@cyclonedx/cdxgen 9.0.1 → 9.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +64 -25
- package/analyzer.js +1 -1
- package/bin/cdxgen.js +18 -24
- package/binary.js +7 -7
- package/data/bom-1.5.schema.json +3660 -0
- package/data/jsf-0.82.schema.json +211 -0
- package/data/pypi-pkg-aliases.json +84 -77
- package/data/spdx.schema.json +621 -0
- package/display.js +102 -0
- package/display.test.js +10 -0
- package/docker.js +12 -24
- package/docker.test.js +1 -1
- package/index.js +316 -300
- package/package.json +5 -3
- package/piptree.js +136 -0
- package/server.js +2 -2
- package/utils.js +500 -218
- package/utils.test.js +301 -35
package/utils.test.js
CHANGED
|
@@ -64,8 +64,8 @@ import {
|
|
|
64
64
|
parseSwiftJsonTree,
|
|
65
65
|
parseSwiftResolved,
|
|
66
66
|
guessPypiMatchingVersion
|
|
67
|
-
} from "./utils";
|
|
68
|
-
import { readFileSync } from "fs";
|
|
67
|
+
} from "./utils.js";
|
|
68
|
+
import { readFileSync } from "node:fs";
|
|
69
69
|
import { parse } from "ssri";
|
|
70
70
|
import { expect, test } from "@jest/globals";
|
|
71
71
|
|
|
@@ -91,6 +91,12 @@ test("SSRI test", () => {
|
|
|
91
91
|
expect(ss.sha256[0].digest).toStrictEqual(
|
|
92
92
|
"LKUyprxlVmM0QAS6ECQ20pAxAY6rI2JHZ42x2JeGJ78="
|
|
93
93
|
);
|
|
94
|
+
ss = parse(
|
|
95
|
+
"sha512-Vn0lE2mprXEFPcRoI89xjw1fk1VJiyVbwfaPnVnvCXxEieByioO8Mj6sMwa6ON9PRuqbAjIxaQpkzccu41sYlw=="
|
|
96
|
+
);
|
|
97
|
+
expect(ss.sha512[0].digest).toStrictEqual(
|
|
98
|
+
"Vn0lE2mprXEFPcRoI89xjw1fk1VJiyVbwfaPnVnvCXxEieByioO8Mj6sMwa6ON9PRuqbAjIxaQpkzccu41sYlw=="
|
|
99
|
+
);
|
|
94
100
|
});
|
|
95
101
|
|
|
96
102
|
test("Parse requires dist string", () => {
|
|
@@ -633,7 +639,7 @@ test("parseGoSumData", async () => {
|
|
|
633
639
|
}, 120000);
|
|
634
640
|
|
|
635
641
|
test("parse go list dependencies", async () => {
|
|
636
|
-
|
|
642
|
+
const dep_list = await parseGoListDep(
|
|
637
643
|
readFileSync("./test/data/golist-dep.txt", { encoding: "utf-8" }),
|
|
638
644
|
{}
|
|
639
645
|
);
|
|
@@ -766,7 +772,7 @@ test("parse cargo toml", async () => {
|
|
|
766
772
|
|
|
767
773
|
test("parse cargo auditable data", async () => {
|
|
768
774
|
expect(await parseCargoAuditableData(null)).toEqual([]);
|
|
769
|
-
|
|
775
|
+
const dep_list = await parseCargoAuditableData(
|
|
770
776
|
readFileSync("./test/data/cargo-auditable.txt", { encoding: "utf-8" })
|
|
771
777
|
);
|
|
772
778
|
expect(dep_list.length).toEqual(32);
|
|
@@ -1003,7 +1009,7 @@ test("parse github actions workflow data", async () => {
|
|
|
1003
1009
|
dep_list = await parseGitHubWorkflowData(
|
|
1004
1010
|
readFileSync("./.github/workflows/repotests.yml", { encoding: "utf-8" })
