@cyclonedx/cdxgen 9.0.0 → 9.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +64 -29
- package/analyzer.js +1 -1
- package/bin/cdxgen.js +18 -24
- package/binary.js +7 -7
- package/data/bom-1.5.schema.json +3660 -0
- package/data/jsf-0.82.schema.json +211 -0
- package/data/lic-mapping.json +6 -1
- package/data/pypi-pkg-aliases.json +84 -77
- package/data/spdx.schema.json +621 -0
- package/display.js +102 -0
- package/display.test.js +10 -0
- package/docker.js +12 -24
- package/docker.test.js +1 -1
- package/index.js +308 -296
- package/package.json +5 -3
- package/piptree.js +136 -0
- package/server.js +2 -2
- package/utils.js +588 -254
- package/utils.test.js +303 -36
package/utils.test.js
CHANGED
|
@@ -64,8 +64,8 @@ import {
|
|
|
64
64
|
parseSwiftJsonTree,
|
|
65
65
|
parseSwiftResolved,
|
|
66
66
|
guessPypiMatchingVersion
|
|
67
|
-
} from "./utils";
|
|
68
|
-
import { readFileSync } from "fs";
|
|
67
|
+
} from "./utils.js";
|
|
68
|
+
import { readFileSync } from "node:fs";
|
|
69
69
|
import { parse } from "ssri";
|
|
70
70
|
import { expect, test } from "@jest/globals";
|
|
71
71
|
|
|
@@ -91,6 +91,12 @@ test("SSRI test", () => {
|
|
|
91
91
|
expect(ss.sha256[0].digest).toStrictEqual(
|
|
92
92
|
"LKUyprxlVmM0QAS6ECQ20pAxAY6rI2JHZ42x2JeGJ78="
|
|
93
93
|
);
|
|
94
|
+
ss = parse(
|
|
95
|
+
"sha512-Vn0lE2mprXEFPcRoI89xjw1fk1VJiyVbwfaPnVnvCXxEieByioO8Mj6sMwa6ON9PRuqbAjIxaQpkzccu41sYlw=="
|
|
96
|
+
);
|
|
97
|
+
expect(ss.sha512[0].digest).toStrictEqual(
|
|
98
|
+
"Vn0lE2mprXEFPcRoI89xjw1fk1VJiyVbwfaPnVnvCXxEieByioO8Mj6sMwa6ON9PRuqbAjIxaQpkzccu41sYlw=="
|
|
99
|
+
);
|
|
94
100
|
});
|
|
95
101
|
|
|
96
102
|
test("Parse requires dist string", () => {
|
|
@@ -633,7 +639,7 @@ test("parseGoSumData", async () => {
|
|
|
633
639
|
}, 120000);
|
|
634
640
|
|
|
635
641
|
test("parse go list dependencies", async () => {
|
|
636
|
-
|
|
642
|
+
const dep_list = await parseGoListDep(
|
|
637
643
|
readFileSync("./test/data/golist-dep.txt", { encoding: "utf-8" }),
|
|
638
644
|
{}
|
|
639
645
|
);
|
|
@@ -766,7 +772,7 @@ test("parse cargo toml", async () => {
|
|
|
766
772
|
|
|
767
773
|
test("parse cargo auditable data", async () => {
|
|
768
774
|
expect(await parseCargoAuditableData(null)).toEqual([]);
|
|
769
|
-
|
|
775
|
+
const dep_list = await parseCargoAuditableData(
|
|
770
776
|
readFileSync("./test/data/cargo-auditable.txt", { encoding: "utf-8" })
|
|
771
777
|
);
|
|
772
778
|
expect(dep_list.length).toEqual(32);
|
|
@@ -1003,7 +1009,7 @@ test("parse github actions workflow data", async () => {
|
|
|
1003
1009
|
dep_list = await parseGitHubWorkflowData(
|
|
1004
1010
|
readFileSync("./.github/workflows/repotests.yml", { encoding: "utf-8" })
|
|
1005
1011
|
);
|
|
1006
|
-
