@cyclonedx/cdxgen 10.9.2 → 10.9.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/cdxgen.js +6 -0
- package/bin/repl.js +27 -0
- package/display.js +52 -19
- package/envcontext.js +206 -36
- package/envcontext.test.js +10 -0
- package/evinser.js +1 -1
- package/index.js +37 -52
- package/package.json +4 -1
- package/piptree.js +9 -1
- package/postgen.js +53 -10
- package/pregen.js +93 -0
- package/types/display.d.ts +3 -2
- package/types/display.d.ts.map +1 -1
- package/types/envcontext.d.ts +128 -16
- package/types/envcontext.d.ts.map +1 -1
- package/types/evinser.d.ts.map +1 -1
- package/types/index.d.ts.map +1 -1
- package/types/piptree.d.ts.map +1 -1
- package/types/postgen.d.ts +36 -0
- package/types/postgen.d.ts.map +1 -1
- package/types/pregen.d.ts +21 -0
- package/types/pregen.d.ts.map +1 -0
- package/types/utils.d.ts +26 -2
- package/types/utils.d.ts.map +1 -1
- package/utils.js +170 -31
- package/utils.test.js +1 -0
package/types/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.js"],"names":[],"mappings":"AA2vBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAyUD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BA4/BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA2chB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA4ahB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BAkUhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAiDhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BAwFhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAiUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAwJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAmFhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA6XhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDA2CC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BAmclB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAiUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAsOhB;AAED;;;;;;GAMG;AACH,wDAFY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CAwHxE"}
|
package/types/piptree.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"piptree.d.ts","sourceRoot":"","sources":["../piptree.js"],"names":[],"mappings":"AAgIO,
|
|
1
|
+
{"version":3,"file":"piptree.d.ts","sourceRoot":"","sources":["../piptree.js"],"names":[],"mappings":"AAgIO,uFAkCN"}
|
package/types/postgen.d.ts
CHANGED
|
@@ -1,5 +1,41 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Filter and enhance BOM post generation.
|
|
3
|
+
*
|
|
4
|
+
* @param {Object} bomNSData BOM with namespaces object
|
|
5
|
+
* @param {Object} options CLI options
|
|
6
|
+
*
|
|
7
|
+
* @returns {Object} Modified bomNSData
|
|
8
|
+
*/
|
|
1
9
|
export function postProcess(bomNSData: any, options: any): any;
|
|
10
|
+
/**
|
|
11
|
+
* Apply additional metadata based on components
|
|
12
|
+
*
|
|
13
|
+
* @param {Object} bomJson BOM JSON Object
|
|
14
|
+
* @param {Object} options CLI options
|
|
15
|
+
*
|
|
16
|
+
* @returns {Object} Filtered BOM JSON
|
|
17
|
+
*/
|
|
2
18
|
export function applyMetadata(bomJson: any, options: any): any;
|
|
19
|
+
/**
|
|
20
|
+
* Apply definitions.standards based on options
|
|
21
|
+
*
|
|
22
|
+
* @param {Object} bomJson BOM JSON Object
|
|
23
|
+
* @param {Object} options CLI options
|
|
24
|
+
*
|
|
25
|
+
* @returns {Object} Filtered BOM JSON
|
|
26
|
+
*/
|
|
3
27
|
export function applyStandards(bomJson: any, options: any): any;
|
|
28
|
+
/**
|
|
29
|
+
* Filter BOM based on options
|
|
30
|
+
*
|
|
31
|
+
* @param {Object} bomJson BOM JSON Object
|
|
32
|
+
* @param {Object} options CLI options
|
|
33
|
+
*
|
|
34
|
+
* @returns {Object} Filtered BOM JSON
|
|
35
|
+
*/
|
|
4
36
|
export function filterBom(bomJson: any, options: any): any;
|
|
37
|
+
/**
|
|
38
|
+
* Clean up
|
|
39
|
+
*/
|
|
40
|
+
export function cleanupEnv(options: any): void;
|
|
5
41
|
//# sourceMappingURL=postgen.d.ts.map
|
package/types/postgen.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"postgen.d.ts","sourceRoot":"","sources":["../postgen.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"postgen.d.ts","sourceRoot":"","sources":["../postgen.js"],"names":[],"mappings":"AAOA;;;;;;;GAOG;AACH,+DAcC;AAED;;;;;;;GAOG;AACH,+DAqCC;AAED;;;;;;;GAOG;AACH,gEA+BC;AAED;;;;;;;GAOG;AACH,2DAwIC;AAED;;GAEG;AACH,+CAIC"}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Method to prepare the build environment for BOM generation purposes.
|
|
3
|
+
*
|
|
4
|
+
* @param {String} filePath Path
|
|
5
|
+
* @param {Object} options CLI options
|
|
6
|
+
*/
|
|
7
|
+
export function prepareEnv(filePath: string, options: any): void;
|
|
8
|
+
/**
|
|
9
|
+
* Method to prepare sdkman build environment for BOM generation purposes.
