From 842e45635521ebd91348f3c09d483df5788d868f Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Sun, 30 Mar 2025 22:47:10 +0100 Subject: [PATCH 01/17] Adds saasbom bin command. Pass --extract-endpoints argument to atom. Signed-off-by: Prabhu Subramanian --- bin/cdxgen.js | 22 ++++++++++--- bin/evinse.js | 1 + lib/evinser/evinser.js | 56 ++++++++++++++++++++++---------- lib/helpers/utils.js | 3 +- package.json | 1 + types/lib/helpers/utils.d.ts | 2 +- types/lib/helpers/utils.d.ts.map | 2 +- 7 files changed, 61 insertions(+), 26 deletions(-) diff --git a/bin/cdxgen.js b/bin/cdxgen.js index 3b5d2421b1..914c91fac6 100755 --- a/bin/cdxgen.js +++ b/bin/cdxgen.js @@ -449,11 +449,23 @@ if (!options.projectType) { "Ok, the user wants me to identify all the project types and generate a consolidated BOM document.", ); } -if (process.argv[1].includes("cbom")) { - thoughtLog( - "Ok, the user wants to generate Cryptographic Bill-of-Materials (CBOM).", - ); - options.includeCrypto = true; +// Handle dedicated cbom and saasbom commands +if (["cbom", "saasbom"].includes(process.argv[1])) { + if (process.argv[1].includes("cbom")) { + thoughtLog( + "Ok, the user wants to generate Cryptographic Bill-of-Materials (CBOM).", + ); + options.includeCrypto = true; + } else if (process.argv[1].includes("saasbom")) { + thoughtLog( + "Ok, the user wants to generate a Software as a Service Bill-of-Materials (SaaSBOM). I should carefully collect the services, endpoints, and data flows.", + ); + if (process.env?.CDXGEN_IN_CONTAINER !== "true") { + thoughtLog( + "Wait, I'm not running in a container. This means the chances of successfully collecting this inventory are quite low. Perhaps this is an advanced user who has set up atom and atom-tools already 🤔?", + ); + } + } options.evidence = true; options.specVersion = 1.6; options.deep = true; diff --git a/bin/evinse.js b/bin/evinse.js index e6eacb3cfa..32d508408c 100755 --- a/bin/evinse.js +++ b/bin/evinse.js @@ -73,6 +73,7 @@ const args = yargs(hideBin(process.argv)) "swift", "ios", "ruby", + "scala", ], }) .option("db-path", { diff --git a/lib/evinser/evinser.js b/lib/evinser/evinser.js index c5b131604f..734d61f773 100644 --- a/lib/evinser/evinser.js +++ b/lib/evinser/evinser.js @@ -1,5 +1,5 @@ import fs from "node:fs"; -import path, { resolve } from "node:path"; +import path, { join, resolve } from "node:path"; import process from "node:process"; import { PackageURL } from "packageurl-js"; import { Op } from "sequelize"; @@ -104,10 +104,10 @@ export async function catalogMavenDeps( options = {}, ) { let jarNSMapping = undefined; - if (safeExistsSync(path.join(dirPath, "bom.json.map"))) { + if (safeExistsSync(join(dirPath, "bom.json.map"))) { try { const mapData = JSON.parse( - fs.readFileSync(path.join(dirPath, "bom.json.map"), "utf-8"), + fs.readFileSync(join(dirPath, "bom.json.map"), "utf-8"), ); if (mapData && Object.keys(mapData).length) { jarNSMapping = mapData; @@ -242,9 +242,7 @@ export async function createSlice( return undefined; } - let sliceOutputDir = fs.mkdtempSync( - path.join(getTmpDir(), `atom-${sliceType}-`), - ); + let sliceOutputDir = fs.mkdtempSync(join(getTmpDir(), `atom-${sliceType}-`)); if (options?.output) { sliceOutputDir = safeExistsSync(options.output) && @@ -252,7 +250,10 @@ export async function createSlice( ? path.basename(options.output) : path.dirname(options.output); } - const slicesFile = path.join(sliceOutputDir, `${sliceType}.slices.json`); + const slicesFile = join(sliceOutputDir, `${sliceType}.slices.json`); + const openapiFile = + process.env?.ATOM_TOOLS_OPENAPI_FILENAME || + join(getTmpDir(), "openapi.json"); if (sliceType === "semantics") { const slicesData = createSemanticsSlices(resolve(filePath), options); // Write the semantics slices data @@ -265,26 +266,34 @@ export async function createSlice( return { tempDir: sliceOutputDir, slicesFile }; } console.log( - `Creating ${sliceType} slice for ${path.resolve( - filePath, - )}. Please wait ...`, + `Creating ${sliceType} slice for ${resolve(filePath)}. Please wait ...`, ); - const atomFile = path.join(sliceOutputDir, "app.atom"); + const atomFile = join(sliceOutputDir, "app.atom"); let args = [sliceType]; // Support for crypto slices aka CBOM if (sliceType === "reachables" && options.includeCrypto) { args.push("--include-crypto"); } - if (sliceType === "usages" || ["ruby"].includes(language)) { - args.push("--remove-atom"); + if (sliceType === "usages") { + // Generate OpenAPI specification for endpoints. Needs atom-tools pypi package to be installed. + if (process.env?.CDXGEN_IN_CONTAINER === "true") { + args.push("--extract-endpoints"); + } else if (DEBUG_MODE) { + console.log( + "Use an official cdxgen container image to improve the precision of endpoints detection (for SaaSBOM).", + ); + } + if (["ruby", "scala"].includes(language)) { + args.push("--remove-atom"); + } } args = args.concat([ "-l", language, "-o", - path.resolve(atomFile), + resolve(atomFile), "--slice-outfile", - path.resolve(slicesFile), + resolve(slicesFile), ]); // For projects with several layers, slice depth needs to be increased from the default 7 to 15 or 20 // This would increase the time but would yield more deeper paths @@ -292,9 +301,15 @@ export async function createSlice( args.push("--slice-depth"); args.push(process.env.ATOM_SLICE_DEPTH); } - - args.push(path.resolve(filePath)); - const result = executeAtom(filePath, args); + args.push(resolve(filePath)); + // Execute atom + const result = executeAtom(filePath, args, { + ATOM_TOOLS_OPENAPI_FILENAME: openapiFile, + ATOM_TOOLS_OPENAPI_FORMAT: + process.env?.ATOM_TOOLS_OPENAPI_FORMAT || "openapi3.1.0", + ATOM_TOOLS_WORK_DIR: + process.env?.ATOM_TOOLS_WORK_DIR || join(getTmpDir(), "atom-tools-"), + }); if (!result || !safeExistsSync(slicesFile)) { console.warn( `Unable to generate ${sliceType} slice using atom. Check if this is a supported language.`, @@ -317,11 +332,16 @@ export async function createSlice( ); } } + } else if (sliceType === "usages" && !safeExistsSync(openapiFile)) { + console.log( + `openapi spec file "${openapiFile}" was not generated successfully. Check if atom-tools pypi package is installed and available in PATH.`, + ); } return { tempDir: sliceOutputDir, slicesFile, atomFile, + openapiFile, }; } diff --git a/lib/helpers/utils.js b/lib/helpers/utils.js index caaf49e0cb..827190771f 100644 --- a/lib/helpers/utils.js +++ b/lib/helpers/utils.js @@ -12767,7 +12767,7 @@ export function getAtomCommand() { return "atom"; } -export function executeAtom(src, args) { +export function executeAtom(src, args, extra_env = {}) { const cwd = safeExistsSync(src) && lstatSync(src).isDirectory() ? src : dirname(src); let ATOM_BIN = getAtomCommand(); @@ -12784,6 +12784,7 @@ export function executeAtom(src, args) { } const env = { ...process.env, + ...extra_env, }; // Atom requires Java >= 21 if (process.env?.ATOM_JAVA_HOME) { diff --git a/package.json b/package.json index ba5fd7206b..fbfdbc522d 100644 --- a/package.json +++ b/package.json @@ -47,6 +47,7 @@ "cdxgen-secure": "bin/cdxgen.js", "obom": "bin/cdxgen.js", "cbom": "bin/cdxgen.js", + "saasbom": "bin/cdxgen.js", "cdxi": "bin/repl.js", "evinse": "bin/evinse.js", "cdx-verify": "bin/verify.js" diff --git a/types/lib/helpers/utils.d.ts b/types/lib/helpers/utils.d.ts index 7af6379104..b314c5f01b 100644 --- a/types/lib/helpers/utils.d.ts +++ b/types/lib/helpers/utils.d.ts @@ -1210,7 +1210,7 @@ export function getMavenCommand(srcPath: string, rootPath: string): string; * Retrieves the atom command by referring to various environment variables */ export function getAtomCommand(): any; -export function executeAtom(src: any, args: any): boolean; +export function executeAtom(src: any, args: any, extra_env?: {}): boolean; /** * Find the imported modules in the application with atom parsedeps command * diff --git a/types/lib/helpers/utils.d.ts.map b/types/lib/helpers/utils.d.ts.map index de8d788393..2accc587c9 100644 --- a/types/lib/helpers/utils.d.ts.map +++ b/types/lib/helpers/utils.d.ts.map @@ -1 +1 @@ -{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/utils.js"],"names":[],"mappings":"AA8EA;;;;;GAKG;AACH,0DAUC;AAED;;;;;;GAMG;AACH,yDAHmB,OAAO,UAazB;AAoFD,8CAKC;AAED,0CAIC;AAsBD,yCAYC;AAID,2CAQC;AA+ND;;;;;;;GAOG;AACH,4EAiBC;AAED;;;;;;GAMG;AACH,mGA2EC;AAED;;;;;;;;GAQG;AACH,yGAeC;AAyBD;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,2BA8BhB;AAED;;;;;;GAMG;AACH,+CAJW,MAAM,WACN,MAAM,+BA0BhB;AAYD;;;;GAIG;AACH,gCAFa,MAAM,CAIlB;AAED,iCAQC;AAED;;;;;;IAMI;AACJ,iDAJW,MAAM,GACJ,OAAO,CAWnB;AAED;;;;;;;;;GASG;AACH,iEA2BC;AAED;;;;;GAKG;AACH,6CAqDC;AAED;;;;;;GAMG;AACH,sEA0DC;AAED;;;;GAIG;AACH,4EAoCC;AAED;;;GAGG;AACH;;EAUC;AAED,sEA0BC;AAED;;;;GAIG;AACH,+DA4CC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,WACN,OAAO,kBA+EjB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM;;;GAygBhB;AAED;;;;;;;GAOG;AACH,6CAFW,MAAM,MA2DhB;AAgCD;;;;GAIG;AACH,4CAFW,MAAM;;;GA4OhB;AAED;;;;GAIG;AACH,4CAFW,MAAM,kBAiEhB;AAoHD;;;;;GAKG;AACH,kDAHW,MAAM,GACJ,MAAM,CAgBlB;AAED;;;;;;;;;;GAUG;AACH,wCARW,MAAM;;;;;;;;;;;;;;;;;;GAuvBhB;AAED;;;;GAIG;AACH,8CAFW,MAAM,kBA+ChB;AAED;;;;GAIG;AACH,sCAFW,MAAM,kBAgFhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,OAqIhB;AAED;;;;;;GAMG;AACH,0CALW,MAAM,WACN,MAAM,OA+JhB;AAED;;;;;;GAMG;AACH,0CALW,MAAM,oBACN,MAAM,kBACN,GAAG,mBACH,MAAM;;;;;;;;;GA6OhB;AAED;;;GAGG;AACH,uCAFW,MAAM,SAoChB;AAED;;;GAGG;AACH,wCAFW,MAAM,OAahB;AAED,yEAwBC;AAED;;;;GAIG;AACH,+CAFW,MAAM;;;EAwDhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBACN,MAAM;;;;;;;;EAmDhB;AAED;;;;;;;GAOG;AACH,qDALW,MAAM,0BAGJ,MAAM,CAuElB;AAED;;;GAGG;AACH,iDAFW,MAAM,SA4ChB;AAED;;;GAGG;AACH,8CAFW,MAAM,SAsDhB;AAED;;;GAGG;AACH,2CAFW,MAAM,SAiBhB;AAED;;GAEG;AACH,kDAoCC;AAED;;;;GAIG;AACH,oCAFW,MAAM,OAchB;AAED;;;;GAIG;AACH,wCAFW,MAAM,OAYhB;AAED;;;;;;;;GAQG;AACH,2FA0GC;AAED;;;;;;;;;GASG;AACH,sFAGC;AAED;;;;;;;;;GASG;AACH,gFAFY,MAAO,SAAS,CA6B3B;AAED;;;;;;;;;GASG;AACH,0EAFY,OAAO,QAAQ,CAU1B;AAED;;;;GAIG;AACH,4DAFW,WAAY,SAYtB;AAED;;;;;;;;;GASG;AACH,+FAFY,OAAO,QAAQ,CAc1B;AAED;;;;GAIG;AACH;;;EAqBC;AAED;;;;;GAKG;AACH,iFAFW,GAAC,OA0BX;AAED;;;;;GAKG;AACH,sFAsNC;AAED;;;;GAIG;AACH,qDAmBC;AAED;;;;GAIG;AACH,gEAeC;AAED;;;;;GAKG;AACH,iDAHW,MAAM,OAoLhB;AAED;;;;;;GAMG;AACH,yDAHW,MAAM,iBACN,MAAM;;;;;;;;;;;;;;;;;;;;GA4bhB;AAED;;;;;GAKG;AACH,mFAgKC;AAED;;;;;;;GAOG;AACH,kCALW,MAAM;;;;;;;;GA4EhB;AAED;;;;GAIG;AACH,mEAqBC;AAeD;;;;;GAKG;AACH;;;;;;;;;EAkLC;AAED;;;;GAIG;AACH;;;;;;EAcC;AAED;;;;GAIG;AACH,+DAFY,SAAO,SAAS,CAc3B;AAED;;;;GAIG;AACH,uDAoBC;AAED;;;;GAIG;AACH,oDAFY,QAAQ,CAQnB;AAED;;;;;GAKG;AACH,oEAFY,SAAO,SAAS,CAc3B;AAED;;;;;;GAMG;AACH,oEAFY,OAAO,QAAQ,CA8D1B;AAED;;;;GAIG;AACH,iEA2CC;AA+BD;;;;;;;;GAkCC;AAyBD;;;;;;;GAOG;AACH,sEA4FC;AAED;;;;;;GAMG;AACH,0CAJW,MAAM;;;;;;;;;;;GA2DhB;AA4BD;;;;;;;;;;GAUG;AACH,2CARW,MAAM,aACN,MAAM;;;;;;;;GAkMhB;AAED;;;;GAIG;AACH,yCAHW,MAAM,OAehB;AAED;;;;GAIG;AACH,0CAHW,MAAM,kBAsBhB;AAED,