expect(dep_list.length).toEqual(
|
|
1012
|
+
expect(dep_list.length).toEqual(6);
|
|
1007
1013
|
expect(dep_list[0]).toEqual({
|
|
1008
1014
|
group: "actions",
|
|
1009
1015
|
name: "checkout",
|
|
@@ -1107,6 +1113,7 @@ test("get nget metadata", async () => {
|
|
|
1107
1113
|
]);
|
|
1108
1114
|
expect(dep_list.length).toEqual(1);
|
|
1109
1115
|
expect(dep_list[0]).toEqual({
|
|
1116
|
+
author: "Castle Project Contributors",
|
|
1110
1117
|
group: "",
|
|
1111
1118
|
name: "Castle.Core",
|
|
1112
1119
|
version: "4.4.0",
|
|
@@ -1115,7 +1122,7 @@ test("get nget metadata", async () => {
|
|
|
1115
1122
|
homepage: {
|
|
1116
1123
|
url: "https://www.nuget.org/packages/Castle.Core/4.4.0/"
|
|
1117
1124
|
},
|
|
1118
|
-
license: "
|
|
1125
|
+
license: "Apache-2.0",
|
|
1119
1126
|
repository: {
|
|
1120
1127
|
url: "http://www.castleproject.org/"
|
|
1121
1128
|
}
|
|
@@ -1358,7 +1365,20 @@ test("parsePnpmLock", async () => {
|
|
|
1358
1365
|
name: "SrcFile",
|
|
1359
1366
|
value: "./test/pnpm-lock.yaml"
|
|
1360
1367
|
}
|
|
1361
|
-
]
|
|
1368
|
+
],
|
|
1369
|
+
evidence: {
|
|
1370
|
+
identity: {
|
|
1371
|
+
field: "purl",
|
|
1372
|
+
confidence: 1,
|
|
1373
|
+
methods: [
|
|
1374
|
+
{
|
|
1375
|
+
technique: "manifest-analysis",
|
|
1376
|
+
confidence: 1,
|
|
1377
|
+
value: "./test/pnpm-lock.yaml"
|
|
1378
|
+
}
|
|
1379
|
+
]
|
|
1380
|
+
}
|
|
1381
|
+
}
|
|
1362
1382
|
});
|
|
1363
1383
|
parsedList = await parsePnpmLock("./test/data/pnpm-lock.yaml");
|
|
1364
1384
|
expect(parsedList.pkgList.length).toEqual(308);
|
|
@@ -1375,7 +1395,20 @@ test("parsePnpmLock", async () => {
|
|
|
1375
1395
|
name: "SrcFile",
|
|
1376
1396
|
value: "./test/data/pnpm-lock.yaml"
|
|
1377
1397
|
}
|
|
1378
|
-
]
|
|
1398
|
+
],
|
|
1399
|
+
evidence: {
|
|
1400
|
+
identity: {
|
|
1401
|
+
field: "purl",
|
|
1402
|
+
confidence: 1,
|
|
1403
|
+
methods: [
|
|
1404
|
+
{
|
|
1405
|
+
technique: "manifest-analysis",
|
|
1406
|
+
confidence: 1,
|
|
1407
|
+
value: "./test/data/pnpm-lock.yaml"
|
|
1408
|
+
}
|
|
1409
|
+
]
|
|
1410
|
+
}
|
|
1411
|
+
}
|
|
1379
1412
|
});
|
|
1380
1413
|
parsedList = await parsePnpmLock("./test/data/pnpm-lock2.yaml");
|
|
1381
1414
|
expect(parsedList.pkgList.length).toEqual(7);
|
|
@@ -1386,7 +1419,20 @@ test("parsePnpmLock", async () => {
|
|
|
1386
1419
|
version: "2.1.1",
|
|
1387
1420
|
scope: undefined,
|
|
1388
1421
|
_integrity: "sha1-w7M6te42DYbg5ijwRorn7yfWVN8=",
|
|
1389
|
-
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock2.yaml" }]
|
|
1422
|
+
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock2.yaml" }],
|
|
1423
|
+
evidence: {
|
|
1424
|
+
identity: {
|
|
1425
|
+
field: "purl",
|
|
1426
|
+
confidence: 1,
|
|
1427
|
+
methods: [
|
|
1428
