From d8cd98814b60229498a90f07b6ac49d669c30985 Mon Sep 17 00:00:00 2001 From: Sylwester Piskozub Date: Tue, 4 Nov 2025 13:18:45 +0100 Subject: [PATCH 1/8] inject boilerplate policy code before evaluation Signed-off-by: Sylwester Piskozub --- app/cli/internal/policydevel/eval_test.go | 64 +++++++ app/cli/internal/policydevel/lint.go | 30 +--- app/cli/internal/policydevel/lint_test.go | 33 ---- .../policydevel/templates/example-policy.rego | 35 +--- .../sbom-metadata-component-policy.yaml | 17 ++ .../testdata/sbom-min-components-policy.yaml | 17 ++ .../testdata/sbom-multiple-checks-policy.yaml | 27 +++ .../testdata/sbom-valid-cyclonedx-policy.yaml | 22 +++ .../policydevel/testdata/test-sbom.json | 18 ++ pkg/policies/engine/rego/boilerplate.go | 161 ++++++++++++++++++ .../engine/rego/boilerplate.rego.tmpl | 22 +++ pkg/policies/engine/rego/boilerplate_test.go | 119 +++++++++++++ .../rego/testdata/custom-valid-input.rego | 12 ++ .../engine/rego/testdata/detect-rules.rego | 11 ++ .../rego/testdata/full-boilerplate.rego | 26 +++ .../rego/testdata/multiple-imports.rego | 9 + .../rego/testdata/only-package-import.rego | 3 + .../output/custom-valid-input-output.rego | 29 ++++ .../output/full-boilerplate-output.rego | 26 +++ .../output/multiple-imports-output.rego | 28 +++ .../output/only-package-import-output.rego | 23 +++ .../output/partial-boilerplate-output.rego | 26 +++ .../output/simplified-policy-output.rego | 32 ++++ .../source-commit-simplified-output.rego | 54 ++++++ .../testdata/output/with-comments-output.rego | 35 ++++ .../rego/testdata/partial-boilerplate.rego | 11 ++ .../rego/testdata/simplified-policy.rego | 13 ++ .../testdata/source-commit-simplified.rego | 35 ++++ .../engine/rego/testdata/with-comments.rego | 16 ++ pkg/policies/policies.go | 19 +++ 30 files changed, 878 insertions(+), 95 deletions(-) create mode 100644 app/cli/internal/policydevel/testdata/sbom-metadata-component-policy.yaml create mode 100644 app/cli/internal/policydevel/testdata/sbom-min-components-policy.yaml create mode 100644 app/cli/internal/policydevel/testdata/sbom-multiple-checks-policy.yaml create mode 100644 app/cli/internal/policydevel/testdata/sbom-valid-cyclonedx-policy.yaml create mode 100644 app/cli/internal/policydevel/testdata/test-sbom.json create mode 100644 pkg/policies/engine/rego/boilerplate.go create mode 100644 pkg/policies/engine/rego/boilerplate.rego.tmpl create mode 100644 pkg/policies/engine/rego/boilerplate_test.go create mode 100644 pkg/policies/engine/rego/testdata/custom-valid-input.rego create mode 100644 pkg/policies/engine/rego/testdata/detect-rules.rego create mode 100644 pkg/policies/engine/rego/testdata/full-boilerplate.rego create mode 100644 pkg/policies/engine/rego/testdata/multiple-imports.rego create mode 100644 pkg/policies/engine/rego/testdata/only-package-import.rego create mode 100644 pkg/policies/engine/rego/testdata/output/custom-valid-input-output.rego create mode 100644 pkg/policies/engine/rego/testdata/output/full-boilerplate-output.rego create mode 100644 pkg/policies/engine/rego/testdata/output/multiple-imports-output.rego create mode 100644 pkg/policies/engine/rego/testdata/output/only-package-import-output.rego create mode 100644 pkg/policies/engine/rego/testdata/output/partial-boilerplate-output.rego create mode 100644 pkg/policies/engine/rego/testdata/output/simplified-policy-output.rego create mode 100644 pkg/policies/engine/rego/testdata/output/source-commit-simplified-output.rego create mode 100644 pkg/policies/engine/rego/testdata/output/with-comments-output.rego create mode 100644 pkg/policies/engine/rego/testdata/partial-boilerplate.rego create mode 100644 pkg/policies/engine/rego/testdata/simplified-policy.rego create mode 100644 pkg/policies/engine/rego/testdata/source-commit-simplified.rego create mode 100644 pkg/policies/engine/rego/testdata/with-comments.rego diff --git a/app/cli/internal/policydevel/eval_test.go b/app/cli/internal/policydevel/eval_test.go index ac62bee3b..cc45e2fa1 100644 --- a/app/cli/internal/policydevel/eval_test.go +++ b/app/cli/internal/policydevel/eval_test.go @@ -124,3 +124,67 @@ func TestEvaluate(t *testing.T) { assert.Contains(t, err.Error(), "invalid material kind") }) } + +func TestEvaluateSimplifiedPolicies(t *testing.T) { + tempDir := t.TempDir() + logger := zerolog.New(os.Stderr) + + sbomContent, err := os.ReadFile("testdata/test-sbom.json") + require.NoError(t, err) + sbomPath := filepath.Join(tempDir, "test-sbom.json") + require.NoError(t, os.WriteFile(sbomPath, sbomContent, 0600)) + + t.Run("sbom min components policy", func(t *testing.T) { + opts := &EvalOptions{ + PolicyPath: "testdata/sbom-min-components-policy.yaml", + MaterialPath: sbomPath, + } + + result, err := Evaluate(opts, logger) + require.NoError(t, err) + require.NotNil(t, result) + assert.False(t, result.Result.Skipped) + assert.Len(t, result.Result.Violations, 1) + assert.Contains(t, result.Result.Violations[0], "at least 2 components") + }) + + t.Run("sbom metadata component policy", func(t *testing.T) { + opts := &EvalOptions{ + PolicyPath: "testdata/sbom-metadata-component-policy.yaml", + MaterialPath: sbomPath, + } + + result, err := Evaluate(opts, logger) + require.NoError(t, err) + require.NotNil(t, result) + assert.False(t, result.Result.Skipped) + assert.Len(t, result.Result.Violations, 0) + }) + + t.Run("sbom valid cyclonedx policy", func(t *testing.T) { + opts := &EvalOptions{ + PolicyPath: "testdata/sbom-valid-cyclonedx-policy.yaml", + MaterialPath: sbomPath, + } + + result, err := Evaluate(opts, logger) + require.NoError(t, err) + require.NotNil(t, result) + assert.False(t, result.Result.Skipped) + assert.Len(t, result.Result.Violations, 0) + }) + + t.Run("sbom multiple checks policy", func(t *testing.T) { + opts := &EvalOptions{ + PolicyPath: "testdata/sbom-multiple-checks-policy.yaml", + MaterialPath: sbomPath, + } + + result, err := Evaluate(opts, logger) + require.NoError(t, err) + require.NotNil(t, result) + assert.False(t, result.Result.Skipped) + assert.Len(t, result.Result.Violations, 1) + assert.Contains(t, result.Result.Violations[0], "too few components") + }) +} diff --git a/app/cli/internal/policydevel/lint.go b/app/cli/internal/policydevel/lint.go index 76b57e854..87a5d1d59 100644 --- a/app/cli/internal/policydevel/lint.go +++ b/app/cli/internal/policydevel/lint.go @@ -22,7 +22,6 @@ import ( "fmt" "os" "path/filepath" - "regexp" "strings" v1 "github.com/chainloop-dev/chainloop/app/controlplane/api/workflowcontract/v1" @@ -208,10 +207,7 @@ func (p *PolicyToLint) validateAndFormatRego(content, path string) string { content = formatted } - // 2. Structural validation - p.checkResultStructure(content, path, []string{"skipped", "violations", "skip_reason"}) - - // 3. Run Regal linter + // 2. Run Regal linter p.runRegalLinter(path, content) return content @@ -226,30 +222,6 @@ func (p *PolicyToLint) applyOPAFmt(content, file string) string { return string(formatted) } -func (p *PolicyToLint) checkResultStructure(content, path string, keys []string) { - // Regex to capture result := { ... } including multiline - re := regexp.MustCompile(`(?s)result\s*:=\s*\{(.+?)\}`) - match := re.FindStringSubmatch(content) - if match == nil { - p.AddError(path, "no result literal found", 0) - return - } - - body := match[1] - // Find quoted keys inside the object literal - keyRe := regexp.MustCompile(`"([^"]+)"\s*:`) - found := make(map[string]bool) - for _, m := range keyRe.FindAllStringSubmatch(body, -1) { - found[m[1]] = true - } - - for _, want := range keys { - if !found[want] { - p.AddError(path, fmt.Sprintf("missing %q key in result", want), 0) - } - } -} - // Runs the Regal linter on the given rego content and records any violations func (p *PolicyToLint) runRegalLinter(filePath, content string) { inputModules, err := rules.InputFromText(filePath, content) diff --git a/app/cli/internal/policydevel/lint_test.go b/app/cli/internal/policydevel/lint_test.go index 0bac2c6bb..7d665def6 100644 --- a/app/cli/internal/policydevel/lint_test.go +++ b/app/cli/internal/policydevel/lint_test.go @@ -121,39 +121,6 @@ func TestPolicyToLint_processFile(t *testing.T) { }) } -func TestPolicyToLint_checkResultStructure(t *testing.T) { - t.Run("valid result structure", func(t *testing.T) { - policy := &PolicyToLint{} - content, err := os.ReadFile("testdata/valid.rego") - require.NoError(t, err) - policy.checkResultStructure(string(content), "test.rego", []string{"violations", "skip_reason", "skipped"}) - assert.False(t, policy.HasErrors()) - }) - - t.Run("missing result literal", func(t *testing.T) { - policy := &PolicyToLint{} - content := `package main - -output := { - "violations": [] -}` - policy.checkResultStructure(content, "test.rego", []string{"violations"}) - assert.True(t, policy.HasErrors()) - assert.Contains(t, policy.Errors[0].Message, "no result literal found") - }) - - t.Run("missing required keys", func(t *testing.T) { - policy := &PolicyToLint{} - content, err := os.ReadFile("testdata/missing-keys.rego") - require.NoError(t, err) - policy.checkResultStructure(string(content), "test.rego", []string{"violations", "skip_reason", "skipped"}) - assert.True(t, policy.HasErrors()) - assert.Len(t, policy.Errors, 2) - assert.Contains(t, policy.Errors[0].Message, `missing "skip_reason" key`) - assert.Contains(t, policy.Errors[1].Message, `missing "skipped" key`) - }) -} - func TestPolicyToLint_formatViolationError(t *testing.T) { policy := &PolicyToLint{} diff --git a/app/cli/internal/policydevel/templates/example-policy.rego b/app/cli/internal/policydevel/templates/example-policy.rego index bf11368ab..f1d68d7b1 100644 --- a/app/cli/internal/policydevel/templates/example-policy.rego +++ b/app/cli/internal/policydevel/templates/example-policy.rego @@ -2,42 +2,11 @@ package main import rego.v1 -################################ -# Common section do NOT change # -################################ - -result := { - "skipped": skipped, - "violations": violations, - "skip_reason": skip_reason, - "ignore": ignore, -} - -default skip_reason := "" - -skip_reason := m if { - not valid_input - m := "invalid input" -} - -default skipped := true - -skipped := false if valid_input - -default ignore := false - -######################################## -# EO Common section, custom code below # -######################################## # Validates if the input is valid and can be understood by this policy valid_input := true -# insert code here - # If the input is valid, check for any policy violation here -default violations := [] - # violations contains msg if { -# valid_input -# insert code here +# insert your validation logic here +# msg := "your violation message" # } diff --git a/app/cli/internal/policydevel/testdata/sbom-metadata-component-policy.yaml b/app/cli/internal/policydevel/testdata/sbom-metadata-component-policy.yaml new file mode 100644 index 000000000..a5bf81c18 --- /dev/null +++ b/app/cli/internal/policydevel/testdata/sbom-metadata-component-policy.yaml @@ -0,0 +1,17 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: sbom-metadata-component + description: Policy that checks SBOM has metadata.component +spec: + policies: + - kind: SBOM_CYCLONEDX_JSON + embedded: | + package main + + import rego.v1 + + violations contains msg if { + not input.metadata.component + msg := "SBOM must have metadata.component" + } diff --git a/app/cli/internal/policydevel/testdata/sbom-min-components-policy.yaml b/app/cli/internal/policydevel/testdata/sbom-min-components-policy.yaml new file mode 100644 index 000000000..be3772436 --- /dev/null +++ b/app/cli/internal/policydevel/testdata/sbom-min-components-policy.yaml @@ -0,0 +1,17 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: sbom-min-components + description: Policy that checks SBOM has minimum number of components +spec: + policies: + - kind: SBOM_CYCLONEDX_JSON + embedded: | + package main + + import rego.v1 + + violations contains msg if { + count(input.components) < 2 + msg := "SBOM must have at least 2 components" + } diff --git a/app/cli/internal/policydevel/testdata/sbom-multiple-checks-policy.yaml b/app/cli/internal/policydevel/testdata/sbom-multiple-checks-policy.yaml new file mode 100644 index 000000000..fb6cbceb1 --- /dev/null +++ b/app/cli/internal/policydevel/testdata/sbom-multiple-checks-policy.yaml @@ -0,0 +1,27 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: sbom-multiple-checks + description: Policy that performs multiple SBOM validation checks +spec: + policies: + - kind: SBOM_CYCLONEDX_JSON + embedded: | + package main + + import rego.v1 + + violations contains msg if { + not input.metadata.component + msg := "missing metadata.component" + } + + violations contains msg if { + count(input.components) < 2 + msg := "too few components" + } + + violations contains msg if { + not input.bomFormat + msg := "missing bomFormat" + } diff --git a/app/cli/internal/policydevel/testdata/sbom-valid-cyclonedx-policy.yaml b/app/cli/internal/policydevel/testdata/sbom-valid-cyclonedx-policy.yaml new file mode 100644 index 000000000..1ad72e028 --- /dev/null +++ b/app/cli/internal/policydevel/testdata/sbom-valid-cyclonedx-policy.yaml @@ -0,0 +1,22 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: sbom-valid-cyclonedx + description: Policy that validates SBOM is valid CycloneDX format +spec: + policies: + - kind: SBOM_CYCLONEDX_JSON + embedded: | + package main + + import rego.v1 + + # Custom input validation + valid_input if { + input.bomFormat == "CycloneDX" + } + + violations contains msg if { + count(input.components) == 0 + msg := "SBOM has no components" + } diff --git a/app/cli/internal/policydevel/testdata/test-sbom.json b/app/cli/internal/policydevel/testdata/test-sbom.json new file mode 100644 index 000000000..67232b3f1 --- /dev/null +++ b/app/cli/internal/policydevel/testdata/test-sbom.json @@ -0,0 +1,18 @@ +{ + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1, + "metadata": { + "component": { + "type": "application", + "name": "test-app" + } + }, + "components": [ + { + "type": "library", + "name": "test-component", + "version": "1.0.0" + } + ] +} diff --git a/pkg/policies/engine/rego/boilerplate.go b/pkg/policies/engine/rego/boilerplate.go new file mode 100644 index 000000000..57c730f30 --- /dev/null +++ b/pkg/policies/engine/rego/boilerplate.go @@ -0,0 +1,161 @@ +// +// Copyright 2025 The Chainloop Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package rego + +import ( + "bytes" + _ "embed" + "fmt" + "strings" + "text/template" + + "github.com/open-policy-agent/opa/ast" +) + +const ( + ruleResult = "result" + ruleSkipped = "skipped" + ruleSkipReason = "skip_reason" + ruleValidInput = "valid_input" + ruleViolations = "violations" + ruleIgnore = "ignore" +) + +//go:embed boilerplate.rego.tmpl +var boilerplateTemplate string + +type boilerplateData struct { + NeedsResult bool + NeedsSkipReason bool + NeedsSkipped bool + NeedsValidInput bool + NeedsViolations bool +} + +// InjectBoilerplate automatically injects common policy boilerplate if it doesn't exist. +// This allows users to write simplified policies with only the violations rules. +// Requirements: Policy must have package declaration and import rego.v1 +// The function: +// - Parses the policy using OPA's AST +// - Detects which boilerplate rules are missing +// - Injects only the missing rules after package and imports +func InjectBoilerplate(policySource []byte, policyName string) ([]byte, error) { + if len(policySource) == 0 { + return nil, fmt.Errorf("empty policy source") + } + + originalPolicy := string(policySource) + + // Parse the policy + module, err := ast.ParseModule(policyName, originalPolicy) + if err != nil { + return nil, fmt.Errorf("failed to parse policy (must have 'package' and 'import rego.v1'): %w", err) + } + + // Detect which rules already exist using AST + existingRules := detectExistingRules(module) + + // If all required boilerplate rules exist, no injection needed + if existingRules[ruleResult] && existingRules[ruleSkipReason] && + existingRules[ruleSkipped] && existingRules[ruleValidInput] && + existingRules[ruleViolations] { + return policySource, nil + } + + // Build the boilerplate injection (rules only, no package/import) + injection, err := buildBoilerplate(existingRules) + if err != nil { + return nil, err + } + + // If nothing needs to be injected, return original + if injection == "" { + return policySource, nil + } + + // Inject after package and imports + injected, err := injectAfterImports(module, originalPolicy, injection) + if err != nil { + return nil, fmt.Errorf("failed to inject boilerplate: %w", err) + } + + return []byte(injected), nil +} + +// detectExistingRules scans the AST to find which rules are already defined +func detectExistingRules(module *ast.Module) map[string]bool { + existing := make(map[string]bool) + + for _, rule := range module.Rules { + ruleName := string(rule.Head.Name) + existing[ruleName] = true + } + + return existing +} + +// buildBoilerplate constructs the boilerplate template based on what's missing +func buildBoilerplate(existingRules map[string]bool) (string, error) { + data := boilerplateData{ + NeedsResult: !existingRules[ruleResult], + NeedsSkipReason: !existingRules[ruleSkipReason], + NeedsSkipped: !existingRules[ruleSkipped], + NeedsValidInput: !existingRules[ruleValidInput], + NeedsViolations: !existingRules[ruleViolations], + } + + tmpl, err := template.New("boilerplate").Parse(boilerplateTemplate) + if err != nil { + return "", fmt.Errorf("failed to parse boilerplate template: %w", err) + } + + var buf bytes.Buffer + if err := tmpl.Execute(&buf, data); err != nil { + return "", fmt.Errorf("failed to execute boilerplate template: %w", err) + } + + return buf.String(), nil +} + +// injectAfterImports inserts the injection block after the package declaration and existing imports +func injectAfterImports(module *ast.Module, originalPolicy, injection string) (string, error) { + // Get insertion line from AST - start with package line + insertionLine := module.Package.Location.Row + + // Find the last import line + for _, imp := range module.Imports { + if imp.Location.Row > insertionLine { + insertionLine = imp.Location.Row + } + } + + // Skip any blank lines after package/imports + lines := strings.Split(originalPolicy, "\n") + for insertionLine < len(lines) && strings.TrimSpace(lines[insertionLine]) == "" { + insertionLine++ + } + + // Trim trailing newline from injection to avoid double blank line when joining + injection = strings.TrimSuffix(injection, "\n") + + // Insert the injection block + result := make([]string, 0, len(lines)+1) + result = append(result, lines[:insertionLine]...) + result = append(result, injection) + result = append(result, lines[insertionLine:]...) + + return strings.Join(result, "\n"), nil +} diff --git a/pkg/policies/engine/rego/boilerplate.rego.tmpl b/pkg/policies/engine/rego/boilerplate.rego.tmpl new file mode 100644 index 000000000..bd3562445 --- /dev/null +++ b/pkg/policies/engine/rego/boilerplate.rego.tmpl @@ -0,0 +1,22 @@ +{{if .NeedsResult}}result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, +} + +{{end}}{{if .NeedsSkipReason}}default skip_reason := "" + +skip_reason := m if { + not valid_input + m := "the file content is not recognized" +} + +{{end}}{{if .NeedsSkipped}}default skipped := true + +skipped := false if valid_input + +{{end}}{{if .NeedsValidInput}}default valid_input := true + +{{end}}{{if .NeedsViolations}}default violations := [] + +{{end}} \ No newline at end of file diff --git a/pkg/policies/engine/rego/boilerplate_test.go b/pkg/policies/engine/rego/boilerplate_test.go new file mode 100644 index 000000000..32b30404b --- /dev/null +++ b/pkg/policies/engine/rego/boilerplate_test.go @@ -0,0 +1,119 @@ +// +// Copyright 2025 The Chainloop Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package rego + +import ( + "os" + "path/filepath" + "testing" + + "github.com/open-policy-agent/opa/ast" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestInjectBoilerplate(t *testing.T) { + testCases := []struct { + name string + inputFile string + outputName string + }{ + { + name: "simplified policy", + inputFile: "testdata/simplified-policy.rego", + outputName: "simplified-policy-output.rego", + }, + { + name: "full boilerplate exists", + inputFile: "testdata/full-boilerplate.rego", + outputName: "full-boilerplate-output.rego", + }, + { + name: "user defined valid_input", + inputFile: "testdata/custom-valid-input.rego", + outputName: "custom-valid-input-output.rego", + }, + { + name: "partial boilerplate", + inputFile: "testdata/partial-boilerplate.rego", + outputName: "partial-boilerplate-output.rego", + }, + { + name: "preserve multiple imports", + inputFile: "testdata/multiple-imports.rego", + outputName: "multiple-imports-output.rego", + }, + { + name: "with comments", + inputFile: "testdata/with-comments.rego", + outputName: "with-comments-output.rego", + }, + { + name: "only package and import", + inputFile: "testdata/only-package-import.rego", + outputName: "only-package-import-output.rego", + }, + { + name: "real world source commit example", + inputFile: "testdata/source-commit-simplified.rego", + outputName: "source-commit-simplified-output.rego", + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + input, err := os.ReadFile(tc.inputFile) + require.NoError(t, err) + + result, err := InjectBoilerplate(input, "test-policy") + require.NoError(t, err) + + matchesOutput(t, result, tc.outputName) + }) + } +} + +// matchesOutput compares result against expected output file +func matchesOutput(t *testing.T, result []byte, outputName string) { + t.Helper() + + outputPath := filepath.Join("testdata", "output", outputName) + + expected, err := os.ReadFile(outputPath) + require.NoError(t, err, "failed to read output file %s", outputPath) + + assert.Equal(t, string(expected), string(result), "output doesn't match expected file %s", outputPath) + + // Also verify it's valid Rego + _, err = ast.ParseModule("test", string(result)) + require.NoError(t, err, "generated Rego should be valid") +} + +func TestDetectExistingRules(t *testing.T) { + policyBytes, err := os.ReadFile("testdata/detect-rules.rego") + require.NoError(t, err) + + module, err := ast.ParseModule("test", string(policyBytes)) + require.NoError(t, err) + + existing := detectExistingRules(module) + + assert.True(t, existing["result"]) + assert.True(t, existing["skipped"]) + assert.True(t, existing["valid_input"]) + assert.True(t, existing["violations"]) + assert.False(t, existing["skip_reason"]) +} diff --git a/pkg/policies/engine/rego/testdata/custom-valid-input.rego b/pkg/policies/engine/rego/testdata/custom-valid-input.rego new file mode 100644 index 000000000..7ee0d87f8 --- /dev/null +++ b/pkg/policies/engine/rego/testdata/custom-valid-input.rego @@ -0,0 +1,12 @@ +package main + +import rego.v1 + +valid_input if { + input.type == "attestation" +} + +violations contains msg if { + not input.subject + msg := "missing subject" +} diff --git a/pkg/policies/engine/rego/testdata/detect-rules.rego b/pkg/policies/engine/rego/testdata/detect-rules.rego new file mode 100644 index 000000000..2ed3e61ac --- /dev/null +++ b/pkg/policies/engine/rego/testdata/detect-rules.rego @@ -0,0 +1,11 @@ +package main + +import rego.v1 + +result := {"test": true} +skipped := false +valid_input := true + +violations contains msg if { + msg := "test" +} diff --git a/pkg/policies/engine/rego/testdata/full-boilerplate.rego b/pkg/policies/engine/rego/testdata/full-boilerplate.rego new file mode 100644 index 000000000..778d0b60f --- /dev/null +++ b/pkg/policies/engine/rego/testdata/full-boilerplate.rego @@ -0,0 +1,26 @@ +package main + +import rego.v1 + +result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, +} + +default skip_reason := "" + +skip_reason := m if { + not valid_input + m := "the file content is not recognized" +} + +default skipped := true + +skipped := false if valid_input + +valid_input := true + +violations contains msg if { + msg := "test violation" +} diff --git a/pkg/policies/engine/rego/testdata/multiple-imports.rego b/pkg/policies/engine/rego/testdata/multiple-imports.rego new file mode 100644 index 000000000..025bfabf7 --- /dev/null +++ b/pkg/policies/engine/rego/testdata/multiple-imports.rego @@ -0,0 +1,9 @@ +package main + +import rego.v1 +import data.lib.helpers +import future.keywords + +violations contains msg if { + msg := "test" +} diff --git a/pkg/policies/engine/rego/testdata/only-package-import.rego b/pkg/policies/engine/rego/testdata/only-package-import.rego new file mode 100644 index 000000000..424648483 --- /dev/null +++ b/pkg/policies/engine/rego/testdata/only-package-import.rego @@ -0,0 +1,3 @@ +package main + +import rego.v1 \ No newline at end of file diff --git a/pkg/policies/engine/rego/testdata/output/custom-valid-input-output.rego b/pkg/policies/engine/rego/testdata/output/custom-valid-input-output.rego new file mode 100644 index 000000000..2476cfaa3 --- /dev/null +++ b/pkg/policies/engine/rego/testdata/output/custom-valid-input-output.rego @@ -0,0 +1,29 @@ +package main + +import rego.v1 + +result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, +} + +default skip_reason := "" + +skip_reason := m if { + not valid_input + m := "the file content is not recognized" +} + +default skipped := true + +skipped := false if valid_input + +valid_input if { + input.type == "attestation" +} + +violations contains msg if { + not input.subject + msg := "missing subject" +} diff --git a/pkg/policies/engine/rego/testdata/output/full-boilerplate-output.rego b/pkg/policies/engine/rego/testdata/output/full-boilerplate-output.rego new file mode 100644 index 000000000..778d0b60f --- /dev/null +++ b/pkg/policies/engine/rego/testdata/output/full-boilerplate-output.rego @@ -0,0 +1,26 @@ +package main + +import rego.v1 + +result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, +} + +default skip_reason := "" + +skip_reason := m if { + not valid_input + m := "the file content is not recognized" +} + +default skipped := true + +skipped := false if valid_input + +valid_input := true + +violations contains msg if { + msg := "test violation" +} diff --git a/pkg/policies/engine/rego/testdata/output/multiple-imports-output.rego b/pkg/policies/engine/rego/testdata/output/multiple-imports-output.rego new file mode 100644 index 000000000..04b8f56d8 --- /dev/null +++ b/pkg/policies/engine/rego/testdata/output/multiple-imports-output.rego @@ -0,0 +1,28 @@ +package main + +import rego.v1 +import data.lib.helpers +import future.keywords + +result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, +} + +default skip_reason := "" + +skip_reason := m if { + not valid_input + m := "the file content is not recognized" +} + +default skipped := true + +skipped := false if valid_input + +default valid_input := true + +violations contains msg if { + msg := "test" +} diff --git a/pkg/policies/engine/rego/testdata/output/only-package-import-output.rego b/pkg/policies/engine/rego/testdata/output/only-package-import-output.rego new file mode 100644 index 000000000..8cace7fd8 --- /dev/null +++ b/pkg/policies/engine/rego/testdata/output/only-package-import-output.rego @@ -0,0 +1,23 @@ +package main + +import rego.v1 +result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, +} + +default skip_reason := "" + +skip_reason := m if { + not valid_input + m := "the file content is not recognized" +} + +default skipped := true + +skipped := false if valid_input + +default valid_input := true + +default violations := [] diff --git a/pkg/policies/engine/rego/testdata/output/partial-boilerplate-output.rego b/pkg/policies/engine/rego/testdata/output/partial-boilerplate-output.rego new file mode 100644 index 000000000..e3b21f7e3 --- /dev/null +++ b/pkg/policies/engine/rego/testdata/output/partial-boilerplate-output.rego @@ -0,0 +1,26 @@ +package main + +import rego.v1 + +result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, +} + +default skip_reason := "" + +skip_reason := m if { + not valid_input + m := "the file content is not recognized" +} + +default valid_input := true + +default skipped := true + +skipped := false if valid_input + +violations contains msg if { + msg := "test violation" +} diff --git a/pkg/policies/engine/rego/testdata/output/simplified-policy-output.rego b/pkg/policies/engine/rego/testdata/output/simplified-policy-output.rego new file mode 100644 index 000000000..a8330a0b9 --- /dev/null +++ b/pkg/policies/engine/rego/testdata/output/simplified-policy-output.rego @@ -0,0 +1,32 @@ +package main + +import rego.v1 + +result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, +} + +default skip_reason := "" + +skip_reason := m if { + not valid_input + m := "the file content is not recognized" +} + +default skipped := true + +skipped := false if valid_input + +default valid_input := true + +violations contains msg if { + not has_commit + msg := "missing commit in statement" +} + +has_commit if { + some sub in input.subject + sub.name == "git.head" +} diff --git a/pkg/policies/engine/rego/testdata/output/source-commit-simplified-output.rego b/pkg/policies/engine/rego/testdata/output/source-commit-simplified-output.rego new file mode 100644 index 000000000..97819e8fb --- /dev/null +++ b/pkg/policies/engine/rego/testdata/output/source-commit-simplified-output.rego @@ -0,0 +1,54 @@ +package source_commit + +import rego.v1 + +result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, +} + +default skip_reason := "" + +skip_reason := m if { + not valid_input + m := "the file content is not recognized" +} + +default skipped := true + +skipped := false if valid_input + +default valid_input := true + +check_signature if { + lower(input.args.check_signature) == "true" +} + +check_signature if { + lower(input.args.check_signature) == "yes" +} + +violations contains msg if { + not has_commit + msg := "missing commit in statement" +} + +violations contains msg if { + has_commit + check_signature + not has_signature + msg := "missing signature in statement commit" +} + +has_commit if { + some sub in input.subject + sub.name == "git.head" + sub.digest.sha1 +} + +has_signature if { + some sub in input.subject + sub.name == "git.head" + sub.annotations.signature +} diff --git a/pkg/policies/engine/rego/testdata/output/with-comments-output.rego b/pkg/policies/engine/rego/testdata/output/with-comments-output.rego new file mode 100644 index 000000000..64aa8de10 --- /dev/null +++ b/pkg/policies/engine/rego/testdata/output/with-comments-output.rego @@ -0,0 +1,35 @@ +package main + +import rego.v1 + +result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, +} + +default skip_reason := "" + +skip_reason := m if { + not valid_input + m := "the file content is not recognized" +} + +default skipped := true + +skipped := false if valid_input + +default valid_input := true + +# This is a custom policy +# It checks for violations + +violations contains msg if { + # Check something + msg := "test violation" +} + +# Helper function +has_field if { + input.field +} diff --git a/pkg/policies/engine/rego/testdata/partial-boilerplate.rego b/pkg/policies/engine/rego/testdata/partial-boilerplate.rego new file mode 100644 index 000000000..f8fb0d1c4 --- /dev/null +++ b/pkg/policies/engine/rego/testdata/partial-boilerplate.rego @@ -0,0 +1,11 @@ +package main + +import rego.v1 + +default skipped := true + +skipped := false if valid_input + +violations contains msg if { + msg := "test violation" +} diff --git a/pkg/policies/engine/rego/testdata/simplified-policy.rego b/pkg/policies/engine/rego/testdata/simplified-policy.rego new file mode 100644 index 000000000..15d9f0923 --- /dev/null +++ b/pkg/policies/engine/rego/testdata/simplified-policy.rego @@ -0,0 +1,13 @@ +package main + +import rego.v1 + +violations contains msg if { + not has_commit + msg := "missing commit in statement" +} + +has_commit if { + some sub in input.subject + sub.name == "git.head" +} diff --git a/pkg/policies/engine/rego/testdata/source-commit-simplified.rego b/pkg/policies/engine/rego/testdata/source-commit-simplified.rego new file mode 100644 index 000000000..7c8861185 --- /dev/null +++ b/pkg/policies/engine/rego/testdata/source-commit-simplified.rego @@ -0,0 +1,35 @@ +package source_commit + +import rego.v1 + +check_signature if { + lower(input.args.check_signature) == "true" +} + +check_signature if { + lower(input.args.check_signature) == "yes" +} + +violations contains msg if { + not has_commit + msg := "missing commit in statement" +} + +violations contains msg if { + has_commit + check_signature + not has_signature + msg := "missing signature in statement commit" +} + +has_commit if { + some sub in input.subject + sub.name == "git.head" + sub.digest.sha1 +} + +has_signature if { + some sub in input.subject + sub.name == "git.head" + sub.annotations.signature +} diff --git a/pkg/policies/engine/rego/testdata/with-comments.rego b/pkg/policies/engine/rego/testdata/with-comments.rego new file mode 100644 index 000000000..2044d9473 --- /dev/null +++ b/pkg/policies/engine/rego/testdata/with-comments.rego @@ -0,0 +1,16 @@ +package main + +import rego.v1 + +# This is a custom policy +# It checks for violations + +violations contains msg if { + # Check something + msg := "test violation" +} + +# Helper function +has_field if { + input.field +} diff --git a/pkg/policies/policies.go b/pkg/policies/policies.go index c92beeb45..9639f5b3d 100644 --- a/pkg/policies/policies.go +++ b/pkg/policies/policies.go @@ -608,6 +608,11 @@ func getPolicyTypes(p *v1.Policy) []v1.CraftingSchema_Material_MaterialType { return policyTypes } +// injectBoilerplateIfNeeded automatically injects common policy boilerplate +func injectBoilerplateIfNeeded(policySource []byte, policyName string) ([]byte, error) { + return rego.InjectBoilerplate(policySource, policyName) +} + // LoadPolicyScriptsFromSpec loads all policy script that matches a given material type. It matches if: // * the policy kind is unspecified, meaning that it was forced by name selector // * the policy kind is specified, and it's equal to the material type @@ -619,6 +624,13 @@ func LoadPolicyScriptsFromSpec(policy *v1.Policy, kind v1.CraftingSchema_Materia if err != nil { return nil, fmt.Errorf("failed to load policy script: %w", err) } + + // Inject boilerplate if needed + script, err = injectBoilerplateIfNeeded(script, policy.GetMetadata().GetName()) + if err != nil { + return nil, fmt.Errorf("failed to inject boilerplate: %w", err) + } + scripts = append(scripts, &engine.Policy{Source: script, Name: policy.GetMetadata().GetName()}) } else { // multi-kind policies @@ -629,6 +641,13 @@ func LoadPolicyScriptsFromSpec(policy *v1.Policy, kind v1.CraftingSchema_Materia if err != nil { return nil, fmt.Errorf("failed to load policy script: %w", err) } + + // Inject boilerplate if needed + script, err = injectBoilerplateIfNeeded(script, policy.GetMetadata().GetName()) + if err != nil { + return nil, fmt.Errorf("failed to inject boilerplate: %w", err) + } + scripts = append(scripts, &engine.Policy{Source: script, Name: policy.GetMetadata().GetName()}) } } From c5b63fa76869e98fb92b6bdf6492461535d6869a Mon Sep 17 00:00:00 2001 From: Sylwester Piskozub Date: Tue, 4 Nov 2025 13:54:07 +0100 Subject: [PATCH 2/8] remove unnecessary function Signed-off-by: Sylwester Piskozub --- pkg/policies/policies.go | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/pkg/policies/policies.go b/pkg/policies/policies.go index 9639f5b3d..0532e6466 100644 --- a/pkg/policies/policies.go +++ b/pkg/policies/policies.go @@ -608,11 +608,6 @@ func getPolicyTypes(p *v1.Policy) []v1.CraftingSchema_Material_MaterialType { return policyTypes } -// injectBoilerplateIfNeeded automatically injects common policy boilerplate -func injectBoilerplateIfNeeded(policySource []byte, policyName string) ([]byte, error) { - return rego.InjectBoilerplate(policySource, policyName) -} - // LoadPolicyScriptsFromSpec loads all policy script that matches a given material type. It matches if: // * the policy kind is unspecified, meaning that it was forced by name selector // * the policy kind is specified, and it's equal to the material type @@ -626,7 +621,7 @@ func LoadPolicyScriptsFromSpec(policy *v1.Policy, kind v1.CraftingSchema_Materia } // Inject boilerplate if needed - script, err = injectBoilerplateIfNeeded(script, policy.GetMetadata().GetName()) + script, err = rego.InjectBoilerplate(script, policy.GetMetadata().GetName()) if err != nil { return nil, fmt.Errorf("failed to inject boilerplate: %w", err) } @@ -643,7 +638,7 @@ func LoadPolicyScriptsFromSpec(policy *v1.Policy, kind v1.CraftingSchema_Materia } // Inject boilerplate if needed - script, err = injectBoilerplateIfNeeded(script, policy.GetMetadata().GetName()) + script, err = rego.InjectBoilerplate(script, policy.GetMetadata().GetName()) if err != nil { return nil, fmt.Errorf("failed to inject boilerplate: %w", err) } From ad51d8265a8ba379ce07fdc76835eafab3a25af6 Mon Sep 17 00:00:00 2001 From: Sylwester Piskozub Date: Tue, 4 Nov 2025 13:57:46 +0100 Subject: [PATCH 3/8] use opa v1 Signed-off-by: Sylwester Piskozub --- pkg/policies/engine/rego/boilerplate.go | 2 +- pkg/policies/engine/rego/boilerplate_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/policies/engine/rego/boilerplate.go b/pkg/policies/engine/rego/boilerplate.go index 57c730f30..4c354af55 100644 --- a/pkg/policies/engine/rego/boilerplate.go +++ b/pkg/policies/engine/rego/boilerplate.go @@ -22,7 +22,7 @@ import ( "strings" "text/template" - "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/v1/ast" ) const ( diff --git a/pkg/policies/engine/rego/boilerplate_test.go b/pkg/policies/engine/rego/boilerplate_test.go index 32b30404b..249cac444 100644 --- a/pkg/policies/engine/rego/boilerplate_test.go +++ b/pkg/policies/engine/rego/boilerplate_test.go @@ -20,7 +20,7 @@ import ( "path/filepath" "testing" - "github.com/open-policy-agent/opa/ast" + "github.com/open-policy-agent/opa/v1/ast" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) From 363c478b9af0f18e308c2ef01f0c93f2d5d5803c Mon Sep 17 00:00:00 2001 From: Sylwester Piskozub Date: Wed, 5 Nov 2025 11:56:53 +0100 Subject: [PATCH 4/8] add ignore, add trim markers Signed-off-by: Sylwester Piskozub --- pkg/policies/engine/rego/boilerplate.go | 4 ++- .../engine/rego/boilerplate.rego.tmpl | 26 ++++++++++++++----- .../rego/testdata/full-boilerplate.rego | 3 +++ .../rego/testdata/only-package-import.rego | 2 +- .../output/custom-valid-input-output.rego | 3 +++ .../output/full-boilerplate-output.rego | 3 +++ .../output/multiple-imports-output.rego | 5 +++- .../output/only-package-import-output.rego | 6 ++++- .../output/partial-boilerplate-output.rego | 3 +++ .../output/simplified-policy-output.rego | 5 +++- .../source-commit-simplified-output.rego | 5 +++- .../testdata/output/with-comments-output.rego | 5 +++- 12 files changed, 57 insertions(+), 13 deletions(-) diff --git a/pkg/policies/engine/rego/boilerplate.go b/pkg/policies/engine/rego/boilerplate.go index 4c354af55..e3f89b8cb 100644 --- a/pkg/policies/engine/rego/boilerplate.go +++ b/pkg/policies/engine/rego/boilerplate.go @@ -43,6 +43,7 @@ type boilerplateData struct { NeedsSkipped bool NeedsValidInput bool NeedsViolations bool + NeedsIgnore bool } // InjectBoilerplate automatically injects common policy boilerplate if it doesn't exist. @@ -71,7 +72,7 @@ func InjectBoilerplate(policySource []byte, policyName string) ([]byte, error) { // If all required boilerplate rules exist, no injection needed if existingRules[ruleResult] && existingRules[ruleSkipReason] && existingRules[ruleSkipped] && existingRules[ruleValidInput] && - existingRules[ruleViolations] { + existingRules[ruleViolations] && existingRules[ruleIgnore] { return policySource, nil } @@ -115,6 +116,7 @@ func buildBoilerplate(existingRules map[string]bool) (string, error) { NeedsSkipped: !existingRules[ruleSkipped], NeedsValidInput: !existingRules[ruleValidInput], NeedsViolations: !existingRules[ruleViolations], + NeedsIgnore: !existingRules[ruleIgnore], } tmpl, err := template.New("boilerplate").Parse(boilerplateTemplate) diff --git a/pkg/policies/engine/rego/boilerplate.rego.tmpl b/pkg/policies/engine/rego/boilerplate.rego.tmpl index bd3562445..68065bec7 100644 --- a/pkg/policies/engine/rego/boilerplate.rego.tmpl +++ b/pkg/policies/engine/rego/boilerplate.rego.tmpl @@ -1,22 +1,36 @@ -{{if .NeedsResult}}result := { +{{if .NeedsResult -}} +result := { "skipped": skipped, "violations": violations, "skip_reason": skip_reason, + "ignore": ignore, } -{{end}}{{if .NeedsSkipReason}}default skip_reason := "" +{{end -}} +{{if .NeedsSkipReason -}} +default skip_reason := "" skip_reason := m if { not valid_input m := "the file content is not recognized" } -{{end}}{{if .NeedsSkipped}}default skipped := true +{{end -}} +{{if .NeedsValidInput -}} +default valid_input := true + +{{end -}} +{{if .NeedsSkipped -}} +default skipped := true skipped := false if valid_input -{{end}}{{if .NeedsValidInput}}default valid_input := true +{{end -}} +{{if .NeedsIgnore -}} +default ignore := false -{{end}}{{if .NeedsViolations}}default violations := [] +{{end -}} +{{if .NeedsViolations -}} +default violations := [] -{{end}} \ No newline at end of file +{{end -}} \ No newline at end of file diff --git a/pkg/policies/engine/rego/testdata/full-boilerplate.rego b/pkg/policies/engine/rego/testdata/full-boilerplate.rego index 778d0b60f..efbe2d293 100644 --- a/pkg/policies/engine/rego/testdata/full-boilerplate.rego +++ b/pkg/policies/engine/rego/testdata/full-boilerplate.rego @@ -6,6 +6,7 @@ result := { "skipped": skipped, "violations": violations, "skip_reason": skip_reason, + "ignore": ignore, } default skip_reason := "" @@ -19,6 +20,8 @@ default skipped := true skipped := false if valid_input +default ignore := false + valid_input := true violations contains msg if { diff --git a/pkg/policies/engine/rego/testdata/only-package-import.rego b/pkg/policies/engine/rego/testdata/only-package-import.rego index 424648483..7988034e8 100644 --- a/pkg/policies/engine/rego/testdata/only-package-import.rego +++ b/pkg/policies/engine/rego/testdata/only-package-import.rego @@ -1,3 +1,3 @@ package main -import rego.v1 \ No newline at end of file +import rego.v1 diff --git a/pkg/policies/engine/rego/testdata/output/custom-valid-input-output.rego b/pkg/policies/engine/rego/testdata/output/custom-valid-input-output.rego index 2476cfaa3..13be6816e 100644 --- a/pkg/policies/engine/rego/testdata/output/custom-valid-input-output.rego +++ b/pkg/policies/engine/rego/testdata/output/custom-valid-input-output.rego @@ -6,6 +6,7 @@ result := { "skipped": skipped, "violations": violations, "skip_reason": skip_reason, + "ignore": ignore, } default skip_reason := "" @@ -19,6 +20,8 @@ default skipped := true skipped := false if valid_input +default ignore := false + valid_input if { input.type == "attestation" } diff --git a/pkg/policies/engine/rego/testdata/output/full-boilerplate-output.rego b/pkg/policies/engine/rego/testdata/output/full-boilerplate-output.rego index 778d0b60f..efbe2d293 100644 --- a/pkg/policies/engine/rego/testdata/output/full-boilerplate-output.rego +++ b/pkg/policies/engine/rego/testdata/output/full-boilerplate-output.rego @@ -6,6 +6,7 @@ result := { "skipped": skipped, "violations": violations, "skip_reason": skip_reason, + "ignore": ignore, } default skip_reason := "" @@ -19,6 +20,8 @@ default skipped := true skipped := false if valid_input +default ignore := false + valid_input := true violations contains msg if { diff --git a/pkg/policies/engine/rego/testdata/output/multiple-imports-output.rego b/pkg/policies/engine/rego/testdata/output/multiple-imports-output.rego index 04b8f56d8..d8f869c55 100644 --- a/pkg/policies/engine/rego/testdata/output/multiple-imports-output.rego +++ b/pkg/policies/engine/rego/testdata/output/multiple-imports-output.rego @@ -8,6 +8,7 @@ result := { "skipped": skipped, "violations": violations, "skip_reason": skip_reason, + "ignore": ignore, } default skip_reason := "" @@ -17,11 +18,13 @@ skip_reason := m if { m := "the file content is not recognized" } +default valid_input := true + default skipped := true skipped := false if valid_input -default valid_input := true +default ignore := false violations contains msg if { msg := "test" diff --git a/pkg/policies/engine/rego/testdata/output/only-package-import-output.rego b/pkg/policies/engine/rego/testdata/output/only-package-import-output.rego index 8cace7fd8..8b84b64d1 100644 --- a/pkg/policies/engine/rego/testdata/output/only-package-import-output.rego +++ b/pkg/policies/engine/rego/testdata/output/only-package-import-output.rego @@ -1,10 +1,12 @@ package main import rego.v1 + result := { "skipped": skipped, "violations": violations, "skip_reason": skip_reason, + "ignore": ignore, } default skip_reason := "" @@ -14,10 +16,12 @@ skip_reason := m if { m := "the file content is not recognized" } +default valid_input := true + default skipped := true skipped := false if valid_input -default valid_input := true +default ignore := false default violations := [] diff --git a/pkg/policies/engine/rego/testdata/output/partial-boilerplate-output.rego b/pkg/policies/engine/rego/testdata/output/partial-boilerplate-output.rego index e3b21f7e3..2013428d9 100644 --- a/pkg/policies/engine/rego/testdata/output/partial-boilerplate-output.rego +++ b/pkg/policies/engine/rego/testdata/output/partial-boilerplate-output.rego @@ -6,6 +6,7 @@ result := { "skipped": skipped, "violations": violations, "skip_reason": skip_reason, + "ignore": ignore, } default skip_reason := "" @@ -17,6 +18,8 @@ skip_reason := m if { default valid_input := true +default ignore := false + default skipped := true skipped := false if valid_input diff --git a/pkg/policies/engine/rego/testdata/output/simplified-policy-output.rego b/pkg/policies/engine/rego/testdata/output/simplified-policy-output.rego index a8330a0b9..797bd1ff2 100644 --- a/pkg/policies/engine/rego/testdata/output/simplified-policy-output.rego +++ b/pkg/policies/engine/rego/testdata/output/simplified-policy-output.rego @@ -6,6 +6,7 @@ result := { "skipped": skipped, "violations": violations, "skip_reason": skip_reason, + "ignore": ignore, } default skip_reason := "" @@ -15,11 +16,13 @@ skip_reason := m if { m := "the file content is not recognized" } +default valid_input := true + default skipped := true skipped := false if valid_input -default valid_input := true +default ignore := false violations contains