scanoss 0.32.0 → 0.33.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/CHANGELOG.md +7 -0
  2. package/build/main/sdk/Cryptography/Helper/CryptographyHelper.js +10 -8
  3. package/build/main/sdk/Dependencies/LocalDependency/parsers/parser.spec.js +55 -1
  4. package/build/main/sdk/Dependencies/LocalDependency/parsers/python/PyProjectToml.js +86 -33
  5. package/build/main/tsconfig.tsbuildinfo +1 -1
  6. package/build/module/sdk/Cryptography/Helper/CryptographyHelper.js +11 -9
  7. package/build/module/sdk/Dependencies/LocalDependency/parsers/parser.spec.js +55 -1
  8. package/build/module/sdk/Dependencies/LocalDependency/parsers/python/PyProjectToml.js +86 -33
  9. package/build/module/tsconfig.module.tsbuildinfo +1 -1
  10. package/package.json +1 -1
package/build/module/sdk/Dependencies/LocalDependency/parsers/python/PyProjectToml.js CHANGED
@@ -1,42 +1,95 @@
1
1
  const rProjectTableContent = new RegExp(/\[project\]\s*\n(.*(?:\n(?!^\s*\[).*)*)/g);
2
2
  const rDependenciesSection = new RegExp(/dependencies\s*=\s*\[((?:[^\]]|\](?!\n))+)\]/);
3
3
  const purlPrefix = "pkg:pypi/";
4
- const pyProjectToml = async (fileContent, filePath) => {
5
- const result = { file: filePath, purls: [] };
6
- const projectTableMatch = fileContent.match(rProjectTableContent);
7
- if (!projectTableMatch)
8
- return result;
9
- const depKeyValueMatch = projectTableMatch[0].match(rDependenciesSection);
10
- if (!depKeyValueMatch)
11
- return result;
12
- const depValue = depKeyValueMatch[1].toString();
13
- /* At this point, depKeyValue contains the values for dependencies. Example:
14
- *
15
- * "requests",
16
- * # this should be ignored
17
- * 'importlib-metadata; python_version<"3.8"', #This line as well
18
- */
19
- /* The following code will place each dependency in an array (ignoring comments #) */
20
- const deps = depValue
21
- .replace(",", "\n") //Convert inline dependencies to new line dependencies
22
- .split(/\n/) //Generate an array by splitting new lines. Each line contains an independent dependency
23
- .map(d => d.replace(/(,|"|'|\s|(#.*))/g, "")) // Remove extra spaces, quotes, comments and commas
24
- .filter(d => d.length !== 0); //Filters those lines that are empty
25
- deps.forEach(d => {
26
- d = d.replace(/\;.*/g, ""); //Removes environment markers https://packaging.python.org/en/latest/specifications/dependency-specifiers/#environment-markers
27
- d = d.replace(/\[.*\]/, ""); //Removes extras https://packaging.python.org/en/latest/specifications/dependency-specifiers/#extras
28
- const requirementMatch = d.match(/(?:<|<=|!=|==|>=|>|~=|===).*/);
29
- const requirement = requirementMatch ? requirementMatch[0] : null;
30
- let purl = d;
31
- if (requirement)
32
- purl = d.replace(requirement, "").trim();
33
- purl = purlPrefix + purl;
34
- result.purls.push({
4
+ /**
5
+ * Parses Poetry-style key-value dependencies from a TOML section body.
6
+ * Handles simple string values (name = "^1.0") and inline tables (name = {version = "^1.0"}).
