From ca7124d063d1a0dbc9514d4963ca0452ed39898f Mon Sep 17 00:00:00 2001 From: Daniel Strong Date: Fri, 27 Dec 2024 15:04:09 -0500 Subject: [PATCH] Support is-dev property from osv-scanner --- src/commands/sbom/__tests__/fixtures/sbom.1.5.ok.json | 4 ++++ src/commands/sbom/__tests__/payload.test.ts | 3 +++ src/commands/sbom/constants.ts | 1 + src/commands/sbom/payload.ts | 11 ++++++++++- src/commands/sbom/types.ts | 1 + 5 files changed, 19 insertions(+), 1 deletion(-) diff --git a/src/commands/sbom/__tests__/fixtures/sbom.1.5.ok.json b/src/commands/sbom/__tests__/fixtures/sbom.1.5.ok.json index fbf229e28..aa3bd2b44 100644 --- a/src/commands/sbom/__tests__/fixtures/sbom.1.5.ok.json +++ b/src/commands/sbom/__tests__/fixtures/sbom.1.5.ok.json @@ -160,6 +160,10 @@ { "name": "osv-scanner:package-manager", "value": "Npm" + }, + { + "name": "osv-scanner:is-dev", + "value": "true" } ] }, diff --git a/src/commands/sbom/__tests__/payload.test.ts b/src/commands/sbom/__tests__/payload.test.ts index b171b7935..c93402f3d 100644 --- a/src/commands/sbom/__tests__/payload.test.ts +++ b/src/commands/sbom/__tests__/payload.test.ts @@ -72,6 +72,9 @@ describe('generation of payload', () => { const directDependencies = payload?.dependencies.filter((d) => d.is_direct) expect(directDependencies?.length).toBe(1) + const devDependencies = payload?.dependencies.filter((d) => d.is_dev) + expect(devDependencies?.length).toBe(1) + const dependenciesWithPackageManager = payload?.dependencies.filter((d) => d.package_manager.length > 0) expect(dependenciesWithPackageManager?.length).toBe(1) diff --git a/src/commands/sbom/constants.ts b/src/commands/sbom/constants.ts index e4ce534a9..70d2a2107 100644 --- a/src/commands/sbom/constants.ts +++ b/src/commands/sbom/constants.ts @@ -2,4 +2,5 @@ export const API_ENDPOINT = 'api/v2/static-analysis-sca/dependencies' export const PACKAGE_MANAGER_PROPERTY_KEY = 'osv-scanner:package-manager' export const IS_DEPENDENCY_DIRECT_PROPERTY_KEY = 'osv-scanner:is-direct' +export const IS_DEPENDENCY_DEV_ENVIRONMENT_PROPERTY_KEY = 'osv-scanner:is-dev' export const FILE_PACKAGE_PROPERTY_KEY = 'osv-scanner:package' diff --git a/src/commands/sbom/payload.ts b/src/commands/sbom/payload.ts index f5c5ba772..c11a75dec 100644 --- a/src/commands/sbom/payload.ts +++ b/src/commands/sbom/payload.ts @@ -12,7 +12,12 @@ import { GIT_SHA, } from '../../helpers/tags' -import {FILE_PACKAGE_PROPERTY_KEY, IS_DEPENDENCY_DIRECT_PROPERTY_KEY, PACKAGE_MANAGER_PROPERTY_KEY} from './constants' +import { + FILE_PACKAGE_PROPERTY_KEY, + IS_DEPENDENCY_DEV_ENVIRONMENT_PROPERTY_KEY, + IS_DEPENDENCY_DIRECT_PROPERTY_KEY, + PACKAGE_MANAGER_PROPERTY_KEY, +} from './constants' import {getLanguageFromComponent} from './language' import {Relations, Dependency, File, Location, LocationFromFile, Locations, ScaRequest} from './types' @@ -187,11 +192,14 @@ const extractingDependency = (component: any): Dependency | undefined => { let packageManager = '' let isDirect + let isDev for (const property of component['properties'] ?? []) { if (property['name'] === PACKAGE_MANAGER_PROPERTY_KEY) { packageManager = property['value'] } else if (property['name'] === IS_DEPENDENCY_DIRECT_PROPERTY_KEY) { isDirect = property['value'].toLowerCase() === 'true' ? true : undefined + } else if (property['name'] === IS_DEPENDENCY_DEV_ENVIRONMENT_PROPERTY_KEY) { + isDev = property['value'].toLowerCase() === 'true' ? true : undefined } } @@ -204,6 +212,7 @@ const extractingDependency = (component: any): Dependency | undefined => { purl, locations, is_direct: isDirect, + is_dev: isDev, package_manager: packageManager, } diff --git a/src/commands/sbom/types.ts b/src/commands/sbom/types.ts index 805d59a28..6e66a161b 100644 --- a/src/commands/sbom/types.ts +++ b/src/commands/sbom/types.ts @@ -94,6 +94,7 @@ export interface Dependency { purl: string locations: undefined | Locations[] is_direct: undefined | boolean + is_dev: undefined | boolean package_manager: string }