|
|
1005
1011
|
);
|
|
1006
|
-
expect(dep_list.length).toEqual(
|
|
1012
|
+
expect(dep_list.length).toEqual(6);
|
|
1007
1013
|
expect(dep_list[0]).toEqual({
|
|
1008
1014
|
group: "actions",
|
|
1009
1015
|
name: "checkout",
|
|
@@ -1359,7 +1365,20 @@ test("parsePnpmLock", async () => {
|
|
|
1359
1365
|
name: "SrcFile",
|
|
1360
1366
|
value: "./test/pnpm-lock.yaml"
|
|
1361
1367
|
}
|
|
1362
|
-
]
|
|
1368
|
+
],
|
|
1369
|
+
evidence: {
|
|
1370
|
+
identity: {
|
|
1371
|
+
field: "purl",
|
|
1372
|
+
confidence: 1,
|
|
1373
|
+
methods: [
|
|
1374
|
+
{
|
|
1375
|
+
technique: "manifest-analysis",
|
|
1376
|
+
confidence: 1,
|
|
1377
|
+
value: "./test/pnpm-lock.yaml"
|
|
1378
|
+
}
|
|
1379
|
+
]
|
|
1380
|
+
}
|
|
1381
|
+
}
|
|
1363
1382
|
});
|
|
1364
1383
|
parsedList = await parsePnpmLock("./test/data/pnpm-lock.yaml");
|
|
1365
1384
|
expect(parsedList.pkgList.length).toEqual(308);
|
|
@@ -1376,7 +1395,20 @@ test("parsePnpmLock", async () => {
|
|
|
1376
1395
|
name: "SrcFile",
|
|
1377
1396
|
value: "./test/data/pnpm-lock.yaml"
|
|
1378
1397
|
}
|
|
1379
|
-
]
|
|
1398
|
+
],
|
|
1399
|
+
evidence: {
|
|
1400
|
+
identity: {
|
|
1401
|
+
field: "purl",
|
|
1402
|
+
confidence: 1,
|
|
1403
|
+
methods: [
|
|
1404
|
+
{
|
|
1405
|
+
technique: "manifest-analysis",
|
|
1406
|
+
confidence: 1,
|
|
1407
|
+
value: "./test/data/pnpm-lock.yaml"
|
|
1408
|
+
}
|
|
1409
|
+
]
|
|
1410
|
+
}
|
|
1411
|
+
}
|
|
1380
1412
|
});
|
|
1381
1413
|
parsedList = await parsePnpmLock("./test/data/pnpm-lock2.yaml");
|
|
1382
1414
|
expect(parsedList.pkgList.length).toEqual(7);
|
|
@@ -1387,7 +1419,20 @@ test("parsePnpmLock", async () => {
|
|
|
1387
1419
|
version: "2.1.1",
|
|
1388
1420
|
scope: undefined,
|
|
1389
1421
|
_integrity: "sha1-w7M6te42DYbg5ijwRorn7yfWVN8=",
|
|
1390
|
-
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock2.yaml" }]
|
|
1422
|
+
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock2.yaml" }],
|
|
1423
|
+
evidence: {
|
|
1424
|
+
identity: {
|
|
1425
|
+
field: "purl",
|
|
1426
|
+
confidence: 1,
|
|
1427
|
+
methods: [
|
|
1428
|
+
{
|
|
1429
|
+
technique: "manifest-analysis",
|
|
1430
|
+
confidence: 1,
|
|
1431
|
+
value: "./test/data/pnpm-lock2.yaml"
|
|
1432
|
+
}
|
|
1433
|
+
]
|
|
1434
|
+
}
|
|
1435
|
+
}
|
|
1391
1436
|
});
|
|
1392
1437
|
expect(parsedList.dependenciesList[2]).toEqual({
|
|
1393
1438
|
ref: "pkg:npm/chalk@1.1.3",
|
|
@@ -1409,7 +1454,20 @@ test("parsePnpmLock", async () => {
|
|
|
1409
1454
|
scope: undefined,
|
|
1410
1455
|
_integrity:
|
|
1411
1456
|
"sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==",
|
|
1412
|
-
