@cyclonedx/cdxgen 11.0.7 → 11.0.9

package/lib/helpers/utils.test.js

@@ -1,7 +1,7 @@
 import { Buffer } from "node:buffer";
 import { readFileSync } from "node:fs";
 import path from "node:path";
-import { expect, test } from "@jest/globals";
+import { afterAll, beforeAll, describe, expect, test } from "@jest/globals";
 import { parse } from "ssri";
 import {
   buildObjectForGradleModule,
@@ -80,7 +80,7 @@ import {
   parsePrivadoFile,
   parsePubLockData,
   parsePubYamlData,
-  parsePyProjectToml,
+  parsePyProjectTomlFile,
   parsePyRequiresDist,
   parseReqFile,
   parseSbtLock,
@@ -1053,6 +1053,8 @@ test("parseGoSumData", async () => {
     license: undefined,
     version: "v1.21.0",
     _integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
+    "bom-ref": "pkg:golang/google.golang.org/grpc@v1.21.0",
+    purl: "pkg:golang/google.golang.org/grpc@v1.21.0",
   });
   expect(dep_list[1]).toEqual({
     group: "",
@@ -1060,6 +1062,8 @@ test("parseGoSumData", async () => {
     license: undefined,
     version: "v1.0.0",
     _integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
+    "bom-ref": "pkg:golang/github.com/spf13/cobra@v1.0.0",
+    purl: "pkg:golang/github.com/spf13/cobra@v1.0.0",
   });
   expect(dep_list[2]).toEqual({
     group: "",
@@ -1067,6 +1071,8 @@ test("parseGoSumData", async () => {
     license: undefined,
     version: "v1.0.2",
     _integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
+    "bom-ref": "pkg:golang/github.com/spf13/viper@v1.0.2",
+    purl: "pkg:golang/github.com/spf13/viper@v1.0.2",
   });
   expect(dep_list[3]).toEqual({
     group: "",
@@ -1074,12 +1080,436 @@ test("parseGoSumData", async () => {
     license: undefined,
     version: "v1.6.1",
     _integrity: "sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=",
+    "bom-ref": "pkg:golang/github.com/stretchr/testify@v1.6.1",
+    purl: "pkg:golang/github.com/stretchr/testify@v1.6.1",
   });
   dep_list.forEach((d) => {
     expect(d.license);
   });
 }, 120000);
 
+describe("go data with vcs", () => {
+  beforeAll(() => {
+    process.env.GO_FETCH_VCS = "true";
+  });
+  afterAll(() => {
+    delete process.env.GO_FETCH_VCS;
+  });
+  test("parseGoSumData with vcs", async () => {
+    let dep_list = await parseGosumData(null);
+    expect(dep_list).toEqual([]);
+    dep_list = await parseGosumData(
+      readFileSync("./test/gomod/go.sum", { encoding: "utf-8" }),
+    );
+    expect(dep_list.length).toEqual(4);
+    expect(dep_list[0]).toEqual({
+      group: "",
+      name: "google.golang.org/grpc",
+      license: undefined,
+      version: "v1.21.0",
+      _integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
+      "bom-ref": "pkg:golang/google.golang.org/grpc@v1.21.0",
+      purl: "pkg:golang/google.golang.org/grpc@v1.21.0",
+      externalReferences: [
+        {
+          type: "vcs",
+          url: "https://github.com/grpc/grpc-go",
+        },
+      ],
+    });
+    expect(dep_list[1]).toEqual({
+      group: "",
+      name: "github.com/spf13/cobra",
+      license: undefined,
+      version: "v1.0.0",
+      _integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
+      "bom-ref": "pkg:golang/github.com/spf13/cobra@v1.0.0",
+      purl: "pkg:golang/github.com/spf13/cobra@v1.0.0",
+      externalReferences: [
+        {
+          type: "vcs",
+          url: "https://github.com/spf13/cobra",
+        },
+      ],
+    });
+    expect(dep_list[2]).toEqual({
