@cyclonedx/cdxgen 8.3.2 → 8.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/index.js +3 -3
- package/package.json +1 -1
- package/utils.js +11 -3
package/README.md
CHANGED
|
@@ -298,6 +298,7 @@ cdxgen shiftleft/scan-slim -o /tmp/bom.json -t docker
|
|
|
298
298
|
You can also pass the .tar file of a container image.
|
|
299
299
|
|
|
300
300
|
```shell
|
|
301
|
+
docker pull shiftleft/scan-slim
|
|
301
302
|
docker save -o /tmp/slim.tar shiftleft/scan-slim
|
|
302
303
|
podman save -q --format oci-archive -o /tmp/slim.tar shiftleft/scan-slim
|
|
303
304
|
cdxgen /tmp/slim.tar -o /tmp/bom.json -t docker
|
package/index.js
CHANGED
|
@@ -536,11 +536,11 @@ function addComponent(
|
|
|
536
536
|
pkg.purl ||
|
|
537
537
|
new PackageURL(
|
|
538
538
|
ptype,
|
|
539
|
-
|
|
540
|
-
|
|
539
|
+
utils.encodeForPurl(group),
|
|
540
|
+
utils.encodeForPurl(name),
|
|
541
541
|
version,
|
|
542
542
|
pkg.qualifiers,
|
|
543
|
-
pkg.subpath
|
|
543
|
+
utils.encodeForPurl(pkg.subpath)
|
|
544
544
|
);
|
|
545
545
|
let purlString = purl.toString();
|
|
546
546
|
purlString = decodeURIComponent(purlString);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "8.3.
|
|
3
|
+
"version": "8.3.3",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|
package/utils.js
CHANGED
|
@@ -4188,6 +4188,13 @@ const parseJarManifest = function (jarMetadata) {
|
|
|
4188
4188
|
};
|
|
4189
4189
|
exports.parseJarManifest = parseJarManifest;
|
|
4190
4190
|
|
|
4191
|
+
const encodeForPurl = (s) => {
|
|
4192
|
+
return s
|
|
4193
|
+
? encodeURIComponent(s).replace(/%3A/g, ":").replace(/%2F/g, "/")
|
|
4194
|
+
: s;
|
|
4195
|
+
};
|
|
4196
|
+
exports.encodeForPurl = encodeForPurl;
|
|
4197
|
+
|
|
4191
4198
|
/**
|
|
4192
4199
|
* Method to extract a war or ear file
|
|
4193
4200
|
*
|
|
@@ -4272,7 +4279,8 @@ const extractJarArchive = function (jarFile, tempDir) {
|
|
|
4272
4279
|
jarMetadata["Implementation-Vendor-Id"] ||
|
|
4273
4280
|
jarMetadata["Bundle-SymbolicName"] ||
|
|
4274
4281
|
jarMetadata["Bundle-Vendor"] ||
|
|
4275
|
-
jarMetadata["Automatic-Module-Name"]
|
|
4282
|
+
jarMetadata["Automatic-Module-Name"] ||
|
|
4283
|
+
"";
|
|
4276
4284
|
let name = "";
|
|
4277
4285
|
if (
|
|
4278
4286
|
jarMetadata["Bundle-Name"] &&
|
|
@@ -4338,8 +4346,8 @@ const extractJarArchive = function (jarFile, tempDir) {
|
|
|
4338
4346
|
}
|
|
4339
4347
|
if (name && version) {
|
|
4340
4348
|
pkgList.push({
|
|
4341
|
-
group: group === "." ? "" :
|
|
4342
|
-
name: name ?
|
|
4349
|
+
group: group === "." ? "" : encodeForPurl(group || "") || "",
|
|
4350
|
+
name: name ? encodeForPurl(name) : "",
|
|
4343
4351
|
version,
|
|
4344
4352
|
properties: [
|
|
4345
4353
|
{
|