@cyclonedx/cdxgen 10.6.1 → 10.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/README.md +9 -5
  2. package/analyzer.js +1 -1
  3. package/bin/cdxgen.js +14 -2
  4. package/bin/repl.js +17 -1
  5. package/data/lic-mapping.json +5 -2
  6. package/display.js +46 -9
  7. package/index.js +88 -55
  8. package/package.json +10 -10
  9. package/piptree.js +15 -8
  10. package/server.js +18 -6
  11. package/types/display.d.ts +3 -2
  12. package/types/display.d.ts.map +1 -1
  13. package/types/evinser.d.ts +3 -3
  14. package/types/index.d.ts +6 -1
  15. package/types/index.d.ts.map +1 -1
  16. package/types/piptree.d.ts +1 -1
  17. package/types/piptree.d.ts.map +1 -1
  18. package/types/server.d.ts.map +1 -1
  19. package/types/utils.d.ts +32 -2
  20. package/types/utils.d.ts.map +1 -1
  21. package/utils.js +356 -85
  22. package/utils.test.js +69 -3
package/utils.test.js CHANGED
@@ -2463,6 +2463,45 @@ test("parseSetupPyFile", async () => {
2463
2463
  ]`);
2464
2464
  expect(deps.length).toEqual(2);
2465
2465
  expect(deps[0].name).toEqual("colorama");
2466
+
2467
+ deps = await parseSetupPyFile(
2468
+ readFileSync("./test/data/setup-impacket.py", "utf-8"),
2469
+ );
2470
+ expect(deps.length).toEqual(7);
2471
+ expect(deps).toEqual([
2472
+ {
2473
+ name: "pyasn1",
2474
+ version: "0.2.3",
2475
+ properties: [{ name: "cdx:pypi:versionSpecifiers", value: ">=0.2.3" }],
2476
+ },
2477
+ {
2478
+ name: "pycryptodomex",
2479
+ version: null,
2480
+ properties: [{ name: "cdx:pypi:versionSpecifiers", value: undefined }],
2481
+ },
2482
+ {
2483
+ name: "pyOpenSSL",
2484
+ version: "0.13.1",
2485
+ properties: [{ name: "cdx:pypi:versionSpecifiers", value: ">=0.13.1" }],
2486
+ },
2487
+ {
2488
+ name: "six",
2489
+ version: null,
2490
+ properties: [{ name: "cdx:pypi:versionSpecifiers", value: undefined }],
2491
+ },
2492
+ { name: "ldap3", version: "2.5.1", scope: undefined },
2493
+ {
2494
+ name: "ldapdomaindump",
2495
+ version: "0.9.0",
2496
+ scope: undefined,
2497
+ properties: [{ name: "cdx:pypi:versionSpecifiers", value: ">=0.9.0" }],
2498
+ },
2499
+ {
2500
+ name: "flask",
2501
+ version: "1.0",
2502
+ properties: [{ name: "cdx:pypi:versionSpecifiers", value: ">=1.0" }],
2503
+ },
2504
+ ]);
2466
2505
  });
2467
2506
 
2468
2507
  test("parsePnpmLock", async () => {
@@ -2679,9 +2718,15 @@ test("parsePnpmLock", async () => {
2679
2718
  },
2680
2719
  },
2681
2720
  });
2721
+ parsedList = await parsePnpmLock("./test/data/pnpm-lock9a.yaml");
2722
+ expect(parsedList.pkgList.length).toEqual(1007);
2723
+ expect(parsedList.dependenciesList.length).toEqual(1005);
2724
+ parsedList = await parsePnpmLock("./test/data/pnpm-lock9b.yaml");
2725
+ expect(parsedList.pkgList.length).toEqual(1366);
2726
+ expect(parsedList.dependenciesList.length).toEqual(1352);
2682
2727
  parsedList = await parsePnpmLock("./pnpm-lock.yaml");
2683
- expect(parsedList.pkgList.length).toEqual(644);
2684
- expect(parsedList.dependenciesList.length).toEqual(644);
2728
+ expect(parsedList.pkgList.length).toEqual(654);
2729
+ expect(parsedList.dependenciesList.length).toEqual(654);
2685
2730
  expect(parsedList.pkgList[0]).toEqual({
2686
2731
  group: "@ampproject",
2687
2732
  name: "remapping",
@@ -3024,6 +3069,11 @@ test("parseYarnLock", async () => {
3024
3069
  expect(parsedList.pkgList[0]._integrity).toEqual(
3025
3070
  "sha512-U8KyMaYaRnkrOaDUO8T093a7RUKqV+4EkwZ2gC5VASgsL8iqwU5M0fESD/i1Jha2/1q1Oa0wqiJ31yZES3Fhnw==",
3026
3071
  );
3072
+
3073
+ parsedList = await parseYarnLock("./test/data/yarn_locks/yarnv1-fs.lock");
3074
+ expect(parsedList.pkgList.length).toEqual(882);
3075
+ expect(parsedList.dependenciesList.length).toEqual(882);
3076
+ expect(parsedList.pkgList[0].purl).toEqual("pkg:npm/abbrev@1.0.9");
3027
3077
  });
3028
3078
 
3029
3079
  test("parseComposerLock", () => {
@@ -3307,7 +3357,7 @@ test("parse requirements.txt", async () => {
3307
3357
  });
3308
3358
 
3309
3359
  test("parse pyproject.toml", () => {
3310
- const pkg = parsePyProjectToml("./test/data/pyproject.toml");
3360
+ let pkg = parsePyProjectToml("./test/data/pyproject.toml");
3311
3361
  expect(pkg).toEqual({
3312
3362
  name: "cpggen",
3313
3363
  version: "1.9.0",
@@ -3317,6 +3367,16 @@ test("parse pyproject.toml", () => {
3317
3367
  homepage: { url: "https://github.com/AppThreat/cpggen" },
3318
3368
  repository: { url: "https://github.com/AppThreat/cpggen" },
3319
3369
  });
3370
+ pkg = parsePyProjectToml("./test/data/pyproject-author-comma.toml");
3371
+ expect(pkg).toEqual({
3372
+ name: "rasa",
3373
+ version: "3.7.0a1",
3374
+ description:
3375
+ "Open source machine learning framework to automate text- and voice-based conversations: NLU, dialogue management, connect to Slack, Facebook, and more - Create chatbots and voice assistants",
3376
+ author: "Rasa Technologies GmbH <hi@rasa.com>",
3377
+ homepage: { url: "https://rasa.com" },
3378
+ repository: { url: "https://github.com/rasahq/rasa" },
3379
+ });
3320
3380
  });
3321
3381
 
3322
3382
  test("parse pyproject.toml with custom poetry source", () => {
@@ -4102,6 +4162,12 @@ test.each([
4102
4162
  ["http://gitlab.com/behat-chrome/chrome-mink-driver.git", true],
4103
4163
  ["git+https://github.com/Alex-D/check-disk-space.git", true],
4104
4164
  ["UNKNOWN", false],
4165
+ ["http://", false],
4166
+ ["http", false],
4167
+ ["https", false],
4168
+ ["https://", false],
4169
+ ["http://www", true],
4170
+ ["http://www.", true],
4105
4171
  ])("isValidIriReference tests: %s", (url, isValid) => {
4106
4172
  expect(isValidIriReference(url)).toBe(isValid);
4107
4173
  });