+      group: "",
+      name: "github.com/spf13/viper",
+      license: undefined,
+      version: "v1.0.2",
+      _integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
+      "bom-ref": "pkg:golang/github.com/spf13/viper@v1.0.2",
+      purl: "pkg:golang/github.com/spf13/viper@v1.0.2",
+      externalReferences: [
+        {
+          type: "vcs",
+          url: "https://github.com/spf13/viper",
+        },
+      ],
+    });
+    expect(dep_list[3]).toEqual({
+      group: "",
+      name: "github.com/stretchr/testify",
+      license: undefined,
+      version: "v1.6.1",
+      _integrity: "sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=",
+      "bom-ref": "pkg:golang/github.com/stretchr/testify@v1.6.1",
+      purl: "pkg:golang/github.com/stretchr/testify@v1.6.1",
+      externalReferences: [
+        {
+          type: "vcs",
+          url: "https://github.com/stretchr/testify",
+        },
+      ],
+    });
+    dep_list.forEach((d) => {
+      expect(d.license);
+    });
+  }, 120000);
+
+  test("parseGoModData", async () => {
+    let retMap = await parseGoModData(null);
+    expect(retMap).toEqual({});
+    const gosumMap = {
+      "google.golang.org/grpc@v1.21.0":
+        "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
+      "github.com/aws/aws-sdk-go@v1.38.47": "sha256-fake-sha-for-aws-go-sdk=",
+      "github.com/spf13/cobra@v1.0.0":
+        "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
+      "github.com/spf13/viper@v1.3.0":
+        "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
+      "github.com/stretchr/testify@v1.6.1":
+        "sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=",
+    };
+    retMap = await parseGoModData(
+      readFileSync("./test/gomod/go.mod", { encoding: "utf-8" }),
+      gosumMap,
+    );
+    expect(retMap.pkgList.length).toEqual(6);
+    expect(retMap.pkgList).toEqual([
+      {
+        group: "",
+        name: "github.com/aws/aws-sdk-go",
+        version: "v1.38.47",
+        _integrity: "sha256-fake-sha-for-aws-go-sdk=",
+        purl: "pkg:golang/github.com/aws/aws-sdk-go@v1.38.47",
+        "bom-ref": "pkg:golang/github.com/aws/aws-sdk-go@v1.38.47",
+        externalReferences: [
+          {
+            type: "vcs",
+            url: "https://github.com/aws/aws-sdk-go",
+          },
+        ],
+      },
+      {
+        group: "",
+        name: "github.com/spf13/cobra",
+        version: "v1.0.0",
+        _integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
+        purl: "pkg:golang/github.com/spf13/cobra@v1.0.0",
+        "bom-ref": "pkg:golang/github.com/spf13/cobra@v1.0.0",
+        externalReferences: [
+          {
+            type: "vcs",
+            url: "https://github.com/spf13/cobra",
+          },
+        ],
+      },
+      {
+        group: "",
+        name: "github.com/spf13/viper",
+        version: "v1.0.2",
+        purl: "pkg:golang/github.com/spf13/viper@v1.0.2",
+        "bom-ref": "pkg:golang/github.com/spf13/viper@v1.0.2",
+        externalReferences: [
+          {
+            type: "vcs",
+            url: "https://github.com/spf13/viper",
+          },
+        ],
+      },
+      {
+        group: "",
+        name: "github.com/spf13/viper",
+        version: "v1.3.0",
+        _integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
+        purl: "pkg:golang/github.com/spf13/viper@v1.3.0",
+        "bom-ref": "pkg:golang/github.com/spf13/viper@v1.3.0",
