@cyclonedx/cdxgen 12.4.1 → 12.4.3

package/lib/helpers/utils.poku.js

@@ -54,6 +54,7 @@ import {
   isPartialTree,
   isValidIriReference,
   mapConanPkgRefToPurlStringAndNameAndVersion,
+  PROJECT_TYPE_ALIASES,
   parseBazelActionGraph,
   parseBazelBuild,
   parseBazelSkyframe,
@@ -338,6 +339,32 @@ it("safeSpawnSync() does not classify non-probe -v commands as version checks",
   }
 });
 
+it("safeSpawnSync() blocks shell metacharacters with shell execution", () => {
+  const markerFile = path.join(tmpdir(), "cdxgen-safe-spawn-shell-marker");
+  const originalConsoleWarn = console.warn;
+  const warnings = [];
+  rmSync(markerFile, { force: true });
+  resetRecordedActivities();
+  console.warn = (message) => {
+    warnings.push(message);
+  };
+
+  try {
+    const result = safeSpawnSync("printf", ["blocked", ">", markerFile], {
+      shell: true,
+    });
+    assert.strictEqual(result.status, 1);
+    assert.ok(result.error);
+    assert.match(result.error.message, /shell metacharacters/);
+    assert.strictEqual(existsSync(markerFile), false);
+    assert.ok(warnings.some((warning) => /Security Alert/.test(warning)));
+  } finally {
+    console.warn = originalConsoleWarn;
+    resetRecordedActivities();
+    rmSync(markerFile, { force: true });
+  }
+});
+
 it("safeSpawnSync() reads CDXGEN_ALLOWED_COMMANDS once per invocation", () => {
   const originalAllowedCommands = process.env.CDXGEN_ALLOWED_COMMANDS;
   process.env.CDXGEN_ALLOWED_COMMANDS = "echo-cdxgen-test";
@@ -597,6 +624,37 @@ it("records recursive file discovery activity in dry-run mode", () => {
   }
 });
 
+it("records suspicious discovered paths with shell metacharacters in dry-run mode", () => {
+  const tmpRoot = mkdtempSync(
+    path.join(tmpdir(), "cdxgen-dry-run-shell-path-"),
+  );
+  const shellIfs = "$" + "{IFS}";
+  const maliciousDirName =
+    platform() === "win32"
+      ? "evil&echo%CDXGEN_GITURL_E2E_MARKER%&rem"
+      : `evil;cd${shellIfs}..;printf${shellIfs}marker>CDXGEN_GITURL_E2E_MARKER;#`;
+  const maliciousDir = path.join(tmpRoot, maliciousDirName);
+  const pomFile = path.join(maliciousDir, "pom.xml");
+  mkdirSync(maliciousDir, { recursive: true });
+  writeFileSync(pomFile, "<project />");
+  setDryRunMode(true);
+  resetRecordedActivities();
+  try {
+    assert.deepStrictEqual(getAllFiles(tmpRoot, "**/pom.xml"), [pomFile]);
+    const suspiciousActivity = getRecordedActivities().find(
+      (activity) => activity.classification === "suspicious-path",
+    );
+    assert.ok(suspiciousActivity);
+    assert.strictEqual(suspiciousActivity.risk, "shell-metacharacters");
+    assert.strictEqual(suspiciousActivity.target, pomFile);
+    assert.match(suspiciousActivity.reason, /shell metacharacters/);
+  } finally {
+    setDryRunMode(false);
+    resetRecordedActivities();
+    rmSync(tmpRoot, { force: true, recursive: true });
+  }
+});
+
 it("records updated discovery activity when a repeated glob match count changes", () => {
   const tmpRoot = mkdtempSync(path.join(tmpdir(), "cdxgen-dry-run-glob-"));
   const packageJsonFile = path.join(tmpRoot, "package.json");
@@ -4327,6 +4385,296 @@ it("addEvidenceForDotnet() initializes evidence before adding occurrences", () =
   }
 });
 
