npm - @cyclonedx/cdxgen - Versions diffs - 12.1.1 → 12.1.3 - Mend

@cyclonedx/cdxgen 12.1.1 → 12.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/README.md +27 -9
package/bin/cdxgen.js +1 -1
package/data/spdx.schema.json +35 -2
package/data/templates/asvs-5.0.cdx.json +1727 -3471
package/lib/cli/index.js +32 -4
package/lib/evinser/evinser.js +2 -8
package/lib/helpers/display.js +1 -1
package/lib/helpers/envcontext.js +10 -2
package/lib/helpers/utils.js +487 -115
package/lib/helpers/utils.poku.js +200 -3
package/lib/helpers/validator.js +37 -3
package/lib/managers/binary.js +34 -12
package/lib/managers/containerutils.js +68 -0
package/lib/managers/docker.getConnection.poku.js +61 -0
package/lib/managers/docker.js +72 -119
package/lib/parsers/iri.js +1 -2
package/lib/server/server.js +164 -34
package/lib/server/server.poku.js +232 -10
package/lib/stages/postgen/annotator.js +281 -3
package/lib/stages/postgen/postgen.js +4 -7
package/lib/third-party/arborist/lib/diff.js +1 -1
package/lib/third-party/arborist/lib/node.js +1 -1
package/lib/third-party/arborist/lib/yarn-lock.js +1 -1
package/package.json +22 -326
package/types/bin/dependencies.d.ts.map +1 -1
package/types/bin/licenses.d.ts +3 -0
package/types/bin/licenses.d.ts.map +1 -0
package/types/lib/cli/index.d.ts.map +1 -1
package/types/lib/evinser/evinser.d.ts.map +1 -1
package/types/lib/helpers/envcontext.d.ts.map +1 -1
package/types/lib/helpers/utils.d.ts +1 -1
package/types/lib/helpers/utils.d.ts.map +1 -1
package/types/lib/helpers/validator.d.ts.map +1 -1
package/types/lib/managers/binary.d.ts.map +1 -1
package/types/lib/managers/containerutils.d.ts +3 -0
package/types/lib/managers/containerutils.d.ts.map +1 -0
package/types/lib/managers/docker.d.ts +0 -2
package/types/lib/managers/docker.d.ts.map +1 -1
package/types/lib/parsers/iri.d.ts.map +1 -1
package/types/lib/server/server.d.ts +14 -0
package/types/lib/server/server.d.ts.map +1 -1
package/types/lib/stages/postgen/annotator.d.ts.map +1 -1
package/types/lib/stages/postgen/postgen.d.ts.map +1 -1
package/bin/dependencies.js +0 -131
package/lib/helpers/dependencies.poku.js +0 -11

