@cyclonedx/cdxgen
Version:
Creates CycloneDX Software Bill of Materials (SBOM) from source or container image
1,552 lines (1,520 loc) • 196 kB
JavaScript
import { Buffer } from "node:buffer";
import { readFileSync } from "node:fs";
import path from "node:path";
import { afterAll, beforeAll, describe, expect, test } from "@jest/globals";
import { parse } from "ssri";
import { parse as loadYaml } from "yaml";
import {
buildObjectForCocoaPod,
buildObjectForGradleModule,
encodeForPurl,
findLicenseId,
getCratesMetadata,
getDartMetadata,
getGoPkgLicense,
getLicenses,
getMvnMetadata,
getNugetMetadata,
getPyMetadata,
getRepoLicense,
guessPypiMatchingVersion,
hasAnyProjectType,
isPackageManagerAllowed,
isPartialTree,
isValidIriReference,
mapConanPkgRefToPurlStringAndNameAndVersion,
parseBazelActionGraph,
parseBazelBuild,
parseBazelSkyframe,
parseBdistMetadata,
parseBitbucketPipelinesFile,
parseBowerJson,
parseCabalData,
parseCargoAuditableData,
parseCargoData,
parseCargoDependencyData,
parseCargoTomlData,
parseCljDep,
parseCloudBuildData,
parseCmakeDotFile,
parseCmakeLikeFile,
parseCocoaDependency,
parseComposerLock,
parseConanData,
parseConanLockData,
parseContainerFile,
parseContainerSpecData,
parseCsPkgData,
parseCsPkgLockData,
parseCsProjAssetsData,
parseCsProjData,
parseEdnData,
parseGemfileLockData,
parseGemspecData,
parseGitHubWorkflowData,
parseGoListDep,
parseGoModData,
parseGoModGraph,
parseGoModWhy,
parseGoModulesTxt,
parseGoVersionData,
parseGopkgData,
parseGosumData,
parseGradleDep,
parseGradleProjects,
parseGradleProperties,
parseHelmYamlData,
parseKVDep,
parseLeinDep,
parseLeiningenData,
parseMakeDFile,
parseMavenTree,
parseMillDependency,
parseMixLockData,
parseNodeShrinkwrap,
parseNupkg,
parseNuspecData,
parseOpenapiSpecData,
parsePackageJsonName,
parsePaketLockData,
parsePiplockData,
parsePkgJson,
parsePkgLock,
parsePnpmLock,
parsePnpmWorkspace,
parsePodfileLock,
parsePodfileTargets,
parsePom,
parsePrivadoFile,
parsePubLockData,
parsePubYamlData,
parsePyLockData,
parsePyProjectTomlFile,
parsePyRequiresDist,
parseReqFile,
parseSbtLock,
parseSbtTree,
parseSetupPyFile,
parseSwiftJsonTree,
parseSwiftResolved,
parseYarnLock,
readZipEntry,
splitOutputByGradleProjects,
toGemModuleNames,
yarnLockToIdentMap,
} from "./utils.js";
import { validateRefs } from "./validator.js";
test("SSRI test", () => {
// gopkg.lock hash
let ss = parse(
"2ca532a6bc655663344004ba102436d29031018eab236247678db1d8978627bf",
);
expect(ss).toEqual(null);
ss = parse(
"sha256-2ca532a6bc655663344004ba102436d29031018eab236247678db1d8978627bf",
);
expect(ss.sha256[0].digest).toStrictEqual(
"2ca532a6bc655663344004ba102436d29031018eab236247678db1d8978627bf",
);
ss = parse(
`sha256-${Buffer.from(
"2ca532a6bc655663344004ba102436d29031018eab236247678db1d8978627bf",
"hex",
).toString("base64")}`,
);
expect(ss.sha256[0].digest).toStrictEqual(
"LKUyprxlVmM0QAS6ECQ20pAxAY6rI2JHZ42x2JeGJ78=",
);
ss = parse(
"sha512-Vn0lE2mprXEFPcRoI89xjw1fk1VJiyVbwfaPnVnvCXxEieByioO8Mj6sMwa6ON9PRuqbAjIxaQpkzccu41sYlw==",
);
expect(ss.sha512[0].digest).toStrictEqual(
"Vn0lE2mprXEFPcRoI89xjw1fk1VJiyVbwfaPnVnvCXxEieByioO8Mj6sMwa6ON9PRuqbAjIxaQpkzccu41sYlw==",
);
});
test("Parse requires dist string", () => {
expect(parsePyRequiresDist("lazy-object-proxy (>=1.4.0)")).toEqual({
name: "lazy-object-proxy",
version: "1.4.0",
});
expect(parsePyRequiresDist("wrapt (<1.13,>=1.11)")).toEqual({
name: "wrapt",
version: "1.13",
});
expect(
parsePyRequiresDist(
'typed-ast (<1.5,>=1.4.0) ; implementation_name == "cpython" and python_version < "3.8"',
),
).toEqual({ name: "typed-ast", version: "1.5" });
expect(parsePyRequiresDist("asgiref (<4,>=3.2.10)")).toEqual({
name: "asgiref",
version: "4",
});
expect(parsePyRequiresDist("pytz")).toEqual({
name: "pytz",
version: "",
});
expect(parsePyRequiresDist("sqlparse (>=0.2.2)")).toEqual({
name: "sqlparse",
version: "0.2.2",
});
expect(
parsePyRequiresDist("argon2-cffi (>=16.1.0) ; extra == 'argon2'"),
).toEqual({ name: "argon2-cffi", version: "16.1.0" });
expect(parsePyRequiresDist("bcrypt ; extra == 'bcrypt'")).toEqual({
name: "bcrypt",
version: "",
});
});
test("finds license id from name", () => {
expect(findLicenseId("Apache License Version 2.0")).toEqual("Apache-2.0");
expect(findLicenseId("GNU General Public License (GPL) version 2.0")).toEqual(
"GPL-2.0-only",
);
});
test("splits parallel gradle properties output correctly", () => {
const parallelGradlePropertiesOutput = readFileSync(
"./test/gradle-prop-parallel.out",
{ encoding: "utf-8" },
);
const relevantTasks = ["properties"];
const propOutputSplitBySubProject = splitOutputByGradleProjects(
parallelGradlePropertiesOutput,
relevantTasks,
);
expect(propOutputSplitBySubProject.size).toEqual(4);
expect(propOutputSplitBySubProject.has("dependency-diff-check")).toBe(true);
expect(
propOutputSplitBySubProject.has(":dependency-diff-check-service"),
).toBe(true);
expect(
propOutputSplitBySubProject.has(":dependency-diff-check-common-core"),
).toBe(true);
expect(
propOutputSplitBySubProject.has(":dependency-diff-check-client-starter"),
).toBe(true);
const retMap = parseGradleProperties(
propOutputSplitBySubProject.get("dependency-diff-check"),
);
expect(retMap.rootProject).toEqual("dependency-diff-check");
expect(retMap.projects.length).toEqual(3);
expect(retMap.metadata.group).toEqual("com.ajmalab");
expect(retMap.metadata.version).toEqual("0.0.1-SNAPSHOT");
});
test("splits parallel gradle dependencies output correctly", async () => {
const parallelGradleDepOutput = readFileSync(
"./test/gradle-dep-parallel.out",
{ encoding: "utf-8" },
);
const relevantTasks = ["dependencies"];
