Compare commits
18 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 2d6b2f2832 | |||
| 9c0ce9cbd5 | |||
| 51ff88ad10 | |||
| d93866d127 | |||
| 7dde1e29d3 | |||
| 98ddec4efe | |||
| 6ca39f38ce | |||
| 333866abe4 | |||
| f59e294eca | |||
| 376d6250d1 | |||
| caf2b08649 | |||
| eb91e65da4 | |||
| 3517f8f1f0 | |||
| 9b429e3d82 | |||
| d434719693 | |||
| ec00348b72 | |||
| c7cb2bbc93 | |||
| 601c613aa3 |
@@ -22,7 +22,7 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Component detection
|
||||
uses: advanced-security/component-detection-dependency-submission-action@v0.0.3
|
||||
uses: advanced-security/component-detection-dependency-submission-action@v0.1.0
|
||||
```
|
||||
|
||||
### Configuration options
|
||||
|
||||
@@ -156,6 +156,44 @@ describe("ComponentDetection.processComponentsToManifests", () => {
|
||||
expect(manifests[0].indirectDependencies()).toHaveLength(1);
|
||||
expect(manifests[0].countDependencies()).toBe(1);
|
||||
});
|
||||
|
||||
test("un-escapes URL-encoded locationsFoundAt", () => {
|
||||
const componentsFound = [
|
||||
{
|
||||
component: {
|
||||
name: "test-package",
|
||||
version: "1.0.0",
|
||||
packageUrl: {
|
||||
Scheme: "pkg",
|
||||
Type: "nuget",
|
||||
Name: "test-package",
|
||||
Version: "1.0.0"
|
||||
},
|
||||
id: "test-package 1.0.0 - nuget"
|
||||
},
|
||||
isDevelopmentDependency: false,
|
||||
topLevelReferrers: [], // Empty = direct dependency
|
||||
locationsFoundAt: ["/my%20project/my%20project.csproj"]
|
||||
}
|
||||
];
|
||||
|
||||
const dependencyGraphs: DependencyGraphs = {
|
||||
"my project/my project.csproj": {
|
||||
graph: { "test-package": null },
|
||||
explicitlyReferencedComponentIds: ["test-package 1.0.0 - nuget"],
|
||||
developmentDependencies: [],
|
||||
dependencies: []
|
||||
}
|
||||
};
|
||||
|
||||
const manifests = ComponentDetection.processComponentsToManifests(componentsFound, dependencyGraphs);
|
||||
|
||||
expect(manifests).toHaveLength(1);
|
||||
expect(manifests[0].name).toBe("my project/my project.csproj");
|
||||
expect(manifests[0].directDependencies()).toHaveLength(1);
|
||||
expect(manifests[0].indirectDependencies()).toHaveLength(0);
|
||||
expect(manifests[0].countDependencies()).toBe(1);
|
||||
});
|
||||
});
|
||||
|
||||
describe('normalizeDependencyGraphPaths', () => {
|
||||
|
||||
@@ -154,7 +154,9 @@ export default class ComponentDetection {
|
||||
packages.forEach((pkg: ComponentDetectionPackage) => {
|
||||
pkg.locationsFoundAt.forEach((location: any) => {
|
||||
// Use the normalized path (remove leading slash if present)
|
||||
const normalizedLocation = location.startsWith('/') ? location.substring(1) : location;
|
||||
let normalizedLocation = location.startsWith('/') ? location.substring(1) : location;
|
||||
// Unescape the path, as upstream ComponentDetection emits locationsFoundAt in URL-encoded form
|
||||
normalizedLocation = decodeURIComponent(normalizedLocation);
|
||||
|
||||
if (!manifests.find((manifest: Manifest) => manifest.name == normalizedLocation)) {
|
||||
const manifest = new Manifest(normalizedLocation, normalizedLocation);
|
||||
|
||||
+3
-1
@@ -36129,7 +36129,9 @@ class ComponentDetection {
|
||||
pkg.locationsFoundAt.forEach((location) => {
|
||||
var _a, _b;
|
||||
// Use the normalized path (remove leading slash if present)
|
||||
const normalizedLocation = location.startsWith('/') ? location.substring(1) : location;
|
||||
let normalizedLocation = location.startsWith('/') ? location.substring(1) : location;
|
||||
// Unescape the path, as upstream ComponentDetection emits locationsFoundAt in URL-encoded form
|
||||
normalizedLocation = decodeURIComponent(normalizedLocation);
|
||||
if (!manifests.find((manifest) => manifest.name == normalizedLocation)) {
|
||||
const manifest = new dependency_submission_toolkit_1.Manifest(normalizedLocation, normalizedLocation);
|
||||
manifests.push(manifest);
|
||||
|
||||
+1
-1
File diff suppressed because one or more lines are too long
Generated
+8736
-4790