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock3.yaml" }]
|
|
1457
|
+
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock3.yaml" }],
|
|
1458
|
+
evidence: {
|
|
1459
|
+
identity: {
|
|
1460
|
+
field: "purl",
|
|
1461
|
+
confidence: 1,
|
|
1462
|
+
methods: [
|
|
1463
|
+
{
|
|
1464
|
+
technique: "manifest-analysis",
|
|
1465
|
+
confidence: 1,
|
|
1466
|
+
value: "./test/data/pnpm-lock3.yaml"
|
|
1467
|
+
}
|
|
1468
|
+
]
|
|
1469
|
+
}
|
|
1470
|
+
}
|
|
1413
1471
|
});
|
|
1414
1472
|
expect(parsedList.dependenciesList[2]).toEqual({
|
|
1415
1473
|
ref: "pkg:npm/@nodelib/fs.walk@1.2.8",
|
|
@@ -1429,7 +1487,20 @@ test("parsePnpmLock", async () => {
|
|
|
1429
1487
|
scope: "optional",
|
|
1430
1488
|
_integrity:
|
|
1431
1489
|
"sha512-TDCmlK5eOvH+eH7cdAFlNXeVJqWIQ7gW9tY1GJIpUtFb6CmjVyq2VM3u71bOyR8CRihcCgMUYoDNyLXao3+70Q==",
|
|
1432
|
-
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock6.yaml" }]
|
|
1490
|
+
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock6.yaml" }],
|
|
1491
|
+
evidence: {
|
|
1492
|
+
identity: {
|
|
1493
|
+
field: "purl",
|
|
1494
|
+
confidence: 1,
|
|
1495
|
+
methods: [
|
|
1496
|
+
{
|
|
1497
|
+
technique: "manifest-analysis",
|
|
1498
|
+
confidence: 1,
|
|
1499
|
+
value: "./test/data/pnpm-lock6.yaml"
|
|
1500
|
+
}
|
|
1501
|
+
]
|
|
1502
|
+
}
|
|
1503
|
+
}
|
|
1433
1504
|
});
|
|
1434
1505
|
expect(parsedList.pkgList[parsedList.pkgList.length - 1]).toEqual({
|
|
1435
1506
|
group: "",
|
|
@@ -1438,7 +1509,20 @@ test("parsePnpmLock", async () => {
|
|
|
1438
1509
|
scope: "optional",
|
|
1439
1510
|
_integrity:
|
|
1440
1511
|
"sha512-cwiTb08Xuv5fqF4AovYacTFNxk62th7LKJ6BL9IGUpTJrWoU7/7WdQGTP2SjKf1dUNBGzDd28p/Yfs/GI6JrLw==",
|
|
1441
|
-
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock6.yaml" }]
|
|
1512
|
+
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock6.yaml" }],
|
|
1513
|
+
evidence: {
|
|
1514
|
+
identity: {
|
|
1515
|
+
field: "purl",
|
|
1516
|
+
confidence: 1,
|
|
1517
|
+
methods: [
|
|
1518
|
+
{
|
|
1519
|
+
technique: "manifest-analysis",
|
|
1520
|
+
confidence: 1,
|
|
1521
|
+
value: "./test/data/pnpm-lock6.yaml"
|
|
1522
|
+
}
|
|
1523
|
+
]
|
|
1524
|
+
}
|
|
1525
|
+
}
|
|
1442
1526
|
});
|
|
1443
1527
|
parsedList = await parsePnpmLock("./test/data/pnpm-lock6a.yaml");
|
|
1444
1528
|
expect(parsedList.pkgList.length).toEqual(229);
|
|
@@ -1450,7 +1534,20 @@ test("parsePnpmLock", async () => {
|
|
|
1450
1534
|
scope: "optional",
|
|
1451
1535
|
_integrity:
|
|
1452
1536
|
"sha512-TDCmlK5eOvH+eH7cdAFlNXeVJqWIQ7gW9tY1GJIpUtFb6CmjVyq2VM3u71bOyR8CRihcCgMUYoDNyLXao3+70Q==",
|
|
1453
|
-