+        externalReferences: [
+          {
+            type: "vcs",
+            url: "https://github.com/spf13/viper",
+          },
+        ],
+      },
+      {
+        group: "",
+        name: "google.golang.org/grpc",
+        version: "v1.21.0",
+        _integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
+        purl: "pkg:golang/google.golang.org/grpc@v1.21.0",
+        "bom-ref": "pkg:golang/google.golang.org/grpc@v1.21.0",
+        externalReferences: [
+          {
+            type: "vcs",
+            url: "https://github.com/grpc/grpc-go",
+          },
+        ],
+      },
+      {
+        group: "",
+        name: "google.golang.org/grpc",
+        version: "v1.32.0",
+        purl: "pkg:golang/google.golang.org/grpc@v1.32.0",
+        "bom-ref": "pkg:golang/google.golang.org/grpc@v1.32.0",
+        externalReferences: [
+          {
+            type: "vcs",
+            url: "https://github.com/grpc/grpc-go",
+          },
+        ],
+      },
+    ]);
+
+    retMap.pkgList.forEach((d) => {
+      expect(d.license);
+    });
+    retMap = await parseGoModData(
+      readFileSync("./test/data/go-dvwa.mod", { encoding: "utf-8" }),
+      {},
+    );
+    expect(retMap.parentComponent).toEqual({
+      "bom-ref": "pkg:golang/github.com/sqreen/go-dvwa",
+      name: "github.com/sqreen/go-dvwa",
+      purl: "pkg:golang/github.com/sqreen/go-dvwa",
+      type: "application",
+    });
+    expect(retMap.pkgList.length).toEqual(19);
+    expect(retMap.rootList.length).toEqual(4);
+    retMap = await parseGoModData(
+      readFileSync("./test/data/go-syft.mod", { encoding: "utf-8" }),
+      {},
+    );
+    expect(retMap.parentComponent).toEqual({
+      "bom-ref": "pkg:golang/github.com/anchore/syft",
+      name: "github.com/anchore/syft",
+      purl: "pkg:golang/github.com/anchore/syft",
+      type: "application",
+    });
+    expect(retMap.pkgList.length).toEqual(239);
+    expect(retMap.rootList.length).toEqual(84);
+  }, 120000);
+});
+
+describe("go data with licenses", () => {
+  beforeAll(() => {
+    process.env.FETCH_LICENSE = "true";
+  });
+  afterAll(() => {
+    delete process.env.FETCH_LICENSE;
+  });
+  test("parseGoSumData with licenses", async () => {
+    let dep_list = await parseGosumData(null);
+    expect(dep_list).toEqual([]);
+    dep_list = await parseGosumData(
+      readFileSync("./test/gomod/go.sum", { encoding: "utf-8" }),
+    );
+    expect(dep_list.length).toEqual(4);
+    expect(dep_list[0]).toEqual({
+      group: "",
+      name: "google.golang.org/grpc",
+      version: "v1.21.0",
+      _integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
+      "bom-ref": "pkg:golang/google.golang.org/grpc@v1.21.0",
+      purl: "pkg:golang/google.golang.org/grpc@v1.21.0",
+      license: [
+        {
+          id: "Apache-2.0",
+          url: "https://pkg.go.dev/google.golang.org/grpc?tab=licenses",
+        },
+      ],
+    });
+    expect(dep_list[1]).toEqual({
+      group: "",
+      name: "github.com/spf13/cobra",
+      version: "v1.0.0",
+      _integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
+      "bom-ref": "pkg:golang/github.com/spf13/cobra@v1.0.0",
+      purl: "pkg:golang/github.com/spf13/cobra@v1.0.0",
+      license: [
+        {
+          id: "Apache-2.0",
+          url: "https://pkg.go.dev/github.com/spf13/cobra?tab=licenses",
+        },
+      ],
+    });
+    expect(dep_list[2]).toEqual({
