UNPKG

@cyclonedx/cyclonedx-library

Version:

Core functionality of CycloneDX for JavaScript (Node.js or WebBrowser).

github.com/CycloneDX/cyclonedx-javascript-library

CycloneDX/cyclonedx-javascript-library

146 lines (142 loc) • 6.12 kB

JavaScript

"use strict"; /*! This file is part of CycloneDX JavaScript Library. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ Object.defineProperty(exports, "__esModule", { value: true }); exports.PackageUrlFactory = exports.ExternalReferenceFactory = void 0; const packageurl_js_1 = require("packageurl-js"); const gitUrl_1 = require("../_helpers/gitUrl"); const notUndefined_1 = require("../_helpers/notUndefined"); const externalReferenceType_1 = require("../enums/externalReferenceType"); const hashAlogorithm_1 = require("../enums/hashAlogorithm"); const externalReference_1 = require("../models/externalReference"); const hash_1 = require("../models/hash"); const npmjsUtility_node_1 = require("../utils/npmjsUtility.node"); const packageUrl_1 = require("./packageUrl"); class ExternalReferenceFactory { makeExternalReferences(data) { const refs = []; try { refs.push(this.makeVcs(data)); } catch { } try { refs.push(this.makeHomepage(data)); } catch { } try { refs.push(this.makeIssueTracker(data)); } catch { } try { refs.push(this.makeDist(data)); } catch { } return refs.filter(notUndefined_1.isNotUndefined); } makeVcs(data) { const repository = data.repository; let url = undefined; let comment = undefined; if (typeof repository === 'object') { url = (0, gitUrl_1.tryCanonicalizeGitUrl)(repository.url); comment = 'as detected from PackageJson property "repository.url"'; if (typeof repository.directory === 'string' && url instanceof URL) { url.hash = repository.directory.replace(/#/g, '%23'); comment += ' and "repository.directory"'; } } else { url = (0, gitUrl_1.tryCanonicalizeGitUrl)(repository); comment = 'as detected from PackageJson property "repository"'; } return url === undefined ? undefined : new externalReference_1.ExternalReference(url.toString(), externalReferenceType_1.ExternalReferenceType.VCS, { comment }); } makeHomepage(data) { const url = data.homepage; return typeof url === 'string' && url.length > 0 ? new externalReference_1.ExternalReference(url, externalReferenceType_1.ExternalReferenceType.Website, { comment: 'as detected from PackageJson property "homepage"' }) : undefined; } makeIssueTracker(data) { const bugs = data.bugs; let url = undefined; let comment = undefined; if (typeof bugs === 'object') { url = bugs.url; comment = 'as detected from PackageJson property "bugs.url"'; } else { url = bugs; comment = 'as detected from PackageJson property "bugs"'; } return typeof url === 'string' && url.length > 0 ? new externalReference_1.ExternalReference(url, externalReferenceType_1.ExternalReferenceType.IssueTracker, { comment }) : undefined; } makeDist(data) { const { tarball, integrity, shasum } = data.dist ?? {}; if (typeof tarball === 'string') { const hashes = new hash_1.HashDictionary(); let comment = 'as detected from PackageJson property "dist.tarball"'; if (typeof integrity === 'string') { try { hashes.set(...(0, npmjsUtility_node_1.parsePackageIntegrity)(integrity)); comment += ' and property "dist.integrity"'; } catch { } } if (typeof shasum === 'string' && shasum.length === 40) { hashes.set(hashAlogorithm_1.HashAlgorithm["SHA-1"], shasum); comment += ' and property "dist.shasum"'; } return new externalReference_1.ExternalReference(tarball, externalReferenceType_1.ExternalReferenceType.Distribution, { hashes, comment }); } return undefined; } } exports.ExternalReferenceFactory = ExternalReferenceFactory; class PackageUrlFactory extends packageUrl_1.PackageUrlFactory { makeFromComponent(component, sort = false) { const purl = super.makeFromComponent(component, sort); return purl === undefined ? undefined : this.#finalizeQualifiers(purl); } #finalizeQualifiers(purl) { const qualifiers = new Map(Object.entries(purl.qualifiers ?? {})); const downloadUrl = qualifiers.get(packageurl_js_1.PurlQualifierNames.DownloadUrl); if (downloadUrl !== undefined) { qualifiers.delete(packageurl_js_1.PurlQualifierNames.VcsUrl); if (npmjsUtility_node_1.defaultRegistryMatcher.test(downloadUrl)) { qualifiers.delete(packageurl_js_1.PurlQualifierNames.DownloadUrl); } } if (!qualifiers.has(packageurl_js_1.PurlQualifierNames.DownloadUrl) && !qualifiers.has(packageurl_js_1.PurlQualifierNames.VcsUrl)) { qualifiers.delete(packageurl_js_1.PurlQualifierNames.Checksum); } if (qualifiers.size > 0) { purl.qualifiers = Object.fromEntries(qualifiers.entries()); purl.qualifiers.__proto__ = null; } else { purl.qualifiers = undefined; } return purl; } } exports.PackageUrlFactory = PackageUrlFactory; //# sourceMappingURL=fromNodePackageJson.node.js.map