@cyclonedx/cdxgen 11.3.0 → 11.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/cdxgen.js +16 -11
- package/bin/evinse.js +1 -1
- package/bin/verify.js +22 -3
- package/lib/cli/index.js +8 -1
- package/lib/helpers/envcontext.js +1 -1
- package/lib/helpers/utils.js +177 -67
- package/lib/helpers/utils.test.js +27 -4
- package/lib/managers/docker.js +3 -0
- package/lib/managers/oci.js +66 -0
- package/package.json +3 -3
- package/types/lib/cli/index.d.ts.map +1 -1
- package/types/lib/helpers/utils.d.ts +1 -0
- package/types/lib/helpers/utils.d.ts.map +1 -1
- package/types/lib/managers/docker.d.ts.map +1 -1
- package/types/lib/managers/oci.d.ts +2 -0
- package/types/lib/managers/oci.d.ts.map +1 -0
package/bin/cdxgen.js
CHANGED
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
|
-
|
|
2
|
+
import { Buffer } from "node:buffer";
|
|
3
3
|
import crypto from "node:crypto";
|
|
4
4
|
import fs from "node:fs";
|
|
5
5
|
import { basename, dirname, join, resolve } from "node:path";
|
|
6
6
|
import process from "node:process";
|
|
7
|
-
import { URL } from "node:url";
|
|
8
7
|
import { findUpSync } from "find-up";
|
|
9
8
|
import globalAgent from "global-agent";
|
|
10
|
-
import { load as _load } from "js-yaml";
|
|
11
9
|
import jws from "jws";
|
|
10
|
+
import { parse as _load } from "yaml";
|
|
12
11
|
import { createBom, submitBom } from "../lib/cli/index.js";
|
|
13
12
|
import {
|
|
14
13
|
printCallStack,
|
|
@@ -781,6 +780,13 @@ const checkPermissions = (filePath, options) => {
|
|
|
781
780
|
return true;
|
|
782
781
|
};
|
|
783
782
|
|
|
783
|
+
const needsBomSigning = ({ generateKeyAndSign }) =>
|
|
784
|
+
generateKeyAndSign ||
|
|
785
|
+
(process.env.SBOM_SIGN_ALGORITHM &&
|
|
786
|
+
process.env.SBOM_SIGN_ALGORITHM !== "none" &&
|
|
787
|
+
process.env.SBOM_SIGN_PRIVATE_KEY &&
|
|
788
|
+
safeExistsSync(process.env.SBOM_SIGN_PRIVATE_KEY));
|
|
789
|
+
|
|
784
790
|
/**
|
|
785
791
|
* Method to start the bom creation process
|
|
786
792
|
*/
|
|
@@ -838,14 +844,7 @@ const checkPermissions = (filePath, options) => {
|
|
|
838
844
|
thoughtLog(`Let's save the file to "${jsonFile}".`);
|
|
839
845
|
}
|
|
840
846
|
}
|
|
841
|
-
if (
|
|
842
|
-
jsonPayload &&
|
|
843
|
-
(options.generateKeyAndSign ||
|
|
844
|
-
(process.env.SBOM_SIGN_ALGORITHM &&
|
|
845
|
-
process.env.SBOM_SIGN_ALGORITHM !== "none" &&
|
|
846
|
-
process.env.SBOM_SIGN_PRIVATE_KEY &&
|
|
847
|
-
safeExistsSync(process.env.SBOM_SIGN_PRIVATE_KEY)))
|
|
848
|
-
) {
|
|
847
|
+
if (jsonPayload && needsBomSigning(options)) {
|
|
849
848
|
let alg = process.env.SBOM_SIGN_ALGORITHM || "RS512";
|
|
850
849
|
if (alg.includes("none")) {
|
|
851
850
|
alg = "RS512";
|
|
@@ -857,6 +856,7 @@ const checkPermissions = (filePath, options) => {
|
|
|
857
856
|
const jdirName = dirname(jsonFile);
|
|
858
857
|
publicKeyFile = join(jdirName, "public.key");
|
|
859
858
|
const privateKeyFile = join(jdirName, "private.key");
|
|
859
|
+
const privateKeyB64File = join(jdirName, "private.key.base64");
|
|
860
860
|
const { privateKey, publicKey } = crypto.generateKeyPairSync("rsa", {
|
|
861
861
|
modulusLength: 4096,
|
|
862
862
|
publicKeyEncoding: {
|
|
@@ -870,10 +870,15 @@ const checkPermissions = (filePath, options) => {
|
|
|
870
870
|
});
|
|
871
871
|
fs.writeFileSync(publicKeyFile, publicKey);
|
|
872
872
|
fs.writeFileSync(privateKeyFile, privateKey);
|
|
873
|
+
fs.writeFileSync(
|
|
874
|
+
privateKeyB64File,
|
|
875
|
+
Buffer.from(privateKey, "utf8").toString("base64"),
|
|
876
|
+
);
|
|
873
877
|
console.log(
|
|
874
878
|
"Created public/private key pairs for testing purposes",
|
|
875
879
|
publicKeyFile,
|
|
876
880
|
privateKeyFile,
|
|
881
|
+
privateKeyB64File,
|
|
877
882
|
);
|
|
878
883
|
privateKeyToUse = privateKey;
|
|
879
884
|
jwkPublicKey = crypto
|
package/bin/evinse.js
CHANGED
|
@@ -3,7 +3,7 @@
|
|
|
3
3
|
import fs from "node:fs";
|
|
4
4
|
import process from "node:process";
|
|
5
5
|
import { findUpSync } from "find-up";
|
|
6
|
-
import {
|
|
6
|
+
import { parse as _load } from "yaml";
|
|
7
7
|
// Evinse (Evinse Verification Is Nearly SBOM Evidence)
|
|
8
8
|
import yargs from "yargs";
|
|
9
9
|
import { hideBin } from "yargs/helpers";
|
package/bin/verify.js
CHANGED
|
@@ -3,11 +3,11 @@
|
|
|
3
3
|
import fs from "node:fs";
|
|
4
4
|
import { join } from "node:path";
|
|
5
5
|
import process from "node:process";
|
|
6
|
-
import { URL } from "node:url";
|
|
7
6
|
import jws from "jws";
|
|
8
7
|
import yargs from "yargs";
|
|
9
8
|
import { hideBin } from "yargs/helpers";
|
|
10
9
|
import { dirNameStr } from "../lib/helpers/utils.js";
|
|
10
|
+
import { getBomWithOras } from "../lib/managers/oci.js";
|
|
11
11
|
|
|
12
12
|
const dirName = dirNameStr;
|
|
13
13
|
|
|
@@ -26,6 +26,7 @@ const args = yargs(hideBin(process.argv))
|
|
|
26
26
|
.scriptName("cdx-verify")
|
|
27
27
|
.version()
|
|
28
28
|
.help("h")
|
|
29
|
+
.alias("h", "help")
|
|
29
30
|
.wrap(Math.min(120, yargs().terminalWidth())).argv;
|
|
30
31
|
|
|
31
32
|
if (args.version) {
|
|
@@ -43,7 +44,25 @@ if (process.env?.CDXGEN_NODE_OPTIONS) {
|
|
|
43
44
|
process.env.NODE_OPTIONS = `${process.env.NODE_OPTIONS || ""} ${process.env.CDXGEN_NODE_OPTIONS}`;
|
|
44
45
|
}
|
|
45
46
|
|
|
46
|
-
|
|
47
|
+
function getBom(args) {
|
|
48
|
+
if (fs.existsSync(args.input)) {
|
|
49
|
+
return JSON.parse(fs.readFileSync(args.input, "utf8"));
|
|
50
|
+
}
|
|
51
|
+
if (
|
|
52
|
+
args.input.includes(":") ||
|
|
53
|
+
args.input.includes("docker") ||
|
|
54
|
+
args.input.includes("ghcr")