|
|
10
|
+
*
|
|
11
|
+
* @param {String} projectType Project type
|
|
12
|
+
*/
|
|
13
|
+
export function prepareSdkmanBuild(projectType: string): boolean;
|
|
14
|
+
/**
|
|
15
|
+
* Method to check and prepare the environment for python
|
|
16
|
+
*
|
|
17
|
+
* @param {String} filePath Path
|
|
18
|
+
* @param {Object} options CLI Options
|
|
19
|
+
*/
|
|
20
|
+
export function preparePythonEnv(filePath: string, options: any): void;
|
|
21
|
+
//# sourceMappingURL=pregen.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pregen.d.ts","sourceRoot":"","sources":["../pregen.js"],"names":[],"mappings":"AAUA;;;;;GAKG;AACH,iEAYC;AAED;;;;GAIG;AACH,iEASC;AAED;;;;;GAKG;AACH,uEAwCC"}
|
package/types/utils.d.ts
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
export function getJavaCommand(): string;
|
|
2
|
+
export function getPythonCommand(): string;
|
|
1
3
|
/**
|
|
2
4
|
* Method to check if a given feature flag is enabled.
|
|
3
5
|
*
|
|
@@ -15,6 +17,16 @@ export function isFeatureEnabled(cliOptions: any, feature: string): boolean;
|
|
|
15
17
|
* @param {Boolean} defaultStatus Default return value if there are no types provided
|
|
16
18
|
*/
|
|
17
19
|
export function hasAnyProjectType(projectTypes: any[], options: any, defaultStatus?: boolean): any;
|
|
20
|
+
/**
|
|
21
|
+
* Convenient method to check if the given package manager is allowed.
|
|
22
|
+
*
|
|
23
|
+
* @param {String} name Package manager name
|
|
24
|
+
* @param {Array} conflictingManagers List of package managers
|
|
25
|
+
* @param {Object} options CLI options
|
|
26
|
+
*
|
|
27
|
+
* @returns {Boolean} True if the package manager is allowed
|
|
28
|
+
*/
|
|
29
|
+
export function isPackageManagerAllowed(name: string, conflictingManagers: any[], options: any): boolean;
|
|
18
30
|
/**
|
|
19
31
|
* Method to get files matching a pattern
|
|
20
32
|
*
|
|
@@ -1214,6 +1226,15 @@ export function isValidIriReference(iri: string): boolean;
|
|
|
1214
1226
|
* @returns {Boolean} True if the dependency tree lacks any non-root parents without children. False otherwise.
|
|
1215
1227
|
*/
|
|
1216
1228
|
export function isPartialTree(dependencies: any[]): boolean;
|
|
1229
|
+
/**
|
|
1230
|
+
* Re-compute and set the scope based on the dependency tree
|
|
1231
|
+
*
|
|
1232
|
+
* @param {Array} pkgList List of components
|
|
1233
|
+
* @param {Array} dependencies List of dependencies
|
|
1234
|
+
*
|
|
1235
|
+
* @returns {Array} Updated list
|
|
1236
|
+
*/
|
|
1237
|
+
export function recomputeScope(pkgList: any[], dependencies: any[]): any[];
|
|
1217
1238
|
export const dirNameStr: string;
|
|
1218
1239
|
export const isWin: boolean;
|
|
1219
1240
|
export const isMac: boolean;
|
|
@@ -1227,8 +1248,8 @@ export const includeMavenTestScope: boolean;
|
|
|
1227
1248
|
export const PREFER_MAVEN_DEPS_TREE: boolean;
|
|
1228
1249
|
export const FETCH_LICENSE: boolean;
|
|
1229
1250
|
export const SEARCH_MAVEN_ORG: boolean;
|
|
1230
|
-
export
|
|
1231
|
-
export
|
|
1251
|
+
export const JAVA_CMD: string;
|
|
1252
|
+
export const PYTHON_CMD: string;
|
|
1232
1253
|
export let DOTNET_CMD: string;
