@cyclonedx/cdxgen 8.3.3 → 8.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +27 -26
- package/bin/cdxgen +0 -1
- package/docker.js +16 -8
- package/index.js +17 -8
- package/package.json +1 -1
- package/utils.js +53 -58
- package/utils.test.js +44 -30
package/README.md
CHANGED
|
@@ -246,32 +246,33 @@ cdxgen can retain the dependency tree under the `dependencies` attribute for a s
|
|
|
246
246
|
|
|
247
247
|
## Environment variables
|
|
248
248
|
|
|
249
|
-
| Variable
|
|
250
|
-
|
|
|
251
|
-
| SCAN_DEBUG_MODE
|
|
252
|
-
| GITHUB_TOKEN
|
|
253
|
-
| MVN_CMD
|
|
254
|
-
| MVN_ARGS
|
|
255
|
-
| MAVEN_HOME
|
|
256
|
-
| GRADLE_CACHE_DIR
|
|
257
|
-
| GRADLE_MULTI_PROJECT_MODE
|
|
258
|
-
| GRADLE_ARGS
|
|
259
|
-
| GRADLE_HOME
|
|
260
|
-
| GRADLE_CMD
|
|
261
|
-
| GRADLE_DEPENDENCY_TASK
|
|
262
|
-
| SBT_CACHE_DIR
|
|
263
|
-
| FETCH_LICENSE
|
|
264
|
-
| USE_GOSUM
|
|
265
|
-
| CDXGEN_TIMEOUT_MS
|
|
266
|
-
| CDXGEN_SERVER_TIMEOUT_MS
|
|
267
|
-
| BAZEL_TARGET
|
|
268
|
-
| CLJ_CMD
|
|
269
|
-
| LEIN_CMD
|
|
270
|
-
| SBOM_SIGN_ALGORITHM
|
|
271
|
-
| SBOM_SIGN_PRIVATE_KEY
|
|
272
|
-
| SBOM_SIGN_PUBLIC_KEY
|
|
273
|
-
| CDX_MAVEN_PLUGIN
|
|
274
|
-
| CDX_MAVEN_GOAL
|
|
249
|
+
| Variable | Description |
|
|
250
|
+
| ---------------------------- | -------------------------------------------------------------------------------------------------------------------|
|
|
251
|
+
| SCAN_DEBUG_MODE | Set to debug to enable debug messages |
|
|
252
|
+
| GITHUB_TOKEN | Specify GitHub token to prevent traffic shaping while querying license and repo information |
|
|
253
|
+
| MVN_CMD | Set to override maven command |
|
|
254
|
+
| MVN_ARGS | Set to pass additional arguments such as profile or settings to maven |
|
|
255
|
+
| MAVEN_HOME | Specify maven home |
|
|
256
|
+
| GRADLE_CACHE_DIR | Specify gradle cache directory. Useful for class name resolving |
|
|
257
|
+
| GRADLE_MULTI_PROJECT_MODE | Set this variable for gradle multi-project applications. Do not use this with recurse mode. |
|
|
258
|
+
| GRADLE_ARGS | Set to pass additional arguments such as profile or settings to gradle. Eg: --configuration runtimeClassPath |
|
|
259
|
+
| GRADLE_HOME | Specify gradle home |
|
|
260
|
+
| GRADLE_CMD | Set to override gradle command |
|
|
261
|
+
| GRADLE_DEPENDENCY_TASK | By default cdxgen use the task "dependencies" to collect packages. Set to override the task name. |
|
|
262
|
+
| SBT_CACHE_DIR | Specify sbt cache directory. Useful for class name resolving |
|
|
263
|
+
| FETCH_LICENSE | Set this variable to fetch license information from the registry. npm and golang only |
|
|
264
|
+
| USE_GOSUM | Set to true to generate BOMs for golang projects using go.sum as the dependency source of truth, instead of go.mod |
