Skip to content

Commit

Permalink
Fix metadata tools components
Browse files Browse the repository at this point in the history 
Signed-off-by: andreas hilti <andreas.hilti@bluewin.ch>
  • Loading branch information
@andreas-hilti
andreas-hilti committed Jun 1, 2024
1 parent 57972c2 commit 59a2da3
Show file tree
Hide file tree
Showing 3 changed files with 352 additions and 1 deletion.
24 changes: 23 additions & 1 deletion src/CycloneDX.Utils/Merge.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,13 +67,19 @@ public static Bom FlatMerge(Bom bom1, Bom bom2)
var toolsMerger = new ListMergeHelper<Tool>();
#pragma warning restore 618
var tools = toolsMerger.Merge(bom1.Metadata?.Tools?.Tools, bom2.Metadata?.Tools?.Tools);
if (tools != null)
var toolsComponentsMerger = new ListMergeHelper<Component>();
var toolsComponents = toolsComponentsMerger.Merge(bom1.Metadata?.Tools?.Components, bom2.Metadata?.Tools?.Components);
var toolsServicesMerger = new ListMergeHelper<Service>();
var toolsServices = toolsServicesMerger.Merge(bom1.Metadata?.Tools?.Services, bom2.Metadata?.Tools?.Services);
if (tools != null || toolsComponents != null || toolsServices != null)
{
result.Metadata = new Metadata
{
Tools = new ToolChoices
{
Tools = tools,
Components = toolsComponents,
Services = toolsServices,
}
};
}
Expand Down Expand Up @@ -230,6 +236,22 @@ bom.SerialNumber is null
{
result.Metadata.Tools.Tools.AddRange(bom.Metadata.Tools.Tools);
}
if (bom.Metadata?.Tools?.Components?.Count > 0)
{
if (result.Metadata.Tools.Components == null)
{
result.Metadata.Tools.Components = new List<Component>();
}
result.Metadata.Tools.Components.AddRange(bom.Metadata.Tools.Components);
}
if (bom.Metadata?.Tools?.Services?.Count > 0)
{
if (result.Metadata.Tools.Services == null)
{
result.Metadata.Tools.Services = new List<Service>();
}
result.Metadata.Tools.Services.AddRange(bom.Metadata.Tools.Services);
}

var thisComponent = bom.Metadata.Component;
if (thisComponent.Components is null) bom.Metadata.Component.Components = new List<Component>();
Expand Down
110 changes: 110 additions & 0 deletions tests/CycloneDX.Utils.Tests/MergeTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -263,6 +263,116 @@ public void HierarchicalMergeComponentsTest()
Snapshot.Match(result);
}

[Fact]
public void HierarchicalMergeToolsComponentsTest()
{
var subject = new Component
{
Name = "Thing",
Version = "1",
};

var sbom1 = new Bom
{
Metadata = new Metadata
{
Component = new Component
{
Name = "System1",
Version = "1",
BomRef = "System1@1"
},
Tools = new ToolChoices
{
Components = new List<Component>
{
new Component
{
Name = "ToolComponent1",
Version = "1",
BomRef = "ToolComponent1@1",
}
}
}
},
Components = new List<Component>
{
new Component
{
Name = "Component1",
Version = "1",
BomRef = "Component1@1"
}
},
Dependencies = new List<Dependency>
{
new Dependency
{
Ref = "System1@1",
Dependencies = new List<Dependency>
{
new Dependency
{
Ref = "Component1@1"
}
}
}
},
};
var sbom2 = new Bom
{
Metadata = new Metadata
{
Component = new Component
{
Name = "System2",
Version = "1",
BomRef = "System2@1"
},
Tools = new ToolChoices
{
Components = new List<Component>
{
new Component
{
Name = "ToolComponent2",
Version = "1",
BomRef = "ToolComponent2@1",
}
}
}
},
Components = new List<Component>
{
new Component
{
Name = "Component2",
Version = "1",
BomRef = "Component2@1"
}
},
Dependencies = new List<Dependency>
{
new Dependency
{
Ref = "System2@1",
Dependencies = new List<Dependency>
{
new Dependency
{
Ref = "Component2@1"
}
}
}
},
};

var result = CycloneDXUtils.HierarchicalMerge(new[] { sbom1, sbom2 }, subject);

