@cyclonedx/cdxgen 8.4.8 → 8.4.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +3 -1
- package/package.json +1 -1
- package/utils.js +72 -47
- package/utils.test.js +21 -1
package/index.js
CHANGED
|
@@ -1391,7 +1391,9 @@ const createJavaBom = async (path, options) => {
|
|
|
1391
1391
|
const cmdOutput = Buffer.from(stdout).toString();
|
|
1392
1392
|
const parsedList = utils.parseGradleDep(cmdOutput);
|
|
1393
1393
|
const dlist = parsedList.pkgList;
|
|
1394
|
-
|
|
1394
|
+
if (!parentComponent) {
|
|
1395
|
+
parentComponent = dlist.splice(0, 1)[0];
|
|
1396
|
+
}
|
|
1395
1397
|
if (parsedList.dependenciesList && parsedList.dependenciesList) {
|
|
1396
1398
|
dependencies = mergeDependencies(
|
|
1397
1399
|
dependencies,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "8.4.
|
|
3
|
+
"version": "8.4.9",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|
package/utils.js
CHANGED
|
@@ -1190,6 +1190,18 @@ const parseGradleDep = function (
|
|
|
1190
1190
|
rootProjectVersion = "latest"
|
|
1191
1191
|
) {
|
|
1192
1192
|
if (typeof rawOutput === "string") {
|
|
1193
|
+
// Bug: 249. Get any sub-projects refered here
|
|
1194
|
+
const retMap = parseGradleProjects(rawOutput);
|
|
1195
|
+
// Issue #289. Work hard to find the root project name
|
|
1196
|
+
if (
|
|
1197
|
+
!rootProjectName ||
|
|
1198
|
+
(rootProjectName === "root" &&
|
|
1199
|
+
retMap &&
|
|
1200
|
+
retMap.rootProject &&
|
|
1201
|
+
retMap.rootProject !== "root")
|
|
1202
|
+
) {
|
|
1203
|
+
rootProjectName = retMap.rootProject;
|
|
1204
|
+
}
|
|
1193
1205
|
let match = "";
|
|
1194
1206
|
// To render dependency tree we need a root project
|
|
1195
1207
|
const rootProject = {
|
|
@@ -1204,8 +1216,7 @@ const parseGradleDep = function (
|
|
|
1204
1216
|
const keys_cache = {};
|
|
1205
1217
|
let last_level = 0;
|
|
1206
1218
|
let last_purl = `pkg:maven/${rootProjectName}@${rootProjectVersion}?type=jar`;
|
|
1207
|
-
|
|
1208
|
-
const retMap = parseGradleProjects(rawOutput);
|
|
1219
|
+
const first_purl = last_purl;
|
|
1209
1220
|
const level_trees = {};
|
|
1210
1221
|
level_trees[last_purl] = [];
|
|
1211
1222
|
if (retMap && retMap.projects) {
|
|
@@ -1229,54 +1240,68 @@ const parseGradleDep = function (
|
|
|
1229
1240
|
let stack = [last_purl];
|
|
1230
1241
|
const depRegex =
|
|
1231
1242
|
/^.*?--- +(?<group>[^\s:]+):(?<name>[^\s:]+)(?::(?:{strictly [[]?)?(?<versionspecified>[^,\s:}]+))?(?:})?(?:[^->]* +-> +(?<versionoverride>[^\s:]+))?/gm;
|
|
1232
|
-
|
|
1233
|
-
|
|
1234
|
-
|
|
1235
|
-
|
|
1236
|
-
|
|
1237
|
-
|
|
1238
|
-
"
|
|
1239
|
-
|
|
1240
|
-
|
|
1241
|
-
|
|
1242
|
-
|
|
1243
|
-
|
|
1244
|
-
|
|
1245
|
-
|
|
1246
|
-
|
|
1247
|
-
if (
|
|
1248
|
-
|
|
1249
|
-
|
|
1250
|
-
|
|
1251
|
-
|
|
1252
|
-
|
|
1253
|
-
|
|
1254
|
-
|
|
1255
|
-
|
|
1256
|
-
|
|
1257
|
-
|
|
1258
|
-
|
|
1259
|
-
|
|
1260
|
-
|
|
1261
|
-
|
|
1262
|
-
|
|
1263
|
-
|
|
1264
|
-
|
|
1265
|
-
|
|
1266
|
-
|
|
1243
|
+
for (const rline of rawOutput.split("\n")) {
|
|
1244
|
+
if (last_level !== 1) {
|
|
1245
|
+
if (
|
|
1246
|
+
!rline ||
|
|
1247
|
+
rline.trim() === "" ||
|
|
1248
|
+
rline.startsWith("+--- ") ||
|
|
1249
|
+
rline.startsWith("--- ")
|
|
1250
|
+
) {
|
|
1251
|
+
last_level = 1;
|
|
1252
|
+
}
|
|
1253
|
+
}
|
|
1254
|
+
while ((match = depRegex.exec(rline))) {
|
|
1255
|
+
const [line, group, name, versionspecified, versionoverride] = match;
|
|
1256
|
+
const version = versionoverride || versionspecified;
|
|
1257
|
+
const level = line.split(group)[0].length / 5;
|
|
1258
|
+
if (version !== undefined) {
|
|
1259
|
+
let purlString = new PackageURL(
|
|
1260
|
+
"maven",
|
|
1261
|
+
group,
|