|
|
265
|
+
| CDXGEN_TIMEOUT_MS | Default timeout for known execution involving maven, gradle or sbt |
|
|
266
|
+
| CDXGEN_SERVER_TIMEOUT_MS | Default timeout in server mode |
|
|
267
|
+
| BAZEL_TARGET | Bazel target to build. Default :all (Eg: //java-maven) |
|
|
268
|
+
| CLJ_CMD | Set to override the clojure cli command |
|
|
269
|
+
| LEIN_CMD | Set to override the leiningen command |
|
|
270
|
+
| SBOM_SIGN_ALGORITHM | Signature algorithm. Some valid values are RS256, RS384, RS512, PS256, PS384, PS512, ES256 etc |
|
|
271
|
+
| SBOM_SIGN_PRIVATE_KEY | Private key to use for signing |
|
|
272
|
+
| SBOM_SIGN_PUBLIC_KEY | Optional. Public key to include in the SBoM signature |
|
|
273
|
+
| CDX_MAVEN_PLUGIN | CycloneDX Maven plugin to use. Default "org.cyclonedx:cyclonedx-maven-plugin:2.7.8" |
|
|
274
|
+
| CDX_MAVEN_GOAL | CycloneDX Maven plugin goal to use. Default makeAggregateBom. Other options: makeBom, makePackageBom |
|
|
275
|
+
| CDX_MAVEN_INCLUDE_TEST_SCOPE | Whether test scoped dependencies should be included from Maven projects, Default: true |
|
|
275
276
|
|
|
276
277
|
## Plugins
|
|
277
278
|
|
package/bin/cdxgen
CHANGED
package/docker.js
CHANGED
|
@@ -423,9 +423,15 @@ const extractTar = async (fullImageName, dir) => {
|
|
|
423
423
|
C: dir,
|
|
424
424
|
portable: true,
|
|
425
425
|
onwarn: () => {},
|
|
426
|
-
filter: (path) => {
|
|
426
|
+
filter: (path, entry) => {
|
|
427
427
|
// Some files are known to cause issues with extract
|
|
428
|
-
if (
|
|
428
|
+
if (
|
|
429
|
+
path.includes("cacerts") ||
|
|
430
|
+
path.includes("ssl/certs") ||
|
|
431
|
+
path.includes("etc/") ||
|
|
432
|
+
path.includes("logs/") ||
|
|
433
|
+
["CharacterDevice"].includes(entry.type)
|
|
434
|
+
) {
|
|
429
435
|
return false;
|
|
430
436
|
}
|
|
431
437
|
return true;
|
|
@@ -434,12 +440,14 @@ const extractTar = async (fullImageName, dir) => {
|
|
|
434
440
|
);
|
|
435
441
|
return true;
|
|
436
442
|
} catch (err) {
|
|
437
|
-
|
|
438
|
-
|
|
439
|
-
|
|
440
|
-
|
|
441
|
-
|
|
442
|
-
|
|
443
|
+
if (err.code !== "TAR_BAD_ARCHIVE") {
|
|
444
|
+
console.log(
|
|
445
|
+
`Error while extracting image ${fullImageName} to ${dir}. Please file this bug to the cdxgen repo. https://github.com/CycloneDX/cdxgen/issues`
|
|
446
|
+
);
|
|
447
|
+
console.log("------------");
|
|
448
|
+
console.log(err);
|
|
449
|
+
console.log("------------");
|
|
450
|
+
}
|
|
443
451
|
return false;
|
|
444
452
|
}
|
|
445
453
|
};
|
package/index.js
CHANGED
|
@@ -988,13 +988,12 @@ const createJavaBom = async (path, options) => {
|
|
|
988
988
|
if (pomFiles && pomFiles.length) {
|
|
989
989
|
const cdxMavenPlugin =
|
|
990
990
|
process.env.CDX_MAVEN_PLUGIN ||
|
|
991
|
-
"org.cyclonedx:cyclonedx-maven-plugin:2.7.