|
+
{
|
|
1429
|
+
technique: "manifest-analysis",
|
|
1430
|
+
confidence: 1,
|
|
1431
|
+
value: "./test/data/pnpm-lock2.yaml"
|
|
1432
|
+
}
|
|
1433
|
+
]
|
|
1434
|
+
}
|
|
1435
|
+
}
|
|
1390
1436
|
});
|
|
1391
1437
|
expect(parsedList.dependenciesList[2]).toEqual({
|
|
1392
1438
|
ref: "pkg:npm/chalk@1.1.3",
|
|
@@ -1408,7 +1454,20 @@ test("parsePnpmLock", async () => {
|
|
|
1408
1454
|
scope: undefined,
|
|
1409
1455
|
_integrity:
|
|
1410
1456
|
"sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==",
|
|
1411
|
-
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock3.yaml" }]
|
|
1457
|
+
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock3.yaml" }],
|
|
1458
|
+
evidence: {
|
|
1459
|
+
identity: {
|
|
1460
|
+
field: "purl",
|
|
1461
|
+
confidence: 1,
|
|
1462
|
+
methods: [
|
|
1463
|
+
{
|
|
1464
|
+
technique: "manifest-analysis",
|
|
1465
|
+
confidence: 1,
|
|
1466
|
+
value: "./test/data/pnpm-lock3.yaml"
|
|
1467
|
+
}
|
|
1468
|
+
]
|
|
1469
|
+
}
|
|
1470
|
+
}
|
|
1412
1471
|
});
|
|
1413
1472
|
expect(parsedList.dependenciesList[2]).toEqual({
|
|
1414
1473
|
ref: "pkg:npm/@nodelib/fs.walk@1.2.8",
|
|
@@ -1428,7 +1487,20 @@ test("parsePnpmLock", async () => {
|
|
|
1428
1487
|
scope: "optional",
|
|
1429
1488
|
_integrity:
|
|
1430
1489
|
"sha512-TDCmlK5eOvH+eH7cdAFlNXeVJqWIQ7gW9tY1GJIpUtFb6CmjVyq2VM3u71bOyR8CRihcCgMUYoDNyLXao3+70Q==",
|
|
1431
|
-
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock6.yaml" }]
|
|
1490
|
+
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock6.yaml" }],
|
|
1491
|
+
evidence: {
|
|
1492
|
+
identity: {
|
|
1493
|
+
field: "purl",
|
|
1494
|
+
confidence: 1,
|
|
1495
|
+
methods: [
|
|
1496
|
+
{
|
|
1497
|
+
technique: "manifest-analysis",
|
|
1498
|
+
confidence: 1,
|
|
1499
|
+
value: "./test/data/pnpm-lock6.yaml"
|
|
1500
|
+
}
|
|
1501
|
+
]
|
|
1502
|
+
}
|
|
1503
|
+
}
|
|
1432
1504
|
});
|
|
1433
1505
|
expect(parsedList.pkgList[parsedList.pkgList.length - 1]).toEqual({
|
|
1434
1506
|
group: "",
|
|
@@ -1437,7 +1509,20 @@ test("parsePnpmLock", async () => {
|
|
|
1437
1509
|
scope: "optional",
|
|
1438
1510
|
_integrity:
|
|
1439
1511
|
"sha512-cwiTb08Xuv5fqF4AovYacTFNxk62th7LKJ6BL9IGUpTJrWoU7/7WdQGTP2SjKf1dUNBGzDd28p/Yfs/GI6JrLw==",
|
|
1440
|
-
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock6.yaml" }]
|
|
1512
|
+
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock6.yaml" }],
|
|
1513
|
+
evidence: {
|
|
1514
|
+
identity: {
|
|
1515
|
+
field: "purl",
|
|
1516
|
+
confidence: 1,
|
|
1517
|
+
methods: [
|
|
1518
|
+
{
|
|
1519
|
+
technique: "manifest-analysis",
|
|
1520
|
+
confidence: 1,
|
|
1521
|
+
value: "./test/data/pnpm-lock6.yaml"
|
|
1522
|
+
}
|
|
1523
|
+
]
|
|
1524
|
+
}
|
|
1525
|
+
}
|