+it("addEvidenceForDotnet() ignores unreadable dosai JSON", () => {
+  const tempDir = mkdtempSync(path.join(tmpdir(), "cdxgen-dotnet-bad-json-"));
+  const slicesFile = path.join(tempDir, "dosai.json");
+  try {
+    writeFileSync(slicesFile, "");
+    const inputPkgList = [
+      {
+        name: "Example",
+        purl: "pkg:nuget/Example@1.0.0",
+        properties: [{ name: "PackageFiles", value: "Example.dll" }],
+      },
+    ];
+    const pkgList = addEvidenceForDotnet(inputPkgList, slicesFile);
+
+    assert.strictEqual(pkgList, inputPkgList);
+    assert.strictEqual(pkgList[0].evidence, undefined);
+    assert.strictEqual(pkgList[0].scope, undefined);
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true });
+  }
+});
+
+it("addEvidenceForDotnet() consumes dosai v3 PackageReachability", () => {
+  const tempDir = mkdtempSync(
+    path.join(tmpdir(), "cdxgen-dotnet-reachability-"),
+  );
+  const slicesFile = path.join(tempDir, "dosai.json");
+  try {
+    writeFileSync(
+      slicesFile,
+      JSON.stringify({
+        CallGraph: {
+          Edges: [
+            {
+              Id: "e1",
+              FileName: "Controllers/EpisodesController.cs",
+              LineNumber: 17,
+              CalledMethodName: "System.Text.Json.JsonSerializer.Deserialize",
+            },
+          ],
+          Nodes: [
+            {
+              Id: "n1",
+              FileName: "System.Text.Json.dll",
+              LineNumber: 0,
+              ClassName: "JsonSerializer",
+              Name: "Deserialize",
+            },
+          ],
+        },
+        PackageReachability: [
+          {
+            Purl: "pkg:nuget/System.Text.Json",
+            EdgeIds: ["e1"],
+            NodeIds: ["n1"],
+            SourceLocations: [
+              {
+                Path: "Controllers/Parser.cs",
+                FileName: "Parser.cs",
+                LineNumber: 42,
+                ColumnNumber: 13,
+                Kind: "CallGraphEdge",
+              },
+              {
+                Path: "System.Text.Json.dll",
+                FileName: "System.Text.Json.dll",
+                LineNumber: 1,
+                Kind: "CallGraphNode",
+              },
+            ],
+          },
+        ],
+      }),
+    );
+    const pkgList = addEvidenceForDotnet(
+      [
+        {
+          name: "System.Text.Json",
+          purl: "pkg:nuget/System.Text.Json@10.0.0",
+          properties: [],
+        },
+      ],
+      slicesFile,
+    );
+
+    assert.deepStrictEqual(pkgList[0].evidence?.occurrences, [
+      {
+        location: "Controllers/Parser.cs",
+        line: 42,
+      },
+    ]);
+    assert.ok(
+      pkgList[0].evidence.identity.methods.some(
+        (method) =>
+          method.technique === "source-code-analysis" &&
+          method.value === "Controllers/Parser.cs#42",
+      ),
+    );
+    assert.ok(
+      pkgList[0].properties.some(
+        (property) =>
+          property.name === "CalledMethods" &&
+          property.value.includes(
+            "System.Text.Json.JsonSerializer.Deserialize",
+          ),
+      ),
+    );
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true });
+  }
+});
+
+it("addEvidenceForDotnet() keeps PackageReachability fallback evidence source-only", () => {
+  const tempDir = mkdtempSync(
+    path.join(tmpdir(), "cdxgen-dotnet-source-fallback-"),
+  );
+  const slicesFile = path.join(tempDir, "dosai.json");
+  try {
+    writeFileSync(
+      slicesFile,
+      JSON.stringify({
+        CallGraph: {
+          Edges: [
+            {
+              Id: "e1",
+              FileName: "System.Text.Json.dll",
+              LineNumber: 12,
+              CalledMethodName: "System.Text.Json.JsonSerializer.Deserialize",
+              CallLocation: {
+                FileName: "Program.fs",
+                LineNumber: 8,
+              },
+            },
+            {
+              Id: "e2",
+              FileName: "Controllers/EpisodesController.cs",
+              LineNumber: 17,
+              CalledMethodName: "System.Text.Json.JsonSerializer.Serialize",
