npm - @cyclonedx/cdxgen - Versions diffs - 8.5.0 → 8.5.2 - Mend

@cyclonedx/cdxgen 8.5.0 → 8.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/index.js CHANGED Viewed

@@ -1178,6 +1178,18 @@ const createJavaBom = async (path, options) => {
           qualifiers: { type: "jar" },
           ...(retMap.metadata || {})
         };
+        const parentPurl = decodeURIComponent(
+          new PackageURL(
+            "maven",
+            parentComponent.group || "",
+            parentComponent.name,
+            parentComponent.version,
+            parentComponent.qualifiers,
+            null
+          ).toString()
+        );
+        parentComponent["purl"] = parentPurl;
+        parentComponent["bom-ref"] = parentPurl;
       }
       // Get the sub-project properties and set the root dependencies
       if (allProjectsStr && allProjectsStr.length) {
@@ -1217,28 +1229,17 @@ const createJavaBom = async (path, options) => {
           return s;
         });
         dependencies.push({
-          ref: decodeURIComponent(
-            new PackageURL(
-              "maven",
-              parentComponent.group,
-              parentComponent.name,
-              parentComponent.version,
-              parentComponent.qualifiers,
-              null
-            ).toString()
-          ),
+          ref: parentComponent["bom-ref"],
           dependsOn: rootDependsOn
         });
       }
     }
     if (gradleFiles && gradleFiles.length && options.installDeps) {
       let gradleCmd = utils.getGradleCommand(path, null);
-      if (!allProjects || !allProjects.length) {
-        allProjects.push(parentComponent);
-      }
+      allProjects.push(parentComponent);
       for (let sp of allProjects) {
         let gradleDepArgs = [
-          sp.name === parentComponent.name
+          sp.purl === parentComponent.purl
             ? "dependencies"
             : `:${sp.name}:dependencies`,
           "-q",
@@ -1302,7 +1303,7 @@ const createJavaBom = async (path, options) => {
         console.log(
           "Obtained",
           pkgList.length,
-          "from this gradle multi-project. De-duping this list ..."
+          "from this gradle project. De-duping this list ..."
         );
       } else {
         console.log(
@@ -1693,7 +1694,7 @@ const createNodejsBom = async (path, options) => {
           type: "application"
         };
         ppurl = new PackageURL(
-          "application",
+          "npm",
           parentComponent.group,
           parentComponent.name,
           parentComponent.version,
@@ -1824,7 +1825,7 @@ const createNodejsBom = async (path, options) => {
           type: "application"
         };
         ppurl = new PackageURL(
-          "application",
+          "npm",
           parentComponent.group,
           parentComponent.name,
           parentComponent.version,
@@ -1852,7 +1853,7 @@ const createNodejsBom = async (path, options) => {
         // Fixes: 212. Handle case where there are no package.json to determine the parent package
         if (Object.keys(parentComponent).length && parentComponent.name) {
           const ppurl = new PackageURL(
-            "application",
+            "npm",
             parentComponent.group,
             parentComponent.name,
             parentComponent.version,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "8.5.0",
+  "version": "8.5.2",
   "description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
   "homepage": "http://github.com/cyclonedx/cdxgen",
   "author": "Prabhu Subramanian <prabhu@appthreat.com>",

package/utils.js CHANGED Viewed

@@ -1533,7 +1533,7 @@ const parseGradleProperties = function (rawOutput) {
           const spStrs = tmpB[1].replace(/[[\]']/g, "").split(", ");
           const tmpprojects = spStrs
             .flatMap((s) => s.replace("project ", ""))
-            .filter((s) => s !== ":app");
+            .filter((s) => ![":app", ""].includes(s.trim()));
           tmpprojects.forEach(projects.add, projects);
         }
       }

package/utils.test.js CHANGED Viewed

@@ -310,6 +310,27 @@ test("parse gradle properties", () => {
       ]
     }
   });
+  retMap = utils.parseGradleProperties(
+    fs.readFileSync("./test/data/gradle-properties-single2.txt", {
+      encoding: "utf-8"
+    })
+  );
+  expect(retMap).toEqual({
+    rootProject: "java-test",
+    projects: [],
+    metadata: {
+      group: "com.ajmalab.demo",
+      version: "latest",
+      properties: [
+        {
+          name: "buildFile",
+          value: "/home/almalinux/work/sandbox/java-test/build.gradle"
+        },
+        { name: "projectDir", value: "/home/almalinux/work/sandbox/java-test" },
+        { name: "rootDir", value: "/home/almalinux/work/sandbox/java-test" }
+      ]
+    }
+  });
   retMap = utils.parseGradleProperties(
     fs.readFileSync("./test/data/gradle-properties-elastic.txt", {
       encoding: "utf-8"