|
|
991
|
+
"org.cyclonedx:cyclonedx-maven-plugin:2.7.8";
|
|
992
992
|
const cdxMavenGoal = process.env.CDX_MAVEN_GOAL || "makeAggregateBom";
|
|
993
|
-
let mvnArgs = [
|
|
994
|
-
|
|
995
|
-
"-
|
|
996
|
-
|
|
997
|
-
];
|
|
993
|
+
let mvnArgs = [`${cdxMavenPlugin}:${cdxMavenGoal}`, "-DoutputName=bom"];
|
|
994
|
+
if (utils.includeMavenTestScope) {
|
|
995
|
+
mvnArgs.push("-DincludeTestScope=true");
|
|
996
|
+
}
|
|
998
997
|
// By using quiet mode we can reduce the maxBuffer used and avoid crashes
|
|
999
998
|
if (!DEBUG_MODE) {
|
|
1000
999
|
mvnArgs.push("-q");
|
|
@@ -1006,6 +1005,12 @@ const createJavaBom = async (path, options) => {
|
|
|
1006
1005
|
}
|
|
1007
1006
|
for (let f of pomFiles) {
|
|
1008
1007
|
const basePath = pathLib.dirname(f);
|
|
1008
|
+
const settingsXml = pathLib.join(basePath, "settings.xml");
|
|
1009
|
+
if (fs.existsSync(settingsXml)) {
|
|
1010
|
+
console.log(
|
|
1011
|
+
`maven settings.xml found in ${basePath}. Please set the MVN_ARGS environment variable based on the full mvn build command used for this project.\nExample: MVN_ARGS='--settings ${settingsXml}'`
|
|
1012
|
+
);
|
|
1013
|
+
}
|
|
1009
1014
|
let mavenCmd = utils.getMavenCommand(basePath, path);
|
|
1010
1015
|
// Should we attempt to resolve class names
|
|
1011
1016
|
if (options.resolveClass) {
|
|
@@ -2221,7 +2226,7 @@ const createGoBom = async (path, options) => {
|
|
|
2221
2226
|
"list",
|
|
2222
2227
|
"-deps",
|
|
2223
2228
|
"-f",
|
|
2224
|
-
"'{{with .Module}}{{.Path}} {{.Version}}{{end}}'",
|
|
2229
|
+
"'{{with .Module}}{{.Path}} {{.Version}} {{.Indirect}} {{.GoMod}} {{.GoVersion}}{{end}}'",
|
|
2225
2230
|
"./..."
|
|
2226
2231
|
],
|
|
2227
2232
|
{ cwd: basePath, encoding: "utf-8", timeout: TIMEOUT_MS }
|
|
@@ -2256,7 +2261,11 @@ const createGoBom = async (path, options) => {
|
|
|
2256
2261
|
if (circuitBreak) {
|
|
2257
2262
|
break;
|
|
2258
2263
|
}
|
|
2259
|
-
let pkgFullName = `${apkg.
|
|
2264
|
+
let pkgFullName = `${apkg.name}`;
|
|
2265
|
+
if (apkg.scope === "required") {
|
|
2266
|
+
allImports[pkgFullName] = true;
|
|
2267
|
+
continue;
|
|
2268
|
+
}
|
|
2260
2269
|
if (DEBUG_MODE) {
|
|
2261
2270
|
console.log(`go mod why -m -vendor ${pkgFullName}`);
|
|
2262
2271
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "8.
|
|
3
|
+
"version": "8.4.1",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|
package/utils.js
CHANGED
|
@@ -26,6 +26,12 @@ const DEBUG_MODE =
|
|
|
26
26
|
// Metadata cache
|
|
27
27
|
let metadata_cache = {};
|
|
28
28
|
|
|
29
|
+
// Whether test scope shall be included for java/maven projects; default, if unset shall be 'true'
|
|
30
|
+
const includeMavenTestScope =
|
|
31
|
+
!process.env.CDX_MAVEN_INCLUDE_TEST_SCOPE ||
|
|
32
|
+
["true", "1"].includes(process.env.CDX_MAVEN_INCLUDE_TEST_SCOPE);
|
|
33
|
+