+            },
+          ],
+        },
+        PackageReachability: [
+          {
+            Purl: "pkg:nuget/System.Text.Json",
+            EdgeIds: ["e1", "e2"],
+          },
+        ],
+      }),
+    );
+    const pkgList = addEvidenceForDotnet(
+      [
+        {
+          name: "System.Text.Json",
+          purl: "pkg:nuget/System.Text.Json@10.0.0",
+          properties: [],
+        },
+      ],
+      slicesFile,
+    );
+
+    assert.deepStrictEqual(pkgList[0].evidence?.occurrences, [
+      {
+        location: "Controllers/EpisodesController.cs",
+        line: 17,
+      },
+      {
+        location: "Program.fs",
+        line: 8,
+      },
+    ]);
+    assert.ok(!JSON.stringify(pkgList[0].evidence).includes(".dll"));
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true });
+  }
+});
+
+it("addEvidenceForDotnet() preserves additional identity entries", () => {
+  const tempDir = mkdtempSync(
+    path.join(tmpdir(), "cdxgen-dotnet-identity-array-"),
+  );
+  const slicesFile = path.join(tempDir, "dosai.json");
+  try {
+    writeFileSync(
+      slicesFile,
+      JSON.stringify({
+        Dependencies: [
+          {
+            Path: "Program.cs",
+            FileName: "Program.cs",
+            Name: "System.Text.Json",
+            Purl: "pkg:nuget/System.Text.Json",
+            LineNumber: 12,
+          },
+        ],
+      }),
+    );
+    const pkgList = addEvidenceForDotnet(
+      [
+        {
+          name: "System.Text.Json",
+          purl: "pkg:nuget/System.Text.Json@10.0.0",
+          evidence: {
+            identity: [
+              {
+                field: "name",
+                confidence: 0.8,
+                methods: [
+                  { technique: "filename", value: "packages.lock.json" },
+                ],
+              },
+              {
+                field: "purl",
+                confidence: 1,
+                methods: [
+                  {
+                    technique: "manifest-analysis",
+                    value: "packages.lock.json",
+                  },
+                ],
+              },
+            ],
+          },
+          properties: [],
+        },
+      ],
+      slicesFile,
+    );
+
+    assert.strictEqual(pkgList[0].evidence.identity.length, 2);
+    assert.strictEqual(pkgList[0].evidence.identity[0].field, "name");
+    assert.ok(
+      pkgList[0].evidence.identity[1].methods.some(
+        (method) =>
+          method.technique === "source-code-analysis" &&
+          method.value === "Program.cs#12",
+      ),
+    );
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true });
+  }
+});
+
+it("addEvidenceForDotnet() consumes dosai Dependencies with purls", () => {
+  const tempDir = mkdtempSync(path.join(tmpdir(), "cdxgen-dotnet-vb-deps-"));
+  const slicesFile = path.join(tempDir, "dosai.json");
+  try {
+    writeFileSync(
+      slicesFile,
+      JSON.stringify({
+        Dependencies: [
+          {
+            Path: "Program.vb",
+            FileName: "Program.vb",
+            Name: "Newtonsoft.Json",
+            Purl: "pkg:nuget/Newtonsoft.Json@13.0.3",
+            LineNumber: 4,
+            ColumnNumber: 9,
+          },
+        ],
+      }),
+    );
+    const pkgList = addEvidenceForDotnet(
+      [
+        {
+          name: "Newtonsoft.Json",
+          purl: "pkg:nuget/Newtonsoft.Json@13.0.3",
+          properties: [],
+        },
+      ],
+      slicesFile,
+    );
+
+    assert.deepStrictEqual(pkgList[0].evidence?.occurrences, [
+      {
+        location: "Program.vb",
+        line: 4,
+      },
+    ]);
+    assert.ok(
+      pkgList[0].properties.some(
+        (property) =>
+          property.name === "ImportedModules" &&
+          property.value.includes("Newtonsoft.Json"),
+      ),
+    );
+  } finally {
+    rmSync(tempDir, { recursive: true, force: true });
+  }
+});
+
 it("parse packages.lock.json", () => {
   assert.deepStrictEqual(parseCsPkgLockData(null), {
     dependenciesList: [],
@@ -10229,6 +10577,10 @@ it("parseMakeDFile tests", () => {
 });
 
