scanoss 0.11.0 → 0.11.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/build/main/cli/bin/cli-bin.js +55 -54
- package/build/main/sdk/Dependencies/LocalDependency/parsers/npmParser.js +19 -18
- package/build/main/sdk/Dependencies/LocalDependency/parsers/parser.spec.js +191 -69
- package/build/main/tsconfig.tsbuildinfo +14 -10
- package/build/module/cli/bin/cli-bin.js +57 -56
- package/build/module/sdk/Dependencies/LocalDependency/parsers/npmParser.js +19 -18
- package/build/module/sdk/Dependencies/LocalDependency/parsers/parser.spec.js +194 -72
- package/build/module/tsconfig.module.tsbuildinfo +14 -10
- package/package.json +4 -7
package/README.md
CHANGED
|
@@ -66,7 +66,7 @@ Note: the --dependencies flag is not applicable here, given that manifest files
|
|
|
66
66
|
|
|
67
67
|
The manifest files acknowledged during the scanning process are:
|
|
68
68
|
|
|
69
|
-
* Python: requirements.txt
|
|
69
|
+
* Python: requirements.txt, pyproject.toml
|
|
70
70
|
* Java: pom.xml
|
|
71
71
|
* Javascript: package.json, package-lock.json, yarn.lock
|
|
72
72
|
* Ruby: Gemfile, Gemfile.lock
|
|
@@ -1,77 +1,78 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
const commander_1 = require("commander");
|
|
4
|
+
const Utils_1 = require("../../sdk/Utils/Utils");
|
|
4
5
|
const dep_1 = require("../commands/dep");
|
|
5
|
-
const wfp_1 = require("../commands/wfp");
|
|
6
6
|
const scan_1 = require("../commands/scan");
|
|
7
|
-
const
|
|
7
|
+
const wfp_1 = require("../commands/wfp");
|
|
8
8
|
function CLIErrorHandler(e) {
|
|
9
|
-
console.error(
|
|
9
|
+
console.error(" ");
|
|
10
10
|
console.error(e);
|
|
11
11
|
process.exit(1);
|
|
12
12
|
}
|
|
13
13
|
async function main() {
|
|
14
|
-
commander_1.
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
.option('-v, --verbose', 'Makes scan operation verbose')
|
|
44
|
-
.action((source, options) => {
|
|
14
|
+
const scan = new commander_1.Command("scan");
|
|
15
|
+
scan.addArgument(new commander_1.Argument("<source>"));
|
|
16
|
+
scan.description("Scan a folder/file");
|
|
17
|
+
scan.addHelpText("after", "Example:\n$ scanoss-js scan -o scan-output.json <source-folder>");
|
|
18
|
+
scan.addOption(new commander_1.Option("-w, --wfp", "Scan a .wfp file instead of a folder"));
|
|
19
|
+
scan.addOption(new commander_1.Option("-H, --hpsm", "Scan using winnowing high precision matching"));
|
|
20
|
+
scan.addOption(new commander_1.Option("-x, --extract", "Extract compressed files before launch scan in folder <<zip_name>>-unzipped"));
|
|
21
|
+
scan.addOption(new commander_1.Option(" --extract-overwrite", "Overwrite folder when decompressing if exists"));
|
|
22
|
+
scan.addOption(new commander_1.Option(" --extract-deep <number>", "Sets uncompress recursion level"));
|
|
23
|
+
scan.addOption(new commander_1.Option(" --extract-suffix <suffix>", "Sets suffix for the folder name"));
|
|
24
|
+
scan.addOption(new commander_1.Option("-c, --concurrency <number>", "Number of concurrent connections to use while scanning (optional -default 10)"));
|
|
25
|
+
scan.addOption(new commander_1.Option("-n, --ignore <ignore>", "Ignore components specified in the SBOM file"));
|
|
26
|
+
scan.addOption(new commander_1.Option("-o, --output <filename>", "Output result file name (optional - default stdout)"));
|
|
27
|
+
scan.addOption(new commander_1.Option("-f, --format <format>", "Result output format").choices(["json", "html"]));
|
|
28
|
+
scan.addOption(new commander_1.Option("-F, --flags <flags>", "Scanning engine flags (1: disable snippet matching, 2 enable snippet ids, 4: disable dependencies, 8: disable licenses, 16: disable copyrights,32: disable vulnerabilities, 64: disable quality, 128: disable cryptography,256: disable best match, 512: Report identified files)"));
|
|
29
|
+
scan.addOption(new commander_1.Option("-P, --post-size postsize>", "Number of kilobytes to limit the post to while scanning (optional - default 32)"));
|
|
30
|
+
scan.addOption(new commander_1.Option("-R, --max-retry <retry>", "Max number of retries for each POST (optional -default 5)"));
|
|
31
|
+
scan.addOption(new commander_1.Option("-M, --timeout <timeout>", "Timeout (in seconds) for API communication (optional -default 120)"));
|
|
32
|
+
scan.addOption(new commander_1.Option(" --obfuscate", "Obfuscate fingerprints"));
|
|
33
|
+
scan.addOption(new commander_1.Option("-D, --dependencies", "Add dependency scanning"));
|
|
34
|
+
scan.addOption(new commander_1.Option(" --apiurl <apiurl>", "SCANOSS API URL (optional - default: https://osskb.org/api/scan/direct)"));
|
|
35
|
+
scan.addOption(new commander_1.Option(" --api2url <api2url>", "SCANOSS gRPC API 2.0 URL (optional - default: scanoss.com:443)"));
|
|
36
|
+
scan.addOption(new commander_1.Option("-k, --key <key>", "SCANOSS API Key token (optional - not required for default OSSKB URL)"));
|
|
37
|
+
scan.addOption(new commander_1.Option(" --ignore-cert-errors", "Ignore self signed certificate errors"));
|
|
38
|
+
scan.addOption(new commander_1.Option(" --ca-cert <cert>", "Specify a path for a cert used in SSL/TLS connection"));
|
|
39
|
+
scan.addOption(new commander_1.Option(" --proxy <proxy>", "Proxy URL to use for connections (optional). Can also use the environment variable \"HTTPS_PROXY=[ip]:[port]\" and \"grcp_proxy=[ip]:[port]\" for gRPC"));
|
|
40
|
+
scan.addOption(new commander_1.Option(" --pac <pac>", "Proxy auto configuration (optional). Specify a file, http url or ftp url"));
|
|
41
|
+
scan.addOption(new commander_1.Option("-v, --verbose", "Makes scan operation verbose"));
|
|
42
|
+
scan.action((source, options) => {
|
|
45
43
|
scan_1.scanHandler(source, options).catch((e) => {
|
|
46
44
|
CLIErrorHandler(e);
|
|
47
45
|
});
|
|
48
|
-
})
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
commander_1.