msg if { not has_commit diff --git a/pkg/policies/engine/rego/testdata/output/source-commit-simplified-output.rego b/pkg/policies/engine/rego/testdata/output/source-commit-simplified-output.rego index 97819e8fb..7ebc34a4c 100644 --- a/pkg/policies/engine/rego/testdata/output/source-commit-simplified-output.rego +++ b/pkg/policies/engine/rego/testdata/output/source-commit-simplified-output.rego @@ -6,6 +6,7 @@ result := { "skipped": skipped, "violations": violations, "skip_reason": skip_reason, + "ignore": ignore, } default skip_reason := "" @@ -15,11 +16,13 @@ skip_reason := m if { m := "the file content is not recognized" } +default valid_input := true + default skipped := true skipped := false if valid_input -default valid_input := true +default ignore := false check_signature if { lower(input.args.check_signature) == "true" diff --git a/pkg/policies/engine/rego/testdata/output/with-comments-output.rego b/pkg/policies/engine/rego/testdata/output/with-comments-output.rego index 64aa8de10..db7dd9f6a 100644 --- a/pkg/policies/engine/rego/testdata/output/with-comments-output.rego +++ b/pkg/policies/engine/rego/testdata/output/with-comments-output.rego @@ -6,6 +6,7 @@ result := { "skipped": skipped, "violations": violations, "skip_reason": skip_reason, + "ignore": ignore, } default skip_reason := "" @@ -15,11 +16,13 @@ skip_reason := m if { m := "the file content is not recognized" } +default valid_input := true + default skipped := true skipped := false if valid_input -default valid_input := true +default ignore := false # This is a custom policy # It checks for violations From c974629b4d411ed4d07ce33d306a606e70626af3 Mon Sep 17 00:00:00 2001 From: Sylwester Piskozub Date: Fri, 7 Nov 2025 11:19:12 +0100 Subject: [PATCH 5/8] separate default rules Signed-off-by: Sylwester Piskozub --- pkg/policies/engine/rego/boilerplate.go | 68 ++++++++++++------- .../engine/rego/boilerplate.rego.tmpl | 14 ++-- pkg/policies/engine/rego/boilerplate_test.go | 20 ++++-- .../engine/rego/testdata/detect-rules.rego | 4 +- .../rego/testdata/full-boilerplate.rego | 4 +- .../output/full-boilerplate-output.rego | 4 +- 6 files changed, 76 insertions(+), 38 deletions(-) diff --git a/pkg/policies/engine/rego/boilerplate.go b/pkg/policies/engine/rego/boilerplate.go index e3f89b8cb..2e72933fc 100644 --- a/pkg/policies/engine/rego/boilerplate.go +++ b/pkg/policies/engine/rego/boilerplate.go @@ -38,12 +38,14 @@ const ( var boilerplateTemplate string type boilerplateData struct { - NeedsResult bool - NeedsSkipReason bool - NeedsSkipped bool - NeedsValidInput bool - NeedsViolations bool - NeedsIgnore bool + NeedsResult bool + NeedsDefaultSkipReason bool + NeedsSkipReasonRule bool + NeedsDefaultSkipped bool + NeedsSkippedRule bool + NeedsDefaultIgnore bool + NeedsDefaultValidInput bool + NeedsDefaultViolations bool } // InjectBoilerplate automatically injects common policy boilerplate if it doesn't exist. @@ -67,17 +69,20 @@ func InjectBoilerplate(policySource []byte, policyName string) ([]byte, error) { } // Detect which rules already exist using AST - existingRules := detectExistingRules(module) - - // If all required boilerplate rules exist, no injection needed - if existingRules[ruleResult] && existingRules[ruleSkipReason] && - existingRules[ruleSkipped] && existingRules[ruleValidInput] && - existingRules[ruleViolations] && existingRules[ruleIgnore] { + existing := detectExistingRules(module) + + // If all required boilerplate rules and defaults exist, no injection needed + if existing.hasRule[ruleResult] && + existing.hasDefault[ruleSkipReason] && existing.hasRule[ruleSkipReason] && + existing.hasDefault[ruleSkipped] && existing.hasRule[ruleSkipped] && + existing.hasDefault[ruleIgnore] && + existing.hasDefault[ruleValidInput] && + existing.hasDefault[ruleViolations] { return policySource, nil } // Build the boilerplate injection (rules only, no package/import) - injection, err := buildBoilerplate(existingRules) + injection, err := buildBoilerplate(existing) if err != nil { return nil, err } @@ -96,27 +101,42 @@ func InjectBoilerplate(policySource []byte, policyName string) ([]byte, error) { return []byte(injected), nil } +type existingRules struct { + hasRule map[string]bool + hasDefault map[string]bool +} + // detectExistingRules scans the AST to find which rules are already defined -func detectExistingRules(module *ast.Module) map[string]bool { - existing := make(map[string]bool) +func detectExistingRules(module *ast.Module) *existingRules { + rules := &existingRules{ + hasRule: make(map[string]bool), + hasDefault: make(map[string]bool), + } for _, rule := range module.Rules { ruleName := string(rule.Head.Name) - existing[ruleName] = true + rules.hasRule[ruleName] = true + + // Track if this is a default rule + if rule.Default { + rules.hasDefault[ruleName] = true + } } - return existing + return rules } // buildBoilerplate constructs the boilerplate template based on what's missing -func buildBoilerplate(existingRules map[string]bool) (string, error) { +func buildBoilerplate(rules *existingRules) (string, error) { data := boilerplateData{ - NeedsResult: !existingRules[ruleResult], - NeedsSkipReason: !existingRules[ruleSkipReason], - NeedsSkipped: !existingRules[ruleSkipped], - NeedsValidInput: !existingRules[ruleValidInput], - NeedsViolations: !existingRules[ruleViolations], - NeedsIgnore: !existingRules[ruleIgnore], + NeedsResult: !rules.hasRule[ruleResult], + NeedsDefaultSkipReason: !rules.hasDefault[ruleSkipReason] && !rules.hasRule[ruleSkipReason], + NeedsSkipReasonRule: !rules.hasRule[ruleSkipReason], + NeedsDefaultSkipped: !rules.hasDefault[ruleSkipped] && !rules.hasRule[ruleSkipped], + NeedsSkippedRule: !rules.hasRule[ruleSkipped], + NeedsDefaultIgnore: !rules.hasDefault[ruleIgnore] && !rules.hasRule[ruleIgnore], + NeedsDefaultValidInput: !rules.hasDefault[ruleValidInput] && !rules.hasRule[ruleValidInput], + NeedsDefaultViolations: !rules.hasDefault[ruleViolations] && !rules.hasRule[ruleViolations], } tmpl, err := template.New("boilerplate").Parse(boilerplateTemplate) diff --git a/pkg/policies/engine/rego/boilerplate.rego.tmpl b/pkg/policies/engine/rego/boilerplate.rego.tmpl index 68065bec7..ae0b1f2fc 100644 --- a/pkg/policies/engine/rego/boilerplate.rego.tmpl +++ b/pkg/policies/engine/rego/boilerplate.rego.tmpl @@ -7,30 +7,34 @@ result := { } {{end -}} -{{if .NeedsSkipReason -}} +{{if .NeedsDefaultSkipReason -}} default skip_reason := "" +{{end -}} +{{if .NeedsSkipReasonRule -}} skip_reason := m if { not valid_input m := "the file content is not recognized" } {{end -}} -{{if .NeedsValidInput -}} +{{if .NeedsDefaultValidInput -}} default valid_input := true {{end -}} -{{if .NeedsSkipped -}} +{{if .NeedsDefaultSkipped -}} default skipped := true +{{end -}} +{{if .NeedsSkippedRule -}} skipped := false if valid_input {{end -}} -{{if .NeedsIgnore -}} +{{if .NeedsDefaultIgnore -}} default ignore := false {{end -}} -{{if .NeedsViolations -}} +{{if .NeedsDefaultViolations -}} default violations := [] {{end -}} \ No newline at end of file diff --git a/pkg/policies/engine/rego/boilerplate_test.go b/pkg/policies/engine/rego/boilerplate_test.go index 249cac444..627ffca8d 100644 --- a/pkg/policies/engine/rego/boilerplate_test.go +++ b/pkg/policies/engine/rego/boilerplate_test.go @@ -111,9 +111,19 @@ func TestDetectExistingRules(t *testing.T) { existing := detectExistingRules(module) - assert.True(t, existing["result"]) - assert.True(t, existing["skipped"]) - assert.True(t, existing["valid_input"]) - assert.True(t, existing["violations"]) - assert.False(t, existing["skip_reason"]) + // Check rules exist + assert.True(t, existing.hasRule["result"]) + assert.True(t, existing.hasRule["skipped"]) + assert.True(t, existing.hasRule["valid_input"]) + assert.True(t, existing.hasRule["violations"]) + assert.False(t, existing.hasRule["skip_reason"]) + assert.False(t, existing.hasRule["ignore"]) + + // Check defaults for rules + assert.False(t, existing.hasDefault["result"]) + assert.True(t, existing.hasDefault["skipped"]) + assert.True(t, existing.hasDefault["valid_input"]) + assert.False(t, existing.hasDefault["violations"]) + assert.False(t, existing.hasDefault["skip_reason"]) + assert.False(t, existing.hasDefault["ignore"]) } diff --git a/pkg/policies/engine/rego/testdata/detect-rules.rego b/pkg/policies/engine/rego/testdata/detect-rules.rego index 2ed3e61ac..d093dcc3f 100644 --- a/pkg/policies/engine/rego/testdata/detect-rules.rego +++ b/pkg/policies/engine/rego/testdata/detect-rules.rego @@ -3,8 +3,8 @@ package main import rego.v1 result := {"test": true} -skipped := false -valid_input := true +default skipped := false +default valid_input := true violations contains msg if { msg := "test" diff --git a/pkg/policies/engine/rego/testdata/full-boilerplate.rego b/pkg/policies/engine/rego/testdata/full-boilerplate.rego index efbe2d293..e744c60af 100644 --- a/pkg/policies/engine/rego/testdata/full-boilerplate.rego +++ b/pkg/policies/engine/rego/testdata/full-boilerplate.rego @@ -16,13 +16,15 @@ skip_reason := m if { m := "the file content is not recognized" } +default valid_input := true + default skipped := true skipped := false if valid_input default ignore := false -valid_input := true +default violations := [] violations contains msg if { msg := "test violation" diff --git a/pkg/policies/engine/rego/testdata/output/full-boilerplate-output.rego b/pkg/policies/engine/rego/testdata/output/full-boilerplate-output.rego index efbe2d293..e744c60af 100644 --- a/pkg/policies/engine/rego/testdata/output/full-boilerplate-output.rego +++ b/pkg/policies/engine/rego/testdata/output/full-boilerplate-output.rego @@ -16,13 +16,15 @@ skip_reason := m if { m := "the file content is not recognized" } +default valid_input := true + default skipped := true skipped := false if valid_input default ignore := false -valid_input := true +default violations := [] violations contains msg if { msg := "test violation" From 5934371ab42a85420c5fa44568b88b59b023e8ad Mon Sep 17 00:00:00 2001 From: "Jose I. Paris" Date: Mon, 24 Nov 2025 17:19:51 +0100 Subject: [PATCH 6/8] move test files Signed-off-by: Jose I. Paris --- pkg/policies/engine/rego/boilerplate_test.go | 20 +- .../boilerplate}/custom-valid-input.rego | 0 .../boilerplate}/detect-rules.rego | 0 .../boilerplate}/full-boilerplate.rego | 0 .../boilerplate}/multiple-imports.rego | 0 .../boilerplate}/only-package-import.rego | 0 .../output/custom-valid-input-output.rego | 0 .../output/full-boilerplate-output.rego | 0 .../output/multiple-imports-output.rego | 0 .../output/only-package-import-output.rego | 0 .../output/partial-boilerplate-output.rego | 0 .../output/simplified-policy-output.rego | 0 .../source-commit-simplified-output.rego | 0 .../output/with-comments-output.rego | 0 .../boilerplate}/partial-boilerplate.rego | 0 .../boilerplate}/simplified-policy.rego | 0 .../source-commit-simplified.rego | 0 .../boilerplate}/with-comments.rego | 0 pkg/policies/testdata/container_policy.yaml | 20 - pkg/policies/testdata/group_with_inputs.yaml | 23 - .../group_with_interpolated_material.yaml | 25 - pkg/policies/testdata/materials.rego | 54 - pkg/policies/testdata/materials.yaml | 7 - pkg/policies/testdata/missing_rego.yaml | 7 - pkg/policies/testdata/multi-kind.yaml | 13 - pkg/policies/testdata/policy_group.yaml | 16 - .../testdata/policy_group_multikind.yaml | 16 - .../testdata/policy_group_no_name.yaml | 15 - pkg/policies/testdata/policy_group_wrong.yaml | 16 - .../policy_multi_kind_with_ignore.yaml | 69 - .../testdata/policy_openvex_no_ignore.yaml | 33 - .../testdata/policy_result_format.yaml | 41 - .../testdata/policy_result_skipped.yaml | 31 - pkg/policies/testdata/policy_with_ignore.yaml | 47 - pkg/policies/testdata/policy_with_inputs.yaml | 23 - pkg/policies/testdata/sbom-spdx.json | 1874 ----------------- pkg/policies/testdata/sbom_syft.rego | 43 - pkg/policies/testdata/sbom_syft.yaml | 10 - .../testdata/sbom_syft_not_typed.yaml | 6 - pkg/policies/testdata/statement.json | 247 --- pkg/policies/testdata/statement_gitlab.json | 247 --- .../testdata/statement_missing_runner.json | 245 --- pkg/policies/testdata/with_arguments.rego | 49 - pkg/policies/testdata/with_arguments.yaml | 7 - pkg/policies/testdata/workflow.rego | 53 - pkg/policies/testdata/workflow.yaml | 7 - pkg/policies/testdata/workflow_embedded.yaml | 61 - pkg/policies/testdata/wrong_policy.rego | 7 - pkg/policies/testdata/wrong_policy.yaml | 6 - 49 files changed, 10 insertions(+), 3328 deletions(-) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/custom-valid-input.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/detect-rules.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/full-boilerplate.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/multiple-imports.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/only-package-import.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/output/custom-valid-input-output.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/output/full-boilerplate-output.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/output/multiple-imports-output.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/output/only-package-import-output.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/output/partial-boilerplate-output.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/output/simplified-policy-output.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/output/source-commit-simplified-output.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/output/with-comments-output.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/partial-boilerplate.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/simplified-policy.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/source-commit-simplified.rego (100%) rename pkg/policies/engine/rego/{testdata => testfiles/boilerplate}/with-comments.rego (100%) delete mode 100644 pkg/policies/testdata/container_policy.yaml delete mode 100644 pkg/policies/testdata/group_with_inputs.yaml delete mode 100644 pkg/policies/testdata/group_with_interpolated_material.yaml delete mode 100644 pkg/policies/testdata/materials.rego delete mode 100644 pkg/policies/testdata/materials.yaml delete mode 100644 pkg/policies/testdata/missing_rego.yaml delete mode 100644 pkg/policies/testdata/multi-kind.yaml delete mode 100644 pkg/policies/testdata/policy_group.yaml delete mode 100644 pkg/policies/testdata/policy_group_multikind.yaml delete mode 100644 pkg/policies/testdata/policy_group_no_name.yaml delete mode 100644 pkg/policies/testdata/policy_group_wrong.yaml delete mode 100644 pkg/policies/testdata/policy_multi_kind_with_ignore.yaml delete mode 100644 pkg/policies/testdata/policy_openvex_no_ignore.yaml delete mode 100644 pkg/policies/testdata/policy_result_format.yaml delete mode 100644 pkg/policies/testdata/policy_result_skipped.yaml delete mode 100644 pkg/policies/testdata/policy_with_ignore.yaml delete mode 100644 pkg/policies/testdata/policy_with_inputs.yaml delete mode 100644 pkg/policies/testdata/sbom-spdx.json delete mode 100644 pkg/policies/testdata/sbom_syft.rego delete mode 100644 pkg/policies/testdata/sbom_syft.yaml delete mode 100644 pkg/policies/testdata/sbom_syft_not_typed.yaml delete mode 100644 pkg/policies/testdata/statement.json delete mode 100644 pkg/policies/testdata/statement_gitlab.json delete mode 100644 pkg/policies/testdata/statement_missing_runner.json delete mode 100644 pkg/policies/testdata/with_arguments.rego delete mode 100644 pkg/policies/testdata/with_arguments.yaml delete mode 100644 pkg/policies/testdata/workflow.rego delete mode 100644 pkg/policies/testdata/workflow.yaml delete mode 100644 pkg/policies/testdata/workflow_embedded.yaml delete mode 100644 pkg/policies/testdata/wrong_policy.rego delete mode 100644 pkg/policies/testdata/wrong_policy.yaml diff --git a/pkg/policies/engine/rego/boilerplate_test.go b/pkg/policies/engine/rego/boilerplate_test.go index 627ffca8d..e65e51c12 100644 --- a/pkg/policies/engine/rego/boilerplate_test.go +++ b/pkg/policies/engine/rego/boilerplate_test.go @@ -33,42 +33,42 @@ func TestInjectBoilerplate(t *testing.T) { }{ { name: "simplified policy", - inputFile: "testdata/simplified-policy.rego", + inputFile: "testfiles/boilerplate/simplified-policy.rego", outputName: "simplified-policy-output.rego", }, { name: "full boilerplate exists", - inputFile: "testdata/full-boilerplate.rego", + inputFile: "testfiles/boilerplate/full-boilerplate.rego", outputName: "full-boilerplate-output.rego", }, { name: "user defined valid_input", - inputFile: "testdata/custom-valid-input.rego", + inputFile: "testfiles/boilerplate/custom-valid-input.rego", outputName: "custom-valid-input-output.rego", }, { name: "partial boilerplate", - inputFile: "testdata/partial-boilerplate.rego", + inputFile: "testfiles/boilerplate/partial-boilerplate.rego", outputName: "partial-boilerplate-output.rego", }, { name: "preserve multiple imports", - inputFile: "testdata/multiple-imports.rego", + inputFile: "testfiles/boilerplate/multiple-imports.rego", outputName: "multiple-imports-output.rego", }, { name: "with comments", - inputFile: "testdata/with-comments.rego", + inputFile: "testfiles/boilerplate/with-comments.rego", outputName: "with-comments-output.rego", }, { name: "only package and import", - inputFile: "testdata/only-package-import.rego", + inputFile: "testfiles/boilerplate/only-package-import.rego", outputName: "only-package-import-output.rego", }, { name: "real world source commit example", - inputFile: "testdata/source-commit-simplified.rego", + inputFile: "testfiles/boilerplate/source-commit-simplified.rego", outputName: "source-commit-simplified-output.rego", }, } @@ -90,7 +90,7 @@ func TestInjectBoilerplate(t *testing.T) { func matchesOutput(t *testing.T, result []byte, outputName string) { t.Helper() - outputPath := filepath.Join("testdata", "output", outputName) + outputPath := filepath.Join("testfiles/boilerplate", "output", outputName) expected, err := os.ReadFile(outputPath) require.NoError(t, err, "failed to read output file %s", outputPath) @@ -103,7 +103,7 @@ func matchesOutput(t *testing.T, result []byte, outputName string) { } func TestDetectExistingRules(t *testing.T) { - policyBytes, err := os.ReadFile("testdata/detect-rules.rego") + policyBytes, err := os.ReadFile("testfiles/boilerplate/detect-rules.rego") require.NoError(t, err) module, err := ast.ParseModule("test", string(policyBytes)) diff --git a/pkg/policies/engine/rego/testdata/custom-valid-input.rego b/pkg/policies/engine/rego/testfiles/boilerplate/custom-valid-input.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/custom-valid-input.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/custom-valid-input.rego diff --git a/pkg/policies/engine/rego/testdata/detect-rules.rego b/pkg/policies/engine/rego/testfiles/boilerplate/detect-rules.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/detect-rules.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/detect-rules.rego diff --git a/pkg/policies/engine/rego/testdata/full-boilerplate.rego b/pkg/policies/engine/rego/testfiles/boilerplate/full-boilerplate.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/full-boilerplate.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/full-boilerplate.rego diff --git a/pkg/policies/engine/rego/testdata/multiple-imports.rego b/pkg/policies/engine/rego/testfiles/boilerplate/multiple-imports.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/multiple-imports.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/multiple-imports.rego diff --git a/pkg/policies/engine/rego/testdata/only-package-import.rego b/pkg/policies/engine/rego/testfiles/boilerplate/only-package-import.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/only-package-import.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/only-package-import.rego diff --git a/pkg/policies/engine/rego/testdata/output/custom-valid-input-output.rego b/pkg/policies/engine/rego/testfiles/boilerplate/output/custom-valid-input-output.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/output/custom-valid-input-output.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/output/custom-valid-input-output.rego diff --git a/pkg/policies/engine/rego/testdata/output/full-boilerplate-output.rego b/pkg/policies/engine/rego/testfiles/boilerplate/output/full-boilerplate-output.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/output/full-boilerplate-output.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/output/full-boilerplate-output.rego diff --git a/pkg/policies/engine/rego/testdata/output/multiple-imports-output.rego b/pkg/policies/engine/rego/testfiles/boilerplate/output/multiple-imports-output.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/output/multiple-imports-output.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/output/multiple-imports-output.rego diff --git a/pkg/policies/engine/rego/testdata/output/only-package-import-output.rego b/pkg/policies/engine/rego/testfiles/boilerplate/output/only-package-import-output.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/output/only-package-import-output.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/output/only-package-import-output.rego diff --git a/pkg/policies/engine/rego/testdata/output/partial-boilerplate-output.rego b/pkg/policies/engine/rego/testfiles/boilerplate/output/partial-boilerplate-output.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/output/partial-boilerplate-output.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/output/partial-boilerplate-output.rego diff --git a/pkg/policies/engine/rego/testdata/output/simplified-policy-output.rego b/pkg/policies/engine/rego/testfiles/boilerplate/output/simplified-policy-output.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/output/simplified-policy-output.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/output/simplified-policy-output.rego diff --git a/pkg/policies/engine/rego/testdata/output/source-commit-simplified-output.rego b/pkg/policies/engine/rego/testfiles/boilerplate/output/source-commit-simplified-output.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/output/source-commit-simplified-output.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/output/source-commit-simplified-output.rego diff --git a/pkg/policies/engine/rego/testdata/output/with-comments-output.rego b/pkg/policies/engine/rego/testfiles/boilerplate/output/with-comments-output.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/output/with-comments-output.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/output/with-comments-output.rego diff --git a/pkg/policies/engine/rego/testdata/partial-boilerplate.rego b/pkg/policies/engine/rego/testfiles/boilerplate/partial-boilerplate.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/partial-boilerplate.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/partial-boilerplate.rego diff --git a/pkg/policies/engine/rego/testdata/simplified-policy.rego b/pkg/policies/engine/rego/testfiles/boilerplate/simplified-policy.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/simplified-policy.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/simplified-policy.rego diff --git a/pkg/policies/engine/rego/testdata/source-commit-simplified.rego b/pkg/policies/engine/rego/testfiles/boilerplate/source-commit-simplified.