@cyclonedx/cyclonedx-library 6.1.3 → 6.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist.d/_helpers/uri.d.ts +32 -0
- package/dist.d/_helpers/uri.d.ts.map +1 -0
- package/dist.d/serialize/json/normalize.d.ts.map +1 -1
- package/dist.d/serialize/xml/normalize.d.ts.map +1 -1
- package/dist.node/_helpers/uri.js +41 -0
- package/dist.node/_helpers/uri.js.map +1 -0
- package/dist.node/serialize/json/normalize.js +10 -7
- package/dist.node/serialize/json/normalize.js.map +1 -1
- package/dist.node/serialize/xml/normalize.js +8 -8
- package/dist.node/serialize/xml/normalize.js.map +1 -1
- package/dist.web/lib.dev.js +68 -15
- package/dist.web/lib.dev.js.map +1 -1
- package/dist.web/lib.js +1 -1
- package/dist.web/lib.js.map +1 -1
- package/package.json +1 -1
- package/src/_helpers/uri.ts +51 -0
- package/src/serialize/json/normalize.ts +13 -7
- package/src/serialize/xml/normalize.ts +11 -8
package/dist.web/lib.dev.js
CHANGED
|
@@ -187,6 +187,56 @@ exports.treeIteratorSymbol = void 0;
|
|
|
187
187
|
exports.treeIteratorSymbol = Symbol('iterator of a tree/nesting-like structure');
|
|
188
188
|
|
|
189
189
|
|
|
190
|
+
/***/ }),
|
|
191
|
+
|
|
192
|
+
/***/ "./src/_helpers/uri.ts":
|
|
193
|
+
/*!*****************************!*\
|
|
194
|
+
!*** ./src/_helpers/uri.ts ***!
|
|
195
|
+
\*****************************/
|
|
196
|
+
/***/ ((__unused_webpack_module, exports) => {
|
|
197
|
+
|
|
198
|
+
|
|
199
|
+
/*!
|
|
200
|
+
This file is part of CycloneDX JavaScript Library.
|
|
201
|
+
|
|
202
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
|
203
|
+
you may not use this file except in compliance with the License.
|
|
204
|
+
You may obtain a copy of the License at
|
|
205
|
+
|
|
206
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
|
207
|
+
|
|
208
|
+
Unless required by applicable law or agreed to in writing, software
|
|
209
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
|
210
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
211
|
+
See the License for the specific language governing permissions and
|
|
212
|
+
limitations under the License.
|
|
213
|
+
|
|
214
|
+
SPDX-License-Identifier: Apache-2.0
|
|
215
|
+
Copyright (c) OWASP Foundation. All Rights Reserved.
|
|
216
|
+
*/
|
|
217
|
+
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
|
218
|
+
exports.escapeUri = void 0;
|
|
219
|
+
const escapeMap = Object.freeze({
|
|
220
|
+
' ': '%20',
|
|
221
|
+
'[': '%5B',
|
|
222
|
+
']': '%5D',
|
|
223
|
+
'<': '%3C',
|
|
224
|
+
'>': '%3E',
|
|
225
|
+
'{': '%7B',
|
|
226
|
+
'}': '%7D'
|
|
227
|
+
});
|
|
228
|
+
function escapeUri(value) {
|
|
229
|
+
if (value === undefined) {
|
|
230
|
+
return value;
|
|
231
|
+
}
|
|
232
|
+
for (const [s, r] of Object.entries(escapeMap)) {
|
|
233
|
+
value = value.replace(s, r);
|
|
234
|
+
}
|
|
235
|
+
return value;
|
|
236
|
+
}
|
|
237
|
+
exports.escapeUri = escapeUri;
|
|
238
|
+
|
|
239
|
+
|
|
190
240
|
/***/ }),
|
|
191
241
|
|
|
192
242
|
/***/ "./src/enums/attachmentEncoding.ts":
|
|
@@ -2992,6 +3042,7 @@ Object.defineProperty(exports, "__esModule", ({ value: true }));
|
|
|
2992
3042
|