+      group: "",
+      name: "github.com/spf13/viper",
+      version: "v1.0.2",
+      _integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
+      "bom-ref": "pkg:golang/github.com/spf13/viper@v1.0.2",
+      purl: "pkg:golang/github.com/spf13/viper@v1.0.2",
+      license: [
+        {
+          id: "MIT",
+          url: "https://pkg.go.dev/github.com/spf13/viper?tab=licenses",
+        },
+      ],
+    });
+    expect(dep_list[3]).toEqual({
+      group: "",
+      name: "github.com/stretchr/testify",
+      version: "v1.6.1",
+      _integrity: "sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=",
+      "bom-ref": "pkg:golang/github.com/stretchr/testify@v1.6.1",
+      purl: "pkg:golang/github.com/stretchr/testify@v1.6.1",
+      license: [
+        {
+          id: "MIT",
+          url: "https://pkg.go.dev/github.com/stretchr/testify?tab=licenses",
+        },
+      ],
+    });
+    dep_list.forEach((d) => {
+      expect(d.license);
+    });
+  }, 120000);
+
+  test("parseGoModData with licenses", async () => {
+    let retMap = await parseGoModData(null);
+    expect(retMap).toEqual({});
+    const gosumMap = {
+      "google.golang.org/grpc@v1.21.0":
+        "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
+      "github.com/aws/aws-sdk-go@v1.38.47": "sha256-fake-sha-for-aws-go-sdk=",
+      "github.com/spf13/cobra@v1.0.0":
+        "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
+      "github.com/spf13/viper@v1.3.0":
+        "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
+      "github.com/stretchr/testify@v1.6.1":
+        "sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=",
+    };
+    retMap = await parseGoModData(
+      readFileSync("./test/gomod/go.mod", { encoding: "utf-8" }),
+      gosumMap,
+    );
+    expect(retMap.pkgList.length).toEqual(6);
+    expect(retMap.pkgList).toEqual([
+      {
+        group: "",
+        name: "github.com/aws/aws-sdk-go",
+        version: "v1.38.47",
+        _integrity: "sha256-fake-sha-for-aws-go-sdk=",
+        purl: "pkg:golang/github.com/aws/aws-sdk-go@v1.38.47",
+        "bom-ref": "pkg:golang/github.com/aws/aws-sdk-go@v1.38.47",
+        license: [
+          {
+            id: "Apache-2.0",
+            url: "https://pkg.go.dev/github.com/aws/aws-sdk-go?tab=licenses",
+          },
+        ],
+      },
+      {
+        group: "",
+        name: "github.com/spf13/cobra",
+        version: "v1.0.0",
+        _integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
+        purl: "pkg:golang/github.com/spf13/cobra@v1.0.0",
+        "bom-ref": "pkg:golang/github.com/spf13/cobra@v1.0.0",
+        license: [
+          {
+            id: "Apache-2.0",
+            url: "https://pkg.go.dev/github.com/spf13/cobra?tab=licenses",
+          },
+        ],
+      },
+      {
+        group: "",
+        name: "github.com/spf13/viper",
+        version: "v1.0.2",
+        purl: "pkg:golang/github.com/spf13/viper@v1.0.2",
+        "bom-ref": "pkg:golang/github.com/spf13/viper@v1.0.2",
+        license: [
+          {
+            id: "MIT",
+            url: "https://pkg.go.dev/github.com/spf13/viper?tab=licenses",
+          },
+        ],
+      },
+      {
+        group: "",
+        name: "github.com/spf13/viper",
+        version: "v1.3.0",
+        _integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
+        purl: "pkg:golang/github.com/spf13/viper@v1.3.0",
+        "bom-ref": "pkg:golang/github.com/spf13/viper@v1.3.0",
