├── .github
├── dependabot.yml
└── workflows
│ ├── dotnetcore.yml
│ └── release.yml
├── .gitignore
├── .gitpod.Dockerfile
├── .gitpod.yml
├── Dockerfile
├── LICENSE
├── NOTICE
├── README.md
├── cyclonedx-web-tool.sln
├── local-build.sh
├── semver.txt
└── src
└── CycloneDX.WebTool
├── App.razor
├── CycloneDX.WebTool.csproj
├── Pages
├── Convert.razor
├── Index.razor
├── Merge.razor
└── Validate.razor
├── Program.cs
├── Properties
└── launchSettings.json
├── Shared
├── MainLayout.razor
├── MainLayout.razor.css
├── NavMenu.razor
└── NavMenu.razor.css
├── _Imports.razor
└── wwwroot
├── css
├── app.css
├── bootstrap
│ ├── bootstrap.min.css
│ └── bootstrap.min.css.map
└── open-iconic
│ ├── FONT-LICENSE
│ ├── ICON-LICENSE
│ ├── README.md
│ └── font
│ ├── css
│ └── open-iconic-bootstrap.min.css
│ └── fonts
│ ├── open-iconic.eot
│ ├── open-iconic.otf
│ ├── open-iconic.svg
│ ├── open-iconic.ttf
│ └── open-iconic.woff
├── favicon.ico
├── index.html
├── js
└── utils.js
├── manifest.json
├── service-worker.js
└── service-worker.published.js
/.github/dependabot.yml:
--------------------------------------------------------------------------------
1 | version: 2
2 | updates:
3 | - package-ecosystem: "nuget"
4 | directory: "/"
5 | schedule:
6 | interval: "daily"
7 |
8 | - package-ecosystem: "github-actions"
9 | directory: "/"
10 | schedule:
11 | interval: "daily"
--------------------------------------------------------------------------------
/.github/workflows/dotnetcore.yml:
--------------------------------------------------------------------------------
1 | # For details of what checks are run for PRs please refer below
2 | name: .NET Core CI
3 |
4 | on: [pull_request, workflow_dispatch]
5 |
6 | jobs:
7 | # Fail if there are build warnings
8 | #
9 | # To check for build warnings locally you may need to run a clean build.
10 | #
11 | # This can be done by running `dotnet clean` before running `dotnet build`
12 | build-warnings:
13 | name: Build warnings check
14 | runs-on: ubuntu-latest
15 | timeout-minutes: 30
16 | steps:
17 | - uses: actions/checkout@v3.1.0
18 | - uses: actions/setup-dotnet@v3.0.2
19 | with:
20 | dotnet-version: '6.0'
21 |
22 | - name: Build
23 | run: dotnet build /WarnAsError
24 |
--------------------------------------------------------------------------------
/.github/workflows/release.yml:
--------------------------------------------------------------------------------
1 | # This workflow is used for publishing the static GitHub pages site.
2 | #
3 | # Before triggering a release the `semver.txt` file should be updated in the
4 | # relevant branch.
5 | #
6 | # When commiting the version change in `semver.txt` the commit message is
7 | # important as it will be used for the release in GitHub.
8 | #
9 | # For an example commit browse to
10 | # https://github.com/CycloneDX/cyclonedx-dotnet/commit/d110af854371374460430bb8438225a7d7a84274.
11 | #
12 | # The resulting release is here
13 | # https://github.com/CycloneDX/cyclonedx-dotnet/releases/tag/v1.0.0.
14 | #
15 | # Releases are triggered manually. This can be done by browsing to
16 | # https://github.com/CycloneDX/cyclonedx-web-tool/actions?query=workflow%3ARelease
17 | # and selecting "Run workflow". If releasing a patch for a previous version
18 | # make sure the correct branch is selected. It will default to the default
19 | # branch.
20 | name: Release
21 |
22 | on:
23 | workflow_dispatch
24 |
25 | jobs:
26 | release:
27 | name: Release
28 | runs-on: ubuntu-latest
29 | timeout-minutes: 30
30 | outputs:
31 | release-version: ${{ steps.package_release.outputs.version }}
32 | steps:
33 | - uses: actions/checkout@v3.1.0
34 | - uses: actions/setup-dotnet@v3.0.2
35 | with:
36 | dotnet-version: '6.0'
37 |
38 | # Build and package everything
39 | - name: Package release
40 | id: package_release
41 | run: |
42 | VERSION=`cat semver.txt`
43 | echo "##[set-output name=version;]$VERSION"
44 | dotnet publish --configuration Release /p:Version=$VERSION --output ./gh-pages src/CycloneDX.WebTool/CycloneDX.WebTool.csproj
45 | cd gh-pages/wwwroot
46 | zip -r ../../CycloneDX.WebTool.zip ./
47 | tar -zcvf ../../CycloneDX.WebTool.tar.gz ./
48 | cd ../..
49 |
50 | - name: Create github release and git tag for release
51 | id: create_release
52 | uses: actions/create-release@v1.1.4
53 | env:
54 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
55 | with:
56 | release_name: ${{ steps.package_release.outputs.version }}
57 | tag_name: v${{ steps.package_release.outputs.version }}
58 | draft: false
59 | prerelease: false
60 |
61 | - name: Upload zip package to github release
62 | uses: actions/upload-release-asset@v1
63 | env:
64 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
65 | with:
66 | upload_url: ${{ steps.create_release.outputs.upload_url }}
67 | asset_path: CycloneDX.WebTool.zip
68 | asset_name: CycloneDX.WebTool.${{ steps.package_release.outputs.version }}.zip
69 | asset_content_type: application/zip
70 |
71 | - name: Upload tar.gz package to github release
72 | uses: actions/upload-release-asset@v1
73 | env:
74 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
75 | with:
76 | upload_url: ${{ steps.create_release.outputs.upload_url }}
77 | asset_path: CycloneDX.WebTool.tar.gz
78 | asset_name: CycloneDX.WebTool.${{ steps.package_release.outputs.version }}.tar.gz
79 | asset_content_type: application/gzip
80 |
81 | - name: Update GitHub pages
82 | run: |
83 | git fetch origin gh-pages:gh-pages
84 | git config --local user.email "$(git show --format="%aN" | head -n 1)"
85 | git config --local user.name "$(git show --format="%aE" | head -n 1)"
86 | git add .
87 | git stash
88 | git checkout gh-pages
89 | cp -rv ./gh-pages/wwwroot/* ./docs
90 | git add docs
91 | git commit -m "Update GitHub pages" || true
92 | git push https://${{ github.actor }}:${{ github.token }}@github.com/${{ github.repository }}.git HEAD:gh-pages
93 |
94 | docker:
95 | name: docker
96 | runs-on: ubuntu-latest
97 | needs:
98 | - release
99 | env:
100 | IMAGE_NAME: cyclonedx-web-tool
101 | IMAGE_VERSION: ${{ needs.release.outputs.release-version }}
102 |
103 | timeout-minutes: 5
104 | steps:
105 | - uses: actions/checkout@v3.1.0
106 |
107 | - name: Set up QEMU
108 | uses: docker/setup-qemu-action@v2
109 |
110 | - name: Login to DockerHub
111 | uses: docker/login-action@v2
112 | with:
113 | username: ${{ secrets.DOCKERHUB_USERNAME }}
114 | password: ${{ secrets.DOCKERHUB_TOKEN }}
115 |
116 | - name: Set up Docker Buildx
117 | uses: docker/setup-buildx-action@v2
118 |
119 | - name: Build image and push
120 | uses: docker/build-push-action@v3
121 | with:
122 | platforms: linux/amd64,linux/arm64
123 | push: true
124 | build-args:
125 | VERSION=${{ env.IMAGE_VERSION }}
126 | tags: |
127 | cyclonedx/${{ env.IMAGE_NAME }}:${{ env.IMAGE_VERSION }}
128 | cyclonedx/${{ env.IMAGE_NAME }}:latest
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | gh-pages/
2 |
3 | ## Ignore Visual Studio temporary files, build results, and
4 | ## files generated by popular Visual Studio add-ons.