exports.VulnerabilityAnalysisNormalizer = exports.VulnerabilityAffectedVersionNormalizer = exports.VulnerabilityAffectNormalizer = exports.VulnerabilityCreditsNormalizer = exports.VulnerabilityAdvisoryNormalizer = exports.VulnerabilityRatingNormalizer = exports.VulnerabilityReferenceNormalizer = exports.VulnerabilitySourceNormalizer = exports.VulnerabilityNormalizer = exports.DependencyGraphNormalizer = exports.PropertyNormalizer = exports.AttachmentNormalizer = exports.ExternalReferenceNormalizer = exports.SWIDNormalizer = exports.LicenseNormalizer = exports.ComponentEvidenceNormalizer = exports.ComponentNormalizer = exports.OrganizationalEntityNormalizer = exports.OrganizationalContactNormalizer = exports.HashNormalizer = exports.ToolNormalizer = exports.LifecycleNormalizer = exports.MetadataNormalizer = exports.BomNormalizer = exports.Factory = void 0;
|
|
2993
3043
|
const notUndefined_1 = __webpack_require__(/*! ../../_helpers/notUndefined */ "./src/_helpers/notUndefined.ts");
|
|
2994
3044
|
const tree_1 = __webpack_require__(/*! ../../_helpers/tree */ "./src/_helpers/tree.ts");
|
|
3045
|
+
const uri_1 = __webpack_require__(/*! ../../_helpers/uri */ "./src/_helpers/uri.ts");
|
|
2995
3046
|
const Models = __webpack_require__(/*! ../../models */ "./src/models/index.ts");
|
|
2996
3047
|
const spdx_1 = __webpack_require__(/*! ../../spdx */ "./src/spdx.ts");
|
|
2997
3048
|
const spec_1 = __webpack_require__(/*! ../../spec */ "./src/spec/index.ts");
|
|
@@ -3222,8 +3273,7 @@ class OrganizationalContactNormalizer extends BaseJsonNormalizer {
|
|
|
3222
3273
|
exports.OrganizationalContactNormalizer = OrganizationalContactNormalizer;
|
|
3223
3274
|
class OrganizationalEntityNormalizer extends BaseJsonNormalizer {
|
|
3224
3275
|
normalize(data, options) {
|
|
3225
|
-
const urls = normalizeStringableIter(data.url, options)
|
|
3226
|
-
.filter(types_1.JsonSchema.isIriReference);
|
|
3276
|
+
const urls = normalizeStringableIter(Array.from(data.url, (s) => (0, uri_1.escapeUri)(s.toString())), options).filter(types_1.JsonSchema.isIriReference);
|
|
3227
3277
|
return {
|
|
3228
3278
|
name: data.name || undefined,
|
|
3229
3279
|
url: urls.length > 0
|
|
@@ -3348,7 +3398,7 @@ class LicenseNormalizer extends BaseJsonNormalizer {
|
|
|
3348
3398
|
}
|
|
3349
3399
|
exports.LicenseNormalizer = LicenseNormalizer;
|
|
3350
3400
|
_LicenseNormalizer_instances = new WeakSet(), _LicenseNormalizer_normalizeNamedLicense = function _LicenseNormalizer_normalizeNamedLicense(data, options) {
|
|
3351
|
-
const url = data.url?.toString();
|
|
3401
|
+
const url = (0, uri_1.escapeUri)(data.url?.toString());
|
|
3352
3402
|
return {
|
|
3353
3403
|
license: {
|
|
3354
3404
|
name: data.name,
|
|
@@ -3361,13 +3411,16 @@ _LicenseNormalizer_instances = new WeakSet(), _LicenseNormalizer_normalizeNamedL
|
|
|
3361
3411
|
}
|
|
3362
3412
|
};
|
|
3363
3413
|
}, _LicenseNormalizer_normalizeSpdxLicense = function _LicenseNormalizer_normalizeSpdxLicense(data, options) {
|
|
3414
|
+
const url = (0, uri_1.escapeUri)(data.url?.toString());
|
|
3364
3415
|
return {
|
|
3365
3416
|
license: {
|
|
3366
3417
|
id: data.id,
|
|
3367
3418
|
text: data.text === undefined
|
|
3368
3419
|
? undefined
|
|
3369
3420
|
: this._factory.makeForAttachment().normalize(data.text, options),
|
|
3370
|
-
url:
|
|
3421
|
+
url: types_1.JsonSchema.isIriReference(url)
|
|
3422
|
+
? url
|
|
3423
|
+
: undefined
|
|
3371
3424
|
}
|
|
3372
3425
|
};
|
|
3373
3426
|
}, _LicenseNormalizer_normalizeLicenseExpression = function _LicenseNormalizer_normalizeLicenseExpression(data) {
|
|
@@ -3377,7 +3430,7 @@ _LicenseNormalizer_instances = new WeakSet(), _LicenseNormalizer_normalizeNamedL
|
|
|
