Skip to content

Commit

Permalink
Merge branch 'main' into fix/serialize_licenses
Browse files Browse the repository at this point in the history 
Signed-off-by: andreas hilti <andreas.hilti@bluewin.ch>
  • Loading branch information
@andreas-hilti
andreas-hilti committed Sep 16, 2023
2 parents a2c4188 + 1e3886b commit e95f98a
Show file tree
Hide file tree
Showing 549 changed files with 34,112 additions and 1,037 deletions.
3 changes: 2 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,4 +10,5 @@ coverage-report/
/CycloneDXLibrary.sln.DotSettings.user
docfx/
_exported_templates/
**/BenchmarkDotNet.Artifacts/
**/BenchmarkDotNet.Artifacts/
.DS_Store
2 changes: 1 addition & 1 deletion semver.txt
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
5.4.0
6.0.0
302 changes: 259 additions & 43 deletions src/CycloneDX.Core/BomUtils.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
using System.Collections.Generic;
using System.Text.RegularExpressions;
using CycloneDX.Models;
using CycloneDX.Models.Vulnerabilities;

namespace CycloneDX
{
Expand Down Expand Up @@ -127,13 +128,6 @@ internal static Bom CopyBomAndDowngrade(Bom bom)

if (bomCopy.SpecVersion < SpecificationVersion.v1_4)
{
if (bomCopy.Metadata?.Tools != null)
{
foreach (var tool in bomCopy.Metadata.Tools)
{
tool.ExternalReferences = null;
}
}
EnumerateAllComponents(bomCopy, (component) => {
component.ReleaseNotes = null;
if (component.Version == null)
Expand All @@ -147,6 +141,114 @@ internal static Bom CopyBomAndDowngrade(Bom bom)
bomCopy.Vulnerabilities = null;
}

if (bomCopy.SpecVersion < SpecificationVersion.v1_5)
{
bomCopy.Annotations = null;
bomCopy.Properties = null;
bomCopy.Formulation = null;

if (bomCopy.Metadata != null) bomCopy.Metadata.Lifecycles = null;

if (bomCopy.Compositions != null)
{
foreach (var composition in bomCopy.Compositions)
{
composition.BomRef = null;
composition.Vulnerabilities = null;
}
}

EnumerateAllToolChoices(bomCopy, (toolchoice) =>
{
toolchoice.Components = null;
toolchoice.Services = null;
});

EnumerateAllComponents(bomCopy, (component) =>
{
component.ModelCard = null;
component.Data = null;
if ((int)component.Type > 8) component.Type = Component.Classification.Library;
});

EnumerateAllServices(bomCopy, (service) =>
{
service.TrustZone = null;
if (service.Data != null)
{
foreach (var data in service.Data)
{
data.Name = null;
data.Description = null;
data.Governance = null;
data.Source = null;
data.Destination = null;
}
}
});

EnumerateAllVulnerabilities(bomCopy, (vulnerability) =>
{
vulnerability.Rejected = null;
vulnerability.ProofOfConcept = null;
vulnerability.Workaround = null;
if (vulnerability.Analysis != null)
{
vulnerability.Analysis.FirstIssued = null;
vulnerability.Analysis.LastUpdated = null;
}
if (vulnerability.Ratings != null)
{
var i = 0;
while (i < vulnerability.Ratings.Count)
{
if (vulnerability.Ratings[i].Method == ScoreMethod.CVSSV4 ||
vulnerability.Ratings[i].Method == ScoreMethod.SSVC)
{
vulnerability.Ratings.RemoveAt(i);
}
else
{
i++;
}
}
}
});

EnumerateAllEvidence(bomCopy, (evidence) =>
{
evidence.Identity = null;
evidence.Occurrences = null;
evidence.Callstack = null;
});

EnumerateAllLicenseChoices(bomCopy, (licenseChoice) =>
{
licenseChoice.BomRef = null;
});

EnumerateAllLicenses(bomCopy, (license) =>
{
license.BomRef = null;
license.Licensing = null;
license.Properties = null;
});

EnumerateAllOrganizationalEntity(bomCopy, (orgEntity) =>
{
orgEntity.BomRef = null;
});

EnumerateAllOrganizationalContact(bomCopy, (orgContact) =>
{
orgContact.BomRef = null;
});
}

// triggers a bunch of stuff, don't remove unless you know what you are doing
bomCopy.SpecVersion = bomCopy.SpecVersion;

return bomCopy;
}

Expand All @@ -157,86 +259,200 @@ public static Bom Copy(this Bom bom)
return bomCopy;
}

public static void EnqueueMany<T>(this Queue<T> queue, IEnumerable<T> items)
{
if (items != null)
foreach (var item in items)
queue.Enqueue(item);
}

public static void EnumerateAllComponents(Bom bom, Action<Component> callback)
{
var q = new Queue<Component>();

if (bom.Metadata?.Component != null)
q.Enqueue(bom.Metadata?.Component);
q.EnqueueMany(bom.Metadata?.Tools?.Components);
q.EnqueueMany(bom.Components);

while (q.Count > 0)
{
var currentComponent = q.Dequeue();
if (currentComponent != null)
{
callback(currentComponent);

q.EnqueueMany(currentComponent.Components);
q.EnqueueMany(currentComponent.Pedigree?.Ancestors);
q.EnqueueMany(currentComponent.Pedigree?.Descendants);
q.EnqueueMany(currentComponent.Pedigree?.Variants);
}
}
}

public static void EnumerateAllServices(Bom bom, Action<Service> callback)
{
var q = new Queue<Service>();