+DA+CC;AAED,uEAwBC;AA6BD;;;;GAIG;AACH,oEAmGC;AAMD;;;;GAIG;AACH,sDAsBC;AAED;;;;;;;;;;GAUG;AACH,uIAFa,KAAK,CAAC,MAAM,CAAC,CA0IzB;AAED;;;;;GAKG;AACH,8CAHW,MAAM,eACN,MAAM,kBAwKhB;AAED;;;;;GAKG;AACH,kDAHW,MAAM,YACN,MAAM;;;;;;;GAoQhB;AAED;;;;GAIG;AACH,kEAqEC;AAED;;;;GAIG;AACH,gEA+CC;AAyFD;;;;;;;;;;;;;;;;;GAiBG;AACH,mEALW,OAAO,4BAuIjB;AAED;;;;;;;;GAQG;AACH,+DALW,OAAO,4BA4GjB;AAED,oEAyDC;AAED,wEA0BC;AAED;;;;;;;GAOG;AACH,uEAgEC;AAED,0DAwBC;AAED,wDA+DC;AAED,0FAkEC;AAmBD;;IAiEC;AAED;;IA2DC;AAED,2DAiEC;AAED,yDAaC;AAaD,gDA+EC;AAED,yDAkDC;AAED,sDA0BC;AAED,sDAyBC;AAED,6DAwCC;AAED,yDAmCC;AAyCD,qFA2HC;AAED,8DA0BC;AAED,sDAiCC;AAED,yDAgCC;AAED,qDAkDC;AAED;;;;;GAKG;AACH,mDASC;AAED;;;;;;GAMG;AACH,4EAyJC;AAED,kEAoDC;AAED;;;;;;;;GAQG;AACH,kGAiVC;AAED;;;EA8OC;AAED;;;;EAsHC;AAED;;;EA+GC;AAED;;;;;;GAMG;AACH,oDAJW,MAAM,OAsChB;AAED;;;;;GAKG;AACH,+CAHW,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAsJhB;AAED;;;;;;EA+HC;AAED;;;;GAIG;AACH,0CAFW,MAAM;;;;;;;;;;;;;;;;;;;;;IAqDhB;AAmBD;;;;;GAKG;AACH,yCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,wCAHW,MAAM,YAchB;AAED;;;;;GAKG;AACH,wCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,yCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM,YAQhB;AAED;;;;;;;GAOG;AACH,qDALW,MAAM;;;;;;;;;;IAgJhB;AA0CD;;;;;;;GAOG;AACH,8FAHW,MAAM,WACN,MAAM,UAqFhB;AAED;;;;GAIG;AACH,8CAHW,MAAM,WACN,MAAM;;;;;;;;EAuBhB;AAED;;;GAGG;AACH,iDAFW,MAAM;;;;;;;;;;;;;;;;;;;;;IAwDhB;AAED;;;;;;;GAOG;AACH,iDALW,MAAM,YACN,MAAM,YACN,OAAO,oBACP,OAAO,eA6DjB;AAED,wIA+BC;AAED;;;;;;;GAOG;AACH,sCALW,MAAM,eACN,MAAM,eA6JhB;AAED;;;;;;;;;;;;;;;;;;;;;;IA6DC;AAED;;;;;;GAMG;AACH,kDA8BC;AAED,uDAeC;AAED,2DAeC;AAED,2CAIC;AAED;;;;;;GAMG;AACH,uDAJW,MAAM,MAgBhB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,QACN,MAAM,GACJ,OAAO,QAAQ,CAU3B;AAED;;;;;;GAMG;AACH,yDAHW,MAAM,GACJ,OAAO,KAAQ,CAkB3B;AAED;;;;;;;;GAQG;AACH,2CANW,MAAM,WACN,MAAM,iBACN,MAAM,kBAmUhB;AAED;;;;;;;GAOG;AACH,iDAFW,MAAM,OAehB;AAED;;;;;;;;;;;GAWG;AACH,uCAHW,MAAM,UACN,MAAM,UAYhB;AAED;;;;;;GAMG;AACH,2CAHW,MAAM,uBACN,MAAM,WAgBhB;AAED;;;;GAIG;AACH,4CAFW,MAAM,UAIhB;AAED;;;;;;;;GAQG;AACH,sCANW,MAAM,eACN,MAAM,oBACN,MAAM,gBAgChB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,kBA2EhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM,GAAC,IAAI,UAiCrB;AAED;;;;;;;;GAQG;AACH,6DANW,MAAM,EAAE,qBACR,MAAM,EAAE,6BACR,MAAM,EAAE,GAEN,MAAM,EAAE,CAkBpB;AAED;;;;;;GAMG;AAEH,uDALW,MAAM,iBACN,MAAM,EAAE,GACN,GAAG,CAsCf;AAED;;;;;;GAMG;AACH,uFAuHC;AAED;;;;;;GAMG;AACH,wGA6BC;AAED;;;;;;GAMG;AACH,4EAHW,OAAO,OAajB;AAED;;;;;;;GAOG;AACH,8CALW,QAAQ,mCA6ClB;AAED;;;;;;;GAOG;AACH,0FAgFC;AAsRD;;;;;;GAMG;AACH,iDAJW,MAAM,YACN,MAAM,GACJ,MAAM,CA6ClB;AAED;;;;;GAKG;AACH,yCAHW,MAAM,YACN,MAAM,UAsEhB;AAED;;GAEG;AACH,sCAmBC;AAED,0DAiGC;AAED;;;;;;;;GAQG;AACH,oCANW,MAAM,YACN,MAAM,gBACN,MAAM,eACN,MAAM,OA6ChB;AA2FD;;;;;GAKG;AACH,uCAHW,MAAM,sBAuDhB;AAED;;;;;;;;;GASG;AACH,2CAPW,MAAM,kBACN,MAAM,eACN,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA4chB;AAED;;;;;;;;;;;GAWG;AACH,gDAPW,MAAM,+BAEN,MAAM;;;;;;;;;;;;;;;;EA+KhB;AAGD;;;;;EAmBC;AAED;;;;;;;GAOG;AACH,kEAJW,MAAM,cACN,MAAM,iCA2IhB;AAED,qDASC;AAED;;;;;;;EA2GC;AAED;;;EAgQC;AAED,sEA6BC;AAED;;;;;;;GAOG;AACH,mCALW,MAAM,WACN,MAAM;;;;;;;EAuQhB;AAED;;;;;;GAMG;AACH,2CAHW,MAAM,OAKhB;AAED,qDA0CC;AAgID;;;;;GAKG;AACH;;;GA2HC;AAED,yEAiIC;AAED;;;;;;GAMG;AACH,mDAkBC;AAED;;;;;;;;;;GAUG;AACH,0DAkBC;AAED;;;;;;GAMG;AACH,sFAsBC;AAED;;;;;;;GAOG;AACH,2EAgCC;AAED;;;;;GAKG;AACH,oDAsCC;AAED;;;;;;GAMG;AACH,sEA0BC;AAED;;;;;;;;;GASG;AACH,+GA+CC;AAl3dD,gCAEc;AAEd,+BAEsD;AAEtD,4BAA4C;AAC5C,4BAA6C;AAC7C,2BAAmE;AA2DnE,iCAEE;AA2BF,iCAGyC;AAGzC,gCACmE;AAGnE,gCACsE;AAGtE,8BAA+B;AAe/B,4CAEmE;AAGnE,6CAEE;AAgBF,oCAAkD;AAGlD,uCAEuD;AAYvD,8BAAyC;AAgBzC,gCAA6C;AAY7C,8BAAiC;AAIjC,4BAA6B;AAI7B,2BAA2B;AAI3B,4BAA6B;AAI7B,2BAA2B;AAI3B,6BAA+B;AAI/B,0BAAyB;AAIzB,6BAA+B;AAM/B,2BAA2B;AAK3B,4BAA6B;AAK7B,mCAAoC;AAOpC,gDAC2D;AAE3D,2BAAuD;AAGvD,kDAWE;AAGF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+IE;;;;AA6JF,8BAQG;AAi3LH,8CAUE"} \ No newline at end of file +{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/utils.js"],"names":[],"mappings":"AA8EA;;;;;GAKG;AACH,0DAUC;AAED;;;;;;GAMG;AACH,yDAHmB,OAAO,UAazB;AAoFD,8CAKC;AAED,0CAIC;AAsBD,yCAYC;AAID,2CAQC;AA+ND;;;;;;;GAOG;AACH,4EAiBC;AAED;;;;;;GAMG;AACH,mGA2EC;AAED;;;;;;;;GAQG;AACH,yGAeC;AAyBD;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,2BA8BhB;AAED;;;;;;GAMG;AACH,+CAJW,MAAM,WACN,MAAM,+BA0BhB;AAYD;;;;GAIG;AACH,gCAFa,MAAM,CAIlB;AAED,iCAQC;AAED;;;;;;IAMI;AACJ,iDAJW,MAAM,GACJ,OAAO,CAWnB;AAED;;;;;;;;;GASG;AACH,iEA2BC;AAED;;;;;GAKG;AACH,6CAqDC;AAED;;;;;;GAMG;AACH,sEA0DC;AAED;;;;GAIG;AACH,4EAoCC;AAED;;;GAGG;AACH;;EAUC;AAED,sEA0BC;AAED;;;;GAIG;AACH,+DA4CC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,WACN,OAAO,kBA+EjB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM;;;GAygBhB;AAED;;;;;;;GAOG;AACH,6CAFW,MAAM,MA2DhB;AAgCD;;;;GAIG;AACH,4CAFW,MAAM;;;GA4OhB;AAED;;;;GAIG;AACH,4CAFW,MAAM,kBAiEhB;AAoHD;;;;;GAKG;AACH,kDAHW,MAAM,GACJ,MAAM,CAgBlB;AAED;;;;;;;;;;GAUG;AACH,wCARW,MAAM;;;;;;;;;;;;;;;;;;GAuvBhB;AAED;;;;GAIG;AACH,8CAFW,MAAM,kBA+ChB;AAED;;;;GAIG;AACH,sCAFW,MAAM,kBAgFhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,OAqIhB;AAED;;;;;;GAMG;AACH,0CALW,MAAM,WACN,MAAM,OA+JhB;AAED;;;;;;GAMG;AACH,0CALW,MAAM,oBACN,MAAM,kBACN,GAAG,mBACH,MAAM;;;;;;;;;GA6OhB;AAED;;;GAGG;AACH,uCAFW,MAAM,SAoChB;AAED;;;GAGG;AACH,wCAFW,MAAM,OAahB;AAED,yEAwBC;AAED;;;;GAIG;AACH,+CAFW,MAAM;;;EAwDhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBACN,MAAM;;;;;;;;EAmDhB;AAED;;;;;;;GAOG;AACH,qDALW,MAAM,0BAGJ,MAAM,CAuElB;AAED;;;GAGG;AACH,iDAFW,MAAM,SA4ChB;AAED;;;GAGG;AACH,8CAFW,MAAM,SAsDhB;AAED;;;GAGG;AACH,2CAFW,MAAM,SAiBhB;AAED;;GAEG;AACH,kDAoCC;AAED;;;;GAIG;AACH,oCAFW,MAAM,OAchB;AAED;;;;GAIG;AACH,wCAFW,MAAM,OAYhB;AAED;;;;;;;;GAQG;AACH,2FA0GC;AAED;;;;;;;;;GASG;AACH,sFAGC;AAED;;;;;;;;;GASG;AACH,gFAFY,MAAO,SAAS,CA6B3B;AAED;;;;;;;;;GASG;AACH,0EAFY,OAAO,QAAQ,CAU1B;AAED;;;;GAIG;AACH,4DAFW,WAAY,SAYtB;AAED;;;;;;;;;GASG;AACH,+FAFY,OAAO,QAAQ,CAc1B;AAED;;;;GAIG;AACH;;;EAqBC;AAED;;;;;GAKG;AACH,iFAFW,GAAC,OA0BX;AAED;;;;;GAKG;AACH,sFAsNC;AAED;;;;GAIG;AACH,qDAmBC;AAED;;;;GAIG;AACH,gEAeC;AAED;;;;;GAKG;AACH,iDAHW,MAAM,OAoLhB;AAED;;;;;;GAMG;AACH,yDAHW,MAAM,iBACN,MAAM;;;;;;;;;;;;;;;;;;;;GA4bhB;AAED;;;;;GAKG;AACH,mFAgKC;AAED;;;;;;;GAOG;AACH,kCALW,MAAM;;;;;;;;GA4EhB;AAED;;;;GAIG;AACH,mEAqBC;AAeD;;;;;GAKG;AACH;;;;;;;;;EAkLC;AAED;;;;GAIG;AACH;;;;;;EAcC;AAED;;;;GAIG;AACH,+DAFY,SAAO,SAAS,CAc3B;AAED;;;;GAIG;AACH,uDAoBC;AAED;;;;GAIG;AACH,oDAFY,QAAQ,CAQnB;AAED;;;;;GAKG;AACH,oEAFY,SAAO,SAAS,CAc3B;AAED;;;;;;GAMG;AACH,oEAFY,OAAO,QAAQ,CA8D1B;AAED;;;;GAIG;AACH,iEA2CC;AA+BD;;;;;;;;GAkCC;AAyBD;;;;;;;GAOG;AACH,sEA4FC;AAED;;;;;;GAMG;AACH,0CAJW,MAAM;;;;;;;;;;;GA2DhB;AA4BD;;;;;;;;;;GAUG;AACH,2CARW,MAAM,aACN,MAAM;;;;;;;;GAkMhB;AAED;;;;GAIG;AACH,yCAHW,MAAM,OAehB;AAED;;;;GAIG;AACH,0CAHW,MAAM,kBAsBhB;AAED,+DA+CC;AAED,uEAwBC;AA6BD;;;;GAIG;AACH,oEAmGC;AAMD;;;;GAIG;AACH,sDAsBC;AAED;;;;;;;;;;GAUG;AACH,uIAFa,KAAK,CAAC,MAAM,CAAC,CA0IzB;AAED;;;;;GAKG;AACH,8CAHW,MAAM,eACN,MAAM,kBAwKhB;AAED;;;;;GAKG;AACH,kDAHW,MAAM,YACN,MAAM;;;;;;;GAoQhB;AAED;;;;GAIG;AACH,kEAqEC;AAED;;;;GAIG;AACH,gEA+CC;AAyFD;;;;;;;;;;;;;;;;;GAiBG;AACH,mEALW,OAAO,4BAuIjB;AAED;;;;;;;;GAQG;AACH,+DALW,OAAO,4BA4GjB;AAED,oEAyDC;AAED,wEA0BC;AAED;;;;;;;GAOG;AACH,uEAgEC;AAED,0DAwBC;AAED,wDA+DC;AAED,0FAkEC;AAmBD;;IAiEC;AAED;;IA2DC;AAED,2DAiEC;AAED,yDAaC;AAaD,gDA+EC;AAED,yDAkDC;AAED,sDA0BC;AAED,sDAyBC;AAED,6DAwCC;AAED,yDAmCC;AAyCD,qFA2HC;AAED,8DA0BC;AAED,sDAiCC;AAED,yDAgCC;AAED,qDAkDC;AAED;;;;;GAKG;AACH,mDASC;AAED;;;;;;GAMG;AACH,4EAyJC;AAED,kEAoDC;AAED;;;;;;;;GAQG;AACH,kGAiVC;AAED;;;EA8OC;AAED;;;;EAsHC;AAED;;;EA+GC;AAED;;;;;;GAMG;AACH,oDAJW,MAAM,OAsChB;AAED;;;;;GAKG;AACH,+CAHW,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAsJhB;AAED;;;;;;EA+HC;AAED;;;;GAIG;AACH,0CAFW,MAAM;;;;;;;;;;;;;;;;;;;;;IAqDhB;AAmBD;;;;;GAKG;AACH,yCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,wCAHW,MAAM,YAchB;AAED;;;;;GAKG;AACH,wCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,yCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM,YAQhB;AAED;;;;;;;GAOG;AACH,qDALW,MAAM;;;;;;;;;;IAgJhB;AA0CD;;;;;;;GAOG;AACH,8FAHW,MAAM,WACN,MAAM,UAqFhB;AAED;;;;GAIG;AACH,8CAHW,MAAM,WACN,MAAM;;;;;;;;EAuBhB;AAED;;;GAGG;AACH,iDAFW,MAAM;;;;;;;;;;;;;;;;;;;;;IAwDhB;AAED;;;;;;;GAOG;AACH,iDALW,MAAM,YACN,MAAM,YACN,OAAO,oBACP,OAAO,eA6DjB;AAED,wIA+BC;AAED;;;;;;;GAOG;AACH,sCALW,MAAM,eACN,MAAM,eA6JhB;AAED;;;;;;;;;;;;;;;;;;;;;;IA6DC;AAED;;;;;;GAMG;AACH,kDA8BC;AAED,uDAeC;AAED,2DAeC;AAED,2CAIC;AAED;;;;;;GAMG;AACH,uDAJW,MAAM,MAgBhB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,QACN,MAAM,GACJ,OAAO,QAAQ,CAU3B;AAED;;;;;;GAMG;AACH,yDAHW,MAAM,GACJ,OAAO,KAAQ,CAkB3B;AAED;;;;;;;;GAQG;AACH,2CANW,MAAM,WACN,MAAM,iBACN,MAAM,kBAmUhB;AAED;;;;;;;GAOG;AACH,iDAFW,MAAM,OAehB;AAED;;;;;;;;;;;GAWG;AACH,uCAHW,MAAM,UACN,MAAM,UAYhB;AAED;;;;;;GAMG;AACH,2CAHW,MAAM,uBACN,MAAM,WAgBhB;AAED;;;;GAIG;AACH,4CAFW,MAAM,UAIhB;AAED;;;;;;;;GAQG;AACH,sCANW,MAAM,eACN,MAAM,oBACN,MAAM,gBAgChB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,kBA2EhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM,GAAC,IAAI,UAiCrB;AAED;;;;;;;;GAQG;AACH,6DANW,MAAM,EAAE,qBACR,MAAM,EAAE,6BACR,MAAM,EAAE,GAEN,MAAM,EAAE,CAkBpB;AAED;;;;;;GAMG;AAEH,uDALW,MAAM,iBACN,MAAM,EAAE,GACN,GAAG,CAsCf;AAED;;;;;;GAMG;AACH,uFAuHC;AAED;;;;;;GAMG;AACH,wGA6BC;AAED;;;;;;GAMG;AACH,4EAHW,OAAO,OAajB;AAED;;;;;;;GAOG;AACH,8CALW,QAAQ,mCA6ClB;AAED;;;;;;;GAOG;AACH,0FAgFC;AAsRD;;;;;;GAMG;AACH,iDAJW,MAAM,YACN,MAAM,GACJ,MAAM,CA6ClB;AAED;;;;;GAKG;AACH,yCAHW,MAAM,YACN,MAAM,UAsEhB;AAED;;GAEG;AACH,sCAmBC;AAED,0EAkGC;AAED;;;;;;;;GAQG;AACH,oCANW,MAAM,YACN,MAAM,gBACN,MAAM,eACN,MAAM,OA6ChB;AA2FD;;;;;GAKG;AACH,uCAHW,MAAM,sBAuDhB;AAED;;;;;;;;;GASG;AACH,2CAPW,MAAM,kBACN,MAAM,eACN,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA4chB;AAED;;;;;;;;;;;GAWG;AACH,gDAPW,MAAM,+BAEN,MAAM;;;;;;;;;;;;;;;;EA+KhB;AAGD;;;;;EAmBC;AAED;;;;;;;GAOG;AACH,kEAJW,MAAM,cACN,MAAM,iCA2IhB;AAED,qDASC;AAED;;;;;;;EA2GC;AAED;;;EAgQC;AAED,sEA6BC;AAED;;;;;;;GAOG;AACH,mCALW,MAAM,WACN,MAAM;;;;;;;EAuQhB;AAED;;;;;;GAMG;AACH,2CAHW,MAAM,OAKhB;AAED,qDA0CC;AAgID;;;;;GAKG;AACH;;;GA2HC;AAED,yEAiIC;AAED;;;;;;GAMG;AACH,mDAkBC;AAED;;;;;;;;;;GAUG;AACH,0DAkBC;AAED;;;;;;GAMG;AACH,sFAsBC;AAED;;;;;;;GAOG;AACH,2EAgCC;AAED;;;;;GAKG;AACH,oDAsCC;AAED;;;;;;GAMG;AACH,sEA0BC;AAED;;;;;;;;;GASG;AACH,+GA+CC;AAn3dD,gCAEc;AAEd,+BAEsD;AAEtD,4BAA4C;AAC5C,4BAA6C;AAC7C,2BAAmE;AA2DnE,iCAEE;AA2BF,iCAGyC;AAGzC,gCACmE;AAGnE,gCACsE;AAGtE,8BAA+B;AAe/B,4CAEmE;AAGnE,6CAEE;AAgBF,oCAAkD;AAGlD,uCAEuD;AAYvD,8BAAyC;AAgBzC,gCAA6C;AAY7C,8BAAiC;AAIjC,4BAA6B;AAI7B,2BAA2B;AAI3B,4BAA6B;AAI7B,2BAA2B;AAI3B,6BAA+B;AAI/B,0BAAyB;AAIzB,6BAA+B;AAM/B,2BAA2B;AAK3B,4BAA6B;AAK7B,mCAAoC;AAOpC,gDAC2D;AAE3D,2BAAuD;AAGvD,kDAWE;AAGF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+IE;;;;AA6JF,8BAQG;AAi3LH,8CAUE"} \ No newline at end of file From eb75ca4114a419f9321a44420d04ffbc65d40bb8 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Sun, 30 Mar 2025 23:31:32 +0100 Subject: [PATCH 02/17] Accept openapi