@cyclonedx/cdxgen 12.3.0 → 12.3.2

package/lib/helpers/analyzer.poku.js

@@ -6,13 +6,15 @@ import {
   writeFileSync,
 } from "node:fs";
 import { tmpdir } from "node:os";
-import { join } from "node:path";
+import { dirname, join } from "node:path";
 
 import { assert, describe, it } from "poku";
 
 import {
   analyzeSuspiciousJsFile,
   detectExtensionCapabilities,
+  detectMcpInventory,
+  detectPythonMcpInventory,
   findJSImportsExports,
 } from "./analyzer.js";
 
@@ -42,6 +44,25 @@ const createProjectFromFixture = (subDirName, fixtureFileName) => {
   return projectDir;
 };
 
+const createProjectFiles = (subDirName, fileMap) => {
+  const projectDir = join(baseTempDir, subDirName);
+  mkdirSync(projectDir, { recursive: true });
+  for (const [fileName, content] of Object.entries(fileMap)) {
+    const fullPath = join(projectDir, fileName);
+    mkdirSync(dirname(fullPath), { recursive: true });
+    writeFileSync(fullPath, content, { encoding: "utf-8" });
+  }
+  return projectDir;
+};
+
+function getProp(obj, name) {
+  return obj?.properties?.find((property) => property.name === name)?.value;
+}
+
+function normalizePathForAssertion(filePath) {
+  return String(filePath || "").replaceAll("\\", "/");
+}
+
 describe("findJSImportsExports() wasm and wasi detection", () => {
   it("captures wasm exports from WebAssembly.instantiate() flow", async () => {
     const projectDir = createProject(
@@ -66,7 +87,7 @@ console.log(add(5, 6));
     );
     assert.ok(addOccurrence, "expected add symbol occurrence to exist");
     assert.ok(
-      addOccurrence.fileName?.includes("index.js"),
+      normalizePathForAssertion(addOccurrence.fileName).endsWith("index.js"),
       "expected source filename to be tracked",
     );
     assert.strictEqual(addOccurrence.lineNumber, 4);
@@ -189,7 +210,9 @@ wasi.start(instance);
     assert.ok(
       wasmImportOccurrences.some(
         (occ) =>
-          occ.fileName?.includes("libmagic-wrapper.js") &&
+          normalizePathForAssertion(occ.fileName).endsWith(
+            "libmagic-wrapper.js",
+          ) &&
           typeof occ.lineNumber === "number" &&
           typeof occ.columnNumber === "number",
       ),
@@ -299,3 +322,261 @@ describe("analyzeSuspiciousJsFile()", () => {
     assert.match(analysis.networkIndicators.join(","), /network-request/);
   });
 });
+
+describe("detectMcpInventory()", () => {
+  it("detects an official authenticated streamable HTTP MCP server", () => {
+    const projectDir = createProjectFiles("mcp-http-server", {
+      "src/server.js": [
+        "import { McpServer } from '@modelcontextprotocol/server';",
+        "import { Client } from '@modelcontextprotocol/client';",
+        "import { createMcpExpressApp, mcpAuthMetadataRouter, requireBearerAuth } from '@modelcontextprotocol/express';",
+        "import { NodeStreamableHTTPServerTransport } from '@modelcontextprotocol/node';",
+        "import OpenAI from 'openai';",
+        "const app = createMcpExpressApp();",
+        "const oauthMetadata = { issuer: 'https://auth.example.com', authorization_endpoint: 'https://auth.example.com/authorize', token_endpoint: 'https://auth.example.com/token' };",
+        "const mcpServerUrl = new URL('http://localhost:3000/mcp');",
+        "const server = new McpServer({ name: 'demo-http-server', version: '1.2.3' }, { capabilities: { logging: {}, resources: { subscribe: true }, tools: { listChanged: true } } });",