exports.includeMavenTestScope = includeMavenTestScope;
|
|
34
|
+
|
|
29
35
|
const MAX_LICENSE_ID_LENGTH = 100;
|
|
30
36
|
|
|
31
37
|
/**
|
|
@@ -1035,18 +1041,19 @@ const parsePom = function (pomFile) {
|
|
|
1035
1041
|
let versionStr = undefined;
|
|
1036
1042
|
if (version && version._ && version._.indexOf("$") == -1) {
|
|
1037
1043
|
versionStr = version._;
|
|
1038
|
-
|
|
1039
|
-
|
|
1040
|
-
|
|
1041
|
-
|
|
1042
|
-
|
|
1043
|
-
|
|
1044
|
-
|
|
1045
|
-
|
|
1046
|
-
|
|
1047
|
-
|
|
1048
|
-
|
|
1049
|
-
|
|
1044
|
+
if (includeMavenTestScope || !adep.scope || adep.scope !== "test")
|
|
1045
|
+
deps.push({
|
|
1046
|
+
group: adep.groupId ? adep.groupId._ : "",
|
|
1047
|
+
name: adep.artifactId ? adep.artifactId._ : "",
|
|
1048
|
+
version: versionStr,
|
|
1049
|
+
qualifiers: { type: "jar" },
|
|
1050
|
+
properties: [
|
|
1051
|
+
{
|
|
1052
|
+
name: "SrcFile",
|
|
1053
|
+
value: pomFile
|
|
1054
|
+
}
|
|
1055
|
+
]
|
|
1056
|
+
});
|
|
1050
1057
|
}
|
|
1051
1058
|
}
|
|
1052
1059
|
}
|
|
@@ -1071,7 +1078,7 @@ const parseMavenTree = function (rawOutput) {
|
|
|
1071
1078
|
let last_purl = "";
|
|
1072
1079
|
let stack = [];
|
|
1073
1080
|
tmpA.forEach((l) => {
|
|
1074
|
-
if (l.endsWith(":test")) {
|
|
1081
|
+
if (!includeMavenTestScope && l.endsWith(":test")) {
|
|
1075
1082
|
return;
|
|
1076
1083
|
}
|
|
1077
1084
|
let level = 0;
|
|
@@ -2104,34 +2111,24 @@ const parseGoModData = async function (goModData, gosumMap) {
|
|
|
2104
2111
|
|
|
2105
2112
|
if (!isModReplacement) {
|
|
2106
2113
|
// Add group, name and version component properties for required modules
|
|
2107
|
-
let group = path.dirname(tmpA[0]);
|
|
2108
|
-
const name = path.basename(tmpA[0]);
|
|
2109
|
-
if (group === ".") {
|
|
2110
|
-
group = name;
|
|
2111
|
-
}
|
|
2112
2114
|
const version = tmpA[1];
|
|
2113
|
-
let gosumHash = gosumMap[`${
|
|
2115
|
+
let gosumHash = gosumMap[`${tmpA[0]}/${version}`];
|
|
2114
2116
|
// The hash for this version was not found in go.sum, so skip as it is most likely being replaced.
|
|
2115
2117
|
if (gosumHash === undefined) {
|
|
2116
2118
|
continue;
|
|
2117
2119
|
}
|
|
2118
|
-
let component = await getGoPkgComponent(
|
|
2120
|
+
let component = await getGoPkgComponent("", tmpA[0], version, gosumHash);
|
|
2119
2121
|
pkgComponentsList.push(component);
|
|
2120
2122
|
} else {
|
|
2121
2123
|
// Add group, name and version component properties for replacement modules
|
|
2122
|
-
let group = path.dirname(tmpA[2]);
|
|
2123
|
-
const name = path.basename(tmpA[2]);
|
|
2124
|
-
if (group === ".") {
|
|
2125
|
-
group = name;
|
|
2126
|
-
}
|
|
2127
2124
|
const version = tmpA[3];
|
|
2128
2125
|
|
|
2129
|
-
let gosumHash = gosumMap[`${
|
|
2126
|
+
let gosumHash = gosumMap[`${tmpA[2]}/${version}`];
|
|
2130
2127
|
// The hash for this version was not found in go.sum, so skip.