|
|
55
|
+
) {
|
|
56
|
+
return getBomWithOras(args.input);
|
|
57
|
+
}
|
|
58
|
+
return undefined;
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
const bomJson = getBom(args);
|
|
62
|
+
if (!bomJson) {
|
|
63
|
+
console.log(`${args.input} is invalid!`);
|
|
64
|
+
process.exit(1);
|
|
65
|
+
}
|
|
47
66
|
let hasInvalidComp = false;
|
|
48
67
|
// Validate any component signature
|
|
49
68
|
for (const comp of bomJson.components) {
|
|
@@ -77,7 +96,7 @@ if (!bomSignature) {
|
|
|
77
96
|
if (validationResult) {
|
|
78
97
|
console.log("Signature is valid!");
|
|
79
98
|
} else {
|
|
80
|
-
console.log("
|
|
99
|
+
console.log("BOM signature is invalid!");
|
|
81
100
|
process.exit(1);
|
|
82
101
|
}
|
|
83
102
|
}
|
package/lib/cli/index.js
CHANGED
|
@@ -16,12 +16,12 @@ import { platform as _platform, arch, homedir } from "node:os";
|
|
|
16
16
|
import { basename, dirname, join, relative, resolve, sep } from "node:path";
|
|
17
17
|
import process from "node:process";
|
|
18
18
|
import got from "got";
|
|
19
|
-
import { load as loadYaml } from "js-yaml";
|
|
20
19
|
import { PackageURL } from "packageurl-js";
|
|
21
20
|
import { gte, lte } from "semver";
|
|
22
21
|
import { parse } from "ssri";
|
|
23
22
|
import { table } from "table";
|
|
24
23
|
import { v4 as uuidv4 } from "uuid";
|
|
24
|
+
import { parse as loadYaml } from "yaml";
|
|
25
25
|
import { findJSImportsExports } from "../helpers/analyzer.js";
|
|
26
26
|
import { collectOSCryptoLibs } from "../helpers/cbomutils.js";
|
|
27
27
|
import {
|
|
@@ -119,6 +119,7 @@ import {
|
|
|
119
119
|
parseGoModData,
|
|
120
120
|
parseGoModGraph,
|
|
121
121
|
parseGoModWhy,
|
|
122
|
+
parseGoModulesTxt,
|
|
122
123
|
parseGopkgData,
|
|
123
124
|
parseGosumData,
|
|
124
125
|
parseGradleDep,
|
|
@@ -4223,6 +4224,12 @@ export async function createGoBom(path, options) {
|
|
|
4223
4224
|
`${options.multiProject ? "**/" : ""}go.mod`,
|
|
4224
4225
|
options,
|
|
4225
4226
|
);
|
|
4227
|
+
// Collect any vendored dependencies
|
|
4228
|
+
const modulesTxtFiles = getAllFiles(path, "vendor/**/modules.txt", options);
|
|
4229
|
+
for (const f of modulesTxtFiles) {
|
|
4230
|
+
const dlist = await parseGoModulesTxt(f, gosumMap);
|
|
4231
|
+
pkgList = pkgList.concat(dlist);
|
|
4232
|
+
}
|
|
4226
4233
|
if (gomodFiles.length) {
|
|
4227
4234
|
let shouldManuallyParse = false;
|
|
4228
4235
|
// Use the go list -deps and go mod why commands to generate a good quality BOM for non-docker invocations
|
|
@@ -30,7 +30,7 @@ export const GIT_COMMAND = process.env.GIT_CMD || "git";
|
|
|
30
30
|
// sdkman tool aliases
|
|
31
31
|
export const SDKMAN_JAVA_TOOL_ALIASES = {
|
|
32
32
|
java8: process.env.JAVA8_TOOL || "8.0.452-amzn", // Temurin no longer offers java8 :(
|
|
33
|
-
java11: process.env.JAVA11_TOOL || "11.0.
|
|
33
|
+
java11: process.env.JAVA11_TOOL || "11.0.27-tem",
|
|
34
34
|
java17: process.env.JAVA17_TOOL || "17.0.15-tem",
|
|
35
35
|
java21: process.env.JAVA21_TOOL || "21.0.7-tem",
|
|
36
36
|
java22: process.env.JAVA22_TOOL || "22.0.2-tem",
|
package/lib/helpers/utils.js
CHANGED
|
@@ -35,7 +35,6 @@ import { parseEDNString } from "edn-data";
|
|
|
35
35
|
import { globSync } from "glob";
|
|
36
36
|
import got from "got";
|
|
37
37
|
import iconv from "iconv-lite";
|
|
38
|
-
import { load as _load } from "js-yaml";
|
|
39
38
|
import StreamZip from "node-stream-zip";
|
|
40
39
|
import { PackageURL } from "packageurl-js";
|
|
41
40
|
import propertiesReader from "properties-reader";
|
|
@@ -50,6 +49,7 @@ import {
|
|
|
50
49
|
} from "semver";
|
|
51
50
|
import { IriValidationStrategy, validateIri } from "validate-iri";
|
|
52
51
|
import { xml2js } from "xml-js";
|
|
52
|
+
import { parse as _load } from "yaml";
|
|
53
53
|
import { getTreeWithPlugin } from "../managers/piptree.js";
|
|
54
54
|
import { thoughtLog } from "./logger.js";
|
|
55
55
|
|
|
@@ -5029,6 +5029,7 @@ export async function parsePyLockData(lockData, lockFile, pyProjectFile) {
|
|
|
5029
5029
|
let parentComponent;
|
|
5030
5030
|
let workspacePaths;
|
|
5031
5031
|
let workspaceWarningShown = false;
|
|
5032
|
+
let hasWorkspaces = false;
|
|
5032
5033
|
// Keep track of any workspace components to be added to the parent component
|
|
5033
5034
|
const workspaceComponentMap = {};
|
|
5034
5035
|
const workspacePyProjMap = {};
|
|
@@ -5053,6 +5054,9 @@ export async function parsePyLockData(lockData, lockFile, pyProjectFile) {
|
|
|
5053
5054
|
parentComponent = pyProjMap.parentComponent;
|
|
5054
5055
|
workspacePaths = pyProjMap.workspacePaths;
|
|
5055
5056
|
if (workspacePaths?.length) {
|
|
5057
|
+
if (!hasWorkspaces) {
|
|
5058
|
+
hasWorkspaces = true;
|
|
5059
|
+
}
|
|
5056
5060
|
// Parent component is going to have children
|
|
5057
5061
|
parentComponent.components = [];
|
|
5058
5062
|
for (const awpath of workspacePaths) {
|
|
@@ -5136,6 +5140,9 @@ export async function parsePyLockData(lockData, lockFile, pyProjectFile) {
|
|
|
5136
5140
|
// Check for workspaces
|
|
5137
5141
|
if (lockTomlObj?.manifest?.members) {
|
|
5138
5142
|
const workspaceMembers = lockTomlObj.manifest.members;
|
|
5143
|
+
if (workspaceMembers && !hasWorkspaces) {
|
|
5144
|
+
hasWorkspaces = true;
|
|
5145
|
+
}
|
|
5139
5146
|
for (const amember of workspaceMembers) {
|
|
5140
5147
|
if (amember === parentComponent.name) {
|
|
5141
5148
|
continue;
|
|
@@ -5286,7 +5293,7 @@ export async function parsePyLockData(lockData, lockFile, pyProjectFile) {
|
|
|
5286
5293
|
}
|
|
5287
5294
|
if (