|
|
1233
1254
|
export let NODE_CMD: string;
|
|
1234
1255
|
export let NPM_CMD: string;
|
|
@@ -1271,6 +1292,9 @@ export const PROJECT_TYPE_ALIASES: {
|
|
|
1271
1292
|
binary: string[];
|
|
1272
1293
|
oci: string[];
|
|
1273
1294
|
};
|
|
1295
|
+
export namespace PACKAGE_MANAGER_ALIASES {
|
|
1296
|
+
let scala: string[];
|
|
1297
|
+
}
|
|
1274
1298
|
export const cdxgenAgent: any;
|
|
1275
1299
|
export const RUBY_PLATFORM_PREFIXES: string[];
|
|
1276
1300
|
//# sourceMappingURL=utils.d.ts.map
|
package/types/utils.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../utils.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../utils.js"],"names":[],"mappings":"AAsJA,yCAYC;AAED,2CAQC;AAqKD;;;;;;;GAOG;AACH,4EAoBC;AAED;;;;;;GAMG;AACH,mGAkDC;AAED;;;;;;;;GAQG;AACH,yGASC;AAgBD;;;;;GAKG;AACH,qCAHW,MAAM,WACN,MAAM,0BAqBhB;AAED;;;;;;GAMG;AACH,+CAJW,MAAM,WACN,MAAM,+BAoBhB;AAYD;;;;GAIG;AACH,gCAFa,MAAM,CAIlB;AAED;;;;;;IAMI;AACJ,iDAJW,MAAM,GACJ,OAAO,CAiBnB;AAED;;;;;;;;;GASG;AACH,iEA2BC;AAED;;;;;GAKG;AACH,6CAqDC;AAED;;;;;;GAMG;AACH,sEA0DC;AAED;;;;GAIG;AACH,4EAoCC;AAED;;;GAGG;AACH;;EAUC;AAED,sEA0BC;AAED;;;;GAIG;AACH,+DA4CC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,WACN,OAAO,kBAkFjB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM;;;GAqVhB;AAED;;;;;;;GAOG;AACH,6CAFW,MAAM,MA2DhB;AAwBD;;;;GAIG;AACH,4CAFW,MAAM;;;GAkOhB;AAED;;;;GAIG;AACH,4CAFW,MAAM,kBAiEhB;AA2BD;;;;;GAKG;AACH,wCAHW,MAAM,oBACN,MAAM;;;;;;;;;GA0ZhB;AAED;;;;GAIG;AACH,8CAFW,MAAM,kBA+ChB;AAED;;;;GAIG;AACH,sCAFW,MAAM,kBAgFhB;AAED;;;;GAIG;AACH;;;;;;;;;;;;;;;;;;;;;;IAqDC;AAED;;;;;;GAMG;AACH,0CALW,MAAM,WACN,MAAM,OAgJhB;AAED;;;;;;GAMG;AACH,0CALW,MAAM,qBACN,MAAM,oBACN,MAAM,uBACN,MAAM;;;;;;;;;;;;;;;;EAkNhB;AAED;;;GAGG;AACH,uCAFW,MAAM,SAoChB;AAED;;;GAGG;AACH,wCAFW,MAAM,OAahB;AAED,yEAwBC;AAED;;;;GAIG;AACH,+CAFW,MAAM;;;EA6ChB;AAED;;;;GAIG;AACH,iDAFW,MAAM;;;;;;;;EAsChB;AAED;;;;;;;;GAQG;AACH,qDANW,MAAM,YACN,MAAM,0BAGJ,MAAM,CAkElB;AAED;;;;;;GAMG;AACH,6CAJW,MAAM,YACN,MAAM,cACN,MAAM,MA2EhB;AAED;;;GAGG;AACH,iDAFW,MAAM,SA4ChB;AAED;;;GAGG;AACH,8CAFW,MAAM,SAsDhB;AAED;;;GAGG;AACH,2CAFW,MAAM,SAiBhB;AAED;;GAEG;AACH,kDAoCC;AAED;;;;GAIG;AACH,oCAFW,MAAM,OAchB;AAED;;;;GAIG;AACH,kDAUC;AAED;;;;;GAKG;AACH,mFAmGC;AAED;;;;;;;;;GASG;AACH,sFAMC;AAED;;;;;;;;;GASG;AACH,gFAFY,MAAO,SAAS,CA8B3B;AAED;;;;;;;;;GASG;AACH,0EAFY,OAAO,QAAQ,CAU1B;AAED;;;;GAIG;AACH,4DAFW,WAAY,SAYtB;AAED;;;;;;;;;GASG;AACH,+FAFY,OAAO,QAAQ,CAc1B;AAED;;;;GAIG;AACH;;;EAqBC;AAED;;;;;GAKG;AACH,iFAFW,GAAC,OA0BX;AAED;;;;;GAKG;AACH,sFAsNC;AAED;;;;GAIG;AACH,qDAmBC;AAED;;;;GAIG;AACH,gEAeC;AAED;;;;GAIG;AACH,6CAFW,MAAM,MAmEhB;AAED;;;;;GAKG;AACH,6DAFW,MAAM;;;;;;;GAqHhB;AAED;;;;;GAKG;AACH,mFAgKC;AAED;;;;;;GAMG;AACH,kCAJW,MAAM;;;;;;;;GA2EhB;AAED;;;;GAIG;AACH,mEAqBC;AAED;;;;GAIG;AACH,+DAFY,SAAO,SAAS,CAc3B;AAED;;;;GAIG;AACH,oDAFY,QAAQ,CASnB;AAED;;;;;GAKG;AACH,oEAFY,SAAO,SAAS,CAc3B;AAED;;;;;;GAMG;AACH,oEAFY,OAAO,QAAQ,CA8D1B;AAED;;;;GAIG;AACH,iEAgDC;AAED,+FA4BC;AAED,8EA2EC;AAED;;;;;GAKG;AACH,0CAHW,MAAM;;;GA0DhB;AA0BD;;;;;;;;;GASG;AACH,2CAPW,MAAM,aACN,MAAM;;;;;;GA6FhB;AAED;;;;GAIG;AACH,yCAHW,MAAM,OAehB;AAED;;;;GAIG;AACH,0CAHW,MAAM,kBAuChB;AAED,+DA+CC;AAED,uEAwBC;AA6BD;;;;GAIG;AACH,oEAmGC;AAED;