3377
3430
|
};
|
|
3378
3431
|
class SWIDNormalizer extends BaseJsonNormalizer {
|
|
3379
3432
|
normalize(data, options) {
|
|
3380
|
-
const url = data.url?.toString();
|
|
3433
|
+
const url = (0, uri_1.escapeUri)(data.url?.toString());
|
|
3381
3434
|
return {
|
|
3382
3435
|
tagId: data.tagId,
|
|
3383
3436
|
name: data.name,
|
|
@@ -3398,7 +3451,7 @@ class ExternalReferenceNormalizer extends BaseJsonNormalizer {
|
|
|
3398
3451
|
normalize(data, options) {
|
|
3399
3452
|
return this._factory.spec.supportsExternalReferenceType(data.type)
|
|
3400
3453
|
? {
|
|
3401
|
-
url: data.url.toString(),
|
|
3454
|
+
url: (0, uri_1.escapeUri)(data.url.toString()),
|
|
3402
3455
|
type: data.type,
|
|
3403
3456
|
hashes: this._factory.spec.supportsExternalReferenceHashes && data.hashes.size > 0
|
|
3404
3457
|
? this._factory.makeForHash().normalizeIterable(data.hashes, options)
|
|
@@ -3580,7 +3633,7 @@ class VulnerabilityRatingNormalizer extends BaseJsonNormalizer {
|
|
|
3580
3633
|
exports.VulnerabilityRatingNormalizer = VulnerabilityRatingNormalizer;
|
|
3581
3634
|
class VulnerabilityAdvisoryNormalizer extends BaseJsonNormalizer {
|
|
3582
3635
|
normalize(data, options) {
|
|
3583
|
-
const url = data.url.toString();
|
|
3636
|
+
const url = (0, uri_1.escapeUri)(data.url.toString());
|
|
3584
3637
|
if (!types_1.JsonSchema.isIriReference(url)) {
|
|
3585
3638
|
return undefined;
|
|
3586
3639
|
}
|
|
@@ -3903,6 +3956,7 @@ Object.defineProperty(exports, "__esModule", ({ value: true }));
|
|
|
3903
3956
|
exports.VulnerabilityAffectedVersionNormalizer = exports.VulnerabilityAffectNormalizer = exports.VulnerabilityAnalysisNormalizer = exports.VulnerabilityCreditsNormalizer = exports.VulnerabilityAdvisoryNormalizer = exports.VulnerabilityRatingNormalizer = exports.VulnerabilityReferenceNormalizer = exports.VulnerabilitySourceNormalizer = exports.VulnerabilityNormalizer = exports.DependencyGraphNormalizer = exports.PropertyNormalizer = exports.AttachmentNormalizer = exports.ExternalReferenceNormalizer = exports.SWIDNormalizer = exports.LicenseNormalizer = exports.ComponentEvidenceNormalizer = exports.ComponentNormalizer = exports.OrganizationalEntityNormalizer = exports.OrganizationalContactNormalizer = exports.HashNormalizer = exports.ToolNormalizer = exports.LifecycleNormalizer = exports.MetadataNormalizer = exports.BomNormalizer = exports.Factory = void 0;
|
|
3904
3957
|
const notUndefined_1 = __webpack_require__(/*! ../../_helpers/notUndefined */ "./src/_helpers/notUndefined.ts");
|
|
3905
3958
|
const tree_1 = __webpack_require__(/*! ../../_helpers/tree */ "./src/_helpers/tree.ts");
|
|
3959
|
+
const uri_1 = __webpack_require__(/*! ../../_helpers/uri */ "./src/_helpers/uri.ts");
|
|
3906
3960
|
const Models = __webpack_require__(/*! ../../models */ "./src/models/index.ts");
|
|
3907
3961
|
const spdx_1 = __webpack_require__(/*! ../../spdx */ "./src/spdx.ts");
|
|
3908
3962
|
const spec_1 = __webpack_require__(/*! ../../spec */ "./src/spec/index.ts");
|
|
@@ -4206,8 +4260,7 @@ class OrganizationalEntityNormalizer extends BaseXmlNormalizer {
|
|
|
4206
4260
|
name: elementName,
|
|
4207
4261
|
children: [
|
|
4208
4262
|
makeOptionalTextElement(data.name, 'name'),
|
|
4209
|
-
...makeTextElementIter(data.url, options, 'url')
|
|
4210
|
-
.filter(({ children: u }) => types_1.XmlSchema.isAnyURI(u)),
|
|
4263
|
+