|
|
5288
5295
|
directDepsKeys[pkg.name] ||
|
|
5289
|
-
!Object.keys(workspaceComponentMap).length
|
|
5296
|
+
(hasWorkspaces && !Object.keys(workspaceComponentMap).length)
|
|
5290
5297
|
) {
|
|
5291
5298
|
rootList.push(pkg);
|
|
5292
5299
|
}
|
|
@@ -6257,6 +6264,7 @@ export async function parseGoModData(goModData, gosumMap) {
|
|
|
6257
6264
|
const parentComponent = {};
|
|
6258
6265
|
const rootList = [];
|
|
6259
6266
|
let isModReplacement = false;
|
|
6267
|
+
let isTool = false;
|
|
6260
6268
|
|
|
6261
6269
|
if (!goModData) {
|
|
6262
6270
|
return {};
|
|
@@ -6265,7 +6273,7 @@ export async function parseGoModData(goModData, gosumMap) {
|
|
|
6265
6273
|
const pkgs = goModData.split("\n");
|
|
6266
6274
|
for (let l of pkgs) {
|
|
6267
6275
|
// Windows of course
|
|
6268
|
-
l = l.replace("\r", "");
|
|
6276
|
+
l = l.replace("\r", "").replace(/[\t ]+/g, " ");
|
|
6269
6277
|
// Capture the parent component name from the module
|
|
6270
6278
|
if (l.startsWith("module ")) {
|
|
6271
6279
|
parentComponent.name = l.split(" ").pop().trim();
|
|
@@ -6276,9 +6284,28 @@ export async function parseGoModData(goModData, gosumMap) {
|
|
|
6276
6284
|
parentComponent["bom-ref"] = decodeURIComponent(parentComponent["purl"]);
|
|
6277
6285
|
continue;
|
|
6278
6286
|
}
|
|
6287
|
+
|
|
6288
|
+
// The `tool` block dependency relations will be recorded into `require` block(need run `go mod tidy`), just ignore that
|
|
6289
|
+
if (l.includes("tool (")) {
|
|
6290
|
+
isTool = !l.includes(")");
|
|
6291
|
+
continue;
|
|
6292
|
+
}
|
|
6293
|
+
if (l.includes(")")) {
|
|
6294
|
+
isTool = false;
|
|
6295
|
+
continue;
|
|
6296
|
+
}
|
|
6297
|
+
if (l.includes("tool ")) {
|
|
6298
|
+
continue;
|
|
6299
|
+
}
|
|
6300
|
+
if (isTool) {
|
|
6301
|
+
continue;
|
|
6302
|
+
}
|
|
6303
|
+
|
|
6279
6304
|
// Skip go.mod file headers, whitespace, and/or comments
|
|
6280
6305
|
if (
|
|
6281
6306
|
l.startsWith("go ") ||
|
|
6307
|
+
//TODO: should toolchain be considered as a dependency
|
|
6308
|
+
l.startsWith("toolchain ") ||
|
|
6282
6309
|
l.includes(")") ||
|
|
6283
6310
|
l.trim() === "" ||
|
|
6284
6311
|
l.trim().startsWith("//")
|
|
@@ -6346,6 +6373,32 @@ export async function parseGoModData(goModData, gosumMap) {
|
|
|
6346
6373
|
};
|
|
6347
6374
|
}
|
|
6348
6375
|
|
|
6376
|
+
export async function parseGoModulesTxt(txtFile, gosumMap) {
|
|
6377
|
+
const pkgList = [];
|
|
6378
|
+
const txtData = readFileSync(txtFile, { encoding: "utf-8" });
|
|
6379
|
+
const pkgs = txtData
|
|
6380
|
+
.split("\n")
|
|
6381
|
+
.filter((p) => p.trim().replace(/["']/g, "").startsWith("# "));
|
|
6382
|
+
for (const l of pkgs) {
|
|
6383
|
+
// # cel.dev/expr v0.18.0
|
|
6384
|
+
const tmpA = l.split(" ");
|
|
6385
|
+
if (!tmpA.length === 3) {
|
|
6386
|
+
continue;
|
|
6387
|
+
}
|
|
6388
|
+
const version = tmpA[2];
|
|
6389
|
+
const gosumHash = gosumMap[`${tmpA[1]}@${version}`];
|
|
6390
|
+
const component = await getGoPkgComponent("", tmpA[1], tmpA[2], gosumHash);
|
|
6391
|
+
let confidence = 0.7;
|
|
6392
|
+
if (gosumHash) {
|
|
6393
|
+
component.scope = "required";
|
|
6394
|
+
} else {
|
|
6395
|
+
confidence = 0.3;
|
|
6396
|
+
}
|
|
6397
|
+
pkgList.push(_addGoComponentEvidence(component, txtFile, confidence));
|
|
6398
|
+
}
|
|
6399
|
+
return pkgList;
|
|
6400
|
+
}
|
|
6401
|
+
|
|
6349
6402
|
/**
|
|
6350
6403
|
* Parse go list output
|
|
6351
6404
|
*
|
|
@@ -6358,10 +6411,11 @@ export async function parseGoListDep(rawOutput, gosumMap) {
|
|
|
6358
6411
|
const deps = [];
|
|
6359
6412
|
if (typeof rawOutput === "string") {
|
|
6360
6413
|
const keys_cache = {};
|
|
6361
|
-
const pkgs = rawOutput
|
|
6414
|
+
const pkgs = rawOutput
|
|
6415
|
+
.split("\n")
|
|
6416
|
+
.filter((p) => p.trim().replace(/["']/g, "").length);
|
|
6362
6417
|
for (const l of pkgs) {
|
|
6363
6418
|
const verArr = l.trim().replace(/["']/g, "").split(" ");
|
|
6364
|
-
|
|
6365
6419
|
if (verArr && verArr.length >= 5) {
|
|
6366
6420
|
const key = `${verArr[0]}-${verArr[1]}`;
|
|
6367
6421
|
// Filter duplicates
|
|
@@ -12245,19 +12299,27 @@ export async function parsePodfileLock(podfileLock, projectPath) {
|
|
|
12245
12299
|
: dependency.metadata.name;
|
|
12246
12300
|
if (podfileLock["EXTERNAL SOURCES"]?.[podName]) {
|
|
12247
12301
|
const externalPod = podfileLock["EXTERNAL SOURCES"][podName];
|
|
12248
|
-
if (externalPod[":
|
|
12249
|
-
|
|
12302
|
+
if (externalPod[":git"]) {
|
|
12303
|
+
let projectRepo = externalPod[":git"];
|
|
12304
|
+
if (projectRepo.includes("github.com")) {
|
|
12305
|
+
projectRepo = projectRepo.replace(
|
|
12306
|
+
"github.com",
|
|
12307
|
+
"raw.githubusercontent.com",
|
|
12308
|
+
);
|
|
12309
|
+
}
|
|
12310
|
+
if (projectRepo.endsWith(".git")) {
|
|
12311
|
+
projectRepo = projectRepo.substring(0, projectRepo.length - 4);
|
|
12312
|
+
}
|
|
12313
|
+
const projectRepoBranchOrTag = externalPod[":tag"]
|
|
12314
|
+
? `tags/${externalPod[":tag"]}`
|
|
12315
|
+
: `heads/${externalPod[":branch"] ? externalPod[":branch"] : "<DEFAULT>"}`;
|
|
12250
12316
|
dependency.metadata.properties = [
|
|
12251
|
-
{
|
|
12252
|
-
name: "cdx:pods:projectDir",
|
|
12253
|
-
value: dirname(podspecLocation),
|
|
12254
|
-
},
|
|
12255
12317
|
{
|
|
12256
12318
|
name: "cdx:pods:podspecLocation",
|
|
12257
|
-
value:
|
|
12319
|
+
value: `${projectRepo}/refs/${projectRepoBranchOrTag}/${podName}.podspec`,
|
|
12258
12320
|
},
|
|
12259
12321
|
];
|
|
12260
|
-
} else {
|
|
12322
|
+
} else if (externalPod[":path"]) {
|