|
1262
|
+
name,
|
|
1263
|
+
version,
|
|
1264
|
+
{ type: "jar" },
|
|
1265
|
+
null
|
|
1266
|
+
).toString();
|
|
1267
|
+
purlString = decodeURIComponent(purlString);
|
|
1268
|
+
|
|
1269
|
+
// Filter duplicates
|
|
1270
|
+
if (!keys_cache[purlString]) {
|
|
1271
|
+
keys_cache[purlString] = true;
|
|
1272
|
+
if (group !== "project") {
|
|
1273
|
+
deps.push({
|
|
1274
|
+
group,
|
|
1275
|
+
name: name,
|
|
1276
|
+
version: version,
|
|
1277
|
+
qualifiers: { type: "jar" }
|
|
1278
|
+
});
|
|
1279
|
+
if (!level_trees[purlString]) {
|
|
1280
|
+
level_trees[purlString] = [];
|
|
1267
1281
|
}
|
|
1268
|
-
|
|
1269
|
-
|
|
1270
|
-
|
|
1282
|
+
if (level == 0 || last_purl === "") {
|
|
1283
|
+
stack.push(purlString);
|
|
1284
|
+
} else if (level > last_level) {
|
|
1285
|
+
const cnodes = level_trees[last_purl] || [];
|
|
1286
|
+
cnodes.push(purlString);
|
|
1287
|
+
level_trees[last_purl] = cnodes;
|
|
1288
|
+
if (stack[stack.length - 1] !== purlString) {
|
|
1289
|
+
stack.push(purlString);
|
|
1290
|
+
}
|
|
1291
|
+
} else {
|
|
1292
|
+
for (let i = level; i <= last_level; i++) {
|
|
1293
|
+
stack.pop();
|
|
1294
|
+
}
|
|
1295
|
+
const last_stack =
|
|
1296
|
+
stack.length > 0 ? stack[stack.length - 1] : first_purl;
|
|
1297
|
+
const cnodes = level_trees[last_stack] || [];
|
|
1298
|
+
cnodes.push(purlString);
|
|
1299
|
+
level_trees[last_stack] = cnodes;
|
|
1300
|
+
stack.push(purlString);
|
|
1271
1301
|
}
|
|
1272
|
-
|
|
1273
|
-
|
|
1274
|
-
cnodes.push(purlString);
|
|
1275
|
-
level_trees[last_stack] = cnodes;
|
|
1276
|
-
stack.push(purlString);
|
|
1302
|
+
last_level = level;
|
|
1303
|
+
last_purl = purlString;
|
|
1277
1304
|
}
|
|
1278
|
-
last_level = level;
|
|
1279
|
-
last_purl = purlString;
|
|
1280
1305
|
}
|
|
1281
1306
|
}
|
|
1282
1307
|
}
|
package/utils.test.js
CHANGED
|
@@ -205,12 +205,32 @@ test("parse gradle dependencies", () => {
|
|
|
205
205
|
fs.readFileSync("./test/data/gradle-rich5.dep", { encoding: "utf-8" })
|
|
206
206
|
);
|
|
207
207
|
expect(parsedList.pkgList.length).toEqual(68);
|
|
208
|
-
expect(parsedList.dependenciesList.length).toEqual(
|
|
208
|
+
expect(parsedList.dependenciesList.length).toEqual(68);
|
|
209
209
|
parsedList = utils.parseGradleDep(
|
|
210
210
|
fs.readFileSync("./test/data/gradle-out-249.dep", { encoding: "utf-8" })
|
|
211
211
|
);
|
|
212
212
|
expect(parsedList.pkgList.length).toEqual(21);
|
|
213
213
|
expect(parsedList.dependenciesList.length).toEqual(21);
|
|
214
|
+
parsedList = utils.parseGradleDep(
|
|
215
|
+
fs.readFileSync("./test/data/gradle-service.out", { encoding: "utf-8" })
|
|
216
|
+
);
|
|
217
|
+
expect(parsedList.pkgList.length).toEqual(35);
|
|
218
|
+
expect(parsedList.dependenciesList.length).toEqual(35);
|
|
219
|
+
parsedList = utils.parseGradleDep(
|
|
220
|
+
fs.readFileSync("./test/data/gradle-s.out", { encoding: "utf-8" })
|
|
221
|
+
);
|
|
222
|
+
expect(parsedList.pkgList.length).toEqual(28);
|
|
223
|
+
expect(parsedList.dependenciesList.length).toEqual(28);
|
|
224
|
+
parsedList = utils.parseGradleDep(
|
|
225
|
+
fs.readFileSync("./test/data/gradle-core.out", { encoding: "utf-8" })
|
|
226
|
+
);
|
|
227
|
+
expect(parsedList.pkgList.length).toEqual(19);
|
|
228
|
+
expect(parsedList.dependenciesList.length).toEqual(19);
|
|
229
|
+
parsedList = utils.parseGradleDep(
|
|
230
|
+
fs.readFileSync("./test/data/gradle-single.out", { encoding: "utf-8" })
|
|
231
|
+
);
|
|
232
|
+
expect(parsedList.pkgList.length).toEqual(153);
|
|
233
|
+
expect(parsedList.dependenciesList.length).toEqual(153);
|
|
214
234
|
});
|
|
215
235
|
|
|
216
236
|
test("parse gradle projects", () => {
|