spec file via arguments. Signed-off-by: Prabhu Subramanian --- bin/cdxgen.js | 9 ++++++++- bin/evinse.js | 5 ++++- lib/evinser/evinser.js | 17 +++++++++-------- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/bin/cdxgen.js b/bin/cdxgen.js index 914c91fac6..84cef37d86 100755 --- a/bin/cdxgen.js +++ b/bin/cdxgen.js @@ -218,6 +218,11 @@ const args = yargs(hideBin(process.argv)) default: "semantics.slices.json", hidden: true, }) + .option("openapi-spec-file", { + description: "Use an existing openapi specification file (SaaSBOM).", + default: "openapi.json", + hidden: true, + }) .option("spec-version", { description: "CycloneDX Specification version to use. Defaults to 1.6", default: 1.6, @@ -711,8 +716,9 @@ const checkPermissions = (filePath, options) => { "deps-slices-file", "usages-slices-file", "reachables-slices-file", + "openapi-spec-file", ]; - if (options?.type?.includes("swift")) { + if (options?.type?.includes("swift") || options?.type?.includes("scala")) { slicesFilesKeys.push("semantics-slices-file"); } for (const sf of slicesFilesKeys) { @@ -993,6 +999,7 @@ const checkPermissions = (filePath, options) => { dataFlowSlicesFile: options.dataFlowSlicesFile, reachablesSlicesFile: options.reachablesSlicesFile, semanticsSlicesFile: options.semanticsSlicesFile, + openapiSpecFile: options.openapiSpecFile, includeCrypto: options.includeCrypto, specVersion: options.specVersion, profile: options.profile, diff --git a/bin/evinse.js b/bin/evinse.js index 32d508408c..f1e6a10a28 100755 --- a/bin/evinse.js +++ b/bin/evinse.js @@ -128,7 +128,10 @@ const args = yargs(hideBin(process.argv)) .option("semantics-slices-file", { description: "Use an existing semantics slices file.", default: "semantics.slices.json", - hidden: true, + }) + .option("openapi-spec-file", { + description: "Use an existing openapi specification file (SaaSBOM).", + default: "openapi.json", }) .option("print", { alias: "p", diff --git a/lib/evinser/evinser.js b/lib/evinser/evinser.js index 734d61f773..c031c3734c 100644 --- a/lib/evinser/evinser.js +++ b/lib/evinser/evinser.js @@ -251,7 +251,8 @@ export async function createSlice( : path.dirname(options.output); } const slicesFile = join(sliceOutputDir, `${sliceType}.slices.json`); - const openapiFile = + const openapiSpecFile = + options.openapiSpecFile || process.env?.ATOM_TOOLS_OPENAPI_FILENAME || join(getTmpDir(), "openapi.json"); if (sliceType === "semantics") { @@ -276,9 +277,8 @@ export async function createSlice( } if (sliceType === "usages") { // Generate OpenAPI specification for endpoints. Needs atom-tools pypi package to be installed. - if (process.env?.CDXGEN_IN_CONTAINER === "true") { - args.push("--extract-endpoints"); - } else if (DEBUG_MODE) { + args.push("--extract-endpoints"); + if (process.env?.CDXGEN_IN_CONTAINER !== "true") { console.log( "Use an official cdxgen container image to improve the precision of endpoints detection (for SaaSBOM).", ); @@ -304,11 +304,12 @@ export async function createSlice( args.push(resolve(filePath)); // Execute atom const result = executeAtom(filePath, args, { - ATOM_TOOLS_OPENAPI_FILENAME: openapiFile, + ATOM_TOOLS_OPENAPI_FILENAME: openapiSpecFile, ATOM_TOOLS_OPENAPI_FORMAT: process.env?.ATOM_TOOLS_OPENAPI_FORMAT || "openapi3.1.0", ATOM_TOOLS_WORK_DIR: process.env?.ATOM_TOOLS_WORK_DIR || join(getTmpDir(), "atom-tools-"), + OPENAPI_SERVER_URL: process.env?.OPENAPI_SERVER_URL, }); if (!result || !safeExistsSync(slicesFile)) { console.warn( @@ -332,16 +333,16 @@ export async function createSlice( ); } } - } else if (sliceType === "usages" && !safeExistsSync(openapiFile)) { + } else if (sliceType === "usages" && !safeExistsSync(openapiSpecFile)) { console.log( - `openapi spec file "${openapiFile}" was not generated successfully. Check if atom-tools pypi package is installed and available in PATH.`, + `openapi spec file "${openapiSpecFile}" was not generated successfully. Check if atom-tools pypi package is installed and available in PATH.`, ); } return { tempDir: sliceOutputDir, slicesFile, atomFile, - openapiFile, + openapiSpecFile, }; } From 8d7e6f2764f8930a0be64b869775b29623cf3e57 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Mon, 31 Mar 2025 00:03:59 +0100 Subject: [PATCH 03/17] Fix setuptools version. Java tool options. Signed-off-by: Prabhu Subramanian --- .github/workflows/snapshot-tests.yml | 2 +- ci/Dockerfile | 4 ++-- ci/Dockerfile-bun | 2 +- ci/Dockerfile-deno | 4 ++-- ci/Dockerfile-secure | 2 +- ci/base-images/opensuse/Dockerfile.python310 | 2 +- ci/base-images/sle/Dockerfile.python311 | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/snapshot-tests.yml b/.github/workflows/snapshot-tests.yml index e0f35728a2..482cac1e6f 100644 --- a/.github/workflows/snapshot-tests.yml +++ b/.github/workflows/snapshot-tests.yml @@ -38,7 +38,7 @@ jobs: sudo npm install -g "$cdxgen_tarball" git clone https://github.com/appthreat/cdxgen-samples.git original_snapshots python3.12 -m venv .venv - source .venv/bin/activate && pip install setuptools wheel + source .venv/bin/activate && pip install setuptools==77.0.3 wheel source .venv/bin/activate && pip install -r test/diff/requirements.txt - name: Generate scripts diff --git a/ci/Dockerfile b/ci/Dockerfile index e9c8ebe24b..cd4507336d 100644 --- a/ci/Dockerfile +++ b/ci/Dockerfile @@ -45,7 +45,7 @@ ENV GOPATH=/opt/app-root/go \ PYTHONIOENCODING="utf-8" \ COMPOSER_ALLOW_SUPERUSER=1 \ ANDROID_HOME=/opt/android-sdk-linux \ - JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" \ + JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8 --enable-native-access=ALL-UNNAMED" \ SWIFT_SIGNING_KEY=$SWIFT_SIGNING_KEY \ SWIFT_PLATFORM=$SWIFT_PLATFORM \ SWIFT_BRANCH=$SWIFT_BRANCH \ @@ -94,7 +94,7 @@ RUN set -e; \ && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 10 \ && alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 10 \ && /usr/bin/python${PYTHON_VERSION} --version \ - && /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade setuptools wheel pip virtualenv \ + && /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade setuptools==77.0.3 wheel pip virtualenv \ && /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pipenv poetry blint atom-tools uv --target /opt/pypi \ && /opt/pypi/bin/poetry --version \ && /opt/pypi/bin/pipenv --version \ diff --git a/ci/Dockerfile-bun b/ci/Dockerfile-bun index d751227961..ad77bec51c 100644 --- a/ci/Dockerfile-bun +++ b/ci/Dockerfile-bun @@ -40,7 +40,7 @@ ENV GOPATH=/opt/app-root/go \ PYTHONIOENCODING="utf-8" \ COMPOSER_ALLOW_SUPERUSER=1 \ ANDROID_HOME=/opt/android-sdk-linux \ - JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" \ + JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8 --enable-native-access=ALL-UNNAMED" \ SWIFT_SIGNING_KEY=$SWIFT_SIGNING_KEY \ SWIFT_PLATFORM=$SWIFT_PLATFORM \ SWIFT_BRANCH=$SWIFT_BRANCH \ diff --git a/ci/Dockerfile-deno b/ci/Dockerfile-deno index 335fc7ded5..185892999a 100644 --- a/ci/Dockerfile-deno +++ b/ci/Dockerfile-deno @@ -44,7 +44,7 @@ ENV GOPATH=/opt/app-root/go \ PYTHONIOENCODING="utf-8" \ COMPOSER_ALLOW_SUPERUSER=1 \ ANDROID_HOME=/opt/android-sdk-linux \ - JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8" \ + JAVA_TOOL_OPTIONS="-Dfile.encoding=UTF-8 --enable-native-access=ALL-UNNAMED" \ GLOBAL_NODE_MODULES_PATH=/root/.cache/deno/npm/registry.npmjs.org \ CDXGEN_PLUGINS_DIR=/root/.cache/deno/npm/registry.npmjs.org/@cyclonedx/cdxgen-plugins-bin/1.6.4/plugins \ SWIFT_SIGNING_KEY=$SWIFT_SIGNING_KEY \ @@ -89,7 +89,7 @@ RUN set -e; \ && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 10 \ && alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 10 \ && python${PYTHON_VERSION} --version \ - && python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade setuptools wheel pip virtualenv \ + && python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade setuptools==77.0.3 wheel pip virtualenv \ && python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pipenv poetry blint atom-tools uv --target /opt/pypi \ && curl -fsSL https://deno.land/x/install/install.sh | sh \ && deno install -g --allow-read --allow-env --allow-run --allow-sys=uid,systemMemoryInfo,gid,homedir --allow-write --allow-net -n cdxgen --node-modules-dir=auto "npm:@cyclonedx/cdxgen/cdxgen" \ diff --git a/ci/Dockerfile-secure b/ci/Dockerfile-secure index 3a36f361b3..0058c554fd 100644 --- a/ci/Dockerfile-secure +++ b/ci/Dockerfile-secure @@ -100,7 +100,7 @@ RUN set -e; \ && alternatives --install /usr/bin/python3 python /usr/bin/python${PYTHON_VERSION} 10 \ && alternatives --install /usr/bin/python3 python3 /usr/bin/python${PYTHON_VERSION} 10 \ && /usr/bin/python${PYTHON_VERSION} --version \ - && /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade setuptools wheel pip virtualenv \ + && /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade setuptools==77.0.3 wheel pip virtualenv \ && /usr/bin/python${PYTHON_VERSION} -m pip install --no-cache-dir --upgrade pipenv poetry blint atom-tools uv --target /opt/pypi \ && /opt/pypi/bin/poetry --version \ && /opt/pypi/bin/pipenv --version \ diff --git a/ci/base-images/opensuse/Dockerfile.python310 b/ci/base-images/opensuse/Dockerfile.python310 index de907d5ca5..c44fa75809 100644 --- a/ci/base-images/opensuse/Dockerfile.python310 +++ b/ci/base-images/opensuse/Dockerfile.python310 @@ -34,7 +34,7 @@ RUN set -e; \ && update-alternatives --install /usr/bin/python python /usr/bin/python3.10 10 \ && update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3.10 10 \ && mkdir /opt/pypi \ - && python -m pip install --no-cache-dir --upgrade setuptools pip virtualenv \ + && python -m pip install --no-cache-dir --upgrade setuptools==77.0.3 pip virtualenv \ && python -m pip install --no-cache-dir --upgrade poetry pipenv uv --target /opt/pypi \ && curl -LO "https://dl.google.com/go/go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz" \ && tar -C /usr/local -xzf go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz \ diff --git a/ci/base-images/sle/Dockerfile.python311 b/ci/base-images/sle/Dockerfile.python311 index 6238428eac..1af36b4e6d 100644 --- a/ci/base-images/sle/Dockerfile.python311 +++ b/ci/base-images/sle/Dockerfile.python311 @@ -48,7 +48,7 @@ RUN set -e; \ && tar -C /usr/local -xzf go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz \ && rm go${GO_VERSION}.linux-${GOBIN_VERSION}.tar.gz \ && go telemetry off \ - && python3 -m pip install --no-cache-dir --upgrade setuptools pip virtualenv \ + && python3 -m pip install --no-cache-dir --upgrade setuptools==77.0.3 pip virtualenv \ && python3 -m pip install --no-cache-dir --upgrade pipenv poetry uv --target /opt/pypi \ && curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash \ && source /root/.nvm/nvm.sh \ From 9c39f645aff067d175fbed36bb4eea40d2f9c02b Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Mon, 31 Mar 2025 15:10:45 +0100 