const depOutputSplitBySubProject = splitOutputByGradleProjects(
parallelGradleDepOutput,
relevantTasks,
);
expect(depOutputSplitBySubProject.size).toEqual(4);
expect(depOutputSplitBySubProject.has("dependency-diff-check")).toBe(true);
expect(depOutputSplitBySubProject.has(":dependency-diff-check-service")).toBe(
true,
);
expect(
depOutputSplitBySubProject.has(":dependency-diff-check-common-core"),
).toBe(true);
expect(
depOutputSplitBySubProject.has(":dependency-diff-check-client-starter"),
).toBe(true);
const retMap = await parseGradleDep(
depOutputSplitBySubProject.get("dependency-diff-check"),
"dependency-diff-check",
new Map().set(
"dependency-diff-check",
await buildObjectForGradleModule("dependency-diff-check", {
version: "latest",
}),
),
);
expect(retMap.pkgList.length).toEqual(12);
expect(retMap.dependenciesList.length).toEqual(13);
});
test("splits parallel custom gradle task outputs correctly", async () => {
const parallelGradleOutputWithOverridenTask = readFileSync(
"./test/gradle-build-env-dep.out",
{ encoding: "utf-8" },
);
const overridenTasks = ["buildEnvironment"];
const customDepTaskOuputSplitByProject = splitOutputByGradleProjects(
parallelGradleOutputWithOverridenTask,
overridenTasks,
);
expect(customDepTaskOuputSplitByProject.size).toEqual(4);
expect(customDepTaskOuputSplitByProject.has("dependency-diff-check")).toBe(
true,
);
expect(
customDepTaskOuputSplitByProject.has(":dependency-diff-check-service"),
).toBe(true);
expect(
customDepTaskOuputSplitByProject.has(":dependency-diff-check-common-core"),
).toBe(true);
expect(
customDepTaskOuputSplitByProject.has(
":dependency-diff-check-client-starter",
),
).toBe(true);
const retMap = await parseGradleDep(
customDepTaskOuputSplitByProject.get(
":dependency-diff-check-client-starter",
),
"dependency-diff-check",
new Map().set(
"dependency-diff-check",
await buildObjectForGradleModule("dependency-diff-check", {
version: "latest",
}),
),
);
expect(retMap.pkgList.length).toEqual(22);
expect(retMap.dependenciesList.length).toEqual(23);
});
test("parse gradle dependencies", async () => {
const modulesMap = new Map();
modulesMap.set(
"test-project",
await buildObjectForGradleModule("test-project", {
version: "latest",
}),
);
modulesMap.set(
"dependency-diff-check-common-core",
await buildObjectForGradleModule("dependency-diff-check-common-core", {
version: "latest",
}),
);
modulesMap.set(
"app",
await buildObjectForGradleModule("app", {
version: "latest",
}),
);
modulesMap.set(
"failing-project",
await buildObjectForGradleModule("failing-project", {
version: "latest",
}),
);
expect(await parseGradleDep(null)).toEqual({});
let parsedList = await parseGradleDep(
readFileSync("./test/gradle-dep.out", { encoding: "utf-8" }),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(33);
expect(parsedList.dependenciesList.length).toEqual(34);
expect(parsedList.pkgList[0]).toEqual({
group: "org.ethereum",
name: "solcJ-all",
qualifiers: {
type: "jar",
},
version: "0.4.25",
"bom-ref": "pkg:maven/org.ethereum/solcJ-all@0.4.25?type=jar",
purl: "pkg:maven/org.ethereum/solcJ-all@0.4.25?type=jar",
});
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-android-dep.out", { encoding: "utf-8" }),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(104);
expect(parsedList.dependenciesList.length).toEqual(105);
expect(parsedList.pkgList[0]).toEqual({
group: "com.android.support.test",
name: "runner",
qualifiers: {
type: "jar",
},
scope: "optional",
version: "1.0.2",
properties: [
{
name: "GradleProfileName",
value: "androidTestImplementation",
},
],
"bom-ref": "pkg:maven/com.android.support.test/runner@1.0.2?type=jar",
purl: "pkg:maven/com.android.support.test/runner@1.0.2?type=jar",
});
expect(parsedList.pkgList[103]).toEqual({
group: "androidx.core",
name: "core",
qualifiers: {
type: "jar",
},
version: "1.7.0",
scope: "optional",
properties: [
{
name: "GradleProfileName",
value: "releaseUnitTestRuntimeClasspath",
},
],
"bom-ref": "pkg:maven/androidx.core/core@1.7.0?type=jar",
purl: "pkg:maven/androidx.core/core@1.7.0?type=jar",
});
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-out1.dep", { encoding: "utf-8" }),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(89);
expect(parsedList.dependenciesList.length).toEqual(90);
expect(parsedList.pkgList[0]).toEqual({
group: "org.springframework.boot",
name: "spring-boot-starter-web",
version: "2.2.0.RELEASE",
qualifiers: { type: "jar" },
properties: [
{
name: "GradleProfileName",
value: "compileClasspath",
},
],
"bom-ref":
"pkg:maven/org.springframework.boot/spring-boot-starter-web@2.2.0.RELEASE?type=jar",
purl: "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.2.0.RELEASE?type=jar",
});
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-rich1.dep", { encoding: "utf-8" }),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(4);
expect(parsedList.pkgList[parsedList.pkgList.length - 1]).toEqual({
group: "ch.qos.logback",
name: "logback-core",
qualifiers: { type: "jar" },
version: "1.4.5",
"bom-ref": "pkg:maven/ch.qos.logback/logback-core@1.4.5?type=jar",
purl: "pkg:maven/ch.qos.logback/logback-core@1.4.5?type=jar",
});
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-rich2.dep", { encoding: "utf-8" }),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(2);
expect(parsedList.pkgList).toEqual([
{
group: "io.appium",
name: "java-client",
qualifiers: { type: "jar" },
version: "8.1.1",
"bom-ref": "pkg:maven/io.appium/java-client@8.1.1?type=jar",
purl: "pkg:maven/io.appium/java-client@8.1.1?type=jar",
},
{
group: "org.seleniumhq.selenium",
name: "selenium-support",
qualifiers: { type: "jar" },
version: "4.5.0",
"bom-ref":
