Merge pull request #429 from another-rex:fix-sbom-extractors

PiperOrigin-RevId: 723433104

extractor/filesystem/sbom/cdx/cdx.go

@@ -47,9 +47,12 @@ type extractFunc = func(io.Reader) (cyclonedx.BOM, error)
 // https://cyclonedx.org/specification/overview/#recognized-file-patterns
 var cdxExtensions = map[string]cyclonedx.BOMFileFormat{
 	".cdx.json": cyclonedx.BOMFileFormatJSON,
-	".bom.json": cyclonedx.BOMFileFormatJSON,
 	".cdx.xml":  cyclonedx.BOMFileFormatXML,
-	".bom.xml":  cyclonedx.BOMFileFormatXML,
+}
+
+var cdxNames = map[string]cyclonedx.BOMFileFormat{
+	"bom.json": cyclonedx.BOMFileFormatJSON,
+	"bom.xml":  cyclonedx.BOMFileFormatXML,
 }
 
 // FileRequired returns true if the specified file is a supported cdx file.
@@ -86,6 +89,15 @@ func findExtractor(path string) extractFunc {
 		}
 	}
 
+	for name, format := range cdxNames {
+		if strings.ToLower(filepath.Base(path)) == name {
+			return func(rdr io.Reader) (cyclonedx.BOM, error) {
+				var cdxBOM cyclonedx.BOM
+				return cdxBOM, cyclonedx.NewBOMDecoder(rdr, format).Decode(&cdxBOM)
+			}
+		}
+	}
+
 	return nil
 }
 

extractor/filesystem/sbom/cdx/cdx_test.go

@@ -55,11 +55,21 @@ func TestFileRequired(t *testing.T) {
 		{
 			name:           "sbom.bom.json",
 			path:           "testdata/sbom.bom.json",
-			wantIsRequired: true,
+			wantIsRequired: false,
 		},
 		{
 			name:           "sbom.bom.xml",
 			path:           "testdata/sbom.bom.xml",
+			wantIsRequired: false,
+		},
+		{
+			name:           "bom.json",
+			path:           "testdata/bom.json",
+			wantIsRequired: true,
+		},
+		{
+			name:           "bom.xml",
+			path:           "testdata/bom.xml",
 			wantIsRequired: true,
 		},
 		{

extractor/filesystem/sbom/spdx/spdx.go

@@ -50,10 +50,11 @@ type extractFunc = func(io.Reader) (*spdx.Document, error)
 
 // Format support based on https://spdx.dev/resources/use/#documents
 var extensionHandlers = map[string]extractFunc{
-	".spdx.json": json.Read,
-	".spdx":      tagvalue.Read,
-	".spdx.yml":  yaml.Read,
-	".spdx.rdf":  rdf.Read,
+	".spdx.json":    json.Read,
+	".spdx":         tagvalue.Read,
+	".spdx.yml":     yaml.Read,
+	".spdx.rdf":     rdf.Read,
+	".spdx.rdf.xml": rdf.Read,
 	// No support for .xsl files because those are too ambiguous and could be many other things.
 }
 

extractor/filesystem/sbom/spdx/spdx_test.go

@@ -67,6 +67,11 @@ func TestFileRequired(t *testing.T) {
 			path:           "testdata/sbom.spdx.rdf",
 			wantIsRequired: true,
 		},
+		{
+			name:           "sbom.spdx.rdf.xml",
+			path:           "testdata/sbom.spdx.rdf.xml",
+			wantIsRequired: true,
+		},
 		{
 			name:           "random_file.ext",
 			path:           "testdata/random_file.ext",