UNPKG

@cyclonedx/cdxgen

Version:

Creates CycloneDX Software Bill of Materials (SBOM) from source or container image

github.com/cdxgen/cdxgen

cdxgen/cdxgen

87 lines (80 loc) 2.39 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
import { assert, describe, it } from "poku"; import { getContainerFileInventoryStats, getPropertyValue, getSourceDerivedCryptoComponents, getUnpackagedExecutableComponents, getUnpackagedSharedLibraryComponents, } from "./inventoryStats.js"; describe("inventoryStats helpers", () => { const components = [ { type: "file", name: "demo", properties: [{ name: "internal:is_executable", value: "true" }], }, { type: "file", name: "libdemo.so", properties: [{ name: "internal:is_shared_library", value: "true" }], }, { type: "file", name: "README.md", properties: [{ name: "internal:is_executable", value: "false" }], }, { type: "cryptographic-asset", name: "sha-512", properties: [ { name: "cdx:crypto:sourceType", value: "js-ast:node:crypto" }, ], }, { type: "cryptographic-asset", name: "cert.pem", properties: [{ name: "cdx:crypto:sourceType", value: "certificate" }], }, ]; it("getPropertyValue() reads properties from arrays and component objects", () => { assert.strictEqual( getPropertyValue(components[0], "internal:is_executable"), "true", ); assert.strictEqual( getPropertyValue(components[0].properties, "internal:is_executable"), "true", ); assert.strictEqual(getPropertyValue({}, "missing"), undefined); }); it("filters unpackaged executable and shared-library file components", () => { assert.deepStrictEqual( getUnpackagedExecutableComponents(components).map( (component) => component.name, ), ["demo"], ); assert.deepStrictEqual( getUnpackagedSharedLibraryComponents(components).map( (component) => component.name, ), ["libdemo.so"], ); }); it("filters source-derived crypto components", () => { assert.deepStrictEqual( getSourceDerivedCryptoComponents(components).map( (component) => component.name, ), ["sha-512"], ); }); it("summarizes unpackaged container file inventory counts", () => { assert.deepStrictEqual(getContainerFileInventoryStats(components), { unpackagedExecutables: [components[0]], unpackagedSharedLibraries: [components[1]], unpackagedExecutableCount: 1, unpackagedSharedLibraryCount: 1, }); }); });