Subject: [PATCH 04/17] Collect namespaces from the local target directory. Signed-off-by: Prabhu Subramanian --- .gitignore | 4 +- bin/cdxgen.js | 7 --- lib/cli/index.js | 22 ++++++++- lib/evinser/evinser.js | 83 +++++++++++++++++++++++--------- lib/helpers/utils.js | 20 ++++++-- types/lib/cli/index.d.ts.map | 2 +- types/lib/helpers/utils.d.ts | 1 + types/lib/helpers/utils.d.ts.map | 2 +- 8 files changed, 100 insertions(+), 41 deletions(-) diff --git a/.gitignore b/.gitignore index f45220d4f3..dccd90efd5 100644 --- a/.gitignore +++ b/.gitignore @@ -127,4 +127,6 @@ build/ .mise.toml # Ignore IntelliJ IDEA module file -cdxgen.iml \ No newline at end of file +cdxgen.iml + +.theia/ \ No newline at end of file diff --git a/bin/cdxgen.js b/bin/cdxgen.js index 84cef37d86..94ec26313b 100755 --- a/bin/cdxgen.js +++ b/bin/cdxgen.js @@ -218,11 +218,6 @@ const args = yargs(hideBin(process.argv)) default: "semantics.slices.json", hidden: true, }) - .option("openapi-spec-file", { - description: "Use an existing openapi specification file (SaaSBOM).", - default: "openapi.json", - hidden: true, - }) .option("spec-version", { description: "CycloneDX Specification version to use. Defaults to 1.6", default: 1.6, @@ -716,7 +711,6 @@ const checkPermissions = (filePath, options) => { "deps-slices-file", "usages-slices-file", "reachables-slices-file", - "openapi-spec-file", ]; if (options?.type?.includes("swift") || options?.type?.includes("scala")) { slicesFilesKeys.push("semantics-slices-file"); @@ -999,7 +993,6 @@ const checkPermissions = (filePath, options) => { dataFlowSlicesFile: options.dataFlowSlicesFile, reachablesSlicesFile: options.reachablesSlicesFile, semanticsSlicesFile: options.semanticsSlicesFile, - openapiSpecFile: options.openapiSpecFile, includeCrypto: options.includeCrypto, specVersion: options.specVersion, profile: options.profile, diff --git a/lib/cli/index.js b/lib/cli/index.js index 637a7f559e..d332ee35f9 100644 --- a/lib/cli/index.js +++ b/lib/cli/index.js @@ -2421,11 +2421,11 @@ export async function createJavaBom(path, options) { // write to the existing plugins file if (useSlashSyntax) { sbtArgs = [ - `'set ThisBuild / asciiGraphWidth := 400' "dependencyTree / toFile ${dlFile} --force"`, + `'set ThisBuild / asciiGraphWidth := 800' "dependencyTree / toFile ${dlFile} --force"`, ]; } else { sbtArgs = [ - `'set asciiGraphWidth in ThisBuild := 400' "dependencyTree::toFile ${dlFile} --force"`, + `'set asciiGraphWidth in ThisBuild := 800' "dependencyTree::toFile ${dlFile} --force"`, ]; } pluginFile = addPlugin(basePath, sbtPluginDefinition); @@ -2501,6 +2501,24 @@ export async function createJavaBom(path, options) { if (tmpjarNSMapping && Object.keys(tmpjarNSMapping).length) { jarNSMapping = { ...jarNSMapping, ...tmpjarNSMapping }; } + // sbt can store jars in the target directory + const jarNSData = await createJarBom(path, options); + if (jarNSData?.bomJson?.components) { + pkgList = pkgList.concat(jarNSData?.bomJson?.components); + const targetJarNSMapping = {}; + for (const p of jarNSData.bomJson.components) { + if (!p?.purl || !p?.properties?.length) { + continue; + } + const nsProp = p.properties.filter( + (prop) => prop.name === "Namespaces", + ); + if (nsProp.length) { + targetJarNSMapping[p.purl] = nsProp[0].value; + } + } + jarNSMapping = { ...jarNSMapping, ...targetJarNSMapping }; + } } } pkgList = trimComponents(pkgList); diff --git a/lib/evinser/evinser.js b/lib/evinser/evinser.js index c031c3734c..4bd4901c03 100644 --- a/lib/evinser/evinser.js +++ b/lib/evinser/evinser.js @@ -1,5 +1,5 @@ import fs from "node:fs"; -import path, { join, resolve } from "node:path"; +import path, { basename, join, resolve } from "node:path"; import process from "node:process"; import { PackageURL } from "packageurl-js"; import { Op } from "sequelize"; @@ -251,10 +251,13 @@ export async function createSlice( : path.dirname(options.output); } const slicesFile = join(sliceOutputDir, `${sliceType}.slices.json`); - const openapiSpecFile = + const openapiSpecFile = basename( options.openapiSpecFile || - process.env?.ATOM_TOOLS_OPENAPI_FILENAME || - join(getTmpDir(), "openapi.json"); + process.env?.ATOM_TOOLS_OPENAPI_FILENAME || + "openapi.json", + ); + // For some languages such as scala, semantics slices file would get created during usages slicing. + let semanticsSlicesFile; if (sliceType === "semantics") { const slicesData = createSemanticsSlices(resolve(filePath), options); // Write the semantics slices data @@ -286,6 +289,12 @@ export async function createSlice( if (["ruby", "scala"].includes(language)) { args.push("--remove-atom"); } + if (["scala"].includes(language)) { + semanticsSlicesFile = join( + sliceOutputDir, + basename(options.semanticsSlicesFile || "semantics.slices.json"), + ); + } } args = args.concat([ "-l", @@ -304,11 +313,10 @@ export async function createSlice( args.push(resolve(filePath)); // Execute atom const result = executeAtom(filePath, args, { - ATOM_TOOLS_OPENAPI_FILENAME: openapiSpecFile, + ATOM_TOOLS_OPENAPI_FILENAME: openapiSpecFile, // The file would get over-written ATOM_TOOLS_OPENAPI_FORMAT: - process.env?.ATOM_TOOLS_OPENAPI_FORMAT || "openapi3.1.0", - ATOM_TOOLS_WORK_DIR: - process.env?.ATOM_TOOLS_WORK_DIR || join(getTmpDir(), "atom-tools-"), + process.env?.ATOM_TOOLS_OPENAPI_FORMAT || "openapi3.1.0", // editor.swagger.io doesn't support 3.1.0 yet + ATOM_TOOLS_WORK_DIR: resolve(filePath), // This must be the directory containing semantics.slices.json OPENAPI_SERVER_URL: process.env?.OPENAPI_SERVER_URL, }); if (!result || !safeExistsSync(slicesFile)) { @@ -333,16 +341,30 @@ export async function createSlice( ); } } - } else if (sliceType === "usages" && !safeExistsSync(openapiSpecFile)) { + } else if ( + DEBUG_MODE && + sliceType === "usages" && + !safeExistsSync(join(filePath, openapiSpecFile)) + ) { console.log( - `openapi spec file "${openapiSpecFile}" was not generated successfully. Check if atom-tools pypi package is installed and available in PATH.`, + `openapi spec file "${join(filePath, openapiSpecFile)}" was not generated successfully. Check if atom-tools pypi package is installed and available in PATH.`, + ); + } + if ( + ["scala"].includes(language) && + sliceType === "usages" && + !safeExistsSync(semanticsSlicesFile) + ) { + console.log( + `Semantics slices file "${semanticsSlicesFile}" was not generated successfully. Try running atom cli in Java mode.`, ); } return { tempDir: sliceOutputDir, slicesFile, atomFile, - openapiSpecFile, + openapiSpecFile: resolve(join(filePath, openapiSpecFile)), + semanticsSlicesFile, }; } @@ -483,10 +505,23 @@ export async function analyzeProject(dbObjMap, options) { usageSlice = JSON.parse(fs.readFileSync(retMap.slicesFile, "utf-8")); usagesSlicesFile = retMap.slicesFile; } + if (retMap.semanticsSlicesFile) { + options.semanticsSlicesFile = retMap.semanticsSlicesFile; + semanticsSlicesFile = retMap.semanticsSlicesFile; + if (DEBUG_MODE) { + console.log( + `Reusing the generated semantics slices file "${semanticsSlicesFile}".`, + ); + } + } } // Support for semantics slicing - if (PROJECT_TYPE_ALIASES.swift.includes(language) && components.length) { - // Reuse existing semantics slices + if ( + (PROJECT_TYPE_ALIASES.swift.includes(language) || + PROJECT_TYPE_ALIASES.scala.includes(language)) && + components.length + ) { + // Reuse existing semantics slices for swift and scala if ( options.semanticsSlicesFile && safeExistsSync(options.semanticsSlicesFile) @@ -495,8 +530,8 @@ export async function analyzeProject(dbObjMap, options) { fs.readFileSync(options.semanticsSlicesFile, "utf-8"), ); semanticsSlicesFile = options.semanticsSlicesFile; - } else { - // Generate our own slices + } else if (PROJECT_TYPE_ALIASES.swift.includes(language)) { + // Generate our own slices for swift retMap = await createSlice(language, dirPath, "semantics", options); if (retMap?.slicesFile && safeExistsSync(retMap.slicesFile)) { semanticsSlice = JSON.parse( @@ -520,14 +555,14 @@ export async function analyzeProject(dbObjMap, options) { servicesMap = retMap.servicesMap; userDefinedTypesMap = retMap.userDefinedTypesMap; } - // Parse the semantics slices + // Parse the semantics slices for swift and scala if ( semanticsSlice && Object.keys(semanticsSlice).length && components.length ) { // Identify the purl locations - const retMap = parseSemanticSlices(components, semanticsSlice); + const retMap = parseSemanticSlices(language, components, semanticsSlice); purlLocationMap = retMap.purlLocationMap; } if (options.withDataFlow) { @@ -539,7 +574,7 @@ export async function analyzeProject(dbObjMap, options) { dataFlowSlice = JSON.parse( fs.readFileSync(options.dataFlowSlicesFile, "utf-8"), ); - } else { + } else if (!PROJECT_TYPE_ALIASES.scala.includes(language)) { retMap = await createSlice(language, dirPath, "data-flow", options); if (retMap?.slicesFile && safeExistsSync(retMap.slicesFile)) { dataFlowSlicesFile = retMap.slicesFile; @@ -860,14 +895,17 @@ export async function parseSliceUsages( } /** - * Method to parse semantic slice data + * Method to parse semantic slice data. Currently supported for swift and scala languages. * + * @param {String} language Project language. * @param {Array} components Components from the input SBOM * @param {Object} semanticsSlice Semantic slice data * @returns {Object} Parsed metadata */ -export function parseSemanticSlices(components, semanticsSlice) { - const metadata = {}; +export function parseSemanticSlices(language, components, semanticsSlice) { + const componentNamePurlMap = {}; + const componentSymbolsMap = {}; + const allObfuscationsMap = {}; // We have two attributes in the semantics slice to expand a given module to its constituent symbols // - A less precise buildSymbols, which is obtained by parsing the various output-file-map.json files // - A granular and precise moduleInfos, which has the exact classes, protocols, enums etc belonging to each module @@ -878,9 +916,6 @@ export function parseSemanticSlices(components, semanticsSlice) { // We first need to map out the component names to their purls // This is because the semantics slice use the module names everywhere - const componentNamePurlMap = {}; - const componentSymbolsMap = {}; - const allObfuscationsMap = {}; for (const comp of components) { componentNamePurlMap[comp.name] = comp.purl; if (!componentSymbolsMap[comp.name]) { diff --git a/lib/helpers/utils.js b/lib/helpers/utils.js index 827190771f..9e85405ea3 100644 --- a/lib/helpers/utils.js +++ b/lib/helpers/utils.js @@ -468,6 +468,7 @@ export const PROJECT_TYPE_ALIASES = { binary: ["binary", "blint"], oci: ["docker", "oci", "container", "podman"], cocoa: ["cocoa", "cocoapods", "objective-c", "swift", "ios"], + scala: ["scala", "scala3", "sbt", "mill"], }; // Package manager aliases @@ -11017,9 +11018,6 @@ export async function collectGradleDependencies( */ export async function collectJarNS(jarPath, pomPathMap = {}) { const jarNSMapping = {}; - console.log( - `About to identify class names for all jars in the path ${jarPath}`, - ); const env = { ...process.env, }; @@ -11031,7 +11029,9 @@ export async function collectJarNS(jarPath, pomPathMap = {}) { )}`; } // Parse jar files to get class names - const jarFiles = getAllFiles(jarPath, "**/*.jar"); + const jarFiles = jarPath.endsWith(".jar") + ? [jarPath] + : getAllFiles(jarPath, "**/*.jar"); if (jarFiles?.length) { for (const jf of jarFiles) { let pomname = @@ -11165,7 +11165,9 @@ export async function collectJarNS(jarPath, pomPathMap = {}) { console.log(`Unable to determine class names for the jars in ${jarPath}`); } } else { - console.log(`${jarPath} did not contain any jars.