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/source-commit-simplified.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/source-commit-simplified.rego diff --git a/pkg/policies/engine/rego/testdata/with-comments.rego b/pkg/policies/engine/rego/testfiles/boilerplate/with-comments.rego similarity index 100% rename from pkg/policies/engine/rego/testdata/with-comments.rego rename to pkg/policies/engine/rego/testfiles/boilerplate/with-comments.rego diff --git a/pkg/policies/testdata/container_policy.yaml b/pkg/policies/testdata/container_policy.yaml deleted file mode 100644 index d7320854b..000000000 --- a/pkg/policies/testdata/container_policy.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: container-policy - description: test policy - annotations: - category: containers -spec: - policies: - - kind: CONTAINER_IMAGE - embedded: | - package main - - import rego.v1 - - result := { - "violations": [], - "skipped": true, - "skip_reason": sprintf("the tag is '%s'", [input.chainloop_metadata.annotations["chainloop.material.image.tag"]]) - } diff --git a/pkg/policies/testdata/group_with_inputs.yaml b/pkg/policies/testdata/group_with_inputs.yaml deleted file mode 100644 index 7fb45f68b..000000000 --- a/pkg/policies/testdata/group_with_inputs.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: PolicyGroup -metadata: - name: group-with-inputs - description: test group - annotations: - category: test -spec: - inputs: - - name: user_name - required: true - - name: domainName - required: false - default: "chainloop.dev" - policies: - materials: - - name: sbom - type: SBOM_CYCLONEDX_JSON - policies: - - ref: file://testdata/policy_with_inputs.yaml - with: - email: "{{inputs.user_name}}@{{inputs.domainName}}" - diff --git a/pkg/policies/testdata/group_with_interpolated_material.yaml b/pkg/policies/testdata/group_with_interpolated_material.yaml deleted file mode 100644 index d1112123d..000000000 --- a/pkg/policies/testdata/group_with_interpolated_material.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: PolicyGroup -metadata: - name: group-with-inputs - description: test group - annotations: - category: test -spec: - inputs: - - name: sbom_name - default: "sbom" - - name: user_name - required: true - - name: domainName - required: false - default: "chainloop.dev" - policies: - materials: - - name: "{{ inputs.sbom_name }}" - type: SBOM_CYCLONEDX_JSON - policies: - - ref: file://testdata/policy_with_inputs.yaml - with: - email: "{{inputs.user_name}}@{{inputs.domainName}}" - diff --git a/pkg/policies/testdata/materials.rego b/pkg/policies/testdata/materials.rego deleted file mode 100644 index 54597b8bf..000000000 --- a/pkg/policies/testdata/materials.rego +++ /dev/null @@ -1,54 +0,0 @@ -package main - -import rego.v1 - -# Verifies there is a VEX material, even if not enforced by contract - -################################ -# Common section do NOT change # -################################ - -result := { - "skipped": skipped, - "violations": violations, - "skip_reason": skip_reason, -} - -default skip_reason := "" - -skip_reason := m if { - not valid_input - m := "invalid input" -} - -default skipped := true - -skipped := false if valid_input - -######################################## -# EO Common section, custom code below # -######################################## - -# Validates if the input is valid and can be understood by this policy -valid_input := true - -# If the input is valid, check for any policy violation here -violations contains msg if { - valid_input - not has_vex - msg := "missing VEX material" -} - -# Collect all material types -kinds contains kind if { - some material in input.predicate.materials - kind := material.annotations["chainloop.material.type"] -} - -has_vex if { - "CSAF_VEX" in kinds -} - -has_vex if { - "OPENVEX" in kinds -} diff --git a/pkg/policies/testdata/materials.yaml b/pkg/policies/testdata/materials.yaml deleted file mode 100644 index c2ebb861b..000000000 --- a/pkg/policies/testdata/materials.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: materials -spec: - type: ATTESTATION - path: materials.rego diff --git a/pkg/policies/testdata/missing_rego.yaml b/pkg/policies/testdata/missing_rego.yaml deleted file mode 100644 index df8b6ba5c..000000000 --- a/pkg/policies/testdata/missing_rego.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: missing-rego -spec: - type: ATTESTATION - path: this_is_a_missing.rego diff --git a/pkg/policies/testdata/multi-kind.yaml b/pkg/policies/testdata/multi-kind.yaml deleted file mode 100644 index 8b43100a8..000000000 --- a/pkg/policies/testdata/multi-kind.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: multikind - description: multikind policy - annotations: - category: SBOM -spec: - policies: - - kind: SBOM_SPDX_JSON - path: sbom_syft.rego - - kind: ATTESTATION - path: workflow.rego diff --git a/pkg/policies/testdata/policy_group.yaml b/pkg/policies/testdata/policy_group.yaml deleted file mode 100644 index 68e720c14..000000000 --- a/pkg/policies/testdata/policy_group.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: PolicyGroup -metadata: - name: sbom-quality - description: This policy group applies a number of SBOM-related policies - annotations: - category: SBOM -spec: - policies: - attestation: - - ref: file://testdata/with_arguments.yaml - materials: - - name: sbom - type: SBOM_SPDX_JSON - policies: - - ref: file://testdata/multi-kind.yaml diff --git a/pkg/policies/testdata/policy_group_multikind.yaml b/pkg/policies/testdata/policy_group_multikind.yaml deleted file mode 100644 index ea828e1ac..000000000 --- a/pkg/policies/testdata/policy_group_multikind.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: PolicyGroup -metadata: - name: sbom-quality - description: This policy group applies a number of SBOM-related policies - annotations: - category: SBOM -spec: - policies: - materials: - - type: SBOM_CYCLONEDX_JSON - policies: - - ref: file://testdata/policy_with_ignore.yaml - - type: OPENVEX - policies: - - ref: file://testdata/policy_openvex_no_ignore.yaml diff --git a/pkg/policies/testdata/policy_group_no_name.yaml b/pkg/policies/testdata/policy_group_no_name.yaml deleted file mode 100644 index 511cf9838..000000000 --- a/pkg/policies/testdata/policy_group_no_name.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: PolicyGroup -metadata: - name: sbom-quality - description: policy group with name-less material - annotations: - category: SBOM -spec: - policies: - attestation: - - ref: file://testdata/with_arguments.yaml - materials: - - type: SBOM_SPDX_JSON - policies: - - ref: file://testdata/multi-kind.yaml diff --git a/pkg/policies/testdata/policy_group_wrong.yaml b/pkg/policies/testdata/policy_group_wrong.yaml deleted file mode 100644 index 85a42a89d..000000000 --- a/pkg/policies/testdata/policy_group_wrong.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: PolicyGroup -metadata: - name: sbom-quality - description: This policy group applies a number of SBOM-related policies - annotations: - category: SBOM -spec: - policies: - attestation: - - ref: file://testdata/with_arguments.yaml - materials: - # No type specified in this material - - name: sbom - policies: - - ref: file://testdata/multi-kind.yaml diff --git a/pkg/policies/testdata/policy_multi_kind_with_ignore.yaml b/pkg/policies/testdata/policy_multi_kind_with_ignore.yaml deleted file mode 100644 index 9bdc95b28..000000000 --- a/pkg/policies/testdata/policy_multi_kind_with_ignore.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: multikindignore - description: multikind policy - annotations: - category: SBOM -spec: - policies: - - kind: SARIF - embedded: | - package main - - import rego.v1 - - result := { - "skipped": true, - "violations": [], - "skip_reason": "this one should be ignored", - "ignore": true, - } - - kind: SBOM_CYCLONEDX_JSON - embedded: | - package main - - import rego.v1 - - result := { - "skipped": true, - "violations": [], - "skip_reason": "this one should be ignored", - "ignore": true, - } - - kind: SBOM_CYCLONEDX_JSON - embedded: | - package main - - import rego.v1 - - result := { - "skipped": true, - "violations": [], - "skip_reason": "this on is skipped", - "ignore": false, - } - - kind: OPENVEX - embedded: | - package main - - import rego.v1 - - result := { - "skipped": false, - "violations": [], - "skip_reason": "", - "ignore": false, - } - - kind: OPENVEX - embedded: | - package main - - import rego.v1 - - result := { - "skipped": false, - "violations": [], - "skip_reason": "", - "ignore": false, - } diff --git a/pkg/policies/testdata/policy_openvex_no_ignore.yaml b/pkg/policies/testdata/policy_openvex_no_ignore.yaml deleted file mode 100644 index c5eb0faf4..000000000 --- a/pkg/policies/testdata/policy_openvex_no_ignore.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: multikindignore - description: multikind policy - annotations: - category: SBOM -spec: - policies: - - kind: OPENVEX - embedded: | - package main - - import rego.v1 - - result := { - "skipped": false, - "violations": [], - "skip_reason": "", - "ignore": false, - } - - kind: OPENVEX - embedded: | - package main - - import rego.v1 - - result := { - "skipped": false, - "violations": [], - "skip_reason": "", - "ignore": false, - } diff --git a/pkg/policies/testdata/policy_result_format.yaml b/pkg/policies/testdata/policy_result_format.yaml deleted file mode 100644 index 830b439ab..000000000 --- a/pkg/policies/testdata/policy_result_format.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: policy-result-format - description: Policy with new result format - annotations: - category: SBOM -spec: - policies: - - kind: SBOM_CYCLONEDX_JSON - embedded: | - package main - - import rego.v1 - - result := { - "skipped": skipped, - "violations": violations, - "skip_reason": skip_reason, - } - - default skip_reason := "" - - skip_reason := m if { - not valid_input - m := "invalid input" - } - - default skipped := true - - skipped := false if valid_input - - violations contains msg if { - valid_input - input.specVersion != "1.5" - msg := sprintf("wrong CycloneDX version. Expected 1.5, but it was %s", [input.specVersion]) - } - - valid_input if { - input.specVersion - } diff --git a/pkg/policies/testdata/policy_result_skipped.yaml b/pkg/policies/testdata/policy_result_skipped.yaml deleted file mode 100644 index 1f71881ae..000000000 --- a/pkg/policies/testdata/policy_result_skipped.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: policy-result-skipped - description: Policy with new result format - annotations: - category: SBOM -spec: - policies: - - kind: SBOM_CYCLONEDX_JSON - embedded: | - package main - - import rego.v1 - - result := { - "skipped": true, - "violations": [], - "skip_reason": "this one is skipped", - } - - kind: SBOM_CYCLONEDX_JSON - embedded: | - package main - - import rego.v1 - - result := { - "skipped": true, - "violations": [], - "skip_reason": "this is also skipped", - } \ No newline at end of file diff --git a/pkg/policies/testdata/policy_with_ignore.yaml b/pkg/policies/testdata/policy_with_ignore.yaml deleted file mode 100644 index 9942fa993..000000000 --- a/pkg/policies/testdata/policy_with_ignore.yaml +++ /dev/null @@ -1,47 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: policy-result-format - description: Policy with new result format - annotations: - category: SBOM -spec: - policies: - - kind: SBOM_CYCLONEDX_JSON - embedded: | - package main - - import rego.v1 - - result := { - "skipped": skipped, - "violations": violations, - "skip_reason": skip_reason, - "ignore": ignore, - } - - default skip_reason := "" - - skip_reason := m if { - not valid_input - m := "invalid input" - } - - default skipped := true - default ignore := false - - skipped := false if valid_input - - ignore := true if { - input.specVersion == "1.0" - } - - violations contains msg if { - valid_input - input.specVersion != "1.5" - msg := sprintf("wrong CycloneDX version. Expected 1.5, but it was %s", [input.specVersion]) - } - - valid_input if { - input.specVersion - } diff --git a/pkg/policies/testdata/policy_with_inputs.yaml b/pkg/policies/testdata/policy_with_inputs.yaml deleted file mode 100644 index b5868c0be..000000000 --- a/pkg/policies/testdata/policy_with_inputs.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: policy-with-inputs - description: Policy with inputs - annotations: - category: SBOM -spec: - inputs: - - name: email - required: true - policies: - - kind: SBOM_CYCLONEDX_JSON - embedded: | - package main - - import rego.v1 - - result := { - "skipped": true, - "violations": [], - "skip_reason": sprintf("the email is: %s", [input.args.email]), - } diff --git a/pkg/policies/testdata/sbom-spdx.json b/pkg/policies/testdata/sbom-spdx.json deleted file mode 100644 index 1f001e97a..000000000 --- a/pkg/policies/testdata/sbom-spdx.json +++ /dev/null @@ -1,1874 +0,0 @@ -{ - "spdxVersion": "SPDX-2.3", - "dataLicense": "CC0-1.0", - "SPDXID": "SPDXRef-DOCUMENT", - "name": ".", - "documentNamespace": "https://anchore.com/syft/dir/5d82480d-1f44-4351-b216-24880a877ce4", - "creationInfo": { - "licenseListVersion": "3.20", - "creators": [ - "Organization: Anchore, Inc", - "Tool: syft-0.73.0" - ], - "created": "2023-02-25T15:16:03Z" - }, - "packages": [ - { - "name": "@algolia/autocomplete-core", - "SPDXID": "SPDXRef-Package-npm--algolia-autocomplete-core-d4f529d2efd5d873", - "versionInfo": "1.7.4", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-core:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-core:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_core:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_core:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/autocomplete-core@1.7.4" - } - ] - }, - { - "name": "@algolia/autocomplete-core", - "SPDXID": "SPDXRef-Package-npm--algolia-autocomplete-core-a75e9cc60748602d", - "versionInfo": "1.7.4", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-core:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-core:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_core:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_core:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/autocomplete-core@1.7.4" - } - ] - }, - { - "name": "@algolia/autocomplete-preset-algolia", - "SPDXID": "SPDXRef-Package-npm--algolia-autocomplete-preset-algolia-2efe8108bf5904fb", - "versionInfo": "1.7.4", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset-algolia:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset-algolia:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset_algolia:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset_algolia:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/autocomplete-preset-algolia@1.7.4" - } - ] - }, - { - "name": "@algolia/autocomplete-preset-algolia", - "SPDXID": "SPDXRef-Package-npm--algolia-autocomplete-preset-algolia-719fbc0a971c8423", - "versionInfo": "1.7.4", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset-algolia:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset-algolia:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset_algolia:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset_algolia:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/autocomplete-preset-algolia@1.7.4" - } - ] - }, - { - "name": "@algolia/autocomplete-shared", - "SPDXID": "SPDXRef-Package-npm--algolia-autocomplete-shared-c04c8898a671ed16", - "versionInfo": "1.7.4", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-shared:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-shared:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_shared:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_shared:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/autocomplete-shared@1.7.4" - } - ] - }, - { - "name": "@algolia/autocomplete-shared", - "SPDXID": "SPDXRef-Package-npm--algolia-autocomplete-shared-349e9c24c2b4f2c5", - "versionInfo": "1.7.4", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-shared:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-shared:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_shared:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_shared:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/autocomplete-shared@1.7.4" - } - ] - }, - { - "name": "@algolia/cache-browser-local-storage", - "SPDXID": "SPDXRef-Package-npm--algolia-cache-browser-local-storage-7f047bcfa53ed7ee", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local-storage:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local-storage:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local_storage:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local_storage:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/cache-browser-local-storage@4.14.3" - } - ] - }, - { - "name": "@algolia/cache-browser-local-storage", - "SPDXID": "SPDXRef-Package-npm--algolia-cache-browser-local-storage-699118b8ecb40e29", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local-storage:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local-storage:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local_storage:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local_storage:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/cache-browser-local-storage@4.14.3" - } - ] - }, - { - "name": "@algolia/cache-common", - "SPDXID": "SPDXRef-Package-npm--algolia-cache-common-b83a20f4252c841a", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-common:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-common:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_common:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_common:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/cache-common@4.14.3" - } - ] - }, - { - "name": "@algolia/cache-common", - "SPDXID": "SPDXRef-Package-npm--algolia-cache-common-8feb5c8eb82329a3", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-common:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-common:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_common:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_common:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/cache-common@4.14.3" - } - ] - }, - { - "name": "@algolia/cache-in-memory", - "SPDXID": "SPDXRef-Package-npm--algolia-cache-in-memory-5b4709d3757a3a6d", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in-memory:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in-memory:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in_memory:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in_memory:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/cache-in-memory@4.14.3" - } - ] - }, - { - "name": "@algolia/cache-in-memory", - "SPDXID": "SPDXRef-Package-npm--algolia-cache-in-memory-a4bf58feef42f315", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in-memory:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in-memory:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in_memory:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in_memory:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/cache-in-memory@4.14.3" - } - ] - }, - { - "name": "@algolia/client-account", - "SPDXID": "SPDXRef-Package-npm--algolia-client-account-ccad52fb07b66b08", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-account:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-account:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_account:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_account:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/client-account@4.14.3" - } - ] - }, - { - "name": "@algolia/client-account", - "SPDXID": "SPDXRef-Package-npm--algolia-client-account-dcac7f21f13a1b6", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-account:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-account:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_account:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_account:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/client-account@4.14.3" - } - ] - }, - { - "name": "@algolia/client-analytics", - "SPDXID": "SPDXRef-Package-npm--algolia-client-analytics-da8f8d5e4a42283c", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-analytics:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-analytics:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_analytics:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_analytics:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/client-analytics@4.14.3" - } - ] - }, - { - "name": "@algolia/client-analytics", - "SPDXID": "SPDXRef-Package-npm--algolia-client-analytics-7aa06ac329e132f6", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-analytics:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-analytics:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_analytics:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_analytics:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/client-analytics@4.14.3" - } - ] - }, - { - "name": "@algolia/client-common", - "SPDXID": "SPDXRef-Package-npm--algolia-client-common-fdab2e146ab09cb0", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-common:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-common:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_common:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_common:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/client-common@4.14.3" - } - ] - }, - { - "name": "@algolia/client-common", - "SPDXID": "SPDXRef-Package-npm--algolia-client-common-1e82fe4ac5f06142", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-common:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-common:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_common:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_common:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/client-common@4.14.3" - } - ] - }, - { - "name": "@algolia/client-personalization", - "SPDXID": "SPDXRef-Package-npm--algolia-client-personalization-5860c568f6a2884b", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-personalization:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-personalization:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_personalization:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_personalization:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/client-personalization@4.14.3" - } - ] - }, - { - "name": "@algolia/client-personalization", - "SPDXID": "SPDXRef-Package-npm--algolia-client-personalization-5230f032c64636a3", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-personalization:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-personalization:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_personalization:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_personalization:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/client-personalization@4.14.3" - } - ] - }, - { - "name": "@algolia/client-search", - "SPDXID": "SPDXRef-Package-npm--algolia-client-search-dd73cb953fef8932", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-search:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-search:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_search:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_search:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/client-search@4.14.3" - } - ] - }, - { - "name": "@algolia/client-search", - "SPDXID": "SPDXRef-Package-npm--algolia-client-search-a19e56cf638775e2", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-search:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-search:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_search:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_search:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/client-search@4.14.3" - } - ] - }, - { - "name": "@algolia/events", - "SPDXID": "SPDXRef-Package-npm--algolia-events-5f312ad698b9cd07", - "versionInfo": "4.0.1", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/events:\\@algolia\\/events:4.0.