|
1441
1526
|
});
|
|
1442
1527
|
parsedList = await parsePnpmLock("./test/data/pnpm-lock6a.yaml");
|
|
1443
1528
|
expect(parsedList.pkgList.length).toEqual(229);
|
|
@@ -1449,7 +1534,20 @@ test("parsePnpmLock", async () => {
|
|
|
1449
1534
|
scope: "optional",
|
|
1450
1535
|
_integrity:
|
|
1451
1536
|
"sha512-TDCmlK5eOvH+eH7cdAFlNXeVJqWIQ7gW9tY1GJIpUtFb6CmjVyq2VM3u71bOyR8CRihcCgMUYoDNyLXao3+70Q==",
|
|
1452
|
-
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock6a.yaml" }]
|
|
1537
|
+
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock6a.yaml" }],
|
|
1538
|
+
evidence: {
|
|
1539
|
+
identity: {
|
|
1540
|
+
field: "purl",
|
|
1541
|
+
confidence: 1,
|
|
1542
|
+
methods: [
|
|
1543
|
+
{
|
|
1544
|
+
technique: "manifest-analysis",
|
|
1545
|
+
confidence: 1,
|
|
1546
|
+
value: "./test/data/pnpm-lock6a.yaml"
|
|
1547
|
+
}
|
|
1548
|
+
]
|
|
1549
|
+
}
|
|
1550
|
+
}
|
|
1453
1551
|
});
|
|
1454
1552
|
});
|
|
1455
1553
|
|
|
@@ -1468,7 +1566,20 @@ test("parseYarnLock", async () => {
|
|
|
1468
1566
|
name: "SrcFile",
|
|
1469
1567
|
value: "./test/yarn.lock"
|
|
1470
1568
|
}
|
|
1471
|
-
]
|
|
1569
|
+
],
|
|
1570
|
+
evidence: {
|
|
1571
|
+
identity: {
|
|
1572
|
+
field: "purl",
|
|
1573
|
+
confidence: 1,
|
|
1574
|
+
methods: [
|
|
1575
|
+
{
|
|
1576
|
+
technique: "manifest-analysis",
|
|
1577
|
+
confidence: 1,
|
|
1578
|
+
value: "./test/yarn.lock"
|
|
1579
|
+
}
|
|
1580
|
+
]
|
|
1581
|
+
}
|
|
1582
|
+
}
|
|
1472
1583
|
});
|
|
1473
1584
|
expect(parsedList.dependenciesList.length).toEqual(56);
|
|
1474
1585
|
identMap = yarnLockToIdentMap(
|
|
@@ -1489,7 +1600,20 @@ test("parseYarnLock", async () => {
|
|
|
1489
1600
|
name: "SrcFile",
|
|
1490
1601
|
value: "./test/data/yarn_locks/yarn.lock"
|
|
1491
1602
|
}
|
|
1492
|
-
]
|
|
1603
|
+
],
|
|
1604
|
+
evidence: {
|
|
1605
|
+
identity: {
|
|
1606
|
+
field: "purl",
|
|
1607
|
+
confidence: 1,
|
|
1608
|
+
methods: [
|
|
1609
|
+
{
|
|
1610
|
+
technique: "manifest-analysis",
|
|
1611
|
+
confidence: 1,
|
|
1612
|
+
value: "./test/data/yarn_locks/yarn.lock"
|
|
1613
|
+
}
|
|
1614
|
+
]
|
|
1615
|
+
}
|
|
1616
|
+
}
|
|
1493
1617
|
});
|
|
1494
1618
|
parsedList.pkgList.forEach((d) => {
|
|
1495
1619
|
expect(d.name).toBeDefined();
|
|
@@ -1510,7 +1634,20 @@ test("parseYarnLock", async () => {
|
|
|
1510
1634
|
name: "SrcFile",
|
|
1511
1635
|
value: "./test/data/yarn_locks/yarn-multi.lock"
|
|
1512
1636
|
}
|
|
1513
|
-
]
|
|
1637
|
+
],
|
|
1638
|
+
evidence: {
|
|
1639
|
+
identity: {
|
|
1640
|
+
field: "purl",
|
|
1641
|
+
confidence: 1,
|
|
1642
|
+
methods: [
|
|
1643
|
+
{
|
|
1644
|
+
technique: "manifest-analysis",
|
|
1645
|
+
confidence: 1,
|
|
1646
|
+
value: "./test/data/yarn_locks/yarn-multi.lock"
