Skip to content

Commit

Permalink
namespace tool components and services
Browse files Browse the repository at this point in the history 
Signed-off-by: andreas hilti <andreas.hilti@bluewin.ch>
  • Loading branch information
@andreas-hilti
andreas-hilti committed Jun 30, 2024
1 parent 59a2da3 commit c20d051
Show file tree
Hide file tree
Showing 4 changed files with 320 additions and 4 deletions.
18 changes: 16 additions & 2 deletions src/CycloneDX.Utils/Merge.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -242,15 +242,29 @@ bom.SerialNumber is null
{
result.Metadata.Tools.Components = new List<Component>();
}
result.Metadata.Tools.Components.AddRange(bom.Metadata.Tools.Components);
foreach (var component in bom.Metadata.Tools.Components)
{
component.BomRef = NamespacedBomRef(bom.Metadata.Component, component.BomRef);
if (!result.Metadata.Tools.Components.Contains(component))
{
result.Metadata.Tools.Components.Add(component);
}
}
}
if (bom.Metadata?.Tools?.Services?.Count > 0)
{
if (result.Metadata.Tools.Services == null)
{
result.Metadata.Tools.Services = new List<Service>();
}
result.Metadata.Tools.Services.AddRange(bom.Metadata.Tools.Services);
foreach (var service in bom.Metadata.Tools.Services)
{
service.BomRef = NamespacedBomRef(bom.Metadata.Component, service.BomRef);
if (!result.Metadata.Tools.Services.Contains(service))
{
result.Metadata.Tools.Services.Add(service);
}
}
}

var thisComponent = bom.Metadata.Component;
Expand Down
106 changes: 106 additions & 0 deletions tests/CycloneDX.Utils.Tests/MergeTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -372,6 +372,112 @@ public void HierarchicalMergeToolsComponentsTest()
Snapshot.Match(result);
}

[Fact]
public void HierarchicalMergeDuplicatedToolsComponentsTest()
{
var subject = new Component
{
Name = "Thing",
Version = "1",
};

var sbom1 = new Bom
{
Metadata = new Metadata
{
Component = new Component
{
Name = "System1",
Version = "1",
BomRef = "System1@1"
},
Tools = new ToolChoices
{
Components = new List<Component>
{
new Component
{
Name = "ToolComponent1",
Version = "1",
}
}
}
},
Components = new List<Component>
{
new Component
{
Name = "Component1",
Version = "1",
BomRef = "Component1@1"
}
},
Dependencies = new List<Dependency>
{
new Dependency
{
Ref = "System1@1",
Dependencies = new List<Dependency>
{
new Dependency
{
Ref = "Component1@1"
}
}
}
},
};
var sbom2 = new Bom
{
Metadata = new Metadata
{
Component = new Component
{
Name = "System2",
Version = "1",
BomRef = "System2@1"
},
Tools = new ToolChoices
{
Components = new List<Component>
{
new Component
{
Name = "ToolComponent1",
Version = "1",
}
}
}
},
Components = new List<Component>
{
new Component
{
Name = "Component2",
Version = "1",
BomRef = "Component2@1"
}
},
Dependencies = new List<Dependency>
{
new Dependency
{
Ref = "System2@1",
Dependencies = new List<Dependency>
{
new Dependency
{
Ref = "Component2@1"
}
}
}
},
};

var result = CycloneDXUtils.HierarchicalMerge(new[] { sbom1, sbom2 }, subject);