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock6a.yaml" }]
|
|
1537
|
+
properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock6a.yaml" }],
|
|
1538
|
+
evidence: {
|
|
1539
|
+
identity: {
|
|
1540
|
+
field: "purl",
|
|
1541
|
+
confidence: 1,
|
|
1542
|
+
methods: [
|
|
1543
|
+
{
|
|
1544
|
+
technique: "manifest-analysis",
|
|
1545
|
+
confidence: 1,
|
|
1546
|
+
value: "./test/data/pnpm-lock6a.yaml"
|
|
1547
|
+
}
|
|
1548
|
+
]
|
|
1549
|
+
}
|
|
1550
|
+
}
|
|
1454
1551
|
});
|
|
1455
1552
|
});
|
|
1456
1553
|
|
|
@@ -1469,7 +1566,20 @@ test("parseYarnLock", async () => {
|
|
|
1469
1566
|
name: "SrcFile",
|
|
1470
1567
|
value: "./test/yarn.lock"
|
|
1471
1568
|
}
|
|
1472
|
-
]
|
|
1569
|
+
],
|
|
1570
|
+
evidence: {
|
|
1571
|
+
identity: {
|
|
1572
|
+
field: "purl",
|
|
1573
|
+
confidence: 1,
|
|
1574
|
+
methods: [
|
|
1575
|
+
{
|
|
1576
|
+
technique: "manifest-analysis",
|
|
1577
|
+
confidence: 1,
|
|
1578
|
+
value: "./test/yarn.lock"
|
|
1579
|
+
}
|
|
1580
|
+
]
|
|
1581
|
+
}
|
|
1582
|
+
}
|
|
1473
1583
|
});
|
|
1474
1584
|
expect(parsedList.dependenciesList.length).toEqual(56);
|
|
1475
1585
|
identMap = yarnLockToIdentMap(
|
|
@@ -1490,7 +1600,20 @@ test("parseYarnLock", async () => {
|
|
|
1490
1600
|
name: "SrcFile",
|
|
1491
1601
|
value: "./test/data/yarn_locks/yarn.lock"
|
|
1492
1602
|
}
|
|
1493
|
-
]
|
|
1603
|
+
],
|
|
1604
|
+
evidence: {
|
|
1605
|
+
identity: {
|
|
1606
|
+
field: "purl",
|
|
1607
|
+
confidence: 1,
|
|
1608
|
+
methods: [
|
|
1609
|
+
{
|
|
1610
|
+
technique: "manifest-analysis",
|
|
1611
|
+
confidence: 1,
|
|
1612
|
+
value: "./test/data/yarn_locks/yarn.lock"
|
|
1613
|
+
}
|
|
1614
|
+
]
|
|
1615
|
+
}
|
|
1616
|
+
}
|
|
1494
1617
|
});
|
|
1495
1618
|
parsedList.pkgList.forEach((d) => {
|
|
1496
1619
|
expect(d.name).toBeDefined();
|
|
@@ -1511,7 +1634,20 @@ test("parseYarnLock", async () => {
|
|
|
1511
1634
|
name: "SrcFile",
|
|
1512
1635
|
value: "./test/data/yarn_locks/yarn-multi.lock"
|
|
1513
1636
|
}
|
|
1514
|
-
]
|
|
1637
|
+
],
|
|
1638
|
+
evidence: {
|
|
1639
|
+
identity: {
|
|
1640
|
+
field: "purl",
|
|
1641
|
+
confidence: 1,
|
|
1642
|
+
methods: [
|
|
1643
|
+
{
|
|
1644
|
+
technique: "manifest-analysis",
|
|
1645
|
+
confidence: 1,
|
|
1646
|
+
value: "./test/data/yarn_locks/yarn-multi.lock"
|
|
1647
|
+
}
|
|
1648
|
+
]
|
|
1649
|
+
}
|
|
1650
|
+
}
|
|
1515
1651
|
});
|
|
1516
1652
|
|
|
1517
1653
|
parsedList = await parseYarnLock("./test/data/yarn_locks/yarn-light.lock");
|
|
@@ -1528,7 +1664,20 @@ test("parseYarnLock", async () => {
|
|
|
1528
1664
|
name: "SrcFile",
|
|
1529
1665
|
value: "./test/data/yarn_locks/yarn-light.lock"
|
|
1530