Snapshot.Match(result);
}


[Fact]
public void HierarchicalMergeVulnerabilitiesTest()
{
Expand Down
219 changes: 219 additions & 0 deletions .../CycloneDX.Utils.Tests/__snapshots__/MergeTests.HierarchicalMergeToolsComponentsTest.snap
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,219 @@
{
"BomFormat": "CycloneDX",
"SpecVersion": "v1_5",
"SpecVersionString": "1.5",
"SerialNumber": null,
"Version": null,
"Metadata": {
"Tools": {
"Tools": null,
"Components": [
{
"Type": "Null",
"MimeType": null,
"BomRef": "ToolComponent1@1",
"Supplier": null,
"Author": null,
"Publisher": null,
"Group": null,
"Name": "ToolComponent1",
"Version": "1",
"Description": null,
"Scope": null,
"Licenses": null,
"Copyright": null,
"Cpe": null,
"Purl": null,
"Swid": null,
"Modified": null,
"Pedigree": null,
"Evidence": null,
"ModelCard": null,
"Data": null
},
{
"Type": "Null",
"MimeType": null,
"BomRef": "ToolComponent2@1",
"Supplier": null,
"Author": null,
"Publisher": null,
"Group": null,
"Name": "ToolComponent2",
"Version": "1",
"Description": null,
"Scope": null,
"Licenses": null,
"Copyright": null,
"Cpe": null,
"Purl": null,
"Swid": null,
"Modified": null,
"Pedigree": null,
"Evidence": null,
"ModelCard": null,
"Data": null
}
]
},
"ProtobufTools": null,
"Authors": null,
"Component": {
"Type": "Null",
"MimeType": null,
"BomRef": "Thing@1",
"Supplier": null,
"Author": null,
"Publisher": null,
"Group": null,
"Name": "Thing",
"Version": "1",
"Description": null,
"Scope": null,
"Licenses": null,
"Copyright": null,
"Cpe": null,
"Purl": null,
"Swid": null,
"Modified": null,
"Pedigree": null,
"Evidence": null,
"ModelCard": null,
"Data": null
},
"Manufacture": null,
"Supplier": null
},
"Components": [
{
"Type": "Null",
"MimeType": null,
"BomRef": "System1@1:System1@1",
"Supplier": null,
"Author": null,
"Publisher": null,
"Group": null,
"Name": "System1",
"Version": "1",
"Description": null,
"Scope": null,
"Licenses": null,
"Copyright": null,
"Cpe": null,
"Purl": null,
"Swid": null,
"Modified": null,
"Pedigree": null,
"Components": [
{
"Type": "Null",
"MimeType": null,
"BomRef": "System1@1:Component1@1",
"Supplier": null,
"Author": null,
"Publisher": null,
"Group": null,
"Name": "Component1",
"Version": "1",
"Description": null,
"Scope": null,
"Licenses": null,
"Copyright": null,
"Cpe": null,
"Purl": null,
"Swid": null,
"Modified": null,
"Pedigree": null,
"Evidence": null,
"ModelCard": null,
"Data": null
}
],
"Evidence": null,
"ModelCard": null,
"Data": null
},
{
"Type": "Null",
"MimeType": null,
"BomRef": "System2@1:System2@1",
"Supplier": null,
"Author": null,
"Publisher": null,
"Group": null,
"Name": "System2",
"Version": "1",
"Description": null,
"Scope": null,
"Licenses": null,
"Copyright": null,
"Cpe": null,
"Purl": null,
"Swid": null,
"Modified": null,
"Pedigree": null,
"Components": [
{
"Type": "Null",
"MimeType": null,
"BomRef": "System2@1:Component2@1",
"Supplier": null,
"Author": null,
"Publisher": null,
"Group": null,
"Name": "Component2",
"Version": "1",
"Description": null,
"Scope": null,
"Licenses": null,
"Copyright": null,
"Cpe": null,
"Purl": null,
"Swid": null,
"Modified": null,
"Pedigree": null,
"Evidence": null,
"ModelCard": null,
"Data": null
}
],
"Evidence": null,
"ModelCard": null,
"Data": null
}
],
"Dependencies": [
{
"Ref": "System1@1:System1@1",
"Dependencies": [
{
"Ref": "System1@1:Component1@1",
"Dependencies": null
}
]
},
{
"Ref": "System2@1:System2@1",
"Dependencies": [
{
"Ref": "System2@1:Component2@1",
"Dependencies": null
}
]
},
{
"Ref": "Thing@1",
"Dependencies": [
{
"Ref": "System1@1:System1@1",
"Dependencies": null
},
{
"Ref": "System2@1:System2@1",
"Dependencies": null
}
]
}
],
"Compositions": null
}

0 comments on commit 59a2da3

Please sign in to comment.