"pkg:maven/org.seleniumhq.selenium/selenium-support@4.5.0?type=jar",
purl: "pkg:maven/org.seleniumhq.selenium/selenium-support@4.5.0?type=jar",
},
]);
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-rich3.dep", { encoding: "utf-8" }),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(1);
expect(parsedList.pkgList).toEqual([
{
group: "org.seleniumhq.selenium",
name: "selenium-remote-driver",
version: "4.5.0",
qualifiers: { type: "jar" },
"bom-ref":
"pkg:maven/org.seleniumhq.selenium/selenium-remote-driver@4.5.0?type=jar",
purl: "pkg:maven/org.seleniumhq.selenium/selenium-remote-driver@4.5.0?type=jar",
},
]);
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-rich4.dep", { encoding: "utf-8" }),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(1);
expect(parsedList.pkgList).toEqual([
{
group: "org.seleniumhq.selenium",
name: "selenium-api",
version: "4.5.0",
qualifiers: { type: "jar" },
"bom-ref":
"pkg:maven/org.seleniumhq.selenium/selenium-api@4.5.0?type=jar",
purl: "pkg:maven/org.seleniumhq.selenium/selenium-api@4.5.0?type=jar",
},
]);
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-rich5.dep", { encoding: "utf-8" }),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(67);
expect(parsedList.dependenciesList.length).toEqual(68);
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-out-249.dep", { encoding: "utf-8" }),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(21);
expect(parsedList.dependenciesList.length).toEqual(22);
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-service.out", { encoding: "utf-8" }),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(35);
expect(parsedList.dependenciesList.length).toEqual(36);
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-s.out", { encoding: "utf-8" }),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(28);
expect(parsedList.dependenciesList.length).toEqual(29);
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-core.out", { encoding: "utf-8" }),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(18);
expect(parsedList.dependenciesList.length).toEqual(19);
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-single.out", { encoding: "utf-8" }),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(152);
expect(parsedList.dependenciesList.length).toEqual(153);
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-android-app.dep", { encoding: "utf-8" }),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(102);
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-android-jetify.dep", {
encoding: "utf-8",
}),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(1);
expect(parsedList.pkgList).toEqual([
{
group: "androidx.appcompat",
name: "appcompat",
version: "1.2.0",
qualifiers: { type: "jar" },
"bom-ref": "pkg:maven/androidx.appcompat/appcompat@1.2.0?type=jar",
purl: "pkg:maven/androidx.appcompat/appcompat@1.2.0?type=jar",
},
]);
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-sm.dep", { encoding: "utf-8" }),
"test-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(6);
expect(parsedList.dependenciesList.length).toEqual(7);
parsedList = await parseGradleDep(
readFileSync("./test/data/gradle-dependencies-559.txt", {
encoding: "utf-8",
}),
"failing-project",
modulesMap,
);
expect(parsedList.pkgList.length).toEqual(372);
});
test("parse gradle projects", () => {
expect(parseGradleProjects(null)).toEqual({
projects: [],
rootProject: "root",
});
let retMap = parseGradleProjects(
readFileSync("./test/data/gradle-projects.out", { encoding: "utf-8" }),
);
expect(retMap.rootProject).toEqual("elasticsearch");
expect(retMap.projects.length).toEqual(368);
retMap = parseGradleProjects(
readFileSync("./test/data/gradle-projects1.out", { encoding: "utf-8" }),
);
expect(retMap.rootProject).toEqual("elasticsearch");
expect(retMap.projects.length).toEqual(409);
retMap = parseGradleProjects(
readFileSync("./test/data/gradle-projects2.out", { encoding: "utf-8" }),
);
expect(retMap.rootProject).toEqual("fineract");
expect(retMap.projects.length).toEqual(22);
retMap = parseGradleProjects(
readFileSync("./test/data/gradle-android-app.dep", { encoding: "utf-8" }),
);
expect(retMap.rootProject).toEqual("root");
expect(retMap.projects).toEqual([":app"]);
retMap = parseGradleProjects(
readFileSync("./test/data/gradle-properties-sm.txt", {
encoding: "utf-8",
}),
);
expect(retMap.rootProject).toEqual("root");
expect(retMap.projects).toEqual([
":module:dummy:core",
":module:dummy:service",
":module:dummy:starter",
":custom:foo:service",
]);
});
test("parse gradle properties", () => {
expect(parseGradleProperties(null)).toEqual({
projects: [],
rootProject: "root",
metadata: {
group: "",
version: "latest",
properties: [],
},
});
let retMap = parseGradleProperties(
readFileSync("./test/data/gradle-properties.txt", { encoding: "utf-8" }),
);
expect(retMap).toEqual({
rootProject: "dependency-diff-check",
projects: [
":dependency-diff-check-client-starter",
":dependency-diff-check-common-core",
":dependency-diff-check-service",
],
metadata: {
group: "com.ajmalab",
version: "0.0.1-SNAPSHOT",
properties: [
{
name: "GradleModule",
value: "dependency-diff-check",
},
{
name: "buildFile",
value:
"/home/almalinux/work/sandbox/dependency-diff-check/build.gradle",
},
{
name: "projectDir",
value: "/home/almalinux/work/sandbox/dependency-diff-check",
},
{
name: "rootDir",
value: "/home/almalinux/work/sandbox/dependency-diff-check",
},
],
},
});
retMap = parseGradleProperties(
readFileSync("./test/data/gradle-properties-single.txt", {
encoding: "utf-8",
}),
);
expect(retMap).toEqual({
rootProject: "java-test",
projects: [":app"],
metadata: {
group: "com.ajmalab.demo",