1666
|
}
|
|
1531
|
-
]
|
|
1667
|
+
],
|
|
1668
|
+
evidence: {
|
|
1669
|
+
identity: {
|
|
1670
|
+
field: "purl",
|
|
1671
|
+
confidence: 1,
|
|
1672
|
+
methods: [
|
|
1673
|
+
{
|
|
1674
|
+
technique: "manifest-analysis",
|
|
1675
|
+
confidence: 1,
|
|
1676
|
+
value: "./test/data/yarn_locks/yarn-light.lock"
|
|
1677
|
+
}
|
|
1678
|
+
]
|
|
1679
|
+
}
|
|
1680
|
+
}
|
|
1532
1681
|
});
|
|
1533
1682
|
|
|
1534
1683
|
parsedList = await parseYarnLock("./test/data/yarn_locks/yarn3.lock");
|
|
@@ -1545,7 +1694,20 @@ test("parseYarnLock", async () => {
|
|
|
1545
1694
|
name: "SrcFile",
|
|
1546
1695
|
value: "./test/data/yarn_locks/yarn3.lock"
|
|
1547
1696
|
}
|
|
1548
|
-
]
|
|
1697
|
+
],
|
|
1698
|
+
evidence: {
|
|
1699
|
+
identity: {
|
|
1700
|
+
field: "purl",
|
|
1701
|
+
confidence: 1,
|
|
1702
|
+
methods: [
|
|
1703
|
+
{
|
|
1704
|
+
technique: "manifest-analysis",
|
|
1705
|
+
confidence: 1,
|
|
1706
|
+
value: "./test/data/yarn_locks/yarn3.lock"
|
|
1707
|
+
}
|
|
1708
|
+
]
|
|
1709
|
+
}
|
|
1710
|
+
}
|
|
1549
1711
|
});
|
|
1550
1712
|
|
|
1551
1713
|
parsedList = await parseYarnLock("./test/data/yarn_locks/yarnv2.lock");
|
|
@@ -1562,7 +1724,20 @@ test("parseYarnLock", async () => {
|
|
|
1562
1724
|
name: "SrcFile",
|
|
1563
1725
|
value: "./test/data/yarn_locks/yarnv2.lock"
|
|
1564
1726
|
}
|
|
1565
|
-
]
|
|
1727
|
+
],
|
|
1728
|
+
evidence: {
|
|
1729
|
+
identity: {
|
|
1730
|
+
field: "purl",
|
|
1731
|
+
confidence: 1,
|
|
1732
|
+
methods: [
|
|
1733
|
+
{
|
|
1734
|
+
technique: "manifest-analysis",
|
|
1735
|
+
confidence: 1,
|
|
1736
|
+
value: "./test/data/yarn_locks/yarnv2.lock"
|
|
1737
|
+
}
|
|
1738
|
+
]
|
|
1739
|
+
}
|
|
1740
|
+
}
|
|
1566
1741
|
});
|
|
1567
1742
|
parsedList = await parseYarnLock("./test/data/yarn_locks/yarnv3.lock");
|
|
1568
1743
|
expect(parsedList.pkgList.length).toEqual(325);
|
|
@@ -1578,7 +1753,20 @@ test("parseYarnLock", async () => {
|
|
|
1578
1753
|
name: "SrcFile",
|
|
1579
1754
|
value: "./test/data/yarn_locks/yarnv3.lock"
|
|
1580
1755
|
}
|
|
1581
|
-
]
|
|
1756
|
+
],
|
|
1757
|
+
evidence: {
|
|
1758
|
+
identity: {
|
|
1759
|
+
field: "purl",
|
|
1760
|
+
confidence: 1,
|
|
1761
|
+
methods: [
|
|
1762
|
+
{
|
|
1763
|
+
technique: "manifest-analysis",
|
|
1764
|
+
confidence: 1,
|
|
1765
|
+
value: "./test/data/yarn_locks/yarnv3.lock"
|
|
1766
|
+
}
|
|
1767
|
+
]
|
|
1768
|
+
}
|
|
1769
|
+
}
|
|
1582
1770
|
});
|
|
1583
1771
|
parsedList = await parseYarnLock("./test/data/yarn_locks/yarn4.lock");
|
|
1584
1772
|
expect(parsedList.pkgList.length).toEqual(1);
|
|
@@ -1594,7 +1782,20 @@ test("parseYarnLock", async () => {