q.EnqueueMany(bom.Metadata?.Tools?.Services);
q.EnqueueMany(bom.Services);

while (q.Count > 0)
{
q.Enqueue(bom.Metadata.Component);
var currentService = q.Dequeue();
if (currentService != null)
{
callback(currentService);

q.EnqueueMany(currentService.Services);
}
}
}

public static void EnumerateAllVulnerabilities(Bom bom, Action<Vulnerability> callback)
{
var q = new Queue<Vulnerability>();

if (bom.Components != null)
if (bom.Vulnerabilities != null)
{
foreach (var component in bom.Components)
foreach (var vulnerability in bom.Vulnerabilities)
{
q.Enqueue(component);
q.Enqueue(vulnerability);
}
}

while (q.Count > 0)
{
var currentComponent = q.Dequeue();
var currentVulnerability = q.Dequeue();

callback(currentComponent);
callback(currentVulnerability);
}
}
public static void EnumerateAllEvidence(Bom bom, Action<Evidence> callback)
{
EnumerateAllComponents(bom, (component) =>
{
if (component.Evidence != null) callback(component.Evidence);
});
}

public static void EnumerateAllLicenses(Bom bom, Action<License> callback)
{
EnumerateAllLicenseChoices(bom, (licenseChoice) =>
{
if (licenseChoice.License != null) callback(licenseChoice.License);
});
}

if (currentComponent.Components != null)
public static void EnumerateAllLicenseChoices(Bom bom, Action<LicenseChoice> callback)
{
if (bom.Metadata?.Licenses != null)
{
foreach (var license in bom.Metadata.Licenses)
{
foreach (var c in currentComponent.Components)
{
q.Enqueue(c);
}
callback(license);
}
if (currentComponent.Pedigree?.Ancestors != null)

}
EnumerateAllComponents(bom, (component) =>
{
if (component.Licenses != null)
{
foreach (var c in currentComponent.Pedigree.Ancestors)
foreach (var license in component.Licenses)
{
q.Enqueue(c);
callback(license);
}
}
if (currentComponent.Pedigree?.Descendants != null)
});

EnumerateAllServices(bom, (service) =>
{
if (service.Licenses != null)
{
foreach (var c in currentComponent.Pedigree.Descendants)
foreach (var license in service.Licenses)
{
q.Enqueue(c);
callback(license);
}
}
if (currentComponent.Pedigree?.Variants != null)
});

EnumerateAllEvidence(bom, (evidence) =>
{
if (evidence.Licenses != null)
{
foreach (var c in currentComponent.Pedigree.Variants)
foreach (var license in evidence.Licenses)
{
q.Enqueue(c);
callback(license);
}
}
}
});
}

public static void EnumerateAllServices(Bom bom, Action<Service> callback)
public static void EnumerateAllOrganizationalEntity(Bom bom, Action<OrganizationalEntity> callback)
{
var q = new Queue<Service>();
if (bom.Metadata?.Manufacture != null) callback(bom.Metadata.Manufacture);
if (bom.Metadata?.Supplier != null) callback(bom.Metadata.Supplier);

if (bom.Services != null)
if (bom.Annotations != null)
{
foreach (var service in bom.Services)
foreach (var annotation in bom.Annotations)
{
q.Enqueue(service);
if (annotation.Annotator?.Organization != null)
callback(annotation.Annotator.Organization);
}

}

while (q.Count > 0)
{
var currentService = q.Dequeue();

callback(currentService);
EnumerateAllVulnerabilities(bom, (vulnerability) =>
{
if (vulnerability.Credits?.Organizations != null)
{
foreach (var org in vulnerability.Credits.Organizations) callback(org);
}
});
EnumerateAllComponents(bom, (component) =>
{
if (component.Supplier != null) callback(component.Supplier);
});
EnumerateAllServices(bom, (service) =>
{
if (service.Provider != null) callback(service.Provider);
});
}

if (currentService.Services != null)
public static void EnumerateAllOrganizationalContact(Bom bom, Action<OrganizationalContact> callback)
{
EnumerateAllOrganizationalEntity(bom, (orgEntity) =>
{
if (orgEntity.Contact != null)
{
foreach (var s in currentService.Services)
foreach (var contact in orgEntity.Contact)
{
q.Enqueue(s);
callback(contact);
}
}
}
});

EnumerateAllVulnerabilities(bom, (vulnerability) =>
{
if (vulnerability.Credits?.Individuals != null)
{
foreach (var individual in vulnerability.Credits.Individuals)
{
callback(individual);
}
}
});
}

public static void EnumerateAllToolChoices(Bom bom, Action<ToolChoices> callback)
{
if (bom.Metadata?.Tools != null)
callback(bom.Metadata.Tools);
EnumerateAllVulnerabilities(bom, (vuln) =>
{
if (vuln.Tools != null)
callback(vuln.Tools);
});
}
}
}
2 changes: 1 addition & 1 deletion src/CycloneDX.Core/CycloneDX.Core.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
<PrivateAssets>all</PrivateAssets>
</PackageReference>
<PackageReference Include="JsonSchema.Net" Version="3.3.2" />
<PackageReference Include="protobuf-net" Version="3.2.16" />
<PackageReference Include="protobuf-net" Version="3.2.26" />
<PackageReference Include="protobuf-net.BuildTools" Version="3.2.12" PrivateAssets="all" IncludeAssets="runtime;build;native;contentfiles;analyzers;buildtransitive" />
<PackageReference Include="System.Text.Json" Version="7.0.2" />
</ItemGroup>
Expand Down
Loading

0 comments on commit e95f98a

Please sign in to comment.