|
|
2131
2128
|
if (gosumHash === undefined) {
|
|
2132
2129
|
continue;
|
|
2133
2130
|
}
|
|
2134
|
-
let component = await getGoPkgComponent(
|
|
2131
|
+
let component = await getGoPkgComponent("", tmpA[2], version, gosumHash);
|
|
2135
2132
|
pkgComponentsList.push(component);
|
|
2136
2133
|
}
|
|
2137
2134
|
}
|
|
@@ -2154,24 +2151,35 @@ const parseGoListDep = async function (rawOutput, gosumMap) {
|
|
|
2154
2151
|
const pkgs = rawOutput.split("\n");
|
|
2155
2152
|
for (let l of pkgs) {
|
|
2156
2153
|
const verArr = l.trim().replace(new RegExp("[\"']", "g"), "").split(" ");
|
|
2157
|
-
|
|
2154
|
+
|
|
2155
|
+
if (verArr && verArr.length === 5) {
|
|
2158
2156
|
const key = verArr[0] + "-" + verArr[1];
|
|
2159
2157
|
// Filter duplicates
|
|
2160
2158
|
if (!keys_cache[key]) {
|
|
2161
2159
|
keys_cache[key] = key;
|
|
2162
|
-
let group = path.dirname(verArr[0]);
|
|
2163
|
-
const name = path.basename(verArr[0]);
|
|
2164
2160
|
const version = verArr[1];
|
|
2165
|
-
|
|
2166
|
-
group = name;
|
|
2167
|
-
}
|
|
2168
|
-
let gosumHash = gosumMap[`${group}/${name}/${version}`];
|
|
2161
|
+
let gosumHash = gosumMap[`${verArr[0]}/${version}`];
|
|
2169
2162
|
let component = await getGoPkgComponent(
|
|
2170
|
-
|
|
2171
|
-
|
|
2163
|
+
"",
|
|
2164
|
+
verArr[0],
|
|
2172
2165
|
version,
|
|
2173
2166
|
gosumHash
|
|
2174
2167
|
);
|
|
2168
|
+
if (verArr[2] === "false") {
|
|
2169
|
+
component.scope = "required";
|
|
2170
|
+
} else if (verArr[2] === "true") {
|
|
2171
|
+
component.scope = "optional";
|
|
2172
|
+
}
|
|
2173
|
+
component.properties = [
|
|
2174
|
+
{
|
|
2175
|
+
name: "SrcGoMod",
|
|
2176
|
+
value: verArr[3] || ""
|
|
2177
|
+
},
|
|
2178
|
+
{
|
|
2179
|
+
name: "ModuleGoVersion",
|
|
2180
|
+
value: verArr[4] || ""
|
|
2181
|
+
}
|
|
2182
|
+
];
|
|
2175
2183
|
deps.push(component);
|
|
2176
2184
|
}
|
|
2177
2185
|
}
|
|
@@ -2212,27 +2220,23 @@ const parseGosumData = async function (gosumData) {
|
|
|
2212
2220
|
// look for lines containing go.mod
|
|
2213
2221
|
if (l.indexOf("go.mod") > -1) {
|
|
2214
2222
|
const tmpA = l.split(" ");
|
|
2215
|
-
|
|
2216
|
-
const name = path.basename(tmpA[0]);
|
|
2217
|
-
if (group === ".") {
|
|
2218
|
-
group = name;
|
|
2219
|
-
}
|
|
2223
|
+
const name = tmpA[0];
|
|
2220
2224
|
const version = tmpA[1].replace("/go.mod", "");
|
|
2221
2225
|
const hash = tmpA[tmpA.length - 1].replace("h1:", "sha256-");
|
|
2222
2226
|
let license = undefined;
|
|
2223
2227
|
if (process.env.FETCH_LICENSE) {
|
|
2224
2228
|
if (DEBUG_MODE) {
|
|
2225
2229
|
console.log(
|
|
2226
|
-
`About to fetch go package license information for ${
|
|
2230
|
+
`About to fetch go package license information for ${name}`
|
|
2227
2231
|
);
|
|
2228
2232
|
}
|
|
2229
2233
|
license = await getGoPkgLicense({
|
|
2230
|
-
group:
|
|
2234
|
+
group: "",
|
|
2231
2235
|
name: name
|
|
2232
2236
|
});
|
|
2233
2237
|
}
|
|
2234
2238
|
pkgList.push({
|
|
2235
|
-
group:
|
|
2239
|
+
group: "",
|
|
2236
2240
|
name: name,
|
|
2237