`); + console.log( + `${jarPath} did not contain any jars. Try building the project to improve the BOM precision.`, + ); } return jarNSMapping; } @@ -11663,6 +11665,14 @@ export async function extractJarArchive(jarFile, tempDir, jarNSMapping = {}) { name: "Namespaces", value: jarNSMapping[apkg.purl].namespaces.join("\n"), }); + } else { + const tmpJarNSMapping = await collectJarNS(jf); + if (tmpJarNSMapping?.[jf]?.namespaces?.length) { + apkg.properties.push({ + name: "Namespaces", + value: tmpJarNSMapping[jf].namespaces.join("\n"), + }); + } } pkgList.push(apkg); } else { diff --git a/types/lib/cli/index.d.ts.map b/types/lib/cli/index.d.ts.map index 352358d478..5b5eff89c8 100644 --- a/types/lib/cli/index.d.ts.map +++ b/types/lib/cli/index.d.ts.map @@ -1 +1 @@ -{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AAi7BA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAuXD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAyEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAmiChB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAuvBhB;AAED;;;;;;;;;;GAUG;AACH,+DAsEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAkehB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA+YhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAuIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAkEhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BA8IhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BAmJhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAmUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAiJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAwNhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA8ZhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDA+FC;AAED;;;;;;;;;GASG;AACH,2GAuCC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BA6vBlB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAqUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBA2QhB;AAED;;;;;;;GAOG;AACH,wDAHY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAAC,CA2HjD"} \ No newline at end of file +{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../lib/cli/index.js"],"names":[],"mappings":"AAi7BA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAuXD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAyEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqjChB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAuvBhB;AAED;;;;;;;;;;GAUG;AACH,+DAsEC;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAkehB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA+YhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAuIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAkEhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BA8IhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BAmJhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBAmUhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAiJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAwNhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA8ZhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDA+FC;AAED;;;;;;;;;GASG;AACH,2GAuCC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,EAAE,8BA6vBlB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAqUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBA2QhB;AAED;;;;;;;GAOG;AACH,wDAHY,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,SAAS,CAAC,CA2HjD"} \ No newline at end of file diff --git a/types/lib/helpers/utils.d.ts b/types/lib/helpers/utils.d.ts index b314c5f01b..6419843951 100644 --- a/types/lib/helpers/utils.d.ts +++ b/types/lib/helpers/utils.d.ts @@ -1514,6 +1514,7 @@ export const PROJECT_TYPE_ALIASES: { binary: string[]; oci: string[]; cocoa: string[]; + scala: string[]; }; export namespace PACKAGE_MANAGER_ALIASES { let scala: string[]; diff --git a/types/lib/helpers/utils.d.ts.map b/types/lib/helpers/utils.d.ts.map index 2accc587c9..3564768f58 100644 --- a/types/lib/helpers/utils.d.ts.map +++ b/types/lib/helpers/utils.d.ts.map @@ -1 +1 @@ -{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/utils.js"],"names":[],"mappings":"AA8EA;;;;;GAKG;AACH,0DAUC;AAED;;;;;;GAMG;AACH,yDAHmB,OAAO,UAazB;AAoFD,8CAKC;AAED,0CAIC;AAsBD,yCAYC;AAID,2CAQC;AA+ND;;;;;;;GAOG;AACH,4EAiBC;AAED;;;;;;GAMG;AACH,mGA2EC;AAED;;;;;;;;GAQG;AACH,yGAeC;AAyBD;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,2BA8BhB;AAED;;;;;;GAMG;AACH,+CAJW,MAAM,WACN,MAAM,+BA0BhB;AAYD;;;;GAIG;AACH,gCAFa,MAAM,CAIlB;AAED,iCAQC;AAED;;;;;;IAMI;AACJ,iDAJW,MAAM,GACJ,OAAO,CAWnB;AAED;;;;;;;;;GASG;AACH,iEA2BC;AAED;;;;;GAKG;AACH,6CAqDC;AAED;;;;;;GAMG;AACH,sEA0DC;AAED;;;;GAIG;AACH,4EAoCC;AAED;;;GAGG;AACH;;EAUC;AAED,sEA0BC;AAED;;;;GAIG;AACH,+DA4CC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,WACN,OAAO,kBA+EjB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM;;;GAygBhB;AAED;;;;;;;GAOG;AACH,6CAFW,MAAM,MA2DhB;AAgCD;;;;GAIG;AACH,4CAFW,MAAM;;;GA4OhB;AAED;;;;GAIG;AACH,4CAFW,MAAM,kBAiEhB;AAoHD;;;;;GAKG;AACH,kDAHW,MAAM,GACJ,MAAM,CAgBlB;AAED;;;;;;;;;;GAUG;AACH,wCARW,MAAM;;;;;;;;;;;;;;;;;;GAuvBhB;AAED;;;;GAIG;AACH,8CAFW,MAAM,kBA+ChB;AAED;;;;GAIG;AACH,sCAFW,MAAM,kBAgFhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,OAqIhB;AAED;;;;;;GAMG;AACH,0CALW,MAAM,WACN,MAAM,OA+JhB;AAED;;;;;;GAMG;AACH,0CALW,MAAM,oBACN,MAAM,kBACN,GAAG,mBACH,MAAM;;;;;;;;;GA6OhB;AAED;;;GAGG;AACH,uCAFW,MAAM,SAoChB;AAED;;;GAGG;AACH,wCAFW,MAAM,OAahB;AAED,yEAwBC;AAED;;;;GAIG;AACH,+CAFW,MAAM;;;EAwDhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBACN,MAAM;;;;;;;;EAmDhB;AAED;;;;;;;GAOG;AACH,qDALW,MAAM,0BAGJ,MAAM,CAuElB;AAED;;;GAGG;AACH,iDAFW,MAAM,SA4ChB;AAED;;;GAGG;AACH,8CAFW,MAAM,SAsDhB;AAED;;;GAGG;AACH,2CAFW,MAAM,SAiBhB;AAED;;GAEG;AACH,kDAoCC;AAED;;;;GAIG;AACH,oCAFW,MAAM,OAchB;AAED;;;;GAIG;AACH,wCAFW,MAAM,OAYhB;AAED;;;;;;;;GAQG;AACH,2FA0GC;AAED;;;;;;;;;GASG;AACH,sFAGC;AAED;;;;;;;;;GASG;AACH,gFAFY,MAAO,SAAS,CA6B3B;AAED;;;;;;;;;GASG;AACH,0EAFY,OAAO,QAAQ,CAU1B;AAED;;;;GAIG;AACH,4DAFW,WAAY,SAYtB;AAED;;;;;;;;;GASG;AACH,+FAFY,OAAO,QAAQ,CAc1B;AAED;;;;GAIG;AACH;;;EAqBC;AAED;;;;;GAKG;AACH,iFAFW,GAAC,OA0BX;AAED;;;;;GAKG;AACH,sFAsNC;AAED;;;;GAIG;AACH,qDAmBC;AAED;;;;GAIG;AACH,gEAeC;AAED;;;;;GAKG;AACH,iDAHW,MAAM,OAoLhB;AAED;;;;;;GAMG;AACH,yDAHW,MAAM,iBACN,MAAM;;;;;;;;;;;;;;;;;;;;GA4bhB;AAED;;;;;GAKG;AACH,mFAgKC;AAED;;;;;;;GAOG;AACH,kCALW,MAAM;;;;;;;;GA4EhB;AAED;;;;GAIG;AACH,mEAqBC;AAeD;;;;;GAKG;AACH;;;;;;;;;EAkLC;AAED;;;;GAIG;AACH;;;;;;EAcC;AAED;;;;GAIG;AACH,+DAFY,SAAO,SAAS,CAc3B;AAED;;;;GAIG;AACH,uDAoBC;AAED;;;;GAIG;AACH,oDAFY,QAAQ,CAQnB;AAED;;;;;GAKG;AACH,oEAFY,SAAO,SAAS,CAc3B;AAED;;;;;;GAMG;AACH,oEAFY,OAAO,QAAQ,CA8D1B;AAED;;;;GAIG;AACH,iEA2CC;AA+BD;;;;;;;;GAkCC;AAyBD;;;;;;;GAOG;AACH,sEA4FC;AAED;;;;;;GAMG;AACH,0CAJW,MAAM;;;;;;;;;;;GA2DhB;AA4BD;;;;;;;;;;GAUG;AACH,2CARW,MAAM,aACN,MAAM;;;;;;;;GAkMhB;AAED;;;;GAIG;AACH,yCAHW,MAAM,OAehB;AAED;;;;GAIG;AACH,0CAHW,MAAM,kBAsBhB;AAED,+DA+CC;AAED,uEAwBC;AA6BD;;;;GAIG;AACH,oEAmGC;AAMD;;;;GAIG;AACH,sDAsBC;AAED;;;;;;;;;;GAUG;AACH,uIAFa,KAAK,CAAC,MAAM,CAAC,CA0IzB;AAED;;;;;GAKG;AACH,8CAHW,MAAM,eACN,MAAM,kBAwKhB;AAED;;;;;GAKG;AACH,kDAHW,MAAM,YACN,MAAM;;;;;;;GAoQhB;AAED;;;;GAIG;AACH,kEAqEC;AAED;;;;GAIG;AACH,gEA+CC;AAyFD;;;;;;;;;;;;;;;;;GAiBG;AACH,mEALW,OAAO,4BAuIjB;AAED;;;;;;;;GAQG;AACH,+DALW,OAAO,4BA4GjB;AAED,oEAyDC;AAED,wEA0BC;AAED;;;;;;;GAOG;AACH,uEAgEC;AAED,0DAwBC;AAED,wDA+DC;AAED,0FAkEC;AAmBD;;IAiEC;AAED;;IA2DC;AAED,2DAiEC;AAED,yDAaC;AAaD,gDA+EC;AAED,yDAkDC;AAED,sDA0BC;AAED,sDAyBC;AAED,6DAwCC;AAED,yDAmCC;AAyCD,qFA2HC;AAED,8DA0BC;AAED,sDAiCC;AAED,yDAgCC;AAED,qDAkDC;AAED;;;;;GAKG;AACH,mDASC;AAED;;;;;;GAMG;AACH,4EAyJC;AAED,kEAoDC;AAED;;;;;;;;GAQG;AACH,kGAiVC;AAED;;;EA8OC;AAED;;;;EAsHC;AAED;;;EA+GC;AAED;;;;;;GAMG;AACH,oDAJW,MAAM,OAsChB;AAED;;;;;GAKG;AACH,+CAHW,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAsJhB;AAED;;;;;;EA+HC;AAED;;;;GAIG;AACH,0CAFW,MAAM;;;;;;;;;;;;;;;;;;;;;IAqDhB;AAmBD;;;;;GAKG;AACH,yCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,wCAHW,MAAM,YAchB;AAED;;;;;GAKG;AACH,wCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,yCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM,YAQhB;AAED;;;;;;;GAOG;AACH,qDALW,MAAM;;;;;;;;;;IAgJhB;AA0CD;;;;;;;GAOG;AACH,8FAHW,MAAM,WACN,MAAM,UAqFhB;AAED;;;;GAIG;AACH,8CAHW,MAAM,WACN,MAAM;;;;;;;;EAuBhB;AAED;;;GAGG;AACH,iDAFW,MAAM;;;;;;;;;;;;;;;;;;;;;IAwDhB;AAED;;;;;;;GAOG;AACH,iDALW,MAAM,YACN,MAAM,YACN,OAAO,oBACP,OAAO,eA6DjB;AAED,wIA+BC;AAED;;;;;;;GAOG;AACH,sCALW,MAAM,eACN,MAAM,eA6JhB;AAED;;;;;;;;;;;;;;;;;;;;;;IA6DC;AAED;;;;;;GAMG;AACH,kDA8BC;AAED,uDAeC;AAED,2DAeC;AAED,2CAIC;AAED;;;;;;GAMG;AACH,uDAJW,MAAM,MAgBhB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,QACN,MAAM,GACJ,OAAO,QAAQ,CAU3B;AAED;;;;;;GAMG;AACH,yDAHW,MAAM,GACJ,OAAO,KAAQ,CAkB3B;AAED;;;;;;;;GAQG;AACH,2CANW,MAAM,WACN,MAAM,iBACN,MAAM,kBAmUhB;AAED;;;;;;;GAOG;AACH,iDAFW,MAAM,OAehB;AAED;;;;;;;;;;;GAWG;AACH,uCAHW,MAAM,UACN,MAAM,UAYhB;AAED;;;;;;GAMG;AACH,2CAHW,MAAM,uBACN,MAAM,WAgBhB;AAED;;;;GAIG;AACH,4CAFW,MAAM,UAIhB;AAED;;;;;;;;GAQG;AACH,sCANW,MAAM,eACN,MAAM,oBACN,MAAM,gBAgChB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,kBA2EhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM,GAAC,IAAI,UAiCrB;AAED;;;;;;;;GAQG;AACH,6DANW,MAAM,EAAE,qBACR,MAAM,EAAE,6BACR,MAAM,EAAE,GAEN,MAAM,EAAE,CAkBpB;AAED;;;;;;GAMG;AAEH,uDALW,MAAM,iBACN,MAAM,EAAE,GACN,GAAG,CAsCf;AAED;;;;;;GAMG;AACH,uFAuHC;AAED;;;;;;GAMG;AACH,wGA6BC;AAED;;;;;;GAMG;AACH,4EAHW,OAAO,OAajB;AAED;;;;;;;GAOG;AACH,8CALW,QAAQ,mCA6ClB;AAED;;;;;;;GAOG;AACH,0FAgFC;AAsRD;;;;;;GAMG;AACH,iDAJW,MAAM,YACN,MAAM,GACJ,MAAM,CA6ClB;AAED;;;;;GAKG;AACH,yCAHW,MAAM,YACN,MAAM,UAsEhB;AAED;;GAEG;AACH,sCAmBC;AAED,0EAkGC;AAED;;;;;;;;GAQG;AACH,oCANW,MAAM,YACN,MAAM,gBACN,MAAM,eACN,MAAM,OA6ChB;AA2FD;;;;;GAKG;AACH,uCAHW,MAAM,sBAuDhB;AAED;;;;;;;;;GASG;AACH,2CAPW,MAAM,kBACN,MAAM,eACN,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA4chB;AAED;;;;;;;;;;;GAWG;AACH,gDAPW,MAAM,+BAEN,MAAM;;;;;;;;;;;;;;;;EA+KhB;AAGD;;;;;EAmBC;AAED;;;;;;;GAOG;AACH,kEAJW,MAAM,cACN,MAAM,iCA2IhB;AAED,qDASC;AAED;;;;;;;EA2GC;AAED;;;EAgQC;AAED,sEA6BC;AAED;;;;;;;GAOG;AACH,mCALW,MAAM,WACN,MAAM;;;;;;;EAuQhB;AAED;;;;;;GAMG;AACH,2CAHW,MAAM,OAKhB;AAED,qDA0CC;AAgID;;;;;GAKG;AACH;;;GA2HC;AAED,yEAiIC;AAED;;;;;;GAMG;AACH,mDAkBC;AAED;;;;;;;;;;GAUG;AACH,0DAkBC;AAED;;;;;;GAMG;AACH,sFAsBC;AAED;;;;;;;GAOG;AACH,2EAgCC;AAED;;;;;GAKG;AACH,oDAsCC;AAED;;;;;;GAMG;AACH,sEA0BC;AAED;;;;;;;;;GASG;AACH,+GA+CC;AAn3dD,gCAEc;AAEd,+BAEsD;AAEtD,4BAA4C;AAC5C,4BAA6C;AAC7C,2BAAmE;AA2DnE,iCAEE;AA2BF,iCAGyC;AAGzC,gCACmE;AAGnE,gCACsE;AAGtE,8BAA+B;AAe/B,4CAEmE;AAGnE,6CAEE;AAgBF,oCAAkD;AAGlD,uCAEuD;AAYvD,8BAAyC;AAgBzC,gCAA6C;AAY7C,8BAAiC;AAIjC,4BAA6B;AAI7B,2BAA2B;AAI3B,4BAA6B;AAI7B,2BAA2B;AAI3B,6BAA+B;AAI/B,0BAAyB;AAIzB,6BAA+B;AAM/B,2BAA2B;AAK3B,4BAA6B;AAK7B,mCAAoC;AAOpC,gDAC2D;AAE3D,2BAAuD;AAGvD,kDAWE;AAGF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA+IE;;;;AA6JF,8BAQG;AAi3LH,8CAUE"} \ No newline at end of file +{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/utils.js"],"names":[],"mappings":"AA8EA;;;;;GAKG;AACH,0DAUC;AAED;;;;;;GAMG;AACH,yDAHmB,OAAO,UAazB;AAoFD,8CAKC;AAED,0CAIC;AAsBD,yCAYC;AAID,2CAQC;AAgOD;;;;;;;GAOG;AACH,4EAiBC;AAED;;;;;;GAMG;AACH,mGA2EC;AAED;;;;;;;;GAQG;AACH,yGAeC;AAyBD;;;;;;GAMG;AACH,qCAJW,MAAM,WACN,MAAM,2BA8BhB;AAED;;;;;;GAMG;AACH,+CAJW,MAAM,WACN,MAAM,+BA0BhB;AAYD;;;;GAIG;AACH,gCAFa,MAAM,CAIlB;AAED,iCAQC;AAED;;;;;;IAMI;AACJ,iDAJW,MAAM,GACJ,OAAO,CAWnB;AAED;;;;;;;;;GASG;AACH,iEA2BC;AAED;;;;;GAKG;AACH,6CAqDC;AAED;;;;;;GAMG;AACH,sEA0DC;AAED;;;;GAIG;AACH,4EAoCC;AAED;;;GAGG;AACH;;EAUC;AAED,sEA0BC;AAED;;;;GAIG;AACH,+DA4CC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,WACN,OAAO,kBA+EjB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM;;;GAygBhB;AAED;;;;;;;GAOG;AACH,6CAFW,MAAM,MA2DhB;AAgCD;;;;GAIG;AACH,4CAFW,MAAM;;;GA4OhB;AAED;;;;GAIG;AACH,4CAFW,MAAM,kBAiEhB;AAoHD;;;;;GAKG;AACH,kDAHW,MAAM,GACJ,MAAM,CAgBlB;AAED;;;;;;;;;;GAUG;AACH,wCARW,MAAM;;;;;;;;;;;;;;;;;;GAuvBhB;AAED;;;;GAIG;AACH,8CAFW,MAAM,kBA+ChB;AAED;;;;GAIG;AACH,sCAFW,MAAM,kBAgFhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,OAqIhB;AAED;;;;;;GAMG;AACH,0CALW,MAAM,WACN,MAAM,OA+JhB;AAED;;;;;;GAMG;AACH,0CALW,MAAM,oBACN,MAAM,kBACN,GAAG,mBACH,MAAM;;;;;;;;;GA6OhB;AAED;;;GAGG;AACH,uCAFW,MAAM,SAoChB;AAED;;;GAGG;AACH,wCAFW,MAAM,OAahB;AAED,yEAwBC;AAED;;;;GAIG;AACH,+CAFW,MAAM;;;EAwDhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBACN,MAAM;;;;;;;;EAmDhB;AAED;;;;;;;GAOG;AACH,qDALW,MAAM,0BAGJ,MAAM,CAuElB;AAED;;;GAGG;AACH,iDAFW,MAAM,SA4ChB;AAED;;;GAGG;AACH,8CAFW,MAAM,SAsDhB;AAED;;;GAGG;AACH,2CAFW,MAAM,SAiBhB;AAED;;GAEG;AACH,kDAoCC;AAED;;;;GAIG;AACH,oCAFW,MAAM,OAchB;AAED;;;;GAIG;AACH,wCAFW,MAAM,OAYhB;AAED;;;;;;;;GAQG;AACH,2FA0GC;AAED;;;;;;;;;GASG;AACH,sFAGC;AAED;;;;;;;;;GASG;AACH,gFAFY,MAAO,SAAS,CA6B3B;AAED;;;;;;;;;GASG;AACH,0EAFY,OAAO,QAAQ,CAU1B;AAED;;;;GAIG;AACH,4DAFW,WAAY,SAYtB;AAED;;;;;;;;;GASG;AACH,+FAFY,OAAO,QAAQ,CAc1B;AAED;;;;GAIG;AACH;;;EAqBC;AAED;;;;;GAKG;AACH,iFAFW,GAAC,OA0BX;AAED;;;;;GAKG;AACH,sFAsNC;AAED;;;;GAIG;AACH,qDAmBC;AAED;;;;GAIG;AACH,gEAeC;AAED;;;;;GAKG;AACH,iDAHW,MAAM,OAoLhB;AAED;;;;;;GAMG;AACH,yDAHW,MAAM,iBACN,MAAM;;;;;;;;;;;;;;;;;;;;GA4bhB;AAED;;;;;GAKG;AACH,mFAgKC;AAED;;;;;;;GAOG;AACH,kCALW,MAAM;;;;;;;;GA4EhB;AAED;;;;GAIG;AACH,mEAqBC;AAeD;;;;;GAKG;AACH;;;;;;;;;EAkLC;AAED;;;;GAIG;AACH;;;;;;EAcC;AAED;;;;GAIG;AACH,+DAFY,SAAO,SAAS,CAc3B;AAED;;;;GAIG;AACH,uDAoBC;AAED;;;;GAIG;AACH,oDAFY,QAAQ,CAQnB;AAED;;;;;GAKG;AACH,oEAFY,SAAO,SAAS,CAc3B;AAED;;;;;;GAMG;AACH,oEAFY,OAAO,QAAQ,CA8D1B;AAED;;;;GAIG;AACH,iEA2CC;AA+BD;;;;;;;;GAkCC;AAyBD;;;;;;;GAOG;AACH,sEA4FC;AAED;;;;;;GAMG;AACH,0CAJW,MAAM;;;;;;;;;;;GA2DhB;AA4BD;;;;;;;;;;GAUG;AACH,2CARW,MAAM,aACN,MAAM;;;;;;;;GAkMhB;AAED;;;;GAIG;AACH,yCAHW,MAAM,OAehB;AAED;;;;GAIG;AACH,0CAHW,MAAM,kBAsBhB;AAED,+DA+CC;AAED,uEAwBC;AA6BD;;;;GAIG;AACH,oEAmGC;AAMD;;;;GAIG;AACH,sDAsBC;AAED;;;;;;;;;;GAUG;AACH,uIAFa,KAAK,CAAC,MAAM,CAAC,CA0IzB;AAED;;;;;GAKG;AACH,8CAHW,MAAM,eACN,MAAM,kBAwKhB;AAED;;;;;GAKG;AACH,kDAHW,MAAM,YACN,MAAM;;;;;;;GAoQhB;AAED;;;;GAIG;AACH,kEAqEC;AAED;;;;GAIG;AACH,gEA+CC;AAyFD;;;;;;;;;;;;;;;;;GAiBG;AACH,mEALW,OAAO,4BAuIjB;AAED;;;;;;;;GAQG;AACH,+DALW,OAAO,4BA4GjB;AAED,oEAyDC;AAED,wEA0BC;AAED;;;;;;;GAOG;AACH,uEAgEC;AAED,0DAwBC;AAED,wDA+DC;AAED,0FAkEC;AAmBD;;IAiEC;AAED;;IA2DC;AAED,2DAiEC;AAED,yDAaC;AAaD,gDA+EC;AAED,yDAkDC;AAED,sDA0BC;AAED,sDAyBC;AAED,6DAwCC;AAED,yDAmCC;AAyCD,qFA2HC;AAED,8DA0BC;AAED,sDAiCC;AAED,yDAgCC;AAED,qDAkDC;AAED;;;;;GAKG;AACH,mDASC;AAED;;;;;;GAMG;AACH,4EAyJC;AAED,kEAoDC;AAED;;;;;;;;GAQG;AACH,kGAiVC;AAED;;;EA8OC;AAED;;;;EAsHC;AAED;;;EA+GC;AAED;;;;;;GAMG;AACH,oDAJW,MAAM,OAsChB;AAED;;;;;GAKG;AACH,+CAHW,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAsJhB;AAED;;;;;;EA+HC;AAED;;;;GAIG;AACH,0CAFW,MAAM;;;;;;;;;;;;;;;;;;;;;IAqDhB;AAmBD;;;;;GAKG;AACH,yCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,wCAHW,MAAM,YAchB;AAED;;;;;GAKG;AACH,wCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,yCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM,YAQhB;AAED;;;;;;;GAOG;AACH,qDALW,MAAM;;;;;;;;;;IAgJhB;AA0CD;;;;;;;GAOG;AACH,8FAHW,MAAM,WACN,MAAM,UAqFhB;AAED;;;;GAIG;AACH,8CAHW,MAAM,WACN,MAAM;;;;;;;;EAuBhB;AAED;;;GAGG;AACH,iDAFW,MAAM;;;;;;;;;;;;;;;;;;;;;IAwDhB;AAED;;;;;;;GAOG;AACH,iDALW,MAAM,YACN,MAAM,YACN,OAAO,oBACP,OAAO,eA6DjB;AAED,wIA+BC;AAED;;;;;;;GAOG;AACH,sCALW,MAAM,eACN,MAAM,eA8JhB;AAED;;;;;;;;;;;;;;;;;;;;;;IA6DC;AAED;;;;;;GAMG;AACH,kDA8BC;AAED,uDAeC;AAED,2DAeC;AAED,2CAIC;AAED;;;;;;GAMG;AACH,uDAJW,MAAM,MAgBhB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,QACN,MAAM,GACJ,OAAO,QAAQ,CAU3B;AAED;;;;;;GAMG;AACH,yDAHW,MAAM,GACJ,OAAO,KAAQ,CAkB3B;AAED;;;;;;;;GAQG;AACH,2CANW,MAAM,WACN,MAAM,iBACN,MAAM,kBA2UhB;AAED;;;;;;;GAOG;AACH,iDAFW,MAAM,OAehB;AAED;;;;;;;;;;;GAWG;AACH,uCAHW,MAAM,UACN,MAAM,UAYhB;AAED;;;;;;GAMG;AACH,2CAHW,MAAM,uBACN,MAAM,WAgBhB;AAED;;;;GAIG;AACH,4CAFW,MAAM,UAIhB;AAED;;;;;;;;GAQG;AACH,sCANW,MAAM,eACN,MAAM,oBACN,MAAM,gBAgChB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,kBA2EhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM,GAAC,IAAI,UAiCrB;AAED;;;;;;;;GAQG;AACH,6DANW,MAAM,EAAE,qBACR,MAAM,EAAE,6BACR,MAAM,EAAE,GAEN,MAAM,EAAE,CAkBpB;AAED;;;;;;GAMG;AAEH,uDALW,MAAM,iBACN,MAAM,EAAE,GACN,GAAG,CAsCf;AAED;;;;;;GAMG;AACH,uFAuHC;AAED;;;;;;GAMG;AACH,wGA6BC;AAED;;;;;;GAMG;AACH,4EAHW,OAAO,OAajB;AAED;;;;;;;GAOG;AACH,8CALW,QAAQ,mCA6ClB;AAED;;;;;;;GAOG;AACH,0FAgFC;AAsRD;;;;;;GAMG;AACH,iDAJW,MAAM,YACN,MAAM,GACJ,MAAM,CA6ClB;AAED;;;;;GAKG;AACH,yCAHW,MAAM,YACN,MAAM,UAsEhB;AAED;;GAEG;AACH,sCAmBC;AAED,0EAkGC;AAED;;;;;;;;GAQG;AACH,oCANW,MAAM,YACN,MAAM,gBACN,MAAM,eACN,MAAM,OA6ChB;AA2FD;;;;;GAKG;AACH,uCAHW,MAAM,sBAuDhB;AAED;;;;;;;;;GASG;AACH,2CAPW,MAAM,kBACN,MAAM,eACN,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA4chB;AAED;;;;;;;;;;;GAWG;AACH,gDAPW,MAAM,+BAEN,MAAM;;;;;;;;;;;;;;;;EA+KhB;AAGD;;;;;EAmBC;AAED;;;;;;;GAOG;AACH,kEAJW,MAAM,cACN,MAAM,iCA2IhB;AAED,qDASC;AAED;;;;;;;EA2GC;AAED;;;EAgQC;AAED,sEA6BC;AAED;;;;;;;GAOG;AACH,mCALW,MAAM,WACN,MAAM;;;;;;;EAuQhB;AAED;;;;;;GAMG;AACH,2CAHW,MAAM,OAKhB;AAED,qDA0CC;AAgID;;;;;GAKG;AACH;;;GA2HC;AAED,yEAiIC;AAED;;;;;;GAMG;AACH,mDAkBC;AAED;;;;;;;;;;GAUG;AACH,0DAkBC;AAED;;;;;;GAMG;AACH,sFAsBC;AAED;;;;;;;GAOG;AACH,2EAgCC;AAED;;;;;GAKG;AACH,oDAsCC;AAED;;;;;;GAMG;AACH,sEA0BC;AAED;;;;;;;;;GASG;AACH,+GA+CC;AA73dD,gCAEc;AAEd,+BAEsD;AAEtD,4BAA4C;AAC5C,4BAA6C;AAC7C,2BAAmE;AA2DnE,iCAEE;AA2BF,iCAGyC;AAGzC,gCACmE;AAGnE,gCACsE;AAGtE,8BAA+B;AAe/B,4CAEmE;AAGnE,6CAEE;AAgBF,oCAAkD;AAGlD,uCAEuD;AAYvD,8BAAyC;AAgBzC,gCAA6C;AAY7C,8BAAiC;AAIjC,4BAA6B;AAI7B,2BAA2B;AAI3B,4BAA6B;AAI7B,2BAA2B;AAI3B,6BAA+B;AAI/B,0BAAyB;AAIzB,6BAA+B;AAM/B,2BAA2B;AAK3B,4BAA6B;AAK7B,mCAAoC;AAOpC,gDAC2D;AAE3D,2BAAuD;AAGvD,kDAWE;AAGF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgJE;;;;AA6JF,8BAQG;AAi3LH,8CAUE"} \ No newline at end of file From 92f858f910c87c0b3358133f9e827a8eb5cb977d Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Mon, 31 Mar 2025 16:07:40 +0100 Subject: [PATCH 05/17] scalasem implementations. Signed-off-by: Prabhu Subramanian --- lib/evinser/evinser.js | 5 +++ lib/evinser/scalasem.js | 52 +++++++++++++++++++++++++++++ types/lib/evinser/scalasem.d.ts | 6 ++++ types/lib/evinser/scalasem.d.ts.map | 1 + 4 files changed, 64 insertions(+) create mode 100644 lib/evinser/scalasem.js create mode 100644 types/lib/evinser/scalasem.d.ts create mode 100644 types/lib/evinser/scalasem.d.ts.map diff --git a/lib/evinser/evinser.js b/lib/evinser/evinser.js index 4bd4901c03..4f8861589e 100644 --- a/lib/evinser/evinser.js +++ b/lib/evinser/evinser.js @@ -20,6 +20,7 @@ import { safeMkdirSync, } from "../helpers/utils.js"; import { postProcess } from "../stages/postgen/postgen.js"; +import { findPurlLocations } from "./scalasem.js"; import { createSemanticsSlices } from "./swiftsem.js"; const DB_NAME = "evinser.db"; @@ -903,6 +904,10 @@ export async function parseSliceUsages( * @returns {Object} Parsed metadata */ export function parseSemanticSlices(language, components, semanticsSlice) { + // For scala, use the dedicated scalasem module. + if (language === "scala") { + return findPurlLocations(components, semanticsSlice); + } const componentNamePurlMap = {}; const componentSymbolsMap = {}; const allObfuscationsMap = {}; diff --git a/lib/evinser/scalasem.js b/lib/evinser/scalasem.js new file mode 100644 index 0000000000..a5c4b737d8 --- /dev/null +++ b/lib/evinser/scalasem.js @@ -0,0 +1,52 @@ +function buildNSCache(components) { + const typePurlsCache = {}; + for (const comp of components) { + if (!comp.purl || !comp.properties) { + continue; + } + const nsProps = comp.properties.filter((p) => p.name === "Namespaces"); + if (nsProps.length) { + const nsList = nsProps[0].value?.split("\n"); + for (const ns of nsList) { + const sns = ns.split("$")[0]; + if (!typePurlsCache[sns]) { + typePurlsCache[sns] = new Set(); + } + typePurlsCache[sns].add(comp.purl); + } + } + } + return typePurlsCache; +} + +export function findPurlLocations(components, semanticsSlice) { + const purlLocationsSet = {}; + if (!semanticsSlice || !Object.keys(semanticsSlice).length) { + return {}; + } + const typePurlsCache = buildNSCache(components); + for (const key of Object.keys(semanticsSlice)) { + if (key === "config" || !key.endsWith(".scala")) { + continue; + } + const values = semanticsSlice[key]; + const usedTypes = values?.usedTypes || []; + for (const t of usedTypes) { + const simpleType = t.split("$")[0]; + const matchPurls = typePurlsCache[simpleType]; + if (matchPurls) { + for (const apurl of Array.from(matchPurls)) { + if (!purlLocationsSet[apurl]) { + purlLocationsSet[apurl] = new Set(); + } + purlLocationsSet[apurl].add(values.sourceFile || key); + } + } + } + } + const purlLocationMap = {}; + for (const apurl of Object.keys(purlLocationsSet)) { + purlLocationMap[apurl] = Array.from(purlLocationsSet[apurl]).sort(); + } + return { purlLocationMap }; +} diff --git a/types/lib/evinser/scalasem.d.ts b/types/lib/evinser/scalasem.d.ts new file mode 100644 index 0000000000..c50b03298c --- /dev/null +++ b/types/lib/evinser/scalasem.d.ts @@ -0,0 +1,6 @@ +export function findPurlLocations(components: any, semanticsSlice: any): { + purlLocationMap?: undefined; +} | { + purlLocationMap: {}; +}; +//# sourceMappingURL=scalasem.d.ts.map \ No newline at end of file