5 | ##
6 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
7 |
8 | # User-specific files
9 | *.rsuser
10 | *.suo
11 | *.user
12 | *.userosscache
13 | *.sln.docstates
14 |
15 | # User-specific files (MonoDevelop/Xamarin Studio)
16 | *.userprefs
17 |
18 | # Build results
19 | [Dd]ebug/
20 | [Dd]ebugPublic/
21 | [Rr]elease/
22 | [Rr]eleases/
23 | x64/
24 | x86/
25 | [Aa][Rr][Mm]/
26 | [Aa][Rr][Mm]64/
27 | bld/
28 | [Bb]in/
29 | [Oo]bj/
30 | [Ll]og/
31 |
32 | # Visual Studio 2015/2017 cache/options directory
33 | .vs/
34 | # Uncomment if you have tasks that create the project's static files in wwwroot
35 | #wwwroot/
36 |
37 | # Visual Studio 2017 auto generated files
38 | Generated\ Files/
39 |
40 | # MSTest test Results
41 | [Tt]est[Rr]esult*/
42 | [Bb]uild[Ll]og.*
43 |
44 | # NUNIT
45 | *.VisualState.xml
46 | TestResult.xml
47 |
48 | # Build Results of an ATL Project
49 | [Dd]ebugPS/
50 | [Rr]eleasePS/
51 | dlldata.c
52 |
53 | # Benchmark Results
54 | BenchmarkDotNet.Artifacts/
55 |
56 | # .NET Core
57 | project.lock.json
58 | project.fragment.lock.json
59 | artifacts/
60 |
61 | # StyleCop
62 | StyleCopReport.xml
63 |
64 | # Files built by Visual Studio
65 | obj
66 | bin
67 | *_i.c
68 | *_p.c
69 | *_h.h
70 | *.ilk
71 | *.meta
72 | *.obj
73 | *.iobj
74 | *.pch
75 | *.pdb
76 | *.ipdb
77 | *.pgc
78 | *.pgd
79 | *.rsp
80 | *.sbr
81 | *.tlb
82 | *.tli
83 | *.tlh
84 | *.tmp
85 | *.tmp_proj
86 | *_wpftmp.csproj
87 | *.log
88 | *.vspscc
89 | *.vssscc
90 | .builds
91 | *.pidb
92 | *.svclog
93 | *.scc
94 |
95 | # Chutzpah Test files
96 | _Chutzpah*
97 |
98 | # Visual C++ cache files
99 | ipch/
100 | *.aps
101 | *.ncb
102 | *.opendb
103 | *.opensdf
104 | *.sdf
105 | *.cachefile
106 | *.VC.db
107 | *.VC.VC.opendb
108 |
109 | # Visual Studio profiler
110 | *.psess
111 | *.vsp
112 | *.vspx
113 | *.sap
114 |
115 | # Visual Studio Trace Files
116 | *.e2e
117 |
118 | # TFS 2012 Local Workspace
119 | $tf/
120 |
121 | # Guidance Automation Toolkit
122 | *.gpState
123 |
124 | # ReSharper is a .NET coding add-in
125 | _ReSharper*/
126 | *.[Rr]e[Ss]harper
127 | *.DotSettings.user
128 |
129 | # JustCode is a .NET coding add-in
130 | .JustCode
131 |
132 | # TeamCity is a build add-in
133 | _TeamCity*
134 |
135 | # DotCover is a Code Coverage Tool
136 | *.dotCover
137 |
138 | # AxoCover is a Code Coverage Tool
139 | .axoCover/*
140 | !.axoCover/settings.json
141 |
142 | # Visual Studio code coverage results
143 | *.coverage
144 | *.coveragexml
145 |
146 | # NCrunch
147 | _NCrunch_*
148 | .*crunch*.local.xml
149 | nCrunchTemp_*
150 |
151 | # MightyMoose
152 | *.mm.*
153 | AutoTest.Net/
154 |
155 | # Web workbench (sass)
156 | .sass-cache/
157 |
158 | # Installshield output folder
159 | [Ee]xpress/
160 |
161 | # DocProject is a documentation generator add-in
162 | DocProject/buildhelp/
163 | DocProject/Help/*.HxT
164 | DocProject/Help/*.HxC
165 | DocProject/Help/*.hhc
166 | DocProject/Help/*.hhk
167 | DocProject/Help/*.hhp
168 | DocProject/Help/Html2
169 | DocProject/Help/html
170 |
171 | # Click-Once directory
172 | publish/
173 |
174 | # Publish Web Output
175 | *.[Pp]ublish.xml
176 | *.azurePubxml
177 | # Note: Comment the next line if you want to checkin your web deploy settings,
178 | # but database connection strings (with potential passwords) will be unencrypted
179 | *.pubxml
180 | *.publishproj
181 |
182 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
183 | # checkin your Azure Web App publish settings, but sensitive information contained
184 | # in these scripts will be unencrypted
185 | PublishScripts/
186 |
187 | # NuGet Packages
188 | *.nupkg
189 | # The packages folder can be ignored because of Package Restore
190 | **/[Pp]ackages/*
191 | # except build/, which is used as an MSBuild target.