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
.option('-o, --output <filename>', 'Output result file name (optional - default stdout)')
|
|
56
|
-
.option('-a, --grpc-host <host>', 'SCANOSS GRPC HOST (optional - default: scanoss.com:443)')
|
|
57
|
-
.action((source, options) => {
|
|
46
|
+
});
|
|
47
|
+
const dependencies = new commander_1.Command("dep");
|
|
48
|
+
dependencies.description("Scan for dependencies");
|
|
49
|
+
dependencies.addArgument(new commander_1.Argument("<source>"));
|
|
50
|
+
dependencies.addOption(new commander_1.Option("-o, --output <filename>", "Output result file name (optional - default stdout)"));
|
|
51
|
+
dependencies.addOption(new commander_1.Option("-a, --grpc-host <host>", "SCANOSS GRPC HOST (optional - default: scanoss.com:443)"));
|
|
52
|
+
dependencies.action((source, options) => {
|
|
58
53
|
dep_1.depHandler(source, options).catch((e) => {
|
|
59
54
|
CLIErrorHandler(e);
|
|
60
55
|
});
|
|
61
56
|
});
|
|
62
|
-
commander_1.
|
|
63
|
-
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
57
|
+
const fingerprint = new commander_1.Command("wfp");
|
|
58
|
+
fingerprint.addArgument(new commander_1.Argument("<source>"));
|
|
59
|
+
fingerprint.description("Generates fingerprints for a folder/file");
|
|
60
|
+
fingerprint.addOption(new commander_1.Option("-H, --hpsm", "Scan using winnowing high precision matching"));
|
|
61
|
+
fingerprint.addOption(new commander_1.Option("--obfuscate", "Obfuscate fingerprints"));
|
|
62
|
+
fingerprint.addOption(new commander_1.Option("-o, --output <filename>", "Output result file name (optional - default stdout)"));
|
|
63
|
+
fingerprint.addOption(new commander_1.Option("-p, --block-size <size>", "Maximum size in Kb for each fingerprint block (optional - default 64Kb)"));
|
|
64
|
+
fingerprint.action((source, options) => {
|
|
70
65
|
wfp_1.wfpHandler(source, options).catch((e) => {
|
|
71
66
|
CLIErrorHandler(e);
|
|
72
67
|
});
|
|
73
68
|
});
|
|
74
|
-
|
|
69
|
+
const program = new commander_1.Command();
|
|
70
|
+
program.version(Utils_1.Utils.getPackageVersion());
|
|
71
|
+
program.description("The SCANOSS JS package provides a simple, easy to consume module for interacting with SCANOSS APIs/Engine.");
|
|
72
|
+
program.addCommand(scan);
|
|
73
|
+
program.addCommand(dependencies);
|
|
74
|
+
program.addCommand(fingerprint);
|
|
75
|
+
await program.parseAsync(process.argv);
|
|
75
76
|
}
|
|
76
77
|
try {
|
|
77
78
|
main();
|
|
@@ -80,4 +81,4 @@ catch (e) {
|
|
|
80
81
|
console.error(e);
|
|
81
82
|
process.exit(1);
|
|
82
83
|
}
|
|
83
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
84
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2xpLWJpbi5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uL3NyYy9jbGkvYmluL2NsaS1iaW4udHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7QUFDQSx5Q0FBc0Q7QUFFdEQsaURBQThDO0FBQzlDLHlDQUE2QztBQUM3QywyQ0FBK0M7QUFDL0MseUNBQTZDO0FBRTdDLFNBQVMsZUFBZSxDQUFDLENBQVE7SUFDL0IsT0FBTyxDQUFDLEtBQUssQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNuQixPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDO0lBQ2pCLE9BQU8sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7QUFDbEIsQ0FBQztBQUVELEtBQUssVUFBVSxJQUFJO0lBRWpCLE1BQU0sSUFBSSxHQUFHLElBQUksbUJBQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQztJQUNqQyxJQUFJLENBQUMsV0FBVyxDQUFDLElBQUksb0JBQVEsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDO0lBQzNDLElBQUksQ0FBQyxXQUFXLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUN2QyxJQUFJLENBQUMsV0FBVyxDQUFDLE9BQU8sRUFBRSxpRUFBaUUsQ0FBQyxDQUFDO0lBRTdGLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxrQkFBTSxDQUFDLFdBQVcsRUFBRSxzQ0FBc0MsQ0FBQyxDQUFDLENBQUM7SUFDaEYsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLGtCQUFNLENBQUMsWUFBWSxFQUFFLDhDQUE4QyxDQUFDLENBQUMsQ0FBQztJQUN6RixJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksa0JBQU0sQ0FBQyxlQUFlLEVBQUUsNkVBQTZFLENBQUMsQ0FBQyxDQUFDO0lBQzNILElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxrQkFBTSxDQUFDLHdCQUF3QixFQUFFLCtDQUErQyxDQUFDLENBQUMsQ0FBQztJQUN0RyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksa0JBQU0sQ0FBQyw0QkFBNEIsRUFBRSxpQ0FBaUMsQ0FBQyxDQUFDLENBQUM7SUFDNUYsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLGtCQUFNLENBQUMsOEJBQThCLEVBQUUsaUNBQWlDLENBQUMsQ0FBQyxDQUFDO0lBQzlGLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxrQkFBTSxDQUFDLDRCQUE0QixFQUFFLCtFQUErRSxDQUFDLENBQUMsQ0FBQztJQUMxSSxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksa0JBQU0sQ0FBQyx1QkFBdUIsRUFBRSw4Q0FBOEMsQ0FBQyxDQUFDLENBQUM7SUFDcEcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLGtCQUFNLENBQUMseUJBQXlCLEVBQUUscURBQXFELENBQUMsQ0FBQyxDQUFDO0lBQzdHLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxrQkFBTSxDQUFDLHVCQUF1QixFQUFFLHNCQUFzQixDQUFDLENBQUMsT0FBTyxDQUFDLENBQUMsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUN0RyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksa0JBQU0sQ0FBQyxxQkFBcUIsRUFBRSxtUkFBbVIsQ0FBQyxDQUFDLENBQUM7SUFDdlUsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLGtCQUFNLENBQUMsMkJBQTJCLEVBQUUsaUZBQWlGLENBQUMsQ0FBQyxDQUFDO0lBQzNJLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxrQkFBTSxDQUFDLHlCQUF5QixFQUFFLDJEQUEyRCxDQUFDLENBQUMsQ0FBQztJQUNuSCxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksa0JBQU0sQ0FBQyx5QkFBeUIsRUFBRSxvRUFBb0UsQ0FBQyxDQUFDLENBQUM7SUFDNUgsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLGtCQUFNLENBQUMsaUJBQWlCLEVBQUUsd0JBQXdCLENBQUMsQ0FBQyxDQUFDO0lBQ3hFLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxrQkFBTSxDQUFDLG9CQUFvQixFQUFFLHlCQUF5QixDQUFDLENBQUMsQ0FBQztJQUM1RSxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksa0JBQU0sQ0FBQyx1QkFBdUIsRUFBRSx5RUFBeUUsQ0FBQyxDQUFDLENBQUM7SUFDL0gsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLGtCQUFNLENBQUMseUJBQXlCLEVBQUUsZ0VBQWdFLENBQUMsQ0FBQyxDQUFDO0lBQ3hILElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxrQkFBTSxDQUFDLGlCQUFpQixFQUFFLHVFQUF1RSxDQUFDLENBQUMsQ0FBQztJQUN2SCxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksa0JBQU0sQ0FBQywwQkFBMEIsRUFBRSx1Q0FBdUMsQ0FBQyxDQUFDLENBQUM7SUFDaEcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLGtCQUFNLENBQUMsc0JBQXNCLEVBQUUsc0RBQXNELENBQUMsQ0FBQyxDQUFDO0lBQzNHLElBQUksQ0FBQyxTQUFTLENBQUMsSUFBSSxrQkFBTSxDQUFDLHFCQUFxQixFQUFFLHdKQUF3SixDQUFDLENBQUMsQ0FBQztJQUM1TSxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksa0JBQU0sQ0FBQyxpQkFBaUIsRUFBRSwwRUFBMEUsQ0FBQyxDQUFDLENBQUM7SUFDMUgsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLGtCQUFNLENBQUMsZUFBZSxFQUFFLDhCQUE4QixDQUFDLENBQUMsQ0FBQztJQUU1RSxJQUFJLENBQUMsTUFBTSxDQUFDLENBQUMsTUFBTSxFQUFFLE9BQU8sRUFBRSxFQUFFO1FBQzlCLGtCQUFXLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFO1lBQ3ZDLGVBQWUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNyQixDQUFDLENBQUMsQ0FBQztJQUNMLENBQUMsQ0FBQyxDQUFDO0lBR0gsTUFBTSxZQUFZLEdBQUcsSUFBSSxtQkFBTyxDQUFDLEtBQUssQ0FBQyxDQUFDO0lBQ3hDLFlBQVksQ0FBQyxXQUFXLENBQUMsdUJBQXVCLENBQUMsQ0FBQztJQUNsRCxZQUFZLENBQUMsV0FBVyxDQUFDLElBQUksb0JBQVEsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDO0lBRW5ELFlBQVksQ0FBQyxTQUFTLENBQUMsSUFBSSxrQkFBTSxDQUFDLHlCQUF5QixFQUFFLHFEQUFxRCxDQUFDLENBQUMsQ0FBQztJQUNySCxZQUFZLENBQUMsU0FBUyxDQUFDLElBQUksa0JBQU0sQ0FBQyx3QkFBd0IsRUFBRSx5REFBeUQsQ0FBQyxDQUFDLENBQUM7SUFFeEgsWUFBWSxDQUFDLE1BQU0sQ0FBQyxDQUFDLE1BQU0sRUFBRSxPQUFPLEVBQUUsRUFBRTtRQUN0QyxnQkFBVSxDQUFDLE1BQU0sRUFBRSxPQUFPLENBQUMsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLEVBQUUsRUFBRTtZQUN0QyxlQUFlLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDckIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDLENBQUMsQ0FBQztJQUdILE1BQU0sV0FBVyxHQUFHLElBQUksbUJBQU8sQ0FBQyxLQUFLLENBQUMsQ0FBQztJQUN2QyxXQUFXLENBQUMsV0FBVyxDQUFDLElBQUksb0JBQVEsQ0FBQyxVQUFVLENBQUMsQ0FBQyxDQUFDO0lBR2xELFdBQVcsQ0FBQyxXQUFXLENBQUMsMENBQTBDLENBQUMsQ0FBQztJQUNwRSxXQUFXLENBQUMsU0FBUyxDQUFDLElBQUksa0JBQU0sQ0FBQyxZQUFZLEVBQUUsOENBQThDLENBQUMsQ0FBQyxDQUFDO0lBQ2hHLFdBQVcsQ0FBQyxTQUFTLENBQUMsSUFBSSxrQkFBTSxDQUFDLGFBQWEsRUFBRSx3QkFBd0IsQ0FBQyxDQUFDLENBQUM7SUFDM0UsV0FBVyxDQUFDLFNBQVMsQ0FBQyxJQUFJLGtCQUFNLENBQUMseUJBQXlCLEVBQUUscURBQXFELENBQUMsQ0FBQyxDQUFDO0lBQ3BILFdBQVcsQ0FBQyxTQUFTLENBQUMsSUFBSSxrQkFBTSxDQUFDLHlCQUF5QixFQUFFLHlFQUF5RSxDQUFDLENBQUMsQ0FBQztJQUV4SSxXQUFXLENBQUMsTUFBTSxDQUFDLENBQUMsTUFBTSxFQUFFLE9BQU8sRUFBRSxFQUFFO1FBQ3JDLGdCQUFVLENBQUMsTUFBTSxFQUFFLE9BQU8sQ0FBQyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsRUFBRSxFQUFFO1lBQ3RDLGVBQWUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUNyQixDQUFDLENBQUMsQ0FBQztJQUNMLENBQUMsQ0FBQyxDQUFDO0lBR0gsTUFBTSxPQUFPLEdBQUcsSUFBSSxtQkFBTyxFQUFFLENBQUM7SUFDOUIsT0FBTyxDQUFDLE9BQU8sQ0FBQyxhQUFLLENBQUMsaUJBQWlCLEVBQUUsQ0FBQyxDQUFDO0lBQzNDLE9BQU8sQ0FBQyxXQUFXLENBQUMsNEdBQTRHLENBQUMsQ0FBQztJQUNsSSxPQUFPLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxDQUFDO0lBQ3pCLE9BQU8sQ0FBQyxVQUFVLENBQUMsWUFBWSxDQUFDLENBQUM7SUFDakMsT0FBTyxDQUFDLFVBQVUsQ0FBQyxXQUFXLENBQUMsQ0FBQztJQUVoQyxNQUFNLE9BQU8sQ0FBQyxVQUFVLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxDQUFDO0FBQ3pDLENBQUM7QUFFRCxJQUFJO0lBQ0YsSUFBSSxFQUFFLENBQUM7Q0FDUjtBQUFDLE9BQU8sQ0FBQyxFQUFFO0lBQ1YsT0FBTyxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztJQUNqQixPQUFPLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxDQUFDO0NBQ2pCIn0=
|
|
@@ -5,10 +5,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
5
5
|
exports.yarnLockV2Parser = exports.yarnLockV1Parser = exports.yarnLockRecognizeVersion = exports.yarnLockParser = exports.packagelockParser = exports.packageParser = void 0;
|
|
6
6
|
const path_1 = __importDefault(require("path"));
|
|
7
7
|
const packageurl_js_1 = require("packageurl-js");
|
|
8
|
-
const PURL_TYPE =
|
|
8
|
+
const PURL_TYPE = "npm";
|
|
9
9
|
// Parse a package.json file from node projects
|
|
10
10
|
// See reference on: https://docs.npmjs.com/cli/v8/configuring-npm/package-json
|
|
11
|
-
const MANIFEST_FILE =
|
|
11
|
+
const MANIFEST_FILE = "package.json";
|
|
12
12
|
function packageParser(fileContent, filePath) {
|
|
13
13
|
// If the file is not manifest file, return an empty results
|
|
14
14
|
const results = { file: filePath, purls: [] };
|
|
@@ -30,10 +30,11 @@ function packageParser(fileContent, filePath) {
|
|
|
30
30
|
exports.packageParser = packageParser;
|
|
31
31
|
// Parse a package-lock.json file from node projects
|
|
32
32
|
// See reference on: https://docs.npmjs.com/cli/v8/configuring-npm/package-json
|
|
33
|
+
const dRegex = new RegExp(/.*node_modules\/((?<scope>@.*)\/)?(?<p_name>.*)$/);
|
|
33
34
|
function packagelockParser(fileContent, filePath) {
|
|
34
35
|
var _a;
|
|
35
36
|
const results = { file: filePath, purls: [] };
|
|
36
|
-
if (path_1.default.basename(filePath) !=
|
|
37
|
+
if (path_1.default.basename(filePath) != "package-lock.json")
|
|
37
38
|
return Promise.resolve(results);
|
|
38
39
|
const packages = (_a = JSON.parse(fileContent)) === null || _a === void 0 ? void 0 : _a.packages;
|
|
39
40
|
