npm - @cyclonedx/cdxgen - Versions diffs - 12.3.3 → 12.4.1 - Mend

@cyclonedx/cdxgen 12.3.3 → 12.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (175) hide show

package/README.md +69 -25
package/bin/audit.js +21 -7
package/bin/cdxgen.js +270 -127
package/bin/convert.js +34 -15
package/bin/hbom.js +495 -0
package/bin/repl.js +592 -37
package/bin/validate.js +31 -4
package/bin/verify.js +18 -5
package/data/README.md +298 -25
package/data/component-tags.json +6 -0
package/data/crypto-oid.json +16 -0
package/data/cyclonedx-2.0-bundled.schema.json +7182 -0
package/data/predictive-audit-allowlist.json +11 -0
package/data/queries-darwin.json +12 -1
package/data/queries-win.json +7 -1
package/data/queries.json +39 -2
package/data/rules/ai-agent-governance.yaml +16 -0
package/data/rules/asar-archives.yaml +150 -0
package/data/rules/chrome-extensions.yaml +8 -0
package/data/rules/ci-permissions.yaml +42 -18
package/data/rules/container-risk.yaml +14 -7
package/data/rules/dependency-sources.yaml +11 -0
package/data/rules/hbom-compliance.yaml +325 -0
package/data/rules/hbom-performance.yaml +307 -0
package/data/rules/hbom-security.yaml +248 -0
package/data/rules/host-topology.yaml +165 -0
package/data/rules/mcp-servers.yaml +18 -3
package/data/rules/obom-runtime.yaml +907 -22
package/data/rules/package-integrity.yaml +14 -0
package/data/rules/rootfs-hardening.yaml +179 -0
package/data/rules/vscode-extensions.yaml +9 -0
package/lib/audit/index.js +210 -8
package/lib/audit/index.poku.js +332 -0
package/lib/audit/reporters.js +222 -0
package/lib/audit/targets.js +146 -1
package/lib/audit/targets.poku.js +186 -0
package/lib/cli/asar.poku.js +328 -0
package/lib/cli/index.js +527 -99
package/lib/cli/index.poku.js +1469 -212
package/lib/evinser/evinser.js +14 -9
package/lib/helpers/analyzer.js +1406 -29
package/lib/helpers/analyzer.poku.js +342 -0
package/lib/helpers/analyzerScope.js +712 -0
package/lib/helpers/asarutils.js +1556 -0
package/lib/helpers/asarutils.poku.js +443 -0
package/lib/helpers/auditCategories.js +12 -0
package/lib/helpers/auditCategories.poku.js +32 -0
package/lib/helpers/bomUtils.js +155 -1
package/lib/helpers/bomUtils.poku.js +79 -1
package/lib/helpers/cbomutils.js +271 -1
package/lib/helpers/cbomutils.poku.js +248 -5
package/lib/helpers/display.js +291 -1
package/lib/helpers/display.poku.js +149 -0
package/lib/helpers/evidenceUtils.js +58 -0
package/lib/helpers/evidenceUtils.poku.js +54 -0
package/lib/helpers/exportUtils.js +9 -0
package/lib/helpers/gtfobins.js +142 -8
package/lib/helpers/gtfobins.poku.js +24 -1
package/lib/helpers/hbom.js +710 -0
package/lib/helpers/hbom.poku.js +496 -0
package/lib/helpers/hbomAnalysis.js +268 -0
package/lib/helpers/hbomAnalysis.poku.js +249 -0
package/lib/helpers/hbomLoader.js +35 -0
package/lib/helpers/hostTopology.js +803 -0
package/lib/helpers/hostTopology.poku.js +363 -0
package/lib/helpers/inventoryStats.js +69 -0
package/lib/helpers/inventoryStats.poku.js +86 -0
package/lib/helpers/lolbas.js +19 -1
package/lib/helpers/lolbas.poku.js +23 -0
package/lib/helpers/osqueryTransform.js +47 -0
package/lib/helpers/osqueryTransform.poku.js +47 -0
package/lib/helpers/plugins.js +350 -0
package/lib/helpers/plugins.poku.js +57 -0
package/lib/helpers/protobom.js +209 -45
package/lib/helpers/protobom.poku.js +183 -5
package/lib/helpers/protobomLoader.js +43 -0
package/lib/helpers/protobomLoader.poku.js +31 -0
package/lib/helpers/remote/dependency-track.js +36 -3
package/lib/helpers/remote/dependency-track.poku.js +44 -0
package/lib/helpers/source.js +24 -0
package/lib/helpers/source.poku.js +32 -0
package/lib/helpers/utils.js +1438 -93
package/lib/helpers/utils.poku.js +846 -4
package/lib/managers/binary.e2e.poku.js +367 -0