|
12261
12323
|
const projectLocation = resolve(projectPath, externalPod[":path"]);
|
|
12262
12324
|
dependency.metadata.properties = [
|
|
12263
12325
|
{
|
|
@@ -12275,6 +12337,18 @@ export async function parsePodfileLock(podfileLock, projectPath) {
|
|
|
12275
12337
|
value: podspec,
|
|
12276
12338
|
});
|
|
12277
12339
|
}
|
|
12340
|
+
} else if (externalPod[":podspec"]) {
|
|
12341
|
+
const podspecLocation = resolve(projectPath, externalPod[":podspec"]);
|
|
12342
|
+
dependency.metadata.properties = [
|
|
12343
|
+
{
|
|
12344
|
+
name: "cdx:pods:projectDir",
|
|
12345
|
+
value: dirname(podspecLocation),
|
|
12346
|
+
},
|
|
12347
|
+
{
|
|
12348
|
+
name: "cdx:pods:podspecLocation",
|
|
12349
|
+
value: podspecLocation,
|
|
12350
|
+
},
|
|
12351
|
+
];
|
|
12278
12352
|
}
|
|
12279
12353
|
}
|
|
12280
12354
|
dependencies.set(dependency.metadata.name, dependency);
|
|
@@ -12533,70 +12607,93 @@ export async function buildObjectForCocoaPod(
|
|
|
12533
12607
|
component["purl"] = purl;
|
|
12534
12608
|
component["bom-ref"] = decodeURIComponent(purl);
|
|
12535
12609
|
if (options && !["false", "0"].includes(process.env.COCOA_FULL_SCAN)) {
|
|
12536
|
-
fullScanCocoaPod(dependency, component, options);
|
|
12610
|
+
await fullScanCocoaPod(dependency, component, options);
|
|
12537
12611
|
}
|
|
12538
12612
|
}
|
|
12539
12613
|
return component;
|
|
12540
12614
|
}
|
|
12541
12615
|
|
|
12542
|
-
function fullScanCocoaPod(dependency, component, options) {
|
|
12616
|
+
async function fullScanCocoaPod(dependency, component, options) {
|
|
12543
12617
|
let result;
|
|
12544
12618
|
if (
|
|
12545
|
-
component.properties?.find(
|
|
12619
|
+
component.properties?.find(
|
|
12620
|
+
({ name }) => name === "cdx:pods:podspecLocation",
|
|
12621
|
+
)
|
|
12546
12622
|
) {
|
|
12623
|
+
let podspecLocation = component.properties.find(
|
|
12624
|
+
({ name }) => name === "cdx:pods:podspecLocation",
|
|
12625
|
+
).value;
|
|
12547
12626
|
if (
|
|
12548
|
-
component.properties.find(
|
|
12549
|
-
({ name }) => name === "cdx:pods:podspecLocation",
|
|
12550
|
-
)
|
|
12627
|
+
component.properties.find(({ name }) => name === "cdx:pods:projectDir")
|
|
12551
12628
|
) {
|
|
12552
|
-
let podspecLocation = component.properties.find(
|
|
12553
|
-
({ name }) => name === "cdx:pods:podspecLocation",
|
|
12554
|
-
).value;
|
|
12555
12629
|
component.properties.push({
|
|
12556
12630
|
name: "SrcFile",
|
|
12557
12631
|
value: podspecLocation,
|
|
12558
12632
|
});
|
|
12559
|
-
|
|
12560
|
-
|
|
12561
|
-
|
|
12562
|
-
|
|
12563
|
-
|
|
12564
|
-
|
|
12565
|
-
|
|
12566
|
-
|
|
12567
|
-
|
|
12568
|
-
|
|
12569
|
-
|
|
12570
|
-
|
|
12571
|
-
|
|
12572
|
-
|
|
12573
|
-
|
|
12574
|
-
|
|
12575
|
-
|
|
12576
|
-
|
|
12577
|
-
|
|
12578
|
-
|
|
12579
|
-
|
|
12580
|
-
|
|
12581
|
-
|
|
12582
|
-
|
|
12583
|
-
|
|
12584
|
-
|
|
12585
|
-
|
|
12586
|
-
|
|
12587
|
-
|
|
12633
|
+
}
|
|
12634
|
+
let replacements = [];
|
|
12635
|
+
if (
|
|
12636
|
+
podspecLocation.endsWith(".podspec") &&
|
|
12637
|
+
process.env.COCOA_PODSPEC_REPLACEMENTS
|
|
12638
|
+
) {
|
|
12639
|
+
replacements = process.env.COCOA_PODSPEC_REPLACEMENTS.split(";");
|
|
12640
|
+
} else if (
|
|
12641
|
+
podspecLocation.endsWith(".json") &&
|
|
12642
|
+
process.env.COCOA_PODSPEC_JSON_REPLACEMENTS
|
|
12643
|
+
) {
|
|
12644
|
+
replacements = process.env.COCOA_PODSPEC_JSON_REPLACEMENTS.split(";");
|
|
12645
|
+
}
|
|
12646
|
+
if (replacements || podspecLocation.startsWith("http")) {
|
|
12647
|
+
let podspecContent;
|
|
12648
|
+
if (podspecLocation.startsWith("http")) {
|
|
12649
|
+
let httpResult;
|
|
12650
|
+
for (const branchName of ["main", "master"]) {
|
|
12651
|
+
try {
|
|
12652
|
+
httpResult = await cdxgenAgent.get(
|
|
12653
|
+
podspecLocation.replace("<DEFAULT>", branchName),
|
|
12654
|
+
);
|
|
12655
|
+
podspecLocation = podspecLocation.replace("<DEFAULT>", branchName);
|
|
12656
|
+
} catch (err) {
|
|
12657
|
+
try {
|
|
12658
|
+
httpResult = await cdxgenAgent.get(
|
|
12659
|
+
`${podspecLocation.replace("<DEFAULT>", branchName)}.json`,
|
|
12660
|
+
);
|
|
12661
|
+
podspecLocation = `${podspecLocation.replace("<DEFAULT>", branchName)}.json`;
|
|
12662
|
+
} catch (err) {
|
|
12663
|
+
continue;
|
|
12664
|
+
}
|
|
12665
|
+
}
|
|
12666
|
+
component.properties.find(
|
|
12667
|
+
({ name }) => name === "cdx:pods:podspecLocation",
|
|
12668
|
+
).value = podspecLocation;
|
|
12669
|
+
podspecLocation = `${randomUUID()}.${podspecLocation.substring(podspecLocation.lastIndexOf(".") + 1)}`;
|
|
12670
|
+
podspecContent = httpResult.body;
|
|
12671
|
+
break;
|
|
12672
|
+
}
|
|
12673
|
+
} else {
|
|
12674
|
+
podspecContent = readFileSync(podspecLocation, "utf-8");
|
|
12588
12675
|
}
|
|
12589
|
-
|
|
12590
|
-
|
|
12591
|
-
|
|
12592
|
-
|
|
12593
|
-
|
|
12594
|
-
|
|
12595
|
-
|
|
12596
|
-
|
|
12676
|
+
for (const replacement of replacements) {
|
|
12677
|
+
const replacementPair = replacement.split("=");
|
|
12678
|
+
let match = replacementPair[0].replaceAll("<NEWLINE>", "\n");
|
|
12679
|
+
if (match.startsWith("/") && match.endsWith("/")) {
|
|
12680
|
+
match = new RegExp(match.substring(1, match.length - 1), "g");
|
|
12681
|
+
}
|
|
12682
|
+
const repl = replacementPair[1].replaceAll("<NEWLINE>", "\n");
|
|
12683
|
+
podspecContent = podspecContent.replaceAll(match, repl);
|
|
12684
|
+
}
|
|
12685
|
+
podspecLocation = join(
|
|
12686
|
+
dirname(podspecLocation),
|
|
12687
|
+
`${randomUUID()}.${podspecLocation.substring(podspecLocation.lastIndexOf(".") + 1)}`,