;;;GAIG;AACH,8CAFW,MAAM,kBAgChB;AAED;;;;;GAKG;AACH,kDAHW,MAAM,YACN,MAAM;;;;;;;;;;;;;;GAuPhB;AAED;;;;GAIG;AACH,kEAqEC;AAED;;;;GAIG;AACH,gEA0DC;AA0BD;;;;;;;;;;;;;;;;;GAiBG;AACH,mEALW,OAAO,4BAiLjB;AAED;;;;;;;;GAQG;AACH,+DALW,OAAO,4BAsIjB;AAED;;;IAwIC;AAED,wEA0BC;AAED,mEAqCC;AAED,0DAkBC;AAED,wDA+DC;AAED,0FAkEC;AAED;;IAsCC;AAED;;IA2DC;AAED,2DAiEC;AAED,yDAaC;AAaD,gDA+EC;AAED,yDAkDC;AAED,sDA0BC;AAED,sDAyBC;AAED,6DAwCC;AAED,yDAmCC;AAyCD,qFA2HC;AAED,8DA0BC;AAED,sDAiCC;AAED,yDAgCC;AAED,qDAkDC;AAED;;;;;GAKG;AACH,mDASC;AAED;;;;;;GAMG;AACH,4EA4EC;AAED,kEAoDC;AAED;;;;;;;;GAQG;AACH,kGAwPC;AAED;;;EAiNC;AAED;;;;EAsHC;AAED;;;EA+GC;AAED;;;;;GAKG;AACH,+CAHW,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2IhB;AAED;;;;;;EA+HC;AAED;;;;GAIG;AACH,0CAFW,MAAM;;;;;;;;;;;;;;;;;;;;;IAqDhB;AAmBD;;;;;GAKG;AACH,yCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,wCAHW,MAAM,YAchB;AAED;;;;;GAKG;AACH,wCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,yCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM,YAQhB;AAED;;;;;;;GAOG;AACH;;;;;;;;;;IA2IC;AA2CD;;;;GAIG;AACH,0FAHW,MAAM,WACN,MAAM,UAuDhB;AAED;;;;GAIG;AACH,8CAHW,MAAM,WACN,MAAM;;;;;;EAqBhB;AAED;;;GAGG;AACH,iDAFW,MAAM;;;;;;;;;;;;;;;;;;;;;IAwDhB;AAED;;;;;;;GAOG;AACH,iDALW,MAAM,YACN,MAAM,YACN,OAAO,oBACP,OAAO,eA6DjB;AAED,oIAgCC;AAED;;;;;;;GAOG;AACH,sCALW,MAAM,eACN,MAAM,eA6JhB;AAED;;;;;;;;;;;;;;;;;;;;;;IA6DC;AAED;;;;;;;EA8BC;AAED,uDAeC;AAED,2DAeC;AAED,2CAIC;AAED;;;;;;GAMG;AACH,uDAJW,MAAM,MAgBhB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,QACN,MAAM,GACJ,OAAO,QAAQ,CAU3B;AAED;;;;;;;;GAQG;AACH,2CANW,MAAM,WACN,MAAM,iBACN,MAAM,kBAqThB;AAED;;;;;;;GAOG;AACH,iDAFW,MAAM,OAehB;AAED;;;;;;;;;;;GAWG;AACH,uCAHW,MAAM,UACN,MAAM,UAYhB;AAED;;;;;;GAMG;AACH,2CAHW,MAAM,uBACN,MAAM,WAgBhB;AAED;;;;GAIG;AACH,4CAFW,MAAM,UAIhB;AAED;;;;;;;;GAQG;AACH,sCANW,MAAM,eACN,MAAM,oBACN,MAAM,gBAgChB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,kBA4EhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM,UAiChB;AACD;;;;;;GAMG;AAEH,uDALW,MAAM,iBACN,MAAM,EAAE,GACN,GAAG,CAuCf;AACD;;;;;GAKG;AACH,yCAHW,MAAM,YACN,MAAM,UAsEhB;AAED;;GAEG;AACH,sCAmBC;AAED,0DA2EC;AAED;;;;;;;;GAQG;AACH,oCANW,MAAM,YACN,MAAM,gBACN,MAAM,eACN,MAAM,OA6ChB;AAqFD;;;;;;;;;GASG;AACH,2CAPW,MAAM,kBACN,MAAM,eACN,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAyYhB;AAED;;;;;;;;;;;GAWG;AACH,gDAPW,MAAM,+BAEN,MAAM;;;;;;;;;;;;;;;;EA4KhB;AAGD;;;;;EAmBC;AAED;;;;;;GAMG;AACH,kEAHW,MAAM,cACN,MAAM,6BA0IhB;AAED,qDASC;AAED;;;;;;;EA2GC;AAED;;;EA6PC;AAED,sEA6BC;AAED;;;;;;;GAOG;AACH,mCALW,MAAM,WACN,MAAM;;;;;;;EAgQhB;AAED;;;;;;GAMG;AACH,2CAHW,MAAM,OAKhB;AAED,qDA0CC;AA8HD;;;;GAIG;AACH;;;GAkHC;AAED,yEA0GC;AAED;;;;;;GAMG;AACH,mDAkBC;AAED;;;;;;;;;;GAUG;AACH,0DAqBC;AAED;;;;;GAKG;AACH,4DAWC;AAED;;;;;;;GAOG;AACH,2EAgCC;AAp/WD,gCAAgF;AAChF,4BAA4C;AAC5C,4BAA6C;AAC7C,2BAAmE;AAsBnE,iCAEE;AAiBF,iCAIyC;AAGzC,gCACmE;AAGnE,gCACsE;AAGtE,8BAA+B;AAK/B,4CAEmE;AAGnE,6CAE6D;AAG7D,oCAEoD;AAGpD,uCAEuD;AAYvD,8BAAyC;AAczC,gCAA6C;AAU7C,8BAAiC;AAIjC,4BAA6B;AAI7B,2BAA2B;AAI3B,4BAA6B;AAI7B,2BAA2B;AAI3B,6BAA+B;AAI/B,0BAAyB;AAIzB,6BAA+B;AAM/B,2BAA2B;AAK3B,4BAA6B;AAK7B,6BAA+B;AAM/B,kDAWE;AAGF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA6FE;;;;AAwHF,8BAQG;AAkzIH,8CAUE"}