 it("hasAnyProjectType tests", () => {
+  for (const language of ["vb", "vbnet", "visualbasic", "f#", "fs", "fsharp"]) {
+    assert.ok(PROJECT_TYPE_ALIASES.csharp.includes(language));
+  }
+
   assert.deepStrictEqual(
     hasAnyProjectType(["docker"], {
       projectType: [],

package/lib/stages/postgen/annotator.js

@@ -23,6 +23,7 @@ function humanifyTimestamp(timestamp) {
     month: "long",
     day: "numeric",
     weekday: "long",
+    timeZone: "UTC",
   });
 }
 
@@ -123,7 +124,7 @@ function getGitHubWorkflowStats(components) {
         stats.continueOnError++;
       }
       if (propMap["cdx:github:job:runner"]) {
-        propMap["cdx:github:job:runner"]
+        String(propMap["cdx:github:job:runner"])
           .split(",")
           .filter((r) => r.includes("$"))
           .forEach((r) => {

package/lib/stages/postgen/annotator.poku.js

@@ -432,3 +432,31 @@ it("recognizes HBOMs and summarizes hardware-specific metadata", () => {
   );
   assert.match(summary, /Identifier policy is 'redacted-by-default'\./u);
 });
+
+it("handles non-string GitHub runner properties while summarizing metadata", () => {
+  const summary = textualMetadata({
+    bomFormat: "CycloneDX",
+    specVersion: "1.7",
+    metadata: {
+      timestamp: "2026-01-01T00:00:00Z",
+      tools: { components: [{ name: "cdxgen" }] },
+      component: { name: "workflow", type: "application" },
+    },
+    components: [
+      {
+        name: "checkout",
+        purl: "pkg:github/actions/checkout@v4",
+        properties: [
+          { name: "cdx:github:workflow:name", value: "CI" },
+          { name: "cdx:github:job:name", value: "build" },
+          {
+            name: "cdx:github:job:runner",
+            value: { group: "ubuntu-runners", labels: "ubuntu-latest" },
+          },
+        ],
+      },
+    ],
+  });
+
+  assert.match(summary, /GitHub Action references/u);
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "12.4.1",
+  "version": "12.4.3",
   "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
   "keywords": [
     "sbom",
@@ -156,17 +156,17 @@
     "@appthreat/cdx-proto": "2.0.1",
     "@bufbuild/protobuf": "2.12.0",
     "@cdxgen/cdx-hbom": "0.5.0",
-    "@cdxgen/cdxgen-plugins-bin": "2.1.1",
-    "@cdxgen/cdxgen-plugins-bin-darwin-amd64": "2.1.1",
-    "@cdxgen/cdxgen-plugins-bin-darwin-arm64": "2.1.1",
-    "@cdxgen/cdxgen-plugins-bin-linux-amd64": "2.1.1",
-    "@cdxgen/cdxgen-plugins-bin-linux-arm": "2.1.1",
-    "@cdxgen/cdxgen-plugins-bin-linux-arm64": "2.1.1",
-    "@cdxgen/cdxgen-plugins-bin-linux-ppc64": "2.1.1",
-    "@cdxgen/cdxgen-plugins-bin-linuxmusl-amd64": "2.1.1",
-    "@cdxgen/cdxgen-plugins-bin-linuxmusl-arm64": "2.1.1",
-    "@cdxgen/cdxgen-plugins-bin-windows-amd64": "2.1.1",
-    "@cdxgen/cdxgen-plugins-bin-windows-arm64": "2.1.1",
+    "@cdxgen/cdxgen-plugins-bin": "2.1.3",
+    "@cdxgen/cdxgen-plugins-bin-darwin-amd64": "2.1.3",
+    "@cdxgen/cdxgen-plugins-bin-darwin-arm64": "2.1.3",
+    "@cdxgen/cdxgen-plugins-bin-linux-amd64": "2.1.3",
+    "@cdxgen/cdxgen-plugins-bin-linux-arm": "2.1.3",
+    "@cdxgen/cdxgen-plugins-bin-linux-arm64": "2.1.3",
+    "@cdxgen/cdxgen-plugins-bin-linux-ppc64": "2.1.3",
+    "@cdxgen/cdxgen-plugins-bin-linuxmusl-amd64": "2.1.3",
+    "@cdxgen/cdxgen-plugins-bin-linuxmusl-arm64": "2.1.3",
+    "@cdxgen/cdxgen-plugins-bin-windows-amd64": "2.1.3",
+    "@cdxgen/cdxgen-plugins-bin-windows-arm64": "2.1.3",
     "body-parser": "2.2.2",
     "compression": "1.8.1",
     "connect": "3.7.0",

package/types/lib/cli/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AAo8BA;;;;;;;;;GASG;AACH,wCANW,MAAM,cACN,MAAM,OACN,MAAM,UACN,MAAM,GACJ,MAAM,EAAE,CAcpB;AA6bD;;;;;;;GAOG;AACH,mCALW,MAAM,WACN,MAAM,GAEJ,MAAM,CA8ElB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,GAAC,SAAS,CAI5B;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,GAAC,SAAS,CAwB5B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAouC3B;AAsKD,0EA4/BC;AAgFD;;;;;;;;;;;GAWG;AACH,qDAHW,MAAM,GACJ,MAAM,GAAG,IAAI,CAwEzB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAylB3B;AAED;;;;;;GAMG;AACH,kCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAoavC;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAmJrC;AA2FD;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAiE3B;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAmPlB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA+GlB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAyBlB;AAED;;;;;;GAMG;AACH,0CAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAsBlB;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAmE3B;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA2C3B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA0I3B;AAED;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAgKvC;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAoH3B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA6C3B;AAED;;;;;;GAMG;AACH,iDAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAkU3B;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA8JlB;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA0P3B;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAkbrC;AAED;;;;;;;;;GASG;AACH,+CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA+F3B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAyL3B;AAED;;;;;;GAMG;AACH,+CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAoD3B;AA2FD;;;;;;GAMG;AACH,2CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA+D3B;AAED;;;;;;;;;GASG;AACH,mCAPW,MAAM,sCAEN,MAAM,wBAGJ,MAAM,CA4ClB;AAED;;;;;;GAMG;AACH,0CAJW,MAAM,EAAE,WACR,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAy9B3B;AAED;;;;;;GAMG;AACH,iCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAmXrC;AAED;;;;;;GAMG;AACH,kCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAsB3B;AAED;;;;;;GAMG;AACH,gCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA8T3B;AAED;;;;;;;GAOG;AACH,gCALW,MAAM,eACN,MAAM,GACL,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAAC,CA+HjD"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AAk+BA;;;;;;;;;GASG;AACH,wCANW,MAAM,cACN,MAAM,OACN,MAAM,UACN,MAAM,GACJ,MAAM,EAAE,CAcpB;AA8bD;;;;;;;GAOG;AACH,mCALW,MAAM,WACN,MAAM,GAEJ,MAAM,CA8ElB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,GAAC,SAAS,CAI5B;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,GAAC,SAAS,CAwB5B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAouC3B;AAsKD,0EA4/BC;AAgFD;;;;;;;;;;;GAWG;AACH,qDAHW,MAAM,GACJ,MAAM,GAAG,IAAI,CAwEzB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAylB3B;AAED;;;;;;GAMG;AACH,kCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAoavC;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAmJrC;AA2FD;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAiE3B;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAmPlB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA+GlB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAyBlB;AAED;;;;;;GAMG;AACH,0CAJW,MAAM,WACN,MAAM,GACJ,MAAM,CAsBlB;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAmE3B;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA2C3B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA0BlB;AAED;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA0I3B;AAED;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,CAgKvC;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAoH3B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA6C3B;AAED;;;;;;GAMG;AACH,iDAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAkU3B;AAED;;;;;;GAMG;AACH,mCAJW,MAAM,WACN,MAAM,GACJ,MAAM,CA8JlB;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA0P3B;AAED;;;;;;GAMG;AACH,sCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CA8brC;AAED;;;;;;;;;GASG;AACH,+CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA+F3B;AAED;;;;;;GAMG;AACH,oCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAyL3B;AAED;;;;;;GAMG;AACH,+CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAoD3B;AA2FD;;;;;;GAMG;AACH,2CAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAwE3B;AAED;;;;;;;;;GASG;AACH,mCAPW,MAAM,sCAEN,MAAM,wBAGJ,MAAM,CA4ClB;AAED;;;;;;GAMG;AACH,0CAJW,MAAM,EAAE,WACR,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAy9B3B;AAED;;;;;;GAMG;AACH,iCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,GAAC,SAAS,CAAC,CAmXrC;AAED;;;;;;GAMG;AACH,kCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CAsB3B;AAED;;;;;;GAMG;AACH,gCAJW,MAAM,WACN,MAAM,GACJ,OAAO,CAAC,MAAM,CAAC,CA8T3B;AAED;;;;;;;GAOG;AACH,gCALW,MAAM,eACN,MAAM,GACL,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAAC,CA+HjD"}