|
|
12597
12688
|
);
|
|
12598
|
-
|
|
12689
|
+
writeFileSync(podspecLocation, podspecContent);
|
|
12690
|
+
temporaryFiles.add(podspecLocation);
|
|
12599
12691
|
}
|
|
12692
|
+
result = executePodCommand(
|
|
12693
|
+
["ipc", "spec", "--silent", podspecLocation],
|
|
12694
|
+
undefined,
|
|
12695
|
+
options,
|
|
12696
|
+
);
|
|
12600
12697
|
} else {
|
|
12601
12698
|
let dependencyName = dependency.name;
|
|
12602
12699
|
if (dependencyName.includes("/")) {
|
|
@@ -12605,7 +12702,13 @@ function fullScanCocoaPod(dependency, component, options) {
|
|
|
12605
12702
|
const srcFileProperty = {
|
|
12606
12703
|
name: "SrcFile",
|
|
12607
12704
|
value: executePodCommand(
|
|
12608
|
-
[
|
|
12705
|
+
[
|
|
12706
|
+
"spec",
|
|
12707
|
+
"which",
|
|
12708
|
+
`^${dependencyName}$`,
|
|
12709
|
+
"--regex",
|
|
12710
|
+
`--version=${dependency.version}`,
|
|
12711
|
+
],
|
|
12609
12712
|
undefined,
|
|
12610
12713
|
options,
|
|
12611
12714
|
).stdout.trim(),
|
|
@@ -12616,7 +12719,13 @@ function fullScanCocoaPod(dependency, component, options) {
|
|
|
12616
12719
|
component.properties = [srcFileProperty];
|
|
12617
12720
|
}
|
|
12618
12721
|
result = executePodCommand(
|
|
12619
|
-
[
|
|
12722
|
+
[
|
|
12723
|
+
"spec",
|
|
12724
|
+
"cat",
|
|
12725
|
+
`^${dependencyName}$`,
|
|
12726
|
+
"--regex",
|
|
12727
|
+
`--version=${dependency.version}`,
|
|
12728
|
+
],
|
|
12620
12729
|
undefined,
|
|
12621
12730
|
options,
|
|
12622
12731
|
);
|
|
@@ -14418,7 +14527,7 @@ export function parseCmakeLikeFile(cmakeListFile, pkgType, options = {}) {
|
|
|
14418
14527
|
props.push({
|
|
14419
14528
|
name: eprop,
|
|
14420
14529
|
value: Array.isArray(awrap[eprop])
|
|
14421
|
-
? awrap[eprop].join("
|
|
14530
|
+
? awrap[eprop].join("|")
|
|
14422
14531
|
: awrap[eprop],
|
|
14423
14532
|
});
|
|
14424
14533
|
}
|
|
@@ -14721,10 +14830,11 @@ export function getCppModules(src, options, osPkgsList, epkgList) {
|
|
|
14721
14830
|
!v.includes("anonymous_") &&
|
|
14722
14831
|
!v.includes(afile),
|
|
14723
14832
|
)
|
|
14833
|
+
.map((v) => v.split(":")[0])
|
|
14724
14834
|
.sort();
|
|
14725
14835
|
if (!apkg["properties"] && usymbols.length) {
|
|
14726
14836
|
apkg["properties"] = [
|
|
14727
|
-
{ name: "ImportedSymbols", value: usymbols.join("
|
|
14837
|
+
{ name: "ImportedSymbols", value: usymbols.join("|") },
|
|
14728
14838
|
];
|
|
14729
14839
|
} else {
|
|
14730
14840
|
apkg["properties"] = [];
|
|
@@ -14734,16 +14844,16 @@ export function getCppModules(src, options, osPkgsList, epkgList) {
|
|
|
14734
14844
|
for (const prop of apkg["properties"]) {
|
|
14735
14845
|
if (prop.name === "ImportedSymbols") {
|
|
14736
14846
|
symbolsPropertyFound = true;
|
|
14737
|
-
let existingSymbols = prop.value.split("
|
|
14847
|
+
let existingSymbols = prop.value.split("|");
|
|
14738
14848
|
existingSymbols = existingSymbols.concat(usymbols);
|
|
14739
|
-
prop.value = Array.from(new Set(existingSymbols)).sort().join("
|
|
14849
|
+
prop.value = Array.from(new Set(existingSymbols)).sort().join("|");
|
|
14740
14850
|
}
|
|
14741
14851
|
newProps.push(prop);
|
|
14742
14852
|
}
|
|
14743
14853
|
if (!symbolsPropertyFound && usymbols.length) {
|
|
14744
14854
|
apkg["properties"].push({
|
|
14745
14855
|
name: "ImportedSymbols",
|
|
14746
|
-
value: usymbols.join("
|
|
14856
|
+
value: usymbols.join("|"),
|
|
14747
14857
|
});
|
|
14748
14858
|
}
|
|
14749
14859
|
apkg["properties"] = newProps;
|
|
@@ -2,8 +2,8 @@ import { Buffer } from "node:buffer";
|
|
|
2
2
|
import { readFileSync } from "node:fs";
|
|
3
3
|
import path from "node:path";
|
|
4
4
|
import { afterAll, beforeAll, describe, expect, test } from "@jest/globals";
|
|
5
|
-
import { load as loadYaml } from "js-yaml";
|
|
6
5
|
import { parse } from "ssri";
|
|
6
|
+
import { parse as loadYaml } from "yaml";
|
|
7
7
|
import {
|
|
8
8
|
buildObjectForCocoaPod,
|
|
9
9
|
buildObjectForGradleModule,
|
|
@@ -56,6 +56,7 @@ import {
|
|
|
56
56
|
parseGoModData,
|
|
57
57
|
parseGoModGraph,
|
|
58
58
|
parseGoModWhy,
|
|
59
|
+
parseGoModulesTxt,
|
|
59
60
|
parseGoVersionData,
|
|
60
61
|
parseGopkgData,
|
|
61
62
|
parseGosumData,
|
|
@@ -1178,6 +1179,7 @@ describe("go data with vcs", () => {
|
|
|
1178
1179
|
}, 120000);
|
|
1179
1180
|
|
|
1180
1181
|
test("parseGoModData", async () => {
|
|
1182
|
+
process.env.GO_FETCH_VCS = "false";
|
|
1181
1183
|
let retMap = await parseGoModData(null);
|
|
1182
1184
|
expect(retMap).toEqual({});
|
|
1183
1185
|
const gosumMap = {
|
|
@@ -1196,6 +1198,8 @@ describe("go data with vcs", () => {
|
|
|
1196
1198
|
gosumMap,
|
|
1197
1199
|
);
|
|
1198
1200
|
expect(retMap.pkgList.length).toEqual(6);
|
|
1201
|
+
// Doesn't reliably work in CI/CD due to rate limiting.
|
|
1202
|
+
/*
|
|
1199
1203
|
expect(retMap.pkgList).toEqual([
|
|
1200
1204
|
{
|
|
1201
1205
|
group: "",
|
|
@@ -1280,6 +1284,7 @@ describe("go data with vcs", () => {
|
|
|
1280
1284
|
],
|
|
1281
1285
|
},
|
|
1282
1286
|
]);
|
|
1287
|
+
*/
|
|
1283
1288
|
|
|
1284
1289
|
retMap.pkgList.forEach((d) => {
|
|
1285
1290
|
expect(d.license);
|
|
@@ -1311,6 +1316,24 @@ describe("go data with vcs", () => {
|
|
|
1311
1316
|
}, 120000);
|
|
1312
1317
|
});
|
|
1313
1318
|
|
|
1319
|
+
describe("go vendor modules tests", () => {
|
|
1320
|
+
test("parseGoModulesTxt", async () => {
|
|
1321
|
+
const gosumMap = {
|
|
1322
|
+
"cel.dev/expr@v0.18.0":
|
|
1323
|
+
"sha256-CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo=",
|
|
1324
|
+