|
package/utils.js
CHANGED
|
@@ -147,21 +147,29 @@ const MAX_GET_REPO_LICENSE_ERRORS = 5;
|
|
|
147
147
|
|
|
148
148
|
const MAX_LICENSE_ID_LENGTH = 100;
|
|
149
149
|
|
|
150
|
-
export
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
|
|
157
|
-
)
|
|
158
|
-
|
|
150
|
+
export const JAVA_CMD = getJavaCommand();
|
|
151
|
+
export function getJavaCommand() {
|
|
152
|
+
let javaCmd = "java";
|
|
153
|
+
if (process.env.JAVA_CMD) {
|
|
154
|
+
javaCmd = process.env.JAVA_CMD;
|
|
155
|
+
} else if (
|
|
156
|
+
process.env.JAVA_HOME &&
|
|
157
|
+
existsSync(process.env.JAVA_HOME) &&
|
|
158
|
+
existsSync(join(process.env.JAVA_HOME, "bin", "java"))
|
|
159
|
+
) {
|
|
160
|
+
javaCmd = join(process.env.JAVA_HOME, "bin", "java");
|
|
161
|
+
}
|
|
162
|
+
return javaCmd;
|
|
159
163
|
}
|
|
160
|
-
export
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
164
|
+
export const PYTHON_CMD = getPythonCommand();
|
|
165
|
+
export function getPythonCommand() {
|
|
166
|
+
let pythonCmd = "python";
|
|
167
|
+
if (process.env.PYTHON_CMD) {
|
|
168
|
+
pythonCmd = process.env.PYTHON_CMD;
|
|
169
|
+
} else if (process.env.CONDA_PYTHON_EXE) {
|
|
170
|
+
pythonCmd = process.env.CONDA_PYTHON_EXE;
|
|
171
|
+
}
|
|
172
|
+
return pythonCmd;
|
|
165
173
|
}
|
|
166
174
|
export let DOTNET_CMD = "dotnet";
|
|
167
175
|
if (process.env.DOTNET_CMD) {
|
|
@@ -230,6 +238,11 @@ export const PYTHON_EXCLUDED_COMPONENTS = [
|
|
|
230
238
|
export const PROJECT_TYPE_ALIASES = {
|
|
231
239
|
java: [
|
|
232
240
|
"java",
|
|
241
|
+
"java8",
|
|
242
|
+
"java11",
|
|
243
|
+
"java17",
|
|
244
|
+
"java21",
|
|
245
|
+
"java22",
|
|
233
246
|
"groovy",
|
|
234
247
|
"kotlin",
|
|
235
248
|
"kt",
|
|
@@ -257,12 +270,36 @@ export const PROJECT_TYPE_ALIASES = {
|
|
|
257
270
|
"tsx",
|
|
258
271
|
"vsix",
|
|
259
272
|
],
|
|
260
|
-
py: [
|
|
273
|
+
py: [
|
|
274
|
+
"py",
|
|
275
|
+
"python",
|
|
276
|
+
"pypi",
|
|
277
|
+
"python36",
|
|
278
|
+
"python38",
|
|
279
|
+
"python39",
|
|
280
|
+
"python310",
|
|
281
|
+
"python311",
|
|
282
|
+
"python312",
|
|
283
|
+
],
|
|
261
284
|
go: ["go", "golang", "gomod", "gopkg"],
|
|
262
285
|
rust: ["rust", "rust-lang", "cargo"],
|
|
263
286
|
php: ["php", "composer", "wordpress"],
|
|
264
287
|
ruby: ["ruby", "gems", "rubygems"],
|
|
265
|
-
csharp: [
|
|
288
|
+
csharp: [
|
|
289
|
+
"csharp",
|
|
290
|
+
"netcore",
|
|
291
|
+
"netcore2.1",
|
|
292
|
+
"netcore3.1",
|
|
293
|
+
"dotnet",
|
|
294
|
+
"dotnet6",
|
|
295
|
+
"dotnet7",
|
|
296
|
+
"dotnet8",
|
|
297
|
+
"dotnet-framework",
|
|
298
|
+
"dotnet-framework47",
|
|
299
|
+
"dotnet-framework48",
|
|
300
|
+
"vb",
|
|
301
|
+
"fsharp",
|
|
302
|
+
],
|
|
266
303
|
dart: ["dart", "flutter", "pub"],
|
|
267
304
|
haskell: ["haskell", "hackage", "cabal"],
|
|
268
305
|
elixir: ["elixir", "hex", "mix"],
|
|
@@ -293,6 +330,11 @@ export const PROJECT_TYPE_ALIASES = {
|
|
|
293
330
|
oci: ["docker", "oci", "container", "podman"],
|
|
294
331
|
};
|
|
295
332
|
|
|
333
|
+
// Package manager aliases
|
|
334
|
+
export const PACKAGE_MANAGER_ALIASES = {
|
|
335