diff --git a/types/lib/evinser/scalasem.d.ts.map b/types/lib/evinser/scalasem.d.ts.map new file mode 100644 index 0000000000..1285bc89fb --- /dev/null +++ b/types/lib/evinser/scalasem.d.ts.map @@ -0,0 +1 @@ +{"version":3,"file":"scalasem.d.ts","sourceRoot":"","sources":["../../../lib/evinser/scalasem.js"],"names":[],"mappings":"AAqBA;;;;EA8BC"} \ No newline at end of file From 12d0b1c955c8ccd214c2d15b3a09a169e5e09cd3 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Mon, 31 Mar 2025 16:41:39 +0100 Subject: [PATCH 06/17] detect endpoints from openapi spec file. Signed-off-by: Prabhu Subramanian --- lib/evinser/evinser.js | 60 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 58 insertions(+), 2 deletions(-) diff --git a/lib/evinser/evinser.js b/lib/evinser/evinser.js index 4f8861589e..98e8c9858f 100644 --- a/lib/evinser/evinser.js +++ b/lib/evinser/evinser.js @@ -465,6 +465,7 @@ export async function analyzeProject(dbObjMap, options) { const components = bomJson.components || []; let cryptoComponents = []; let cryptoGeneratePurls = {}; + let openapiSpecFile; // Load any existing purl-location information from the sbom. // For eg: cdxgen populates this information for javascript projects let { purlLocationMap, purlImportsMap } = initFromSbom(components, language); @@ -515,6 +516,8 @@ export async function analyzeProject(dbObjMap, options) { ); } } + // Retain any generated openapi spec file + openapiSpecFile = retMap.openapiSpecFile; } // Support for semantics slicing if ( @@ -551,6 +554,7 @@ export async function analyzeProject(dbObjMap, options) { servicesMap, purlLocationMap, purlImportsMap, + openapiSpecFile, ); purlLocationMap = retMap.purlLocationMap; servicesMap = retMap.servicesMap; @@ -606,6 +610,7 @@ export async function analyzeProject(dbObjMap, options) { userDefinedTypesMap, cryptoComponents, cryptoGeneratePurls, + openapiSpecFile, }; } @@ -616,6 +621,7 @@ export async function parseObjectSlices( servicesMap = {}, purlLocationMap = {}, purlImportsMap = {}, + openapiSpecFile = undefined, ) { if (!usageSlice || !Object.keys(usageSlice).length) { return purlLocationMap; @@ -645,9 +651,23 @@ export async function parseObjectSlices( purlLocationMap, purlImportsMap, ); - detectServicesFromUsages(language, slice, servicesMap); + // Prefer openapi for identifying services + if ( + !Object.keys(servicesMap).length && + openapiSpecFile && + safeExistsSync(openapiSpecFile) + ) { + detectServicesFromOpenAPI(language, openapiSpecFile, servicesMap); + } + // Only identify services from usage slices as a fallback + if (!servicesMap || !Object.keys(servicesMap).length) { + detectServicesFromUsages(language, slice, servicesMap); + } + } + // Only identify services from user defined types as a second fallback + if (!servicesMap || !Object.keys(servicesMap).length) { + detectServicesFromUDT(language, usageSlice.userDefinedTypes, servicesMap); } - detectServicesFromUDT(language, usageSlice.userDefinedTypes, servicesMap); return { purlLocationMap, servicesMap, @@ -1095,6 +1115,41 @@ export function isFilterableType(language, userDefinedTypesMap, typeFullName) { return !!userDefinedTypesMap[typeFullName]; } +export function detectServicesFromOpenAPI( + _language, + openapiSpecFile, + servicesMap, +) { + try { + const specData = JSON.parse( + fs.readFileSync(openapiSpecFile, { encoding: "utf-8" }), + ); + if (!specData?.paths || !Object.keys(specData.paths).length) { + return; + } + for (const aurlPattern of Object.keys(specData.paths)) { + const httpMethodObj = specData.paths[aurlPattern]; + for (const httpMethod of Object.keys(httpMethodObj)) { + const hobj = httpMethodObj[httpMethod]; + const serviceName = `service-${aurlPattern}-${httpMethod}`; + const operationId = hobj["operationId"]; + let properties; + if (operationId) { + properties = [{ name: "internal:operationId", value: operationId }]; + } + servicesMap[serviceName] = { + endpoints: new Set([aurlPattern]), + authenticated: undefined, + xTrustBoundary: undefined, + properties, + }; + } + } + } catch (e) { + return; + } +} + /** * Method to detect services from annotation objects in the usage slice * @@ -1345,6 +1400,7 @@ export function createEvinseFile(sliceArtefacts, options) { dataFlowFrames, cryptoComponents, cryptoGeneratePurls, + openapiSpecFile, } = sliceArtefacts; const bomFile = options.input; const evinseOutFile = options.output; From 935c3897f7284bde8327b6e699c908db58c7ad71 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Mon, 31 Mar 2025 16:50:37 +0100 Subject: [PATCH 07/17] scala repo tests. Signed-off-by: Prabhu Subramanian --- .github/workflows/repotests.yml | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index fd1c81712d..f14faed226 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -24,6 +24,10 @@ jobs: with: distribution: 'temurin' java-version: '23' + - uses: sbt/setup-sbt@v1 + - uses: coursier/setup-action@v1 + with: + apps: scala3 scalac - uses: actions/setup-go@v5 with: go-version: '1.23' @@ -108,10 +112,6 @@ jobs: with: repository: 'ShiftLeftSecurity/shiftleft-go-example' path: 'repotests/shiftleft-go-example' - - uses: actions/checkout@v4 - with: - repository: 'prabhu/shiftleft-scala-example' - path: 'repotests/shiftleft-scala-example' - uses: actions/checkout@v4 with: repository: 'HooliCorp/vulnerable_net_core' @@ -326,6 +326,11 @@ jobs: repository: 'SeanyCash/TwinCAT_CNC' path: 'repotests/TwinCAT_CNC' ref: '0e1020338c10cf77249aeaff34520f9516816167' + - uses: actions/checkout@v4 + with: + repository: 'playframework/play-samples' + path: 'repotests/play-samples' + ref: '0dccba17856e89dbb5e457ab760efb14cc691395' - uses: dtolnay/rust-toolchain@stable - name: setup sdkman run: | @@ -554,6 +559,18 @@ jobs: bin/cdxgen.js -p -r -t dotnet-framework repotests/SimpleFrameworkApp -o bomresults/bom-dotnet-framework.json bin/cdxgen.js -p -r -t dotnet-framework repotests/Reporting-Windows-Application -o bomresults/bom-dotnet-framework-reporting.json --deep shell: bash + - name: Set up JDK + uses: actions/setup-java@v4 + with: + distribution: 'temurin' + java-version: '21' + - name: scala tests + run: | + bin/cdxgen.js -p -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example -o bomresults/bom-simple-play-scala-slick-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example + bin/cdxgen.js -p -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example --profile research -o bomresults/bom-play-scala-slick-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example + bin/cdxgen.js -p -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-rest-api-example --profile research -o bomresults/bom-play-scala-rest-api-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-rest-api-example + bin/cdxgen.js -p -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-grpc-example --profile research -o bomresults/bom-pplay-scala-grpc-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-grpc-example + shell: bash - name: repotests blint run: | bin/cdxgen.js -p -t python repotests/blint -o bomresults/bom-blint.json --fail-on-error @@ -732,6 +749,10 @@ jobs: with: distribution: 'temurin' java-version: '23' + - uses: sbt/setup-sbt@v1 + - uses: coursier/setup-action@v1 + with: + apps: scala3 scalac - uses: actions/setup-go@v5 with: go-version: '1.23' From 85fc4fc451334f0d87484601cb7850ad036b9616 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Mon, 31 Mar 2025 17:00:59 +0100 Subject: [PATCH 08/17] services properties. Signed-off-by: Prabhu Subramanian --- lib/evinser/evinser.js | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/lib/evinser/evinser.js b/lib/evinser/evinser.js index 98e8c9858f..77398cdca2 100644 --- a/lib/evinser/evinser.js +++ b/lib/evinser/evinser.js @@ -1131,11 +1131,13 @@ export function detectServicesFromOpenAPI( const httpMethodObj = specData.paths[aurlPattern]; for (const httpMethod of Object.keys(httpMethodObj)) { const hobj = httpMethodObj[httpMethod]; - const serviceName = `service-${aurlPattern}-${httpMethod}`; + const serviceName = `service-${aurlPattern.replaceAll("/", "")}-${httpMethod}`; const operationId = hobj["operationId"]; - let properties; + const properties = [ + { name: "cdx:service:httpMethod", value: httpMethod }, + ]; if (operationId) { - properties = [{ name: "internal:operationId", value: operationId }]; + properties.push({ name: "internal:operationId", value: operationId }); } servicesMap[serviceName] = { endpoints: new Set([aurlPattern]), @@ -1461,6 +1463,7 @@ export function createEvinseFile(sliceArtefacts, options) { endpoints: Array.from(servicesMap[serviceName].endpoints), authenticated: servicesMap[serviceName].authenticated, "x-trust-boundary": servicesMap[serviceName].xTrustBoundary, + properties: servicesMap[serviceName].properties, }); } // Add to existing services From 8483bee89b154b30c87815224e1e7e4e1fa1f407 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Mon, 31 Mar 2025 17:12:49 +0100 Subject: [PATCH 09/17] Fix tests Signed-off-by: Prabhu Subramanian --- lib/helpers/utils.test.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/helpers/utils.test.js b/lib/helpers/utils.test.js index 5d26d98887..324a597cd3 100644 --- a/lib/helpers/utils.test.js +++ b/lib/helpers/utils.test.js @@ -2455,7 +2455,7 @@ test("parse github actions workflow data", () => { dep_list = parseGitHubWorkflowData( readFileSync("./.github/workflows/repotests.yml", { encoding: "utf-8" }), ); - expect(dep_list.length).toEqual(13); + expect(dep_list.length).toEqual(14); expect(dep_list[0]).toEqual({ group: "actions", name: "checkout", From d2e527950d273ecfa28f748ea4cb029a3dff1158 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Mon, 31 Mar 2025 19:10:25 +0100 Subject: [PATCH 10/17] Fix tests Signed-off-by: Prabhu Subramanian --- .github/workflows/repotests.yml | 1 + lib/evinser/evinser.js | 12 ++++++++---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index f14faed226..80682fd01b 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -566,6 +566,7 @@ jobs: java-version: '21' - name: scala tests run: | + python -m pip install atom-tools bin/cdxgen.js -p -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example -o bomresults/bom-simple-play-scala-slick-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example bin/cdxgen.js -p -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example --profile research -o bomresults/bom-play-scala-slick-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example bin/cdxgen.js -p -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-rest-api-example --profile research -o bomresults/bom-play-scala-rest-api-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-rest-api-example diff --git a/lib/evinser/evinser.js b/lib/evinser/evinser.js index 77398cdca2..2bda41e5cf 100644 --- a/lib/evinser/evinser.js +++ b/lib/evinser/evinser.js @@ -507,7 +507,7 @@ export async function