+        "const upstream = new Client({ name: 'relay-client', version: '0.0.1' });",
+        "server.registerTool('summarize', { description: 'Summarize text', annotations: { readOnlyHint: true } }, async () => ({ content: [] }));",
+        "server.registerPrompt('ask-user', { description: 'Prompt template' }, async () => ({ messages: [] }));",
+        "server.registerResource('docs', 'file:///{path}', { description: 'Workspace docs' }, async () => ({ contents: [] }));",
+        "const auth = requireBearerAuth({ requiredScopes: ['mcp'] });",
+        "app.use(mcpAuthMetadataRouter({ oauthMetadata, resourceServerUrl: mcpServerUrl }));",
+        "app.post('/mcp', auth, async () => {});",
+        "const transport = new NodeStreamableHTTPServerTransport();",
+        "await server.connect(transport);",
+        "const openai = new OpenAI({ apiKey: 'sk-test' });",
+        "await fetch('https://api.openai.com/v1/responses');",
+        "await upstream.callTool({ name: 'summarize' });",
+        "const provider = 'anthropic';",
+        "const model = 'claude-3-5-sonnet';",
+        "void provider; void model;",
+      ].join("\n"),
+    });
+    const inventory = detectMcpInventory(projectDir);
+    assert.strictEqual(inventory.services.length, 1);
+    assert.strictEqual(inventory.components.length, 3);
+    const service = inventory.services[0];
+    assert.strictEqual(service.name, "demo-http-server");
+    assert.strictEqual(service.version, "1.2.3");
+    assert.strictEqual(service.authenticated, true);
+    assert.ok(service.endpoints.includes("/mcp"));
+    assert.ok(service.endpoints.includes("http://localhost:3000/mcp"));
+    assert.ok(
+      service.properties.some(
+        (prop) =>
+          prop.name === "cdx:mcp:capabilities:resources.subscribe" &&
+          prop.value === "true",
+      ),
+    );
+    assert.ok(
+      service.properties.some(
+        (prop) =>
+          prop.name === "cdx:mcp:modelNames" &&
+          prop.value.includes("claude-3-5-sonnet"),
+      ),
+    );
+    assert.ok(
+      service.properties.some(
+        (prop) =>
+          prop.name === "cdx:mcp:serviceType" && prop.value === "gateway",
+      ),
+    );
+    assert.ok(
+      service.properties.some(
+        (prop) =>
+          prop.name === "cdx:mcp:providerFamilies" &&
+          prop.value.includes("anthropic") &&
+          prop.value.includes("openai"),
+      ),
+    );
+    assert.ok(
+      new Set((getProp(service, "cdx:mcp:outboundHosts") || "").split(",")).has(
+        "api.openai.com",
+      ),
+    );
+    assert.ok(
+      service.properties.some(
+        (prop) =>
+          prop.name === "cdx:mcp:usageConfidence" && prop.value === "high",
+      ),
+    );
+    assert.ok(
+      inventory.dependencies.some(
+        (dependency) =>
+          dependency.ref === service["bom-ref"] &&
+          dependency.provides.length === 3,
+      ),
+    );
+  });
+
+  it("detects an unauthenticated non-official HTTP MCP server", () => {
+    const projectDir = createProjectFiles("mcp-unsafe-server", {
+      "index.js": [
+        "import express from 'express';",
+        "import { Server as AcmeMcpServer } from '@acme/mcp-server';",
+        "const app = express();",
+        "const server = new AcmeMcpServer({ name: 'unsafe-http-server', version: '0.1.0' });",
+        "server.registerTool('run_shell', { description: 'Run a command' }, async () => ({ content: [] }));",
+        "app.post('/mcp-unsafe', async () => {});",
