@cyclonedx/cdxgen 9.0.1 → 9.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +64 -25
- package/analyzer.js +1 -1
- package/bin/cdxgen.js +18 -24
- package/binary.js +7 -7
- package/data/bom-1.5.schema.json +3660 -0
- package/data/jsf-0.82.schema.json +211 -0
- package/data/pypi-pkg-aliases.json +84 -77
- package/data/spdx.schema.json +621 -0
- package/display.js +102 -0
- package/display.test.js +10 -0
- package/docker.js +12 -24
- package/docker.test.js +1 -1
- package/index.js +316 -300
- package/package.json +5 -3
- package/piptree.js +136 -0
- package/server.js +2 -2
- package/utils.js +500 -218
- package/utils.test.js +301 -35
package/display.test.js
ADDED
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import { test } from "@jest/globals";
|
|
2
|
+
import { readFileSync } from "node:fs";
|
|
3
|
+
import { printDependencyTree } from "./display.js";
|
|
4
|
+
|
|
5
|
+
test("print tree test", () => {
|
|
6
|
+
const bomJson = JSON.parse(
|
|
7
|
+
readFileSync("./test/data/vuln-spring-1.5.bom.json", { encoding: "utf-8" })
|
|
8
|
+
);
|
|
9
|
+
printDependencyTree(bomJson);
|
|
10
|
+
});
|
package/docker.js
CHANGED
|
@@ -100,7 +100,7 @@ export const getOnlyDirs = (srcpath, dirName) => {
|
|
|
100
100
|
};
|
|
101
101
|
|
|
102
102
|
const getDefaultOptions = () => {
|
|
103
|
-
|
|
103
|
+
const opts = {
|
|
104
104
|
enableUnixSockets: true,
|
|
105
105
|
throwHttpErrors: true,
|
|
106
106
|
method: "GET",
|
|
@@ -253,7 +253,7 @@ export const getConnection = async (options) => {
|
|
|
253
253
|
};
|
|
254
254
|
|
|
255
255
|
export const makeRequest = async (path, method = "GET") => {
|
|
256
|
-
|
|
256
|
+
const client = await getConnection();
|
|
257
257
|
if (!client) {
|
|
258
258
|
return undefined;
|
|
259
259
|
}
|
|
@@ -374,9 +374,6 @@ export const getImage = async (fullImageName) => {
|
|
|
374
374
|
}
|
|
375
375
|
try {
|
|
376
376
|
localData = await makeRequest(`images/${repo}/json`);
|
|
377
|
-
if (DEBUG_MODE && localData) {
|
|
378
|
-
console.log(localData);
|
|
379
|
-
}
|
|
380
377
|
} catch (err) {
|
|
381
378
|
try {
|
|
382
379
|
localData = await makeRequest(`images/${fullImageName}/json`);
|
|
@@ -418,18 +415,9 @@ export const getImage = async (fullImageName) => {
|
|
|
418
415
|
console.log(`Trying with ${repo}`);
|
|
419
416
|
}
|
|
420
417
|
localData = await makeRequest(`images/${repo}/json`);
|
|
421
|
-
if (DEBUG_MODE) {
|
|
422
|
-
console.log(localData);
|
|
423
|
-
}
|
|
424
418
|
} catch (err) {
|
|
425
|
-
if (DEBUG_MODE) {
|
|
426
|
-
console.log(`Retrying with ${fullImageName} due to`, err);
|
|
427
|
-
}
|
|
428
419
|
try {
|
|
429
420
|
localData = await makeRequest(`images/${fullImageName}/json`);
|
|
430
|
-
if (DEBUG_MODE) {
|
|
431
|
-
console.log(localData);
|
|
432
|
-
}
|
|
433
421
|
} catch (err) {
|
|
434
422
|
// continue regardless of error
|
|
435
423
|
}
|
|
@@ -497,7 +485,7 @@ export const exportArchive = async (fullImageName) => {
|
|
|
497
485
|
console.log(`Unable to find container image archive ${fullImageName}`);
|
|
498
486
|
return undefined;
|
|
499
487
|
}
|
|
500
|
-
|
|
488
|
+
const manifest = {};
|
|
501
489
|
const tempDir = mkdtempSync(join(tmpdir(), "docker-images-"));
|
|
502
490