2241
|
version: version,
|
|
2238
2242
|
_integrity: hash,
|
|
@@ -2271,11 +2275,8 @@ const parseGopkgData = async function (gopkgData) {
|
|
|
2271
2275
|
pkg._integrity = "sha256-" + toBase64(digestStr);
|
|
2272
2276
|
break;
|
|
2273
2277
|
case "name":
|
|
2274
|
-
pkg.group =
|
|
2275
|
-
pkg.name =
|
|
2276
|
-
if (pkg.group === ".") {
|
|
2277
|
-
pkg.group = pkg.name;
|
|
2278
|
-
}
|
|
2278
|
+
pkg.group = "";
|
|
2279
|
+
pkg.name = value;
|
|
2279
2280
|
if (process.env.FETCH_LICENSE) {
|
|
2280
2281
|
pkg.license = await getGoPkgLicense({
|
|
2281
2282
|
group: pkg.group,
|
|
@@ -2312,16 +2313,12 @@ const parseGoVersionData = async function (buildInfoData) {
|
|
|
2312
2313
|
if (!tmpA || tmpA.length < 3) {
|
|
2313
2314
|
continue;
|
|
2314
2315
|
}
|
|
2315
|
-
|
|
2316
|
-
const name = path.basename(tmpA[1].trim());
|
|
2317
|
-
if (group === ".") {
|
|
2318
|
-
group = name;
|
|
2319
|
-
}
|
|
2316
|
+
const name = tmpA[1].trim();
|
|
2320
2317
|
let hash = "";
|
|
2321
2318
|
if (tmpA.length == 4) {
|
|
2322
2319
|
hash = tmpA[tmpA.length - 1].replace("h1:", "sha256-");
|
|
2323
2320
|
}
|
|
2324
|
-
let component = await getGoPkgComponent(
|
|
2321
|
+
let component = await getGoPkgComponent("", name, tmpA[2].trim(), hash);
|
|
2325
2322
|
pkgList.push(component);
|
|
2326
2323
|
}
|
|
2327
2324
|
return pkgList;
|
|
@@ -2917,9 +2914,7 @@ const parseContainerSpecData = async function (dcData) {
|
|
|
2917
2914
|
try {
|
|
2918
2915
|
yamlObj = yaml.load(dcData);
|
|
2919
2916
|
} catch (err) {
|
|
2920
|
-
|
|
2921
|
-
console.log(err);
|
|
2922
|
-
}
|
|
2917
|
+
// ignore errors
|
|
2923
2918
|
}
|
|
2924
2919
|
if (!yamlObj) {
|
|
2925
2920
|
continue;
|
package/utils.test.js
CHANGED
|
@@ -235,8 +235,8 @@ test("parse maven tree", () => {
|
|
|
235
235
|
let parsedList = utils.parseMavenTree(
|
|
236
236
|
fs.readFileSync("./test/data/sample-mvn-tree.txt", { encoding: "utf-8" })
|
|
237
237
|
);
|
|
238
|
-
expect(parsedList.pkgList.length).toEqual(
|
|
239
|
-
expect(parsedList.dependenciesList.length).toEqual(
|
|
238
|
+
expect(parsedList.pkgList.length).toEqual(61);
|
|
239
|
+
expect(parsedList.dependenciesList.length).toEqual(61);
|
|
240
240
|
expect(parsedList.pkgList[0]).toEqual({
|
|
241
241
|
group: "com.pogeyan.cmis",
|
|
242
242
|
name: "copper-server",
|
|
@@ -259,6 +259,7 @@ test("parse maven tree", () => {
|
|
|
259
259
|
"pkg:maven/commons-fileupload/commons-fileupload@1.4?type=jar",
|
|
260
260
|
"pkg:maven/com.fasterxml.jackson.core/jackson-core@2.12.0?type=jar",
|
|
261
261
|
"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.0?type=jar",
|
|
262
|
+
"pkg:maven/junit/junit@4.12?type=jar",
|
|
262
263
|
"pkg:maven/com.typesafe.akka/akka-actor_2.11@2.4.14?type=jar",
|
|
263
264
|
"pkg:maven/com.typesafe.akka/akka-cluster_2.11@2.4.14?type=jar",
|
|
264
265
|
"pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13?type=jar",
|
|
@@ -271,8 +272,8 @@ test("parse maven tree", () => {
|
|
|
271
272
|
encoding: "utf-8"
|
|
272
273
|
})
|
|