+        license: [
+          {
+            id: "MIT",
+            url: "https://pkg.go.dev/github.com/spf13/viper?tab=licenses",
+          },
+        ],
+      },
+      {
+        group: "",
+        name: "google.golang.org/grpc",
+        version: "v1.21.0",
+        _integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
+        purl: "pkg:golang/google.golang.org/grpc@v1.21.0",
+        "bom-ref": "pkg:golang/google.golang.org/grpc@v1.21.0",
+        license: [
+          {
+            id: "Apache-2.0",
+            url: "https://pkg.go.dev/google.golang.org/grpc?tab=licenses",
+          },
+        ],
+      },
+      {
+        group: "",
+        name: "google.golang.org/grpc",
+        version: "v1.32.0",
+        purl: "pkg:golang/google.golang.org/grpc@v1.32.0",
+        "bom-ref": "pkg:golang/google.golang.org/grpc@v1.32.0",
+        license: [
+          {
+            id: "Apache-2.0",
+            url: "https://pkg.go.dev/google.golang.org/grpc?tab=licenses",
+          },
+        ],
+      },
+    ]);
+
+    retMap.pkgList.forEach((d) => {
+      expect(d.license);
+    });
+    retMap = await parseGoModData(
+      readFileSync("./test/data/go-dvwa.mod", { encoding: "utf-8" }),
+      {},
+    );
+    expect(retMap.parentComponent).toEqual({
+      "bom-ref": "pkg:golang/github.com/sqreen/go-dvwa",
+      name: "github.com/sqreen/go-dvwa",
+      purl: "pkg:golang/github.com/sqreen/go-dvwa",
+      type: "application",
+    });
+    expect(retMap.pkgList.length).toEqual(19);
+    expect(retMap.rootList.length).toEqual(4);
+    retMap = await parseGoModData(
+      readFileSync("./test/data/go-syft.mod", { encoding: "utf-8" }),
+      {},
+    );
+    expect(retMap.parentComponent).toEqual({
+      "bom-ref": "pkg:golang/github.com/anchore/syft",
+      name: "github.com/anchore/syft",
+      purl: "pkg:golang/github.com/anchore/syft",
+      type: "application",
+    });
+    expect(retMap.pkgList.length).toEqual(239);
+    expect(retMap.rootList.length).toEqual(84);
+  }, 120000);
+});
+
 test("parse go list dependencies", async () => {
   const retMap = await parseGoListDep(
     readFileSync("./test/data/golist-dep.txt", { encoding: "utf-8" }),
@@ -2928,12 +3358,12 @@ test("parsePkgLock v3", async () => {
     "sha512-s93jiP6GkRApn5duComx6RLwtP23YrulPxShz+8peX7svd6Q+MS8nKLhKCCazbP92C13eTVaIOxgeLt0ezIiCg==",
   );
   expect(deps[0]).toEqual({
-    "bom-ref": "pkg:npm/cdxgen@latest",
-    purl: "pkg:npm/cdxgen@latest",
+    "bom-ref": "pkg:npm/clase-21---jwt@latest",
+    purl: "pkg:npm/clase-21---jwt@latest",
     group: "",
     author: "",
     license: "ISC",
-    name: "cdxgen",
+    name: "clase-21---jwt",
     type: "application",
     version: "latest",
   });
@@ -3298,8 +3728,8 @@ test("parsePnpmLock", async () => {
   expect(parsedList.dependenciesList).toHaveLength(462);
   expect(parsedList.pkgList.filter((pkg) => !pkg.scope)).toHaveLength(3);
   parsedList = await parsePnpmLock("./pnpm-lock.yaml");
-  expect(parsedList.pkgList.length).toEqual(627);
-  expect(parsedList.dependenciesList.length).toEqual(627);
+  expect(parsedList.pkgList.length).toEqual(625);
+  expect(parsedList.dependenciesList.length).toEqual(625);
   expect(parsedList.pkgList[0]).toEqual({
     group: "@ampproject",
     name: "remapping",
@@ -4102,41 +4532,207 @@ test("parse requirements.txt", async () => {
 });
 
 test("parse pyproject.toml", () => {