package/types/lib/evinser/evinser.d.ts

@@ -114,6 +114,21 @@ export function initFromSbom(components: any, language: any): {
  * @param {Object} options Command line options
  */
 export function analyzeProject(dbObjMap: Object, options: Object): Promise<{
+    usagesSlicesFile: any;
+    dataFlowSlicesFile: any;
+    purlLocationMap: {};
+    servicesMap: {};
+    dataFlowFrames: {};
+    tempDir: any;
+    tempDirOwned: any;
+    userDefinedTypesMap: {};
+    cryptoComponents: any[];
+    cryptoGeneratePurls: {};
+    atomFile?: undefined;
+    reachablesSlicesFile?: undefined;
+    semanticsSlicesFile?: undefined;
+    openapiSpecFile?: undefined;
+} | {
     atomFile: any;
     usagesSlicesFile: any;
     dataFlowSlicesFile: any;

package/types/lib/evinser/evinser.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"evinser.d.ts","sourceRoot":"","sources":["../../../lib/evinser/evinser.js"],"names":[],"mappings":"AA+BA;;;;GAIG;AACH,mCAFW,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;eAyDhB;AAED,6GAiDC;AAED,gGAkCC;AAED,wGAqBC;AAED;;;;;;;;;;;;;;;;;;;;;GA2KC;AAED,6EAuBC;AAED;;;EA8BC;AAcD;;;;;GAKG;AACH,yCAHW,MAAM,WACN,MAAM;;;;;;;;;;;;;;;GA6KhB;AAED,wLA8DC;AAED;;;;;;;;;;;GAWG;AACH,2CARW,MAAM,uBACN,MAAM,0BAEN,MAAM,mBACN,MAAM,kBACN,MAAM,iBAqOhB;AAED;;;;;;;GAOG;AACH,yFAHW,MAAM,GACJ,MAAM,CAiGlB;AAyBD,sGAyEC;AAED,wGAmCC;AAED;;;;;;GAMG;AACH,mDAJW,MAAM,8BAEN,MAAM,uBA6DhB;AAED;;;;;;GAMG;AACH,gDAJW,MAAM,wCAEN,MAAM,QAkDhB;AAED,yEAWC;AAED,gEAsFC;AAED;;;;;;GAMG;AACH,iDAJW,MAAM,WACN,MAAM,OA0KhB;AAED;;;;;;;;;;GAUG;AACH,gDAPW,MAAM,uBACN,MAAM,iBACN,MAAM,YACN,MAAM,oBACN,MAAM,kBACN,MAAM,eAoHhB;AAED;;;;;;;GAOG;AACH,kDAHW,MAAM,mBACN,MAAM;;;;;;;;;;;;;EA4FhB;AAED;;;;;GAKG;AACH,kDAaC;AAED;;;;;GAKG;AACH,2CAHW,MAAM,UAKhB;AAED,gGAiDC"}
+{"version":3,"file":"evinser.d.ts","sourceRoot":"","sources":["../../../lib/evinser/evinser.js"],"names":[],"mappings":"AA2CA;;;;GAIG;AACH,mCAFW,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;eAyDhB;AAED,6GAiDC;AAED,gGAkCC;AAED,wGAqBC;AAED;;;;;;;;;;;;;;;;;;;;;GAwMC;AAED,6EA0BC;AAED;;;EA8BC;AAcD;;;;;GAKG;AACH,yCAHW,MAAM,WACN,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoPhB;AAED,wLA8DC;AAED;;;;;;;;;;;GAWG;AACH,2CARW,MAAM,uBACN,MAAM,0BAEN,MAAM,mBACN,MAAM,kBACN,MAAM,iBAqOhB;AAED;;;;;;;GAOG;AACH,yFAHW,MAAM,GACJ,MAAM,CAiGlB;AAyBD,sGAyEC;AAED,wGAmCC;AAED;;;;;;GAMG;AACH,mDAJW,MAAM,8BAEN,MAAM,uBA6DhB;AAED;;;;;;GAMG;AACH,gDAJW,MAAM,wCAEN,MAAM,QAkDhB;AAED,yEAWC;AAED,gEAsFC;AAED;;;;;;GAMG;AACH,iDAJW,MAAM,WACN,MAAM,OA0KhB;AAED;;;;;;;;;;GAUG;AACH,gDAPW,MAAM,uBACN,MAAM,iBACN,MAAM,YACN,MAAM,oBACN,MAAM,kBACN,MAAM,eAoHhB;AAED;;;;;;;GAOG;AACH,kDAHW,MAAM,mBACN,MAAM;;;;;;;;;;;;;EA4FhB;AAED;;;;;GAKG;AACH,kDAaC;AAED;;;;;GAKG;AACH,2CAHW,MAAM,UAKhB;AAED,gGAiDC"}

package/types/lib/helpers/bomUtils.d.ts

@@ -7,9 +7,7 @@ export function getCycloneDxRootFormatKey(specVersionOrBom: any): "specFormat" |
 export function getCycloneDxFormat(bomJson: any): any;
 export function hasCycloneDxFormat(bomJson: any): boolean;
 export function isCycloneDxBom(bomJson: any): boolean;
-export function setCycloneDxFormat(bomJson: any, specVersion: any, { preserveLegacyBomFormat }?: {
-    preserveLegacyBomFormat?: boolean | undefined;
-}): any;
+export function setCycloneDxFormat(bomJson: object, specVersion: string | number, { preserveLegacyBomFormat }?: object): object;
 export function detectBomFormat(bomJson: any): "unknown" | "cyclonedx" | "spdx";
 export function getNonCycloneDxErrorMessage(bomJson: any, commandName?: string): string;
 //# sourceMappingURL=bomUtils.d.ts.map

package/types/lib/helpers/bomUtils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"bomUtils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/bomUtils.js"],"names":[],"mappings":"AAQO,oDAKJ;AAEI,oFAGN;AAEM,mFAGN;AAEM,8FAWN;AAEM,oEACwC;AAExC,6FAQN;AAEM,sDACoC;AAEpC,0DAC2C;AAE3C,sDAE4D;AAE5D;;QA4BN;AAEM,gFAQN;AAEM,wFASN"}
+{"version":3,"file":"bomUtils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/bomUtils.js"],"names":[],"mappings":"AAcO,oDAKJ;AAgBI,oFAMN;AAEM,mFASN;AAEM,8FAUN;AAEM,oEACwC;AAExC,6FAQN;AAEM,sDACoC;AAEpC,0DAC2C;AAE3C,sDAE4D;AAiD5D,4CALI,MAAM,eACN,MAAM,GAAC,MAAM,gCACb,MAAM,GACJ,MAAM,CAkClB;AAEM,gFAQN;AAEM,wFASN"}

package/types/lib/helpers/cbomutils.d.ts

@@ -6,6 +6,7 @@
  */
 export function collectOSCryptoLibs(options: Object): any[];
 export function collectSourceCryptoComponents(src: any, options?: {}): Promise<any[]>;
+export function collectDosaiCryptoComponents(src: any, options?: {}): Promise<any[]>;
 /**
  * Find crypto algorithm in the given code snippet
  *

package/types/lib/helpers/cbomutils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"cbomutils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/cbomutils.js"],"names":[],"mappings":"AAkBA;;;;;GAKG;AACH,6CAHW,MAAM,SA2BhB;AAiOD,sFA4CC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,SAgBhB"}
+{"version":3,"file":"cbomutils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/cbomutils.js"],"names":[],"mappings":"AAmBA;;;;;GAKG;AACH,6CAHW,MAAM,SA2BhB;AA2TD,sFA4CC;AAED,qFAmEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,SAgBhB"}