192 | !**/[Pp]ackages/build/
193 | # Uncomment if necessary however generally it will be regenerated when needed
194 | #!**/[Pp]ackages/repositories.config
195 | # NuGet v3's project.json files produces more ignorable files
196 | *.nuget.props
197 | *.nuget.targets
198 |
199 | # Microsoft Azure Build Output
200 | csx/
201 | *.build.csdef
202 |
203 | # Microsoft Azure Emulator
204 | ecf/
205 | rcf/
206 |
207 | # Windows Store app package directories and files
208 | AppPackages/
209 | BundleArtifacts/
210 | Package.StoreAssociation.xml
211 | _pkginfo.txt
212 | *.appx
213 |
214 | # Visual Studio cache files
215 | # files ending in .cache can be ignored
216 | *.[Cc]ache
217 | # but keep track of directories ending in .cache
218 | !?*.[Cc]ache/
219 |
220 | # Others
221 | ClientBin/
222 | ~$*
223 | *~
224 | *.dbmdl
225 | *.dbproj.schemaview
226 | *.jfm
227 | *.pfx
228 | *.publishsettings
229 | orleans.codegen.cs
230 |
231 | # Including strong name files can present a security risk
232 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
233 | #*.snk
234 |
235 | # Since there are multiple workflows, uncomment next line to ignore bower_components
236 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
237 | #bower_components/
238 |
239 | # RIA/Silverlight projects
240 | Generated_Code/
241 |
242 | # Backup & report files from converting an old project file
243 | # to a newer Visual Studio version. Backup files are not needed,
244 | # because we have git ;-)
245 | _UpgradeReport_Files/
246 | Backup*/
247 | UpgradeLog*.XML
248 | UpgradeLog*.htm
249 | ServiceFabricBackup/
250 | *.rptproj.bak
251 |
252 | # SQL Server files
253 | *.mdf
254 | *.ldf
255 | *.ndf
256 |
257 | # Business Intelligence projects
258 | *.rdl.data
259 | *.bim.layout
260 | *.bim_*.settings
261 | *.rptproj.rsuser
262 | *- Backup*.rdl
263 |
264 | # Microsoft Fakes
265 | FakesAssemblies/
266 |
267 | # GhostDoc plugin setting file
268 | *.GhostDoc.xml
269 |
270 | # Node.js Tools for Visual Studio
271 | .ntvs_analysis.dat
272 | node_modules/
273 |
274 | # Visual Studio 6 build log
275 | *.plg
276 |
277 | # Visual Studio 6 workspace options file
278 | *.opt
279 |
280 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
281 | *.vbw
282 |
283 | # Visual Studio LightSwitch build output
284 | **/*.HTMLClient/GeneratedArtifacts
285 | **/*.DesktopClient/GeneratedArtifacts
286 | **/*.DesktopClient/ModelManifest.xml
287 | **/*.Server/GeneratedArtifacts
288 | **/*.Server/ModelManifest.xml
289 | _Pvt_Extensions
290 |
291 | # Paket dependency manager
292 | .paket/paket.exe
293 | paket-files/
294 |
295 | # FAKE - F# Make
296 | .fake/
297 |
298 | # JetBrains Rider
299 | .idea/
300 | *.sln.iml
301 |
302 | # CodeRush personal settings
303 | .cr/personal
304 |
305 | # Python Tools for Visual Studio (PTVS)
306 | __pycache__/
307 | *.pyc
308 |
309 | # Cake - Uncomment if you are using it
310 | # tools/**
311 | # !tools/packages.config
312 |
313 | # Tabs Studio
314 | *.tss
315 |
316 | # Telerik's JustMock configuration file
317 | *.jmconfig
318 |
319 | # BizTalk build output
320 | *.btp.cs
321 | *.btm.cs
322 | *.odx.cs
323 | *.xsd.cs
324 |
325 | # OpenCover UI analysis results
326 | OpenCover/
327 |
328 | # Azure Stream Analytics local run output
329 | ASALocalRun/
330 |
331 | # MSBuild Binary and Structured Log
332 | *.binlog
333 |
334 | # NVidia Nsight GPU debugger configuration file
335 | *.nvuser
336 |
337 | # MFractors (Xamarin productivity tool) working folder
338 | .mfractor/
339 |
340 | # Local History for Visual Studio
341 | .localhistory/
342 |
343 | # BeatPulse healthcheck temp database
344 | healthchecksdb
--------------------------------------------------------------------------------
/.gitpod.Dockerfile:
--------------------------------------------------------------------------------
1 | FROM gitpod/workspace-full:latest
2 |
3 | USER gitpod
4 |
5 | # Install .NET SDK
6 | # Source: https://docs.microsoft.com/dotnet/core/install/linux-scripted-manual#scripted-install
7 | RUN mkdir -p /home/gitpod/dotnet && curl -fsSL https://dot.net/v1/dotnet-install.sh | bash /dev/stdin --channel 6.0 --install-dir /home/gitpod/dotnet
8 | ENV DOTNET_ROOT=/home/gitpod/dotnet
9 | ENV PATH=/home/gitpod/dotnet:$PATH
10 |
11 | ENV PATH=/workspace/local/bin:$PATH
12 |
13 | # TODO(toru): Remove this hack when the kernel bug is resolved.
14 | # ref. https://github.com/gitpod-io/gitpod/issues/8901
15 | RUN bash \
16 | && { echo 'if [ ! -z $GITPOD_REPO_ROOT ]; then'; \
17 | echo '\tCONTAINER_DIR=$(awk '\''{ print $6 }'\'' /proc/self/maps | grep ^\/run\/containerd | head -n 1 | cut -d '\''/'\'' -f 1-6)'; \
18 | echo '\tif [ ! -z $CONTAINER_DIR ]; then'; \
19 | echo '\t\t[[ ! -d $CONTAINER_DIR ]] && sudo mkdir -p $CONTAINER_DIR && sudo ln -s / $CONTAINER_DIR/rootfs'; \
20 | echo '\tfi'; \
21 | echo 'fi'; } >> /home/gitpod/.bashrc.d/110-dotnet
22 | RUN chmod +x /home/gitpod/.bashrc.d/110-dotnet
23 |
--------------------------------------------------------------------------------
/.gitpod.yml:
--------------------------------------------------------------------------------
1 | image:
2 | file: .gitpod.Dockerfile
3 |
4 | tasks:
5 | - name: Restore dependencies
6 | init: |
7 | dotnet restore
8 | vscode:
9 | extensions:
10 | - muhammad-sammy.csharp
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | # syntax=docker/dockerfile:1.4
2 | FROM python:3-alpine
3 | ARG VERSION
4 |
5 | WORKDIR /wwwroot
6 | ADD "https://github.com/CycloneDX/cyclonedx-web-tool/releases/download/v${VERSION}/CycloneDX.WebTool.${VERSION}.tar.gz" /tmp
7 | RUN tar xvfz /tmp/CycloneDX.WebTool.${VERSION}.tar.gz
8 |
9 | ENTRYPOINT [ "python3", "-m", "http.server"]
10 | CMD [ "8000" ]
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "{}"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright OWASP Foundation
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/NOTICE:
--------------------------------------------------------------------------------
1 | CycloneDX Web Tool
2 | Copyright (c) OWASP Foundation
3 |
4 | This product includes software developed by the
5 | CycloneDX community (https://cyclonedx.org/).
6 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | [](https://github.com/CycloneDX/cyclonedx-cli/actions?workflow=.NET+Core+CI)
2 | [](LICENSE)
3 | [](https://cyclonedx.org/)
4 | [](https://cyclonedx.org/slack/invite)
5 | [](https://groups.io/g/CycloneDX)
6 | [](https://twitter.com/CycloneDX_Spec)
7 |
8 | # CycloneDX Web Tool
9 |
10 | A web based tool for working with CycloneDX BOMs.
11 |
12 | [The hosted version is available at https://cyclonedx.github.io/cyclonedx-web-tool](https://cyclonedx.github.io/cyclonedx-web-tool).
13 |
14 | Supported functionality:
15 |
16 | - Converting between different versions and formats
17 | - Validation
18 | - Merging multiple BOMs into a single BOM
19 |
20 | # BOM data privacy
21 |
22 | The web tool is built as a "static site" using WebAssembly for BOM processing.
23 |
24 | All processing is done client side in your browser. No submitted BOM data is transmitted elsewhere.
25 |
26 | # Self Hosting
27 |
28 | The web tool is built as a "static site". Any standard web server should work.
29 |
30 | # Supported Browsers
31 |
32 | The web tool is supported on the current versions of the following browsers:
33 |
34 | - Apple Safari (including on iOS)
35 | - Google Chrome (including on Android)
36 | - Microsoft Edge
37 | - Mozilla Firefox
38 |
39 | ## License
40 |
41 | Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the [LICENSE] file for the full license.