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/events:4.0.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/events@4.0.1" - } - ] - }, - { - "name": "@algolia/events", - "SPDXID": "SPDXRef-Package-npm--algolia-events-4f529c22422af8a", - "versionInfo": "4.0.1", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/events:\\@algolia\\/events:4.0.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/events:4.0.1:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/events@4.0.1" - } - ] - }, - { - "name": "@algolia/logger-common", - "SPDXID": "SPDXRef-Package-npm--algolia-logger-common-4beb0a564e01e8dd", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-common:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-common:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_common:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_common:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/logger-common@4.14.3" - } - ] - }, - { - "name": "@algolia/logger-common", - "SPDXID": "SPDXRef-Package-npm--algolia-logger-common-b5611c2c52827c17", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-common:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-common:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_common:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_common:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/logger-common@4.14.3" - } - ] - }, - { - "name": "@algolia/logger-console", - "SPDXID": "SPDXRef-Package-npm--algolia-logger-console-7d44d092b7346496", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-console:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-console:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_console:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_console:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/logger-console@4.14.3" - } - ] - }, - { - "name": "@algolia/logger-console", - "SPDXID": "SPDXRef-Package-npm--algolia-logger-console-bd05c3862ee5c855", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-console:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-console:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_console:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_console:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/logger-console@4.14.3" - } - ] - }, - { - "name": "@algolia/requester-browser-xhr", - "SPDXID": "SPDXRef-Package-npm--algolia-requester-browser-xhr-2547173fb30f7bf4", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser-xhr:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser-xhr:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser_xhr:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser_xhr:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/requester-browser-xhr@4.14.3" - } - ] - }, - { - "name": "@algolia/requester-browser-xhr", - "SPDXID": "SPDXRef-Package-npm--algolia-requester-browser-xhr-afdcaeba77bd9241", - "versionInfo": "4.14.3", - "downloadLocation": "NOASSERTION", - "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", - "licenseConcluded": "MIT", - "licenseDeclared": "MIT", - "copyrightText": "NOASSERTION", - "externalRefs": [ - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser-xhr:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser-xhr:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser_xhr:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser_xhr:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "SECURITY", - "referenceType": "cpe23Type", - "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" - }, - { - "referenceCategory": "PACKAGE-MANAGER", - "referenceType": "purl", - "referenceLocator": "pkg:npm/%40algolia/requester-browser-xhr@4.14.3" - } - ] - } - ], - "relationships": [ - { - "spdxElementId": "SPDXRef-DOCUMENT", - "relatedSpdxElement": "SPDXRef-DOCUMENT", - "relationshipType": "DESCRIBES" - } - ] -} diff --git a/pkg/policies/testdata/sbom_syft.rego b/pkg/policies/testdata/sbom_syft.rego deleted file mode 100644 index c138fd3a7..000000000 --- a/pkg/policies/testdata/sbom_syft.rego +++ /dev/null @@ -1,43 +0,0 @@ -package main - -import rego.v1 - -################################ -# Common section do NOT change # -################################ - -result := { - "skipped": skipped, - "violations": violations, - "skip_reason": skip_reason, -} - -default skip_reason := "" - -skip_reason := m if { - not valid_input - m := "invalid input" -} - -default skipped := true - -skipped := false if valid_input - -######################################## -# EO Common section, custom code below # -######################################## - -# Validates if the input is valid and can be understood by this policy -valid_input := true - -# If the input is valid, check for any policy violation here -violations contains msg if { - valid_input - not made_with_syft - msg := "Not made with syft" -} - -made_with_syft if { - some creator in input.creationInfo.creators - contains(creator, "syft") -} \ No newline at end of file diff --git a/pkg/policies/testdata/sbom_syft.yaml b/pkg/policies/testdata/sbom_syft.yaml deleted file mode 100644 index 0e864d161..000000000 --- a/pkg/policies/testdata/sbom_syft.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: made-with-syft - description: This policy checks that the SPDX SBOM was created with syft - annotations: - category: SBOM -spec: - type: SBOM_SPDX_JSON - path: sbom_syft.rego diff --git a/pkg/policies/testdata/sbom_syft_not_typed.yaml b/pkg/policies/testdata/sbom_syft_not_typed.yaml deleted file mode 100644 index 8b451c4f6..000000000 --- a/pkg/policies/testdata/sbom_syft_not_typed.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: made-with-syft -spec: - path: sbom_syft.rego diff --git a/pkg/policies/testdata/statement.json b/pkg/policies/testdata/statement.json deleted file mode 100644 index 6103b25e0..000000000 --- a/pkg/policies/testdata/statement.json +++ /dev/null @@ -1,247 +0,0 @@ -{ - "_type": "https://in-toto.io/Statement/v1", - "subject": [ - { - "name": "chainloop.workflow.chainloop-vault-release", - "digest": { - "sha256": "9ae495a85891eb1130fefc17bc89940c9aa96acb8355c26a3e0d73a5097d41d4" - } - }, - { - "name": "git.head", - "digest": { - "sha1": "53f95f066b620172301e2a3879e7d593da05727e" - }, - "annotations": { - "author.email": "devel@chainloop.dev", - "author.name": "Developer", - "date": "2024-07-12T10:16:04Z", - "message": "chore(vulns): fix CVEs in base image (#1088)\n\nSigned-off-by: Jose I. Paris ", - "remotes": [ - { - "name": "origin", - "url": "https://github.com/chainloop-dev/chainloop" - } - ] - } - } - ], - "predicateType": "chainloop.dev/attestation/v0.2", - "predicate": { - "buildType": "chainloop.dev/workflowrun/v0.1", - "builder": { - "id": "chainloop.dev/cli/0.90.1@sha256:431a0765636854095f0c78d01b61eb5558abe7c8de1608aa93eef1530deee0b6" - }, - "env": { - "GITHUB_ACTOR": "jiparis", - "GITHUB_REF": "refs/tags/v0.93.7", - "GITHUB_REPOSITORY": "chainloop-dev/chainloop", - "GITHUB_REPOSITORY_OWNER": "chainloop-dev", - "GITHUB_RUN_ID": "9906853011", - "GITHUB_SHA": "53f95f066b620172301e2a3879e7d593da05727e", - "RUNNER_NAME": "GitHub Actions 193", - "RUNNER_OS": "Linux" - }, - "materials": [ - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782291120414953", - "chainloop.material.type": "SBOM_CYCLONEDX_JSON" - }, - "digest": { - "sha256": "bc449b71c4a47f2f69b514f27e1d61250ff0af0cc554a68d331b40042d90a3da" - }, - "name": "cas.cyclonedx.json" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782293352471920", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "972ca204670aee23ed070619333fb04410ed996bf3c063ff88d35de0702fd478" - }, - "name": "chainloop-cli-0.93.7-darwin-amd64.tar.gz" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782295934163620", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "27e4efa094adef0dc5375da7bce70437dde9d35d1e20598240debfc318f374da" - }, - "name": "chainloop-cli-0.93.7-darwin-amd64.tar.gz.sig" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782297645680131", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "389ea065be2dd50d07b27619b8594d4738b2c86481db969f62dd549e579af1e2" - }, - "name": "chainloop-cli-0.93.7-darwin-arm64.tar.gz" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782300158976415", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "47d5c22ee0f56bf3e7eed5c283fe66e5f61a7a9e913b9af1550dd07e71ac09e1" - }, - "name": "chainloop-cli-0.93.7-darwin-arm64.tar.gz.sig" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782301800977382", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "a57b0b11a51b8ebbc9d421bd68e6e82fd021f4e87742780ef30f0aaca0bdd1c2" - }, - "name": "chainloop-cli-0.93.7-linux-amd64.tar.gz" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782304541799505", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "754dea96fc2addc0fdb70f725686fd4b5e01a1aa69a1ed0726e4d08866400d42" - }, - "name": "chainloop-cli-0.93.7-linux-amd64.tar.gz.sig" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782306140039811", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "c63ee103397001d2e9727d30d02a4ce4e55b7e32da55f042a414c7424b42b21d" - }, - "name": "chainloop-cli-0.93.7-linux-arm64.tar.gz" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782308650938558", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "b5c7c73c9d4cd325b8da64135c28685715e8e19f6b48357eaf1a02e693734f37" - }, - "name": "chainloop-cli-0.93.7-linux-arm64.tar.gz.sig" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782309843066922", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "897f1dfc64736dd66ea8881ab07689d59e1bc147c45da0baa1de416834a46a3d" - }, - "name": "checksums.txt" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782311062937592", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "2f804aa3b95a81802c24e384e5e87e86f02ec23d043c9c4d3aa9243ee866b60b" - }, - "name": "checksums.txt.sig" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782311526704542", - "chainloop.material.type": "SBOM_CYCLONEDX_JSON" - }, - "digest": { - "sha256": "8b53305ead21a9ede6e0e3aee2fcc04f04796716e1a2b566ce03f3f8cbc2b130" - }, - "name": "controlplane.cyclonedx.json" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782313410977824", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "91c0b92358109bfc31ea4c58902d9b7f4f582ff9c4782fb276a685e914d3cc82" - }, - "name": "cosign.pub" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782315689903312", - "chainloop.material.type": "HELM_CHART" - }, - "digest": { - "sha256": "7cbbda1e5ab71fef561c0f123f5f584c8e0de523d4da80379599ce7a05c04c1f" - }, - "name": "chainloop-0.93.7.tar.gz" - }, - { - "annotations": { - "chainloop.material.image.tag": "v0.93.7", - "chainloop.material.name": "material-1720782317669410353", - "chainloop.material.type": "CONTAINER_IMAGE" - }, - "digest": { - "sha256": "4a8eb6f9ae76460b682e7e9eb5504df9f7f2b2250d9c5cb63204442e265e2c5a" - }, - "name": "ghcr.io/chainloop-dev/chainloop/control-plane" - }, - { - "annotations": { - "chainloop.material.image.tag": "v0.93.7", - "chainloop.material.name": "material-1720782318334142313", - "chainloop.material.type": "CONTAINER_IMAGE" - }, - "digest": { - "sha256": "4d329b2aee79b35ec5e6c462be5d8000565d5ccd13602427cd889fc91c187fc8" - }, - "name": "ghcr.io/chainloop-dev/chainloop/artifact-cas" - }, - { - "annotations": { - "chainloop.material.image.tag": "v0.93.7", - "chainloop.material.name": "material-1720782319034635257", - "chainloop.material.type": "CONTAINER_IMAGE" - }, - "digest": { - "sha256": "571a5543151d651cbc62679c3f50c2e6cadfd2ff20279374c6d6106b3f70560f" - }, - "name": "ghcr.io/chainloop-dev/chainloop/cli" - } - ], - "metadata": { - "finishedAt": "2024-07-12T11:05:19.808858785Z", - "initializedAt": "2024-07-12T11:04:48.604833219Z", - "name": "chainloop-vault-release", - "organization": "read-only-demo", - "project": "chainloop", - "team": "", - "workflowID": "2acc7ee5-21d1-4500-9ca4-2d25748a1ce0", - "workflowRunID": "37dd3d94-06e3-483f-83c2-18b1137e73ee" - }, - "runnerType": "GITHUB_ACTION", - "runnerURL": "https://github.com/chainloop-dev/chainloop/actions/runs/9906853011" - } -} \ No newline at end of file diff --git a/pkg/policies/testdata/statement_gitlab.json b/pkg/policies/testdata/statement_gitlab.json deleted file mode 100644 index affd5a8f9..000000000 --- a/pkg/policies/testdata/statement_gitlab.json +++ /dev/null @@ -1,247 +0,0 @@ -{ - "_type": "https://in-toto.io/Statement/v1", - "subject": [ - { - "name": "chainloop.workflow.chainloop-vault-release", - "digest": { - "sha256": "9ae495a85891eb1130fefc17bc89940c9aa96acb8355c26a3e0d73a5097d41d4" - } - }, - { - "name": "git.head", - "digest": { - "sha1": "53f95f066b620172301e2a3879e7d593da05727e" - }, - "annotations": { - "author.email": "devel@chainloop.dev", - "author.name": "Developer", - "date": "2024-07-12T10:16:04Z", - "message": "chore(vulns): fix CVEs in base image (#1088)\n\nSigned-off-by: Jose I. Paris ", - "remotes": [ - { - "name": "origin", - "url": "https://github.com/chainloop-dev/chainloop" - } - ] - } - } - ], - "predicateType": "chainloop.dev/attestation/v0.2", - "predicate": { - "buildType": "chainloop.dev/workflowrun/v0.1", - "builder": { - "id": "chainloop.dev/cli/0.90.1@sha256:431a0765636854095f0c78d01b61eb5558abe7c8de1608aa93eef1530deee0b6" - }, - "env": { - "GITHUB_ACTOR": "jiparis", - "GITHUB_REF": "refs/tags/v0.93.7", - "GITHUB_REPOSITORY": "chainloop-dev/chainloop", - "GITHUB_REPOSITORY_OWNER": "chainloop-dev", - "GITHUB_RUN_ID": "9906853011", - "GITHUB_SHA": "53f95f066b620172301e2a3879e7d593da05727e", - "RUNNER_NAME": "GitHub Actions 193", - "RUNNER_OS": "Linux" - }, - "materials": [ - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782291120414953", - "chainloop.material.type": "SBOM_CYCLONEDX_JSON" - }, - "digest": { - "sha256": "bc449b71c4a47f2f69b514f27e1d61250ff0af0cc554a68d331b40042d90a3da" - }, - "name": "cas.cyclonedx.json" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782293352471920", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "972ca204670aee23ed070619333fb04410ed996bf3c063ff88d35de0702fd478" - }, - "name": "chainloop-cli-0.93.7-darwin-amd64.tar.gz" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782295934163620", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "27e4efa094adef0dc5375da7bce70437dde9d35d1e20598240debfc318f374da" - }, - "name": "chainloop-cli-0.93.7-darwin-amd64.tar.gz.sig" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782297645680131", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "389ea065be2dd50d07b27619b8594d4738b2c86481db969f62dd549e579af1e2" - }, - "name": "chainloop-cli-0.93.7-darwin-arm64.tar.gz" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782300158976415", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "47d5c22ee0f56bf3e7eed5c283fe66e5f61a7a9e913b9af1550dd07e71ac09e1" - }, - "name": "chainloop-cli-0.93.7-darwin-arm64.tar.gz.sig" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782301800977382", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "a57b0b11a51b8ebbc9d421bd68e6e82fd021f4e87742780ef30f0aaca0bdd1c2" - }, - "name": "chainloop-cli-0.93.7-linux-amd64.tar.gz" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782304541799505", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "754dea96fc2addc0fdb70f725686fd4b5e01a1aa69a1ed0726e4d08866400d42" - }, - "name": "chainloop-cli-0.93.7-linux-amd64.tar.gz.sig" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782306140039811", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "c63ee103397001d2e9727d30d02a4ce4e55b7e32da55f042a414c7424b42b21d" - }, - "name": "chainloop-cli-0.93.7-linux-arm64.tar.gz" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782308650938558", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "b5c7c73c9d4cd325b8da64135c28685715e8e19f6b48357eaf1a02e693734f37" - }, - "name": "chainloop-cli-0.93.7-linux-arm64.tar.gz.sig" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782309843066922", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "897f1dfc64736dd66ea8881ab07689d59e1bc147c45da0baa1de416834a46a3d" - }, - "name": "checksums.txt" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782311062937592", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "2f804aa3b95a81802c24e384e5e87e86f02ec23d043c9c4d3aa9243ee866b60b" - }, - "name": "checksums.txt.sig" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782311526704542", - "chainloop.material.type": "SBOM_CYCLONEDX_JSON" - }, - "digest": { - "sha256": "8b53305ead21a9ede6e0e3aee2fcc04f04796716e1a2b566ce03f3f8cbc2b130" - }, - "name": "controlplane.cyclonedx.json" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782313410977824", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "91c0b92358109bfc31ea4c58902d9b7f4f582ff9c4782fb276a685e914d3cc82" - }, - "name": "cosign.pub" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782315689903312", - "chainloop.material.type": "HELM_CHART" - }, - "digest": { - "sha256": "7cbbda1e5ab71fef561c0f123f5f584c8e0de523d4da80379599ce7a05c04c1f" - }, - "name": "chainloop-0.93.7.tar.gz" - }, - { - "annotations": { - "chainloop.material.image.tag": "v0.93.7", - "chainloop.material.name": "material-1720782317669410353", - "chainloop.material.type": "CONTAINER_IMAGE" - }, - "digest": { - "sha256": "4a8eb6f9ae76460b682e7e9eb5504df9f7f2b2250d9c5cb63204442e265e2c5a" - }, - "name": "ghcr.io/chainloop-dev/chainloop/control-plane" - }, - { - "annotations": { - "chainloop.material.image.tag": "v0.93.7", - "chainloop.material.name": "material-1720782318334142313", - "chainloop.material.type": "CONTAINER_IMAGE" - }, - "digest": { - "sha256": "4d329b2aee79b35ec5e6c462be5d8000565d5ccd13602427cd889fc91c187fc8" - }, - "name": "ghcr.io/chainloop-dev/chainloop/artifact-cas" - }, - { - "annotations": { - "chainloop.material.image.tag": "v0.93.7", - "chainloop.material.name": "material-1720782319034635257", - "chainloop.material.type": "CONTAINER_IMAGE" - }, - "digest": { - "sha256": "571a5543151d651cbc62679c3f50c2e6cadfd2ff20279374c6d6106b3f70560f" - }, - "name": "ghcr.io/chainloop-dev/chainloop/cli" - } - ], - "metadata": { - "finishedAt": "2024-07-12T11:05:19.808858785Z", - "initializedAt": "2024-07-12T11:04:48.604833219Z", - "name": "chainloop-vault-release", - "organization": "read-only-demo", - "project": "chainloop", - "team": "", - "workflowID": "2acc7ee5-21d1-4500-9ca4-2d25748a1ce0", - "workflowRunID": "37dd3d94-06e3-483f-83c2-18b1137e73ee" - }, - "runnerType": "GITLAB", - "runnerURL": "https://github.com/chainloop-dev/chainloop/actions/runs/9906853011" - } -} \ No newline at end of file diff --git a/pkg/policies/testdata/statement_missing_runner.json b/pkg/policies/testdata/statement_missing_runner.json deleted file mode 100644 index 99dec26c4..000000000 --- a/pkg/policies/testdata/statement_missing_runner.json +++ /dev/null @@ -1,245 +0,0 @@ -{ - "_type": "https://in-toto.io/Statement/v1", - "subject": [ - { - "name": "chainloop.workflow.chainloop-vault-release", - "digest": { - "sha256": "9ae495a85891eb1130fefc17bc89940c9aa96acb8355c26a3e0d73a5097d41d4" - } - }, - { - "name": "git.head", - "digest": { - "sha1": "53f95f066b620172301e2a3879e7d593da05727e" - }, - "annotations": { - "author.email": "devel@chainloop.dev", - "author.name": "Developer", - "date": "2024-07-12T10:16:04Z", - "message": "chore(vulns): fix CVEs in base image (#1088)\n\nSigned-off-by: Jose I. Paris ", - "remotes": [ - { - "name": "origin", - "url": "https://github.com/chainloop-dev/chainloop" - } - ] - } - } - ], - "predicateType": "chainloop.dev/attestation/v0.2", - "predicate": { - "buildType": "chainloop.dev/workflowrun/v0.1", - "builder": { - "id": "chainloop.dev/cli/0.90.1@sha256:431a0765636854095f0c78d01b61eb5558abe7c8de1608aa93eef1530deee0b6" - }, - "env": { - "GITHUB_ACTOR": "jiparis", - "GITHUB_REF": "refs/tags/v0.93.7", - "GITHUB_REPOSITORY": "chainloop-dev/chainloop", - "GITHUB_REPOSITORY_OWNER": "chainloop-dev", - "GITHUB_RUN_ID": "9906853011", - "GITHUB_SHA": "53f95f066b620172301e2a3879e7d593da05727e", - "RUNNER_NAME": "GitHub Actions 193", - "RUNNER_OS": "Linux" - }, - "materials": [ - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782291120414953", - "chainloop.material.type": "SBOM_CYCLONEDX_JSON" - }, - "digest": { - "sha256": "bc449b71c4a47f2f69b514f27e1d61250ff0af0cc554a68d331b40042d90a3da" - }, - "name": "cas.cyclonedx.json" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782293352471920", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "972ca204670aee23ed070619333fb04410ed996bf3c063ff88d35de0702fd478" - }, - "name": "chainloop-cli-0.93.7-darwin-amd64.tar.gz" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782295934163620", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "27e4efa094adef0dc5375da7bce70437dde9d35d1e20598240debfc318f374da" - }, - "name": "chainloop-cli-0.93.7-darwin-amd64.tar.gz.sig" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782297645680131", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "389ea065be2dd50d07b27619b8594d4738b2c86481db969f62dd549e579af1e2" - }, - "name": "chainloop-cli-0.93.7-darwin-arm64.tar.gz" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782300158976415", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "47d5c22ee0f56bf3e7eed5c283fe66e5f61a7a9e913b9af1550dd07e71ac09e1" - }, - "name": "chainloop-cli-0.93.7-darwin-arm64.tar.gz.sig" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782301800977382", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "a57b0b11a51b8ebbc9d421bd68e6e82fd021f4e87742780ef30f0aaca0bdd1c2" - }, - "name": "chainloop-cli-0.93.7-linux-amd64.tar.gz" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782304541799505", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "754dea96fc2addc0fdb70f725686fd4b5e01a1aa69a1ed0726e4d08866400d42" - }, - "name": "chainloop-cli-0.93.7-linux-amd64.tar.gz.sig" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782306140039811", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "c63ee103397001d2e9727d30d02a4ce4e55b7e32da55f042a414c7424b42b21d" - }, - "name": "chainloop-cli-0.93.7-linux-arm64.tar.gz" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782308650938558", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "b5c7c73c9d4cd325b8da64135c28685715e8e19f6b48357eaf1a02e693734f37" - }, - "name": "chainloop-cli-0.93.7-linux-arm64.tar.gz.sig" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782309843066922", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "897f1dfc64736dd66ea8881ab07689d59e1bc147c45da0baa1de416834a46a3d" - }, - "name": "checksums.txt" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782311062937592", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "2f804aa3b95a81802c24e384e5e87e86f02ec23d043c9c4d3aa9243ee866b60b" - }, - "name": "checksums.txt.sig" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782311526704542", - "chainloop.material.type": "SBOM_CYCLONEDX_JSON" - }, - "digest": { - "sha256": "8b53305ead21a9ede6e0e3aee2fcc04f04796716e1a2b566ce03f3f8cbc2b130" - }, - "name": "controlplane.cyclonedx.json" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782313410977824", - "chainloop.material.type": "ARTIFACT" - }, - "digest": { - "sha256": "91c0b92358109bfc31ea4c58902d9b7f4f582ff9c4782fb276a685e914d3cc82" - }, - "name": "cosign.pub" - }, - { - "annotations": { - "chainloop.material.cas": true, - "chainloop.material.name": "material-1720782315689903312", - "chainloop.material.type": "HELM_CHART" - }, - "digest": { - "sha256": "7cbbda1e5ab71fef561c0f123f5f584c8e0de523d4da80379599ce7a05c04c1f" - }, - "name": "chainloop-0.93.7.tar.gz" - }, - { - "annotations": { - "chainloop.material.image.tag": "v0.93.7", - "chainloop.material.name": "material-1720782317669410353", - "chainloop.material.type": "CONTAINER_IMAGE" - }, - "digest": { - "sha256": "4a8eb6f9ae76460b682e7e9eb5504df9f7f2b2250d9c5cb63204442e265e2c5a" - }, - "name": "ghcr.io/chainloop-dev/chainloop/control-plane" - }, - { - "annotations": { - "chainloop.material.image.tag": "v0.93.7", - "chainloop.material.name": "material-1720782318334142313", - "chainloop.material.type": "CONTAINER_IMAGE" - }, - "digest": { - "sha256": "4d329b2aee79b35ec5e6c462be5d8000565d5ccd13602427cd889fc91c187fc8" - }, - "name": "ghcr.io/chainloop-dev/chainloop/artifact-cas" - }, - { - "annotations": { - "chainloop.material.image.tag": "v0.93.7", - "chainloop.material.name": "material-1720782319034635257", - "chainloop.material.type": "CONTAINER_IMAGE" - }, - "digest": { - "sha256": "571a5543151d651cbc62679c3f50c2e6cadfd2ff20279374c6d6106b3f70560f" - }, - "name": "ghcr.io/chainloop-dev/chainloop/cli" - } - ], - "metadata": { - "finishedAt": "2024-07-12T11:05:19.808858785Z", - "initializedAt": "2024-07-12T11:04:48.604833219Z", - "name": "chainloop-vault-release", - "organization": "read-only-demo", - "project": "chainloop", - "team": "", - "workflowID": "2acc7ee5-21d1-4500-9ca4-2d25748a1ce0", - "workflowRunID": "37dd3d94-06e3-483f-83c2-18b1137e73ee" - } - } -} \ No newline at end of file diff --git a/pkg/policies/testdata/with_arguments.rego b/pkg/policies/testdata/with_arguments.rego deleted file mode 100644 index 9a46d583b..000000000 --- a/pkg/policies/testdata/with_arguments.rego +++ /dev/null @@ -1,49 +0,0 @@ -package main - -import rego.v1 - -################################ -# Common section do NOT change # -################################ - -result := { - "skipped": skipped, - "violations": violations, - "skip_reason": skip_reason, -} - -default skip_reason := "" - -skip_reason := m if { - not valid_input - m := "invalid input" -} - -default skipped := true - -skipped := false if valid_input - -######################################## -# EO Common section, custom code below # -######################################## - -# Validates if the input is valid and can be understood by this policy -valid_input := true - -# If the input is valid, check for any policy violation here -violations contains msg if { - valid_input - not valid_developer - msg := "Invalid developer" -} - -valid_developer if { - some subject in input.subject - subject.annotations["author.email"] == input.args.email -} - - -valid_developer if { - some subject in input.subject - subject.annotations["author.email"] in input.args.email_array -} diff --git a/pkg/policies/testdata/with_arguments.yaml b/pkg/policies/testdata/with_arguments.yaml deleted file mode 100644 index 5c9c92792..000000000 --- a/pkg/policies/testdata/with_arguments.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: workflow -spec: - type: ATTESTATION - path: with_arguments.rego diff --git a/pkg/policies/testdata/workflow.rego b/pkg/policies/testdata/workflow.rego deleted file mode 100644 index e902c4c8b..000000000 --- a/pkg/policies/testdata/workflow.rego +++ /dev/null @@ -1,53 +0,0 @@ -package main - -import rego.v1 - -################################ -# Common section do NOT change # -################################ - -result := { - "skipped": skipped, - "violations": violations, - "skip_reason": skip_reason, -} - -default skip_reason := "" - -skip_reason := m if { - not valid_input - m := "invalid input" -} - -default skipped := true - -skipped := false if valid_input - -######################################## -# EO Common section, custom code below # -######################################## - -# Validates if the input is valid and can be understood by this policy -valid_input := true - -# If the input is valid, check for any policy violation here -violations contains msg if { - valid_input - not is_workflow - msg := "incorrect workflow" -} - -violations contains msg if { - valid_input - not is_github - msg := "incorrect runner" -} - -is_workflow if { - input.predicate.metadata.name == "chainloop-vault-release" -} - -is_github if { - input.predicate.runnerType == "GITHUB_ACTION" - input.predicate.env.GITHUB_SHA -} \ No newline at end of file diff --git a/pkg/policies/testdata/workflow.yaml b/pkg/policies/testdata/workflow.yaml deleted file mode 100644 index 4b4345118..000000000 --- a/pkg/policies/testdata/workflow.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: workflow -spec: - type: ATTESTATION - path: workflow.rego diff --git a/pkg/policies/testdata/workflow_embedded.yaml b/pkg/policies/testdata/workflow_embedded.yaml deleted file mode 100644 index 333a4967f..000000000 --- a/pkg/policies/testdata/workflow_embedded.yaml +++ /dev/null @@ -1,61 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: workflow -spec: - type: ATTESTATION - embedded: | - package main - - import rego.v1 - - ################################ - # Common section do NOT change # - ################################ - - result := { - "skipped": skipped, - "violations": violations, - "skip_reason": skip_reason, - } - - default skip_reason := "" - - skip_reason := m if { - not valid_input - m := "invalid input" - } - - default skipped := true - - skipped := false if valid_input - - ######################################## - # EO Common section, custom code below # - ######################################## - - # Validates if the input is valid and can be understood by this policy - valid_input := true - - # If the input is valid, check for any policy violation here - violations contains msg if { - valid_input - not is_workflow - msg := "incorrect workflow" - } - - violations contains msg if { - valid_input - not is_github - msg := "incorrect runner" - } - - is_workflow if { - input.predicate.metadata.name == "chainloop-vault-release" - } - - is_github if { - input.predicate.runnerType == "GITHUB_ACTION" - input.predicate.env.GITHUB_SHA - } - diff --git a/pkg/policies/testdata/wrong_policy.rego b/pkg/policies/testdata/wrong_policy.rego deleted file mode 100644 index 01e73a27a..000000000 --- a/pkg/policies/testdata/wrong_policy.rego +++ /dev/null @@ -1,7 +0,0 @@ -package main - -# wrong policy without a "violations" rule - -is_wrong { - true -} diff --git a/pkg/policies/testdata/wrong_policy.yaml b/pkg/policies/testdata/wrong_policy.yaml deleted file mode 100644 index 0c9d9caa6..000000000 --- a/pkg/policies/testdata/wrong_policy.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: workflowcontract.chainloop.dev/v1 -kind: Policy -metadata: - name: wrong_policy -spec: - path: wrong_policy.rego From 60a7e1d7076ca4f207809cd024e9e0a26456b30f Mon Sep 17 00:00:00 2001 From: "Jose I. Paris" Date: Mon, 24 Nov 2025 17:27:07 +0100 Subject: [PATCH 7/8] add test for compatibiity Signed-off-by: Jose I. Paris --- pkg/policies/engine/rego/boilerplate_test.go | 5 +++ .../output/result_format-output.rego | 37 +++++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 pkg/policies/engine/rego/testfiles/boilerplate/output/result_format-output.rego diff --git a/pkg/policies/engine/rego/boilerplate_test.go b/pkg/policies/engine/rego/boilerplate_test.go index e65e51c12..8f57f20c7 100644 --- a/pkg/policies/engine/rego/boilerplate_test.go +++ b/pkg/policies/engine/rego/boilerplate_test.go @@ -71,6 +71,11 @@ func TestInjectBoilerplate(t *testing.T) { inputFile: "testfiles/boilerplate/source-commit-simplified.rego", outputName: "source-commit-simplified-output.rego", }, + { + name: "backwards compatibility, policy keeps untouched", + inputFile: "testfiles/result_format.rego", + outputName: "result_format-output.rego", + }, } for _, tc := range testCases { diff --git a/pkg/policies/engine/rego/testfiles/boilerplate/output/result_format-output.rego b/pkg/policies/engine/rego/testfiles/boilerplate/output/result_format-output.rego new file mode 100644 index 000000000..2cb5484fb --- /dev/null +++ b/pkg/policies/engine/rego/testfiles/boilerplate/output/result_format-output.rego @@ -0,0 +1,37 @@ +package main + +import rego.v1 + +result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, + "ignore": ignore, +} + +default skip_reason := "" + +skip_reason := m if { + not valid_input + m := "invalid input" +} + +default skipped := true + +default ignore := false + +skipped := false if valid_input + +ignore := true if { + input.specVersion == "1.0" +} + +violations contains msg if { + valid_input + input.specVersion != "1.5" + msg := sprintf("wrong CycloneDX version. Expected 1.5, but it was %s", [input.specVersion]) +} + +valid_input if { + input.specVersion +} From 03374a1f5a1ee5f3f8a1f16ea97aee2fb3e418b2 Mon Sep 17 00:00:00 2001 From: "Jose I. Paris" Date: Mon, 24 Nov 2025 18:03:28 +0100 Subject: [PATCH 8/8] undo change Signed-off-by: Jose I. Paris --- pkg/policies/testdata/container_policy.yaml | 20 + pkg/policies/testdata/group_with_inputs.yaml | 23 + .../group_with_interpolated_material.yaml | 25 + pkg/policies/testdata/materials.rego | 54 + pkg/policies/testdata/materials.yaml | 7 + pkg/policies/testdata/missing_rego.yaml | 7 + pkg/policies/testdata/multi-kind.yaml | 13 + pkg/policies/testdata/policy_group.yaml | 16 + .../testdata/policy_group_multikind.yaml | 16 + .../testdata/policy_group_no_name.yaml | 15 + pkg/policies/testdata/policy_group_wrong.yaml | 16 + .../policy_multi_kind_with_ignore.yaml | 69 + .../testdata/policy_openvex_no_ignore.yaml | 33 + .../testdata/policy_result_format.yaml | 41 + .../testdata/policy_result_skipped.yaml | 31 + pkg/policies/testdata/policy_with_ignore.yaml | 47 + pkg/policies/testdata/policy_with_inputs.yaml | 23 + pkg/policies/testdata/sbom-spdx.json | 1874 +++++++++++++++++ pkg/policies/testdata/sbom_syft.rego | 43 + pkg/policies/testdata/sbom_syft.yaml | 10 + .../testdata/sbom_syft_not_typed.yaml | 6 + pkg/policies/testdata/statement.json | 247 +++ pkg/policies/testdata/statement_gitlab.json | 247 +++ .../testdata/statement_missing_runner.json | 245 +++ pkg/policies/testdata/with_arguments.rego | 49 + pkg/policies/testdata/with_arguments.yaml | 7 + pkg/policies/testdata/workflow.rego | 53 + pkg/policies/testdata/workflow.yaml | 7 + pkg/policies/testdata/workflow_embedded.yaml | 61 + pkg/policies/testdata/wrong_policy.rego | 7 + pkg/policies/testdata/wrong_policy.yaml | 6 + 31 files changed, 3318 insertions(+) create mode 100644 pkg/policies/testdata/container_policy.yaml create mode 100644 pkg/policies/testdata/group_with_inputs.yaml create mode 100644 pkg/policies/testdata/group_with_interpolated_material.yaml create mode 100644 pkg/policies/testdata/materials.rego create mode 100644 pkg/policies/testdata/materials.yaml create mode 100644 pkg/policies/testdata/missing_rego.yaml create mode 100644 pkg/policies/testdata/multi-kind.yaml create mode 100644 pkg/policies/testdata/policy_group.yaml create mode 100644 pkg/policies/testdata/policy_group_multikind.yaml create mode 100644 pkg/policies/testdata/policy_group_no_name.yaml create mode 100644 pkg/policies/testdata/policy_group_wrong.yaml create mode 100644 pkg/policies/testdata/policy_multi_kind_with_ignore.yaml create mode 100644 pkg/policies/testdata/policy_openvex_no_ignore.yaml create mode 100644 pkg/policies/testdata/policy_result_format.yaml create mode 100644 pkg/policies/testdata/policy_result_skipped.yaml create mode 100644 pkg/policies/testdata/policy_with_ignore.yaml create mode 100644 pkg/policies/testdata/policy_with_inputs.yaml create mode 100644 pkg/policies/testdata/sbom-spdx.json create mode 100644 pkg/policies/testdata/sbom_syft.rego create mode 100644 pkg/policies/testdata/sbom_syft.yaml create mode 100644 pkg/policies/testdata/sbom_syft_not_typed.yaml create mode 100644 pkg/policies/testdata/statement.json create mode 100644 pkg/policies/testdata/statement_gitlab.json create mode 100644 pkg/policies/testdata/statement_missing_runner.json create mode 100644 pkg/policies/testdata/with_arguments.rego create mode 100644 pkg/policies/testdata/with_arguments.yaml create mode 100644 pkg/policies/testdata/workflow.rego create mode 100644 pkg/policies/testdata/workflow.yaml create mode 100644 pkg/policies/testdata/workflow_embedded.yaml create mode 100644 pkg/policies/testdata/wrong_policy.rego create mode 100644 pkg/policies/testdata/wrong_policy.yaml diff --git a/pkg/policies/testdata/container_policy.yaml b/pkg/policies/testdata/container_policy.yaml new file mode 100644 index 000000000..d7320854b --- /dev/null +++ b/pkg/policies/testdata/container_policy.yaml @@ -0,0 +1,20 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: container-policy + description: test policy + annotations: + category: containers +spec: + policies: + - kind: CONTAINER_IMAGE + embedded: | + package main + + import rego.v1 + + result := { + "violations": [], + "skipped": true, + "skip_reason": sprintf("the tag is '%s'", [input.chainloop_metadata.annotations["chainloop.material.image.tag"]]) + } diff --git a/pkg/policies/testdata/group_with_inputs.yaml b/pkg/policies/testdata/group_with_inputs.yaml new file mode 100644 index 000000000..7fb45f68b --- /dev/null +++ b/pkg/policies/testdata/group_with_inputs.yaml @@ -0,0 +1,23 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: PolicyGroup +metadata: + name: group-with-inputs + description: test group + annotations: + category: test +spec: + inputs: + - name: user_name + required: true + - name: domainName + required: false + default: "chainloop.dev" + policies: + materials: + - name: sbom + type: SBOM_CYCLONEDX_JSON + policies: + - ref: file://testdata/policy_with_inputs.yaml + with: + email: "{{inputs.user_name}}@{{inputs.domainName}}" + diff --git a/pkg/policies/testdata/group_with_interpolated_material.yaml b/pkg/policies/testdata/group_with_interpolated_material.yaml new file mode 100644 index 000000000..d1112123d --- /dev/null +++ b/pkg/policies/testdata/group_with_interpolated_material.yaml @@ -0,0 +1,25 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: PolicyGroup +metadata: + name: group-with-inputs + description: test group + annotations: + category: test +spec: + inputs: + - name: sbom_name + default: "sbom" + - name: user_name + required: true + - name: domainName + required: false + default: "chainloop.dev" + policies: + materials: + - name: "{{ inputs.sbom_name }}" + type: SBOM_CYCLONEDX_JSON + policies: + - ref: file://testdata/policy_with_inputs.yaml + with: + email: "{{inputs.user_name}}@{{inputs.domainName}}" + diff --git a/pkg/policies/testdata/materials.rego b/pkg/policies/testdata/materials.rego new file mode 100644 index 000000000..54597b8bf --- /dev/null +++ b/pkg/policies/testdata/materials.rego @@ -0,0 +1,54 @@ +package main + +import rego.v1 + +# Verifies there is a VEX material, even if not enforced by contract + +################################ +# Common section do NOT change # +################################ + +result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, +} + +default skip_reason := "" + +skip_reason := m if { + not valid_input + m := "invalid input" +} + +default skipped := true + +skipped := false if valid_input + +######################################## +# EO Common section, custom code below # +######################################## + +# Validates if the input is valid and can be understood by this policy +valid_input := true + +# If the input is valid, check for any policy violation here +violations contains msg if { + valid_input + not has_vex + msg := "missing VEX material" +} + +# Collect all material types +kinds contains kind if { + some material in input.predicate.materials + kind := material.annotations["chainloop.material.type"] +} + +has_vex if { + "CSAF_VEX" in kinds +} + +has_vex if { + "OPENVEX" in kinds +} diff --git a/pkg/policies/testdata/materials.yaml b/pkg/policies/testdata/materials.yaml new file mode 100644 index 000000000..c2ebb861b --- /dev/null +++ b/pkg/policies/testdata/materials.yaml @@ -0,0 +1,7 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: materials +spec: + type: ATTESTATION + path: materials.rego diff --git a/pkg/policies/testdata/missing_rego.yaml b/pkg/policies/testdata/missing_rego.yaml new file mode 100644 index 000000000..df8b6ba5c --- /dev/null +++ b/pkg/policies/testdata/missing_rego.yaml @@ -0,0 +1,7 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: missing-rego +spec: + type: ATTESTATION + path: this_is_a_missing.rego diff --git a/pkg/policies/testdata/multi-kind.yaml b/pkg/policies/testdata/multi-kind.yaml new file mode 100644 index 000000000..8b43100a8 --- /dev/null +++ b/pkg/policies/testdata/multi-kind.yaml @@ -0,0 +1,13 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: multikind + description: multikind policy + annotations: + category: SBOM +spec: + policies: + - kind: SBOM_SPDX_JSON + path: sbom_syft.rego + - kind: ATTESTATION + path: workflow.rego diff --git a/pkg/policies/testdata/policy_group.yaml b/pkg/policies/testdata/policy_group.yaml new file mode 100644 index 000000000..68e720c14 --- /dev/null +++ b/pkg/policies/testdata/policy_group.yaml @@ -0,0 +1,16 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: PolicyGroup +metadata: + name: sbom-quality + description: This policy group applies a number of SBOM-related policies + annotations: + category: SBOM +spec: + policies: + attestation: + - ref: file://testdata/with_arguments.yaml + materials: + - name: sbom + type: SBOM_SPDX_JSON + policies: + - ref: file://testdata/multi-kind.yaml diff --git a/pkg/policies/testdata/policy_group_multikind.yaml b/pkg/policies/testdata/policy_group_multikind.yaml new file mode 100644 index 000000000..ea828e1ac --- /dev/null +++ b/pkg/policies/testdata/policy_group_multikind.yaml @@ -0,0 +1,16 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: PolicyGroup +metadata: + name: sbom-quality + description: This policy group applies a number of SBOM-related policies + annotations: + category: SBOM +spec: + policies: + materials: + - type: SBOM_CYCLONEDX_JSON + policies: + - ref: file://testdata/policy_with_ignore.yaml + - type: OPENVEX + policies: + - ref: file://testdata/policy_openvex_no_ignore.yaml diff --git a/pkg/policies/testdata/policy_group_no_name.yaml b/pkg/policies/testdata/policy_group_no_name.yaml new file mode 100644 index 000000000..511cf9838 --- /dev/null +++ b/pkg/policies/testdata/policy_group_no_name.yaml @@ -0,0 +1,15 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: PolicyGroup +metadata: + name: sbom-quality + description: policy group with name-less material + annotations: + category: SBOM +spec: + policies: + attestation: + - ref: file://testdata/with_arguments.yaml + materials: + - type: SBOM_SPDX_JSON + policies: + - ref: file://testdata/multi-kind.yaml diff --git a/pkg/policies/testdata/policy_group_wrong.yaml b/pkg/policies/testdata/policy_group_wrong.yaml new file mode 100644 index 000000000..85a42a89d --- /dev/null +++ b/pkg/policies/testdata/policy_group_wrong.yaml @@ -0,0 +1,16 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: PolicyGroup +metadata: + name: sbom-quality + description: This policy group applies a number of SBOM-related policies + annotations: + category: SBOM +spec: + policies: + attestation: + - ref: file://testdata/with_arguments.yaml + materials: + # No type specified in this material + - name: sbom + policies: + - ref: file://testdata/multi-kind.yaml diff --git a/pkg/policies/testdata/policy_multi_kind_with_ignore.yaml b/pkg/policies/testdata/policy_multi_kind_with_ignore.yaml new file mode 100644 index 000000000..9bdc95b28 --- /dev/null +++ b/pkg/policies/testdata/policy_multi_kind_with_ignore.yaml @@ -0,0 +1,69 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: multikindignore + description: multikind policy + annotations: + category: SBOM +spec: + policies: + - kind: SARIF + embedded: | + package main + + import rego.v1 + + result := { + "skipped": true, + "violations": [], + "skip_reason": "this one should be ignored", + "ignore": true, + } + - kind: SBOM_CYCLONEDX_JSON + embedded: | + package main + + import rego.v1 + + result := { + "skipped": true, + "violations": [], + "skip_reason": "this one should be ignored", + "ignore": true, + } + - kind: SBOM_CYCLONEDX_JSON + embedded: | + package main + + import rego.v1 + + result := { + "skipped": true, + "violations": [], + "skip_reason": "this on is skipped", + "ignore": false, + } + - kind: OPENVEX + embedded: | + package main + + import rego.v1 + + result := { + "skipped": false, + "violations": [], + "skip_reason": "", + "ignore": false, + } + - kind: OPENVEX + embedded: | + package main + + import rego.v1 + + result := { + "skipped": false, + "violations": [], + "skip_reason": "", + "ignore": false, + } diff --git a/pkg/policies/testdata/policy_openvex_no_ignore.yaml b/pkg/policies/testdata/policy_openvex_no_ignore.yaml new file mode 100644 index 000000000..c5eb0faf4 --- /dev/null +++ b/pkg/policies/testdata/policy_openvex_no_ignore.yaml @@ -0,0 +1,33 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: multikindignore + description: multikind policy + annotations: + category: SBOM +spec: + policies: + - kind: OPENVEX + embedded: | + package main + + import rego.v1 + + result := { + "skipped": false, + "violations": [], + "skip_reason": "", + "ignore": false, + } + - kind: OPENVEX + embedded: | + package main + + import rego.v1 + + result := { + "skipped": false, + "violations": [], + "skip_reason": "", + "ignore": false, + } diff --git a/pkg/policies/testdata/policy_result_format.yaml b/pkg/policies/testdata/policy_result_format.yaml new file mode 100644 index 000000000..830b439ab --- /dev/null +++ b/pkg/policies/testdata/policy_result_format.yaml @@ -0,0 +1,41 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: policy-result-format + description: Policy with new result format + annotations: + category: SBOM +spec: + policies: + - kind: SBOM_CYCLONEDX_JSON + embedded: | + package main + + import rego.v1 + + result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, + } + + default skip_reason := "" + + skip_reason := m if { + not valid_input + m := "invalid input" + } + + default skipped := true + + skipped := false if valid_input + + violations contains msg if { + valid_input + input.specVersion != "1.5" + msg := sprintf("wrong