|
+
scala: ["sbt"],
|
|
336
|
+
};
|
|
337
|
+
|
|
296
338
|
/**
|
|
297
339
|
* Method to check if a given feature flag is enabled.
|
|
298
340
|
*
|
|
@@ -382,6 +424,26 @@ export function hasAnyProjectType(projectTypes, options, defaultStatus = true) {
|
|
|
382
424
|
return shouldInclude;
|
|
383
425
|
}
|
|
384
426
|
|
|
427
|
+
/**
|
|
428
|
+
* Convenient method to check if the given package manager is allowed.
|
|
429
|
+
*
|
|
430
|
+
* @param {String} name Package manager name
|
|
431
|
+
* @param {Array} conflictingManagers List of package managers
|
|
432
|
+
* @param {Object} options CLI options
|
|
433
|
+
*
|
|
434
|
+
* @returns {Boolean} True if the package manager is allowed
|
|
435
|
+
*/
|
|
436
|
+
export function isPackageManagerAllowed(name, conflictingManagers, options) {
|
|
437
|
+
for (const apm of conflictingManagers) {
|
|
438
|
+
if (options?.projectType?.includes(apm)) {
|
|
439
|
+
return false;
|
|
440
|
+
}
|
|
441
|
+
}
|
|
442
|
+
return !options.excludeType?.filter(
|
|
443
|
+
(p) => p === name || PACKAGE_MANAGER_ALIASES[p]?.includes(name),
|
|
444
|
+
).length;
|
|
445
|
+
}
|
|
446
|
+
|
|
385
447
|
// HTTP cache
|
|
386
448
|
const gotHttpCache = new Map();
|
|
387
449
|
|
|
@@ -9999,7 +10061,7 @@ export function getPipFrozenTree(
|
|
|
9999
10061
|
pipInstallArgs.push(resolve(basePath));
|
|
10000
10062
|
}
|
|
10001
10063
|
// Support for passing additional arguments to pip
|
|
10002
|
-
// Eg: --python-version 3.10 --ignore-requires-python --no-warn-conflicts
|
|
10064
|
+
// Eg: --python-version 3.10 --ignore-requires-python --no-warn-conflicts --only-binary=:all:
|
|
10003
10065
|
if (process?.env?.PIP_INSTALL_ARGS) {
|
|
10004
10066
|
const addArgs = process.env.PIP_INSTALL_ARGS.split(" ");
|
|
10005
10067
|
pipInstallArgs = pipInstallArgs.concat(addArgs);
|
|
@@ -10025,13 +10087,37 @@ export function getPipFrozenTree(
|
|
|
10025
10087
|
result.stderr?.includes("No matching distribution found for")
|
|
10026
10088
|
) {
|
|
10027
10089
|
versionRelatedError = true;
|
|
10028
|
-
|
|
10029
|
-
|
|
10030
|
-
|
|
10090
|
+
if (process.env.PIP_INSTALL_ARGS) {
|
|
10091
|
+
console.log(
|
|
10092
|
+
"1. Try invoking cdxgen with a different python type. Example: `-t python`, `-t python310`, or `-t python39`\n",
|
|
10093
|
+
);
|
|
10094
|
+
} else {
|
|
10095
|
+
console.log(
|
|
10096
|
+
"The version or the version specifiers used for a dependency is invalid. Resolve the below error to improve SBOM accuracy.\n",
|
|
10097
|
+
);
|
|
10098
|
+
}
|
|
10031
10099
|
console.log(result.stderr);
|
|
10100
|
+
} else if (
|
|
10101
|
+
process.env.PIP_INSTALL_ARGS &&
|
|
10102
|
+
result.stderr?.includes("Cannot set --home and --prefix together")
|
|
10103
|
+
) {
|
|
10104
|
+
versionRelatedError = true;
|
|
10105
|
+
if (DEBUG_MODE) {
|
|
10106
|
+
console.log(result.stderr);
|
|
10107
|
+
} else {
|
|
10108
|
+
console.log(
|
|
10109
|
+
"Possible build errors detected. Set the environment variable CDXGEN_DEBUG_MODE=debug to troubleshoot.",
|
|
10110
|
+
);
|
|
10111
|
+
}
|
|
10112
|
+
console.warn(
|
|
10113
|
+