7
+ */
8
+ const parsePoetryDeps = (sectionContent) => {
9
+ const results = [];
10
+ const lines = sectionContent.split('\n');
11
+ for (const line of lines) {
12
+ const trimmed = line.trim();
13
+ if (!trimmed || trimmed.startsWith('#'))
14
+ continue;
15
+ const kvMatch = trimmed.match(/^([\w][\w.-]*)\s*=\s*(.*)/);
16
+ if (!kvMatch)
17
+ continue;
18
+ const name = kvMatch[1];
19
+ const value = kvMatch[2].trim();
20
+ // Skip python version constraint
21
+ if (name.toLowerCase() === 'python')
22
+ continue;
23
+ let requirement = null;
24
+ if (value.startsWith('"') || value.startsWith("'")) {
25
+ // Simple string version: requests = "^2.28.0"
26
+ const ver = value.replace(/["']/g, '').trim();
27
+ if (ver && ver !== '*')
28
+ requirement = ver;
29
+ }
30
+ else if (value.startsWith('{')) {
31
+ // Inline table: click = {version = "^8.1.3", optional = true}
32
+ const versionMatch = value.match(/version\s*=\s*["']([^"']+)["']/);
33
+ if (versionMatch) {
34
+ const ver = versionMatch[1].trim();
35
+ if (ver && ver !== '*')
36
+ requirement = ver;
37
+ }
38
+ }
39
+ const purl = purlPrefix + name;
40
+ results.push({
35
41
  purl,
36
42
  ...(requirement !== null && { requirement })
37
43
  });
38
- });
44
+ }
45
+ return results;
46
+ };
47
+ const pyProjectToml = async (fileContent, filePath) => {
48
+ const result = { file: filePath, purls: [] };
49
+ // Try PEP 621 format first
50
+ const projectTableMatch = fileContent.match(rProjectTableContent);
51
+ if (projectTableMatch) {
52
+ const depKeyValueMatch = projectTableMatch[0].match(rDependenciesSection);
53
+ if (depKeyValueMatch) {
54
+ const depValue = depKeyValueMatch[1].toString();
55
+ /* At this point, depKeyValue contains the values for dependencies. Example:
56
+ *
57
+ * "requests",
58
+ * # this should be ignored
59
+ * 'importlib-metadata; python_version<"3.8"', #This line as well
60
+ */
61
+ /* The following code will place each dependency in an array (ignoring comments #) */
62
+ const deps = depValue
63
+ .replace(",", "\n") //Convert inline dependencies to new line dependencies
64
+ .split(/\n/) //Generate an array by splitting new lines. Each line contains an independent dependency
65
+ .map(d => d.replace(/(,|"|'|\s|(#.*))/g, "")) // Remove extra spaces, quotes, comments and commas
66
+ .filter(d => d.length !== 0); //Filters those lines that are empty
67
+ deps.forEach(d => {
68
+ d = d.replace(/\;.*/g, ""); //Removes environment markers https://packaging.python.org/en/latest/specifications/dependency-specifiers/#environment-markers
69
+ d = d.replace(/\[.*\]/, ""); //Removes extras https://packaging.python.org/en/latest/specifications/dependency-specifiers/#extras
70
+ const requirementMatch = d.match(/(?:<|<=|!=|==|>=|>|~=|===).*/);
