@cyclonedx/cdxgen 8.4.12 → 8.4.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/index.js CHANGED
@@ -1057,7 +1057,7 @@ const createJavaBom = async (path, options) => {
1057
1057
  "Resolve the above maven error. This could be due to the following:\n"
1058
1058
  );
1059
1059
  console.log(
1060
- "1. Java version requirement: cdxgen container image bundles Java 17 with gradle 8 which might be incompatible."
1060
+ "1. Java version requirement: cdxgen container image bundles Java 17 with maven 3.8 which might be incompatible."
1061
1061
  );
1062
1062
  console.log(
1063
1063
  "2. Private dependencies cannot be downloaded: Check if any additional arguments must be passed to maven and set them via MVN_ARGS environment variable."
@@ -1580,6 +1580,7 @@ const createJavaBom = async (path, options) => {
1580
1580
  sbtVersion != null &&
1581
1581
  semver.gte(sbtVersion, "1.3.4") &&
1582
1582
  semver.lte(sbtVersion, "1.4.0");
1583
+ const useSlashSyntax = semver.gte(sbtVersion, "1.5.0");
1583
1584
  const isDependencyTreeBuiltIn =
1584
1585
  sbtVersion != null && semver.gte(sbtVersion, "1.4.0");
1585
1586
  let tempDir = fs.mkdtempSync(pathLib.join(os.tmpdir(), "cdxsbt-"));
@@ -1619,7 +1620,11 @@ const createJavaBom = async (path, options) => {
1619
1620
  ];
1620
1621
  } else {
1621
1622
  // write to the existing plugins file
1622
- sbtArgs = [`"dependencyList::toFile ${dlFile} --force"`];
1623
+ if (useSlashSyntax) {
1624
+ sbtArgs = [`"dependencyList / toFile ${dlFile} --force"`];
1625
+ } else {
1626
+ sbtArgs = [`"dependencyList::toFile ${dlFile} --force"`];
1627
+ }
1623
1628
  pluginFile = utils.addPlugin(basePath, sbtPluginDefinition);
1624
1629
  }
1625
1630
  // Note that the command has to be invoked with `shell: true` to properly execut sbt
@@ -1641,17 +1646,12 @@ const createJavaBom = async (path, options) => {
1641
1646
  "3. Consider creating a lockfile using sbt-dependency-lock plugin. See https://github.com/stringbean/sbt-dependency-lock"
1642
1647
  );
1643
1648
  options.failOnError && process.exit(1);
1644
- } else if (DEBUG_MODE) {
1645
- console.log(result.stdout);
1646
1649
  }
1647
1650
  if (!standalonePluginFile) {
1648
1651
  utils.cleanupPlugin(basePath, pluginFile);
1649
1652
  }
1650
1653
  if (fs.existsSync(dlFile)) {
1651
1654
  const cmdOutput = fs.readFileSync(dlFile, { encoding: "utf-8" });
1652
- if (DEBUG_MODE) {
1653
- console.log(cmdOutput);
1654
- }
1655
1655
  const dlist = utils.parseKVDep(cmdOutput);
1656
1656
  if (dlist && dlist.length) {
1657
1657
  pkgList = pkgList.concat(dlist);
@@ -4569,7 +4569,7 @@ exports.createBom = createBom;
4569
4569
  * @param bomContents BOM Xml
4570
4570
  */
4571
4571
  exports.submitBom = async (args, bomContents) => {
4572
- let serverUrl = args.serverUrl + "/api/v1/bom";
4572
+ let serverUrl = args.serverUrl.replace(/\/$/, "") + "/api/v1/bom";
4573
4573
  let encodedBomContents = Buffer.from(bomContents).toString("base64");
4574
4574
  if (encodedBomContents.startsWith("77u/")) {
4575
4575
  encodedBomContents = encodedBomContents.substring(4);
@@ -4605,12 +4605,12 @@ exports.submitBom = async (args, bomContents) => {
4605
4605
  responseType: "json"
4606
4606
  }).json();
4607
4607
  } catch (error) {
4608
- if (error.response.statusCode === 401) {
4608
+ if (error.response && error.response.statusCode === 401) {
4609
4609
  // Unauthorized
4610
4610
  console.log(
4611
4611
  "Received Unauthorized error. Check the API key used is valid and has necessary permissions to create projects and upload bom."
4612
4612
  );
4613
- } else if (error.response.statusCode === 405) {
4613
+ } else if (error.response && error.response.statusCode === 405) {
4614
4614
  // Method not allowed errors
4615
4615
  try {
4616
4616
  return await got(serverUrl, {
@@ -4629,7 +4629,9 @@ exports.submitBom = async (args, bomContents) => {
4629
4629
  responseType: "json"
4630
4630
  }).json();
4631
4631
  } catch (error) {
4632
- console.log("Unable to submit the SBoM to the Dependency-Track server");
4632
+ console.log(
4633
+ "Unable to submit the SBoM to the Dependency-Track server using POST method"
4634
+ );
4633
4635
  console.log(error);
4634
4636
  }
4635
4637
  } else {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cyclonedx/cdxgen",
3
- "version": "8.4.12",
3
+ "version": "8.4.13",
4
4
  "description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
5
5
  "homepage": "http://github.com/cyclonedx/cdxgen",
6
6
  "author": "Prabhu Subramanian <prabhu@appthreat.com>",
package/utils.js CHANGED
@@ -1103,7 +1103,7 @@ const parseMavenTree = function (rawOutput) {
1103
1103
  let last_purl = "";
1104
1104
  let stack = [];
1105
1105
  tmpA.forEach((l) => {
1106
- if (!includeMavenTestScope && l.endsWith(":test")) {
1106
+ if (!includeMavenTestScope && l.trim().endsWith(":test")) {
1107
1107
  return;
1108
1108
  }
1109
1109
  let level = 0;
@@ -1654,7 +1654,7 @@ const getMvnMetadata = async function (pkgList) {
1654
1654
  if (!pkgList || !pkgList.length) {
1655
1655
  return pkgList;
1656
1656
  }
1657
- if (DEBUG_MODE) {
1657
+ if (DEBUG_MODE && fetchLicenses) {
1658
1658
  console.log(`About to query maven for ${pkgList.length} packages`);
1659
1659
  }
1660
1660
  for (const p of pkgList) {
package/utils.test.js CHANGED
@@ -1652,6 +1652,10 @@ test("parse scala sbt list", async () => {
1652
1652
  fs.readFileSync("./test/data/sbt-dl.list", { encoding: "utf-8" })
1653
1653
  );
1654
1654
  expect(deps.length).toEqual(57);
1655
+ deps = utils.parseKVDep(
1656
+ fs.readFileSync("./test/data/atom-sbt-list.txt", { encoding: "utf-8" })
1657
+ );
1658
+ expect(deps.length).toEqual(117);
1655
1659
  });
1656
1660
 
1657
1661
  test("parse scala sbt lock", async () => {