"This project does not support python with version types. Use an appropriate container image such as `ghcr.io/appthreat/cdxgen-python39:v10` or `ghcr.io/appthreat/cdxgen-python311:v10` and invoke cdxgen with `-t python` instead.\n",
|
|
10114
|
+
);
|
|
10032
10115
|
}
|
|
10033
10116
|
if (!versionRelatedError) {
|
|
10034
10117
|
if (DEBUG_MODE) {
|
|
10118
|
+
console.info(
|
|
10119
|
+
"\nEXPERIMENTAL: Invoke cdxgen with '--feature-flags safe-pip-install' to recover a partial dependency tree for projects with build errors.\n",
|
|
10120
|
+
);
|
|
10035
10121
|
console.log("args used:", pipInstallArgs);
|
|
10036
10122
|
if (result.stderr) {
|
|
10037
10123
|
console.log(result.stderr);
|
|
@@ -10045,18 +10131,35 @@ export function getPipFrozenTree(
|
|
|
10045
10131
|
);
|
|
10046
10132
|
} else {
|
|
10047
10133
|
console.log(
|
|
10048
|
-
"- For example, you may have to install gcc, gcc-c++ compiler,
|
|
10134
|
+
"- For example, you may have to install gcc, gcc-c++ compiler, postgresql or mysql devel packages and additional development libraries using apt-get or yum package manager.",
|
|
10049
10135
|
);
|
|
10050
10136
|
}
|
|
10051
10137
|
console.log(
|
|
10052
10138
|
"- Certain projects would only build with specific versions of Python. Data science and ML related projects might require a conda/anaconda distribution.",
|
|
10053
10139
|
);
|
|
10054
10140
|
console.log(
|
|
10055
|
-
"- Check if any git submodules have to be initialized.",
|
|
10056
|
-
);
|
|
10057
|
-
console.log(
|
|
10058
|
-
"- If the application has its own Dockerfile, look for any clues for build dependencies. Alternatively, try using the unofficial `ghcr.io/appthreat/cdxgen-python:v10` container image, which bundles a range of build tools and development libraries.",
|
|
10141
|
+
"- Check if any git submodules have to be initialized.\n- If the application has its own Dockerfile, look for any clues for build dependencies.",
|
|
10059
10142
|
);
|
|
10143
|
+
if (
|
|
10144
|
+
process.env?.CDXGEN_IN_CONTAINER !== "true" &&
|
|
10145
|
+
!process.env.PIP_INSTALL_ARGS
|
|
10146
|
+
) {
|
|
10147
|
+
console.log(
|
|
10148
|
+
"1. Try invoking cdxgen with a specific python version type. Example: `-t python36` or `-t python39`",
|
|
10149
|
+
);
|
|
10150
|
+
console.log(
|
|
10151
|
+
"2. Alternatively, try using the unofficial `ghcr.io/appthreat/cdxgen-python39:v10` or `ghcr.io/appthreat/cdxgen-python311:v10` container images, which bundles a range of build tools and development libraries.",
|
|
10152
|
+
);
|
|
10153
|
+
} else if (
|
|
10154
|
+
process.env?.PIP_INSTALL_ARGS?.includes("--python-version")
|
|
10155
|
+
) {
|
|
10156
|
+
console.log(
|
|
10157
|
+
"1. Try invoking cdxgen with a different python version type. Example: `-t python`, `-t python39`, or `-t python311`",
|
|
10158
|
+
);
|
|
10159
|
+
console.log(
|
|
10160
|
+
"2. Try with the experimental flag '--feature-flags safe-pip-install'",
|
|
10161
|
+
);
|
|
10162
|
+
}
|
|
10060
10163
|
} else {
|
|
10061
10164
|
console.log(
|
|
10062
10165
|
"Possible build errors detected. Set the environment variable CDXGEN_DEBUG_MODE=debug to troubleshoot.",