-  let pkg = parsePyProjectToml("./test/data/pyproject.toml");
-  expect(pkg).toEqual({
-    name: "cpggen",
-    version: "1.9.0",
+  let retMap = parsePyProjectTomlFile("./test/data/pyproject.toml");
+  expect(retMap.parentComponent).toEqual({
+    author: "Team AppThreat <cloud@appthreat.com>",
+    "bom-ref": "pkg:pypi/cpggen@1.9.0",
     description:
       "Generate CPG for multiple languages for code and threat analysis",
-    author: "Team AppThreat <cloud@appthreat.com>",
-    homepage: { url: "https://github.com/AppThreat/cpggen" },
-    repository: { url: "https://github.com/AppThreat/cpggen" },
+    evidence: {
+      identity: {
+        confidence: 1,
+        field: "purl",
+        methods: [
+          {
+            confidence: 1,
+            technique: "manifest-analysis",
+            value: "./test/data/pyproject.toml",
+          },
+        ],
+      },
+    },
+    homepage: {
+      url: "https://github.com/AppThreat/cpggen",
+    },
+    license: "Apache-2.0",
+    name: "cpggen",
+    purl: "pkg:pypi/cpggen@1.9.0",
+    repository: {
+      url: "https://github.com/AppThreat/cpggen",
+    },
+    tags: [
+      "atom",
+      "code analysis",
+      "code property graph",
+      "cpg",
+      "joern",
+      "static analysis",
+      "threat analysis",
+    ],
+    type: "application",
+    version: "1.9.0",
   });
-  pkg = parsePyProjectToml("./test/data/pyproject-author-comma.toml");
-  expect(pkg).toEqual({
-    name: "rasa",
-    version: "3.7.0a1",
+  expect(retMap.poetryMode).toBeTruthy();
+  retMap = parsePyProjectTomlFile("./test/data/pyproject-author-comma.toml");
+  expect(retMap.parentComponent).toEqual({
+    author: "Rasa Technologies GmbH <hi@rasa.com>",
+    "bom-ref": "pkg:pypi/rasa@3.7.0a1",
+    purl: "pkg:pypi/rasa@3.7.0a1",
+    evidence: {
+      identity: {
+        confidence: 1,
+        field: "purl",
+        methods: [
+          {
+            confidence: 1,
+            technique: "manifest-analysis",
+            value: "./test/data/pyproject-author-comma.toml",
+          },
+        ],
+      },
+    },
     description:
       "Open source machine learning framework to automate text- and voice-based conversations: NLU, dialogue management, connect to Slack, Facebook, and more - Create chatbots and voice assistants",
-    author: "Rasa Technologies GmbH <hi@rasa.com>",
-    homepage: { url: "https://rasa.com" },
-    repository: { url: "https://github.com/rasahq/rasa" },
+    homepage: {
+      url: "https://rasa.com",
+    },
+    license: "Apache-2.0",
+    name: "rasa",
+    repository: {
+      url: "https://github.com/rasahq/rasa",
+    },
+    tags: [
+      "bot",
+      "bot-framework",
+      "botkit",
+      "bots",
+      "chatbot",
+      "chatbot-framework",
+      "conversational-ai",
+      "machine-learning",
+      "machine-learning-library",
+      "nlp",
+      "rasa conversational-agents",
+    ],
+    type: "application",
+    version: "3.7.0a1",
+  });
+  expect(Object.keys(retMap.directDepsKeys).length).toEqual(86);
+  expect(Object.keys(retMap.groupDepsKeys).length).toEqual(36);
+  retMap = parsePyProjectTomlFile("./test/data/pyproject_uv.toml");
+  expect(retMap.parentComponent).toEqual({
+    authors: [
+      {
+        email: "redowan.nafi@gmail.com",
+        name: "Redowan Delowar",
+      },
+    ],
+    "bom-ref": "pkg:pypi/fastapi-nano@0.1.0",
+    purl: "pkg:pypi/fastapi-nano@0.1.0",
+    description: "A minimal FastAPI project template.",