package/types/lib/helpers/ciParsers/githubActions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"githubActions.d.ts","sourceRoot":"","sources":["../../../../lib/helpers/ciParsers/githubActions.js"],"names":[],"mappings":"AA2xDA;;;;;;GAMG;AAEH,qCALW,MAAM,WACN,MAAM,GACJ;IAAE,SAAS,EAAE,MAAM,EAAE,CAAC;IAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAAC,YAAY,EAAE,MAAM,EAAE,CAAA;CAAE,CAijBjF;;;;IAeC;;;;OAIG;IACH,sBAJW,MAAM,EAAE,WACR,MAAM,GACJ;QAAE,SAAS,EAAE,MAAM,EAAE,CAAC;QAAC,UAAU,EAAE,MAAM,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;QAAC,UAAU,EAAE,MAAM,EAAE,CAAC;QAAC,YAAY,EAAE,MAAM,EAAE,CAAA;KAAE,CAqB3H"}
+{"version":3,"file":"githubActions.d.ts","sourceRoot":"","sources":["../../../../lib/helpers/ciParsers/githubActions.js"],"names":[],"mappings":"AAuyDA;;;;;;GAMG;AAEH,qCALW,MAAM,WACN,MAAM,GACJ;IAAE,SAAS,EAAE,MAAM,EAAE,CAAC;IAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAAC,YAAY,EAAE,MAAM,EAAE,CAAA;CAAE,CAijBjF;;;;IAeC;;;;OAIG;IACH,sBAJW,MAAM,EAAE,WACR,MAAM,GACJ;QAAE,SAAS,EAAE,MAAM,EAAE,CAAC;QAAC,UAAU,EAAE,MAAM,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;QAAC,UAAU,EAAE,MAAM,EAAE,CAAC;QAAC,YAAY,EAAE,MAAM,EAAE,CAAA;KAAE,CAqB3H"}

package/types/lib/helpers/display.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"display.d.ts","sourceRoot":"","sources":["../../../lib/helpers/display.js"],"names":[],"mappings":"AAmZA;;;;;;;;;EAoBC;AAED,wGA4BC;AA6BD;;;;;;;;;;GAUG;AACH,oCANW,MAAM,gBACN,MAAM,EAAE,cACR,MAAM,gBACN,MAAM,GACJ,IAAI,CA+EhB;AAQD;;;;;GAKG;AACH,sCAHW,MAAM,GACJ,IAAI,CAsBhB;AACD;;;;;;GAMG;AACH,uCAHW,MAAM,GACJ,IAAI,CAwBhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,GACJ,IAAI,CAuBhB;AA0BD;;;;;;GAMG;AACH,0CAHW,MAAM,GACJ,IAAI,CAwChB;AAED;;;;;;GAMG;AACH,wCAHW,MAAM,GACJ,IAAI,CA4ChB;AACD;;;;;;;;GAQG;AACH,6CALW,MAAM,SACN,MAAM,cACN,MAAM,GACJ,IAAI,CAoChB;AAoMD;;;;;;GAMG;AACH,gDAHW,MAAM,GACJ,IAAI,CAoChB;AAED;;;;;GAKG;AACH,sDAHW,MAAM,EAAE,GACN,IAAI,CA4BhB;AAED;;;;;;;GAOG;AACH,4CAHW,MAAM,GACJ,IAAI,CAsBhB;AAED;;;;;;GAMG;AACH,sCAHW,MAAM,GACJ,IAAI,CAkDhB;AAED,mEAiHC;AAgED;;;;;GAKG;AACH,iEAHW,eAAe,EAAE,GACf,IAAI,CA+BhB;AAED;;;;;;;;GAQG;AACH,iDALW,MAAM,UACN,MAAM,WACN,MAAM,oBACN,eAAe,EAAE,QAsU3B;AApnDM,gDANI,MAAM,eACN,MAAM,EAAE,GAAC,SAAS,eAClB,MAAM,GAAC,SAAS,6BAChB,MAAM,GACJ,MAAM,EAAE,CA2FpB;AAwNM,6DAHI,MAAM,EAAE,GACN,MAAM,EAAE,CAcpB;AAukBM,uDAJI,MAAM,EAAE,SACR,MAAM,GACJ,MAAM,EAAE,CAyCpB;8BA0RY;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAC"}
+{"version":3,"file":"display.d.ts","sourceRoot":"","sources":["../../../lib/helpers/display.js"],"names":[],"mappings":"AAoZA;;;;;;;;;EAoBC;AAED,wGA4BC;AA6BD;;;;;;;;;;GAUG;AACH,oCANW,MAAM,gBACN,MAAM,EAAE,cACR,MAAM,gBACN,MAAM,GACJ,IAAI,CA+EhB;AAQD;;;;;GAKG;AACH,sCAHW,MAAM,GACJ,IAAI,CAsBhB;AACD;;;;;;GAMG;AACH,uCAHW,MAAM,GACJ,IAAI,CAwBhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,GACJ,IAAI,CAuBhB;AA0BD;;;;;;GAMG;AACH,0CAHW,MAAM,GACJ,IAAI,CAwChB;AAED;;;;;;GAMG;AACH,wCAHW,MAAM,GACJ,IAAI,CA4ChB;AACD;;;;;;;;GAQG;AACH,6CALW,MAAM,SACN,MAAM,cACN,MAAM,GACJ,IAAI,CAoChB;AAoMD;;;;;;GAMG;AACH,gDAHW,MAAM,GACJ,IAAI,CAoChB;AAED;;;;;GAKG;AACH,sDAHW,MAAM,EAAE,GACN,IAAI,CA4BhB;AAED;;;;;;;GAOG;AACH,4CAHW,MAAM,GACJ,IAAI,CAsBhB;AAED;;;;;;GAMG;AACH,sCAHW,MAAM,GACJ,IAAI,CAkDhB;AAED,mEAsHC;AAgED;;;;;GAKG;AACH,iEAHW,eAAe,EAAE,GACf,IAAI,CA+BhB;AAED;;;;;;;;GAQG;AACH,iDALW,MAAM,UACN,MAAM,WACN,MAAM,oBACN,eAAe,EAAE,QAsU3B;AAznDM,gDANI,MAAM,eACN,MAAM,EAAE,GAAC,SAAS,eAClB,MAAM,GAAC,SAAS,6BAChB,MAAM,GACJ,MAAM,EAAE,CA2FpB;AAwNM,6DAHI,MAAM,EAAE,GACN,MAAM,EAAE,CAcpB;AAukBM,uDAJI,MAAM,EAAE,SACR,MAAM,GACJ,MAAM,EAAE,CAyCpB;8BA+RY;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAC"}