+      ].join("\n"),
+    });
+    const inventory = detectMcpInventory(projectDir);
+    assert.strictEqual(inventory.services.length, 1);
+    const service = inventory.services[0];
+    assert.strictEqual(service.name, "unsafe-http-server");
+    assert.strictEqual(service.authenticated, false);
+    assert.ok(service.endpoints.includes("/mcp-unsafe"));
+    assert.ok(
+      service.properties.some(
+        (prop) => prop.name === "cdx:mcp:officialSdk" && prop.value === "false",
+      ),
+    );
+  });
+
+  it("detects MCP client-only usage and provider wiring", () => {
+    const projectDir = createProjectFiles("mcp-client-only", {
+      "index.js": [
+        "import { Client } from '@modelcontextprotocol/client';",
+        "import { StreamableHTTPClientTransport } from '@modelcontextprotocol/client';",
+        "import Anthropic from '@anthropic-ai/sdk';",
+        "const client = new Client({ name: 'demo-client', version: '0.1.0' });",
+        "const transport = new StreamableHTTPClientTransport(new URL('https://mcp.example.com/mcp'));",
+        "await client.connect(transport);",
+        "const anthropic = new Anthropic({ apiKey: 'test' });",
+        "await client.listTools();",
+        "await fetch('https://api.anthropic.com/v1/messages');",
+        "const modelName = 'claude-3-7-sonnet';",
+        "void anthropic; void modelName;",
+      ].join("\n"),
+    });
+    const inventory = detectMcpInventory(projectDir);
+    assert.strictEqual(inventory.services.length, 1);
+    const service = inventory.services[0];
+    assert.ok(
+      service.properties.some(
+        (prop) =>
+          prop.name === "cdx:mcp:serviceType" && prop.value === "client",
+      ),
+    );
+    assert.ok(
+      service.properties.some(
+        (prop) =>
+          prop.name === "cdx:mcp:exposureType" &&
+          prop.value === "networked-public",
+      ),
+    );
+    assert.ok(
+      ["mcp.example.com", "api.anthropic.com"].every((hostname) =>
+        getProp(service, "cdx:mcp:outboundHosts")
+          ?.split(",")
+          .includes(hostname),
+      ),
+    );
+    assert.ok(
+      service.properties.some(
+        (prop) =>
+          prop.name === "cdx:mcp:providerFamilies" &&
+          prop.value.includes("anthropic"),
+      ),
+    );
+    assert.ok(
+      service.properties.some(
+        (prop) =>
+          prop.name === "cdx:mcp:inventorySource" &&
+          prop.value === "source-code-analysis",
+      ),
+    );
+    assert.ok(
+      service.properties.some(
+        (prop) => prop.name === "cdx:mcp:reviewNeeded" && prop.value === "true",
+      ),
+    );
+  });
+
+  it("detects a TypeScript stdio MCP server and emits source-code-analysis inventory", () => {
+    const projectDir = createProjectFiles("mcp-ts-stdio-server", {
+      "src/server.ts": [
+        "import { McpServer } from '@modelcontextprotocol/server';",
+        "import { StdioServerTransport } from '@modelcontextprotocol/server/stdio';",
+        "const server = new McpServer({ name: 'ts-stdio-server', version: '0.2.0' }, { capabilities: { tools: {}, prompts: {}, resources: {} } });",
+        "server.registerTool('lint', { description: 'Lint source files' }, async () => ({ content: [] }));",
+        "server.registerPrompt('review', { description: 'Prompt review guidance' }, async () => ({ messages: [] }));",
+        "server.registerResource('workspace-docs', 'file:///docs/{path}', { description: 'Workspace docs' }, async () => ({ contents: [] }));",