if (!packages)
|
|
@@ -41,10 +42,9 @@ function packagelockParser(fileContent, filePath) {
|
|
|
41
42
|
for (const [key, value] of Object.entries(packages)) {
|
|
42
43
|
if (!key)
|
|
43
44
|
continue;
|
|
44
|
-
const
|
|
45
|
-
|
|
46
|
-
let
|
|
47
|
-
let req = value['version'];
|
|
45
|
+
const dep = key.match(dRegex);
|
|
46
|
+
let purl = new packageurl_js_1.PackageURL(PURL_TYPE, dep.groups.scope, dep.groups.p_name, undefined, undefined, undefined).toString();
|
|
47
|
+
let req = value["version"];
|
|
48
48
|
results.purls.push({ purl: purl, requirement: req });
|
|
49
49
|
}
|
|
50
50
|
return Promise.resolve(results);
|
|
@@ -52,7 +52,7 @@ function packagelockParser(fileContent, filePath) {
|
|
|
52
52
|
exports.packagelockParser = packagelockParser;
|
|
53
53
|
function yarnLockParser(fileContent, filePath) {
|
|
54
54
|
const results = { file: filePath, purls: [] };
|
|
55
|
-
if (path_1.default.basename(filePath) !=
|
|
55
|
+
if (path_1.default.basename(filePath) != "yarn.lock")
|
|
56
56
|
return Promise.resolve(results);
|
|
57
57
|
const yarnVersion = yarnLockRecognizeVersion(fileContent);
|
|
58
58
|
if (yarnVersion === YarnLockVersionEnum.V1)
|
|
@@ -82,9 +82,9 @@ var YarnLockVersionEnum;
|
|
|
82
82
|
function yarnLockRecognizeVersion(fileContent) {
|
|
83
83
|
const yarn = fileContent.split("\n", 10); //Check only the first 10 lines;
|
|
84
84
|
for (const line of yarn) {
|
|
85
|
-
if (line.includes(
|
|
85
|
+
if (line.includes("__metadata:"))
|
|
86
86
|
return YarnLockVersionEnum.V2;
|
|
87
|
-
if (line.includes(
|
|
87
|
+
if (line.includes("yarn lockfile v1"))
|
|
88
88
|
return YarnLockVersionEnum.V1;
|
|
89
89
|
}
|
|
90
90
|
return YarnLockVersionEnum.UnknownYarnLockFormat;
|
|
@@ -114,18 +114,19 @@ function yarnLockV1Parser(fileContent, filePath) {
|
|
|
114
114
|
for (const dep_line of dep_lines) {
|
|
115
115
|
// Clean comments and empty lines
|
|
116
116
|
const trimmed = dep_line.trim();
|
|
117
|
-
const comment = trimmed.startsWith(
|
|
117
|
+
const comment = trimmed.startsWith("#");
|
|
118
118
|
if (!trimmed || comment)
|
|
119
119
|
continue;
|
|
120
120
|
// Do nothing with it's own dependencies
|
|
121
121
|
// "@babel/code-frame" "^7.0.0"
|
|
122
122
|
// "@babel/generator" "^7.3.4"
|
|
123
|
-
if (dep_line.startsWith(
|
|
123
|
+
if (dep_line.startsWith(" ".repeat(4))) {
|
|
124
|
+
}
|
|
124
125
|
// version "7.3.4"
|
|
125
126
|
// resolved "https://registry.yarnpkg.com/@babel/core/-/core-7.3.4.tgz#921a5a13746c21e32445bf0798680e9d11a6530b"
|
|
126
127
|
// integrity sha512-jRsuseXBo9pN197KnDwhhaaBzyZr2oIcLHHTt2oDdQrej5Qp57dCCJafWx5ivU8/alEYDpssYqv1MUqcxwQlrA==
|
|
127
128
|
// dependencies:
|
|
128
|
-
else if (dep_line.startsWith(
|
|
129
|
+
else if (dep_line.startsWith(" ".repeat(2))) {
|
|
129
130
|
const dep = trimmed.split(" ");
|
|
130
131
|
const key = dep[0].trim();
|
|
131
132
|
if (key !== "dependencies:" && key !== "optionalDependencies:") {
|
|
@@ -134,7 +135,7 @@ function yarnLockV1Parser(fileContent, filePath) {
|
|
|
134
135
|
}
|
|
135
136
|
// the first line of a dependency has the name and requirements
|
|
136
137
|
//"@babel/core@^7.1.0", "@babel/core@^7.3.4":
|
|
137
|
-
else if (!dep_line.startsWith(
|
|
138
|
+
else if (!dep_line.startsWith(" ")) {
|
|
138
139
|
const dep = dep_line.replace(/:/g, "").split(",");
|
|
139
140
|
const requirements = dep.map(line => line.trim().replace(/"|'/g, ""));
|
|
140
141
|
for (const req of requirements) {
|
|
@@ -142,7 +143,7 @@ function yarnLockV1Parser(fileContent, filePath) {
|
|
|
142
143
|
let constraint = req.slice(atIndex + 1); // gets ^7.1.0