|
|
|
1594
1782
|
"sha512-JE93VWVyVa07xkK1wJ5ogjSZ30Nn4ptUuUXdPnu8MsKme1xFHLFFD3UtnHxnxnNDSnGx+WLlhuyHdIFfSCYqYg==",
|
|
1595
1783
|
properties: [
|
|
1596
1784
|
{ name: "SrcFile", value: "./test/data/yarn_locks/yarn-at.lock" }
|
|
1597
|
-
]
|
|
1785
|
+
],
|
|
1786
|
+
evidence: {
|
|
1787
|
+
identity: {
|
|
1788
|
+
field: "purl",
|
|
1789
|
+
confidence: 1,
|
|
1790
|
+
methods: [
|
|
1791
|
+
{
|
|
1792
|
+
technique: "manifest-analysis",
|
|
1793
|
+
confidence: 1,
|
|
1794
|
+
value: "./test/data/yarn_locks/yarn-at.lock"
|
|
1795
|
+
}
|
|
1796
|
+
]
|
|
1797
|
+
}
|
|
1798
|
+
}
|
|
1598
1799
|
});
|
|
1599
1800
|
});
|
|
1600
1801
|
|
|
@@ -1618,7 +1819,20 @@ test("parseComposerLock", () => {
|
|
|
1618
1819
|
name: "SrcFile",
|
|
1619
1820
|
value: "./test/data/composer.lock"
|
|
1620
1821
|
}
|
|
1621
|
-
]
|
|
1822
|
+
],
|
|
1823
|
+
evidence: {
|
|
1824
|
+
identity: {
|
|
1825
|
+
field: "purl",
|
|
1826
|
+
confidence: 1,
|
|
1827
|
+
methods: [
|
|
1828
|
+
{
|
|
1829
|
+
technique: "manifest-analysis",
|
|
1830
|
+
confidence: 1,
|
|
1831
|
+
value: "./test/data/composer.lock"
|
|
1832
|
+
}
|
|
1833
|
+
]
|
|
1834
|
+
}
|
|
1835
|
+
}
|
|
1622
1836
|
});
|
|
1623
1837
|
|
|
1624
1838
|
deps = parseComposerLock("./test/data/composer-2.lock");
|
|
@@ -1640,7 +1854,20 @@ test("parseComposerLock", () => {
|
|
|
1640
1854
|
name: "SrcFile",
|
|
1641
1855
|
value: "./test/data/composer-2.lock"
|
|
1642
1856
|
}
|
|
1643
|
-
]
|
|
1857
|
+
],
|
|
1858
|
+
evidence: {
|
|
1859
|
+
identity: {
|
|
1860
|
+
field: "purl",
|
|
1861
|
+
confidence: 1,
|
|
1862
|
+
methods: [
|
|
1863
|
+
{
|
|
1864
|
+
technique: "manifest-analysis",
|
|
1865
|
+
confidence: 1,
|
|
1866
|
+
value: "./test/data/composer-2.lock"
|
|
1867
|
+
}
|
|
1868
|
+
]
|
|
1869
|
+
}
|
|
1870
|
+
}
|
|
1644
1871
|
});
|
|
1645
1872
|
|
|
1646
1873
|
deps = parseComposerLock("./test/data/composer-3.lock");
|
|
@@ -1657,12 +1884,25 @@ test("parseComposerLock", () => {
|
|
|
1657
1884
|
license: ["MIT"],
|
|
1658
1885
|
description: "A non-blocking concurrency framework for PHP applications.",
|
|
1659
1886
|
scope: "required",
|
|
1660
|
-
properties: [{ name: "SrcFile", value: "./test/data/composer-3.lock" }]
|
|
1887
|
+
properties: [{ name: "SrcFile", value: "./test/data/composer-3.lock" }],
|
|
1888
|
+
evidence: {
|
|
1889
|
+
identity: {
|
|
1890
|
+
field: "purl",
|
|
1891
|
+
confidence: 1,
|
|
1892
|
+
methods: [
|
|
1893
|
+
{
|
|
1894
|
+
technique: "manifest-analysis",
|
|
1895
|
+
confidence: 1,
|
|
1896
|
+
value: "./test/data/composer-3.lock"
|
|
1897
|
+
}
|
|
1898
|
+
]
|
|
1899
|
+
}
|
|
1900
|
+
}
|
|
1661
1901
|