42 |
43 | [License]: https://github.com/CycloneDX/cyclonedx-web-tool/blob/main/LICENSE
44 |
45 | ## Contributing
46 |
47 | Pull requests are welcome. But please read the
48 | [CycloneDX contributing guidelines](https://github.com/CycloneDX/.github/blob/main/CONTRIBUTING.md) first.
49 |
50 | To build and test the solution locally you should have .NET 6
51 | installed. Standard commands like `dotnet build` and `dotnet test` work.
52 |
--------------------------------------------------------------------------------
/cyclonedx-web-tool.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.30308.16
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{23C80BB2-A808-4547-A9DA-2D695D372FBB}"
7 | EndProject
8 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "CycloneDX.WebTool", "src\CycloneDX.WebTool\CycloneDX.WebTool.csproj", "{19DB1620-6888-4FA7-86CC-B6B1302A8CD4}"
9 | EndProject
10 | Global
11 | GlobalSection(SolutionProperties) = preSolution
12 | HideSolutionNode = FALSE
13 | EndGlobalSection
14 | GlobalSection(ExtensibilityGlobals) = postSolution
15 | SolutionGuid = {F29999CD-3C9D-4894-8F10-4372E1347DF7}
16 | EndGlobalSection
17 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
18 | Debug|Any CPU = Debug|Any CPU
19 | Debug|x64 = Debug|x64
20 | Debug|x86 = Debug|x86
21 | Release|Any CPU = Release|Any CPU
22 | Release|x64 = Release|x64
23 | Release|x86 = Release|x86
24 | EndGlobalSection
25 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
26 | {19DB1620-6888-4FA7-86CC-B6B1302A8CD4}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
27 | {19DB1620-6888-4FA7-86CC-B6B1302A8CD4}.Debug|Any CPU.Build.0 = Debug|Any CPU
28 | {19DB1620-6888-4FA7-86CC-B6B1302A8CD4}.Debug|x64.ActiveCfg = Debug|Any CPU
29 | {19DB1620-6888-4FA7-86CC-B6B1302A8CD4}.Debug|x64.Build.0 = Debug|Any CPU
30 | {19DB1620-6888-4FA7-86CC-B6B1302A8CD4}.Debug|x86.ActiveCfg = Debug|Any CPU
31 | {19DB1620-6888-4FA7-86CC-B6B1302A8CD4}.Debug|x86.Build.0 = Debug|Any CPU
32 | {19DB1620-6888-4FA7-86CC-B6B1302A8CD4}.Release|Any CPU.ActiveCfg = Release|Any CPU
33 | {19DB1620-6888-4FA7-86CC-B6B1302A8CD4}.Release|Any CPU.Build.0 = Release|Any CPU
34 | {19DB1620-6888-4FA7-86CC-B6B1302A8CD4}.Release|x64.ActiveCfg = Release|Any CPU
35 | {19DB1620-6888-4FA7-86CC-B6B1302A8CD4}.Release|x64.Build.0 = Release|Any CPU
36 | {19DB1620-6888-4FA7-86CC-B6B1302A8CD4}.Release|x86.ActiveCfg = Release|Any CPU
37 | {19DB1620-6888-4FA7-86CC-B6B1302A8CD4}.Release|x86.Build.0 = Release|Any CPU
38 | EndGlobalSection
39 | GlobalSection(NestedProjects) = preSolution
40 | {19DB1620-6888-4FA7-86CC-B6B1302A8CD4} = {23C80BB2-A808-4547-A9DA-2D695D372FBB}
41 | EndGlobalSection
42 | EndGlobal
43 |
--------------------------------------------------------------------------------
/local-build.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | dotnet publish --configuration Release --output ./gh-pages src/CycloneDX.WebTool
3 | cd gh-pages/wwwroot
4 | python3 -m http.server 8000
--------------------------------------------------------------------------------
/semver.txt:
--------------------------------------------------------------------------------
1 | 0.6.0
2 |
--------------------------------------------------------------------------------
/src/CycloneDX.WebTool/App.razor:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
Sorry, there's nothing at this address.
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/src/CycloneDX.WebTool/CycloneDX.WebTool.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | net6.0
5 | service-worker-assets.js
6 | false
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
--------------------------------------------------------------------------------
/src/CycloneDX.WebTool/Pages/Convert.razor:
--------------------------------------------------------------------------------
1 | @* This file is part of CycloneDX Web Tool *@
2 | @* *@
3 | @* Licensed under the Apache License, Version 2.0 (the “License”); *@
4 | @* you may not use this file except in compliance with the License. *@
5 | @* You may obtain a copy of the License at *@
6 | @* *@
7 | @* http://www.apache.org/licenses/LICENSE-2.0 *@
8 | @* *@
9 | @* Unless required by applicable law or agreed to in writing, software *@
10 | @* distributed under the License is distributed on an “AS IS” BASIS, *@
11 | @* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. *@
12 | @* See the License for the specific language governing permissions and *@
13 | @* limitations under the License. *@
14 | @* *@
15 | @* SPDX-License-Identifier: Apache-2.0 *@
16 | @* Copyright (c) OWASP Foundation. All Rights Reserved. *@
17 |
18 | @page "/convert"
19 | @using System.IO
20 | @using System.Text
21 | @using Microsoft.AspNetCore.Components.Forms
22 | @using CycloneDX.Models
23 | @using CycloneDX.Xml
24 | @using CycloneDX.Json
25 | @using CycloneDX.Spdx.Interop
26 |
27 | @inject IJSRuntime _jsRuntime;
28 |
29 |
Convert
30 |
31 |
Convert between different serialization formats and versions
32 |
33 |
74 |
75 | @code {
76 | private byte[] _inputFileContents;
77 | private string _userInputFilename;
78 | private string _inputFormat = "autodetect";
79 | private string _outputFormat = "json";
80 | private string _outputVersion = "v1_5";
81 |
82 | private async Task Alert(string message)
83 | {
84 | await _jsRuntime.InvokeVoidAsync("alert", message);
85 | }
86 |
87 | private async Task LoadInputFile(InputFileChangeEventArgs e)
88 | {
89 | if (e.FileCount == 1)
90 | {
91 | await using (var ms = new MemoryStream())
92 | {
93 | await e.File.OpenReadStream(102400000).CopyToAsync(ms);
94 | _inputFileContents = ms.ToArray();
95 | }
96 | _userInputFilename = e.File.Name;
97 | }
98 | else
99 | {
100 | _inputFileContents = null;
101 | _userInputFilename = null;
102 | }
103 | }
104 |
105 | private async Task ConvertBOM()
106 | {
107 | if (!Enum.TryParse(_outputVersion, out SpecificationVersion specificationVersion))
108 | {
109 | await Alert("Looks like you've hit a bug. This shouldn't happen, but there has been a problem reading the schema version.");
110 | return;
111 | }
112 |
113 | Models.Bom bom;
114 | if (_inputFormat == "spdxjson" || _inputFormat == "autodetect" && _userInputFilename.EndsWith(".spdx.json"))
115 | {
116 | try
117 | {
118 | var spdxDoc = CycloneDX.Spdx.Serialization.JsonSerializer.Deserialize(Encoding.UTF8.GetString(_inputFileContents));
119 | bom = spdxDoc.ToCycloneDX();
120 | }
121 | catch (Exception e)
122 | {
123 | await Alert("Error deserializing BOM: " + e.Message);
124 | return;
125 | }
126 | }
127 | else if (_inputFormat == "json" || _inputFormat == "autodetect" && _userInputFilename.EndsWith(".json"))