package/lib/cli/index.js CHANGED Viewed

@@ -3957,7 +3957,7 @@ export async function createPythonBom(path, options) {
       metadataFilename = reqDirFiles.join(", ");
     } else if (reqFiles?.length) {
       for (const f of reqFiles) {
-        const dlist = await parseReqFile(f, true);
+        const dlist = await parseReqFile(f, false);
         if (dlist?.length) {
           pkgList = pkgList.concat(dlist);
         }
@@ -4379,7 +4379,7 @@ export async function createGoBom(path, options) {
     ) {
       for (const f of sortedGomodFiles) {
         const basePath = dirname(f);
-        // Ignore vendor packages
+        // Ignore vendor packages and test fixtures
         if (
           basePath.includes("/vendor/") ||
           basePath.includes("/build/") ||
@@ -4391,13 +4391,14 @@ export async function createGoBom(path, options) {
         if (DEBUG_MODE) {
           console.log("Executing go list -deps in", basePath);
         }
+        // TODO: Replacing this with -json gives us more interesting data points such as GoFiles, Imports, and Deps
         let result = safeSpawnSync(
           "go",
           [
             "list",
             "-deps",
             "-f",
-            "'{{with .Module}}{{.Path}} {{.Version}} {{.Indirect}} {{.GoMod}} {{.GoVersion}} {{.Main}}{{end}}'",
+            "'{{with .Module}}{{.Path}}|{{.Version}}|{{.Indirect}}|{{.GoMod}}|{{.GoVersion}}|{{.Main}}|{{.Time}}|{{.Deprecated}}|{{.GoModSum}}|{{.Dir}}{{end}}'",
             "./...",
           ],
           {
@@ -6407,6 +6408,7 @@ export async function createRubyBom(path, options) {
   const gemLockExcludeList = (options.exclude || []).concat([
     "**/vendor/bundle/ruby/**/Gemfile.lock",
     "**/test/data/**/Gemfile*.lock",
+    "**/.rbenv/versions/**/Gemfile.lock",
   ]);
   if (!hasAnyProjectType(["oci"], options, false)) {
     excludeList.push("**/vendor/bundle/**");
@@ -6509,6 +6511,7 @@ export async function createRubyBom(path, options) {
     }
   }
   // Parsing .gemspec files would help us get more metadata such as description, authors, licenses etc
+  let rootGemspecComponent;
   if (gemspecFiles.length) {
     if (!gemLockFiles.length && !hasAnyProjectType(["oci"], options, false)) {
       console.log(
@@ -6522,8 +6525,33 @@ export async function createRubyBom(path, options) {
       if (gpkgList.length) {
         pkgList = pkgList.concat(gpkgList);
         pkgList = trimComponents(pkgList);
+        if (
+          !rootGemspecComponent &&
+          dirname(resolve(f)) === resolve(path) &&
+          gpkgList[0]?.name
+        ) {
+          rootGemspecComponent = gpkgList[0];
+        }
       }
     }
+    if (
+      rootGemspecComponent &&
+      !("project-name" in options) &&
+      options.projectName === undefined
+    ) {
+      parentComponent.name = rootGemspecComponent.name;
+      parentComponent.version = rootGemspecComponent.version || "latest";
+      const parentPurl = new PackageURL(
+        "gem",
+        parentComponent.group,
+        parentComponent.name,
+        parentComponent.version,
+        null,
+        null,
+      ).toString();
+      parentComponent["bom-ref"] = decodeURIComponent(parentPurl);
+      parentComponent["purl"] = parentPurl;
+    }
   }
   if (rootList.length) {
     dependencies = mergeDependencies(
@@ -7033,7 +7061,7 @@ export async function createCsharpBom(path, options) {
     }
   }
   // Parent dependency tree
-  if (parentDependsOn.size && parentComponent && parentComponent["bom-ref"]) {
+  if (parentDependsOn.size && parentComponent?.["bom-ref"]) {
     dependencies.splice(0, 0, {
       ref: parentComponent["bom-ref"],
       dependsOn: Array.from(parentDependsOn).sort(),

package/lib/evinser/evinser.js CHANGED Viewed

@@ -1248,8 +1248,7 @@ export function detectServicesFromUsages(language, slice, servicesMap = {}) {
 export function detectServicesFromUDT(language, userDefinedTypes, servicesMap) {
   if (
     ["python", "py", "c", "cpp", "c++", "php", "ruby"].includes(language) &&
-    userDefinedTypes &&
-    userDefinedTypes.length
+    userDefinedTypes?.length
   ) {
     for (const audt of userDefinedTypes) {
       if (
@@ -1270,12 +1269,7 @@ export function detectServicesFromUDT(language, userDefinedTypes, servicesMap) {
         audt.name.toLowerCase().includes("connect")
       ) {
         const fields = audt.fields || [];
-        if (
-          fields.length &&
-          fields[0] &&
-          fields[0].name &&
-          fields[0].name.length > 1
-        ) {
+        if (fields.length && fields[0]?.name && fields[0].name.length > 1) {
           const endpoints = extractEndpoints(language, fields[0].name);
           let serviceName = "service";
           if (audt.fileName) {

package/lib/helpers/display.js CHANGED Viewed

@@ -14,7 +14,7 @@ const SYMBOLS_ANSI = {
 const MAX_TREE_DEPTH = 6;
 const highlightStr = (s, highlight) => {
-  if (highlight && s && s.includes(highlight)) {
+  if (highlight && s?.includes(highlight)) {
     s = s.replaceAll(highlight, `\x1b[1;33m${highlight}\x1b[0m`);
   }
   return s;

package/lib/helpers/envcontext.js CHANGED Viewed

@@ -200,9 +200,17 @@ export function collectDotnetInfo(dir) {
  * @returns Object containing python details
  */
 export function collectPythonInfo(dir) {
-  const versionDesc = getCommandOutput(getPythonCommand(), dir, ["--version"]);
+  const versionDesc = getCommandOutput(getPythonCommand(), dir, [
+    "-S",
+    "--version",
+  ]);
   const moduleDesc =
-    getCommandOutput(getPythonCommand(), dir, ["-m", "pip", "--version"]) || "";
+    getCommandOutput(getPythonCommand(), dir, [
+      "-S",
+      "-m",
+      "pip",
+      "--version",
+    ]) || "";
   if (versionDesc) {
     return {
       type: "platform",