});
|
|
1662
1902
|
});
|
|
1663
1903
|
|
|
1664
1904
|
test("parseGemfileLockData", async () => {
|
|
1665
|
-
|
|
1905
|
+
const deps = await parseGemfileLockData(
|
|
1666
1906
|
readFileSync("./test/data/Gemfile.lock", { encoding: "utf-8" })
|
|
1667
1907
|
);
|
|
1668
1908
|
expect(deps.length).toEqual(140);
|
|
@@ -1673,7 +1913,7 @@ test("parseGemfileLockData", async () => {
|
|
|
1673
1913
|
});
|
|
1674
1914
|
|
|
1675
1915
|
test("parseGemspecData", async () => {
|
|
1676
|
-
|
|
1916
|
+
const deps = await parseGemspecData(
|
|
1677
1917
|
readFileSync("./test/data/xmlrpc.gemspec", { encoding: "utf-8" })
|
|
1678
1918
|
);
|
|
1679
1919
|
expect(deps.length).toEqual(1);
|
|
@@ -1752,7 +1992,7 @@ test("parse wheel metadata", () => {
|
|
|
1752
1992
|
});
|
|
1753
1993
|
|
|
1754
1994
|
test("parse wheel", async () => {
|
|
1755
|
-
|
|
1995
|
+
const metadata = await readZipEntry(
|
|
1756
1996
|
"./test/data/appthreat_depscan-2.0.2-py3-none-any.whl",
|
|
1757
1997
|
"METADATA"
|
|
1758
1998
|
);
|
|
@@ -1769,13 +2009,13 @@ test("parse wheel", async () => {
|
|
|
1769
2009
|
});
|
|
1770
2010
|
|
|
1771
2011
|
test("parse pipfile.lock with hashes", async () => {
|
|
1772
|
-
|
|
2012
|
+
const deps = await parsePiplockData(
|
|
1773
2013
|
JSON.parse(readFileSync("./test/data/Pipfile.lock", { encoding: "utf-8" }))
|
|
1774
2014
|
);
|
|
1775
2015
|
expect(deps.length).toEqual(46);
|
|
1776
2016
|
}, 120000);
|
|
1777
2017
|
|
|
1778
|
-
test("parse scala sbt list",
|
|
2018
|
+
test("parse scala sbt list", () => {
|
|
1779
2019
|
let deps = parseKVDep(
|
|
1780
2020
|
readFileSync("./test/data/sbt-dl.list", { encoding: "utf-8" })
|
|
1781
2021
|
);
|
|
@@ -1786,19 +2026,19 @@ test("parse scala sbt list", async () => {
|
|
|
1786
2026
|
expect(deps.length).toEqual(117);
|
|
1787
2027
|
});
|
|
1788
2028
|
|
|
1789
|
-
test("parse scala sbt lock",
|
|
1790
|
-
|
|
2029
|
+
test("parse scala sbt lock", () => {
|
|
2030
|
+
const deps = parseSbtLock("./test/data/build.sbt.lock");
|
|
1791
2031
|
expect(deps.length).toEqual(117);
|
|
1792
2032
|
});
|
|
1793
2033
|
|
|
1794
2034
|
test("parse nupkg file", async () => {
|
|
1795
|
-
|
|
2035
|
+
const deps = await parseNupkg("./test/data/jquery.3.6.0.nupkg");
|
|
1796
2036
|
expect(deps.length).toEqual(1);
|
|
1797
2037
|
expect(deps[0].name).toEqual("jQuery");
|
|
1798
2038
|
});
|
|
1799
2039
|
|
|
1800
2040
|
test("parse bazel skyframe", () => {
|
|
1801
|
-
|
|
2041
|
+
const deps = parseBazelSkyframe(
|
|
1802
2042
|
readFileSync("./test/data/bazel/bazel-state.txt", { encoding: "utf-8" })
|
|
1803
2043
|
);
|
|
1804
2044
|
expect(deps.length).toEqual(16);
