@cyclonedx/cdxgen 8.4.7 → 8.4.9

package/index.js

@@ -1391,7 +1391,9 @@ const createJavaBom = async (path, options) => {
             const cmdOutput = Buffer.from(stdout).toString();
             const parsedList = utils.parseGradleDep(cmdOutput);
             const dlist = parsedList.pkgList;
-            parentComponent = dlist.splice(0, 1)[0];
+            if (!parentComponent) {
+              parentComponent = dlist.splice(0, 1)[0];
+            }
             if (parsedList.dependenciesList && parsedList.dependenciesList) {
               dependencies = mergeDependencies(
                 dependencies,
@@ -4584,7 +4586,7 @@ exports.submitBom = async (args, bomContents) => {
     );
   }
   return await got(serverUrl, {
-    method: "PUT",
+    method: "POST",
     headers: {
       "X-Api-Key": args.apiKey,
       "Content-Type": "application/json"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "8.4.7",
+  "version": "8.4.9",
   "description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
   "homepage": "http://github.com/cyclonedx/cdxgen",
   "author": "Prabhu Subramanian <prabhu@appthreat.com>",

package/utils.js

@@ -1190,6 +1190,18 @@ const parseGradleDep = function (
   rootProjectVersion = "latest"
 ) {
   if (typeof rawOutput === "string") {
+    // Bug: 249. Get any sub-projects refered here
+    const retMap = parseGradleProjects(rawOutput);
+    // Issue #289. Work hard to find the root project name
+    if (
+      !rootProjectName ||
+      (rootProjectName === "root" &&
+        retMap &&
+        retMap.rootProject &&
+        retMap.rootProject !== "root")
+    ) {
+      rootProjectName = retMap.rootProject;
+    }
     let match = "";
     // To render dependency tree we need a root project
     const rootProject = {
@@ -1204,8 +1216,7 @@ const parseGradleDep = function (
     const keys_cache = {};
     let last_level = 0;
     let last_purl = `pkg:maven/${rootProjectName}@${rootProjectVersion}?type=jar`;
-    // Bug: 249. Get any sub-projects refered here
-    const retMap = parseGradleProjects(rawOutput);
+    const first_purl = last_purl;
     const level_trees = {};
     level_trees[last_purl] = [];
     if (retMap && retMap.projects) {
@@ -1229,54 +1240,68 @@ const parseGradleDep = function (
     let stack = [last_purl];
     const depRegex =
       /^.*?--- +(?<group>[^\s:]+):(?<name>[^\s:]+)(?::(?:{strictly [[]?)?(?<versionspecified>[^,\s:}]+))?(?:})?(?:[^->]* +-> +(?<versionoverride>[^\s:]+))?/gm;
-    while ((match = depRegex.exec(rawOutput))) {
-      const [line, group, name, versionspecified, versionoverride] = match;
-      const version = versionoverride || versionspecified;
-      const level = line.split(group)[0].length / 5;
-      if (version !== undefined) {
-        let purlString = new PackageURL(
-          "maven",
-          group,
-          name,
-          version,
-          { type: "jar" },
-          null
-        ).toString();
-        purlString = decodeURIComponent(purlString);
-        // Filter duplicates
-        if (!keys_cache[purlString]) {
-          keys_cache[purlString] = true;
-          if (group !== "project") {
-            deps.push({
-              group,
-              name: name,
-              version: version,
-              qualifiers: { type: "jar" }
-            });
-            if (!level_trees[purlString]) {
-              level_trees[purlString] = [];
-            }
-            if (level == 0 || last_purl === "") {
-              stack.push(purlString);
-            } else if (level > last_level) {
-              const cnodes = level_trees[last_purl] || [];
-              cnodes.push(purlString);
-              level_trees[last_purl] = cnodes;
-              if (stack[stack.length - 1] !== purlString) {
-                stack.push(purlString);
+    for (const rline of rawOutput.split("\n")) {
+      if (last_level !== 1) {
+        if (
+          !rline ||
+          rline.trim() === "" ||
+          rline.startsWith("+--- ") ||
+          rline.startsWith("--- ")
+        ) {
+          last_level = 1;
+        }
+      }
+      while ((match = depRegex.exec(rline))) {
+        const [line, group, name, versionspecified, versionoverride] = match;
+        const version = versionoverride || versionspecified;
+        const level = line.split(group)[0].length / 5;
+        if (version !== undefined) {
+          let purlString = new PackageURL(
+            "maven",
+            group,
+            name,
+            version,
+            { type: "jar" },
+            null
+          ).toString();
+          purlString = decodeURIComponent(purlString);
+
+          // Filter duplicates
+          if (!keys_cache[purlString]) {
+            keys_cache[purlString] = true;
+            if (group !== "project") {
+              deps.push({
+                group,
+                name: name,
+                version: version,
+                qualifiers: { type: "jar" }
+              });
+              if (!level_trees[purlString]) {
+                level_trees[purlString] = [];
               }
-            } else {
-              for (let i = level; i <= last_level; i++) {
-                stack.pop();
+              if (level == 0 || last_purl === "") {
+                stack.push(purlString);
+              } else if (level > last_level) {
+                const cnodes = level_trees[last_purl] || [];
+                cnodes.push(purlString);
+                level_trees[last_purl] = cnodes;
+                if (stack[stack.length - 1] !== purlString) {
+                  stack.push(purlString);
+                }
+              } else {
+                for (let i = level; i <= last_level; i++) {
+                  stack.pop();
+                }
+                const last_stack =
+                  stack.length > 0 ? stack[stack.length - 1] : first_purl;
+                const cnodes = level_trees[last_stack] || [];
+                cnodes.push(purlString);
+                level_trees[last_stack] = cnodes;
+                stack.push(purlString);
               }
-              const last_stack = stack[stack.length - 1];
-              const cnodes = level_trees[last_stack] || [];
-              cnodes.push(purlString);
-              level_trees[last_stack] = cnodes;
-              stack.push(purlString);
+              last_level = level;
+              last_purl = purlString;
             }
-            last_level = level;
-            last_purl = purlString;
           }
         }
       }