|
|
1647
|
+
}
|
|
1648
|
+
]
|
|
1649
|
+
}
|
|
1650
|
+
}
|
|
1514
1651
|
});
|
|
1515
1652
|
|
|
1516
1653
|
parsedList = await parseYarnLock("./test/data/yarn_locks/yarn-light.lock");
|
|
@@ -1527,7 +1664,20 @@ test("parseYarnLock", async () => {
|
|
|
1527
1664
|
name: "SrcFile",
|
|
1528
1665
|
value: "./test/data/yarn_locks/yarn-light.lock"
|
|
1529
1666
|
}
|
|
1530
|
-
]
|
|
1667
|
+
],
|
|
1668
|
+
evidence: {
|
|
1669
|
+
identity: {
|
|
1670
|
+
field: "purl",
|
|
1671
|
+
confidence: 1,
|
|
1672
|
+
methods: [
|
|
1673
|
+
{
|
|
1674
|
+
technique: "manifest-analysis",
|
|
1675
|
+
confidence: 1,
|
|
1676
|
+
value: "./test/data/yarn_locks/yarn-light.lock"
|
|
1677
|
+
}
|
|
1678
|
+
]
|
|
1679
|
+
}
|
|
1680
|
+
}
|
|
1531
1681
|
});
|
|
1532
1682
|
|
|
1533
1683
|
parsedList = await parseYarnLock("./test/data/yarn_locks/yarn3.lock");
|
|
@@ -1544,7 +1694,20 @@ test("parseYarnLock", async () => {
|
|
|
1544
1694
|
name: "SrcFile",
|
|
1545
1695
|
value: "./test/data/yarn_locks/yarn3.lock"
|
|
1546
1696
|
}
|
|
1547
|
-
]
|
|
1697
|
+
],
|
|
1698
|
+
evidence: {
|
|
1699
|
+
identity: {
|
|
1700
|
+
field: "purl",
|
|
1701
|
+
confidence: 1,
|
|
1702
|
+
methods: [
|
|
1703
|
+
{
|
|
1704
|
+
technique: "manifest-analysis",
|
|
1705
|
+
confidence: 1,
|
|
1706
|
+
value: "./test/data/yarn_locks/yarn3.lock"
|
|
1707
|
+
}
|
|
1708
|
+
]
|
|
1709
|
+
}
|
|
1710
|
+
}
|
|
1548
1711
|
});
|
|
1549
1712
|
|
|
1550
1713
|
parsedList = await parseYarnLock("./test/data/yarn_locks/yarnv2.lock");
|
|
@@ -1561,7 +1724,20 @@ test("parseYarnLock", async () => {
|
|
|
1561
1724
|
name: "SrcFile",
|
|
1562
1725
|
value: "./test/data/yarn_locks/yarnv2.lock"
|
|
1563
1726
|
}
|
|
1564
|
-
]
|
|
1727
|
+
],
|
|
1728
|
+
evidence: {
|
|
1729
|
+
identity: {
|
|
1730
|
+
field: "purl",
|
|
1731
|
+
confidence: 1,
|
|
1732
|
+
methods: [
|
|
1733
|
+
{
|
|
1734
|
+
technique: "manifest-analysis",
|
|
1735
|
+
confidence: 1,
|
|
1736
|
+
value: "./test/data/yarn_locks/yarnv2.lock"
|
|
1737
|
+
}
|
|
1738
|
+
]
|
|
1739
|
+
}
|
|
1740
|
+
}
|
|
1565
1741
|
});
|
|
1566
1742
|
parsedList = await parseYarnLock("./test/data/yarn_locks/yarnv3.lock");
|
|
1567
1743
|
expect(parsedList.pkgList.length).toEqual(325);
|
|
@@ -1577,7 +1753,20 @@ test("parseYarnLock", async () => {
|
|
|
1577
1753
|
name: "SrcFile",
|
|
1578
1754
|
value: "./test/data/yarn_locks/yarnv3.lock"
|
|
1579
1755
|
}
|
|
1580
|
-
]
|
|
1756
|
+
],
|
|
1757
|
+
evidence: {
|
|
1758
|
+
identity: {
|
|
1759
|
+
field: "purl",
|
|
1760
|
+
confidence: 1,
|
|
1761
|
+
methods: [
|
|
1762
|
+
{
|
|
1763
|
+
technique: "manifest-analysis",
|
|
1764
|
+
confidence: 1,
|
|
1765
|
+
value: "./test/data/yarn_locks/yarnv3.lock"
|
|
1766
|
+
}
|
|
1767