Snapshot.Match(result);
}

[Fact]
public void HierarchicalMergeVulnerabilitiesTest()
Expand Down
196 changes: 196 additions & 0 deletions ....Utils.Tests/__snapshots__/MergeTests.HierarchicalMergeDuplicatedToolsComponentsTest.snap
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,196 @@
{
"BomFormat": "CycloneDX",
"SpecVersion": "v1_5",
"SpecVersionString": "1.5",
"SerialNumber": null,
"Version": null,
"Metadata": {
"Tools": {
"Tools": null,
"Components": [
{
"Type": "Null",
"MimeType": null,
"BomRef": null,
"Supplier": null,
"Author": null,
"Publisher": null,
"Group": null,
"Name": "ToolComponent1",
"Version": "1",
"Description": null,
"Scope": null,
"Licenses": null,
"Copyright": null,
"Cpe": null,
"Purl": null,
"Swid": null,
"Modified": null,
"Pedigree": null,
"Evidence": null,
"ModelCard": null,
"Data": null
}
]
},
"ProtobufTools": null,
"Authors": null,
"Component": {
"Type": "Null",
"MimeType": null,
"BomRef": "Thing@1",
"Supplier": null,
"Author": null,
"Publisher": null,
"Group": null,
"Name": "Thing",
"Version": "1",
"Description": null,
"Scope": null,
"Licenses": null,
"Copyright": null,
"Cpe": null,
"Purl": null,
"Swid": null,
"Modified": null,
"Pedigree": null,
"Evidence": null,
"ModelCard": null,
"Data": null
},
"Manufacture": null,
"Supplier": null
},
"Components": [
{
"Type": "Null",
"MimeType": null,
"BomRef": "System1@1:System1@1",
"Supplier": null,
"Author": null,
"Publisher": null,
"Group": null,
"Name": "System1",
"Version": "1",
"Description": null,
"Scope": null,
"Licenses": null,
"Copyright": null,
"Cpe": null,
"Purl": null,
"Swid": null,
"Modified": null,
"Pedigree": null,
"Components": [
{
"Type": "Null",
"MimeType": null,
"BomRef": "System1@1:Component1@1",
"Supplier": null,
"Author": null,
"Publisher": null,
"Group": null,
"Name": "Component1",
"Version": "1",
"Description": null,
"Scope": null,
"Licenses": null,
"Copyright": null,
"Cpe": null,
"Purl": null,
"Swid": null,
"Modified": null,
"Pedigree": null,
"Evidence": null,
"ModelCard": null,
"Data": null
}
],
"Evidence": null,
"ModelCard": null,
"Data": null
},
{
"Type": "Null",
"MimeType": null,
"BomRef": "System2@1:System2@1",
"Supplier": null,
"Author": null,
"Publisher": null,
"Group": null,
"Name": "System2",
"Version": "1",
"Description": null,
"Scope": null,
"Licenses": null,
"Copyright": null,
"Cpe": null,
"Purl": null,
"Swid": null,
"Modified": null,
"Pedigree": null,
"Components": [
{
"Type": "Null",
"MimeType": null,
"BomRef": "System2@1:Component2@1",
"Supplier": null,
"Author": null,
"Publisher": null,
"Group": null,
"Name": "Component2",
"Version": "1",
"Description": null,
"Scope": null,
"Licenses": null,
"Copyright": null,
"Cpe": null,
"Purl": null,
"Swid": null,
"Modified": null,
"Pedigree": null,
"Evidence": null,
"ModelCard": null,
"Data": null
}
],
"Evidence": null,
"ModelCard": null,
"Data": null
}
],
"Dependencies": [
{
"Ref": "System1@1:System1@1",
"Dependencies": [
{
"Ref": "System1@1:Component1@1",
"Dependencies": null
}
]
},
{
"Ref": "System2@1:System2@1",
"Dependencies": [
{
"Ref": "System2@1:Component2@1",
"Dependencies": null
}
]
},
{
"Ref": "Thing@1",
"Dependencies": [
{
"Ref": "System1@1:System1@1",
"Dependencies": null
},
{
"Ref": "System2@1:System2@1",
"Dependencies": null
}
]
}
],
"Compositions": null
}
4 changes: 2 additions & 2 deletions .../CycloneDX.Utils.Tests/__snapshots__/MergeTests.HierarchicalMergeToolsComponentsTest.snap
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
{
"Type": "Null",
"MimeType": null,
"BomRef": "ToolComponent1@1",
"BomRef": "System1@1:ToolComponent1@1",
"Supplier": null,
"Author": null,
"Publisher": null,
Expand All @@ -34,7 +34,7 @@
{
"Type": "Null",
"MimeType": null,
"BomRef": "ToolComponent2@1",
"BomRef": "System2@1:ToolComponent2@1",
"Supplier": null,
"Author": null,
"Publisher": null,
Expand Down

0 comments on commit c20d051

Please sign in to comment.