package/utils.test.js

@@ -205,12 +205,32 @@ test("parse gradle dependencies", () => {
     fs.readFileSync("./test/data/gradle-rich5.dep", { encoding: "utf-8" })
   );
   expect(parsedList.pkgList.length).toEqual(68);
-  expect(parsedList.dependenciesList.length).toEqual(69);
+  expect(parsedList.dependenciesList.length).toEqual(68);
   parsedList = utils.parseGradleDep(
     fs.readFileSync("./test/data/gradle-out-249.dep", { encoding: "utf-8" })
   );
   expect(parsedList.pkgList.length).toEqual(21);
   expect(parsedList.dependenciesList.length).toEqual(21);
+  parsedList = utils.parseGradleDep(
+    fs.readFileSync("./test/data/gradle-service.out", { encoding: "utf-8" })
+  );
+  expect(parsedList.pkgList.length).toEqual(35);
+  expect(parsedList.dependenciesList.length).toEqual(35);
+  parsedList = utils.parseGradleDep(
+    fs.readFileSync("./test/data/gradle-s.out", { encoding: "utf-8" })
+  );
+  expect(parsedList.pkgList.length).toEqual(28);
+  expect(parsedList.dependenciesList.length).toEqual(28);
+  parsedList = utils.parseGradleDep(
+    fs.readFileSync("./test/data/gradle-core.out", { encoding: "utf-8" })
+  );
+  expect(parsedList.pkgList.length).toEqual(19);
+  expect(parsedList.dependenciesList.length).toEqual(19);
+  parsedList = utils.parseGradleDep(
+    fs.readFileSync("./test/data/gradle-single.out", { encoding: "utf-8" })
+  );
+  expect(parsedList.pkgList.length).toEqual(153);
+  expect(parsedList.dependenciesList.length).toEqual(153);
 });
 
 test("parse gradle projects", () => {