"github.com/AdaLogics/go-fuzz-headers@v0.0.0-20230811130428-ced1acdcaa24":
|
|
1325
|
+
"sha256-bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=",
|
|
1326
|
+
"github.com/Azure/go-ansiterm@v0.0.0-20230124172434-306776ec8161":
|
|
1327
|
+
"sha256-L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=",
|
|
1328
|
+
};
|
|
1329
|
+
const pkgList = await parseGoModulesTxt(
|
|
1330
|
+
"./test/data/modules.txt",
|
|
1331
|
+
gosumMap,
|
|
1332
|
+
);
|
|
1333
|
+
expect((await pkgList).length).toEqual(212);
|
|
1334
|
+
});
|
|
1335
|
+
});
|
|
1336
|
+
|
|
1314
1337
|
describe("go data with licenses", () => {
|
|
1315
1338
|
beforeAll(() => {
|
|
1316
1339
|
process.env.FETCH_LICENSE = "true";
|
|
@@ -2447,7 +2470,7 @@ test("parse github actions workflow data", () => {
|
|
|
2447
2470
|
let dep_list = parseGitHubWorkflowData(
|
|
2448
2471
|
readFileSync("./.github/workflows/nodejs.yml", { encoding: "utf-8" }),
|
|
2449
2472
|
);
|
|
2450
|
-
expect(dep_list.length).toEqual(
|
|
2473
|
+
expect(dep_list.length).toEqual(7);
|
|
2451
2474
|
expect(dep_list[0]).toEqual({
|
|
2452
2475
|
group: "actions",
|
|
2453
2476
|
name: "checkout",
|
|
@@ -3779,8 +3802,8 @@ test("parsePnpmLock", async () => {
|
|
|
3779
3802
|
expect(parsedList.dependenciesList).toHaveLength(462);
|
|
3780
3803
|
expect(parsedList.pkgList.filter((pkg) => !pkg.scope)).toHaveLength(3);
|
|
3781
3804
|
parsedList = await parsePnpmLock("./pnpm-lock.yaml");
|
|
3782
|
-
expect(parsedList.pkgList.length).toEqual(
|
|
3783
|
-
expect(parsedList.dependenciesList.length).toEqual(
|
|
3805
|
+
expect(parsedList.pkgList.length).toEqual(624);
|
|
3806
|
+
expect(parsedList.dependenciesList.length).toEqual(624);
|
|
3784
3807
|
expect(parsedList.pkgList[0]).toEqual({
|
|
3785
3808
|
group: "@ampproject",
|
|
3786
3809
|
name: "remapping",
|
package/lib/managers/docker.js
CHANGED
|
@@ -0,0 +1,66 @@
|
|
|
1
|
+
import { Buffer } from "node:buffer";
|
|
2
|
+
import { spawnSync } from "node:child_process";
|
|
3
|
+
import fs from "node:fs";
|
|
4
|
+
import { MAX_BUFFER, getAllFiles, getTmpDir, isWin } from "../helpers/utils.js";
|
|
5
|
+
|
|
6
|
+
export function getBomWithOras(image) {
|
|
7
|
+
let result = spawnSync(
|
|
8
|
+
"oras",
|
|
9
|
+
[
|
|
10
|
+
"discover",
|
|
11
|
+
"--format",
|
|
12
|
+
"json",
|
|
13
|
+
"--artifact-type",
|
|
14
|
+
"sbom/cyclonedx",
|
|
15
|
+
image,
|
|
16
|
+
],
|
|
17
|
+
{
|
|
18
|
+
encoding: "utf-8",
|
|
19
|
+
shell: isWin,
|
|
20
|
+
maxBuffer: MAX_BUFFER,
|
|
21
|
+
},
|
|
22
|
+
);
|
|
23
|
+
if (result.status !== 0 || result.error) {
|
|
24
|
+
console.log(
|
|
25
|
+
"Install oras by following the instructions at: https://oras.land/docs/installation",
|
|
26
|
+
);
|
|
27
|
+
if (result.stderr) {
|
|
28
|
+
console.log(result.stderr);
|
|
29
|
+
}
|
|
30
|
+
return undefined;
|
|
31
|
+
}
|
|
32
|
+
if (result.stdout) {
|
|
33
|
+
const out = Buffer.from(result.stdout).toString();
|
|
34
|
+
try {
|
|
35
|
+
const manifestObj = JSON.parse(out);
|
|
36
|
+
if (
|
|
37
|
+
manifestObj?.manifests?.length &&
|
|
38
|
+
Array.isArray(manifestObj.manifests) &&
|
|
39
|
+
manifestObj.manifests[0]?.reference
|
|
40
|
+
) {
|
|
41
|
+
const imageRef = manifestObj.manifests[0].reference;
|
|
42
|
+
const tmpDir = getTmpDir();
|
|
43
|
+
result = spawnSync("oras", ["pull", imageRef, "-o", tmpDir], {
|
|
44
|
+
encoding: "utf-8",
|
|
45
|
+
shell: isWin,
|
|
46
|
+
maxBuffer: MAX_BUFFER,
|
|
47
|
+
});
|
|
48
|
+
if (result.status !== 0 || result.error) {
|
|
49
|
+
console.log(
|
|
50
|
+
`Unable to pull the SBOM attachment for ${imageRef} with oras!`,
|
|
51
|
+
);
|
|
52
|
+
return undefined;
|
|
53
|
+
}
|
|
54
|
+
const bomFiles = getAllFiles(tmpDir, "**/*.{bom,cdx}.json");
|
|
55
|
+
if (bomFiles.length) {
|
|
56
|
+
return JSON.parse(fs.readFileSync(bomFiles.pop(), "utf8"));
|
|
57
|
+
}
|
|
58
|
+
} else {
|
|
59
|
+
console.log(`${image} does not contain any SBOM attachment!`);
|
|
60
|
+
}
|
|
61
|
+
} catch (e) {
|
|
62
|
+
console.log(e);
|
|
63
|
+
}
|
|
64
|
+
}
|
|
65
|
+
return undefined;
|
|
66
|
+
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "11.3.
|
|
3
|
+
"version": "11.3.2",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|
|
@@ -74,7 +74,7 @@
|
|
|
74
74
|
"@babel/parser": "^7.27.2",
|
|
75
75
|
"@babel/traverse": "^7.27.1",
|
|
76
76
|
"@iarna/toml": "2.2.5",
|
|
77
|
-
"@npmcli/arborist": "9.0
|
|
77
|
+
"@npmcli/arborist": "^9.1.0",
|
|
78
78
|
"ajv": "^8.17.1",
|
|
79
79
|
"ajv-formats": "^3.0.1",
|
|
80
80
|
"cheerio": "^1.0.0",
|
|
@@ -84,7 +84,6 @@
|
|
|
84
84
|
"global-agent": "^3.0.0",
|
|
85
85
|
"got": "^14.4.7",
|
|
86
86
|
"iconv-lite": "^0.6.3",
|
|
87
|
-
"js-yaml": "^4.1.0",
|
|
88
87
|
"jws": "^4.0.0",
|
|
89
88
|
"node-stream-zip": "^1.15.0",
|
|
90
89
|
"packageurl-js": "1.0.2",
|
|
@@ -97,6 +96,7 @@
|
|
|
97
96
|
"uuid": "^11.0.2",
|
|
98
97
|
"validate-iri": "^1.0.1",
|
|
99
98
|
"xml-js": "^1.6.11",
|
|
99
|
+
"yaml": "^2.8.0",
|
|
100
100
|
"yargs": "^17.7.2",
|
|
101
101
|
"yoctocolors": "^2.1.1"
|
|
102
102
|
},