|
+
]
|
|
1768
|
+
}
|
|
1769
|
+
}
|
|
1581
1770
|
});
|
|
1582
1771
|
parsedList = await parseYarnLock("./test/data/yarn_locks/yarn4.lock");
|
|
1583
1772
|
expect(parsedList.pkgList.length).toEqual(1);
|
|
@@ -1593,7 +1782,20 @@ test("parseYarnLock", async () => {
|
|
|
1593
1782
|
"sha512-JE93VWVyVa07xkK1wJ5ogjSZ30Nn4ptUuUXdPnu8MsKme1xFHLFFD3UtnHxnxnNDSnGx+WLlhuyHdIFfSCYqYg==",
|
|
1594
1783
|
properties: [
|
|
1595
1784
|
{ name: "SrcFile", value: "./test/data/yarn_locks/yarn-at.lock" }
|
|
1596
|
-
]
|
|
1785
|
+
],
|
|
1786
|
+
evidence: {
|
|
1787
|
+
identity: {
|
|
1788
|
+
field: "purl",
|
|
1789
|
+
confidence: 1,
|
|
1790
|
+
methods: [
|
|
1791
|
+
{
|
|
1792
|
+
technique: "manifest-analysis",
|
|
1793
|
+
confidence: 1,
|
|
1794
|
+
value: "./test/data/yarn_locks/yarn-at.lock"
|
|
1795
|
+
}
|
|
1796
|
+
]
|
|
1797
|
+
}
|
|
1798
|
+
}
|
|
1597
1799
|
});
|
|
1598
1800
|
});
|
|
1599
1801
|
|
|
@@ -1617,7 +1819,20 @@ test("parseComposerLock", () => {
|
|
|
1617
1819
|
name: "SrcFile",
|
|
1618
1820
|
value: "./test/data/composer.lock"
|
|
1619
1821
|
}
|
|
1620
|
-
]
|
|
1822
|
+
],
|
|
1823
|
+
evidence: {
|
|
1824
|
+
identity: {
|
|
1825
|
+
field: "purl",
|
|
1826
|
+
confidence: 1,
|
|
1827
|
+
methods: [
|
|
1828
|
+
{
|
|
1829
|
+
technique: "manifest-analysis",
|
|
1830
|
+
confidence: 1,
|
|
1831
|
+
value: "./test/data/composer.lock"
|
|
1832
|
+
}
|
|
1833
|
+
]
|
|
1834
|
+
}
|
|
1835
|
+
}
|
|
1621
1836
|
});
|
|
1622
1837
|
|
|
1623
1838
|
deps = parseComposerLock("./test/data/composer-2.lock");
|
|
@@ -1639,7 +1854,20 @@ test("parseComposerLock", () => {
|
|
|
1639
1854
|
name: "SrcFile",
|
|
1640
1855
|
value: "./test/data/composer-2.lock"
|
|
1641
1856
|
}
|
|
1642
|
-
]
|
|
1857
|
+
],
|
|
1858
|
+
evidence: {
|
|
1859
|
+
identity: {
|
|
1860
|
+
field: "purl",
|
|
1861
|
+
confidence: 1,
|
|
1862
|
+
methods: [
|
|
1863
|
+
{
|
|
1864
|
+
technique: "manifest-analysis",
|
|
1865
|
+
confidence: 1,
|
|
1866
|
+
value: "./test/data/composer-2.lock"
|
|
1867
|
+
}
|
|
1868
|
+
]
|
|
1869
|
+
}
|
|
1870
|
+
}
|
|
1643
1871
|
});
|
|
1644
1872
|
|
|
1645
1873
|
deps = parseComposerLock("./test/data/composer-3.lock");
|
|
@@ -1656,12 +1884,25 @@ test("parseComposerLock", () => {
|
|
|
1656
1884
|
license: ["MIT"],
|
|
1657
1885
|
description: "A non-blocking concurrency framework for PHP applications.",
|
|
1658
1886
|
scope: "required",
|
|
1659
|
-
properties: [{ name: "SrcFile", value: "./test/data/composer-3.lock" }]
|
|
1887
|
+
properties: [{ name: "SrcFile", value: "./test/data/composer-3.lock" }],
|
|
1888
|
+
evidence: {
|
|
1889
|
+
identity: {
|
|
1890
|
+
field: "purl",
|
|
1891
|
+
confidence: 1,
|
|
1892
|
+
methods: [
|
|
1893
|
+
{
|
|
1894
|
+
