Skip to content

Improved query params extraction in server mode #2118

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 6 commits into from
Jul 31, 2025
Merged

Improved query params extraction in server mode #2118

merged 6 commits into from
Jul 31, 2025

Conversation

prabhu
Copy link
Collaborator

@prabhu prabhu commented Jul 30, 2025
edited
Loading

Fixes #2104. The fix was vibe coded using qwen3-coder.

❯ curl "http://127.0.0.1:9090/sbom"                                                                                                                                                                                                               (base)
{"error":"Path or URL is required."}⏎
prabhu@mpro ~ [1]
❯ curl "http://127.0.0.1:9090/sbom?url=https://github.com/HooliCorp/vulnerable-aws-koa-app.git&multiProject=true&type=js"                                                                                                                         (base)
{"bomFormat":"CycloneDX","specVersion":"1.6","serialNumber":"urn:uuid:d90d817e-1156-476f-8ab7-87e0067d7ff7","version":1,"metadata":{"timestamp":"2025-07-30T14:51:03Z","tools":{"components":[{"group":"@cyclonedx","name":"cdxgen","version":"11.5.0","purl":"pkg:npm/%40cyclonedx/cdxgen@11.5.0","type":"application","bom-ref":"pkg:npm/@cyclonedx/cdxgen@11.5.0","publisher":"OWASP Foundation","authors":[{"name":"OWASP Foundation"}]}]},"authors":[{"name":"OWASP Foundation"}],"lifecycles":[{"phase":"build"}],"component":{"name":"vulnerable-aws-koa-app","group":"","version":"1.0.0","description":"Vulnerable AWS Koa App for testing SAST tools","purl":"pkg:npm/vulnerable-aws-koa-app@1.0.0","bom-ref":"pkg:npm/vulnerable-aws-koa-app@1.0.0","author":"Prabhu Subramanian<prabhu@shiftleft.io>","type":"application","licenses":[{"license":{"id":"Apache-2.0","url":"h

@prabhu
Improved query params extraction in server mode
3745d4a 
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu prabhu added the mode:server cdxgen used as server label Jul 30, 2025
@prabhu prabhu mentioned this pull request Jul 30, 2025
Closed
@prabhu
Fixes a crash with some dotnet project.assets.json lacking a restore …
bb331c3 
…attribute

Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu
Copy link
Collaborator Author

prabhu commented Jul 30, 2025

Saw the below crash in one of the container bom generation step.

file:///home/runner/work/cdxgen/cdxgen/lib/helpers/utils.js:10112
    csProjData.project.restore.projectName,
                       ^

TypeError: Cannot read properties of undefined (reading 'restore')
    at parseCsProjAssetsData (file:///home/runner/work/cdxgen/cdxgen/lib/helpers/utils.js:10112:24)
    at createCsharpBom (file:///home/runner/work/cdxgen/cdxgen/lib/cli/index.js:6585:23)
    at createMultiXBom (file:///home/runner/work/cdxgen/cdxgen/lib/cli/index.js:7404:23)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async createBom (file:///home/runner/work/cdxgen/cdxgen/lib/cli/index.js:8275:12)
    at async file:///home/runner/work/cdxgen/cdxgen/bin/cdxgen.js:837:20

@prabhu
AI-assisted release category
ba17fc5 
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu
Copy link
Collaborator Author

prabhu commented Jul 30, 2025

Windows tests seems to be using wrong python https://github.com/CycloneDX/cdxgen/actions/runs/16626719226/job/47045244293?pr=2118#step:113:51

prabhu and others added 3 commits July 30, 2025 23:40
@prabhu
Move setup-python to below setup-ruby due to strange windows PATH issues
962e9b0 
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu
Merge branch 'master' into fix/issue-2104
e2d4e67 
Signed-off-by: prabhu <7842+prabhu@users.noreply.github.com>
@prabhu
Unit tests
e65bcde 
Signed-off-by: Prabhu Subramanian <prabhu@appthreat.com>
@prabhu prabhu merged commit b1afa39 into master Jul 31, 2025
80 checks passed
@prabhu prabhu deleted the fix/issue-2104 branch July 31, 2025 00:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
AI-assisted lang:dotnet mode:server cdxgen used as server Ready for QA
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Server Crash | Single GET Request
1 participant
@prabhu