|
|
@@ -10078,9 +10181,6 @@ export function getPipFrozenTree(
|
|
|
10078
10181
|
);
|
|
10079
10182
|
}
|
|
10080
10183
|
const python_cmd_for_tree = get_python_command_from_env(env);
|
|
10081
|
-
if (DEBUG_MODE) {
|
|
10082
|
-
console.log(`Using the python executable ${python_cmd_for_tree}`);
|
|
10083
|
-
}
|
|
10084
10184
|
// This is a slow step that ideally needs to be invoked only once per venv
|
|
10085
10185
|
const tree = getTreeWithPlugin(env, python_cmd_for_tree, basePath);
|
|
10086
10186
|
if (DEBUG_MODE && !tree.length) {
|
|
@@ -10209,9 +10309,6 @@ export function getPipTreeForPackages(
|
|
|
10209
10309
|
console.log("Virtual env creation has failed. Unable to continue.");
|
|
10210
10310
|
return {};
|
|
10211
10311
|
}
|
|
10212
|
-
if (DEBUG_MODE) {
|
|
10213
|
-
console.log("Using the virtual environment", tempVenvDir);
|
|
10214
|
-
}
|
|
10215
10312
|
env.VIRTUAL_ENV = tempVenvDir;
|
|
10216
10313
|
env.PATH = `${join(
|
|
10217
10314
|
tempVenvDir,
|
|
@@ -11680,3 +11777,45 @@ export function isPartialTree(dependencies) {
|
|
|
11680
11777
|
}
|
|
11681
11778
|
return parentsWithChildsCount <= 1;
|
|
11682
11779
|
}
|
|
11780
|
+
|
|
11781
|
+
/**
|
|
11782
|
+
* Re-compute and set the scope based on the dependency tree
|
|
11783
|
+
*
|
|
11784
|
+
* @param {Array} pkgList List of components
|
|
11785
|
+
* @param {Array} dependencies List of dependencies
|
|
11786
|
+
*
|
|
11787
|
+
* @returns {Array} Updated list
|
|
11788
|
+
*/
|
|
11789
|
+
export function recomputeScope(pkgList, dependencies) {
|
|
11790
|
+
const requiredPkgs = {};
|
|
11791
|
+
if (!pkgList || !dependencies) {
|
|
11792
|
+
return pkgList;
|
|
11793
|
+
}
|
|
11794
|
+
for (const pkg of pkgList) {
|
|
11795
|
+
if (!pkg.scope || !pkg["bom-ref"]) {
|
|
11796
|
+
continue;
|
|
11797
|
+
}
|
|
11798
|
+
if (pkg.scope === "required") {
|
|
11799
|
+
requiredPkgs[pkg["bom-ref"]] = true;
|
|
11800
|
+
}
|
|
11801
|
+
}
|
|
11802
|
+
for (const adep of dependencies) {
|
|
11803
|
+
if (requiredPkgs[adep.ref]) {
|
|
11804
|
+
for (const ado of adep.dependsOn) {
|
|
11805
|
+
requiredPkgs[ado] = true;
|
|
11806
|
+
}
|
|
11807
|
+
}
|
|
11808
|
+
}
|
|
11809
|
+
// Prevent marking every component as optional
|
|
11810
|
+
if (!Object.keys(requiredPkgs).length) {
|
|
11811
|
+
return pkgList;
|
|
11812
|
+
}
|
|
11813
|
+
for (const pkg of pkgList) {
|
|
11814
|
+
if (requiredPkgs[pkg["bom-ref"]]) {
|
|
11815
|
+
pkg.scope = "required";
|
|
11816
|
+
} else if (!pkg.scope) {
|
|
11817
|
+
pkg.scope = "optional";
|
|
11818
|
+
}
|
|
11819
|
+
}
|
|
11820
|
+
return pkgList;
|
|
11821
|
+
}
|
package/utils.test.js
CHANGED
|
@@ -3774,6 +3774,7 @@ test("parse poetry.lock", async () => {
|
|
|
3774
3774
|
"./test/data/poetry.lock",
|
|
3775
3775
|
);
|
|
3776
3776
|
expect(retMap.pkgList.length).toEqual(32);
|
|
3777
|
+
expect(retMap.pkgList[2].scope).toEqual("optional");
|
|
3777
3778
|
expect(retMap.dependenciesList.length).toEqual(32);
|
|
3778
3779
|
retMap = await parsePoetrylockData(
|
|
3779
3780
|
readFileSync("./test/data/poetry1.lock", { encoding: "utf-8" }),
|