@trustify-da/trustify-da-javascript-client 0.3.0-ea.63ae5c2 → 0.3.0-ea.6549d2a

package/dist/src/providers/python_pip.js

@@ -4,7 +4,7 @@ import Sbom from '../sbom.js';
 import { environmentVariableIsPopulated, getCustom, getCustomPath, invokeCommand } from "../tools.js";
 import Python_controller from './python_controller.js';
 import { getParser, getIgnoreQuery, getPinnedVersionQuery } from './requirements_parser.js';
-export default { isSupported, validateLockFile, provideComponent, provideStack };
+export default { isSupported, validateLockFile, provideComponent, provideStack, readLicenseFromManifest };
 /** @typedef {{name: string, version: string, dependencies: DependencyEntry[]}} DependencyEntry */
 /**
  * @type {string} ecosystem for python-pip is 'pip'
@@ -18,6 +18,13 @@ const ecosystem = 'pip';
 function isSupported(manifestName) {
     return 'requirements.txt' === manifestName;
 }
+/**
+ * Python requirements.txt has no standard license field
+ * @param {string} manifestPath - path to requirements.txt
+ * @returns {string|null}
+ */
+// eslint-disable-next-line no-unused-vars
+function readLicenseFromManifest(manifestPath) { return null; }
 /**
  * @param {string} manifestDir - the directory where the manifest lies
  */
@@ -167,7 +174,8 @@ async function createSbomStackAnalysis(manifest, opts = {}) {
     let dependencies = await pythonController.getDependencies(true);
     let sbom = new Sbom();
     const rootPurl = toPurl(DEFAULT_PIP_ROOT_COMPONENT_NAME, DEFAULT_PIP_ROOT_COMPONENT_VERSION);
-    sbom.addRoot(rootPurl);
+    const license = readLicenseFromManifest(manifest);
+    sbom.addRoot(rootPurl, license);
     dependencies.forEach(dep => {
         addAllDependencies(rootPurl, dep, sbom);
     });
@@ -190,7 +198,8 @@ async function getSbomForComponentAnalysis(manifest, opts = {}) {
     let dependencies = await pythonController.getDependencies(false);
     let sbom = new Sbom();
     const rootPurl = toPurl(DEFAULT_PIP_ROOT_COMPONENT_NAME, DEFAULT_PIP_ROOT_COMPONENT_VERSION);
-    sbom.addRoot(rootPurl);
+    const license = readLicenseFromManifest(manifest);
+    sbom.addRoot(rootPurl, license);
     dependencies.forEach(dep => {
         sbom.addDependency(rootPurl, toPurl(dep.name, dep.version));
     });

package/dist/src/providers/requirements_parser.js

@@ -2,11 +2,7 @@ import { createRequire } from 'node:module';
 import { Language, Parser, Query } from 'web-tree-sitter';
 const require = createRequire(import.meta.url);
 async function init() {
-    await Parser.init({
-        locateFile() {
-            return require.resolve('web-tree-sitter/web-tree-sitter.wasm');
-        }
-    });
+    await Parser.init();
     return await Language.load(require.resolve('tree-sitter-requirements/tree-sitter-requirements.wasm'));
 }
 export async function getParser() {

package/dist/src/sbom.d.ts

@@ -2,9 +2,10 @@ export default class Sbom {
     sbomModel: CycloneDxSbom;
     /**
      * @param {PackageURL} root - add main/root component for sbom
+     * @param {string|Array} [licenses] - optional license(s) for the root component
      * @return Sbom
      */
-    addRoot(root: PackageURL): CycloneDxSbom;
+    addRoot(root: PackageURL, licenses?: string | any[]): CycloneDxSbom;
     /**
      * @return {{{"bom-ref": string, name, purl: string, type, version}}} root component of sbom.
      */
@@ -43,6 +44,7 @@ export default class Sbom {
         type: any;
         version: any;
         scope: any;
+        licenses?: any;
     };
     /** This method gets a component object, and a string name, and checks if the name is a substring of the component' purl.
      * @param {} component to search in its dependencies

package/dist/src/sbom.js

@@ -12,10 +12,11 @@ export default class Sbom {
     }
     /**
      * @param {PackageURL} root - add main/root component for sbom
+     * @param {string|Array} [licenses] - optional license(s) for the root component
      * @return Sbom
      */
-    addRoot(root) {
-        return this.sbomModel.addRoot(root);
+    addRoot(root, licenses) {
+        return this.sbomModel.addRoot(root, licenses);
     }
     /**
      * @return {{{"bom-ref": string, name, purl: string, type, version}}} root component of sbom.

