Skip to content

Commit

Permalink
Bug fix: Certain node packages were not encoded correctly
Browse files Browse the repository at this point in the history 
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
  • Loading branch information
@prabhu
prabhu committed Oct 6, 2023
1 parent 1fd2c16 commit 8030f78
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 25 deletions.
59 changes: 34 additions & 25 deletions utils.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -368,6 +368,7 @@ export const parsePkgJson = async (pkgJsonFile, simple = false) => {
name,
group,
version: pkgData.version,
purl: purl,
"bom-ref": decodeURIComponent(purl)
};
if (!simple) {
Expand Down Expand Up @@ -451,35 +452,32 @@ export const parsePkgLock = async (pkgLockFile, options = {}) => {
let pkg = {};
let purlString = "";
if (node == rootNode) {
purlString = decodeURIComponent(
new PackageURL(
"npm",
options.projectGroup || "",
options.projectName || node.packageName,
options.projectVersion || node.version,
null,
null
).toString()
);
purlString = new PackageURL(
"npm",
options.projectGroup || "",
options.projectName || node.packageName,
options.projectVersion || node.version,
null,
null
).toString();
pkg = {
author: node.package.author,
group: options.projectGroup || "",
name: options.projectName || node.packageName,
version: options.projectVersion || node.version,
type: "application",
"bom-ref": purlString
purl: purlString,
"bom-ref": decodeURIComponent(purlString)
};
} else {
purlString = decodeURIComponent(
new PackageURL(
"npm",
"",
node.packageName,
node.version,
null,
null
).toString()
);
purlString = new PackageURL(
"npm",
"",
node.packageName,
node.version,
null,
null
).toString();
const pkgLockFile = join(
srcFilePath.replace("/", _sep),
"package-lock.json"
Expand Down Expand Up @@ -511,7 +509,8 @@ export const parsePkgLock = async (pkgLockFile, options = {}) => {
}
},
type: parentRef ? "npm" : "application",
"bom-ref": purlString
purl: purlString,
"bom-ref": decodeURIComponent(purlString)
};
}
const packageLicense = node.package.license;
Expand Down Expand Up @@ -556,7 +555,12 @@ export const parsePkgLock = async (pkgLockFile, options = {}) => {
const {
pkgList: childPkgList,
dependenciesList: childDependenciesList
} = parseArboristNode(childNode, rootNode, purlString, visited);
} = parseArboristNode(
childNode,
rootNode,
decodeURIComponent(purlString),
visited
);
pkgList = pkgList.concat(childPkgList);
dependenciesList = dependenciesList.concat(childDependenciesList);

Expand Down Expand Up @@ -631,13 +635,18 @@ export const parsePkgLock = async (pkgLockFile, options = {}) => {
pkgDependsOn.push(depPurlString);
if (edge.to == null) continue;
const { pkgList: childPkgList, dependenciesList: childDependenciesList } =
parseArboristNode(edge.to, rootNode, purlString, visited);
parseArboristNode(
edge.to,
rootNode,
decodeURIComponent(purlString),
visited
);
pkgList = pkgList.concat(childPkgList);
dependenciesList = dependenciesList.concat(childDependenciesList);
}

dependenciesList.push({
ref: purlString,
ref: decodeURIComponent(purlString),
dependsOn: workspaceDependsOn
.concat(childrenDependsOn)
.concat(pkgDependsOn)
Expand Down
2 changes: 2 additions & 0 deletions utils.test.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1601,6 +1601,7 @@ test("parsePkgLock v2", async () => {
expect(deps[1].license).toEqual("Apache-2.0");
expect(deps[0]).toEqual({
"bom-ref": "pkg:npm/shopify-theme-tailwindcss@2.2.1",
purl: "pkg:npm/shopify-theme-tailwindcss@2.2.1",
author: "Wessel van Ree <hello@wesselvanree.com>",
group: "",
name: "shopify-theme-tailwindcss",
Expand Down Expand Up @@ -1671,6 +1672,7 @@ test("parsePkgLock v3", async () => {
);
expect(deps[0]).toEqual({
"bom-ref": "pkg:npm/cdxgen@latest",
purl: "pkg:npm/cdxgen@latest",
group: "",
author: "",
license: "ISC",
Expand Down

0 comments on commit 8030f78

Please sign in to comment.