version: "latest",
properties: [
{
name: "GradleModule",
value: "java-test",
},
{
name: "buildFile",
value: "/home/almalinux/work/sandbox/java-test/build.gradle",
},
{
name: "projectDir",
value: "/home/almalinux/work/sandbox/java-test",
},
{ name: "rootDir", value: "/home/almalinux/work/sandbox/java-test" },
],
},
});
retMap = parseGradleProperties(
readFileSync("./test/data/gradle-properties-single2.txt", {
encoding: "utf-8",
}),
);
expect(retMap).toEqual({
rootProject: "java-test",
projects: [],
metadata: {
group: "com.ajmalab.demo",
version: "latest",
properties: [
{
name: "GradleModule",
value: "java-test",
},
{
name: "buildFile",
value: "/home/almalinux/work/sandbox/java-test/build.gradle",
},
{ name: "projectDir", value: "/home/almalinux/work/sandbox/java-test" },
{ name: "rootDir", value: "/home/almalinux/work/sandbox/java-test" },
],
},
});
retMap = parseGradleProperties(
readFileSync("./test/data/gradle-properties-elastic.txt", {
encoding: "utf-8",
}),
);
expect(retMap.rootProject).toEqual("elasticsearch");
expect(retMap.projects.length).toEqual(409);
retMap = parseGradleProperties(
readFileSync("./test/data/gradle-properties-android.txt", {
encoding: "utf-8",
}),
);
expect(retMap.rootProject).toEqual("CdxgenAndroidTest");
expect(retMap.projects.length).toEqual(2);
retMap = parseGradleProperties(
readFileSync("./test/data/gradle-properties-sm.txt", {
encoding: "utf-8",
}),
);
expect(retMap.rootProject).toEqual("root");
expect(retMap.projects).toEqual([]);
retMap = parseGradleProperties(
readFileSync("./test/data/gradle-properties-559.txt", {
encoding: "utf-8",
}),
);
expect(retMap.rootProject).toEqual("failing-project");
expect(retMap.projects).toEqual([]);
});
test("parse maven tree", () => {
expect(parseMavenTree(null)).toEqual({});
let parsedList = parseMavenTree(
readFileSync("./test/data/sample-mvn-tree.txt", { encoding: "utf-8" }),
);
expect(parsedList.pkgList.length).toEqual(61);
expect(parsedList.dependenciesList.length).toEqual(61);
expect(parsedList.pkgList[0]).toEqual({
"bom-ref": "pkg:maven/com.pogeyan.cmis/copper-server@1.15.2?type=war",
group: "com.pogeyan.cmis",
name: "copper-server",
version: "1.15.2",
qualifiers: { type: "war" },
properties: [],
purl: "pkg:maven/com.pogeyan.cmis/copper-server@1.15.2?type=war",
scope: undefined,
});
expect(parsedList.dependenciesList[0]).toEqual({
ref: "pkg:maven/com.pogeyan.cmis/copper-server@1.15.2?type=war",
dependsOn: [
"pkg:maven/com.fasterxml.jackson.core/jackson-core@2.12.0?type=jar",
"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.0?type=jar",
"pkg:maven/com.github.davidb/metrics-influxdb@0.9.3?type=jar",
"pkg:maven/com.pogeyan.cmis/copper-server-api@1.15.2?type=jar",
"pkg:maven/com.pogeyan.cmis/copper-server-impl@1.15.2?type=jar",
"pkg:maven/com.pogeyan.cmis/copper-server-ldap@1.15.2?type=jar",
"pkg:maven/com.pogeyan.cmis/copper-server-mongo@1.15.2?type=jar",
"pkg:maven/com.pogeyan.cmis/copper-server-repo@1.15.2?type=jar",
"pkg:maven/com.typesafe.akka/akka-actor_2.11@2.4.14?type=jar",
"pkg:maven/com.typesafe.akka/akka-cluster_2.11@2.4.14?type=jar",
"pkg:maven/commons-fileupload/commons-fileupload@1.4?type=jar",
"pkg:maven/commons-io/commons-io@2.6?type=jar",
"pkg:maven/io.dropwizard.metrics/metrics-core@3.1.2?type=jar",
"pkg:maven/javax/javaee-web-api@7.0?type=jar",
"pkg:maven/junit/junit@4.12?type=jar",
"pkg:maven/org.apache.chemistry.opencmis/chemistry-opencmis-server-support@1.0.0?type=jar",
"pkg:maven/org.apache.commons/commons-lang3@3.4?type=jar",
"pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13?type=jar",
"pkg:maven/org.slf4j/slf4j-log4j12@1.7.21?type=jar",
],
});
parsedList = parseMavenTree(
readFileSync("./test/data/mvn-dep-tree-simple.txt", {
encoding: "utf-8",
}),
);
expect(parsedList.pkgList.length).toEqual(39);
expect(parsedList.dependenciesList.length).toEqual(39);
expect(parsedList.pkgList[0]).toEqual({
"bom-ref":
"pkg:maven/com.gitlab.security_products.tests/java-maven@1.0-SNAPSHOT?type=jar",
purl: "pkg:maven/com.gitlab.security_products.tests/java-maven@1.0-SNAPSHOT?type=jar",
group: "com.gitlab.security_products.tests",
name: "java-maven",
version: "1.0-SNAPSHOT",
qualifiers: { type: "jar" },
properties: [],
scope: undefined,
});
expect(parsedList.dependenciesList[0]).toEqual({
ref: "pkg:maven/com.gitlab.security_products.tests/java-maven@1.0-SNAPSHOT?type=jar",
dependsOn: [
"pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.2?type=jar",
"pkg:maven/com.github.jnr/jffi@1.3.11?classifier=native&type=jar",
"pkg:maven/com.github.jnr/jffi@1.3.11?type=jar",
"pkg:maven/io.netty/netty@3.9.1.Final?type=jar",
"pkg:maven/junit/junit@3.8.1?type=jar",
"pkg:maven/org.apache.geode/geode-core@1.1.1?type=jar",
"pkg:maven/org.apache.maven/maven-artifact@3.3.9?type=jar",
"pkg:maven/org.mozilla/rhino@1.7.10?type=jar",
"pkg:maven/org.powermock/powermock-api-mockito@1.7.3?type=jar",
],
});
parsedList = parseMavenTree(
readFileSync("./test/data/mvn-p2-plugin.txt", {
encoding: "utf-8",
}),
);
expect(parsedList.pkgList.length).toEqual(79);
expect(parsedList.pkgList[0]).toEqual({
"bom-ref":
"pkg:maven/example.group/eclipse-repository@1.0.0-SNAPSHOT?type=eclipse-repository",
purl: "pkg:maven/example.group/eclipse-repository@1.0.0-SNAPSHOT?type=eclipse-repository",
group: "example.group",
name: "eclipse-repository",
version: "1.0.0-SNAPSHOT",
qualifiers: { type: "eclipse-repository" },
scope: undefined,
properties: [],
});
expect(parsedList.pkgList[4]).toEqual({
"bom-ref":
"pkg:maven/p2.eclipse.plugin/com.ibm.icu@67.1.0.v20200706-1749?type=eclipse-plugin",
purl: "pkg:maven/p2.eclipse.plugin/com.ibm.icu@67.1.0.v20200706-1749?type=eclipse-plugin",