CycloneDX version. Expected 1.5, but it was %s", [input.specVersion]) + } + + valid_input if { + input.specVersion + } diff --git a/pkg/policies/testdata/policy_result_skipped.yaml b/pkg/policies/testdata/policy_result_skipped.yaml new file mode 100644 index 000000000..1f71881ae --- /dev/null +++ b/pkg/policies/testdata/policy_result_skipped.yaml @@ -0,0 +1,31 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: policy-result-skipped + description: Policy with new result format + annotations: + category: SBOM +spec: + policies: + - kind: SBOM_CYCLONEDX_JSON + embedded: | + package main + + import rego.v1 + + result := { + "skipped": true, + "violations": [], + "skip_reason": "this one is skipped", + } + - kind: SBOM_CYCLONEDX_JSON + embedded: | + package main + + import rego.v1 + + result := { + "skipped": true, + "violations": [], + "skip_reason": "this is also skipped", + } \ No newline at end of file diff --git a/pkg/policies/testdata/policy_with_ignore.yaml b/pkg/policies/testdata/policy_with_ignore.yaml new file mode 100644 index 000000000..9942fa993 --- /dev/null +++ b/pkg/policies/testdata/policy_with_ignore.yaml @@ -0,0 +1,47 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: policy-result-format + description: Policy with new result format + annotations: + category: SBOM +spec: + policies: + - kind: SBOM_CYCLONEDX_JSON + embedded: | + package main + + import rego.v1 + + result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, + "ignore": ignore, + } + + default skip_reason := "" + + skip_reason := m if { + not valid_input + m := "invalid input" + } + + default skipped := true + default ignore := false + + skipped := false if valid_input + + ignore := true if { + input.specVersion == "1.0" + } + + violations contains msg if { + valid_input + input.specVersion != "1.5" + msg := sprintf("wrong CycloneDX version. Expected 1.5, but it was %s", [input.specVersion]) + } + + valid_input if { + input.specVersion + } diff --git a/pkg/policies/testdata/policy_with_inputs.yaml b/pkg/policies/testdata/policy_with_inputs.yaml new file mode 100644 index 000000000..b5868c0be --- /dev/null +++ b/pkg/policies/testdata/policy_with_inputs.yaml @@ -0,0 +1,23 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: policy-with-inputs + description: Policy with inputs + annotations: + category: SBOM +spec: + inputs: + - name: email + required: true + policies: + - kind: SBOM_CYCLONEDX_JSON + embedded: | + package main + + import rego.v1 + + result := { + "skipped": true, + "violations": [], + "skip_reason": sprintf("the email is: %s", [input.args.email]), + } diff --git a/pkg/policies/testdata/sbom-spdx.json b/pkg/policies/testdata/sbom-spdx.json new file mode 100644 index 000000000..1f001e97a --- /dev/null +++ b/pkg/policies/testdata/sbom-spdx.json @@ -0,0 +1,1874 @@ +{ + "spdxVersion": "SPDX-2.3", + "dataLicense": "CC0-1.0", + "SPDXID": "SPDXRef-DOCUMENT", + "name": ".", + "documentNamespace": "https://anchore.com/syft/dir/5d82480d-1f44-4351-b216-24880a877ce4", + "creationInfo": { + "licenseListVersion": "3.20", + "creators": [ + "Organization: Anchore, Inc", + "Tool: syft-0.73.0" + ], + "created": "2023-02-25T15:16:03Z" + }, + "packages": [ + { + "name": "@algolia/autocomplete-core", + "SPDXID": "SPDXRef-Package-npm--algolia-autocomplete-core-d4f529d2efd5d873", + "versionInfo": "1.7.4", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-core:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-core:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_core:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_core:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/autocomplete-core@1.7.4" + } + ] + }, + { + "name": "@algolia/autocomplete-core", + "SPDXID": "SPDXRef-Package-npm--algolia-autocomplete-core-a75e9cc60748602d", + "versionInfo": "1.7.4", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-core:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-core:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_core:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_core:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete-core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete_core:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/autocomplete-core@1.7.4" + } + ] + }, + { + "name": "@algolia/autocomplete-preset-algolia", + "SPDXID": "SPDXRef-Package-npm--algolia-autocomplete-preset-algolia-2efe8108bf5904fb", + "versionInfo": "1.7.4", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset-algolia:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset-algolia:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset_algolia:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset_algolia:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/autocomplete-preset-algolia@1.7.4" + } + ] + }, + { + "name": "@algolia/autocomplete-preset-algolia", + "SPDXID": "SPDXRef-Package-npm--algolia-autocomplete-preset-algolia-719fbc0a971c8423", + "versionInfo": "1.7.4", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset-algolia:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset-algolia:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset_algolia:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset_algolia:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-preset:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_preset:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete-preset-algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete_preset_algolia:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/autocomplete-preset-algolia@1.7.4" + } + ] + }, + { + "name": "@algolia/autocomplete-shared", + "SPDXID": "SPDXRef-Package-npm--algolia-autocomplete-shared-c04c8898a671ed16", + "versionInfo": "1.7.4", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-shared:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-shared:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_shared:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_shared:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/autocomplete-shared@1.7.4" + } + ] + }, + { + "name": "@algolia/autocomplete-shared", + "SPDXID": "SPDXRef-Package-npm--algolia-autocomplete-shared-349e9c24c2b4f2c5", + "versionInfo": "1.7.4", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-shared:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete-shared:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_shared:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete_shared:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/autocomplete:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete-shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/autocomplete_shared:1.7.4:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/autocomplete-shared@1.7.4" + } + ] + }, + { + "name": "@algolia/cache-browser-local-storage", + "SPDXID": "SPDXRef-Package-npm--algolia-cache-browser-local-storage-7f047bcfa53ed7ee", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local-storage:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local-storage:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local_storage:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local_storage:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/cache-browser-local-storage@4.14.3" + } + ] + }, + { + "name": "@algolia/cache-browser-local-storage", + "SPDXID": "SPDXRef-Package-npm--algolia-cache-browser-local-storage-699118b8ecb40e29", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local-storage:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local-storage:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local_storage:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local_storage:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser-local:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser_local:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-browser:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_browser:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache-browser-local-storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache_browser_local_storage:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/cache-browser-local-storage@4.14.3" + } + ] + }, + { + "name": "@algolia/cache-common", + "SPDXID": "SPDXRef-Package-npm--algolia-cache-common-b83a20f4252c841a", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-common:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-common:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_common:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_common:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/cache-common@4.14.3" + } + ] + }, + { + "name": "@algolia/cache-common", + "SPDXID": "SPDXRef-Package-npm--algolia-cache-common-8feb5c8eb82329a3", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-common:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-common:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_common:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_common:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/cache-common@4.14.3" + } + ] + }, + { + "name": "@algolia/cache-in-memory", + "SPDXID": "SPDXRef-Package-npm--algolia-cache-in-memory-5b4709d3757a3a6d", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in-memory:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in-memory:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in_memory:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in_memory:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/cache-in-memory@4.14.3" + } + ] + }, + { + "name": "@algolia/cache-in-memory", + "SPDXID": "SPDXRef-Package-npm--algolia-cache-in-memory-a4bf58feef42f315", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in-memory:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in-memory:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in_memory:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in_memory:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache-in:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache_in:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/cache:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache-in-memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/cache_in_memory:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/cache-in-memory@4.14.3" + } + ] + }, + { + "name": "@algolia/client-account", + "SPDXID": "SPDXRef-Package-npm--algolia-client-account-ccad52fb07b66b08", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-account:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-account:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_account:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_account:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/client-account@4.14.3" + } + ] + }, + { + "name": "@algolia/client-account", + "SPDXID": "SPDXRef-Package-npm--algolia-client-account-dcac7f21f13a1b6", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-account:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-account:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_account:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_account:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_account:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/client-account@4.14.3" + } + ] + }, + { + "name": "@algolia/client-analytics", + "SPDXID": "SPDXRef-Package-npm--algolia-client-analytics-da8f8d5e4a42283c", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-analytics:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-analytics:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_analytics:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_analytics:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/client-analytics@4.14.3" + } + ] + }, + { + "name": "@algolia/client-analytics", + "SPDXID": "SPDXRef-Package-npm--algolia-client-analytics-7aa06ac329e132f6", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-analytics:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-analytics:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_analytics:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_analytics:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_analytics:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/client-analytics@4.14.3" + } + ] + }, + { + "name": "@algolia/client-common", + "SPDXID": "SPDXRef-Package-npm--algolia-client-common-fdab2e146ab09cb0", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-common:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-common:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_common:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_common:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/client-common@4.14.3" + } + ] + }, + { + "name": "@algolia/client-common", + "SPDXID": "SPDXRef-Package-npm--algolia-client-common-1e82fe4ac5f06142", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-common:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-common:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_common:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_common:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/client-common@4.14.3" + } + ] + }, + { + "name": "@algolia/client-personalization", + "SPDXID": "SPDXRef-Package-npm--algolia-client-personalization-5860c568f6a2884b", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-personalization:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-personalization:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_personalization:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_personalization:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/client-personalization@4.14.3" + } + ] + }, + { + "name": "@algolia/client-personalization", + "SPDXID": "SPDXRef-Package-npm--algolia-client-personalization-5230f032c64636a3", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-personalization:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-personalization:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_personalization:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_personalization:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_personalization:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/client-personalization@4.14.3" + } + ] + }, + { + "name": "@algolia/client-search", + "SPDXID": "SPDXRef-Package-npm--algolia-client-search-dd73cb953fef8932", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-search:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-search:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_search:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_search:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/client-search@4.14.3" + } + ] + }, + { + "name": "@algolia/client-search", + "SPDXID": "SPDXRef-Package-npm--algolia-client-search-a19e56cf638775e2", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-search:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client-search:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_search:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client_search:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/client:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client-search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/client_search:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/client-search@4.14.3" + } + ] + }, + { + "name": "@algolia/events", + "SPDXID": "SPDXRef-Package-npm--algolia-events-5f312ad698b9cd07", + "versionInfo": "4.0.1", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/events:\\@algolia\\/events:4.0.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/events:4.0.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/events@4.0.1" + } + ] + }, + { + "name": "@algolia/events", + "SPDXID": "SPDXRef-Package-npm--algolia-events-4f529c22422af8a", + "versionInfo": "4.0.1", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/events:\\@algolia\\/events:4.0.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/events:4.0.1:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/events@4.0.1" + } + ] + }, + { + "name": "@algolia/logger-common", + "SPDXID": "SPDXRef-Package-npm--algolia-logger-common-4beb0a564e01e8dd", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-common:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-common:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_common:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_common:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/logger-common@4.14.3" + } + ] + }, + { + "name": "@algolia/logger-common", + "SPDXID": "SPDXRef-Package-npm--algolia-logger-common-b5611c2c52827c17", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-common:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-common:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_common:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_common:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger-common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger_common:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/logger-common@4.14.3" + } + ] + }, + { + "name": "@algolia/logger-console", + "SPDXID": "SPDXRef-Package-npm--algolia-logger-console-7d44d092b7346496", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-console:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-console:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_console:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_console:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/logger-console@4.14.3" + } + ] + }, + { + "name": "@algolia/logger-console", + "SPDXID": "SPDXRef-Package-npm--algolia-logger-console-bd05c3862ee5c855", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-console:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger-console:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_console:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger_console:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/logger:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger-console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/logger_console:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/logger-console@4.14.3" + } + ] + }, + { + "name": "@algolia/requester-browser-xhr", + "SPDXID": "SPDXRef-Package-npm--algolia-requester-browser-xhr-2547173fb30f7bf4", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: package-lock.json", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser-xhr:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser-xhr:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser_xhr:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser_xhr:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/requester-browser-xhr@4.14.3" + } + ] + }, + { + "name": "@algolia/requester-browser-xhr", + "SPDXID": "SPDXRef-Package-npm--algolia-requester-browser-xhr-afdcaeba77bd9241", + "versionInfo": "4.14.3", + "downloadLocation": "NOASSERTION", + "sourceInfo": "acquired package info from installed node module manifest file: yarn.lock", + "licenseConcluded": "MIT", + "licenseDeclared": "MIT", + "copyrightText": "NOASSERTION", + "externalRefs": [ + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser-xhr:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser-xhr:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser_xhr:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser_xhr:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester-browser:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester_browser:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:\\@algolia\\/requester:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/requester-browser-xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "SECURITY", + "referenceType": "cpe23Type", + "referenceLocator": "cpe:2.3:a:*:\\@algolia\\/requester_browser_xhr:4.14.3:*:*:*:*:*:*:*" + }, + { + "referenceCategory": "PACKAGE-MANAGER", + "referenceType": "purl", + "referenceLocator": "pkg:npm/%40algolia/requester-browser-xhr@4.14.3" + } + ] + } + ], + "relationships": [ + { + "spdxElementId": "SPDXRef-DOCUMENT", + "relatedSpdxElement": "SPDXRef-DOCUMENT", + "relationshipType": "DESCRIBES" + } + ] +} diff --git a/pkg/policies/testdata/sbom_syft.rego b/pkg/policies/testdata/sbom_syft.rego new file mode 100644 index 000000000..c138fd3a7 --- /dev/null +++ b/pkg/policies/testdata/sbom_syft.rego @@ -0,0 +1,43 @@ +package main + +import rego.v1 + +################################ +# Common section do NOT change # +################################ + +result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, +} + +default skip_reason := "" + +skip_reason := m if { + not valid_input + m := "invalid input" +} + +default skipped := true + +skipped := false if valid_input + +######################################## +# EO Common section, custom code below # +######################################## + +# Validates if the input is valid and can be understood by this policy +valid_input := true + +# If the input is valid, check for any policy violation here +violations contains msg if { + valid_input + not made_with_syft + msg := "Not made with syft" +} + +made_with_syft if { + some creator in input.creationInfo.creators + contains(creator, "syft") +} \ No newline at end of file diff --git a/pkg/policies/testdata/sbom_syft.yaml b/pkg/policies/testdata/sbom_syft.yaml new file mode 100644 index 000000000..0e864d161 --- /dev/null +++ b/pkg/policies/testdata/sbom_syft.yaml @@ -0,0 +1,10 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: made-with-syft + description: This policy checks that the SPDX SBOM was created with syft + annotations: + category: SBOM +spec: + type: SBOM_SPDX_JSON + path: sbom_syft.rego diff --git a/pkg/policies/testdata/sbom_syft_not_typed.yaml b/pkg/policies/testdata/sbom_syft_not_typed.yaml new file mode 100644 index 000000000..8b451c4f6 --- /dev/null +++ b/pkg/policies/testdata/sbom_syft_not_typed.yaml @@ -0,0 +1,6 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: made-with-syft +spec: + path: sbom_syft.rego diff --git a/pkg/policies/testdata/statement.json b/pkg/policies/testdata/statement.json new file mode 100644 index 000000000..6103b25e0 --- /dev/null +++ b/pkg/policies/testdata/statement.json @@ -0,0 +1,247 @@ +{ + "_type": "https://in-toto.io/Statement/v1", + "subject": [ + { + "name": "chainloop.workflow.chainloop-vault-release", + "digest": { + "sha256": "9ae495a85891eb1130fefc17bc89940c9aa96acb8355c26a3e0d73a5097d41d4" + } + }, + { + "name": "git.head", + "digest": { + "sha1": "53f95f066b620172301e2a3879e7d593da05727e" + }, + "annotations": { + "author.email": "devel@chainloop.dev", + "author.name": "Developer", + "date": "2024-07-12T10:16:04Z", + "message": "chore(vulns): fix CVEs in base image (#1088)\n\nSigned-off-by: Jose I. Paris ", + "remotes": [ + { + "name": "origin", + "url": "https://github.com/chainloop-dev/chainloop" + } + ] + } + } + ], + "predicateType": "chainloop.dev/attestation/v0.2", + "predicate": { + "buildType": "chainloop.dev/workflowrun/v0.1", + "builder": { + "id": "chainloop.dev/cli/0.90.1@sha256:431a0765636854095f0c78d01b61eb5558abe7c8de1608aa93eef1530deee0b6" + }, + "env": { + "GITHUB_ACTOR": "jiparis", + "GITHUB_REF": "refs/tags/v0.93.7", + "GITHUB_REPOSITORY": "chainloop-dev/chainloop", + "GITHUB_REPOSITORY_OWNER": "chainloop-dev", + "GITHUB_RUN_ID": "9906853011", + "GITHUB_SHA": "53f95f066b620172301e2a3879e7d593da05727e", + "RUNNER_NAME": "GitHub