technique: "manifest-analysis",
|
|
1895
|
+
confidence: 1,
|
|
1896
|
+
value: "./test/data/composer-3.lock"
|
|
1897
|
+
}
|
|
1898
|
+
]
|
|
1899
|
+
}
|
|
1900
|
+
}
|
|
1660
1901
|
});
|
|
1661
1902
|
});
|
|
1662
1903
|
|
|
1663
1904
|
test("parseGemfileLockData", async () => {
|
|
1664
|
-
|
|
1905
|
+
const deps = await parseGemfileLockData(
|
|
1665
1906
|
readFileSync("./test/data/Gemfile.lock", { encoding: "utf-8" })
|
|
1666
1907
|
);
|
|
1667
1908
|
expect(deps.length).toEqual(140);
|
|
@@ -1672,7 +1913,7 @@ test("parseGemfileLockData", async () => {
|
|
|
1672
1913
|
});
|
|
1673
1914
|
|
|
1674
1915
|
test("parseGemspecData", async () => {
|
|
1675
|
-
|
|
1916
|
+
const deps = await parseGemspecData(
|
|
1676
1917
|
readFileSync("./test/data/xmlrpc.gemspec", { encoding: "utf-8" })
|
|
1677
1918
|
);
|
|
1678
1919
|
expect(deps.length).toEqual(1);
|
|
@@ -1751,7 +1992,7 @@ test("parse wheel metadata", () => {
|
|
|
1751
1992
|
});
|
|
1752
1993
|
|
|
1753
1994
|
test("parse wheel", async () => {
|
|
1754
|
-
|
|
1995
|
+
const metadata = await readZipEntry(
|
|
1755
1996
|
"./test/data/appthreat_depscan-2.0.2-py3-none-any.whl",
|
|
1756
1997
|
"METADATA"
|
|
1757
1998
|
);
|
|
@@ -1768,13 +2009,13 @@ test("parse wheel", async () => {
|
|
|
1768
2009
|
});
|
|
1769
2010
|
|
|
1770
2011
|
test("parse pipfile.lock with hashes", async () => {
|
|
1771
|
-
|
|
2012
|
+
const deps = await parsePiplockData(
|
|
1772
2013
|
JSON.parse(readFileSync("./test/data/Pipfile.lock", { encoding: "utf-8" }))
|
|
1773
2014
|
);
|
|
1774
2015
|
expect(deps.length).toEqual(46);
|
|
1775
2016
|
}, 120000);
|
|
1776
2017
|
|
|
1777
|
-
test("parse scala sbt list",
|
|
2018
|
+
test("parse scala sbt list", () => {
|
|
1778
2019
|
let deps = parseKVDep(
|
|
1779
2020
|
readFileSync("./test/data/sbt-dl.list", { encoding: "utf-8" })
|
|
1780
2021
|
);
|
|
@@ -1785,19 +2026,19 @@ test("parse scala sbt list", async () => {
|
|
|
1785
2026
|
expect(deps.length).toEqual(117);
|
|
1786
2027
|
});
|
|
1787
2028
|
|
|
1788
|
-
test("parse scala sbt lock",
|
|
1789
|
-
|
|
2029
|
+
test("parse scala sbt lock", () => {
|
|
2030
|
+
const deps = parseSbtLock("./test/data/build.sbt.lock");
|
|
1790
2031
|
expect(deps.length).toEqual(117);
|
|
1791
2032
|
});
|
|
1792
2033
|
|
|
1793
2034
|
test("parse nupkg file", async () => {
|
|
1794
|
-
|
|
2035
|
+
const deps = await parseNupkg("./test/data/jquery.3.6.0.nupkg");
|
|
1795
2036
|
expect(deps.length).toEqual(1);
|
|
1796
2037
|
expect(deps[0].name).toEqual("jQuery");
|
|
1797
2038
|
});
|
|
1798
2039
|
|
|
1799
2040
|
test("parse bazel skyframe", () => {
|
|
1800
|
-
|
|
2041
|
+
const deps = parseBazelSkyframe(
|
|
1801
2042
|
readFileSync("./test/data/bazel/bazel-state.txt", { encoding: "utf-8" })
