scanoss 0.32.0 → 0.33.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/build/main/sdk/Cryptography/Helper/CryptographyHelper.js +10 -8
  3. package/build/main/sdk/Dependencies/LocalDependency/parsers/parser.spec.js +55 -1
  4. package/build/main/sdk/Dependencies/LocalDependency/parsers/python/PyProjectToml.js +86 -33
  5. package/build/main/tsconfig.tsbuildinfo +1 -1
  6. package/build/module/sdk/Cryptography/Helper/CryptographyHelper.js +11 -9
  7. package/build/module/sdk/Dependencies/LocalDependency/parsers/parser.spec.js +55 -1
  8. package/build/module/sdk/Dependencies/LocalDependency/parsers/python/PyProjectToml.js +86 -33
  9. package/build/module/tsconfig.module.tsbuildinfo +1 -1
  10. package/package.json +1 -1
package/build/main/sdk/Dependencies/LocalDependency/parsers/python/PyProjectToml.js CHANGED
@@ -3,42 +3,95 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  const rProjectTableContent = new RegExp(/\[project\]\s*\n(.*(?:\n(?!^\s*\[).*)*)/g);
4
4
  const rDependenciesSection = new RegExp(/dependencies\s*=\s*\[((?:[^\]]|\](?!\n))+)\]/);
5
5
  const purlPrefix = "pkg:pypi/";
6
- const pyProjectToml = async (fileContent, filePath) => {
7
- const result = { file: filePath, purls: [] };
8
- const projectTableMatch = fileContent.match(rProjectTableContent);
9
- if (!projectTableMatch)
10
- return result;
11
- const depKeyValueMatch = projectTableMatch[0].match(rDependenciesSection);
12
- if (!depKeyValueMatch)
13
- return result;
14
- const depValue = depKeyValueMatch[1].toString();
15
- /* At this point, depKeyValue contains the values for dependencies. Example:
16
- *
17
- * "requests",
18
- * # this should be ignored
19
- * 'importlib-metadata; python_version<"3.8"', #This line as well
20
- */
21
- /* The following code will place each dependency in an array (ignoring comments #) */
22
- const deps = depValue
23
- .replace(",", "\n") //Convert inline dependencies to new line dependencies
24
- .split(/\n/) //Generate an array by splitting new lines. Each line contains an independent dependency
25
- .map(d => d.replace(/(,|"|'|\s|(#.*))/g, "")) // Remove extra spaces, quotes, comments and commas
26
- .filter(d => d.length !== 0); //Filters those lines that are empty
27
- deps.forEach(d => {
28
- d = d.replace(/\;.*/g, ""); //Removes environment markers https://packaging.python.org/en/latest/specifications/dependency-specifiers/#environment-markers
29
- d = d.replace(/\[.*\]/, ""); //Removes extras https://packaging.python.org/en/latest/specifications/dependency-specifiers/#extras
30
- const requirementMatch = d.match(/(?:<|<=|!=|==|>=|>|~=|===).*/);
31
- const requirement = requirementMatch ? requirementMatch[0] : null;
32
- let purl = d;
33
- if (requirement)
34
- purl = d.replace(requirement, "").trim();
35
- purl = purlPrefix + purl;
36
- result.purls.push({
6
+ /**
7
+ * Parses Poetry-style key-value dependencies from a TOML section body.
8
+ * Handles simple string values (name = "^1.0") and inline tables (name = {version = "^1.0"}).