128 | {
129 | try
130 | {
131 | bom = Json.Serializer.Deserialize(Encoding.UTF8.GetString(_inputFileContents));
132 | }
133 | catch (Exception e)
134 | {
135 | await Alert("Error deserializing BOM: " + e.Message);
136 | return;
137 | }
138 | }
139 | else if (_inputFormat == "xml" || _inputFormat == "autodetect" && _userInputFilename.EndsWith(".xml"))
140 | {
141 | try
142 | {
143 | bom = Xml.Serializer.Deserialize(Encoding.UTF8.GetString(_inputFileContents));
144 | }
145 | catch (Exception e)
146 | {
147 | await Alert("Error deserializing BOM: " + e.Message);
148 | return;
149 | }
150 | }
151 | else if (_inputFormat == "bin" || _inputFormat == "autodetect" && _userInputFilename.EndsWith(".bin"))
152 | {
153 | try
154 | {
155 | bom = Protobuf.Serializer.Deserialize(_inputFileContents);
156 | }
157 | catch (Exception e)
158 | {
159 | await Alert("Error deserializing BOM: " + e.Message);
160 | return;
161 | }
162 | }
163 | else
164 | {
165 | await Alert("Unable to auto-detect input format. Please specify the format.");
166 | return;
167 | }
168 |
169 | byte[] output;
170 |
171 | bom.SpecVersion = specificationVersion;
172 |
173 | if (_outputFormat == "spdxjson")
174 | {
175 | var spdxDoc = bom.ToSpdx();
176 | var stringOutput = CycloneDX.Spdx.Serialization.JsonSerializer.Serialize(spdxDoc);
177 | output = Encoding.UTF8.GetBytes(stringOutput);
178 | }
179 | else if (_outputFormat == "json")
180 | {
181 | if (bom.SpecVersion < SpecificationVersion.v1_2)
182 | {
183 | await Alert("Invalid version specified for JSON output. JSON output is only supported for versions >= 1.2");
184 | return;
185 | }
186 | else
187 | {
188 | var stringOutput = Json.Serializer.Serialize(bom);
189 | output = Encoding.UTF8.GetBytes(stringOutput);
190 | }
191 | }
192 | else if (_outputFormat == "bin")
193 | {
194 | if (bom.SpecVersion < SpecificationVersion.v1_3)
195 | {
196 | await Alert("Invalid version specified for Protobuf output. Protobuf output is only supported for versions >= 1.3");
197 | return;
198 | }
199 | else
200 | {
201 | output = Protobuf.Serializer.Serialize(bom);
202 | }
203 | }
204 | else
205 | {
206 | var stringOutput = Xml.Serializer.Serialize(bom);
207 | output = Encoding.UTF8.GetBytes(stringOutput);
208 | }
209 |
210 | var outputBom64 = System.Convert.ToBase64String(output);
211 |
212 | var fileExtension = _outputFormat == "spdxjson" ? "spdx.json": _outputFormat;
213 | await _jsRuntime.InvokeVoidAsync("cdxFileDownload", Path.GetFileNameWithoutExtension(_userInputFilename) + "." + fileExtension, outputBom64);
214 | }
215 | }
216 |
--------------------------------------------------------------------------------
/src/CycloneDX.WebTool/Pages/Index.razor:
--------------------------------------------------------------------------------
1 | @* This file is part of CycloneDX Web Tool *@
2 | @* *@
3 | @* Licensed under the Apache License, Version 2.0 (the “License”); *@
4 | @* you may not use this file except in compliance with the License. *@
5 | @* You may obtain a copy of the License at *@
6 | @* *@
7 | @* http://www.apache.org/licenses/LICENSE-2.0 *@
8 | @* *@
9 | @* Unless required by applicable law or agreed to in writing, software *@
10 | @* distributed under the License is distributed on an “AS IS” BASIS, *@
11 | @* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. *@
12 | @* See the License for the specific language governing permissions and *@
13 | @* limitations under the License. *@
14 | @* *@
15 | @* SPDX-License-Identifier: Apache-2.0 *@
16 | @* Copyright (c) OWASP Foundation. All Rights Reserved. *@
17 |
18 | @page "/"
19 | @page "/home"
20 |
21 |
CycloneDX Web Tool
22 |
23 |
A web based tool for working with CycloneDX BOMs.
24 |
25 |
All submitted data is processed client side in your browser. No data is transmitted elsewhere.
26 |
27 |
This is a progressive web app. And supports running offline. CTRL+F5 should force a reload to make sure you are
28 | running the latest version.
--------------------------------------------------------------------------------
/src/CycloneDX.WebTool/Pages/Merge.razor:
--------------------------------------------------------------------------------
1 | @* This file is part of CycloneDX Web Tool *@
2 | @* *@
3 | @* Licensed under the Apache License, Version 2.0 (the “License”); *@
4 | @* you may not use this file except in compliance with the License. *@
5 | @* You may obtain a copy of the License at *@
6 | @* *@
7 | @* http://www.apache.org/licenses/LICENSE-2.0 *@
8 | @* *@
9 | @* Unless required by applicable law or agreed to in writing, software *@
10 | @* distributed under the License is distributed on an “AS IS” BASIS, *@
11 | @* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. *@
12 | @* See the License for the specific language governing permissions and *@
13 | @* limitations under the License. *@
14 | @* *@
15 | @* SPDX-License-Identifier: Apache-2.0 *@
16 | @* Copyright (c) OWASP Foundation. All Rights Reserved. *@
17 |
18 | @page "/merge"
19 | @using System.IO
20 | @using System.Text
21 | @using Microsoft.AspNetCore.Components.Forms
22 | @using CycloneDX.Models
23 | @using CycloneDX.Xml
24 | @using CycloneDX.Json
25 |
26 | @inject IJSRuntime _jsRuntime;
27 |
28 |
Merge
29 |
30 |
Merge multiple BOMs
31 |
32 |
71 |
72 | @code {
73 | private List _inputFileContents;
74 | private List _userInputFilenames;
75 | private string _inputFormat = "autodetect";
76 | private string _outputFormat = "json";
77 | private string _outputVersion = "v1_5";
78 |
79 | private async Task Alert(string message)
80 | {
81 | await _jsRuntime.InvokeVoidAsync("alert", message);
82 | }
83 |
84 | private async Task LoadInputFiles(InputFileChangeEventArgs e)
85 | {
86 | if (e.FileCount > 0)
87 | {
88 | _inputFileContents = new List();
89 | _userInputFilenames = new List();
90 | foreach (var file in e.GetMultipleFiles())
91 | {
92 | using (var ms = new MemoryStream())
93 | {
94 | await file.OpenReadStream(102400000).CopyToAsync(ms);
95 | _inputFileContents.Add(ms.ToArray());
96 | }
97 | _userInputFilenames.Add(file.Name);
98 | }
99 | }
100 | else
101 | {
102 | _inputFileContents = null;
103 | _userInputFilenames = null;
104 | }
105 | }
106 |
107 | private async Task MergeBOM()
108 | {
109 | if (!Enum.TryParse(_outputVersion, out SpecificationVersion specificationVersion))
110 | {
111 | await Alert("Looks like you've hit a bug. This shouldn't happen, but there has been a problem reading the schema version.");
112 | return;
113 | }
114 |
115 | Models.Bom mergedBom = null;
116 | for (var i = 0; i < _inputFileContents.Count; i++)
117 | {