analyzeProject(dbObjMap, options) { usageSlice = JSON.parse(fs.readFileSync(retMap.slicesFile, "utf-8")); usagesSlicesFile = retMap.slicesFile; } - if (retMap.semanticsSlicesFile) { + if (retMap?.semanticsSlicesFile) { options.semanticsSlicesFile = retMap.semanticsSlicesFile; semanticsSlicesFile = retMap.semanticsSlicesFile; if (DEBUG_MODE) { @@ -623,6 +623,7 @@ export async function parseObjectSlices( purlImportsMap = {}, openapiSpecFile = undefined, ) { + let openapiServicesMode = false; if (!usageSlice || !Object.keys(usageSlice).length) { return purlLocationMap; } @@ -653,19 +654,22 @@ export async function parseObjectSlices( ); // Prefer openapi for identifying services if ( - !Object.keys(servicesMap).length && + !openapiServicesMode && openapiSpecFile && safeExistsSync(openapiSpecFile) ) { detectServicesFromOpenAPI(language, openapiSpecFile, servicesMap); + if (servicesMap && Object.keys(servicesMap).length) { + openapiServicesMode = true; + } } // Only identify services from usage slices as a fallback - if (!servicesMap || !Object.keys(servicesMap).length) { + if (!openapiServicesMode) { detectServicesFromUsages(language, slice, servicesMap); } } // Only identify services from user defined types as a second fallback - if (!servicesMap || !Object.keys(servicesMap).length) { + if (!openapiServicesMode) { detectServicesFromUDT(language, usageSlice.userDefinedTypes, servicesMap); } return { From 63cfee604005ff9b9e4dda382167737d5d981ecf Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Mon, 31 Mar 2025 20:00:47 +0100 Subject: [PATCH 11/17] Fix tests Signed-off-by: Prabhu Subramanian --- lib/evinser/evinser.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/evinser/evinser.js b/lib/evinser/evinser.js index 2bda41e5cf..0534d8c9fa 100644 --- a/lib/evinser/evinser.js +++ b/lib/evinser/evinser.js @@ -215,7 +215,7 @@ export async function createSlice( options = {}, ) { if (!filePath) { - return undefined; + return {}; } const firstLanguage = Array.isArray(purlOrLanguages) ? purlOrLanguages[0] @@ -224,7 +224,7 @@ export async function createSlice( ? purlToLanguage(firstLanguage, filePath) : firstLanguage; if (!language) { - return undefined; + return {}; } // Handle language with version types if (language.startsWith("ruby")) { @@ -240,7 +240,7 @@ export async function createSlice( PROJECT_TYPE_ALIASES.swift.includes(language) && sliceType !== "semantics" ) { - return undefined; + return {}; } let sliceOutputDir = fs.mkdtempSync(join(getTmpDir(), `atom-${sliceType}-`)); @@ -516,8 +516,10 @@ export async function analyzeProject(dbObjMap, options) { ); } } - // Retain any generated openapi spec file - openapiSpecFile = retMap.openapiSpecFile; + if (retMap.openapiSpecFile) { + // Retain any generated openapi spec file + openapiSpecFile = retMap.openapiSpecFile; + } } // Support for semantics slicing if ( From 675c992a39a2abc53172519963a3e203c7fde35e Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Mon, 31 Mar 2025 21:29:58 +0100 Subject: [PATCH 12/17] Fix tests Signed-off-by: Prabhu Subramanian --- .github/workflows/repotests.yml | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index 80682fd01b..3e8baaba7e 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -24,10 +24,6 @@ jobs: with: distribution: 'temurin' java-version: '23' - - uses: sbt/setup-sbt@v1 - - uses: coursier/setup-action@v1 - with: - apps: scala3 scalac - uses: actions/setup-go@v5 with: go-version: '1.23' @@ -564,9 +560,20 @@ jobs: with: distribution: 'temurin' java-version: '21' + - uses: sbt/setup-sbt@v1 + - uses: coursier/setup-action@v1 + with: + apps: scala3 scalac - name: scala tests run: | python -m pip install atom-tools + cd $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example + sbt clean stage + cd $GITHUB_WORKSPACE/repotests/play-samples/play-scala-rest-api-example + sbt clean stage + cd $GITHUB_WORKSPACE/repotests/play-samples/play-scala-grpc-example + sbt clean stage + cd $GITHUB_WORKSPACE bin/cdxgen.js -p -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example -o bomresults/bom-simple-play-scala-slick-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example bin/cdxgen.js -p -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example --profile research -o bomresults/bom-play-scala-slick-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example bin/cdxgen.js -p -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-rest-api-example --profile research -o bomresults/bom-play-scala-rest-api-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-rest-api-example From 813b94aabd2998144c8e1fdf0616b4d142c61ce5 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Mon, 31 Mar 2025 21:31:03 +0100 Subject: [PATCH 13/17] Fix tests Signed-off-by: Prabhu Subramanian --- .github/workflows/repotests.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index 3e8baaba7e..8917318026 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -574,11 +574,13 @@ jobs: cd $GITHUB_WORKSPACE/repotests/play-samples/play-scala-grpc-example sbt clean stage cd $GITHUB_WORKSPACE - bin/cdxgen.js -p -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example -o bomresults/bom-simple-play-scala-slick-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example - bin/cdxgen.js -p -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example --profile research -o bomresults/bom-play-scala-slick-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example - bin/cdxgen.js -p -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-rest-api-example --profile research -o bomresults/bom-play-scala-rest-api-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-rest-api-example - bin/cdxgen.js -p -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-grpc-example --profile research -o bomresults/bom-pplay-scala-grpc-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-grpc-example + bin/cdxgen.js -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example -o bomresults/bom-simple-play-scala-slick-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example + bin/cdxgen.js -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example --profile research -o bomresults/bom-play-scala-slick-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example + bin/cdxgen.js -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-rest-api-example --profile research -o bomresults/bom-play-scala-rest-api-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-rest-api-example + bin/cdxgen.js -t scala $GITHUB_WORKSPACE/repotests/play-samples/play-scala-grpc-example --profile research -o bomresults/bom-pplay-scala-grpc-example.json $GITHUB_WORKSPACE/repotests/play-samples/play-scala-grpc-example shell: bash + env: + CDXGEN_DEBUG_MODE: debug - name: repotests blint run: | bin/cdxgen.js -p -t python repotests/blint -o bomresults/bom-blint.json --fail-on-error From 061768f8aeb9eaa22f1c39b8f2acf446251c36e9 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Mon, 31 Mar 2025 22:34:32 +0100 Subject: [PATCH 14/17] Fix tests Signed-off-by: Prabhu Subramanian --- .github/workflows/repotests.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index 8917318026..daf78caafc 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -567,6 +567,7 @@ jobs: - name: scala tests run: | python -m pip install atom-tools + npm install -g @appthreat/atom cd $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example sbt clean stage cd $GITHUB_WORKSPACE/repotests/play-samples/play-scala-rest-api-example From 4e7c827b2b493e24cddebfee22e70858d7128d86 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Mon, 31 Mar 2025 23:34:16 +0100 Subject: [PATCH 15/17] Fix tests Signed-off-by: Prabhu Subramanian --- .github/workflows/repotests.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index daf78caafc..198ce46265 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -66,6 +66,11 @@ jobs: corepack enable corepack pnpm install --config.strict-dep-builds=true --package-import-method copy corepack pnpm test + echo "$(pwd)/node_modules/.bin" >> $GITHUB_PATH + which atom + which scalasem + which rbastgen + which phpastgen mkdir -p repotests mkdir -p bomresults mkdir -p denoresults @@ -567,7 +572,7 @@ jobs: - name: scala tests run: | python -m pip install atom-tools - npm install -g @appthreat/atom + which atom-tools cd $GITHUB_WORKSPACE/repotests/play-samples/play-scala-slick-example sbt clean stage cd $GITHUB_WORKSPACE/repotests/play-samples/play-scala-rest-api-example @@ -801,6 +806,11 @@ jobs: npm install --global corepack@latest corepack enable pnpm pnpm install --config.strict-dep-builds=true --package-import-method copy + echo "$(pwd)/node_modules/.bin" >> $GITHUB_PATH + which atom + which scalasem + which rbastgen + which phpastgen ls -al node_modules/@cyclonedx/cdxgen-plugins-bin* mkdir -p repotests mkdir -p bomresults From d92ca5ebfaaf1e2e11e7234d7fc8b9287adb5f25 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Mon, 31 Mar 2025 23:40:45 +0100 Subject: [PATCH 16/17] Fix tests Signed-off-by: Prabhu Subramanian --- .github/workflows/repotests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index 198ce46265..f8e348e8ce 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -66,7 +66,7 @@ jobs: corepack enable corepack pnpm install --config.strict-dep-builds=true --package-import-method copy corepack pnpm test - echo "$(pwd)/node_modules/.bin" >> $GITHUB_PATH + echo "${{github.workspace}}/node_modules/.bin" >> $GITHUB_PATH which atom which scalasem which rbastgen @@ -806,7 +806,7 @@ jobs: npm install --global corepack@latest corepack enable pnpm pnpm install --config.strict-dep-builds=true --package-import-method copy - echo "$(pwd)/node_modules/.bin" >> $GITHUB_PATH + echo "${{github.workspace}}/node_modules/.bin" >> $GITHUB_PATH which atom which scalasem which rbastgen From f3d61302ffef778c991c3a670c8719c701539732 Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Mon, 31 Mar 2025 23:49:44 +0100 Subject: [PATCH 17/17] Fix tests Signed-off-by: Prabhu Subramanian --- .github/workflows/repotests.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index f8e348e8ce..d14af81b72 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -66,11 +66,6 @@ jobs: corepack enable corepack pnpm install --config.strict-dep-builds=true --package-import-method copy corepack pnpm test - echo "${{github.workspace}}/node_modules/.bin" >> $GITHUB_PATH - which atom - which scalasem - which rbastgen - which phpastgen mkdir -p repotests mkdir -p bomresults mkdir -p denoresults @@ -806,11 +801,6 @@ jobs: npm install --global corepack@latest corepack enable pnpm pnpm install --config.strict-dep-builds=true --package-import-method copy - echo "${{github.workspace}}/node_modules/.bin" >> $GITHUB_PATH - which atom - which scalasem - which rbastgen - which phpastgen ls -al node_modules/@cyclonedx/cdxgen-plugins-bin* mkdir -p repotests mkdir -p bomresults