273
274
|
);
|
|
274
|
-
expect(parsedList.pkgList.length).toEqual(
|
|
275
|
-
expect(parsedList.dependenciesList.length).toEqual(
|
|
275
|
+
expect(parsedList.pkgList.length).toEqual(37);
|
|
276
|
+
expect(parsedList.dependenciesList.length).toEqual(37);
|
|
276
277
|
expect(parsedList.pkgList[0]).toEqual({
|
|
277
278
|
group: "com.gitlab.security_products.tests",
|
|
278
279
|
name: "java-maven",
|
|
@@ -282,7 +283,9 @@ test("parse maven tree", () => {
|
|
|
282
283
|
expect(parsedList.dependenciesList[0]).toEqual({
|
|
283
284
|
ref: "pkg:maven/com.gitlab.security_products.tests/java-maven@1.0-SNAPSHOT?type=jar",
|
|
284
285
|
dependsOn: [
|
|
286
|
+
"pkg:maven/org.powermock/powermock-api-mockito@1.7.3?type=jar",
|
|
285
287
|
"pkg:maven/io.netty/netty@3.9.1.Final?type=jar",
|
|
288
|
+
"pkg:maven/junit/junit@3.8.1?type=jar",
|
|
286
289
|
"pkg:maven/org.apache.maven/maven-artifact@3.3.9?type=jar",
|
|
287
290
|
"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.2?type=jar",
|
|
288
291
|
"pkg:maven/org.mozilla/rhino@1.7.10?type=jar",
|
|
@@ -385,29 +388,29 @@ test("parseGoModData", async () => {
|
|
|
385
388
|
);
|
|
386
389
|
expect(dep_list.length).toEqual(4);
|
|
387
390
|
expect(dep_list[0]).toEqual({
|
|
388
|
-
group: "
|
|
389
|
-
name: "aws-sdk-go",
|
|
391
|
+
group: "",
|
|
392
|
+
name: "github.com/aws/aws-sdk-go",
|
|
390
393
|
license: undefined,
|
|
391
394
|
version: "v1.38.47",
|
|
392
395
|
_integrity: "sha256-fake-sha-for-aws-go-sdk="
|
|
393
396
|
});
|
|
394
397
|
expect(dep_list[1]).toEqual({
|
|
395
|
-
group: "
|
|
396
|
-
name: "cobra",
|
|
398
|
+
group: "",
|
|
399
|
+
name: "github.com/spf13/cobra",
|
|
397
400
|
license: undefined,
|
|
398
401
|
version: "v1.0.0",
|
|
399
402
|
_integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE="
|
|
400
403
|
});
|
|
401
404
|
expect(dep_list[2]).toEqual({
|
|
402
|
-
group: "
|
|
403
|
-
name: "grpc",
|
|
405
|
+
group: "",
|
|
406
|
+
name: "google.golang.org/grpc",
|
|
404
407
|
license: undefined,
|
|
405
408
|
version: "v1.21.0",
|
|
406
409
|
_integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM="
|
|
407
410
|
});
|
|
408
411
|
expect(dep_list[3]).toEqual({
|
|
409
|
-
group: "
|
|
410
|
-
name: "viper",
|
|
412
|
+
group: "",
|
|
413
|
+
name: "github.com/spf13/viper",
|
|
411
414
|
license: undefined,
|
|
412
415
|
version: "v1.0.2",
|
|
413
416
|
_integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM="
|
|
@@ -426,29 +429,29 @@ test("parseGoSumData", async () => {
|
|
|
426
429
|
);
|
|
427
430
|
expect(dep_list.length).toEqual(4);
|
|
428
431
|
expect(dep_list[0]).toEqual({
|
|
429
|
-
group: "
|
|
430
|
-
name: "grpc",
|
|
432
|
+
group: "",
|
|
433
|
+
name: "google.golang.org/grpc",
|
|
431
434
|
license: undefined,
|
|
432
435
|
version: "v1.21.0",
|
|
433
436
|
_integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM="
|
|
434
437
|
});
|
|
435
438
|
expect(dep_list[1]).toEqual({
|
|
436
|
-
group: "
|
|
437
|
-
name: "cobra",
|
|
439
|
+
group: "",
|
|
440
|
+