71
+ const requirement = requirementMatch ? requirementMatch[0] : null;
72
+ let purl = d;
73
+ if (requirement)
74
+ purl = d.replace(requirement, "").trim();
75
+ purl = purlPrefix + purl;
76
+ result.purls.push({
77
+ purl,
78
+ ...(requirement !== null && { requirement })
79
+ });
80
+ });
81
+ return result;
82
+ }
83
+ }
84
+ // Fallback: Try Poetry format
85
+ // Matches [tool.poetry.dependencies], [tool.poetry.dev-dependencies], [tool.poetry.group.<name>.dependencies]
86
+ const rPoetryDepsSection = /\[tool\.poetry(?:\.group\.[\w-]+)?\.(?:dev-)?dependencies\]\s*\n([\s\S]*?)(?=\n\s*\[|$)/g;
87
+ const poetryMatches = fileContent.matchAll(rPoetryDepsSection);
88
+ for (const match of poetryMatches) {
89
+ const deps = parsePoetryDeps(match[1]);
90
+ result.purls.push(...deps);
91
+ }
39
92
  return result;
40
93
  };
41
94
  export default pyProjectToml;
42
- //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUHlQcm9qZWN0VG9tbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uLy4uL3NyYy9zZGsvRGVwZW5kZW5jaWVzL0xvY2FsRGVwZW5kZW5jeS9wYXJzZXJzL3B5dGhvbi9QeVByb2plY3RUb21sLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUVBLE1BQU0sb0JBQW9CLEdBQUcsSUFBSSxNQUFNLENBQUMsMENBQTBDLENBQUMsQ0FBQztBQUNwRixNQUFNLG9CQUFvQixHQUFHLElBQUksTUFBTSxDQUFFLDhDQUE4QyxDQUFDLENBQUM7QUFFekYsTUFBTSxVQUFVLEdBQUcsV0FBVyxDQUFDO0FBRS9CLE1BQU0sYUFBYSxHQUFHLEtBQUssRUFBRSxXQUFtQixFQUFDLFFBQWdCLEVBQTZCLEVBQUU7SUFDOUYsTUFBTSxNQUFNLEdBQXFCLEVBQUMsSUFBSSxFQUFFLFFBQVEsRUFBRSxLQUFLLEVBQUUsRUFBRSxFQUFDLENBQUM7SUFFN0QsTUFBTSxpQkFBaUIsR0FBRyxXQUFXLENBQUMsS0FBSyxDQUFDLG9CQUFvQixDQUFDLENBQUM7SUFDbEUsSUFBSSxDQUFDLGlCQUFpQjtRQUFFLE9BQU8sTUFBTSxDQUFDO0lBRXRDLE1BQU0sZ0JBQWdCLEdBQUcsaUJBQWlCLENBQUMsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLG9CQUFvQixDQUFDLENBQUM7SUFDMUUsSUFBSSxDQUFDLGdCQUFnQjtRQUFFLE9BQU8sTUFBTSxDQUFDO0lBRXJDLE1BQU0sUUFBUSxHQUFHLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxDQUFDLFFBQVEsRUFBRSxDQUFDO0lBRWhEOzs7OztNQUtFO0lBRUYscUZBQXFGO0lBRXJGLE1BQU0sSUFBSSxHQUFJLFFBQVE7U0FDbkIsT0FBTyxDQUFDLEdBQUcsRUFBRSxJQUFJLENBQUMsQ0FBQyxzREFBc0Q7U0FDekUsS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFJLHdGQUF3RjtTQUN2RyxHQUFHLENBQUMsQ0FBQyxDQUFDLEVBQUUsQ0FBQyxDQUFDLENBQUMsT0FBTyxDQUFDLG1CQUFtQixFQUFFLEVBQUUsQ0FBQyxDQUFDLENBQUMsbURBQW1EO1NBQ2hHLE1BQU0sQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDLENBQUMsQ0FBQyxNQUFNLEtBQUssQ0FBQyxDQUFFLENBQUEsQ0FBRSxvQ0FBb0M7SUFHckUsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsRUFBRTtRQUNmLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsQ0FBQSxDQUFFLDhIQUE4SDtRQUMxSixDQUFDLEdBQUcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxRQUFRLEVBQUUsRUFBRSxDQUFDLENBQUEsQ0FBQyxvR0FBb0c7UUFFaEksTUFBTSxnQkFBZ0IsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDLDhCQUE4QixDQUFDLENBQUM7UUFDakUsTUFBTSxXQUFXLEdBQUcsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUE7UUFFakUsSUFBSSxJQUFJLEdBQUcsQ0FBQyxDQUFDO1FBQ2IsSUFBSSxXQUFXO1lBQUUsSUFBSSxHQUFHLENBQUMsQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO1FBRTFELElBQUksR0FBRyxVQUFVLEdBQUcsSUFBSSxDQUFDO1FBRXpCLE1BQU0sQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDO1lBQ2hCLElBQUk7WUFDSixHQUFHLENBQUMsV0FBVyxLQUFLLElBQUksSUFBSSxFQUFFLFdBQVcsRUFBRSxDQUFDO1NBQzdDLENBQUMsQ0FBQTtJQUNKLENBQUMsQ0FBQyxDQUFBO0lBQ0YsT0FBTyxNQUFNLENBQUM7QUFDaEIsQ0FBQyxDQUFDO0FBRUYsZUFBZSxhQUFhLENBQUMifQ==
95
+ //# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiUHlQcm9qZWN0VG9tbC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uLy4uLy4uLy4uLy4uL3NyYy9zZGsvRGVwZW5kZW5jaWVzL0xvY2FsRGVwZW5kZW5jeS9wYXJzZXJzL3B5dGhvbi9QeVByb2plY3RUb21sLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUVBLE1BQU0sb0JBQW9CLEdBQUcsSUFBSSxNQUFNLENBQUMsMENBQTBDLENBQUMsQ0FBQztBQUNwRixNQUFNLG9CQUFvQixHQUFHLElBQUksTUFBTSxDQUFFLDhDQUE4QyxDQUFDLENBQUM7QUFFekYsTUFBTSxVQUFVLEdBQUcsV0FBVyxDQUFDO0FBRS9COzs7R0FHRztBQUNILE1BQU0sZUFBZSxHQUFHLENBQUMsY0FBc0IsRUFBNEMsRUFBRTtJQUMzRixNQUFNLE9BQU8sR0FBNkMsRUFBRSxDQUFDO0lBQzdELE1BQU0sS0FBSyxHQUFHLGNBQWMsQ0FBQyxLQUFLLENBQUMsSUFBSSxDQUFDLENBQUM7SUFFekMsS0FBSyxNQUFNLElBQUksSUFBSSxLQUFLLEVBQUUsQ0FBQztRQUN6QixNQUFNLE9BQU8sR0FBRyxJQUFJLENBQUMsSUFBSSxFQUFFLENBQUM7UUFDNUIsSUFBSSxDQUFDLE9BQU8sSUFBSSxPQUFPLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQztZQUFFLFNBQVM7UUFFbEQsTUFBTSxPQUFPLEdBQUcsT0FBTyxDQUFDLEtBQUssQ0FBQywyQkFBMkIsQ0FBQyxDQUFDO1FBQzNELElBQUksQ0FBQyxPQUFPO1lBQUUsU0FBUztRQUV2QixNQUFNLElBQUksR0FBRyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDeEIsTUFBTSxLQUFLLEdBQUcsT0FBTyxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO1FBRWhDLGlDQUFpQztRQUNqQyxJQUFJLElBQUksQ0FBQyxXQUFXLEVBQUUsS0FBSyxRQUFRO1lBQUUsU0FBUztRQUU5QyxJQUFJLFdBQVcsR0FBa0IsSUFBSSxDQUFDO1FBRXRDLElBQUksS0FBSyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsSUFBSSxLQUFLLENBQUMsVUFBVSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQUM7WUFDbkQsOENBQThDO1lBQzlDLE1BQU0sR0FBRyxHQUFHLEtBQUssQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLEVBQUUsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO1lBQzlDLElBQUksR0FBRyxJQUFJLEdBQUcsS0FBSyxHQUFHO2dCQUFFLFdBQVcsR0FBRyxHQUFHLENBQUM7UUFDNUMsQ0FBQzthQUFNLElBQUksS0FBSyxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ2pDLDhEQUE4RDtZQUM5RCxNQUFNLFlBQVksR0FBRyxLQUFLLENBQUMsS0FBSyxDQUFDLGdDQUFnQyxDQUFDLENBQUM7WUFDbkUsSUFBSSxZQUFZLEVBQUUsQ0FBQztnQkFDakIsTUFBTSxHQUFHLEdBQUcsWUFBWSxDQUFDLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUNuQyxJQUFJLEdBQUcsSUFBSSxHQUFHLEtBQUssR0FBRztvQkFBRSxXQUFXLEdBQUcsR0FBRyxDQUFDO1lBQzVDLENBQUM7UUFDSCxDQUFDO1FBRUQsTUFBTSxJQUFJLEdBQUcsVUFBVSxHQUFHLElBQUksQ0FBQztRQUMvQixPQUFPLENBQUMsSUFBSSxDQUFDO1lBQ1gsSUFBSTtZQUNKLEdBQUcsQ0FBQyxXQUFXLEtBQUssSUFBSSxJQUFJLEVBQUUsV0FBVyxFQUFFLENBQUM7U0FDN0MsQ0FBQyxDQUFDO0lBQ0wsQ0FBQztJQUVELE9BQU8sT0FBTyxDQUFDO0FBQ2pCLENBQUMsQ0FBQztBQUVGLE1BQU0sYUFBYSxHQUFHLEtBQUssRUFBRSxXQUFtQixFQUFDLFFBQWdCLEVBQTZCLEVBQUU7SUFDOUYsTUFBTSxNQUFNLEdBQXFCLEVBQUMsSUFBSSxFQUFFLFFBQVEsRUFBRSxLQUFLLEVBQUUsRUFBRSxFQUFDLENBQUM7SUFFN0QsMkJBQTJCO0lBQzNCLE1BQU0saUJBQWlCLEdBQUcsV0FBVyxDQUFDLEtBQUssQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO0lBQ2xFLElBQUksaUJBQWlCLEVBQUUsQ0FBQztRQUN0QixNQUFNLGdCQUFnQixHQUFHLGlCQUFpQixDQUFDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxvQkFBb0IsQ0FBQyxDQUFDO1FBQzFFLElBQUksZ0JBQWdCLEVBQUUsQ0FBQztZQUNyQixNQUFNLFFBQVEsR0FBRyxnQkFBZ0IsQ0FBQyxDQUFDLENBQUMsQ0FBQyxRQUFRLEVBQUUsQ0FBQztZQUVoRDs7Ozs7Y0FLRTtZQUVGLHFGQUFxRjtZQUVyRixNQUFNLElBQUksR0FBSSxRQUFRO2lCQUNuQixPQUFPLENBQUMsR0FBRyxFQUFFLElBQUksQ0FBQyxDQUFDLHNEQUFzRDtpQkFDekUsS0FBSyxDQUFDLElBQUksQ0FBQyxDQUFJLHdGQUF3RjtpQkFDdkcsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxtQkFBbUIsRUFBRSxFQUFFLENBQUMsQ0FBQyxDQUFDLG1EQUFtRDtpQkFDaEcsTUFBTSxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDLE1BQU0sS0FBSyxDQUFDLENBQUUsQ0FBQSxDQUFFLG9DQUFvQztZQUdyRSxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxFQUFFO2dCQUNmLENBQUMsR0FBRyxDQUFDLENBQUMsT0FBTyxDQUFDLE9BQU8sRUFBRSxFQUFFLENBQUMsQ0FBQSxDQUFFLDhIQUE4SDtnQkFDMUosQ0FBQyxHQUFHLENBQUMsQ0FBQyxPQUFPLENBQUMsUUFBUSxFQUFFLEVBQUUsQ0FBQyxDQUFBLENBQUMsb0dBQW9HO2dCQUVoSSxNQUFNLGdCQUFnQixHQUFHLENBQUMsQ0FBQyxLQUFLLENBQUMsOEJBQThCLENBQUMsQ0FBQztnQkFDakUsTUFBTSxXQUFXLEdBQUcsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLGdCQUFnQixDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUE7Z0JBRWpFLElBQUksSUFBSSxHQUFHLENBQUMsQ0FBQztnQkFDYixJQUFJLFdBQVc7b0JBQUUsSUFBSSxHQUFHLENBQUMsQ0FBQyxPQUFPLENBQUMsV0FBVyxFQUFFLEVBQUUsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO2dCQUUxRCxJQUFJLEdBQUcsVUFBVSxHQUFHLElBQUksQ0FBQztnQkFFekIsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUM7b0JBQ2hCLElBQUk7b0JBQ0osR0FBRyxDQUFDLFdBQVcsS0FBSyxJQUFJLElBQUksRUFBRSxXQUFXLEVBQUUsQ0FBQztpQkFDN0MsQ0FBQyxDQUFBO1lBQ0osQ0FBQyxDQUFDLENBQUE7WUFDRixPQUFPLE1BQU0sQ0FBQztRQUNoQixDQUFDO0lBQ0gsQ0FBQztJQUVELDhCQUE4QjtJQUM5Qiw4R0FBOEc7SUFDOUcsTUFBTSxrQkFBa0IsR0FBRywwRkFBMEYsQ0FBQztJQUN0SCxNQUFNLGFBQWEsR0FBRyxXQUFXLENBQUMsUUFBUSxDQUFDLGtCQUFrQixDQUFDLENBQUM7SUFDL0QsS0FBSyxNQUFNLEtBQUssSUFBSSxhQUFhLEVBQUUsQ0FBQztRQUNsQyxNQUFNLElBQUksR0FBRyxlQUFlLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDdkMsTUFBTSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsR0FBRyxJQUFJLENBQUMsQ0FBQztJQUM3QixDQUFDO0lBRUQsT0FBTyxNQUFNLENBQUM7QUFDaEIsQ0FBQyxDQUFDO0FBRUYsZUFBZSxhQUFhLENBQUMifQ==