...makeTextElementIter(Array.from(data.url, (s) => (0, uri_1.escapeUri)(s.toString())), options, 'url').filter(({ children: u }) => types_1.XmlSchema.isAnyURI(u)),
|
|
4211
4264
|
...this._factory.makeForOrganizationalContact().normalizeIterable(data.contact, options, 'contact')
|
|
4212
4265
|
].filter(notUndefined_1.isNotUndefined)
|
|
4213
4266
|
};
|
|
@@ -4369,7 +4422,7 @@ class LicenseNormalizer extends BaseXmlNormalizer {
|
|
|
4369
4422
|
}
|
|
4370
4423
|
exports.LicenseNormalizer = LicenseNormalizer;
|
|
4371
4424
|
_LicenseNormalizer_instances = new WeakSet(), _LicenseNormalizer_normalizeNamedLicense = function _LicenseNormalizer_normalizeNamedLicense(data, options) {
|
|
4372
|
-
const url = data.url?.toString();
|
|
4425
|
+
const url = (0, uri_1.escapeUri)(data.url?.toString());
|
|
4373
4426
|
return {
|
|
4374
4427
|
type: 'element',
|
|
4375
4428
|
name: 'license',
|
|
@@ -4384,7 +4437,7 @@ _LicenseNormalizer_instances = new WeakSet(), _LicenseNormalizer_normalizeNamedL
|
|
|
4384
4437
|
].filter(notUndefined_1.isNotUndefined)
|
|
4385
4438
|
};
|
|
4386
4439
|
}, _LicenseNormalizer_normalizeSpdxLicense = function _LicenseNormalizer_normalizeSpdxLicense(data, options) {
|
|
4387
|
-
const url = data.url?.toString();
|
|
4440
|
+
const url = (0, uri_1.escapeUri)(data.url?.toString());
|
|
4388
4441
|
return {
|
|
4389
4442
|
type: 'element',
|
|
4390
4443
|
name: 'license',
|
|
@@ -4403,7 +4456,7 @@ _LicenseNormalizer_instances = new WeakSet(), _LicenseNormalizer_normalizeNamedL
|
|
|
4403
4456
|
};
|
|
4404
4457
|
class SWIDNormalizer extends BaseXmlNormalizer {
|
|
4405
4458
|
normalize(data, options, elementName) {
|
|
4406
|
-
const url = data.url?.toString();
|
|
4459
|
+
const url = (0, uri_1.escapeUri)(data.url?.toString());
|
|
4407
4460
|
return {
|
|
4408
4461
|
type: 'element',
|
|
4409
4462
|
name: elementName,
|
|
@@ -4430,7 +4483,7 @@ class SWIDNormalizer extends BaseXmlNormalizer {
|
|
|
4430
4483
|
exports.SWIDNormalizer = SWIDNormalizer;
|
|
4431
4484
|
class ExternalReferenceNormalizer extends BaseXmlNormalizer {
|
|
4432
4485
|
normalize(data, options, elementName) {
|
|
4433
|
-
const url = data.url.toString();
|
|
4486
|
+
const url = (0, uri_1.escapeUri)(data.url.toString());
|
|
4434
4487
|
const hashes = this._factory.spec.supportsExternalReferenceHashes && data.hashes.size > 0
|
|
4435
4488
|
? {
|
|
4436
4489
|
type: 'element',
|
|
@@ -4641,7 +4694,7 @@ class VulnerabilityNormalizer extends BaseXmlNormalizer {
|
|
|
4641
4694
|
exports.VulnerabilityNormalizer = VulnerabilityNormalizer;
|
|
4642
4695
|
class VulnerabilitySourceNormalizer extends BaseXmlNormalizer {
|
|
4643
4696
|
normalize(data, options, elementName) {
|
|
4644
|
-
const url = data.url?.toString();
|
|
4697
|
+
const url = (0, uri_1.escapeUri)(data.url?.toString());
|
|
4645
4698
|
return {
|
|
4646
4699
|
type: 'element',
|
|
4647
4700
|
name: elementName,
|
|
@@ -4701,7 +4754,7 @@ class VulnerabilityRatingNormalizer extends BaseXmlNormalizer {
|
|
|
4701
4754
|
exports.VulnerabilityRatingNormalizer = VulnerabilityRatingNormalizer;
|
|
4702
4755
|
class VulnerabilityAdvisoryNormalizer extends BaseXmlNormalizer {
|
|
4703
4756
|
normalize(data, options, elementName) {
|
|
4704
|
-
const url = data.url.toString();
|
|
4757
|
+
const url = (0, uri_1.escapeUri)(data.url.toString());
|
|
4705
4758
|
if (!types_1.XmlSchema.isAnyURI(url)) {
|
|
4706
4759
|
return undefined;
|
|
4707
4760
|
}
|