name: "github.com/spf13/cobra",
|
|
438
441
|
license: undefined,
|
|
439
442
|
version: "v1.0.0",
|
|
440
443
|
_integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE="
|
|
441
444
|
});
|
|
442
445
|
expect(dep_list[2]).toEqual({
|
|
443
|
-
group: "
|
|
444
|
-
name: "viper",
|
|
446
|
+
group: "",
|
|
447
|
+
name: "github.com/spf13/viper",
|
|
445
448
|
license: undefined,
|
|
446
449
|
version: "v1.0.2",
|
|
447
450
|
_integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM="
|
|
448
451
|
});
|
|
449
452
|
expect(dep_list[3]).toEqual({
|
|
450
|
-
group: "
|
|
451
|
-
name: "testify",
|
|
453
|
+
group: "",
|
|
454
|
+
name: "github.com/stretchr/testify",
|
|
452
455
|
license: undefined,
|
|
453
456
|
version: "v1.6.1",
|
|
454
457
|
_integrity: "sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg="
|
|
@@ -463,11 +466,22 @@ test("parse go list dependencies", async () => {
|
|
|
463
466
|
fs.readFileSync("./test/data/golist-dep.txt", { encoding: "utf-8" }),
|
|
464
467
|
{}
|
|
465
468
|
);
|
|
466
|
-
expect(dep_list.length).toEqual(
|
|
469
|
+
expect(dep_list.length).toEqual(4);
|
|
467
470
|
expect(dep_list[0]).toEqual({
|
|
468
|
-
group: "
|
|
469
|
-
name: "
|
|
470
|
-
version: "
|
|
471
|
+
group: "",
|
|
472
|
+
name: "github.com/gorilla/mux",
|
|
473
|
+
version: "v1.7.4",
|
|
474
|
+
_integrity: undefined,
|
|
475
|
+
license: undefined,
|
|
476
|
+
scope: "required",
|
|
477
|
+
properties: [
|
|
478
|
+
{
|
|
479
|
+
name: "SrcGoMod",
|
|
480
|
+
value:
|
|
481
|
+
"/home/almalinux/go/pkg/mod/cache/download/github.com/gorilla/mux/@v/v1.7.4.mod"
|
|
482
|
+
},
|
|
483
|
+
{ name: "ModuleGoVersion", value: "1.12" }
|
|
484
|
+
]
|
|
471
485
|
});
|
|
472
486
|
});
|
|
473
487
|
|
|
@@ -491,8 +505,8 @@ test("parseGopkgData", async () => {
|
|
|
491
505
|
);
|
|
492
506
|
expect(dep_list.length).toEqual(36);
|
|
493
507
|
expect(dep_list[0]).toEqual({
|
|
494
|
-
group: "
|
|
495
|
-
name: "go",
|
|
508
|
+
group: "",
|
|
509
|
+
name: "cloud.google.com/go",
|
|
496
510
|
version: "v0.39.0",
|
|
497
511
|
_integrity: "sha256-LKUyprxlVmM0QAS6ECQ20pAxAY6rI2JHZ42x2JeGJ78="
|
|
498
512
|
});
|
|
@@ -508,8 +522,8 @@ test("parse go version data", async () => {
|
|
|
508
522
|
);
|
|
509
523
|
expect(dep_list.length).toEqual(125);
|
|
510
524
|
expect(dep_list[0]).toEqual({
|
|
511
|
-
group: "
|
|
512
|
-
name: "atlassian-connect-go",
|
|
525
|
+
group: "",
|
|
526
|
+
name: "github.com/ShiftLeftSecurity/atlassian-connect-go",
|
|
513
527
|
version: "v0.0.2",
|
|
514
528
|
_integrity: "",
|
|
515
529
|
license: undefined
|
|
@@ -520,8 +534,8 @@ test("parse go version data", async () => {
|
|
|
520
534
|
);
|
|
521
535
|
expect(dep_list.length).toEqual(149);
|
|
522
536
|
expect(dep_list[0]).toEqual({
|
|
523
|
-
group: "
|
|
524
|
-
name: "go",
|
|
537
|
+
group: "",
|
|
538
|
+
name: "cloud.google.com/go",
|
|
525
539
|
version: "v0.79.0",
|
|
526
540
|
_integrity: "sha256-oqqswrt4x6b9OGBnNqdssxBl1xf0rSUNjU2BR4BZar0=",
|
|
527
541
|
license: undefined
|