9
+ */
10
+ const parsePoetryDeps = (sectionContent) => {
11
+ const results = [];
12
+ const lines = sectionContent.split('\n');
13
+ for (const line of lines) {
14
+ const trimmed = line.trim();
15
+ if (!trimmed || trimmed.startsWith('#'))
16
+ continue;
17
+ const kvMatch = trimmed.match(/^([\w][\w.-]*)\s*=\s*(.*)/);
18
+ if (!kvMatch)
19
+ continue;
20
+ const name = kvMatch[1];
21
+ const value = kvMatch[2].trim();
22
+ // Skip python version constraint
23
+ if (name.toLowerCase() === 'python')
24
+ continue;
25
+ let requirement = null;
26
+ if (value.startsWith('"') || value.startsWith("'")) {
27
+ // Simple string version: requests = "^2.28.0"
28
+ const ver = value.replace(/["']/g, '').trim();
29
+ if (ver && ver !== '*')
30
+ requirement = ver;
31
+ }
32
+ else if (value.startsWith('{')) {
33
+ // Inline table: click = {version = "^8.1.3", optional = true}
34
+ const versionMatch = value.match(/version\s*=\s*["']([^"']+)["']/);
35
+ if (versionMatch) {
36
+ const ver = versionMatch[1].trim();
37
+ if (ver && ver !== '*')
38
+ requirement = ver;
39
+ }
40
+ }
41
+ const purl = purlPrefix + name;
42
+ results.push({
37
43
  purl,
38
44
  ...(requirement !== null && { requirement })
39
45
  });
40
- });
46
+ }
47
+ return results;
48
+ };
49
+ const pyProjectToml = async (fileContent, filePath) => {
50
+ const result = { file: filePath, purls: [] };
51
+ // Try PEP 621 format first
52
+ const projectTableMatch = fileContent.match(rProjectTableContent);
53
+ if (projectTableMatch) {
54
+ const depKeyValueMatch = projectTableMatch[0].match(rDependenciesSection);
55
+ if (depKeyValueMatch) {
56
+ const depValue = depKeyValueMatch[1].toString();
57
+ /* At this point, depKeyValue contains the values for dependencies. Example:
58
+ *
59
+ * "requests",
60
+ * # this should be ignored
61
+ * 'importlib-metadata; python_version<"3.8"', #This line as well
62
+ */
63
+ /* The following code will place each dependency in an array (ignoring comments #) */
64
+ const deps = depValue
65
+ .replace(",", "\n") //Convert inline dependencies to new line dependencies
66
+ .split(/\n/) //Generate an array by splitting new lines. Each line contains an independent dependency
67
+ .map(d => d.replace(/(,|"|'|\s|(#.*))/g, "")) // Remove extra spaces, quotes, comments and commas
68
+ .filter(d => d.length !== 0); //Filters those lines that are empty
69
+ deps.forEach(d => {
70
+ d = d.replace(/\;.*/g, ""); //Removes environment markers https://packaging.python.org/en/latest/specifications/dependency-specifiers/#environment-markers
71
+ d = d.replace(/\[.*\]/, ""); //Removes extras https://packaging.python.org/en/latest/specifications/dependency-specifiers/#extras
72
+ const requirementMatch = d.match(/(?:<|<=|!=|==|>=|>|~=|===).*/);
