From bdf601348054aac67feeb0f93b239f483d5fcd79 Mon Sep 17 00:00:00 2001 From: Jim Klimov Date: Fri, 4 Aug 2023 15:48:21 +0200 Subject: [PATCH] MergeCommand.cs: use new cyclonedx-dotnet-library features to CleanupMetadataComponent() and CleanupEmptyLists() as a finishing touch, to avoid inducing a spec violation with a duplicate bom-ref --- src/cyclonedx/Commands/MergeCommand.cs | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/cyclonedx/Commands/MergeCommand.cs b/src/cyclonedx/Commands/MergeCommand.cs index 5c150d5..8e22ce8 100644 --- a/src/cyclonedx/Commands/MergeCommand.cs +++ b/src/cyclonedx/Commands/MergeCommand.cs @@ -89,7 +89,9 @@ public static async Task Merge(MergeCommandOptions options) } else { - // otherwise use the first non-null component from the input BOMs as the default + // otherwise use the first non-null component from the input + // BOMs as the default; note CleanupMetadataComponent() below + // to ensure that such bom-ref exists in the document only once. foreach (var bom in inputBoms) { if(bom.Metadata != null && bom.Metadata.Component != null) @@ -101,8 +103,19 @@ public static async Task Merge(MergeCommandOptions options) } } + outputBom = CycloneDXUtils.CleanupMetadataComponent(outputBom); + outputBom = CycloneDXUtils.CleanupEmptyLists(outputBom); + outputBom.Version = 1; outputBom.SerialNumber = "urn:uuid:" + System.Guid.NewGuid().ToString(); + if (outputBom.Metadata is null) + { + outputBom.Metadata = new Metadata(); + } + if (outputBom.Metadata.Timestamp is null) + { + outputBom.Metadata.Timestamp = DateTime.Now; + } if (!outputToConsole) {