118 | var fileContents = _inputFileContents[i];
119 | var filename = _userInputFilenames[i];
120 | Models.Bom currentBom = null;
121 |
122 | if (_inputFormat == "json" || _inputFormat == "autodetect" && filename.EndsWith(".json"))
123 | {
124 | try
125 | {
126 | currentBom = Json.Serializer.Deserialize(Encoding.UTF8.GetString(fileContents));
127 | }
128 | catch (Exception e)
129 | {
130 | await Alert("Error deserializing BOM: " + e.Message);
131 | return;
132 | }
133 | }
134 | else if (_inputFormat == "xml" || _inputFormat == "autodetect" && filename.EndsWith(".xml"))
135 | {
136 | try
137 | {
138 | currentBom = Xml.Serializer.Deserialize(Encoding.UTF8.GetString(fileContents));
139 | }
140 | catch (Exception e)
141 | {
142 | await Alert("Error deserializing BOM: " + e.Message);
143 | return;
144 | }
145 | }
146 | else if (_inputFormat == "bin" || _inputFormat == "autodetect" && filename.EndsWith(".bin"))
147 | {
148 | try
149 | {
150 | currentBom = Protobuf.Serializer.Deserialize(fileContents);
151 | }
152 | catch (Exception e)
153 | {
154 | await Alert("Error deserializing BOM: " + e.Message);
155 | return;
156 | }
157 | }
158 | else
159 | {
160 | await Alert("Unable to auto-detect input format. Please specify the format.");
161 | return;
162 | }
163 |
164 | if (mergedBom == null)
165 | {
166 | mergedBom = currentBom;
167 | }
168 | else
169 | {
170 | mergedBom = CycloneDXUtils.FlatMerge(mergedBom, currentBom);
171 | }
172 | }
173 |
174 | byte[] output;
175 |
176 | mergedBom.SpecVersion = specificationVersion;
177 |
178 | if (_outputFormat == "json")
179 | {
180 | if (mergedBom.SpecVersion < SpecificationVersion.v1_2)
181 | {
182 | await Alert("Invalid version specified for JSON output. JSON output is only supported for versions >= 1.2");
183 | return;
184 | }
185 | else
186 | {
187 | output = Encoding.UTF8.GetBytes(Json.Serializer.Serialize(mergedBom));
188 | }
189 | }
190 | else if (_outputFormat == "bin")
191 | {
192 | if (mergedBom.SpecVersion < SpecificationVersion.v1_3)
193 | {
194 | await Alert("Invalid version specified for Protobuf output. Protobuf output is only supported for versions >= 1.3");
195 | return;
196 | }
197 | else
198 | {
199 | output = Protobuf.Serializer.Serialize(mergedBom);
200 | }
201 | }
202 | else
203 | {
204 | output = Encoding.UTF8.GetBytes(Xml.Serializer.Serialize(mergedBom));
205 | }
206 |
207 | var outputBom64 = System.Convert.ToBase64String(output);
208 |
209 | await _jsRuntime.InvokeVoidAsync("cdxFileDownload", "merged-bom." + _outputFormat, outputBom64);
210 | }
211 | }
212 |
--------------------------------------------------------------------------------
/src/CycloneDX.WebTool/Pages/Validate.razor:
--------------------------------------------------------------------------------
1 | @* This file is part of CycloneDX Web Tool *@
2 | @* *@
3 | @* Licensed under the Apache License, Version 2.0 (the “License”); *@
4 | @* you may not use this file except in compliance with the License. *@
5 | @* You may obtain a copy of the License at *@
6 | @* *@
7 | @* http://www.apache.org/licenses/LICENSE-2.0 *@
8 | @* *@
9 | @* Unless required by applicable law or agreed to in writing, software *@
10 | @* distributed under the License is distributed on an “AS IS” BASIS, *@
11 | @* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. *@
12 | @* See the License for the specific language governing permissions and *@
13 | @* limitations under the License. *@
14 | @* *@
15 | @* SPDX-License-Identifier: Apache-2.0 *@
16 | @* Copyright (c) OWASP Foundation. All Rights Reserved. *@
17 |
18 | @page "/validate"
19 | @using System.IO
20 | @using System.Text
21 | @using Microsoft.AspNetCore.Components.Forms
22 | @using CycloneDX.Models
23 | @using CycloneDX.Xml
24 | @using CycloneDX.Json
25 |
26 | @inject IJSRuntime _jsRuntime;
27 |
28 |
Validate
29 |
30 |
59 |
60 |
@_validationMessage
61 |
62 | @code {
63 | private string _inputFileContents;
64 | private string _userInputFilename;
65 | private string _inputFormat = "autodetect";
66 | private string _inputVersion = "v1_5";
67 | private string _validationMessage = "";
68 |
69 | private async Task Alert(string message)
70 | {
71 | await _jsRuntime.InvokeVoidAsync("alert", message);
72 | }
73 |
74 | private async Task LoadInputFile(InputFileChangeEventArgs e)
75 | {
76 | if (e.FileCount == 1)
77 | {
78 | using (var sr = new StreamReader(e.File.OpenReadStream(102400000)))
79 | {
80 | _inputFileContents = await sr.ReadToEndAsync();
81 | }
82 | _userInputFilename = e.File.Name;
83 | }
84 | else
85 | {
86 | _inputFileContents = null;
87 | _userInputFilename = null;
88 | }
89 | }
90 |
91 | private async Task ValidateBOM()
92 | {
93 | if (!Enum.TryParse(_inputVersion, out SpecificationVersion specificationVersion))
94 | {
95 | await Alert("Looks like you've hit a bug. This shouldn't happen, but there has been a problem reading the schema version.");
96 | return;
97 | }
98 |
99 | ValidationResult result;
100 |
101 | if (_inputFormat == "json" || _inputFormat == "autodetect" && _userInputFilename.EndsWith(".json"))
102 | {
103 | try
104 | {
105 | result = Json.Validator.Validate(_inputFileContents, specificationVersion);
106 | }
107 | catch (Exception e)
108 | {
109 | await Alert("Error validating BOM: " + e.Message);
110 | return;
111 | }
112 | }
113 | else if (_inputFormat == "xml" || _inputFormat == "autodetect" && _userInputFilename.EndsWith(".xml"))
114 | {
115 | try
116 | {
117 | result = Xml.Validator.Validate(_inputFileContents, specificationVersion);
118 | }
119 | catch (Exception e)
120 | {
121 | await Alert("Error deserializing BOM: " + e.Message);
122 | return;
123 | }
124 | }
125 | else
126 | {
127 | await Alert("Unable to auto-detect input format. Please specify the format.");
128 | return;
129 | }
130 |
131 | if (result.Valid)
132 | {
133 | _validationMessage = "";
134 | await Alert($"The file is a valid {_inputVersion.Replace('_', '.')} BOM.");
135 | }
136 | else
137 | {
138 | var sb = new StringBuilder();
139 | foreach (var message in result.Messages)
140 | {
141 | sb.AppendLine(message);
142 | }
143 | _validationMessage = sb.ToString();
144 | await Alert($"The file is not a valid {_inputVersion.Replace('_', '.')} BOM.");
145 | }
146 | }
147 | }
148 |
--------------------------------------------------------------------------------
/src/CycloneDX.WebTool/Program.cs:
--------------------------------------------------------------------------------
1 | /*
2 | * This file is part of CycloneDX Web Tool>
3 | *
4 | * Licensed under the Apache License, Version 2.0 (the “License”);
5 | * you may not use this file except in compliance with the License.