73
+ const requirement = requirementMatch ? requirementMatch[0] : null;
74
+ let purl = d;
75
+ if (requirement)
76
+ purl = d.replace(requirement, "").trim();
77
+ purl = purlPrefix + purl;
78
+ result.purls.push({
79
+ purl,
80
+ ...(requirement !== null && { requirement })
81
+ });
82
+ });
83
+ return result;
84
+ }
85
+ }
86
+ // Fallback: Try Poetry format
87
+ // Matches [tool.poetry.dependencies], [tool.poetry.dev-dependencies], [tool.poetry.group.<name>.dependencies]
88
+ const rPoetryDepsSection = /\[tool\.poetry(?:\.group\.[\w-]+)?\.(?:dev-)?dependencies\]\s*\n([\s\S]*?)(?=\n\s*\[|$)/g;
89
+ const poetryMatches = fileContent.matchAll(rPoetryDepsSection);
90
+ for (const match of poetryMatches) {
91
+ const deps = parsePoetryDeps(match[1]);
92
+ result.purls.push(...deps);
93
+ }
41
94
  return result;
42
95
  };
43
96
  exports.default = pyProjectToml;
44
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUHlQcm9qZWN0VG9tbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uLy4uL3NyYy9zZGsvRGVwZW5kZW5jaWVzL0xvY2FsRGVwZW5kZW5jeS9wYXJzZXJzL3B5dGhvbi9QeVByb2plY3RUb21sLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBRUEsTUFBTSxvQkFBb0IsR0FBRyxJQUFJLE1BQU0sQ0FBQywwQ0FBMEMsQ0FBQyxDQUFDO0FBQ3BGLE1BQU0sb0JBQW9CLEdBQUcsSUFBSSxNQUFNLENBQUUsOENBQThDLENBQUMsQ0FBQztBQUV6RixNQUFNLFVBQVUsR0FBRyxXQUFXLENBQUM7QUFFL0IsTUFBTSxhQUFhLEdBQUcsS0FBSyxFQUFFLFdBQW1CLEVBQUMsUUFBZ0IsRUFBNkIsRUFBRTtJQUM5RixNQUFNLE1BQU0sR0FBcUIsRUFBQyxJQUFJLEVBQUUsUUFBUSxFQUFFLEtBQUssRUFBRSxFQUFFLEVBQUMsQ0FBQztJQUU3RCxNQUFNLGlCQUFpQixHQUFHLFdBQVcsQ0FBQyxLQUFLLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUNsRSxJQUFJLENBQUMsaUJBQWlCO1FBQUUsT0FBTyxNQUFNLENBQUM7SUFFdEMsTUFBTSxnQkFBZ0IsR0FBRyxpQkFBaUIsQ0FBQyxDQUFDLENBQUMsQ0FBQyxLQUFLLENBQUMsb0JBQW9CLENBQUMsQ0FBQztJQUMxRSxJQUFJLENBQUMsZ0JBQWdCO1FBQUUsT0FBTyxNQUFNLENBQUM7SUFFckMsTUFBTSxRQUFRLEdBQUcsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLENBQUMsUUFBUSxFQUFFLENBQUM7SUFFaEQ7Ozs7O01BS0U7SUFFRixxRkFBcUY7SUFFckYsTUFBTSxJQUFJLEdBQUksUUFBUTtTQUNuQixPQUFPLENBQUMsR0FBRyxFQUFFLElBQUksQ0FBQyxDQUFDLHNEQUFzRDtTQUN6RSxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUksd0ZBQXdGO1NBQ3ZHLEdBQUcsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsbUJBQW1CLEVBQUUsRUFBRSxDQUFDLENBQUMsQ0FBQyxtREFBbUQ7U0FDaEcsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLE1BQU0sS0FBSyxDQUFDLENBQUUsQ0FBQSxDQUFFLG9DQUFvQztJQUdyRSxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFO1FBQ2YsQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxDQUFBLENBQUUsOEhBQThIO1FBQzFKLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLFFBQVEsRUFBRSxFQUFFLENBQUMsQ0FBQSxDQUFDLG9HQUFvRztRQUVoSSxNQUFNLGdCQUFnQixHQUFHLENBQUMsQ0FBQyxLQUFLLENBQUMsOEJBQThCLENBQUMsQ0FBQztRQUNqRSxNQUFNLFdBQVcsR0FBRyxnQkFBZ0IsQ0FBQyxDQUFDLENBQUMsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQTtRQUVqRSxJQUFJLElBQUksR0FBRyxDQUFDLENBQUM7UUFDYixJQUFJLFdBQVc7WUFBRSxJQUFJLEdBQUcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7UUFFMUQsSUFBSSxHQUFHLFVBQVUsR0FBRyxJQUFJLENBQUM7UUFFekIsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUM7WUFDaEIsSUFBSTtZQUNKLEdBQUcsQ0FBQyxXQUFXLEtBQUssSUFBSSxJQUFJLEVBQUUsV0FBVyxFQUFFLENBQUM7U0FDN0MsQ0FBQyxDQUFBO0lBQ0osQ0FBQyxDQUFDLENBQUE7SUFDRixPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDLENBQUM7QUFFRixrQkFBZSxhQUFhLENBQUMifQ==
97
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUHlQcm9qZWN0VG9tbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uLy4uL3NyYy9zZGsvRGVwZW5kZW5jaWVzL0xvY2FsRGVwZW5kZW5jeS9wYXJzZXJzL3B5dGhvbi9QeVByb2plY3RUb21sLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7O0FBRUEsTUFBTSxvQkFBb0IsR0FBRyxJQUFJLE1BQU0sQ0FBQywwQ0FBMEMsQ0FBQyxDQUFDO0FBQ3BGLE1BQU0sb0JBQW9CLEdBQUcsSUFBSSxNQUFNLENBQUUsOENBQThDLENBQUMsQ0FBQztBQUV6RixNQUFNLFVBQVUsR0FBRyxXQUFXLENBQUM7QUFFL0I7OztHQUdHO0FBQ0gsTUFBTSxlQUFlLEdBQUcsQ0FBQyxjQUFzQixFQUE0QyxFQUFFO0lBQzNGLE1BQU0sT0FBTyxHQUE2QyxFQUFFLENBQUM7SUFDN0QsTUFBTSxLQUFLLEdBQUcsY0FBYyxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUV6QyxLQUFLLE1BQU0sSUFBSSxJQUFJLEtBQUssRUFBRSxDQUFDO1FBQ3pCLE1BQU0sT0FBTyxHQUFHLElBQUksQ0FBQyxJQUFJLEVBQUUsQ0FBQztRQUM1QixJQUFJLENBQUMsT0FBTyxJQUFJLE9BQU8sQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDO1lBQUUsU0FBUztRQUVsRCxNQUFNLE9BQU8sR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDLDJCQUEyQixDQUFDLENBQUM7UUFDM0QsSUFBSSxDQUFDLE9BQU87WUFBRSxTQUFTO1FBRXZCLE1BQU0sSUFBSSxHQUFHLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN4QixNQUFNLEtBQUssR0FBRyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7UUFFaEMsaUNBQWlDO1FBQ2pDLElBQUksSUFBSSxDQUFDLFdBQVcsRUFBRSxLQUFLLFFBQVE7WUFBRSxTQUFTO1FBRTlDLElBQUksV0FBVyxHQUFrQixJQUFJLENBQUM7UUFFdEMsSUFBSSxLQUFLLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxJQUFJLEtBQUssQ0FBQyxVQUFVLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUNuRCw4Q0FBOEM7WUFDOUMsTUFBTSxHQUFHLEdBQUcsS0FBSyxDQUFDLE9BQU8sQ0FBQyxPQUFPLEVBQUUsRUFBRSxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7WUFDOUMsSUFBSSxHQUFHLElBQUksR0FBRyxLQUFLLEdBQUc7Z0JBQUUsV0FBVyxHQUFHLEdBQUcsQ0FBQztRQUM1QyxDQUFDO2FBQU0sSUFBSSxLQUFLLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDakMsOERBQThEO1lBQzlELE1BQU0sWUFBWSxHQUFHLEtBQUssQ0FBQyxLQUFLLENBQUMsZ0NBQWdDLENBQUMsQ0FBQztZQUNuRSxJQUFJLFlBQVksRUFBRSxDQUFDO2dCQUNqQixNQUFNLEdBQUcsR0FBRyxZQUFZLENBQUMsQ0FBQyxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7Z0JBQ25DLElBQUksR0FBRyxJQUFJLEdBQUcsS0FBSyxHQUFHO29CQUFFLFdBQVcsR0FBRyxHQUFHLENBQUM7WUFDNUMsQ0FBQztRQUNILENBQUM7UUFFRCxNQUFNLElBQUksR0FBRyxVQUFVLEdBQUcsSUFBSSxDQUFDO1FBQy9CLE9BQU8sQ0FBQyxJQUFJLENBQUM7WUFDWCxJQUFJO1lBQ0osR0FBRyxDQUFDLFdBQVcsS0FBSyxJQUFJLElBQUksRUFBRSxXQUFXLEVBQUUsQ0FBQztTQUM3QyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsT0FBTyxPQUFPLENBQUM7QUFDakIsQ0FBQyxDQUFDO0FBRUYsTUFBTSxhQUFhLEdBQUcsS0FBSyxFQUFFLFdBQW1CLEVBQUMsUUFBZ0IsRUFBNkIsRUFBRTtJQUM5RixNQUFNLE1BQU0sR0FBcUIsRUFBQyxJQUFJLEVBQUUsUUFBUSxFQUFFLEtBQUssRUFBRSxFQUFFLEVBQUMsQ0FBQztJQUU3RCwyQkFBMkI7SUFDM0IsTUFBTSxpQkFBaUIsR0FBRyxXQUFXLENBQUMsS0FBSyxDQUFDLG9CQUFvQixDQUFDLENBQUM7SUFDbEUsSUFBSSxpQkFBaUIsRUFBRSxDQUFDO1FBQ3RCLE1BQU0sZ0JBQWdCLEdBQUcsaUJBQWlCLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLG9CQUFvQixDQUFDLENBQUM7UUFDMUUsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO1lBQ3JCLE1BQU0sUUFBUSxHQUFHLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsRUFBRSxDQUFDO1lBRWhEOzs7OztjQUtFO1lBRUYscUZBQXFGO1lBRXJGLE1BQU0sSUFBSSxHQUFJLFFBQVE7aUJBQ25CLE9BQU8sQ0FBQyxHQUFHLEVBQUUsSUFBSSxDQUFDLENBQUMsc0RBQXNEO2lCQUN6RSxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUksd0ZBQXdGO2lCQUN2RyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLG1CQUFtQixFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsbURBQW1EO2lCQUNoRyxNQUFNLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsTUFBTSxLQUFLLENBQUMsQ0FBRSxDQUFBLENBQUUsb0NBQW9DO1lBR3JFLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLEVBQUU7Z0JBQ2YsQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxDQUFBLENBQUUsOEhBQThIO2dCQUMxSixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsRUFBRSxDQUFDLENBQUEsQ0FBQyxvR0FBb0c7Z0JBRWhJLE1BQU0sZ0JBQWdCLEdBQUcsQ0FBQyxDQUFDLEtBQUssQ0FBQyw4QkFBOEIsQ0FBQyxDQUFDO2dCQUNqRSxNQUFNLFdBQVcsR0FBRyxnQkFBZ0IsQ0FBQyxDQUFDLENBQUMsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksQ0FBQTtnQkFFakUsSUFBSSxJQUFJLEdBQUcsQ0FBQyxDQUFDO2dCQUNiLElBQUksV0FBVztvQkFBRSxJQUFJLEdBQUcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxXQUFXLEVBQUUsRUFBRSxDQUFDLENBQUMsSUFBSSxFQUFFLENBQUM7Z0JBRTFELElBQUksR0FBRyxVQUFVLEdBQUcsSUFBSSxDQUFDO2dCQUV6QixNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQztvQkFDaEIsSUFBSTtvQkFDSixHQUFHLENBQUMsV0FBVyxLQUFLLElBQUksSUFBSSxFQUFFLFdBQVcsRUFBRSxDQUFDO2lCQUM3QyxDQUFDLENBQUE7WUFDSixDQUFDLENBQUMsQ0FBQTtZQUNGLE9BQU8sTUFBTSxDQUFDO1FBQ2hCLENBQUM7SUFDSCxDQUFDO0lBRUQsOEJBQThCO0lBQzlCLDhHQUE4RztJQUM5RyxNQUFNLGtCQUFrQixHQUFHLDBGQUEwRixDQUFDO0lBQ3RILE1BQU0sYUFBYSxHQUFHLFdBQVcsQ0FBQyxRQUFRLENBQUMsa0JBQWtCLENBQUMsQ0FBQztJQUMvRCxLQUFLLE1BQU0sS0FBSyxJQUFJLGFBQWEsRUFBRSxDQUFDO1FBQ2xDLE1BQU0sSUFBSSxHQUFHLGVBQWUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUN2QyxNQUFNLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxHQUFHLElBQUksQ0FBQyxDQUFDO0lBQzdCLENBQUM7SUFFRCxPQUFPLE1BQU0sQ0FBQztBQUNoQixDQUFDLENBQUM7QUFFRixrQkFBZSxhQUFhLENBQUMifQ==