group: "p2.eclipse.plugin",
name: "com.ibm.icu",
version: "67.1.0.v20200706-1749",
qualifiers: { type: "eclipse-plugin" },
scope: undefined,
properties: [],
});
expect(parsedList.dependenciesList.length).toEqual(79);
expect(parsedList.dependenciesList[0]).toEqual({
ref: "pkg:maven/example.group/eclipse-repository@1.0.0-SNAPSHOT?type=eclipse-repository",
dependsOn: [
"pkg:maven/example.group/example-bundle@0.1.0-SNAPSHOT?type=eclipse-plugin",
"pkg:maven/example.group/example-feature-2@0.2.0-SNAPSHOT?type=eclipse-feature",
"pkg:maven/example.group/example-feature@0.1.0-SNAPSHOT?type=eclipse-feature",
"pkg:maven/example.group/org.tycho.demo.rootfiles.win@1.0.0-SNAPSHOT?type=p2-installable-unit",
"pkg:maven/example.group/org.tycho.demo.rootfiles@1.0.0?type=p2-installable-unit",
],
});
parsedList = parseMavenTree(
readFileSync("./test/data/mvn-metrics-tree.txt", {
encoding: "utf-8",
}),
);
expect(parsedList.pkgList.length).toEqual(58);
expect(parsedList.parentComponent["bom-ref"]).toEqual(
"pkg:maven/org.apache.dubbo/dubbo-metrics@3.3.0?type=pom",
);
expect(parsedList.dependenciesList.length).toEqual(58);
expect(parsedList.dependenciesList[0]).toEqual({
ref: "pkg:maven/org.apache.dubbo/dubbo-metrics@3.3.0?type=pom",
dependsOn: [
"pkg:maven/org.apache.dubbo/dubbo-test-check@3.3.0?type=jar",
"pkg:maven/org.awaitility/awaitility@4.2.0?type=jar",
"pkg:maven/org.hamcrest/hamcrest@2.2?type=jar",
"pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.9.3?type=jar",
"pkg:maven/org.junit.jupiter/junit-jupiter-params@5.9.3?type=jar",
"pkg:maven/org.mockito/mockito-core@4.11.0?type=jar",
"pkg:maven/org.mockito/mockito-inline@4.11.0?type=jar",
],
});
parsedList = parseMavenTree(
readFileSync("./test/data/mvn-sbstarter-tree.txt", {
encoding: "utf-8",
}),
);
expect(parsedList.pkgList.length).toEqual(90);
expect(parsedList.parentComponent["bom-ref"]).toEqual(
"pkg:maven/org.apache.dubbo/dubbo-spring-boot-starter@3.3.0?type=jar",
);
expect(parsedList.dependenciesList.length).toEqual(90);
expect(parsedList.dependenciesList[0]).toEqual({
ref: "pkg:maven/org.apache.dubbo/dubbo-spring-boot-starter@3.3.0?type=jar",
dependsOn: [
"pkg:maven/net.bytebuddy/byte-buddy-agent@1.15.0?type=jar",
"pkg:maven/net.bytebuddy/byte-buddy@1.15.0?type=jar",
"pkg:maven/org.apache.dubbo/dubbo-spring-boot-autoconfigure@3.3.0?type=jar",
"pkg:maven/org.apache.dubbo/dubbo-test-check@3.3.0?type=jar",
"pkg:maven/org.apache.logging.log4j/log4j-slf4j-impl@2.17.2?type=jar",
"pkg:maven/org.awaitility/awaitility@4.2.0?type=jar",
"pkg:maven/org.hamcrest/hamcrest@2.2?type=jar",
"pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.8.2?type=jar",
"pkg:maven/org.junit.jupiter/junit-jupiter-params@5.8.2?type=jar",
"pkg:maven/org.junit.vintage/junit-vintage-engine@5.8.2?type=jar",
"pkg:maven/org.mockito/mockito-core@4.11.0?type=jar",
"pkg:maven/org.mockito/mockito-inline@4.11.0?type=jar",
"pkg:maven/org.yaml/snakeyaml@1.30?type=jar",
],
});
});
// Slow test
/*
test("get maven metadata", async () => {
let data = await utils.getMvnMetadata([
{
group: "com.squareup.okhttp3",
name: "okhttp",
version: "3.8.1",
},
]);
expect(data).toEqual([
{
description: "",
group: "com.squareup.okhttp3",
name: "okhttp",
version: "3.8.1",
},
]);
data = await utils.getMvnMetadata([
{
group: "com.fasterxml.jackson.core",
name: "jackson-databind",
version: "2.8.5",
},
{
group: "com.github.jnr",
name: "jnr-posix",
version: "3.0.47",
},
]);
expect(data).toEqual([
{
group: "com.fasterxml.jackson.core",
name: "jackson-databind",
version: "2.8.5",
description:
"General data-binding functionality for Jackson: works on core streaming API",
repository: { url: "http://github.com/FasterXML/jackson-databind" },
},
{
group: "com.github.jnr",
name: "jnr-posix",
version: "3.0.47",
license: ["EPL-2.0", "GPL-2.0-only", "LGPL-2.1-only"],
description: "\n Common cross-project/cross-platform POSIX APIs\n ",
repository: { url: "git@github.com:jnr/jnr-posix.git" },
},
]);
});
*/
test("get py metadata", async () => {
const data = await getPyMetadata(
[
{
group: "",
name: "Flask",
version: "1.1.0",
},
],
false,
);
expect(data).toEqual([
{
group: "",
name: "Flask",
version: "1.1.0",
},
]);
}, 240000);
test("parseGoModData", async () => {
let retMap = await parseGoModData(null);
expect(retMap).toEqual({});
const gosumMap = {
"google.golang.org/grpc@v1.21.0":
"sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
"github.com/aws/aws-sdk-go@v1.38.47": "sha256-fake-sha-for-aws-go-sdk=",
"github.com/spf13/cobra@v1.0.0":
"sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
"github.com/spf13/viper@v1.3.0":
"sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
"github.com/stretchr/testify@v1.6.1":
"sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=",
};
retMap = await parseGoModData(
readFileSync("./test/gomod/go.mod", { encoding: "utf-8" }),
gosumMap,
);
expect(retMap.pkgList.length).toEqual(6);
expect(retMap.pkgList).toEqual([
{
group: "",
name: "github.com/aws/aws-sdk-go",
version: "v1.38.47",
_integrity: "sha256-fake-sha-for-aws-go-sdk=",
purl: "pkg:golang/github.com/aws/aws-sdk-go@v1.38.47",
"bom-ref": "pkg:golang/github.com/aws/aws-sdk-go@v1.38.47",
},
{
group: "",
name: "github.com/spf13/cobra",
version: "v1.0.0",
_integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
purl: "pkg:golang/github.com/spf13/cobra@v1.0.0",
"bom-ref": "pkg:golang/github.com/spf13/cobra@v1.0.0",
},
{
group: "",
name: "github.com/spf13/viper",
version: "v1.0.2",
purl: "pkg:golang/github.com/spf13/viper@v1.0.2",
"bom-ref": "pkg:golang/github.com/spf13/viper@v1.0.2",
},
{
group: "",
name: "github.com/spf13/viper",
version: "v1.3.0",
_integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
purl: "pkg:golang/github.com/spf13/viper@v1.3.0",
"bom-ref": "pkg:golang/github.com/spf13/viper@v1.3.0",
},
{
group: "",
name: "google.golang.org/grpc",
version: "v1.21.0",
_integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
purl: "pkg:golang/google.golang.org/grpc@v1.21.0",
"bom-ref": "pkg:golang/google.golang.org/grpc@v1.21.0",
},
{
group: "",
name: "google.golang.org/grpc",
version: "v1.32.0",
purl: "pkg:golang/google.golang.org/grpc@v1.32.0",
"bom-ref": "pkg:golang/google.golang.org/grpc@v1.32.0",
},
]);
retMap.pkgList.forEach((d) => {
expect(d.license);
});
retMap = await parseGoModData(
readFileSync("./test/data/go-dvwa.mod", { encoding: "utf-8" }),
{},
);
expect(retMap.parentComponent).toEqual({
"bom-ref": "pkg:golang/github.com/sqreen/go-dvwa",
name: "github.com/sqreen/go-dvwa",
purl: "pkg:golang/github.com/sqreen/go-dvwa",
type: "application",
});
expect(retMap.pkgList.length).toEqual(19);
expect(retMap.rootList.length).toEqual(4);
retMap = await parseGoModData(
readFileSync("./test/data/go-syft.mod", { encoding: "utf-8" }),
{},
);
expect(retMap.parentComponent).toEqual({
"bom-ref": "pkg:golang/github.com/anchore/syft",
name: "github.com/anchore/syft",
purl: "pkg:golang/github.com/anchore/syft",
type: "application",
});
expect(retMap.pkgList.length).toEqual(239);
expect(retMap.rootList.length).toEqual(84);
}, 120000);
test("parseGoSumData", async () => {
let dep_list = await parseGosumData(null);
expect(dep_list).toEqual([]);
dep_list = await parseGosumData(
readFileSync("./test/gomod/go.sum", { encoding: "utf-8" }),
);
expect(dep_list.length).toEqual(4);
expect(dep_list[0]).toEqual({
group: "",
name: "google.golang.org/grpc",
license: undefined,
version: "v1.21.0",
_integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
"bom-ref": "pkg:golang/google.golang.org/grpc@v1.21.0",
purl: "pkg:golang/google.golang.org/grpc@v1.21.0",
});
expect(dep_list[1]).toEqual({
group: "",
name: "github.com/spf13/cobra",
license: undefined,
version: "v1.0.0",
_integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
"bom-ref": "pkg:golang/github.com/spf13/cobra@v1.0.0",
purl: "pkg:golang/github.com/spf13/cobra@v1.0.0",
});
expect(dep_list[2]).toEqual({
group: "",
name: "github.com/spf13/viper",
license: undefined,
version: "v1.0.2",
_integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
"bom-ref": "pkg:golang/github.com/spf13/viper@v1.0.2",
purl: "pkg:golang/github.com/spf13/viper@v1.0.2",
});
expect(dep_list[3]).toEqual({
group: "",
name: "github.com/stretchr/testify",
license: undefined,
version: "v1.6.1",
_integrity: "sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=",
"bom-ref": "pkg:golang/github.com/stretchr/testify@v1.6.1",
purl: "pkg:golang/github.com/stretchr/testify@v1.6.1",
});
dep_list.forEach((d) => {
expect(d.license);
});
}, 120000);
describe("go data with vcs", () => {
beforeAll(() => {
process.env.GO_FETCH_VCS = "true";
});
afterAll(() => {
delete process.env.GO_FETCH_VCS;
});
test("parseGoSumData with vcs", async () => {
let dep_list = await parseGosumData(null);
expect(dep_list).toEqual([]);
dep_list = await parseGosumData(
readFileSync("./test/gomod/go.sum", { encoding: "utf-8" }),
);
expect(dep_list.length).toEqual(4);
expect(dep_list[0]).toEqual({
group: "",
name: "google.golang.org/grpc",
license: undefined,
version: "v1.21.0",
_integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
"bom-ref": "pkg:golang/google.golang.org/grpc@v1.21.0",
purl: "pkg:golang/google.golang.org/grpc@v1.21.0",
externalReferences: [
{
type: "vcs",
url: "https://github.com/grpc/grpc-go",
},
],
});
expect(dep_list[1]).toEqual({
group: "",
name: "github.com/spf13/cobra",
license: undefined,
version: "v1.0.0",
_integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
"bom-ref": "pkg:golang/github.com/spf13/cobra@v1.0.0",
purl: "pkg:golang/github.com/spf13/cobra@v1.0.0",
externalReferences: [
{
type: "vcs",
url: "https://github.com/spf13/cobra",
},
],
});
expect(dep_list[2]).toEqual({
group: "",
name: "github.com/spf13/viper",
license: undefined,
version: "v1.0.2",
_integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
"bom-ref": "pkg:golang/github.com/spf13/viper@v1.0.2",
purl: "pkg:golang/github.com/spf13/viper@v1.0.2",
externalReferences: [
{
type: "vcs",
url: "https://github.com/spf13/viper",
},
],
});
expect(dep_list[3]).toEqual({
group: "",
name: "github.com/stretchr/testify",
license: undefined,
version: "v1.6.1",
_integrity: "sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=",
"bom-ref": "pkg:golang/github.com/stretchr/testify@v1.6.1",
purl: "pkg:golang/github.com/stretchr/testify@v1.6.1",
externalReferences: [
{
type: "vcs",
url: "https://github.com/stretchr/testify",
},
],
});
dep_list.forEach((d) => {
expect(d.license);
});
}, 120000);
test("parseGoModData", async () => {
process.env.GO_FETCH_VCS = "false";
let retMap = await parseGoModData(null);
expect(retMap).toEqual({});
const gosumMap = {
"google.golang.org/grpc@v1.21.0":
"sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
"github.com/aws/aws-sdk-go@v1.38.47": "sha256-fake-sha-for-aws-go-sdk=",
"github.com/spf13/cobra@v1.0.0":
"sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
"github.com/spf13/viper@v1.3.0":
"sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
"github.com/stretchr/testify@v1.6.1":
"sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=",
};
retMap = await parseGoModData(
readFileSync("./test/gomod/go.mod", { encoding: "utf-8" }),
gosumMap,
);
expect(retMap.pkgList.length).toEqual(6);
// Doesn't reliably work in CI/CD due to rate limiting.