package/types/lib/helpers/dosai.d.ts

@@ -0,0 +1,24 @@
+export function isDosaiDotnetLanguage(language: any): boolean;
+export function readDosaiJsonFile(jsonFile: any): any;
+export function runDosaiCommand(command: any, src: any, outputFile: any, options?: {}): boolean;
+export function createDosaiMethodsSlice(src: any, outputFile: any, options?: {}): boolean;
+export function createDosaiDataFlowSlice(src: any, outputFile: any, options?: {}): boolean;
+export function createDosaiCryptoAnalysis(src: any, outputFile: any, options?: {}): boolean;
+export function analyzeDosaiCrypto(src: any, options?: {}): any;
+export function buildPurlAliasMap(components?: any[]): Map<any, any>;
+export function resolveComponentPurl(purl: any, purlAliasMap: any): any;
+export function collectDosaiPurlEvidence(methodsSlice: any, components?: any[]): {
+    purlLocationMap: {};
+    purlModulesMap: {};
+    purlMethodsMap: {};
+};
+export function collectDosaiDataFlowFrames(dataFlowResult: any, components?: any[]): {};
+export function collectDosaiServicesFromMethods(methodsSlice: any, servicesMap?: {}): {};
+export function normalizeDosaiServiceMap(servicesMap?: {}): {
+    name: string;
+    endpoints: any[];
+    authenticated: any;
+    "x-trust-boundary": any;
+    properties: any;
+}[];
+//# sourceMappingURL=dosai.d.ts.map

package/types/lib/helpers/dosai.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dosai.d.ts","sourceRoot":"","sources":["../../../lib/helpers/dosai.js"],"names":[],"mappings":"AAyIA,8DAEC;AAED,sDASC;AAED,gGAuDC;AAED,0FAEC;AAED,2FAEC;AAED,4FAEC;AAED,gEAaC;AAED,qEAEC;AAED,wEAEC;AAED;;;;EAiEC;AAED,wFAoCC;AAED,yFAyEC;AAED;;;;;;IAQC"}

package/types/lib/helpers/dosaiParsers.d.ts

@@ -0,0 +1,8 @@
+export function normalizeDosaiPurlKey(purl: any): string | undefined;
+export function addDosaiSetValue(map: any, key: any, value: any): void;
+export function dosaiLocation(item: any): any;
+export function dosaiSourceLocationFromNode(node: any): any;
+export function dosaiSourceLocation(location: any): any;
+export function buildDosaiPurlAliasMap(components?: any[]): Map<any, any>;
+export function resolveDosaiComponentPurl(purl: any, purlAliasMap: any): any;
+//# sourceMappingURL=dosaiParsers.d.ts.map

package/types/lib/helpers/dosaiParsers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"dosaiParsers.d.ts","sourceRoot":"","sources":["../../../lib/helpers/dosaiParsers.js"],"names":[],"mappings":"AAEA,qEAcC;AAED,uEAMC;AAED,8CAYC;AAcD,4DAWC;AAED,wDAWC;AAED,0EAaC;AAED,6EASC"}