In universal mode, safely ignore directories from container export (#…

…1228) * In universal mode, safely ignore directories from container export Signed-off-by: Prabhu Subramanian <[email protected]> * In universal mode, safely ignore directories from container export Signed-off-by: Prabhu Subramanian <[email protected]> * Improve types used in tests Signed-off-by: Prabhu Subramanian <[email protected]> --------- Signed-off-by: Prabhu Subramanian <[email protected]>
CycloneDX · Jul 9, 2024 · 370a4af · 370a4af
1 parent 932f46e
commit 370a4af
Show file tree

Hide file tree

Showing 9 changed files with 27 additions and 16 deletions.
diff --git a/.github/workflows/dockertests.yml b/.github/workflows/dockertests.yml
@@ -54,11 +54,11 @@ jobs:
           docker rmi ubuntu:latest
           bin/cdxgen.js almalinux:9.4-minimal -t docker -o bomresults/bom-almalinux.json
           docker rmi almalinux:9.4-minimal
-          bin/cdxgen.js centos:latest -t docker -o bomresults/bom-centos.json
+          bin/cdxgen.js centos:latest -t oci -o bomresults/bom-centos.json
           docker rmi centos:latest
           bin/cdxgen.js phpmyadmin@sha256:1092481630056189e43cc0fe66fd01defcc9334d78ab4611b22f65e9a39869bd -o bomresults/bom-phpmyadmin.json --validate
           docker rmi phpmyadmin@sha256:1092481630056189e43cc0fe66fd01defcc9334d78ab4611b22f65e9a39869bd
-          bin/cdxgen.js shiftleft/scan-slim -o bomresults/bom-scanslim.json -t docker --validate
+          bin/cdxgen.js shiftleft/scan-slim -o bomresults/bom-scanslim.json -t container --validate
           docker rmi shiftleft/scan-slim
           bin/cdxgen.js redmine@sha256:a5c5f8a64a0d9a436a0a6941bc3fb156be0c89996add834fe33b66ebeed2439e -o bomresults/bom-redmine.json --validate
           docker rmi redmine@sha256:a5c5f8a64a0d9a436a0a6941bc3fb156be0c89996add834fe33b66ebeed2439e

diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml
@@ -323,7 +323,7 @@ jobs:
         run: |
           bin/cdxgen.js -p --no-recurse repotests/microservices-demo -o bomresults/bom-msd-1.json --validate
           bin/cdxgen.js -p -r repotests/microservices-demo -o bomresults/bom-msd-2.json --validate
-          bin/cdxgen.js -p -r -t yaml-manifest repotests/microservices-demo -o bomresults/bom-yaml.json --validate
+          bin/cdxgen.js -p -r -t universal repotests/microservices-demo -o bomresults/bom-yaml.json
         shell: bash
       - name: repotests openpbs
         run: |

diff --git a/deno.json b/deno.json
@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "10.8.0",
+  "version": "10.8.1",
   "exports": "./index.js",
   "compilerOptions": {
     "allowJs": true,

diff --git a/docker.js b/docker.js
@@ -17,7 +17,7 @@ import {
   homedir,
   tmpdir,
 } from "node:os";
-import { basename, join } from "node:path";
+import { basename, join, resolve } from "node:path";
 import process from "node:process";
 import stream from "node:stream/promises";
 import { parse } from "node:url";
@@ -1003,6 +1003,14 @@ export const extractFromManifest = async (
  * Returns the location of the layers with additional packages related metadata
  */
 export const exportImage = async (fullImageName) => {
+  // Safely ignore local directories
+  if (
+    !fullImageName ||
+    fullImageName === "." ||
+    existsSync(resolve(fullImageName))
+  ) {
+    return undefined;
+  }
   // Try to get the data locally first
   const localData = await getImage(fullImageName);
   if (!localData) {

diff --git a/index.js b/index.js
@@ -6161,14 +6161,17 @@ export async function createBom(path, options) {
     path.includes(":latest")
   ) {
     exportData = await exportImage(path);
-    if (!exportData) {
-      console.log(
-        "BOM generation has failed due to problems with exporting the image",
-      );
-      options.failOnError && process.exit(1);
-      return {};
+    if (exportData) {
+      isContainerMode = true;
+    } else {
+      if (DEBUG_MODE) {
+        console.log(
+          path,
+          "doesn't appear to be a valid container image. Looking for application pacakges.",
+        );
+      }
+      return await createMultiXBom([path], options);
     }
-    isContainerMode = true;
   } else if (projectType === "oci-dir") {
     isContainerMode = true;
     exportData = {

diff --git a/jsr.json b/jsr.json
@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "10.8.0",
+  "version": "10.8.1",
   "exports": "./index.js",
   "include": ["*.js", "bin/**", "data/**", "types/**"],
   "exclude": ["test/", "docs/", "contrib/", "ci/", "tools_config/"]

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "10.8.0",
+  "version": "10.8.1",
   "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
   "homepage": "http://github.com/cyclonedx/cdxgen",
   "author": "Prabhu Subramanian <[email protected]>",

diff --git a/types/docker.d.ts.map b/types/docker.d.ts.map
diff --git a/types/index.d.ts.map b/types/index.d.ts.map