|
|
143
144
|
constraint = constraint.replace(/"|'/g, "");
|
|
144
145
|
const ns_name = req.slice(0, atIndex);
|
|
145
|
-
let ns =
|
|
146
|
+
let ns = "";
|
|
146
147
|
let name = ns_name;
|
|
147
148
|
if (ns_name.includes("/")) {
|
|
148
149
|
const slashIndex = req.lastIndexOf("/");
|
|
@@ -164,9 +165,9 @@ function yarnLockV1Parser(fileContent, filePath) {
|
|
|
164
165
|
const topRequirement = topRequirements[0];
|
|
165
166
|
const namespace = topRequirement.ns;
|
|
166
167
|
const name = topRequirement.name;
|
|
167
|
-
const version = dependencyData[
|
|
168
|
+
const version = dependencyData["version"];
|
|
168
169
|
const purl = new packageurl_js_1.PackageURL(PURL_TYPE, namespace, name, version, undefined, undefined).toString();
|
|
169
|
-
let requirement =
|
|
170
|
+
let requirement = "";
|
|
170
171
|
for (const topRequirement of topRequirements) {
|
|
171
172
|
requirement += topRequirement.constraint + ", ";
|
|
172
173
|
}
|
|
@@ -184,4 +185,4 @@ function yarnLockV2Parser(fileContent, filePath) {
|
|
|
184
185
|
return Promise.resolve(results);
|
|
185
186
|
}
|
|
186
187
|
exports.yarnLockV2Parser = yarnLockV2Parser;
|
|
187
|
-
//# sourceMappingURL=data:application/json;base64,
|
|
188
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoibnBtUGFyc2VyLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vLi4vLi4vLi4vLi4vc3JjL3Nkay9EZXBlbmRlbmNpZXMvTG9jYWxEZXBlbmRlbmN5L3BhcnNlcnMvbnBtUGFyc2VyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7O0FBQUEsZ0RBQXdCO0FBQ3hCLGlEQUEyQztBQUczQyxNQUFNLFNBQVMsR0FBRyxLQUFLLENBQUM7QUFHeEIsK0NBQStDO0FBQy9DLCtFQUErRTtBQUMvRSxNQUFNLGFBQWEsR0FBRyxjQUFjLENBQUM7QUFFckMsU0FBZ0IsYUFBYSxDQUFDLFdBQW1CLEVBQUUsUUFBZ0I7SUFDakUsNERBQTREO0lBQzVELE1BQU0sT0FBTyxHQUFxQixFQUFFLElBQUksRUFBRSxRQUFRLEVBQUUsS0FBSyxFQUFFLEVBQUUsRUFBRSxDQUFDO0lBQ2hFLElBQUksY0FBSSxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUMsSUFBSSxhQUFhO1FBQzFDLE9BQU8sT0FBTyxDQUFDLE9BQU8sQ0FBQyxPQUFPLENBQUMsQ0FBQztJQUVsQyxNQUFNLENBQUMsR0FBRyxJQUFJLENBQUMsS0FBSyxDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQ2xDLElBQUksT0FBTyxHQUFHLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLGVBQWUsSUFBSSxFQUFFLENBQUMsQ0FBQztJQUNuRCxJQUFJLElBQUksR0FBRyxNQUFNLENBQUMsSUFBSSxDQUFDLENBQUMsQ0FBQyxZQUFZLElBQUksRUFBRSxDQUFDLENBQUM7SUFFN0MsS0FBSyxNQUFNLElBQUksSUFBSSxJQUFJLEVBQUU7UUFDdkIsTUFBTSxVQUFVLEdBQUcsSUFBSSwwQkFBVSxDQUFDLFNBQVMsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDMUcsT0FBTyxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLEtBQUssRUFBRSxjQUFjLEVBQUUsV0FBVyxFQUFFLENBQUMsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxDQUFDO0tBQ3BHO0lBRUQsS0FBSyxNQUFNLElBQUksSUFBSSxPQUFPLEVBQUU7UUFDMUIsTUFBTSxVQUFVLEdBQUcsSUFBSSwwQkFBVSxDQUFDLFNBQVMsRUFBRSxTQUFTLEVBQUUsSUFBSSxFQUFFLFNBQVMsRUFBRSxTQUFTLEVBQUUsU0FBUyxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUM7UUFDMUcsT0FBTyxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsRUFBRSxJQUFJLEVBQUUsVUFBVSxFQUFFLEtBQUssRUFBRSxpQkFBaUIsRUFBRSxXQUFXLEVBQUUsQ0FBQyxDQUFDLGVBQWUsQ0FBQyxJQUFJLENBQUMsRUFBRSxDQUFDLENBQUM7S0FDMUc7SUFFRCxPQUFPLE9BQU8sQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUM7QUFDbEMsQ0FBQztBQXJCRCxzQ0FxQkM7QUFHRCxvREFBb0Q7QUFDcEQsK0VBQStFO0FBRS9FLE1BQU0sTUFBTSxHQUFHLElBQUksTUFBTSxDQUFDLGtEQUFrRCxDQUFDLENBQUM7QUFFOUUsU0FBZ0IsaUJBQWlCLENBQUMsV0FBbUIsRUFBRSxRQUFnQjs7SUFFckUsTUFBTSxPQUFPLEdBQXFCLEVBQUUsSUFBSSxFQUFFLFFBQVEsRUFBRSxLQUFLLEVBQUUsRUFBRSxFQUFFLENBQUM7SUFFaEUsSUFBSSxjQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxJQUFJLG1CQUFtQjtRQUNoRCxPQUFPLE9BQU8sQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUM7SUFFbEMsTUFBTSxRQUFRLFNBQUcsSUFBSSxDQUFDLEtBQUssQ0FBQyxXQUFXLENBQUMsMENBQUUsUUFBUSxDQUFDO0lBRW5ELElBQUksQ0FBQyxRQUFRO1FBQUUsT0FBTyxPQUFPLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBRS9DLEtBQUssTUFBTSxDQUFDLEdBQUcsRUFBRSxLQUFLLENBQUMsSUFBSSxNQUFNLENBQUMsT0FBTyxDQUFDLFFBQVEsQ0FBQyxFQUFFO1FBQ25ELElBQUksQ0FBQyxHQUFHO1lBQUUsU0FBUztRQUVuQixNQUFNLEdBQUcsR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBRTlCLElBQUksSUFBSSxHQUFHLElBQUksMEJBQVUsQ0FBQyxTQUFTLEVBQUUsR0FBRyxDQUFDLE1BQU0sQ0FBQyxLQUFLLEVBQUUsR0FBRyxDQUFDLE1BQU0sQ0FBQyxNQUFNLEVBQUUsU0FBUyxFQUFFLFNBQVMsRUFBRSxTQUFTLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQztRQUN0SCxJQUFJLEdBQUcsR0FBRyxLQUFLLENBQUMsU0FBUyxDQUFDLENBQUM7UUFDM0IsT0FBTyxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsRUFBRSxJQUFJLEVBQUUsSUFBSSxFQUFFLFdBQVcsRUFBRSxHQUFHLEVBQUUsQ0FBQyxDQUFDO0tBQ3REO0lBRUQsT0FBTyxPQUFPLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0FBQ2xDLENBQUM7QUF0QkQsOENBc0JDO0FBR0QsU0FBZ0IsY0FBYyxDQUFDLFdBQW1CLEVBQUUsUUFBZ0I7SUFDbEUsTUFBTSxPQUFPLEdBQXFCLEVBQUUsSUFBSSxFQUFFLFFBQVEsRUFBRSxLQUFLLEVBQUUsRUFBRSxFQUFFLENBQUM7SUFFaEUsSUFBSSxjQUFJLENBQUMsUUFBUSxDQUFDLFFBQVEsQ0FBQyxJQUFJLFdBQVc7UUFDeEMsT0FBTyxPQUFPLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0lBRWxDLE1BQU0sV0FBVyxHQUFHLHdCQUF3QixDQUFDLFdBQVcsQ0FBQyxDQUFDO0lBQzFELElBQUksV0FBVyxLQUFLLG1CQUFtQixDQUFDLEVBQUU7UUFBRSxPQUFPLGdCQUFnQixDQUFDLFdBQVcsRUFBRSxRQUFRLENBQUMsQ0FBQztTQUN0RixJQUFJLFdBQVcsS0FBSyxtQkFBbUIsQ0FBQyxFQUFFO1FBQUUsT0FBTyxnQkFBZ0IsQ0FBQyxXQUFXLEVBQUUsUUFBUSxDQUFDLENBQUM7SUFFaEcsT0FBTyxPQUFPLENBQUMsT0FBTyxDQUFDLE9BQU8sQ0FBQyxDQUFDO0FBQ2xDLENBQUM7QUFYRCx3Q0FXQztBQUVELElBQUssbUJBSUo7QUFKRCxXQUFLLG1CQUFtQjtJQUN0Qix5REFBSSxDQUFBO0lBQ0oseURBQUksQ0FBQTtJQUNKLCtGQUFxQixDQUFBO0FBQ3ZCLENBQUMsRUFKSSxtQkFBbUIsS0FBbkIsbUJBQW1CLFFBSXZCO0FBRUQ7Ozs7Ozs7Ozs7R0FVRztBQUNILFNBQWdCLHdCQUF3QixDQUFDLFdBQW1CO0lBRTFELE1BQU0sSUFBSSxHQUFHLFdBQVcsQ0FBQyxLQUFLLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsZ0NBQWdDO0lBQzFFLEtBQUssTUFBTSxJQUFJLElBQUksSUFBSSxFQUFFO1FBQ3ZCLElBQUksSUFBSSxDQUFDLFFBQVEsQ0FBQyxhQUFhLENBQUM7WUFBRSxPQUFPLG1CQUFtQixDQUFDLEVBQUUsQ0FBQztRQUNoRSxJQUFJLElBQUksQ0FBQyxRQUFRLENBQUMsa0JBQWtCLENBQUM7WUFBRSxPQUFPLG1CQUFtQixDQUFDLEVBQUUsQ0FBQztLQUN0RTtJQUNELE9BQU8sbUJBQW1CLENBQUMscUJBQXFCLENBQUM7QUFDbkQsQ0FBQztBQVJELDREQVFDO0FBRUQsU0FBZ0IsZ0JBQWdCLENBQUMsV0FBbUIsRUFBRSxRQUFnQjtJQUVwRSxNQUFNLE9BQU8sR0FBcUIsRUFBRSxJQUFJLEVBQUUsUUFBUSxFQUFFLEtBQUssRUFBRSxFQUFFLEVBQUUsQ0FBQztJQUVoRSxrREFBa0Q7SUFDbEQ7Ozs7Ozs7O09BUUc7SUFDSCxNQUFNLGVBQWUsR0FBRyxXQUFXLENBQUMsS0FBSyxDQUFDLE1BQU0sQ0FBQyxDQUFDO0lBRWxELEtBQUssTUFBTSxhQUFhLElBQUksZUFBZSxFQUFFO1FBRzNDLE1BQU0sY0FBYyxHQUEyQixFQUFFLENBQUM7UUFDbEQsTUFBTSxlQUFlLEdBQUcsRUFBRSxDQUFDO1FBRTNCLE1BQU0sU0FBUyxHQUFHLGFBQWEsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDNUMsSUFBSSxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxJQUFJLElBQUksQ0FBQztZQUFFLFNBQVMsQ0FBQyx1QkFBdUI7UUFDckcsSUFBSSxTQUFTLENBQUMsS0FBSyxDQUFDLENBQUMsSUFBSSxFQUFFLEVBQUUsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLElBQUksRUFBRSxDQUFDO1lBQUUsU0FBUyxDQUFFLDJCQUEyQjtRQUV4RixLQUFLLE1BQU0sUUFBUSxJQUFJLFNBQVMsRUFBRTtZQUVoQyxpQ0FBaUM7WUFDakMsTUFBTSxPQUFPLEdBQUcsUUFBUSxDQUFDLElBQUksRUFBRSxDQUFDO1lBQ2hDLE1BQU0sT0FBTyxHQUFHLE9BQU8sQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLENBQUM7WUFDeEMsSUFBSSxDQUFDLE9BQU8sSUFBSSxPQUFPO2dCQUFFLFNBQVM7WUFFbEMsd0NBQXdDO1lBQ3hDLGtDQUFrQztZQUNsQyxpQ0FBaUM7WUFDakMsSUFBSSxRQUFRLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRTthQUN2QztZQUVDLG1CQUFtQjtZQUNuQixpSEFBaUg7WUFDakgsNkdBQTZHO1lBQy9HLGlCQUFpQjtpQkFDWixJQUFJLFFBQVEsQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLE1BQU0sQ0FBQyxDQUFDLENBQUMsQ0FBQyxFQUFFO2dCQUMzQyxNQUFNLEdBQUcsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO2dCQUMvQixNQUFNLEdBQUcsR0FBRyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7Z0JBQzFCLElBQUksR0FBRyxLQUFLLGVBQWUsSUFBSSxHQUFHLEtBQUssdUJBQXVCLEVBQUU7b0JBQzlELGNBQWMsQ0FBQyxHQUFHLENBQUMsR0FBRyxHQUFHLENBQUMsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQUMsQ0FBQztpQkFDcEQ7YUFDRjtZQUVDLCtEQUErRDtZQUNqRSw2Q0FBNkM7aUJBQ3hDLElBQUksQ0FBQyxRQUFRLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxFQUFFO2dCQUNsQyxNQUFNLEdBQUcsR0FBRyxRQUFRLENBQUMsT0FBTyxDQUFDLElBQUksRUFBRSxFQUFFLENBQUMsQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7Z0JBQ2xELE1BQU0sWUFBWSxHQUFHLEdBQUcsQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUMsT0FBTyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDO2dCQUV0RSxLQUFLLE1BQU0sR0FBRyxJQUFJLFlBQVksRUFBRTtvQkFFOUIsTUFBTSxPQUFPLEdBQUcsR0FBRyxDQUFDLFdBQVcsQ0FBQyxHQUFHLENBQUMsQ0FBQztvQkFFckMsSUFBSSxVQUFVLEdBQUcsR0FBRyxDQUFDLEtBQUssQ0FBQyxPQUFPLEdBQUcsQ0FBQyxDQUFDLENBQUMsQ0FBRSxjQUFjO29CQUN4RCxVQUFVLEdBQUcsVUFBVSxDQUFDLE9BQU8sQ0FBQyxNQUFNLEVBQUUsRUFBRSxDQUFDLENBQUM7b0JBRTVDLE1BQU0sT0FBTyxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLE9BQU8sQ0FBQyxDQUFDO29CQUV0QyxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUM7b0JBQ1osSUFBSSxJQUFJLEdBQUcsT0FBTyxDQUFDO29CQUNuQixJQUFJLE9BQU8sQ0FBQyxRQUFRLENBQUMsR0FBRyxDQUFDLEVBQUU7d0JBQ3pCLE1BQU0sVUFBVSxHQUFHLEdBQUcsQ0FBQyxXQUFXLENBQUMsR0FBRyxDQUFDLENBQUM7d0JBQ3hDLEVBQUUsR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDLENBQUMsRUFBRSxVQUFVLENBQUMsQ0FBQzt3QkFDbEMsSUFBSSxHQUFHLE9BQU8sQ0FBQyxLQUFLLENBQUMsVUFBVSxHQUFHLENBQUMsQ0FBQyxDQUFDO3FCQUN0QztvQkFFRCxlQUFlLENBQUMsSUFBSSxDQUFDLEVBQUUsVUFBVSxFQUFFLFVBQVUsRUFBRSxFQUFFLEVBQUUsRUFBRSxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsQ0FBQyxDQUFDO2lCQUN0RTthQUVGO1NBR0Y7UUFFRCxxRUFBcUU7UUFDckUsTUFBTSxhQUFhLEdBQUcsZUFBZSxDQUFDLEtBQUssQ0FBQyxDQUFDLGNBQWMsRUFBRSxFQUFFO1lBQzdELE9BQU8sY0FBYyxDQUFDLEVBQUUsS0FBSyxlQUFlLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRSxJQUFJLGNBQWMsQ0FBQyxJQUFJLEtBQUssZUFBZSxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQztRQUN4RyxDQUFDLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxhQUFhLEVBQUU7WUFDbEIsT0FBTyxDQUFDLEtBQUssQ0FBQyxzREFBc0QsQ0FBQyxDQUFDO1lBQ3RFLFNBQVM7U0FDVjtRQUNELE1BQU0sY0FBYyxHQUFHLGVBQWUsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUMxQyxNQUFNLFNBQVMsR0FBRyxjQUFjLENBQUMsRUFBRSxDQUFDO1FBQ3BDLE1BQU0sSUFBSSxHQUFHLGNBQWMsQ0FBQyxJQUFJLENBQUM7UUFDakMsTUFBTSxPQUFPLEdBQUcsY0FBYyxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQzFDLE1BQU0sSUFBSSxHQUFHLElBQUksMEJBQVUsQ0FBQyxTQUFTLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxPQUFPLEVBQUUsU0FBUyxFQUFFLFNBQVMsQ0FBQyxDQUFDLFFBQVEsRUFBRSxDQUFDO1FBRWxHLElBQUksV0FBVyxHQUFHLEVBQUUsQ0FBQztRQUNyQixLQUFLLE1BQU0sY0FBYyxJQUFJLGVBQWUsRUFBRTtZQUM1QyxXQUFXLElBQUksY0FBYyxDQUFDLFVBQVUsR0FBRyxJQUFJLENBQUM7U0FDakQ7UUFDRCxJQUFJLFdBQVcsQ0FBQyxRQUFRLENBQUMsSUFBSSxDQUFDLEVBQUU7WUFDOUIsV0FBVyxHQUFHLFdBQVcsQ0FBQyxLQUFLLENBQUMsQ0FBQyxFQUFFLFdBQVcsQ0FBQyxNQUFNLEdBQUcsQ0FBQyxDQUFDLENBQUM7U0FDNUQ7UUFFRCxPQUFPLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxFQUFFLElBQUksRUFBRSxJQUFJLEVBQUUsV0FBVyxFQUFFLFdBQVcsRUFBRSxDQUFDLENBQUM7S0FFOUQ7SUFHRCxPQUFPLE9BQU8sQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUM7QUFFbEMsQ0FBQztBQWhIRCw0Q0FnSEM7QUFHRCxxQ0FBcUM7QUFDckMsU0FBZ0IsZ0JBQWdCLENBQUMsV0FBbUIsRUFBRSxRQUFnQjtJQUVwRSxNQUFNLE9BQU8sR0FBcUIsRUFBRSxJQUFJLEVBQUUsUUFBUSxFQUFFLEtBQUssRUFBRSxFQUFFLEVBQUUsQ0FBQztJQUdoRSxPQUFPLE9BQU8sQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUM7QUFFbEMsQ0FBQztBQVBELDRDQU9DIn0=
|