
|
127
124
|
export const validatePurls = (bomJson) => {
|
|
128
125
|
const errorList = [];
|
|
129
126
|
const warningsList = [];
|
|
130
|
-
if (bomJson
|
|
127
|
+
if (bomJson?.components) {
|
|
131
128
|
for (const comp of bomJson.components) {
|
|
132
129
|
if (comp.type === "cryptographic-asset") {
|
|
133
|
-
if (comp.purl
|
|
130
|
+
if (comp.purl?.length) {
|
|
134
131
|
errorList.push(
|
|
135
132
|
`purl should not be defined for cryptographic-asset ${comp.purl}`,
|
|
136
133
|
);
|
|
@@ -181,7 +178,7 @@ export const validatePurls = (bomJson) => {
|
|
|
181
178
|
console.log("===== WARNINGS =====");
|
|
182
179
|
console.log(warningsList);
|
|
183
180
|
}
|
|
184
|
-
if (errorList.length
|
|
181
|
+
if (errorList.length !== 0) {
|
|
185
182
|
console.log(errorList);
|
|
186
183
|
return false;
|
|
187
184
|
}
|
|
@@ -219,7 +216,7 @@ export const validateRefs = (bomJson) => {
|
|
|
219
216
|
const errorList = [];
|
|
220
217
|
const warningsList = [];
|
|
221
218
|
const refMap = buildRefs(bomJson);
|
|
222
|
-
if (bomJson
|
|
219
|
+
if (bomJson?.dependencies) {
|
|
223
220
|
for (const dep of bomJson.dependencies) {
|
|
224
221
|
if (
|
|
225
222
|
dep.ref.includes("%40") ||
|
|
@@ -251,7 +248,7 @@ export const validateRefs = (bomJson) => {
|
|
|
251
248
|
console.log("===== WARNINGS =====");
|
|
252
249
|
console.log(warningsList);
|
|
253
250
|
}
|
|
254
|
-
if (errorList.length
|
|
251
|
+
if (errorList.length !== 0) {
|
|
255
252
|
console.log(errorList);
|
|
256
253
|
return false;
|
|
257
254
|
}
|