+        "const transport = new StdioServerTransport();",
+        "await server.connect(transport);",
+      ].join("\n"),
+    });
+    const inventory = detectMcpInventory(projectDir);
+    assert.strictEqual(inventory.services.length, 1);
+    assert.strictEqual(inventory.components.length, 3);
+    const service = inventory.services[0];
+    assert.strictEqual(service.name, "ts-stdio-server");
+    assert.strictEqual(service.version, "0.2.0");
+    assert.strictEqual(getProp(service, "cdx:mcp:transport"), "stdio");
+    assert.strictEqual(
+      getProp(service, "cdx:mcp:inventorySource"),
+      "source-code-analysis",
+    );
+    assert.strictEqual(getProp(service, "cdx:mcp:serviceType"), "gateway");
+    assert.strictEqual(getProp(service, "cdx:mcp:toolCount"), "1");
+    assert.strictEqual(getProp(service, "cdx:mcp:promptCount"), "1");
+    assert.strictEqual(getProp(service, "cdx:mcp:resourceCount"), "1");
+    assert.ok(
+      inventory.dependencies.some(
+        (dependency) =>
+          dependency.ref === service["bom-ref"] &&
+          dependency.provides.length === 3,
+      ),
+    );
+  });
+});
+
+describe("detectPythonMcpInventory()", () => {
+  it("detects a Python stdio MCP server and exported primitives", () => {
+    const projectDir = createProjectFiles("mcp-python-server", {
+      "src/server.py": [
+        "import mcp.server.stdio",
+        "import mcp.types as mtypes",
+        "from mcp.server import NotificationOptions, Server",
+        "",
+        'server = Server("appthreat-vulnerability-db", version="1.0.1")',
+        "",
+        "@server.list_resources()",
+        "async def handle_list_resources():",
+        '    return [mtypes.Resource(uri=mtypes.AnyUrl("cve://"), name="CVE Information", description="Get detailed information about a CVE")]',
+        "",
+        "@server.list_tools()",
+        "async def handle_list_tools():",
+        '    return [mtypes.Tool(name="search_by_purl_like", description="Search by purl", inputSchema={"type": "object"})]',
+        "",
+        "async with mcp.server.stdio.stdio_server() as (read_stream, write_stream):",
+        "    await server.run(",
+        "        read_stream,",
+        "        write_stream,",
+        '        InitializationOptions(server_name="appthreat-vulnerability-db", server_version="1.0.1", capabilities=server.get_capabilities(notification_options=NotificationOptions(), experimental_capabilities={}))',
+        "    )",
+      ].join("\n"),
+    });
+    const inventory = detectPythonMcpInventory(projectDir);
+    assert.strictEqual(inventory.services.length, 1);
+    assert.strictEqual(inventory.components.length, 2);
+    const service = inventory.services[0];
+    assert.strictEqual(service.name, "appthreat-vulnerability-db");
+    assert.strictEqual(service.version, "1.0.1");
+    assert.strictEqual(getProp(service, "cdx:mcp:transport"), "stdio");
+    assert.strictEqual(getProp(service, "cdx:mcp:officialSdk"), "true");
+    assert.strictEqual(getProp(service, "cdx:mcp:toolCount"), "1");
+    assert.strictEqual(getProp(service, "cdx:mcp:resourceCount"), "1");
+    assert.ok(
+      inventory.components.some(
+        (component) => component.name === "search_by_purl_like",
+      ),
+    );
+    assert.ok(
+      inventory.components.some(
+        (component) => component.name === "CVE Information",
+      ),
+    );
+  });
+});