|
|
1802
2043
|
);
|
|
1803
2044
|
expect(deps.length).toEqual(16);
|
|
@@ -1805,7 +2046,7 @@ test("parse bazel skyframe", () => {
|
|
|
1805
2046
|
});
|
|
1806
2047
|
|
|
1807
2048
|
test("parse bazel build", () => {
|
|
1808
|
-
|
|
2049
|
+
const projs = parseBazelBuild(
|
|
1809
2050
|
readFileSync("./test/data/bazel/BUILD", { encoding: "utf-8" })
|
|
1810
2051
|
);
|
|
1811
2052
|
expect(projs.length).toEqual(2);
|
|
@@ -1931,7 +2172,7 @@ test("parse container spec like files", async () => {
|
|
|
1931
2172
|
|
|
1932
2173
|
test("parse cloudbuild data", async () => {
|
|
1933
2174
|
expect(await parseCloudBuildData(null)).toEqual([]);
|
|
1934
|
-
|
|
2175
|
+
const dep_list = await parseCloudBuildData(
|
|
1935
2176
|
readFileSync("./test/data/cloudbuild.yaml", { encoding: "utf-8" })
|
|
1936
2177
|
);
|
|
1937
2178
|
expect(dep_list.length).toEqual(1);
|
|
@@ -1943,7 +2184,7 @@ test("parse cloudbuild data", async () => {
|
|
|
1943
2184
|
});
|
|
1944
2185
|
|
|
1945
2186
|
test("parse privado files", () => {
|
|
1946
|
-
|
|
2187
|
+
const servList = parsePrivadoFile("./test/data/privado.json");
|
|
1947
2188
|
expect(servList.length).toEqual(1);
|
|
1948
2189
|
expect(servList[0].data.length).toEqual(11);
|
|
1949
2190
|
expect(servList[0].endpoints.length).toEqual(17);
|
|
@@ -2123,6 +2364,19 @@ test("parse swift deps files", () => {
|
|
|
2123
2364
|
group: "",
|
|
2124
2365
|
version: "1.0.3",
|
|
2125
2366
|
properties: [{ name: "SrcFile", value: "./test/data/Package.resolved" }],
|
|
2367
|
+
evidence: {
|
|
2368
|
+
identity: {
|
|
2369
|
+
field: "purl",
|
|
2370
|
+
confidence: 1,
|
|
2371
|
+
methods: [
|
|
2372
|
+
{
|
|
2373
|
+
technique: "manifest-analysis",
|
|
2374
|
+
confidence: 1,
|
|
2375
|
+
value: "./test/data/Package.resolved"
|
|
2376
|
+
}
|
|
2377
|
+
]
|
|
2378
|
+
}
|
|
2379
|
+
},
|
|
2126
2380
|
repository: { url: "https://github.com/apple/swift-argument-parser" }
|
|
2127
2381
|
});
|
|
2128
2382
|
pkgList = parseSwiftResolved("./test/data/Package2.resolved");
|
|
@@ -2132,6 +2386,19 @@ test("parse swift deps files", () => {
|
|
|
2132
2386
|
group: "",
|
|
2133
2387
|
version: "1.2.2",
|
|
2134
2388
|
properties: [{ name: "SrcFile", value: "./test/data/Package2.resolved" }],
|
|
2389
|
+
evidence: {
|
|
2390
|
+
identity: {
|
|
2391
|
+
field: "purl",
|
|
2392
|
+
confidence: 1,
|
|
2393
|
+
methods: [
|
|
2394
|
+
{
|
|
2395
|
+
technique: "manifest-analysis",
|
|
2396
|
+
confidence: 1,
|
|
2397
|
+
value: "./test/data/Package2.resolved"
|
|
2398
|
+
}
|
|
2399
|
+
]
|
|
2400
|
+
}
|
|
2401
|
+
},
|
|
2135
2402
|
repository: { url: "https://github.com/apple/swift-argument-parser.git" }
|
|
2136
2403
|
});
|
|
2137
2404
|
});
|