|
|
@@ -1806,7 +2046,7 @@ test("parse bazel skyframe", () => {
|
|
|
1806
2046
|
});
|
|
1807
2047
|
|
|
1808
2048
|
test("parse bazel build", () => {
|
|
1809
|
-
|
|
2049
|
+
const projs = parseBazelBuild(
|
|
1810
2050
|
readFileSync("./test/data/bazel/BUILD", { encoding: "utf-8" })
|
|
1811
2051
|
);
|
|
1812
2052
|
expect(projs.length).toEqual(2);
|
|
@@ -1932,7 +2172,7 @@ test("parse container spec like files", async () => {
|
|
|
1932
2172
|
|
|
1933
2173
|
test("parse cloudbuild data", async () => {
|
|
1934
2174
|
expect(await parseCloudBuildData(null)).toEqual([]);
|
|
1935
|
-
|
|
2175
|
+
const dep_list = await parseCloudBuildData(
|
|
1936
2176
|
readFileSync("./test/data/cloudbuild.yaml", { encoding: "utf-8" })
|
|
1937
2177
|
);
|
|
1938
2178
|
expect(dep_list.length).toEqual(1);
|
|
@@ -1944,7 +2184,7 @@ test("parse cloudbuild data", async () => {
|
|
|
1944
2184
|
});
|
|
1945
2185
|
|
|
1946
2186
|
test("parse privado files", () => {
|
|
1947
|
-
|
|
2187
|
+
const servList = parsePrivadoFile("./test/data/privado.json");
|
|
1948
2188
|
expect(servList.length).toEqual(1);
|
|
1949
2189
|
expect(servList[0].data.length).toEqual(11);
|
|
1950
2190
|
expect(servList[0].endpoints.length).toEqual(17);
|
|
@@ -2124,6 +2364,19 @@ test("parse swift deps files", () => {
|
|
|
2124
2364
|
group: "",
|
|
2125
2365
|
version: "1.0.3",
|
|
2126
2366
|
properties: [{ name: "SrcFile", value: "./test/data/Package.resolved" }],
|
|
2367
|
+
evidence: {
|
|
2368
|
+
identity: {
|
|
2369
|
+
field: "purl",
|
|
2370
|
+
confidence: 1,
|
|
2371
|
+
methods: [
|
|
2372
|
+
{
|
|
2373
|
+
technique: "manifest-analysis",
|
|
2374
|
+
confidence: 1,
|
|
2375
|
+
value: "./test/data/Package.resolved"
|
|
2376
|
+
}
|
|
2377
|
+
]
|
|
2378
|
+
}
|
|
2379
|
+
},
|
|
2127
2380
|
repository: { url: "https://github.com/apple/swift-argument-parser" }
|
|
2128
2381
|
});
|
|
2129
2382
|
pkgList = parseSwiftResolved("./test/data/Package2.resolved");
|
|
@@ -2133,6 +2386,19 @@ test("parse swift deps files", () => {
|
|
|
2133
2386
|
group: "",
|
|
2134
2387
|
version: "1.2.2",
|
|
2135
2388
|
properties: [{ name: "SrcFile", value: "./test/data/Package2.resolved" }],
|
|
2389
|
+
evidence: {
|
|
2390
|
+
identity: {
|
|
2391
|
+
field: "purl",
|
|
2392
|
+
confidence: 1,
|
|
2393
|
+
methods: [
|
|
2394
|
+
{
|
|
2395
|
+
technique: "manifest-analysis",
|
|
2396
|
+
confidence: 1,
|
|
2397
|
+
value: "./test/data/Package2.resolved"
|
|
2398
|
+
}
|
|
2399
|
+
]
|
|
2400
|
+
}
|
|
2401
|
+
},
|
|
2136
2402
|
repository: { url: "https://github.com/apple/swift-argument-parser.git" }
|
|
2137
2403
|
});
|
|
2138
2404
|
});
|