package/lib/helpers/auditCategories.js

@@ -0,0 +1,76 @@
+export const BOM_AUDIT_CATEGORY_ALIASES = Object.freeze({
+  "ai-inventory": ["ai-agent", "mcp-server"],
+});
+
+function uniqueNonEmptyCategories(categories) {
+  return [...new Set((categories || []).filter(Boolean))];
+}
+
+export function normalizeBomAuditCategories(categories) {
+  if (Array.isArray(categories)) {
+    return uniqueNonEmptyCategories(
+      categories.map((category) => String(category).trim()).filter(Boolean),
+    );
+  }
+  if (typeof categories !== "string") {
+    return [];
+  }
+  return uniqueNonEmptyCategories(
+    categories
+      .split(",")
+      .map((category) => category.trim())
+      .filter(Boolean),
+  );
+}
+
+export function expandBomAuditCategories(categories) {
+  const normalizedCategories = normalizeBomAuditCategories(categories);
+  const expandedCategories = [];
+  for (const category of normalizedCategories) {
+    if (BOM_AUDIT_CATEGORY_ALIASES[category]?.length) {
+      expandedCategories.push(...BOM_AUDIT_CATEGORY_ALIASES[category]);
+      continue;
+    }
+    expandedCategories.push(category);
+  }
+  return uniqueNonEmptyCategories(expandedCategories);
+}
+
+export function availableBomAuditCategories(rules) {
+  return uniqueNonEmptyCategories(
+    (rules || []).map((rule) => rule?.category).filter(Boolean),
+  ).sort();
+}
+
+function formatBomAuditCategoryOption(category) {
+  const aliasedCategories = BOM_AUDIT_CATEGORY_ALIASES[category];
+  if (!aliasedCategories?.length) {
+    return category;
+  }
+  return `${category} (alias for ${aliasedCategories.join(",")})`;
+}
+
+export function validateBomAuditCategories(categories, rules) {
+  const normalizedCategories = normalizeBomAuditCategories(categories);
+  const validCategories = availableBomAuditCategories(rules);
+  const allowedCategories = new Set([
+    ...validCategories,
+    ...Object.keys(BOM_AUDIT_CATEGORY_ALIASES),
+  ]);
+  const invalidCategories = normalizedCategories.filter(
+    (category) => !allowedCategories.has(category),
+  );
+  if (invalidCategories.length) {
+    const validCategoryOptions = [...allowedCategories]
+      .sort()
+      .map((category) => formatBomAuditCategoryOption(category));
+    throw new Error(
+      `Unknown BOM audit categor${invalidCategories.length === 1 ? "y" : "ies"}: ${invalidCategories.join(", ")}. Valid categories: ${validCategoryOptions.join(", ")}.`,
+    );
+  }
+  return {
+    categories: normalizedCategories,
+    expandedCategories: expandBomAuditCategories(normalizedCategories),
+    validCategories,
+  };
+}

package/lib/helpers/ciParsers/githubActions.js

@@ -102,6 +102,16 @@ const KNOWN_DISPATCH_ACTIONS = [
   },
 ];
 
+const CARGO_TOOLCHAIN_ACTION_PATTERNS = [
+  /^dtolnay\/rust-toolchain(?:@|$)/i,
+  /^actions-rs\/toolchain(?:@|$)/i,
+  /^moonrepo\/setup-rust(?:@|$)/i,
+];
+
+const CARGO_CACHE_ACTION_PATTERNS = [/^swatinem\/rust-cache(?:@|$)/i];
+
+const CARGO_TOOL_INSTALL_ACTION_PATTERNS = [/^taiki-e\/install-action(?:@|$)/i];
+
 const FORK_CONTEXT_PATTERNS = [
   [
     "github.event.pull_request.head.repo.fork",
@@ -425,6 +435,81 @@ function analyzeCacheStep(step) {
   return props;
 }
 