Actions 193", + "RUNNER_OS": "Linux" + }, + "materials": [ + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782291120414953", + "chainloop.material.type": "SBOM_CYCLONEDX_JSON" + }, + "digest": { + "sha256": "bc449b71c4a47f2f69b514f27e1d61250ff0af0cc554a68d331b40042d90a3da" + }, + "name": "cas.cyclonedx.json" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782293352471920", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "972ca204670aee23ed070619333fb04410ed996bf3c063ff88d35de0702fd478" + }, + "name": "chainloop-cli-0.93.7-darwin-amd64.tar.gz" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782295934163620", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "27e4efa094adef0dc5375da7bce70437dde9d35d1e20598240debfc318f374da" + }, + "name": "chainloop-cli-0.93.7-darwin-amd64.tar.gz.sig" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782297645680131", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "389ea065be2dd50d07b27619b8594d4738b2c86481db969f62dd549e579af1e2" + }, + "name": "chainloop-cli-0.93.7-darwin-arm64.tar.gz" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782300158976415", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "47d5c22ee0f56bf3e7eed5c283fe66e5f61a7a9e913b9af1550dd07e71ac09e1" + }, + "name": "chainloop-cli-0.93.7-darwin-arm64.tar.gz.sig" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782301800977382", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "a57b0b11a51b8ebbc9d421bd68e6e82fd021f4e87742780ef30f0aaca0bdd1c2" + }, + "name": "chainloop-cli-0.93.7-linux-amd64.tar.gz" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782304541799505", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "754dea96fc2addc0fdb70f725686fd4b5e01a1aa69a1ed0726e4d08866400d42" + }, + "name": "chainloop-cli-0.93.7-linux-amd64.tar.gz.sig" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782306140039811", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "c63ee103397001d2e9727d30d02a4ce4e55b7e32da55f042a414c7424b42b21d" + }, + "name": "chainloop-cli-0.93.7-linux-arm64.tar.gz" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782308650938558", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "b5c7c73c9d4cd325b8da64135c28685715e8e19f6b48357eaf1a02e693734f37" + }, + "name": "chainloop-cli-0.93.7-linux-arm64.tar.gz.sig" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782309843066922", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "897f1dfc64736dd66ea8881ab07689d59e1bc147c45da0baa1de416834a46a3d" + }, + "name": "checksums.txt" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782311062937592", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "2f804aa3b95a81802c24e384e5e87e86f02ec23d043c9c4d3aa9243ee866b60b" + }, + "name": "checksums.txt.sig" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782311526704542", + "chainloop.material.type": "SBOM_CYCLONEDX_JSON" + }, + "digest": { + "sha256": "8b53305ead21a9ede6e0e3aee2fcc04f04796716e1a2b566ce03f3f8cbc2b130" + }, + "name": "controlplane.cyclonedx.json" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782313410977824", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "91c0b92358109bfc31ea4c58902d9b7f4f582ff9c4782fb276a685e914d3cc82" + }, + "name": "cosign.pub" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782315689903312", + "chainloop.material.type": "HELM_CHART" + }, + "digest": { + "sha256": "7cbbda1e5ab71fef561c0f123f5f584c8e0de523d4da80379599ce7a05c04c1f" + }, + "name": "chainloop-0.93.7.tar.gz" + }, + { + "annotations": { + "chainloop.material.image.tag": "v0.93.7", + "chainloop.material.name": "material-1720782317669410353", + "chainloop.material.type": "CONTAINER_IMAGE" + }, + "digest": { + "sha256": "4a8eb6f9ae76460b682e7e9eb5504df9f7f2b2250d9c5cb63204442e265e2c5a" + }, + "name": "ghcr.io/chainloop-dev/chainloop/control-plane" + }, + { + "annotations": { + "chainloop.material.image.tag": "v0.93.7", + "chainloop.material.name": "material-1720782318334142313", + "chainloop.material.type": "CONTAINER_IMAGE" + }, + "digest": { + "sha256": "4d329b2aee79b35ec5e6c462be5d8000565d5ccd13602427cd889fc91c187fc8" + }, + "name": "ghcr.io/chainloop-dev/chainloop/artifact-cas" + }, + { + "annotations": { + "chainloop.material.image.tag": "v0.93.7", + "chainloop.material.name": "material-1720782319034635257", + "chainloop.material.type": "CONTAINER_IMAGE" + }, + "digest": { + "sha256": "571a5543151d651cbc62679c3f50c2e6cadfd2ff20279374c6d6106b3f70560f" + }, + "name": "ghcr.io/chainloop-dev/chainloop/cli" + } + ], + "metadata": { + "finishedAt": "2024-07-12T11:05:19.808858785Z", + "initializedAt": "2024-07-12T11:04:48.604833219Z", + "name": "chainloop-vault-release", + "organization": "read-only-demo", + "project": "chainloop", + "team": "", + "workflowID": "2acc7ee5-21d1-4500-9ca4-2d25748a1ce0", + "workflowRunID": "37dd3d94-06e3-483f-83c2-18b1137e73ee" + }, + "runnerType": "GITHUB_ACTION", + "runnerURL": "https://github.com/chainloop-dev/chainloop/actions/runs/9906853011" + } +} \ No newline at end of file diff --git a/pkg/policies/testdata/statement_gitlab.json b/pkg/policies/testdata/statement_gitlab.json new file mode 100644 index 000000000..affd5a8f9 --- /dev/null +++ b/pkg/policies/testdata/statement_gitlab.json @@ -0,0 +1,247 @@ +{ + "_type": "https://in-toto.io/Statement/v1", + "subject": [ + { + "name": "chainloop.workflow.chainloop-vault-release", + "digest": { + "sha256": "9ae495a85891eb1130fefc17bc89940c9aa96acb8355c26a3e0d73a5097d41d4" + } + }, + { + "name": "git.head", + "digest": { + "sha1": "53f95f066b620172301e2a3879e7d593da05727e" + }, + "annotations": { + "author.email": "devel@chainloop.dev", + "author.name": "Developer", + "date": "2024-07-12T10:16:04Z", + "message": "chore(vulns): fix CVEs in base image (#1088)\n\nSigned-off-by: Jose I. Paris ", + "remotes": [ + { + "name": "origin", + "url": "https://github.com/chainloop-dev/chainloop" + } + ] + } + } + ], + "predicateType": "chainloop.dev/attestation/v0.2", + "predicate": { + "buildType": "chainloop.dev/workflowrun/v0.1", + "builder": { + "id": "chainloop.dev/cli/0.90.1@sha256:431a0765636854095f0c78d01b61eb5558abe7c8de1608aa93eef1530deee0b6" + }, + "env": { + "GITHUB_ACTOR": "jiparis", + "GITHUB_REF": "refs/tags/v0.93.7", + "GITHUB_REPOSITORY": "chainloop-dev/chainloop", + "GITHUB_REPOSITORY_OWNER": "chainloop-dev", + "GITHUB_RUN_ID": "9906853011", + "GITHUB_SHA": "53f95f066b620172301e2a3879e7d593da05727e", + "RUNNER_NAME": "GitHub Actions 193", + "RUNNER_OS": "Linux" + }, + "materials": [ + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782291120414953", + "chainloop.material.type": "SBOM_CYCLONEDX_JSON" + }, + "digest": { + "sha256": "bc449b71c4a47f2f69b514f27e1d61250ff0af0cc554a68d331b40042d90a3da" + }, + "name": "cas.cyclonedx.json" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782293352471920", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "972ca204670aee23ed070619333fb04410ed996bf3c063ff88d35de0702fd478" + }, + "name": "chainloop-cli-0.93.7-darwin-amd64.tar.gz" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782295934163620", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "27e4efa094adef0dc5375da7bce70437dde9d35d1e20598240debfc318f374da" + }, + "name": "chainloop-cli-0.93.7-darwin-amd64.tar.gz.sig" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782297645680131", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "389ea065be2dd50d07b27619b8594d4738b2c86481db969f62dd549e579af1e2" + }, + "name": "chainloop-cli-0.93.7-darwin-arm64.tar.gz" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782300158976415", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "47d5c22ee0f56bf3e7eed5c283fe66e5f61a7a9e913b9af1550dd07e71ac09e1" + }, + "name": "chainloop-cli-0.93.7-darwin-arm64.tar.gz.sig" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782301800977382", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "a57b0b11a51b8ebbc9d421bd68e6e82fd021f4e87742780ef30f0aaca0bdd1c2" + }, + "name": "chainloop-cli-0.93.7-linux-amd64.tar.gz" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782304541799505", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "754dea96fc2addc0fdb70f725686fd4b5e01a1aa69a1ed0726e4d08866400d42" + }, + "name": "chainloop-cli-0.93.7-linux-amd64.tar.gz.sig" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782306140039811", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "c63ee103397001d2e9727d30d02a4ce4e55b7e32da55f042a414c7424b42b21d" + }, + "name": "chainloop-cli-0.93.7-linux-arm64.tar.gz" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782308650938558", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "b5c7c73c9d4cd325b8da64135c28685715e8e19f6b48357eaf1a02e693734f37" + }, + "name": "chainloop-cli-0.93.7-linux-arm64.tar.gz.sig" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782309843066922", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "897f1dfc64736dd66ea8881ab07689d59e1bc147c45da0baa1de416834a46a3d" + }, + "name": "checksums.txt" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782311062937592", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "2f804aa3b95a81802c24e384e5e87e86f02ec23d043c9c4d3aa9243ee866b60b" + }, + "name": "checksums.txt.sig" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782311526704542", + "chainloop.material.type": "SBOM_CYCLONEDX_JSON" + }, + "digest": { + "sha256": "8b53305ead21a9ede6e0e3aee2fcc04f04796716e1a2b566ce03f3f8cbc2b130" + }, + "name": "controlplane.cyclonedx.json" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782313410977824", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "91c0b92358109bfc31ea4c58902d9b7f4f582ff9c4782fb276a685e914d3cc82" + }, + "name": "cosign.pub" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782315689903312", + "chainloop.material.type": "HELM_CHART" + }, + "digest": { + "sha256": "7cbbda1e5ab71fef561c0f123f5f584c8e0de523d4da80379599ce7a05c04c1f" + }, + "name": "chainloop-0.93.7.tar.gz" + }, + { + "annotations": { + "chainloop.material.image.tag": "v0.93.7", + "chainloop.material.name": "material-1720782317669410353", + "chainloop.material.type": "CONTAINER_IMAGE" + }, + "digest": { + "sha256": "4a8eb6f9ae76460b682e7e9eb5504df9f7f2b2250d9c5cb63204442e265e2c5a" + }, + "name": "ghcr.io/chainloop-dev/chainloop/control-plane" + }, + { + "annotations": { + "chainloop.material.image.tag": "v0.93.7", + "chainloop.material.name": "material-1720782318334142313", + "chainloop.material.type": "CONTAINER_IMAGE" + }, + "digest": { + "sha256": "4d329b2aee79b35ec5e6c462be5d8000565d5ccd13602427cd889fc91c187fc8" + }, + "name": "ghcr.io/chainloop-dev/chainloop/artifact-cas" + }, + { + "annotations": { + "chainloop.material.image.tag": "v0.93.7", + "chainloop.material.name": "material-1720782319034635257", + "chainloop.material.type": "CONTAINER_IMAGE" + }, + "digest": { + "sha256": "571a5543151d651cbc62679c3f50c2e6cadfd2ff20279374c6d6106b3f70560f" + }, + "name": "ghcr.io/chainloop-dev/chainloop/cli" + } + ], + "metadata": { + "finishedAt": "2024-07-12T11:05:19.808858785Z", + "initializedAt": "2024-07-12T11:04:48.604833219Z", + "name": "chainloop-vault-release", + "organization": "read-only-demo", + "project": "chainloop", + "team": "", + "workflowID": "2acc7ee5-21d1-4500-9ca4-2d25748a1ce0", + "workflowRunID": "37dd3d94-06e3-483f-83c2-18b1137e73ee" + }, + "runnerType": "GITLAB", + "runnerURL": "https://github.com/chainloop-dev/chainloop/actions/runs/9906853011" + } +} \ No newline at end of file diff --git a/pkg/policies/testdata/statement_missing_runner.json b/pkg/policies/testdata/statement_missing_runner.json new file mode 100644 index 000000000..99dec26c4 --- /dev/null +++ b/pkg/policies/testdata/statement_missing_runner.json @@ -0,0 +1,245 @@ +{ + "_type": "https://in-toto.io/Statement/v1", + "subject": [ + { + "name": "chainloop.workflow.chainloop-vault-release", + "digest": { + "sha256": "9ae495a85891eb1130fefc17bc89940c9aa96acb8355c26a3e0d73a5097d41d4" + } + }, + { + "name": "git.head", + "digest": { + "sha1": "53f95f066b620172301e2a3879e7d593da05727e" + }, + "annotations": { + "author.email": "devel@chainloop.dev", + "author.name": "Developer", + "date": "2024-07-12T10:16:04Z", + "message": "chore(vulns): fix CVEs in base image (#1088)\n\nSigned-off-by: Jose I. Paris ", + "remotes": [ + { + "name": "origin", + "url": "https://github.com/chainloop-dev/chainloop" + } + ] + } + } + ], + "predicateType": "chainloop.dev/attestation/v0.2", + "predicate": { + "buildType": "chainloop.dev/workflowrun/v0.1", + "builder": { + "id": "chainloop.dev/cli/0.90.1@sha256:431a0765636854095f0c78d01b61eb5558abe7c8de1608aa93eef1530deee0b6" + }, + "env": { + "GITHUB_ACTOR": "jiparis", + "GITHUB_REF": "refs/tags/v0.93.7", + "GITHUB_REPOSITORY": "chainloop-dev/chainloop", + "GITHUB_REPOSITORY_OWNER": "chainloop-dev", + "GITHUB_RUN_ID": "9906853011", + "GITHUB_SHA": "53f95f066b620172301e2a3879e7d593da05727e", + "RUNNER_NAME": "GitHub Actions 193", + "RUNNER_OS": "Linux" + }, + "materials": [ + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782291120414953", + "chainloop.material.type": "SBOM_CYCLONEDX_JSON" + }, + "digest": { + "sha256": "bc449b71c4a47f2f69b514f27e1d61250ff0af0cc554a68d331b40042d90a3da" + }, + "name": "cas.cyclonedx.json" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782293352471920", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "972ca204670aee23ed070619333fb04410ed996bf3c063ff88d35de0702fd478" + }, + "name": "chainloop-cli-0.93.7-darwin-amd64.tar.gz" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782295934163620", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "27e4efa094adef0dc5375da7bce70437dde9d35d1e20598240debfc318f374da" + }, + "name": "chainloop-cli-0.93.7-darwin-amd64.tar.gz.sig" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782297645680131", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "389ea065be2dd50d07b27619b8594d4738b2c86481db969f62dd549e579af1e2" + }, + "name": "chainloop-cli-0.93.7-darwin-arm64.tar.gz" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782300158976415", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "47d5c22ee0f56bf3e7eed5c283fe66e5f61a7a9e913b9af1550dd07e71ac09e1" + }, + "name": "chainloop-cli-0.93.7-darwin-arm64.tar.gz.sig" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782301800977382", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "a57b0b11a51b8ebbc9d421bd68e6e82fd021f4e87742780ef30f0aaca0bdd1c2" + }, + "name": "chainloop-cli-0.93.7-linux-amd64.tar.gz" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782304541799505", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "754dea96fc2addc0fdb70f725686fd4b5e01a1aa69a1ed0726e4d08866400d42" + }, + "name": "chainloop-cli-0.93.7-linux-amd64.tar.gz.sig" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782306140039811", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "c63ee103397001d2e9727d30d02a4ce4e55b7e32da55f042a414c7424b42b21d" + }, + "name": "chainloop-cli-0.93.7-linux-arm64.tar.gz" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782308650938558", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "b5c7c73c9d4cd325b8da64135c28685715e8e19f6b48357eaf1a02e693734f37" + }, + "name": "chainloop-cli-0.93.7-linux-arm64.tar.gz.sig" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782309843066922", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "897f1dfc64736dd66ea8881ab07689d59e1bc147c45da0baa1de416834a46a3d" + }, + "name": "checksums.txt" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782311062937592", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "2f804aa3b95a81802c24e384e5e87e86f02ec23d043c9c4d3aa9243ee866b60b" + }, + "name": "checksums.txt.sig" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782311526704542", + "chainloop.material.type": "SBOM_CYCLONEDX_JSON" + }, + "digest": { + "sha256": "8b53305ead21a9ede6e0e3aee2fcc04f04796716e1a2b566ce03f3f8cbc2b130" + }, + "name": "controlplane.cyclonedx.json" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782313410977824", + "chainloop.material.type": "ARTIFACT" + }, + "digest": { + "sha256": "91c0b92358109bfc31ea4c58902d9b7f4f582ff9c4782fb276a685e914d3cc82" + }, + "name": "cosign.pub" + }, + { + "annotations": { + "chainloop.material.cas": true, + "chainloop.material.name": "material-1720782315689903312", + "chainloop.material.type": "HELM_CHART" + }, + "digest": { + "sha256": "7cbbda1e5ab71fef561c0f123f5f584c8e0de523d4da80379599ce7a05c04c1f" + }, + "name": "chainloop-0.93.7.tar.gz" + }, + { + "annotations": { + "chainloop.material.image.tag": "v0.93.7", + "chainloop.material.name": "material-1720782317669410353", + "chainloop.material.type": "CONTAINER_IMAGE" + }, + "digest": { + "sha256": "4a8eb6f9ae76460b682e7e9eb5504df9f7f2b2250d9c5cb63204442e265e2c5a" + }, + "name": "ghcr.io/chainloop-dev/chainloop/control-plane" + }, + { + "annotations": { + "chainloop.material.image.tag": "v0.93.7", + "chainloop.material.name": "material-1720782318334142313", + "chainloop.material.type": "CONTAINER_IMAGE" + }, + "digest": { + "sha256": "4d329b2aee79b35ec5e6c462be5d8000565d5ccd13602427cd889fc91c187fc8" + }, + "name": "ghcr.io/chainloop-dev/chainloop/artifact-cas" + }, + { + "annotations": { + "chainloop.material.image.tag": "v0.93.7", + "chainloop.material.name": "material-1720782319034635257", + "chainloop.material.type": "CONTAINER_IMAGE" + }, + "digest": { + "sha256": "571a5543151d651cbc62679c3f50c2e6cadfd2ff20279374c6d6106b3f70560f" + }, + "name": "ghcr.io/chainloop-dev/chainloop/cli" + } + ], + "metadata": { + "finishedAt": "2024-07-12T11:05:19.808858785Z", + "initializedAt": "2024-07-12T11:04:48.604833219Z", + "name": "chainloop-vault-release", + "organization": "read-only-demo", + "project": "chainloop", + "team": "", + "workflowID": "2acc7ee5-21d1-4500-9ca4-2d25748a1ce0", + "workflowRunID": "37dd3d94-06e3-483f-83c2-18b1137e73ee" + } + } +} \ No newline at end of file diff --git a/pkg/policies/testdata/with_arguments.rego b/pkg/policies/testdata/with_arguments.rego new file mode 100644 index 000000000..9a46d583b --- /dev/null +++ b/pkg/policies/testdata/with_arguments.rego @@ -0,0 +1,49 @@ +package main + +import rego.v1 + +################################ +# Common section do NOT change # +################################ + +result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, +} + +default skip_reason := "" + +skip_reason := m if { + not valid_input + m := "invalid input" +} + +default skipped := true + +skipped := false if valid_input + +######################################## +# EO Common section, custom code below # +######################################## + +# Validates if the input is valid and can be understood by this policy +valid_input := true + +# If the input is valid, check for any policy violation here +violations contains msg if { + valid_input + not valid_developer + msg := "Invalid developer" +} + +valid_developer if { + some subject in input.subject + subject.annotations["author.email"] == input.args.email +} + + +valid_developer if { + some subject in input.subject + subject.annotations["author.email"] in input.args.email_array +} diff --git a/pkg/policies/testdata/with_arguments.yaml b/pkg/policies/testdata/with_arguments.yaml new file mode 100644 index 000000000..5c9c92792 --- /dev/null +++ b/pkg/policies/testdata/with_arguments.yaml @@ -0,0 +1,7 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: workflow +spec: + type: ATTESTATION + path: with_arguments.rego diff --git a/pkg/policies/testdata/workflow.rego b/pkg/policies/testdata/workflow.rego new file mode 100644 index 000000000..e902c4c8b --- /dev/null +++ b/pkg/policies/testdata/workflow.rego @@ -0,0 +1,53 @@ +package main + +import rego.v1 + +################################ +# Common section do NOT change # +################################ + +result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, +} + +default skip_reason := "" + +skip_reason := m if { + not valid_input + m := "invalid input" +} + +default skipped := true + +skipped := false if valid_input + +######################################## +# EO Common section, custom code below # +######################################## + +# Validates if the input is valid and can be understood by this policy +valid_input := true + +# If the input is valid, check for any policy violation here +violations contains msg if { + valid_input + not is_workflow + msg := "incorrect workflow" +} + +violations contains msg if { + valid_input + not is_github + msg := "incorrect runner" +} + +is_workflow if { + input.predicate.metadata.name == "chainloop-vault-release" +} + +is_github if { + input.predicate.runnerType == "GITHUB_ACTION" + input.predicate.env.GITHUB_SHA +} \ No newline at end of file diff --git a/pkg/policies/testdata/workflow.yaml b/pkg/policies/testdata/workflow.yaml new file mode 100644 index 000000000..4b4345118 --- /dev/null +++ b/pkg/policies/testdata/workflow.yaml @@ -0,0 +1,7 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: workflow +spec: + type: ATTESTATION + path: workflow.rego diff --git a/pkg/policies/testdata/workflow_embedded.yaml b/pkg/policies/testdata/workflow_embedded.yaml new file mode 100644 index 000000000..333a4967f --- /dev/null +++ b/pkg/policies/testdata/workflow_embedded.yaml @@ -0,0 +1,61 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: workflow +spec: + type: ATTESTATION + embedded: | + package main + + import rego.v1 + + ################################ + # Common section do NOT change # + ################################ + + result := { + "skipped": skipped, + "violations": violations, + "skip_reason": skip_reason, + } + + default skip_reason := "" + + skip_reason := m if { + not valid_input + m := "invalid input" + } + + default skipped := true + + skipped := false if valid_input + + ######################################## + # EO Common section, custom code below # + ######################################## + + # Validates if the input is valid and can be understood by this policy + valid_input := true + + # If the input is valid, check for any policy violation here + violations contains msg if { + valid_input + not is_workflow + msg := "incorrect workflow" + } + + violations contains msg if { + valid_input + not is_github + msg := "incorrect runner" + } + + is_workflow if { + input.predicate.metadata.name == "chainloop-vault-release" + } + + is_github if { + input.predicate.runnerType == "GITHUB_ACTION" + input.predicate.env.GITHUB_SHA + } + diff --git a/pkg/policies/testdata/wrong_policy.rego b/pkg/policies/testdata/wrong_policy.rego new file mode 100644 index 000000000..01e73a27a --- /dev/null +++ b/pkg/policies/testdata/wrong_policy.rego @@ -0,0 +1,7 @@ +package main + +# wrong policy without a "violations" rule + +is_wrong { + true +} diff --git a/pkg/policies/testdata/wrong_policy.yaml b/pkg/policies/testdata/wrong_policy.yaml new file mode 100644 index 000000000..0c9d9caa6 --- /dev/null +++ b/pkg/policies/testdata/wrong_policy.yaml @@ -0,0 +1,6 @@ +apiVersion: workflowcontract.chainloop.dev/v1 +kind: Policy +metadata: + name: wrong_policy +spec: + path: wrong_policy.rego