package/lib/managers/binary.js +2293 -353
package/lib/managers/binary.poku.js +1699 -1
package/lib/managers/docker.js +201 -79
package/lib/managers/docker.poku.js +337 -12
package/lib/server/server.js +4 -28
package/lib/stages/postgen/annotator.js +38 -0
package/lib/stages/postgen/annotator.poku.js +107 -1
package/lib/stages/postgen/auditBom.js +121 -18
package/lib/stages/postgen/auditBom.poku.js +1366 -31
package/lib/stages/postgen/hostTopologyAudit.poku.js +186 -0
package/lib/stages/postgen/postgen.js +406 -8
package/lib/stages/postgen/postgen.poku.js +484 -0
package/lib/stages/postgen/ruleEngine.js +116 -0
package/lib/stages/pregen/envAudit.js +14 -3
package/lib/validator/bomValidator.js +90 -38
package/lib/validator/bomValidator.poku.js +90 -0
package/lib/validator/complianceRules.js +4 -2
package/lib/validator/index.poku.js +14 -0
package/package.json +23 -21
package/types/bin/hbom.d.ts +3 -0
package/types/bin/hbom.d.ts.map +1 -0
package/types/bin/repl.d.ts +1 -1
package/types/bin/repl.d.ts.map +1 -1
package/types/lib/audit/index.d.ts +44 -0
package/types/lib/audit/index.d.ts.map +1 -1
package/types/lib/audit/reporters.d.ts +16 -0
package/types/lib/audit/reporters.d.ts.map +1 -1
package/types/lib/audit/targets.d.ts.map +1 -1
package/types/lib/cli/index.d.ts +16 -0
package/types/lib/cli/index.d.ts.map +1 -1
package/types/lib/evinser/evinser.d.ts +4 -0
package/types/lib/evinser/evinser.d.ts.map +1 -1
package/types/lib/helpers/analyzer.d.ts +33 -0
package/types/lib/helpers/analyzer.d.ts.map +1 -1
package/types/lib/helpers/analyzerScope.d.ts +11 -0
package/types/lib/helpers/analyzerScope.d.ts.map +1 -0
package/types/lib/helpers/asarutils.d.ts +34 -0
package/types/lib/helpers/asarutils.d.ts.map +1 -0
package/types/lib/helpers/auditCategories.d.ts +5 -0
package/types/lib/helpers/auditCategories.d.ts.map +1 -1
package/types/lib/helpers/bomUtils.d.ts +10 -0
package/types/lib/helpers/bomUtils.d.ts.map +1 -1
package/types/lib/helpers/cbomutils.d.ts +3 -2
package/types/lib/helpers/cbomutils.d.ts.map +1 -1
package/types/lib/helpers/display.d.ts.map +1 -1
package/types/lib/helpers/evidenceUtils.d.ts +8 -0
package/types/lib/helpers/evidenceUtils.d.ts.map +1 -0
package/types/lib/helpers/exportUtils.d.ts.map +1 -1
package/types/lib/helpers/gtfobins.d.ts +8 -0
package/types/lib/helpers/gtfobins.d.ts.map +1 -1
package/types/lib/helpers/hbom.d.ts +49 -0
package/types/lib/helpers/hbom.d.ts.map +1 -0
package/types/lib/helpers/hbomAnalysis.d.ts +76 -0
package/types/lib/helpers/hbomAnalysis.d.ts.map +1 -0
package/types/lib/helpers/hbomLoader.d.ts +7 -0
package/types/lib/helpers/hbomLoader.d.ts.map +1 -0
package/types/lib/helpers/hostTopology.d.ts +12 -0
package/types/lib/helpers/hostTopology.d.ts.map +1 -0
package/types/lib/helpers/inventoryStats.d.ts +11 -0
package/types/lib/helpers/inventoryStats.d.ts.map +1 -0
package/types/lib/helpers/lolbas.d.ts.map +1 -1
package/types/lib/helpers/osqueryTransform.d.ts +3 -0
package/types/lib/helpers/osqueryTransform.d.ts.map +1 -1
package/types/lib/helpers/plugins.d.ts +58 -0
package/types/lib/helpers/plugins.d.ts.map +1 -0
package/types/lib/helpers/protobom.d.ts +5 -4
package/types/lib/helpers/protobom.d.ts.map +1 -1
package/types/lib/helpers/protobomLoader.d.ts +17 -0
package/types/lib/helpers/protobomLoader.d.ts.map +1 -0
package/types/lib/helpers/remote/dependency-track.d.ts +10 -3
package/types/lib/helpers/remote/dependency-track.d.ts.map +1 -1
package/types/lib/helpers/source.d.ts.map +1 -1
package/types/lib/helpers/utils.d.ts +45 -8
package/types/lib/helpers/utils.d.ts.map +1 -1
package/types/lib/managers/binary.d.ts +5 -0
package/types/lib/managers/binary.d.ts.map +1 -1
package/types/lib/managers/docker.d.ts.map +1 -1