|
const allLayersExplodedDir = join(tempDir, "all-layers");
|
|
503
491
|
const blobsDir = join(tempDir, "blobs", "sha256");
|
|
@@ -513,14 +501,14 @@ export const exportArchive = async (fullImageName) => {
|
|
|
513
501
|
);
|
|
514
502
|
}
|
|
515
503
|
const allBlobs = getDirs(blobsDir, "*", false, true);
|
|
516
|
-
for (
|
|
504
|
+
for (const ablob of allBlobs) {
|
|
517
505
|
if (DEBUG_MODE) {
|
|
518
506
|
console.log(`Extracting ${ablob} to ${allLayersExplodedDir}`);
|
|
519
507
|
}
|
|
520
508
|
await extractTar(ablob, allLayersExplodedDir);
|
|
521
509
|
}
|
|
522
|
-
|
|
523
|
-
|
|
510
|
+
const lastLayerConfig = {};
|
|
511
|
+
const lastWorkingDir = "";
|
|
524
512
|
const exportData = {
|
|
525
513
|
manifest,
|
|
526
514
|
allLayersDir: tempDir,
|
|
@@ -577,7 +565,7 @@ export const extractFromManifest = async (
|
|
|
577
565
|
console.log(manifest[manifest.length - 1]);
|
|
578
566
|
}
|
|
579
567
|
}
|
|
580
|
-
|
|
568
|
+
const layers = manifest[manifest.length - 1]["Layers"] || [];
|
|
581
569
|
if (!layers.length && existsSync(tempDir)) {
|
|
582
570
|
const blobFiles = readdirSync(join(tempDir, "blobs", "sha256"));
|
|
583
571
|
if (blobFiles && blobFiles.length) {
|
|
@@ -587,7 +575,7 @@ export const extractFromManifest = async (
|
|
|
587
575
|
}
|
|
588
576
|
}
|
|
589
577
|
const lastLayer = layers[layers.length - 1];
|
|
590
|
-
for (
|
|
578
|
+
for (const layer of layers) {
|
|
591
579
|
if (DEBUG_MODE) {
|
|
592
580
|
console.log(`Extracting layer ${layer} to ${allLayersExplodedDir}`);
|
|
593
581
|
}
|
|
@@ -660,7 +648,7 @@ export const exportImage = async (fullImageName) => {
|
|
|
660
648
|
console.log(
|
|
661
649
|
`About to export image ${fullImageName} to ${imageTarFile} using docker cli`
|
|
662
650
|
);
|
|
663
|
-
|
|
651
|
+
const result = spawnSync(
|
|
664
652
|
"docker",
|
|
665
653
|
["save", "-o", imageTarFile, fullImageName],
|
|
666
654
|
{
|
|
@@ -682,7 +670,7 @@ export const exportImage = async (fullImageName) => {
|
|
|
682
670
|
}
|
|
683
671
|
}
|
|
684
672
|
} else {
|
|
685
|
-
|
|
673
|
+
const client = await getConnection();
|
|
686
674
|
try {
|
|
687
675
|
if (DEBUG_MODE) {
|
|
688
676
|
console.log(`About to export image ${fullImageName} to ${tempDir}`);
|
|
@@ -781,7 +769,7 @@ export const getPkgPathList = (exportData, lastWorkingDir) => {
|
|
|
781
769
|
}
|
|
782
770
|
const pyInstalls = getDirs(allLayersDir, "Python*/", false, false);
|
|
783
771
|
if (pyInstalls && pyInstalls.length) {
|
|
784
|
-
for (
|
|
772
|
+
for (const pyiPath of pyInstalls) {
|
|
785
773
|
const pyDirs = getOnlyDirs(pyiPath, "site-packages");
|
|
786
774
|
if (pyDirs && pyDirs.length) {
|
|
787
775
|
pathList = pathList.concat(pyDirs);
|
|
@@ -805,7 +793,7 @@ export const getPkgPathList = (exportData, lastWorkingDir) => {
|
|
|
805
793
|
knownSysPaths.push(join(allLayersExplodedDir, "/usr/lib"));
|
|
806
794
|
knownSysPaths.push(join(allLayersExplodedDir, "/usr/lib64"));
|
|
807
795
|
// Build path list
|
|
808
|
-
for (
|
|
796
|
+
for (const wpath of knownSysPaths) {
|
|
809
797
|
pathList = pathList.concat(wpath);
|
|
810
798
|
const pyDirs = getOnlyDirs(wpath, "site-packages");
|
|
811
799
|
if (pyDirs && pyDirs.length) {
|