@cyclonedx/cdxgen 8.4.9 → 8.4.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +14 -5
- package/package.json +1 -1
- package/utils.js +32 -29
- package/utils.test.js +1 -0
package/index.js
CHANGED
|
@@ -1167,14 +1167,23 @@ const createJavaBom = async (path, options) => {
|
|
|
1167
1167
|
["true", "1"].includes(multiProjectMode) ||
|
|
1168
1168
|
(gradleFiles.length > 1 && !["false", "0"].includes(multiProjectMode))
|
|
1169
1169
|
) {
|
|
1170
|
-
|
|
1171
|
-
|
|
1170
|
+
let gradleProjectsArgs = ["projects", "-q", "--console", "plain"];
|
|
1171
|
+
if (process.env.GRADLE_ARGS) {
|
|
1172
|
+
const addArgs = process.env.GRADLE_ARGS.split(" ");
|
|
1173
|
+
gradleProjectsArgs = gradleProjectsArgs.concat(addArgs);
|
|
1172
1174
|
}
|
|
1173
|
-
|
|
1175
|
+
console.log(
|
|
1176
|
+
"Executing",
|
|
1174
1177
|
gradleCmd,
|
|
1175
|
-
|
|
1176
|
-
|
|
1178
|
+
gradleProjectsArgs.join(" "),
|
|
1179
|
+
"projects in",
|
|
1180
|
+
path
|
|
1177
1181
|
);
|
|
1182
|
+
const result = spawnSync(gradleCmd, gradleProjectsArgs, {
|
|
1183
|
+
cwd: path,
|
|
1184
|
+
encoding: "utf-8",
|
|
1185
|
+
timeout: TIMEOUT_MS
|
|
1186
|
+
});
|
|
1178
1187
|
if (result.status !== 0 || result.error) {
|
|
1179
1188
|
if (result.stderr) {
|
|
1180
1189
|
console.error(result.stdout, result.stderr);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "8.4.
|
|
3
|
+
"version": "8.4.10",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|
package/utils.js
CHANGED
|
@@ -1214,6 +1214,7 @@ const parseGradleDep = function (
|
|
|
1214
1214
|
const deps = [rootProject];
|
|
1215
1215
|
const dependenciesList = [];
|
|
1216
1216
|
const keys_cache = {};
|
|
1217
|
+
const deps_keys_cache = {};
|
|
1217
1218
|
let last_level = 0;
|
|
1218
1219
|
let last_purl = `pkg:maven/${rootProjectName}@${rootProjectVersion}?type=jar`;
|
|
1219
1220
|
const first_purl = last_purl;
|
|
@@ -1246,9 +1247,11 @@ const parseGradleDep = function (
|
|
|
1246
1247
|
!rline ||
|
|
1247
1248
|
rline.trim() === "" ||
|
|
1248
1249
|
rline.startsWith("+--- ") ||
|
|
1249
|
-
rline.startsWith("
|
|
1250
|
+
rline.startsWith("\\--- ")
|
|
1250
1251
|
) {
|
|
1251
1252
|
last_level = 1;
|
|
1253
|
+
last_purl = first_purl;
|
|
1254
|
+
stack = [last_purl];
|
|
1252
1255
|
}
|
|
1253
1256
|
}
|
|
1254
1257
|
while ((match = depRegex.exec(rline))) {
|
|
@@ -1265,43 +1268,43 @@ const parseGradleDep = function (
|
|
|
1265
1268
|
null
|
|
1266
1269
|
).toString();
|
|
1267
1270
|
purlString = decodeURIComponent(purlString);
|
|
1268
|
-
|
|
1269
|
-
|
|
1270
|
-
|
|
1271
|
-
|
|
1272
|
-
|
|
1271
|
+
keys_cache[purlString + "_" + last_purl] = true;
|
|
1272
|
+
if (group !== "project") {
|
|
1273
|
+
// Filter duplicates
|
|
1274
|
+
if (!deps_keys_cache[purlString]) {
|
|
1275
|
+
deps_keys_cache[purlString] = true;
|
|
1273
1276
|
deps.push({
|
|
1274
1277
|
group,
|
|
1275
1278
|
name: name,
|
|
1276
1279
|
version: version,
|
|
1277
1280
|
qualifiers: { type: "jar" }
|
|
1278
1281
|
});
|
|
1279
|
-
|
|
1280
|
-
|
|
1281
|
-
|
|
1282
|
-
|
|
1283
|
-
|
|
1284
|
-
|
|
1285
|
-
|
|
1286
|
-
|
|
1287
|
-
|
|
1288
|
-
|
|
1289
|
-
|
|
1290
|
-
}
|
|
1291
|
-
} else {
|
|
1292
|
-
for (let i = level; i <= last_level; i++) {
|
|
1293
|
-
stack.pop();
|
|
1294
|
-
}
|
|
1295
|
-
const last_stack =
|
|
1296
|
-
stack.length > 0 ? stack[stack.length - 1] : first_purl;
|
|
1297
|
-
const cnodes = level_trees[last_stack] || [];
|
|
1298
|
-
cnodes.push(purlString);
|
|
1299
|
-
level_trees[last_stack] = cnodes;
|
|
1282
|
+
}
|
|
1283
|
+
if (!level_trees[purlString]) {
|
|
1284
|
+
level_trees[purlString] = [];
|
|
1285
|
+
}
|
|
1286
|
+
if (level == 0 || last_purl === "") {
|
|
1287
|
+
stack.push(purlString);
|
|
1288
|
+
} else if (level > last_level) {
|
|
1289
|
+
const cnodes = level_trees[last_purl] || [];
|
|
1290
|
+
cnodes.push(purlString);
|
|
1291
|
+
level_trees[last_purl] = cnodes;
|
|
1292
|
+
if (stack[stack.length - 1] !== purlString) {
|
|
1300
1293
|
stack.push(purlString);
|
|
1301
1294
|
}
|
|
1302
|
-
|
|
1303
|
-
|
|
1295
|
+
} else {
|
|
1296
|
+
for (let i = level; i <= last_level; i++) {
|
|
1297
|
+
stack.pop();
|
|
1298
|
+
}
|
|
1299
|
+
const last_stack =
|
|
1300
|
+
stack.length > 0 ? stack[stack.length - 1] : first_purl;
|
|
1301
|
+
const cnodes = level_trees[last_stack] || [];
|
|
1302
|
+
cnodes.push(purlString);
|
|
1303
|
+
level_trees[last_stack] = cnodes;
|
|
1304
|
+
stack.push(purlString);
|
|
1304
1305
|
}
|
|
1306
|
+
last_level = level;
|
|
1307
|
+
last_purl = purlString;
|
|
1305
1308
|
}
|
|
1306
1309
|
}
|
|
1307
1310
|
}
|