6 | * You may obtain a copy of the License at
7 | *
8 | * http://www.apache.org/licenses/LICENSE-2.0
9 | *
10 | * Unless required by applicable law or agreed to in writing, software
11 | * distributed under the License is distributed on an “AS IS” BASIS,
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | * See the License for the specific language governing permissions and
14 | * limitations under the License.
15 | *
16 | * SPDX-License-Identifier: Apache-2.0
17 | * Copyright (c) OWASP Foundation. All Rights Reserved.
18 | */
19 |
20 | using System;
21 | using System.Net.Http;
22 | using System.Collections.Generic;
23 | using System.Threading.Tasks;
24 | using System.Text;
25 | using Microsoft.AspNetCore.Components.WebAssembly.Hosting;
26 | using Microsoft.Extensions.Configuration;
27 | using Microsoft.Extensions.DependencyInjection;
28 | using Microsoft.Extensions.Logging;
29 |
30 | namespace CycloneDX.WebTool
31 | {
32 | public class Program
33 | {
34 | public static async Task Main(string[] args)
35 | {
36 | var builder = WebAssemblyHostBuilder.CreateDefault(args);
37 | builder.RootComponents.Add("#app");
38 |
39 | builder.Services.AddScoped(sp => new HttpClient { BaseAddress = new Uri(builder.HostEnvironment.BaseAddress) });
40 |
41 | await builder.Build().RunAsync();
42 | }
43 | }
44 | }
45 |
--------------------------------------------------------------------------------
/src/CycloneDX.WebTool/Properties/launchSettings.json:
--------------------------------------------------------------------------------
1 | {
2 | "iisSettings": {
3 | "windowsAuthentication": false,
4 | "anonymousAuthentication": true,
5 | "iisExpress": {
6 | "applicationUrl": "http://localhost:6638",
7 | "sslPort": 44379
8 | }
9 | },
10 | "profiles": {
11 | "IIS Express": {
12 | "commandName": "IISExpress",
13 | "launchBrowser": true,
14 | "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}",
15 | "environmentVariables": {
16 | "ASPNETCORE_ENVIRONMENT": "Development"
17 | }
18 | },
19 | "cyclonedx-web-tool": {
20 | "commandName": "Project",
21 | "dotnetRunMessages": "true",
22 | "launchBrowser": true,
23 | "inspectUri": "{wsProtocol}://{url.hostname}:{url.port}/_framework/debug/ws-proxy?browser={browserInspectUri}",
24 | "applicationUrl": "https://localhost:5001;http://localhost:5000",
25 | "environmentVariables": {
26 | "ASPNETCORE_ENVIRONMENT": "Development"
27 | }
28 | }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/src/CycloneDX.WebTool/Shared/MainLayout.razor:
--------------------------------------------------------------------------------
1 | @inherits LayoutComponentBase
2 |
3 |
37 |
38 | @code {
39 | private bool collapseNavMenu = true;
40 |
41 | private string NavMenuCssClass => collapseNavMenu ? "collapse" : null;
42 |
43 | private void ToggleNavMenu()
44 | {
45 | collapseNavMenu = !collapseNavMenu;
46 | }
47 | }
48 |
--------------------------------------------------------------------------------
/src/CycloneDX.WebTool/Shared/NavMenu.razor.css:
--------------------------------------------------------------------------------
1 | .navbar-toggler {
2 | background-color: rgba(255, 255, 255, 0.1);
3 | }
4 |
5 | .top-row {
6 | height: 3.5rem;
7 | background-color: rgba(0,0,0,0.4);
8 | }
9 |
10 | .navbar-brand {
11 | font-size: 1.1rem;
12 | }
13 |
14 | .oi {
15 | width: 2rem;
16 | font-size: 1.1rem;
17 | vertical-align: text-top;
18 | top: -2px;
19 | }
20 |
21 | .nav-item {
22 | font-size: 0.9rem;
23 | padding-bottom: 0.5rem;
24 | }
25 |
26 | .nav-item:first-of-type {
27 | padding-top: 1rem;
28 | }
29 |
30 | .nav-item:last-of-type {
31 | padding-bottom: 1rem;
32 | }
33 |
34 | .nav-item ::deep a {
35 | color: #d7d7d7;
36 | border-radius: 4px;
37 | height: 3rem;
38 | display: flex;
39 | align-items: center;
40 | line-height: 3rem;
41 | }
42 |
43 | .nav-item ::deep a.active {
44 | background-color: rgba(255,255,255,0.25);
45 | color: white;
46 | }
47 |
48 | .nav-item ::deep a:hover {
49 | background-color: rgba(255,255,255,0.1);
50 | color: white;
51 | }
52 |
53 | @media (min-width: 641px) {
54 | .navbar-toggler {
55 | display: none;
56 | }
57 |
58 | .collapse {
59 | /* Never collapse the sidebar for wide screens */
60 | display: block;
61 | }
62 | }
63 |
--------------------------------------------------------------------------------
/src/CycloneDX.WebTool/_Imports.razor:
--------------------------------------------------------------------------------
1 | @using System.Net.Http
2 | @using System.Net.Http.Json
3 | @using Microsoft.AspNetCore.Components.Forms
4 | @using Microsoft.AspNetCore.Components.Routing
5 | @using Microsoft.AspNetCore.Components.Web
6 | @using Microsoft.AspNetCore.Components.Web.Virtualization
7 | @using Microsoft.AspNetCore.Components.WebAssembly.Http
8 | @using Microsoft.JSInterop
9 | @using CycloneDX.Models
10 | @using CycloneDX.Json
11 | @using CycloneDX.Xml
12 | @using CycloneDX.Utils
13 | @using CycloneDX.WebTool
14 | @using CycloneDX.WebTool.Shared
15 |
--------------------------------------------------------------------------------
/src/CycloneDX.WebTool/wwwroot/css/app.css:
--------------------------------------------------------------------------------
1 | @import url('open-iconic/font/css/open-iconic-bootstrap.min.css');
2 |
3 | html, body {
4 | font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;
5 | }
6 |
7 | a, .btn-link {
8 | color: #0366d6;
9 | }
10 |
11 | .btn-primary {
12 | color: #fff;
13 | background-color: #1b6ec2;
14 | border-color: #1861ac;
15 | }
16 |
17 | .content {
18 | padding-top: 1.1rem;
19 | }
20 |
21 | .valid.modified:not([type=checkbox]) {
22 | outline: 1px solid #26b050;
23 | }
24 |
25 | .invalid {
26 | outline: 1px solid red;
27 | }
28 |
29 | .validation-message {
30 | color: red;
31 | }
32 |
33 | #blazor-error-ui {
34 | background: lightyellow;
35 | bottom: 0;
36 | box-shadow: 0 -1px 2px rgba(0, 0, 0, 0.2);
37 | display: none;
38 | left: 0;
39 | padding: 0.6rem 1.25rem 0.7rem 1.25rem;
40 | position: fixed;
41 | width: 100%;
42 | z-index: 1000;
43 | }
44 |
45 | #blazor-error-ui .dismiss {
46 | cursor: pointer;
47 | position: absolute;
48 | right: 0.75rem;
49 | top: 0.5rem;
50 | }
51 |
--------------------------------------------------------------------------------
/src/CycloneDX.WebTool/wwwroot/css/open-iconic/FONT-LICENSE:
--------------------------------------------------------------------------------
1 | SIL OPEN FONT LICENSE Version 1.1
2 |
3 | Copyright (c) 2014 Waybury
4 |
5 | PREAMBLE
6 | The goals of the Open Font License (OFL) are to stimulate worldwide
7 | development of collaborative font projects, to support the font creation
8 | efforts of academic and linguistic communities, and to provide a free and
9 | open framework in which fonts may be shared and improved in partnership
10 | with others.