/*
expect(retMap.pkgList).toEqual([
{
group: "",
name: "github.com/aws/aws-sdk-go",
version: "v1.38.47",
_integrity: "sha256-fake-sha-for-aws-go-sdk=",
purl: "pkg:golang/github.com/aws/aws-sdk-go@v1.38.47",
"bom-ref": "pkg:golang/github.com/aws/aws-sdk-go@v1.38.47",
externalReferences: [
{
type: "vcs",
url: "https://github.com/aws/aws-sdk-go",
},
],
},
{
group: "",
name: "github.com/spf13/cobra",
version: "v1.0.0",
_integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
purl: "pkg:golang/github.com/spf13/cobra@v1.0.0",
"bom-ref": "pkg:golang/github.com/spf13/cobra@v1.0.0",
externalReferences: [
{
type: "vcs",
url: "https://github.com/spf13/cobra",
},
],
},
{
group: "",
name: "github.com/spf13/viper",
version: "v1.0.2",
purl: "pkg:golang/github.com/spf13/viper@v1.0.2",
"bom-ref": "pkg:golang/github.com/spf13/viper@v1.0.2",
externalReferences: [
{
type: "vcs",
url: "https://github.com/spf13/viper",
},
],
},
{
group: "",
name: "github.com/spf13/viper",
version: "v1.3.0",
_integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
purl: "pkg:golang/github.com/spf13/viper@v1.3.0",
"bom-ref": "pkg:golang/github.com/spf13/viper@v1.3.0",
externalReferences: [
{
type: "vcs",
url: "https://github.com/spf13/viper",
},
],
},
{
group: "",
name: "google.golang.org/grpc",
version: "v1.21.0",
_integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
purl: "pkg:golang/google.golang.org/grpc@v1.21.0",
"bom-ref": "pkg:golang/google.golang.org/grpc@v1.21.0",
externalReferences: [
{
type: "vcs",
url: "https://github.com/grpc/grpc-go",
},
],
},
{
group: "",
name: "google.golang.org/grpc",
version: "v1.32.0",
purl: "pkg:golang/google.golang.org/grpc@v1.32.0",
"bom-ref": "pkg:golang/google.golang.org/grpc@v1.32.0",
externalReferences: [
{
type: "vcs",
url: "https://github.com/grpc/grpc-go",
},
],
},
]);
*/
retMap.pkgList.forEach((d) => {
expect(d.license);
});
retMap = await parseGoModData(
readFileSync("./test/data/go-dvwa.mod", { encoding: "utf-8" }),
{},
);
expect(retMap.parentComponent).toEqual({
"bom-ref": "pkg:golang/github.com/sqreen/go-dvwa",
name: "github.com/sqreen/go-dvwa",
purl: "pkg:golang/github.com/sqreen/go-dvwa",
type: "application",
});
expect(retMap.pkgList.length).toEqual(19);
expect(retMap.rootList.length).toEqual(4);
retMap = await parseGoModData(
readFileSync("./test/data/go-syft.mod", { encoding: "utf-8" }),
{},
);
expect(retMap.parentComponent).toEqual({
"bom-ref": "pkg:golang/github.com/anchore/syft",
name: "github.com/anchore/syft",
purl: "pkg:golang/github.com/anchore/syft",
type: "application",
});
expect(retMap.pkgList.length).toEqual(239);
expect(retMap.rootList.length).toEqual(84);
}, 120000);
});
describe("go vendor modules tests", () => {
test("parseGoModulesTxt", async () => {
const gosumMap = {
"cel.dev/expr@v0.18.0":
"sha256-CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo=",
"github.com/AdaLogics/go-fuzz-headers@v0.0.0-20230811130428-ced1acdcaa24":
"sha256-bvDV9vkmnHYOMsOr4WLk+Vo07yKIzd94sVoIqshQ4bU=",
"github.com/Azure/go-ansiterm@v0.0.0-20230124172434-306776ec8161":
"sha256-L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=",
};
const pkgList = await parseGoModulesTxt(
"./test/data/modules.txt",
gosumMap,
);
expect((await pkgList).length).toEqual(212);
});
});
describe("go data with licenses", () => {
beforeAll(() => {
process.env.FETCH_LICENSE = "true";
});
afterAll(() => {
delete process.env.FETCH_LICENSE;
});
test.skip("parseGoSumData with licenses", async () => {
let dep_list = await parseGosumData(null);
expect(dep_list).toEqual([]);
dep_list = await parseGosumData(
readFileSync("./test/gomod/go.sum", { encoding: "utf-8" }),
);
expect(dep_list.length).toEqual(4);
expect(dep_list[0]).toEqual({
group: "",
name: "google.golang.org/grpc",
version: "v1.21.0",
_integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
"bom-ref": "pkg:golang/google.golang.org/grpc@v1.21.0",
purl: "pkg:golang/google.golang.org/grpc@v1.21.0",
license: [
{
id: "Apache-2.0",
url: "https://pkg.go.dev/google.golang.org/grpc?tab=licenses",
},
],
});
expect(dep_list[1]).toEqual({
group: "",
name: "github.com/spf13/cobra",
version: "v1.0.0",
_integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
"bom-ref": "pkg:golang/github.com/spf13/cobra@v1.0.0",
purl: "pkg:golang/github.com/spf13/cobra@v1.0.0",
license: [
{
id: "Apache-2.0",
url: "https://pkg.go.dev/github.com/spf13/cobra?tab=licenses",
},
],
});
expect(dep_list[2]).toEqual({
group: "",