+    evidence: {
+      identity: {
+        confidence: 1,
+        field: "purl",
+        methods: [
+          {
+            confidence: 1,
+            technique: "manifest-analysis",
+            value: "./test/data/pyproject_uv.toml",
+          },
+        ],
+      },
+    },
+    name: "fastapi-nano",
+    tags: ["cookiecutter", "docker", "fastapi", "minimal", "template"],
+    version: "0.1.0",
+    type: "application",
+    properties: [
+      {
+        name: "cdx:pypi:requiresPython",
+        value: ">=3.11",
+      },
+    ],
+  });
+  retMap = parsePyProjectTomlFile("./test/data/pyproject_uv2.toml");
+  expect(retMap.parentComponent).toEqual({
+    name: "una-root",
+    evidence: {
+      identity: {
+        confidence: 1,
+        field: "purl",
+        methods: [
+          {
+            confidence: 1,
+            technique: "manifest-analysis",
+            value: "./test/data/pyproject_uv2.toml",
+          },
+        ],
+      },
+    },
+    "bom-ref": "pkg:pypi/una-root@0",
+    purl: "pkg:pypi/una-root@0",
+    properties: [
+      {
+        name: "cdx:pypi:requiresPython",
+        value: ">=3.11",
+      },
+    ],
+    version: "0",
+    type: "application",
+  });
+  expect(retMap.uvMode).toBeTruthy();
+  expect(retMap.directDepsKeys).toEqual({
+    "hatch-una": true,
+    una: true,
   });
 });
 
 test("parse pyproject.toml with custom poetry source", () => {
-  const pkg = parsePyProjectToml(
+  const retMap = parsePyProjectTomlFile(
     "./test/data/pyproject_with_custom_poetry_source.toml",
   );
-  expect(pkg).toEqual({
-    name: "cpggen",
-    version: "1.9.0",
+  expect(retMap.parentComponent).toEqual({
+    author: "Team AppThreat <cloud@appthreat.com>",
+    "bom-ref": "pkg:pypi/cpggen@1.9.0",
+    purl: "pkg:pypi/cpggen@1.9.0",
     description:
       "Generate CPG for multiple languages for code and threat analysis",
-    author: "Team AppThreat <cloud@appthreat.com>",
-    homepage: { url: "https://github.com/AppThreat/cpggen" },
-    repository: { url: "https://github.com/AppThreat/cpggen" },
+    evidence: {
+      identity: {
+        confidence: 1,
+        field: "purl",
+        methods: [
+          {
+            confidence: 1,
+            technique: "manifest-analysis",
+            value: "./test/data/pyproject_with_custom_poetry_source.toml",
+          },
+        ],
+      },
+    },
+    homepage: {
+      url: "https://github.com/AppThreat/cpggen",
+    },
+    license: "Apache-2.0",
+    name: "cpggen",
+    repository: {
+      url: "https://github.com/AppThreat/cpggen",
+    },
+    tags: [
+      "atom",
+      "code analysis",
+      "code property graph",
+      "cpg",
+      "joern",
+      "static analysis",
+      "threat analysis",
+    ],
+    version: "1.9.0",
+    type: "application",
   });
+  expect(retMap.poetryMode).toBeTruthy();
+  expect(Object.keys(retMap.directDepsKeys).length).toEqual(6);
 });
 
 test("parse poetry.lock", async () => {
@@ -4165,6 +4761,12 @@ test("parse poetry.lock", async () => {
   );
   expect(retMap.pkgList.length).toEqual(39);
   expect(retMap.dependenciesList.length).toEqual(37);
+  retMap = await parsePoetrylockData(
+    readFileSync("./test/data/uv.lock", { encoding: "utf-8" }),
+    "./test/data/uv.lock",
+  );
+  expect(retMap.pkgList.length).toEqual(63);
+  expect(retMap.dependenciesList.length).toEqual(63);
 }, 120000);
 
 test("parse wheel metadata", () => {