+function analyzeCargoActionStep(step) {
+  const props = [];
+  if (!step?.uses || typeof step.uses !== "string") {
+    return props;
+  }
+  const cargoRoles = new Set();
+  if (
+    CARGO_TOOLCHAIN_ACTION_PATTERNS.some((pattern) => pattern.test(step.uses))
+  ) {
+    cargoRoles.add("toolchain");
+  }
+  if (CARGO_CACHE_ACTION_PATTERNS.some((pattern) => pattern.test(step.uses))) {
+    cargoRoles.add("cache");
+  }
+  if (
+    CARGO_TOOL_INSTALL_ACTION_PATTERNS.some((pattern) =>
+      pattern.test(step.uses),
+    )
+  ) {
+    cargoRoles.add("tool-install");
+  }
+  if (
+    step.uses.includes("actions/cache") &&
+    typeof step.with?.path === "string" &&
+    /(?:^|[\\/])\.cargo(?:[\\/]|$)|cargo[\\/](?:registry|git)/i.test(
+      step.with.path,
+    )
+  ) {
+    cargoRoles.add("cache");
+  }
+  if (!cargoRoles.size) {
+    return props;
+  }
+  props.push({
+    name: "cdx:github:action:ecosystem",
+    value: "cargo",
+  });
+  props.push({
+    name: "cdx:github:action:role",
+    value: [...cargoRoles].join(","),
+  });
+  return props;
+}
+
+function analyzeCargoRunStep(normalizedRun) {
+  const props = [];
+  if (!normalizedRun || typeof normalizedRun !== "string") {
+    return props;
+  }
+  const cargoSubcommands = new Set();
+  for (const match of normalizedRun.matchAll(/\bcargo\s+([a-z][\w-]*)/gi)) {
+    if (match[1]) {
+      cargoSubcommands.add(match[1].toLowerCase());
+    }
+  }
+  if (!cargoSubcommands.size) {
+    return props;
+  }
+  props.push({
+    name: "cdx:github:step:usesCargo",
+    value: "true",
+  });
+  props.push({
+    name: "cdx:github:step:cargoSubcommands",
+    value: [...cargoSubcommands].join(","),
+  });
+  if (/\s--workspace\b|\s--all\b|\s--all-targets\b/i.test(normalizedRun)) {
+    props.push({
+      name: "cdx:github:step:cargoWorkspaceScope",
+      value: "true",
+    });
+  }
+  return props;
+}
+
 /**
  * Detect untrusted expression interpolation in `run:` blocks.
  *
@@ -500,14 +585,42 @@ function detectPublishEcosystem(runValue) {
   return undefined;
 }
 
+function normalizeRunValueEntry(entry) {
+  if (
+    typeof entry === "string" ||
+    typeof entry === "number" ||
+    typeof entry === "boolean"
+  ) {
+    return String(entry);
+  }
+  return "";
+}
+
+function normalizeRunValue(runValue) {
+  if (typeof runValue === "string") {
+    return runValue;
+  }
+  if (typeof runValue === "number" || typeof runValue === "boolean") {
+    return String(runValue);
+  }
+  if (Array.isArray(runValue)) {
+    const normalizedEntries = runValue
+      .map((entry) => normalizeRunValueEntry(entry))
+      .filter(Boolean);
+    return normalizedEntries.length ? normalizedEntries.join("\n") : undefined;
+  }
+  return undefined;
+}
+
 function analyzeLegacyPublishStep(step, effectiveEnv) {
   const props = [];
-  const publishEcosystem = detectPublishEcosystem(step?.run);
+  const normalizedRun = normalizeRunValue(step?.run);
+  const publishEcosystem = detectPublishEcosystem(normalizedRun);
   if (!publishEcosystem) {
     return props;
   }
   const tokenSources = [];
-  if (/\B--token(?:=|\s+\S+)/i.test(step.run)) {
+  if (normalizedRun && /\B--token(?:=|\s+\S+)/i.test(normalizedRun)) {
     tokenSources.push("cli-flag");
   }
   const legacyEnvNames = Object.keys(effectiveEnv || {}).filter(
@@ -1904,6 +2017,7 @@ export function parseWorkflowFile(f, options) {
           });
           actionProperties.push(...analyzeCheckoutStep(step));
           actionProperties.push(...analyzeCacheStep(step));
+          actionProperties.push(...analyzeCargoActionStep(step));
           actionProperties.push(...analyzeDispatchActionStep(step));
           if (
             step.uses?.includes("actions/github-script") &&
@@ -1982,8 +2096,15 @@ export function parseWorkflowFile(f, options) {
           components.push(acomp);
           jobDependsOn.push(purl);
         }
-      } else if (step.run) {
-        commands.push({ executed: step?.run?.trim().split("\n")[0] });
+      } else {
+        const normalizedRun = normalizeRunValue(step.run);
+        if (normalizedRun === undefined) {
+          steps.push({
+            name: stepName,
+          });
+          continue;
+        }
+        commands.push({ executed: normalizedRun.trim().split("\n")[0] });
         const stepRef = `${jobRef}-step-${steps.length + 1}`;
         const runProperties = [
           { name: "SrcFile", value: f },
@@ -1993,7 +2114,7 @@ export function parseWorkflowFile(f, options) {
           { name: "cdx:github:step:type", value: "run" },
           {
             name: "cdx:github:step:command",
-            value: step?.run?.trim().split("\n")[0],
+            value: normalizedRun.trim().split("\n")[0],
           },
         ];
         if (step.if) {
@@ -2015,9 +2136,9 @@ export function parseWorkflowFile(f, options) {
         runProperties.push(...sharedJobCtxProps);
         runProperties.push(...sharedCtxProps);
 