File diff suppressed because it is too large
Load Diff
+13
-13
@@ -30,22 +30,22 @@
|
||||
"@actions/github": "^6.0.1",
|
||||
"@github/dependency-submission-toolkit": "^2.0.5",
|
||||
"cross-fetch": "^4.1.0",
|
||||
"dotenv": "^16.5.0",
|
||||
"dotenv": "^17.2.3",
|
||||
"fs": "^0.0.1-security",
|
||||
"octokit": "^4.1.3",
|
||||
"tar": "^7.4.3",
|
||||
"yaml": "^2.7.1"
|
||||
"octokit": "^5.0.5",
|
||||
"tar": "^7.5.2",
|
||||
"yaml": "^2.8.1"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@babel/preset-env": "^7.27.2",
|
||||
"@babel/preset-typescript": "^7.27.1",
|
||||
"@eslint/js": "^9.26.0",
|
||||
"@types/glob": "^8.1.0",
|
||||
"@types/jest": "^29.5.14",
|
||||
"@vercel/ncc": "^0.38.3",
|
||||
"eslint": "^9.26.0",
|
||||
"jest": "^29.7.0",
|
||||
"@babel/preset-env": "^7.28.5",
|
||||
"@babel/preset-typescript": "^7.28.5",
|
||||
"@eslint/js": "^9.39.1",
|
||||
"@types/glob": "^9.0.0",
|
||||
"@types/jest": "^30.0.0",
|
||||
"@vercel/ncc": "^0.38.4",
|
||||
"eslint": "^9.39.1",
|
||||
"jest": "^30.2.0",
|
||||
"jest-transform-stub": "^2.0.0",
|
||||
"ts-jest": "^29.3.2"
|
||||
"ts-jest": "^29.4.5"
|
||||
}
|
||||
}
|
||||
|
||||
Generated
+18
-18
@@ -685,9 +685,9 @@
|
||||
"dev": true
|
||||
},
|
||||
"node_modules/@eslint/eslintrc/node_modules/js-yaml": {
|
||||
"version": "4.1.0",
|
||||
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
|
||||
"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
|
||||
"version": "4.1.1",
|
||||
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
|
||||
"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"argparse": "^2.0.1"
|
||||
@@ -2273,9 +2273,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/eslint/node_modules/js-yaml": {
|
||||
"version": "4.1.0",
|
||||
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
|
||||
"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
|
||||
"version": "4.1.1",
|
||||
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
|
||||
"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"argparse": "^2.0.1"
|
||||
@@ -3541,9 +3541,9 @@
|
||||
"dev": true
|
||||
},
|
||||
"node_modules/js-yaml": {
|
||||
"version": "3.14.1",
|
||||
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
|
||||
"integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
|
||||
"version": "3.14.2",
|
||||
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
|
||||
"integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
|
||||
"dev": true,
|
||||
"dependencies": {
|
||||
"argparse": "^1.0.7",
|
||||
@@ -5338,9 +5338,9 @@
|
||||
"dev": true
|
||||
},
|
||||
"js-yaml": {
|
||||
"version": "4.1.0",
|
||||
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
|
||||
"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
|
||||
"version": "4.1.1",
|
||||
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
|
||||
"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
|
||||
"dev": true,
|
||||
"requires": {
|
||||
"argparse": "^2.0.1"
|
||||
@@ -6538,9 +6538,9 @@
|
||||
}
|
||||
},
|
||||
"js-yaml": {
|
||||
"version": "4.1.0",
|
||||
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
|
||||
"integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
|
||||
"version": "4.1.1",
|
||||
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
|
||||
"integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
|
||||
"dev": true,
|
||||
"requires": {
|
||||
"argparse": "^2.0.1"
|
||||
@@ -7525,9 +7525,9 @@
|
||||
"dev": true
|
||||
},
|
||||
"js-yaml": {
|
||||
"version": "3.14.1",
|
||||
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.1.tgz",
|
||||
"integrity": "sha512-okMH7OXXJ7YrN9Ok3/SXrnu4iX9yOk+25nqX4imS2npuvTYDmo/QEZoqwZkYaIDk3jVvBOTOIEgEhaLOynBS9g==",
|
||||
"version": "3.14.2",
|
||||
"resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.2.tgz",
|
||||
"integrity": "sha512-PMSmkqxr106Xa156c2M265Z+FTrPl+oxd/rgOQy2tijQeK5TxQ43psO1ZCwhVOSdnn+RzkzlRz/eY4BgJBYVpg==",
|
||||
"dev": true,
|
||||
"requires": {
|
||||
"argparse": "^1.0.7",
|
||||
|
||||
Reference in New Issue
Block a user