package/dist/src/tools.d.ts

@@ -68,5 +68,23 @@ export function getGitRootDir(cwd: string): string | undefined;
  * @returns {string}
  */
 export function invokeCommand(bin: string, args: Array<string>, opts?: import("child_process").ExecFileOptionsWithStringEncoding): string;
+/**
+ * Adds proxy agent configuration to fetch options if a proxy URL is specified
+ * @param {RequestInit} options - The base fetch options
+ * @param {import("index.js").Options} opts - The trustify DA options that may contain proxy configuration
+ * @returns {RequestInit} The fetch options with proxy agent if applicable
+ */
+export function addProxyAgent(options: RequestInit, opts: import("index.js").Options): RequestInit;
+/**
+ * Utility function for fetching vendor tokens
+ * @param {import("index.js").Options} [opts={}] - optional various options to pass along the application
+ * @returns {{}}
+ */
+export function getTokenHeaders(opts?: import("index.js").Options): {};
 export const RegexNotToBeLogged: RegExp;
+export const TRUSTIFY_DA_TOKEN_HEADER: "trust-da-token";
+export const TRUSTIFY_DA_TELEMETRY_ID_HEADER: "telemetry-anonymous-id";
+export const TRUSTIFY_DA_SOURCE_HEADER: "trust-da-source";
+export const TRUSTIFY_DA_OPERATION_TYPE_HEADER: "trust-da-operation-type";
+export const TRUSTIFY_DA_PACKAGE_MANAGER_HEADER: "trust-da-pkg-manager";
 import { PackageURL } from "packageurl-js";

package/dist/src/tools.js

@@ -1,5 +1,6 @@
 import { execFileSync } from "child_process";
 import { EOL } from "os";
+import { HttpsProxyAgent } from "https-proxy-agent";
 import { PackageURL } from "packageurl-js";
 export const RegexNotToBeLogged = /TRUSTIFY_DA_(.*_)?TOKEN|ex-.*-token|trust-.*-token/;
 /**
@@ -157,3 +158,57 @@ export function invokeCommand(bin, args, opts = {}) {
     };
     return execFileSync(bin, args, { ...{ stdio: 'pipe', encoding: 'utf-8' }, ...opts });
 }
+export const TRUSTIFY_DA_TOKEN_HEADER = "trust-da-token";
+export const TRUSTIFY_DA_TELEMETRY_ID_HEADER = "telemetry-anonymous-id";
+export const TRUSTIFY_DA_SOURCE_HEADER = "trust-da-source";
+export const TRUSTIFY_DA_OPERATION_TYPE_HEADER = "trust-da-operation-type";
+export const TRUSTIFY_DA_PACKAGE_MANAGER_HEADER = "trust-da-pkg-manager";
+/**
+ * Adds proxy agent configuration to fetch options if a proxy URL is specified
+ * @param {RequestInit} options - The base fetch options
+ * @param {import("index.js").Options} opts - The trustify DA options that may contain proxy configuration
+ * @returns {RequestInit} The fetch options with proxy agent if applicable
+ */
+export function addProxyAgent(options, opts) {
+    const proxyUrl = getCustom('TRUSTIFY_DA_PROXY_URL', null, opts);
+    if (proxyUrl) {
+        options.agent = new HttpsProxyAgent(proxyUrl);
+    }
+    return options;
+}
+/**
+ * Utility function for fetching vendor tokens
+ * @param {import("index.js").Options} [opts={}] - optional various options to pass along the application
+ * @returns {{}}
+ */
+export function getTokenHeaders(opts = {}) {
+    let headers = {};
+    setCustomHeader(TRUSTIFY_DA_TOKEN_HEADER, headers, 'TRUSTIFY_DA_TOKEN', opts);
+    setCustomHeader(TRUSTIFY_DA_SOURCE_HEADER, headers, 'TRUSTIFY_DA_SOURCE', opts);
+    setCustomHeader(TRUSTIFY_DA_OPERATION_TYPE_HEADER, headers, TRUSTIFY_DA_OPERATION_TYPE_HEADER.toUpperCase().replaceAll("-", "_"), opts);
+    setCustomHeader(TRUSTIFY_DA_PACKAGE_MANAGER_HEADER, headers, TRUSTIFY_DA_PACKAGE_MANAGER_HEADER.toUpperCase().replaceAll("-", "_"), opts);
+    setCustomHeader(TRUSTIFY_DA_TELEMETRY_ID_HEADER, headers, 'TRUSTIFY_DA_TELEMETRY_ID', opts);
+    if (getCustom("TRUSTIFY_DA_DEBUG", null, opts) === "true") {
+        console.log("Headers Values to be sent to Trustify DA backend:" + EOL);
+        for (const headerKey in headers) {
+            if (!headerKey.match(RegexNotToBeLogged)) {
+                console.log(`${headerKey}: ${headers[headerKey]}`);
+            }
+        }
+    }
+    return headers;
+}
+/**
+ *
+ * @param {string} headerName - the header name to populate in request
+ * @param headers
+ * @param {string} optsKey - key in the options object to use the value for
+ * @param {import("index.js").Options} [opts={}] - options input object to fetch header values from
+ * @private
+ */
+function setCustomHeader(headerName, headers, optsKey, opts) {
+    let customHeaderValue = getCustom(optsKey, null, opts);
+    if (customHeaderValue) {
+        headers[headerName] = customHeaderValue;
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@trustify-da/trustify-da-javascript-client",
-	"version": "0.3.0-ea.63ae5c2",
+	"version": "0.3.0-ea.6549d2a",
 	"description": "Code-Ready Dependency Analytics JavaScript API.",
 	"license": "Apache-2.0",
 	"homepage": "https://github.com/guacsec/trustify-da-javascript-client#README.md",
@@ -59,7 +59,7 @@
 	},
 	"devDependencies": {
 		"@babel/core": "^7.23.2",
-		"@trustify-da/trustify-da-api-model": "^2.0.1",
+		"@trustify-da/trustify-da-api-model": "^2.0.7",
 		"@types/node": "^20.17.30",
 		"@types/which": "^3.0.4",
 		"babel-plugin-rewire": "^1.2.0",