11 |
12 | The OFL allows the licensed fonts to be used, studied, modified and
13 | redistributed freely as long as they are not sold by themselves. The
14 | fonts, including any derivative works, can be bundled, embedded,
15 | redistributed and/or sold with any software provided that any reserved
16 | names are not used by derivative works. The fonts and derivatives,
17 | however, cannot be released under any other type of license. The
18 | requirement for fonts to remain under this license does not apply
19 | to any document created using the fonts or their derivatives.
20 |
21 | DEFINITIONS
22 | "Font Software" refers to the set of files released by the Copyright
23 | Holder(s) under this license and clearly marked as such. This may
24 | include source files, build scripts and documentation.
25 |
26 | "Reserved Font Name" refers to any names specified as such after the
27 | copyright statement(s).
28 |
29 | "Original Version" refers to the collection of Font Software components as
30 | distributed by the Copyright Holder(s).
31 |
32 | "Modified Version" refers to any derivative made by adding to, deleting,
33 | or substituting -- in part or in whole -- any of the components of the
34 | Original Version, by changing formats or by porting the Font Software to a
35 | new environment.
36 |
37 | "Author" refers to any designer, engineer, programmer, technical
38 | writer or other person who contributed to the Font Software.
39 |
40 | PERMISSION & CONDITIONS
41 | Permission is hereby granted, free of charge, to any person obtaining
42 | a copy of the Font Software, to use, study, copy, merge, embed, modify,
43 | redistribute, and sell modified and unmodified copies of the Font
44 | Software, subject to the following conditions:
45 |
46 | 1) Neither the Font Software nor any of its individual components,
47 | in Original or Modified Versions, may be sold by itself.
48 |
49 | 2) Original or Modified Versions of the Font Software may be bundled,
50 | redistributed and/or sold with any software, provided that each copy
51 | contains the above copyright notice and this license. These can be
52 | included either as stand-alone text files, human-readable headers or
53 | in the appropriate machine-readable metadata fields within text or
54 | binary files as long as those fields can be easily viewed by the user.
55 |
56 | 3) No Modified Version of the Font Software may use the Reserved Font
57 | Name(s) unless explicit written permission is granted by the corresponding
58 | Copyright Holder. This restriction only applies to the primary font name as
59 | presented to the users.
60 |
61 | 4) The name(s) of the Copyright Holder(s) or the Author(s) of the Font
62 | Software shall not be used to promote, endorse or advertise any
63 | Modified Version, except to acknowledge the contribution(s) of the
64 | Copyright Holder(s) and the Author(s) or with their explicit written
65 | permission.
66 |
67 | 5) The Font Software, modified or unmodified, in part or in whole,
68 | must be distributed entirely under this license, and must not be
69 | distributed under any other license. The requirement for fonts to
70 | remain under this license does not apply to any document created
71 | using the Font Software.
72 |
73 | TERMINATION
74 | This license becomes null and void if any of the above conditions are
75 | not met.
76 |
77 | DISCLAIMER
78 | THE FONT SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
79 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF
80 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT
81 | OF COPYRIGHT, PATENT, TRADEMARK, OR OTHER RIGHT. IN NO EVENT SHALL THE
82 | COPYRIGHT HOLDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
83 | INCLUDING ANY GENERAL, SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
84 | DAMAGES, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
85 | FROM, OUT OF THE USE OR INABILITY TO USE THE FONT SOFTWARE OR FROM
86 | OTHER DEALINGS IN THE FONT SOFTWARE.
87 |
--------------------------------------------------------------------------------
/src/CycloneDX.WebTool/wwwroot/css/open-iconic/ICON-LICENSE:
--------------------------------------------------------------------------------
1 | The MIT License (MIT)
2 |
3 | Copyright (c) 2014 Waybury
4 |
5 | Permission is hereby granted, free of charge, to any person obtaining a copy
6 | of this software and associated documentation files (the "Software"), to deal
7 | in the Software without restriction, including without limitation the rights
8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 |
12 | The above copyright notice and this permission notice shall be included in
13 | all copies or substantial portions of the Software.
14 |
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
21 | THE SOFTWARE.
--------------------------------------------------------------------------------
/src/CycloneDX.WebTool/wwwroot/css/open-iconic/README.md:
--------------------------------------------------------------------------------
1 | [Open Iconic v1.1.1](http://useiconic.com/open)
2 | ===========
3 |
4 | ### Open Iconic is the open source sibling of [Iconic](http://useiconic.com). It is a hyper-legible collection of 223 icons with a tiny footprint—ready to use with Bootstrap and Foundation. [View the collection](http://useiconic.com/open#icons)
5 |
6 |
7 |
8 | ## What's in Open Iconic?
9 |
10 | * 223 icons designed to be legible down to 8 pixels
11 | * Super-light SVG files - 61.8 for the entire set
12 | * SVG sprite—the modern replacement for icon fonts
13 | * Webfont (EOT, OTF, SVG, TTF, WOFF), PNG and WebP formats
14 | * Webfont stylesheets (including versions for Bootstrap and Foundation) in CSS, LESS, SCSS and Stylus formats
15 | * PNG and WebP raster images in 8px, 16px, 24px, 32px, 48px and 64px.
16 |
17 |
18 | ## Getting Started
19 |
20 | #### For code samples and everything else you need to get started with Open Iconic, check out our [Icons](http://useiconic.com/open#icons) and [Reference](http://useiconic.com/open#reference) sections.
21 |
22 | ### General Usage
23 |
24 | #### Using Open Iconic's SVGs
25 |
26 | We like SVGs and we think they're the way to display icons on the web. Since Open Iconic are just basic SVGs, we suggest you display them like you would any other image (don't forget the `alt` attribute).
27 |
28 | ```
29 |
30 | ```
31 |
32 | #### Using Open Iconic's SVG Sprite
33 |
34 | Open Iconic also comes in a SVG sprite which allows you to display all the icons in the set with a single request. It's like an icon font, without being a hack.
35 |
36 | Adding an icon from an SVG sprite is a little different than what you're used to, but it's still a piece of cake. *Tip: To make your icons easily style able, we suggest adding a general class to the* `
30 | ```
31 |
32 | #### Using Open Iconic's SVG Sprite
33 |
34 | Open Iconic also comes in a SVG sprite which allows you to display all the icons in the set with a single request. It's like an icon font, without being a hack.
35 |
36 | Adding an icon from an SVG sprite is a little different than what you're used to, but it's still a piece of cake. *Tip: To make your icons easily style able, we suggest adding a general class to the* `