name: "github.com/spf13/viper",
version: "v1.0.2",
_integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
"bom-ref": "pkg:golang/github.com/spf13/viper@v1.0.2",
purl: "pkg:golang/github.com/spf13/viper@v1.0.2",
license: [
{
id: "MIT",
url: "https://pkg.go.dev/github.com/spf13/viper?tab=licenses",
},
],
});
expect(dep_list[3]).toEqual({
group: "",
name: "github.com/stretchr/testify",
version: "v1.6.1",
_integrity: "sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=",
"bom-ref": "pkg:golang/github.com/stretchr/testify@v1.6.1",
purl: "pkg:golang/github.com/stretchr/testify@v1.6.1",
license: [
{
id: "MIT",
url: "https://pkg.go.dev/github.com/stretchr/testify?tab=licenses",
},
],
});
dep_list.forEach((d) => {
expect(d.license);
});
}, 120000);
test.skip("parseGoModData with licenses", async () => {
let retMap = await parseGoModData(null);
expect(retMap).toEqual({});
const gosumMap = {
"google.golang.org/grpc@v1.21.0":
"sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
"github.com/aws/aws-sdk-go@v1.38.47": "sha256-fake-sha-for-aws-go-sdk=",
"github.com/spf13/cobra@v1.0.0":
"sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
"github.com/spf13/viper@v1.3.0":
"sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
"github.com/stretchr/testify@v1.6.1":
"sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=",
};
retMap = await parseGoModData(
readFileSync("./test/gomod/go.mod", { encoding: "utf-8" }),
gosumMap,
);
expect(retMap.pkgList.length).toEqual(6);
expect(retMap.pkgList).toEqual([
{
group: "",
name: "github.com/aws/aws-sdk-go",
version: "v1.38.47",
_integrity: "sha256-fake-sha-for-aws-go-sdk=",
purl: "pkg:golang/github.com/aws/aws-sdk-go@v1.38.47",
"bom-ref": "pkg:golang/github.com/aws/aws-sdk-go@v1.38.47",
license: [
{
id: "Apache-2.0",
url: "https://pkg.go.dev/github.com/aws/aws-sdk-go?tab=licenses",
},
],
},
{
group: "",
name: "github.com/spf13/cobra",
version: "v1.0.0",
_integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
purl: "pkg:golang/github.com/spf13/cobra@v1.0.0",
"bom-ref": "pkg:golang/github.com/spf13/cobra@v1.0.0",
license: [
{
id: "Apache-2.0",
url: "https://pkg.go.dev/github.com/spf13/cobra?tab=licenses",
},
],
},
{
group: "",
name: "github.com/spf13/viper",
version: "v1.0.2",
purl: "pkg:golang/github.com/spf13/viper@v1.0.2",
"bom-ref": "pkg:golang/github.com/spf13/viper@v1.0.2",
license: [
{
id: "MIT",
url: "https://pkg.go.dev/github.com/spf13/viper?tab=licenses",
},
],
},
{
group: "",
name: "github.com/spf13/viper",
version: "v1.3.0",
_integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
purl: "pkg:golang/github.com/spf13/viper@v1.3.0",
"bom-ref": "pkg:golang/github.com/spf13/viper@v1.3.0",
license: [
{
id: "MIT",
url: "https://pkg.go.dev/github.com/spf13/viper?tab=licenses",
},
],
},
{
group: "",
name: "google.golang.org/grpc",
version: "v1.21.0",
_integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
purl: "pkg:golang/google.golang.org/grpc@v1.21.0",
"bom-ref": "pkg:golang/google.golang.org/grpc@v1.21.0",
license: [
{
id: "Apache-2.0",
url: "https://pkg.go.dev/google.golang.org/grpc?tab=licenses",
},
],
},
{
group: "",
name: "google.golang.org/grpc",
version: "v1.32.0",
purl: "pkg:golang/google.golang.org/grpc@v1.32.0",
"bom-ref": "pkg:golang/google.golang.org/grpc@v1.32.0",
license: [
{
id: "Apache-2.0",
url: "https://pkg.go.dev/google.golang.org/grpc?tab=licenses",
},
],
},
]);
retMap.pkgList.forEach((d) => {
expect(d.license);
});
retMap = await parseGoModData(
readFileSync("./test/data/go-dvwa.mod", { encoding: "utf-8" }),
{},
);
expect(retMap.parentComponent).toEqual({
"bom-ref": "pkg:golang/github.com/sqreen/go-dvwa",
name: "github.com/sqreen/go-dvwa",
purl: "pkg:golang/github.com/sqreen/go-dvwa",
type: "application",
});
expect(retMap.pkgList.length).toEqual(19);
expect(retMap.rootList.length).toEqual(4);
retMap = await parseGoModData(
readFileSync("./test/data/go-syft.mod", { encoding: "utf-8" }),
{},
);
expect(retMap.parentComponent).toEqual({
"bom-ref": "pkg:golang/github.com/anchore/syft",
name: "github.com/anchore/syft",
purl: "pkg:golang/github.com/anchore/syft",
type: "application",
});
expect(retMap.pkgList.length).toEqual(239);
expect(retMap.rootList.length).toEqual(84);
}, 120000);
});
test("parse go list dependencies", async () => {
const retMap = await parseGoListDep(
readFileSync("./test/data/golist-dep.txt", { encoding: "utf-8" }),
{},
);
expect(retMap.pkgList.length).toEqual(4);