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AA47BA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAqYD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAyEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAgvChB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAmvBhB;AAED;;;;;;;;;;GAUG;AACH,+DAsEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAkehB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BAqZhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAuIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAkEhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAkLhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BA8IhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BAmJhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAmUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAiJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAwNhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA8ZhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDAiGC;AAED;;;;;;;;;GASG;AACH,2GAuCC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BA6vBlB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAqUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBA2QhB;AAED;;;;;;;GAOG;AACH,wDAHY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAAC,CA2HjD"}
|
|
@@ -575,6 +575,7 @@ export function getGoPkgComponent(group: any, name: any, version: any, hash: any
|
|
|
575
575
|
* @returns {Object} Object containing parent component, rootList and packages list
|
|
576
576
|
*/
|
|
577
577
|
export function parseGoModData(goModData: string, gosumMap: any): any;
|
|
578
|
+
export function parseGoModulesTxt(txtFile: any, gosumMap: any): Promise<any[]>;
|
|
578
579
|
/**
|
|
579
580
|
* Parse go list output
|
|
580
581
|
*
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/utils.js"],"names":[],"mappings":"AA8EA;;;;;GAKG;AACH,0DAUC;AAED;;;;;;GAMG;AACH,yDAHmB,OAAO,UAazB;AAmFD,8CAKC;AAED,0CAIC;AAsBD,yCAYC;AAID,2CAQC;AAiOD;;;;;;;GAOG;AACH,4EAiBC;AAED;;;;;;GAMG;AACH,mGA2EC;AAED;;;;;;;;GAQG;AACH,yGAeC;AAyBD;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,2BA8BhB;AAED;;;;;;GAMG;AACH,+CAJW,MAAM,WACN,MAAM,+BA0BhB;AAYD;;;;GAIG;AACH,gCAFa,MAAM,CAIlB;AAED,iCAQC;AAED;;;;;;IAMI;AACJ,iDAJW,MAAM,GACJ,OAAO,CAWnB;AAED;;;;;;;;;GASG;AACH,iEA2BC;AAED;;;;;GAKG;AACH,6CAqDC;AAED;;;;;;GAMG;AACH,sEA0DC;AAED;;;;GAIG;AACH,4EAoCC;AAED;;;GAGG;AACH;;EAUC;AAED,sEA0BC;AAED;;;;GAIG;AACH,+DA4CC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,WACN,OAAO,kBA+EjB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM;;;GAqgBhB;AAED;;;;;;;GAOG;AACH,6CAFW,MAAM,MA2DhB;AAgCD;;;;GAIG;AACH,4CAFW,MAAM;;;GAuOhB;AAED;;;;GAIG;AACH,4CAFW,MAAM,kBAiEhB;AAoHD;;;;;GAKG;AACH,kDAHW,MAAM,GACJ,MAAM,CAgBlB;AAED;;;;;;;;;;GAUG;AACH,wCARW,MAAM;;;;;;;;;;;;;;;;;;GA6uBhB;AAED;;;;GAIG;AACH,8CAFW,MAAM,kBA+ChB;AAED;;;;GAIG;AACH,sCAFW,MAAM,kBAgFhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,OAqIhB;AAED;;;;;;GAMG;AACH,0CALW,MAAM,WACN,MAAM,OA+JhB;AAED;;;;;;;;;GASG;AACH,4CAPW,MAAM,gBACN,GAAG,aACH,GAAG,gBACH,MAAM,OA+GhB;AAiBD;;;;;;GAMG;AACH,0CALW,MAAM,oBACN,MAAM,kBACN,GAAG,mBACH,MAAM;;;;;;;;;GA6OhB;AAED;;;GAGG;AACH,uCAFW,MAAM,SAoChB;AAED;;;GAGG;AACH,wCAFW,MAAM,OAahB;AAED,yEAwBC;AAED;;;;GAIG;AACH,+CAFW,MAAM;;;EAwDhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBACN,MAAM;;;;;;;;EAmDhB;AAED;;;;;;;;GAQG;AACH,qDANW,MAAM,6CAIJ,MAAM,CAoFlB;AAED;;;GAGG;AACH,iDAFW,MAAM,SAoChB;AAED;;;GAGG;AACH,8CAFW,MAAM,SAsDhB;AAED;;;GAGG;AACH,2CAFW,MAAM,SAiBhB;AAED;;GAEG;AACH,kDAoCC;AAED;;;;GAIG;AACH,oCAFW,MAAM,OAchB;AAED;;;;GAIG;AACH,wCAFW,MAAM,OAYhB;AAED;;;;;;;;GAQG;AACH,2FA0GC;AAED;;;;;;;;;GASG;AACH,sFAGC;AAED;;;;;;;;;GASG;AACH,gFAFY,MAAO,SAAS,CA6B3B;AAED;;;;;;;;;GASG;AACH,0EAFY,OAAO,QAAQ,CAU1B;AAED;;;;GAIG;AACH,4DAFW,WAAY,SAYtB;AAED;;;;;;;;;GASG;AACH,+FAFY,OAAO,QAAQ,CAc1B;AAED;;;;GAIG;AACH;;;EAqBC;AAED;;;;;GAKG;AACH,iFAFW,GAAC,OA0BX;AAED;;;;;GAKG;AACH,sFAsNC;AAED;;;;GAIG;AACH,qDAmBC;AAED;;;;GAIG;AACH,gEAeC;AAED;;;;;GAKG;AACH,iDAHW,MAAM,OAoLhB;AAED;;;;;;GAMG;AACH,yDAHW,MAAM,iBACN,MAAM;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/utils.js"],"names":[],"mappings":"AA8EA;;;;;GAKG;AACH,0DAUC;AAED;;;;;;GAMG;AACH,yDAHmB,OAAO,UAazB;AAmFD,8CAKC;AAED,0CAIC;AAsBD,yCAYC;AAID,2CAQC;AAiOD;;;;;;;GAOG;AACH,4EAiBC;AAED;;;;;;GAMG;AACH,mGA2EC;AAED;;;;;;;;GAQG;AACH,yGAeC;AAyBD;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,2BA8BhB;AAED;;;;;;GAMG;AACH,+CAJW,MAAM,WACN,MAAM,+BA0BhB;AAYD;;;;GAIG;AACH,gCAFa,MAAM,CAIlB;AAED,iCAQC;AAED;;;;;;IAMI;AACJ,iDAJW,MAAM,GACJ,OAAO,CAWnB;AAED;;;;;;;;;GASG;AACH,iEA2BC;AAED;;;;;GAKG;AACH,6CAqDC;AAED;;;;;;GAMG;AACH,sEA0DC;AAED;;;;GAIG;AACH,4EAoCC;AAED;;;GAGG;AACH;;EAUC;AAED,sEA0BC;AAED;;;;GAIG;AACH,+DA4CC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,WACN,OAAO,kBA+EjB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM;;;GAqgBhB;AAED;;;;;;;GAOG;AACH,6CAFW,MAAM,MA2DhB;AAgCD;;;;GAIG;AACH,4CAFW,MAAM;;;GAuOhB;AAED;;;;GAIG;AACH,4CAFW,MAAM,kBAiEhB;AAoHD;;;;;GAKG;AACH,kDAHW,MAAM,GACJ,MAAM,CAgBlB;AAED;;;;;;;;;;GAUG;AACH,wCARW,MAAM;;;;;;;;;;;;;;;;;;GA6uBhB;AAED;;;;GAIG;AACH,8CAFW,MAAM,kBA+ChB;AAED;;;;GAIG;AACH,sCAFW,MAAM,kBAgFhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,OAqIhB;AAED;;;;;;GAMG;AACH,0CALW,MAAM,WACN,MAAM,OA+JhB;AAED;;;;;;;;;GASG;AACH,4CAPW,MAAM,gBACN,GAAG,aACH,GAAG,gBACH,MAAM,OA+GhB;AAiBD;;;;;;GAMG;AACH,0CALW,MAAM,oBACN,MAAM,kBACN,GAAG,mBACH,MAAM;;;;;;;;;GA6OhB;AAED;;;GAGG;AACH,uCAFW,MAAM,SAoChB;AAED;;;GAGG;AACH,wCAFW,MAAM,OAahB;AAED,yEAwBC;AAED;;;;GAIG;AACH,+CAFW,MAAM;;;EAwDhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBACN,MAAM;;;;;;;;EAmDhB;AAED;;;;;;;;GAQG;AACH,qDANW,MAAM,6CAIJ,MAAM,CAoFlB;AAED;;;GAGG;AACH,iDAFW,MAAM,SAoChB;AAED;;;GAGG;AACH,8CAFW,MAAM,SAsDhB;AAED;;;GAGG;AACH,2CAFW,MAAM,SAiBhB;AAED;;GAEG;AACH,kDAoCC;AAED;;;;GAIG;AACH,oCAFW,MAAM,OAchB;AAED;;;;GAIG;AACH,wCAFW,MAAM,OAYhB;AAED;;;;;;;;GAQG;AACH,2FA0GC;AAED;;;;;;;;;GASG;AACH,sFAGC;AAED;;;;;;;;;GASG;AACH,gFAFY,MAAO,SAAS,CA6B3B;AAED;;;;;;;;;GASG;AACH,0EAFY,OAAO,QAAQ,CAU1B;AAED;;;;GAIG;AACH,4DAFW,WAAY,SAYtB;AAED;;;;;;;;;GASG;AACH,+FAFY,OAAO,QAAQ,CAc1B;AAED;;;;GAIG;AACH;;;EAqBC;AAED;;;;;GAKG;AACH,iFAFW,GAAC,OA0BX;AAED;;;;;GAKG;AACH,sFAsNC;AAED;;;;GAIG;AACH,qDAmBC;AAED;;;;GAIG;AACH,gEAeC;AAED;;;;;GAKG;AACH,iDAHW,MAAM,OAoLhB;AAED;;;;;;GAMG;AACH,yDAHW,MAAM,iBACN,MAAM;;;;;;;;;;;;;;;;;;;;GAmchB;AAED;;;;;GAKG;AACH,mFAgKC;AAED;;;;;;;GAOG;AACH,kCALW,MAAM;;;;;;;;GA4EhB;AAED;;;;GAIG;AACH,mEAqBC;AAeD;;;;;GAKG;AACH;;;;;;;;;EAkLC;AAED;;;;GAIG;AACH;;;;;;EAcC;AAED;;;;GAIG;AACH,+DAFY,SAAO,SAAS,CAc3B;AAED;;;;GAIG;AACH,uDAoBC;AAED;;;;GAIG;AACH,oDAFY,QAAQ,CAQnB;AAED;;;;;GAKG;AACH,oEAFY,SAAO,SAAS,CAc3B;AAED;;;;;;GAMG;AACH,oEAFY,OAAO,QAAQ,CA8D1B;AAED;;;;GAIG;AACH,iEA2CC;AA+BD;;;;;;;;GAkCC;AAyBD;;;;;;;GAOG;AACH,sEAgHC;AAED,+EAwBC;AAED;;;;;;GAMG;AACH,0CAJW,MAAM;;;;;;;;;;;GA4DhB;AA4BD;;;;;;;;;;GAUG;AACH,2CARW,MAAM,aACN,MAAM;;;;;;;;GAkMhB;AAED;;;;GAIG;AACH,yCAHW,MAAM,OAehB;AAED;;;;GAIG;AACH,0CAHW,MAAM,kBAsBhB;AAED,+DA+CC;AAED,uEAwBC;AA6BD;;;;GAIG;AACH,oEAmGC;AAMD;;;;GAIG;AACH,sDAsBC;AAED;;;;;;;;;;GAUG;AACH,uIAFa,KAAK,CAAC,MAAM,CAAC,CA0IzB;AAED;;;;;GAKG;AACH,8CAHW,MAAM,eACN,MAAM,kBAwKhB;AAED;;;;;GAKG;AACH,kDAHW,MAAM,YACN,MAAM;;;;;;;GAoQhB;AAED;;;;GAIG;AACH,kEAqEC;AAED;;;;GAIG;AACH,gEA+CC;AAyFD;;;;;;;;;;;;;;;;;GAiBG;AACH,mEALW,OAAO,4BAuIjB;AAED;;;;;;;;GAQG;AACH,+DALW,OAAO,4BA4GjB;AAED,oEAyDC;AAED,wEA0BC;AAED;;;;;;;GAOG;AACH,uEAgEC;AAED,0DAwBC;AAED,wDA+DC;AAED,0FAkEC;AAmBD;;IAiEC;AAED;;IA2DC;AAED,2DAiEC;AAED,yDAaC;AAaD,gDA+EC;AAED,yDAkDC;AAED,sDA0BC;AAED,sDAyBC;AAED,6DAwCC;AAED,yDAmCC;AAyCD,qFA2HC;AAED,8DA0BC;AAED,sDAiCC;AAED,yDAgCC;AAED,qDAkDC;AAED;;;;;GAKG;AACH,mDASC;AAED;;;;;;GAMG;AACH,4EAyJC;AAED,kEAoDC;AAED;;;;;;;;GAQG;AACH,kGAiVC;AAED;;;EAqPC;AAED;;;;EAsHC;AAED;;;EA+GC;AAED;;;;;;GAMG;AACH,oDAJW,MAAM,OAsChB;AAED;;;;;GAKG;AACH,+CAHW,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAsJhB;AAED;;;;;;EAmIC;AAED;;;;GAIG;AACH,0CAFW,MAAM;;;;;;;;;;;;;;;;;;;;;IAqDhB;AAmBD;;;;;GAKG;AACH,yCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,wCAHW,MAAM,YAchB;AAED;;;;;GAKG;AACH,wCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,yCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM,YAQhB;AAED;;;;;;;GAOG;AACH,qDALW,MAAM;;;;;;;;;;IAgJhB;AA0CD;;;;;;;GAOG;AACH,8FAHW,MAAM,WACN,MAAM,UAqFhB;AAED;;;;GAIG;AACH,8CAHW,MAAM,WACN,MAAM;;;;;;;;EAuBhB;AAED;;;GAGG;AACH,iDAFW,MAAM;;;;;;;;;;;;;;;;;;;;;IAwDhB;AAED;;;;;;;GAOG;AACH,iDALW,MAAM,YACN,MAAM,YACN,OAAO,oBACP,OAAO,eA6DjB;AAED,wIA+BC;AAED;;;;;;;GAOG;AACH,sCALW,MAAM,eACN,MAAM,eA8JhB;AAED;;;;;;;;;;;;;;;;;;;;;;IA6DC;AAED;;;;;;GAMG;AACH,kDA8BC;AAED,uDAeC;AAED,2DAeC;AAED,2CAIC;AAED;;;;;;GAMG;AACH,uDAJW,MAAM,MAgBhB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,QACN,MAAM,GACJ,OAAO,QAAQ,CAU3B;AAED;;;;;;GAMG;AACH,yDAHW,MAAM,GACJ,OAAO,KAAQ,CAkB3B;AAED;;;;;;;;GAQG;AACH,2CANW,MAAM,WACN,MAAM,iBACN,MAAM,kBA2UhB;AAED;;;;;;;GAOG;AACH,iDAFW,MAAM,OAehB;AAED;;;;;;;;;;;GAWG;AACH,uCAHW,MAAM,UACN,MAAM,UAYhB;AAED;;;;;;GAMG;AACH,2CAHW,MAAM,uBACN,MAAM,WAgBhB;AAED;;;;GAIG;AACH,4CAFW,MAAM,UAIhB;AAED;;;;;;;;GAQG;AACH,sCANW,MAAM,eACN,MAAM,oBACN,MAAM,gBAgChB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,kBA2EhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM,GAAC,IAAI,UAiCrB;AAED;;;;GAIG;AACH,wCAFW,MAAM,UAehB;AAED;;;;;;;;;GASG;AACH,6DAPW,MAAM,EAAE,qBACR,MAAM,EAAE,6BACR,MAAM,EAAE,uBACR,GAAG,GAED,MAAM,EAAE,CA2CpB;AAcD;;;;;;GAMG;AAEH,uDALW,MAAM,iBACN,MAAM,EAAE,GACN,GAAG,CAsCf;AAED;;;;;;GAMG;AACH,uFA2IC;AAED;;;;;;GAMG;AACH,wGA6BC;AAED;;;;;;GAMG;AACH,4EAHW,OAAO,OAajB;AAED;;;;;;;GAOG;AACH,8CALW,QAAQ,mCA6ClB;AAED;;;;;;;GAOG;AACH,0FAgFC;AA2TD;;;;;;GAMG;AACH,iDAJW,MAAM,YACN,MAAM,GACJ,MAAM,CA6ClB;AAED;;;;;GAKG;AACH,yCAHW,MAAM,YACN,MAAM,UAsEhB;AAED;;GAEG;AACH,sCAmBC;AAED,0EAuGC;AAED;;;;;;;;GAQG;AACH,oCANW,MAAM,YACN,MAAM,gBACN,MAAM,eACN,MAAM,OA6ChB;AA2FD;;;;;GAKG;AACH,uCAHW,MAAM,sBAuDhB;AAED;;;;;;;;;GASG;AACH,2CAPW,MAAM,kBACN,MAAM,eACN,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA4chB;AAED;;;;;;;;;;;GAWG;AACH,gDAPW,MAAM,+BAEN,MAAM;;;;;;;;;;;;;;;;EA+KhB;AAGD;;;;;EAmBC;AAED;;;;;;;GAOG;AACH,kEAJW,MAAM,cACN,MAAM,iCA2IhB;AAED,qDASC;AAED;;;;;;;EA2GC;AAED;;;EAgQC;AAED,sEA6BC;AAED;;;;;;;GAOG;AACH,mCALW,MAAM,WACN,MAAM;;;;;;;EAwQhB;AAED;;;;;;GAMG;AACH,2CAHW,MAAM,OAKhB;AAED,qDA0CC;AAgID;;;;;GAKG;AACH;;;GA2HC;AAED,yEAiIC;AAED;;;;;;GAMG;AACH,mDAkBC;AAED;;;;;;;;;;GAUG;AACH,0DAkBC;AAED;;;;;;GAMG;AACH,sFAsBC;AAED;;;;;;;GAOG;AACH,2EAgCC;AAED;;;;;GAKG;AACH,oDAsCC;AAED;;;;;;GAMG;AACH,sEA0BC;AAED;;;;;;;;;GASG;AACH,+GA+CC;AAhreD,gCAEc;AAEd,+BAEsD;AAEtD,4BAA4C;AAC5C,4BAA6C;AAC7C,2BAAmE;AA2DnE,iCAEE;AA2BF,iCAE0C;AAG1C,gCACmE;AAGnE,gCACsE;AAGtE,8BAA+B;AAe/B,4CAEmE;AAGnE,6CAEE;AAgBF,oCAAkD;AAGlD,uCAEuD;AAYvD,8BAAyC;AAgBzC,gCAA6C;AAY7C,8BAAiC;AAIjC,4BAA6B;AAI7B,2BAA2B;AAI3B,4BAA6B;AAI7B,2BAA2B;AAI3B,6BAA+B;AAI/B,0BAAyB;AAIzB,6BAA+B;AAM/B,2BAA2B;AAK3B,4BAA6B;AAK7B,mCAAoC;AAOpC,gDAC2D;AAE3D,2BAAuD;AAGvD,kDAWE;AAGF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAiJE;;;;AA6JF,8BAQG;AAgiMH,8CAUE"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../lib/managers/docker.js"],"names":[],"mappings":"AAkFA;;GAEG;AACH,
|
|
1
|
+
{"version":3,"file":"docker.d.ts","sourceRoot":"","sources":["../../../lib/managers/docker.js"],"names":[],"mappings":"AAkFA;;GAEG;AACH,oCAsBC;AAED;;GAEG;AACH,4CA6CC;AAhID,4BAA6C;AAC7C,kCAAmC,WAAW,CAAC;AAmCxC,kDAeN;AAwFM,iCAHI,MAAM,WACN,MAAM,iDAehB;AAqBM,6DAmBN;AAgLM,4EAsGN;AAEM,oFAwBN;AAUM;;;;;;;;EA2EN;AAsBM,2DAuMN;AAgBM,yFAuGN;AAMM;;;;;;;;;;;;;;GAwDN;AAEM;;;;;;;;GAyGN;AAMM,4EA+IN;AAKM,4EA2GN;AAEM,+EAEN;AAEM,4EA2CN;AAEM,iFA0BN"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"oci.d.ts","sourceRoot":"","sources":["../../../lib/managers/oci.js"],"names":[],"mappings":"AAKA,gDA4DC"}
|