package/types/lib/server/server.d.ts +2 -1
package/types/lib/server/server.d.ts.map +1 -1
package/types/lib/stages/postgen/annotator.d.ts.map +1 -1
package/types/lib/stages/postgen/auditBom.d.ts +26 -1
package/types/lib/stages/postgen/auditBom.d.ts.map +1 -1
package/types/lib/stages/postgen/postgen.d.ts +2 -1
package/types/lib/stages/postgen/postgen.d.ts.map +1 -1
package/types/lib/stages/postgen/ruleEngine.d.ts.map +1 -1
package/types/lib/stages/pregen/envAudit.d.ts.map +1 -1
package/types/lib/third-party/arborist/lib/node.d.ts +23 -0
package/types/lib/third-party/arborist/lib/node.d.ts.map +1 -1
package/types/lib/validator/bomValidator.d.ts.map +1 -1
package/types/lib/validator/complianceRules.d.ts.map +1 -1
package/data/spdx-model-v3.0.1.jsonld +0 -15999

package/lib/evinser/evinser.js CHANGED Viewed

@@ -5,6 +5,7 @@ import process from "node:process";
 import { PackageURL } from "packageurl-js";
 import { findCryptoAlgos } from "../helpers/cbomutils.js";
+import { parseOccurrenceEvidenceLocation } from "../helpers/evidenceUtils.js";
 import {
   collectGradleDependencies,
   collectMvnDependencies,
@@ -238,12 +239,15 @@ export async function createSlice(
   }
   let sliceOutputDir = safeMkdtempSync(join(getTmpDir(), `atom-${sliceType}-`));
+  let tempDirOwned = true;
   if (options?.output) {
+    const resolvedOutputPath = resolve(options.output);
     sliceOutputDir =
-      safeExistsSync(options.output) &&
-      fs.lstatSync(options.output).isDirectory()
-        ? path.basename(options.output)
-        : path.dirname(options.output);
+      safeExistsSync(resolvedOutputPath) &&
+      fs.lstatSync(resolvedOutputPath).isDirectory()
+        ? resolvedOutputPath
+        : path.dirname(resolvedOutputPath);
+    tempDirOwned = false;
   }
   const slicesFile =
     options[`${sliceType}SlicesFile`] ||
@@ -264,7 +268,7 @@ export async function createSlice(
         JSON.stringify(slicesData, null, options.jsonPretty ? 2 : null),
       );
     }
-    return { tempDir: sliceOutputDir, slicesFile };
+    return { tempDir: sliceOutputDir, tempDirOwned, slicesFile };
   }
   console.log(
     `Creating ${sliceType} slice for ${resolve(filePath)}. Please wait ...`,
@@ -362,6 +366,7 @@ export async function createSlice(
   }
   return {
     tempDir: sliceOutputDir,
+    tempDirOwned,
     slicesFile,
     atomFile,
     openapiSpecFile: resolve(join(filePath, openapiSpecFile)),
@@ -609,6 +614,7 @@ export async function analyzeProject(dbObjMap, options) {
     servicesMap,
     dataFlowFrames,
     tempDir: retMap?.tempDir,
+    tempDirOwned: retMap?.tempDirOwned,
     userDefinedTypesMap,
     cryptoComponents,
     cryptoGeneratePurls,
@@ -1396,6 +1402,7 @@ export function extractEndpoints(language, code) {
 export function createEvinseFile(sliceArtefacts, options) {
   const {
     tempDir,
+    tempDirOwned,
     usagesSlicesFile,
     dataFlowSlicesFile,
     reachablesSlicesFile,
@@ -1430,9 +1437,7 @@ export function createEvinseFile(sliceArtefacts, options) {
       // This is fine as long as the input sbom was also generated by cdxgen
       comp.evidence.occurrences = locationOccurrences
         .filter((l) => !!l)
-        .map((l) => ({
-          location: l,
-        }));
+        .map((l) => parseOccurrenceEvidenceLocation(l));
       occEvidencePresent = true;
     }
     const dfFrames = dataFlowFrames[comp.purl];
@@ -1557,7 +1562,7 @@ export function createEvinseFile(sliceArtefacts, options) {
       );
     }
   }
-  if (tempDir?.startsWith(getTmpDir())) {
+  if (tempDirOwned && tempDir?.startsWith(getTmpDir())) {
     safeRmSync(tempDir, { recursive: true, force: true });
   }
   return bomNSData?.bomJson;