-        const { hasInterpolation, vars } = detectUntrustedInterpolation(
-          step.run,
-        );
+        const { hasInterpolation, vars } =
+          detectUntrustedInterpolation(normalizedRun);
+        runProperties.push(...analyzeCargoRunStep(normalizedRun));
         if (hasInterpolation) {
           runProperties.push({
             name: "cdx:github:step:hasUntrustedInterpolation",
@@ -2028,7 +2149,8 @@ export function parseWorkflowFile(f, options) {
             value: vars.join(","),
           });
         }
-        const { hasMutation, targets } = detectRunnerStateMutation(step.run);
+        const { hasMutation, targets } =
+          detectRunnerStateMutation(normalizedRun);
         if (hasMutation) {
           runProperties.push({
             name: "cdx:github:step:mutatesRunnerState",
@@ -2039,9 +2161,8 @@ export function parseWorkflowFile(f, options) {
             value: targets.join(","),
           });
         }
-        const { hasOutboundCommand, tools } = detectOutboundNetworkCommand(
-          step.run,
-        );
+        const { hasOutboundCommand, tools } =
+          detectOutboundNetworkCommand(normalizedRun);
         if (hasOutboundCommand) {
           runProperties.push({
             name: "cdx:github:step:hasOutboundNetworkCommand",
@@ -2053,10 +2174,10 @@ export function parseWorkflowFile(f, options) {
           });
         }
         const sensitiveContextRefs = detectSensitiveContextReferences(
-          step.run,
+          normalizedRun,
           effectiveEnv,
         );
-        const dispatchInfo = detectWorkflowDispatchInvocations(step.run);
+        const dispatchInfo = detectWorkflowDispatchInvocations(normalizedRun);
         if (dispatchInfo.hasDispatch) {
           collectSensitiveEnvBindings(effectiveEnv).forEach((ref) => {
             sensitiveContextRefs.push(ref);
@@ -2073,7 +2194,7 @@ export function parseWorkflowFile(f, options) {
           });
         }
         appendDispatchProperties(runProperties, dispatchInfo);
-        const forkContextRefs = detectForkContextReferences(step.run);
+        const forkContextRefs = detectForkContextReferences(normalizedRun);
         if (forkContextRefs.length) {
           runProperties.push({
             name: "cdx:github:step:referencesForkContext",
@@ -2085,7 +2206,10 @@ export function parseWorkflowFile(f, options) {
           });
         }
         const exfiltrationIndicators = hasOutboundCommand
-          ? detectOutboundExfiltrationIndicators(step.run, sensitiveContextRefs)
+          ? detectOutboundExfiltrationIndicators(
+              normalizedRun,
+              sensitiveContextRefs,
+            )
           : [];
         if (exfiltrationIndicators.length) {
           runProperties.push({