fix: wrong content type for batch-analysis

[ruromero]

Description

Incorrect content-type for batch analysis

Related issues (if any):

• related: feat: support JS/TS monorepo workspace batch analysis #423

Checklist

• I have followed this repository's contributing guidelines.
• I will adhere to the project's code of conduct.

[qodo-code-review]

ⓘ You are approaching your monthly quota for Qodo. Upgrade your plan

Review Summary by Qodo

Fix incorrect Content-Type header for batch-analysis API

🐞 Bug fix

Walkthroughs

Description

• Define CYCLONEDX_JSON_MEDIA_TYPE constant for batch-analysis API
• Fix incorrect Content-Type header in requestStackBatch function
• Standardize Content-Type usage across batch and image analysis endpoints
• Add comprehensive test coverage for Content-Type validation

Diagram

flowchart LR
  A["Define CYCLONEDX_JSON_MEDIA_TYPE<br/>constant"] --> B["Update requestStackBatch<br/>Content-Type header"]
  A --> C["Update requestImages<br/>Content-Type header"]
  B --> D["Add test validation<br/>for Content-Type"]
  C --> D

Loading

File Changes

1. src/analysis.js 🐞 Bug fix +5/-2

Define and apply CycloneDX media type constant

• Added CYCLONEDX_JSON_MEDIA_TYPE constant with value 'application/vnd.cyclonedx+json'
• Changed requestStackBatch Content-Type from 'application/json' to CYCLONEDX_JSON_MEDIA_TYPE
• Updated requestImages Content-Type to use the new constant for consistency
• Exported the new constant for use in tests

src/analysis.js

---

2. test/stack_analysis_batch.test.js 🧪 Tests +16/-0

Add Content-Type header validation tests

• Imported CYCLONEDX_JSON_MEDIA_TYPE constant from analysis module
• Added mediaTypeWithoutParameters helper function to parse Content-Type headers
• Captured Content-Type header in mock server request handler
• Added Content-Type validation assertions in three test cases
• Initialized capturedContentType variable in setup and teardown

test/stack_analysis_batch.test.js

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (1) 📘 Rule violations (0) 📎 Requirement gaps (0) 📐 Spec deviations (0)

1. Proxy config ignored 🐞 Bug ⛯ Reliability

Description

requestImages() sends the batch-analysis request via fetch() without addProxyAgent(...), so
TRUSTIFY_DA_PROXY_URL is ignored for image analysis requests and can fail in proxied environments.

Code

src/analysis.js[R211-217]

		method: 'POST',
		headers: {
			'Accept': html ? 'text/html' : 'application/json',
-			'Content-Type': 'application/vnd.cyclonedx+json',
+			'Content-Type': CYCLONEDX_JSON_MEDIA_TYPE,
			...getTokenHeaders(opts)
		},
		body: JSON.stringify(imageSboms),

Evidence

addProxyAgent() is the mechanism that applies TRUSTIFY_DA_PROXY_URL by setting options.agent
when configured. requestStackBatch() uses addProxyAgent(...) for its batch-analysis call, but
requestImages() still calls fetch(finalUrl, { ... }) directly, so proxy settings won’t be
applied for image batch-analysis while they are for stack batch-analysis.

src/tools.js[182-194]
src/analysis.js[151-168]
src/analysis.js[198-218]

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`requestImages()` bypasses proxy configuration because it calls `fetch()` directly instead of wrapping request init with `addProxyAgent(...)`. This causes image analysis requests to ignore `TRUSTIFY_DA_PROXY_URL`.

## Issue Context
Other outbound requests in `src/analysis.js` (e.g., `requestStackBatch`) consistently wrap options via `addProxyAgent(options, opts)` so proxy settings apply.

## Fix Focus Areas
- src/analysis.js[198-218]
- src/tools.js[182-194]

## Suggested change
In `requestImages()`, build a `fetchOptions` object identical to the current inline object, wrap it with `addProxyAgent(fetchOptions, opts)`, and pass the wrapped options to `fetch(finalUrl, wrappedOptions)` (mirroring `requestStackBatch`). Ensure headers/body stay the same.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more

[qodo-code-review]

1. Proxy config ignored 🐞 Bug ⛯ Reliability

requestImages() sends the batch-analysis request via fetch() without addProxyAgent(...), so
TRUSTIFY_DA_PROXY_URL is ignored for image analysis requests and can fail in proxied environments.

Agent Prompt

## Issue description
`requestImages()` bypasses proxy configuration because it calls `fetch()` directly instead of wrapping request init with `addProxyAgent(...)`. This causes image analysis requests to ignore `TRUSTIFY_DA_PROXY_URL`.

## Issue Context
Other outbound requests in `src/analysis.js` (e.g., `requestStackBatch`) consistently wrap options via `addProxyAgent(options, opts)` so proxy settings apply.

## Fix Focus Areas
- src/analysis.js[198-218]
- src/tools.js[182-194]

## Suggested change
In `requestImages()`, build a `fetchOptions` object identical to the current inline object, wrap it with `addProxyAgent(fetchOptions, opts)`, and pass the wrapped options to `fetch(finalUrl, wrappedOptions)` (mirroring `requestStackBatch`). Ensure headers/body stay the same.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools