feat: builders.FromPath.LicenseEvidenceBuilder

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

src/_helpers/mime.ts

@@ -0,0 +1,37 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+
+
+import {extname} from "path";
+
+export type MimeType = string
+
+const MAP_TEXT_EXTENSION_MIME: Readonly<Record<string, MimeType>> = {
+  '': 'text/plain',
+  '.licence': 'text/plain',
+  '.license': 'text/plain',
+  '.md': 'text/markdown',
+  '.rst': 'text/prs.fallenstein.rst',
+  '.txt': 'text/plain',
+  '.xml': 'text/xml' // not `application/xml` -- our scope is text!
+} as const
+
+export function getMimeForTextFile (filename: string): MimeType | undefined {
+  return MAP_TEXT_EXTENSION_MIME[extname(filename).toLowerCase()]
+}

src/builders/fromPath.node.ts

@@ -0,0 +1,110 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+
+/**
+ * Node-specifics.
+ */
+
+import {readdirSync, readFileSync} from "fs";
+import {join, relative, resolve} from "path";
+
+import {getMimeForTextFile} from "../_helpers/mime";
+import {AttachmentEncoding} from "../enums/attachmentEncoding";
+import {Attachment} from "../models/attachment";
+import {NamedLicense} from "../models/license";
+
+
+
+/**
+ * Node-specific LicenseEvidenceBuilder.
+ */
+export class LicenseEvidenceBuilder {
+
+  readonly #LICENSE_FILENAME_PATTERN = /^(?:UN)?LICEN[CS]E|.\.LICEN[CS]E$|^NOTICE$/i
+
+  /**
+   * Return a license on success, returns undefined if it appears to bes no known text file.
+   * Throws errors, if license attachment failed to create.
+   *
+   * @param file - path to file
+   * @param relativeFrom - path the file shall be relative to
+   * @returns {@link NamedLicense} on success
+   */
+  public fromFile(file: string, relativeFrom: string | undefined = undefined): NamedLicense | undefined {
+    const contentType = getMimeForTextFile(file)
+    if (contentType === undefined) {
+      return undefined
+    }
+    let lname
+    if ( relativeFrom === undefined) {
+      lname = `file: ${file}`
+    } else {
+      // `file` could be absolute or relative path - lets resolve it anyway
+      file = resolve(relativeFrom, file)
+      lname = `file: ${relative(relativeFrom, file)}`
+    }
+    return new NamedLicense(
+      `file: ${lname}`,
+      {
+        text: new Attachment(
+          // may throw if `readFileSync()` fails
+          readFileSync(file).toString('base64'),
+          {
+            contentType,
+            encoding: AttachmentEncoding.Base64
+          }
+        )
+      })
+  }
+
+  /**
+   * Returns a generator for license evidences.
+   * Throws errors, if dir cannot be inspected.
+   *
+   * @param dir - path to inspect
+   * @param relativeFrom - path the dir shall be relative to
+   */
+  public * fromDir(dir: string, relativeFrom: string | undefined = undefined): Generator<NamedLicense> {
+    if ( relativeFrom !== undefined) {
+      // `dir` could be absolute or relative path - lets resolve it anyway
+      dir = resolve(relativeFrom, dir)
+    }
+    // may throw if `readdirSync()` fails
+    const dcis = readdirSync(dir, { withFileTypes: true })
+    for (const dci of dcis) {
+      if (
+        !dci.isFile() ||
+        !this.#LICENSE_FILENAME_PATTERN.test(dci.name.toLowerCase())
+      ) {
+        continue
+      }
+
+      let le
+      try {
+        le = this.fromFile( join(dir, dci.name), relativeFrom)
+      } catch (e) {
+        continue
+      }
+      if (le !== undefined) {
+        yield le
+      }
+    }
+  }
+
+}

src/builders/index.node.ts

@@ -18,3 +18,4 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
 export * as FromNodePackageJson from './fromNodePackageJson.node'
+export * as FromPath from './fromPath.node'