use sbomasm detect funatioanlity to detect format

Signed-off-by: Vivek Kumar Sahu <[email protected]>
interlynk-io · Feb 11, 2025 · 79e4720 · 79e4720
1 parent 958830d
commit 79e4720
Show file tree

Hide file tree

Showing 8 changed files with 98 additions and 138 deletions.
diff --git a/go.mod b/go.mod
@@ -1,10 +1,11 @@
 module github.com/interlynk-io/sbommv
 
-go 1.22
+go 1.23
 
-toolchain go1.22.12
+toolchain go1.23.6
 
 require (
+	github.com/interlynk-io/sbomasm v0.2.0
 	github.com/spf13/cobra v1.8.1
 	github.com/spf13/viper v1.19.0
 	go.uber.org/zap v1.27.0
@@ -26,10 +27,11 @@ require (
 	github.com/spf13/cast v1.6.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
-	go.uber.org/multierr v1.10.0 // indirect
+	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/exp v0.0.0-20230905200255-921286631fa9 // indirect
 	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/text v0.21.0 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -13,6 +13,8 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/interlynk-io/sbomasm v0.2.0 h1:m5LyoCgYBepUHqGQbKPVNj1sW6TXsqKNOgDCqCsCj5M=
+github.com/interlynk-io/sbomasm v0.2.0/go.mod h1:cOxPfDfa8Xfbz86QPLFQLmXN8XjWWCCOfNnXH4+KluE=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
@@ -26,8 +28,8 @@ github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
 github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
-github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
 github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
@@ -58,21 +60,23 @@ github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
 go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
-go.uber.org/multierr v1.10.0 h1:S0h4aNzvfcFsC3dRF1jLoaov7oRaKqRGC/pUEJ2yvPQ=
-go.uber.org/multierr v1.10.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
 go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8=
 go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9 h1:GoHiUyI/Tp2nVkLI2mCxVkOjsbSXD66ic0XW0js0R9g=
 golang.org/x/exp v0.0.0-20230905200255-921286631fa9/go.mod h1:S2oDrQGGwySpoQPVqRShND87VCbxmc6bL1Yd2oYrm6k=
 golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
 golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
+golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
 gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/pkg/sbom/format.go b/pkg/sbom/format.go
@@ -15,10 +15,13 @@
 package sbom
 
 import (
+	"bytes"
 	"encoding/json"
 	"encoding/xml"
 	"fmt"
 	"strings"
+
+	"github.com/interlynk-io/sbomasm/pkg/detect"
 )
 
 // Format-specific structs for basic parsing
@@ -43,69 +46,63 @@ type spdxJSON struct {
 	Relationships []any  `json:"relationships"`
 }
 
-func (p *SBOMProcessor) detectJSONFormat(content []byte) (SBOMFormat, bool) {
-	// Try CycloneDX
-	var cdx cycloneDXJSON
-	if err := json.Unmarshal(content, &cdx); err == nil {
-		if strings.EqualFold(cdx.BOMFormat, "CycloneDX") {
-			return FormatCycloneDXJSON, true
-		}
-	}
+func (p *SBOMProcessor) detectAndParse(doc *SBOMDocument) error {
+	// Convert SBOM content whih is in byte to an `io.ReadSeek
+	sbomReader := bytes.NewReader(doc.Content)
 
-	// Try SPDX
-	var spdx spdxJSON
-	if err := json.Unmarshal(content, &spdx); err == nil {
-		if strings.HasPrefix(spdx.SPDXID, "SPDXRef-") {
-			return FormatSPDXJSON, true
-		}
+	// Use sbomasms Detect function
+	specFormat, fileFormat, err := detect.Detect(sbomReader)
+	if err != nil {
+		return fmt.Errorf("failed to detect SBOM format: %w", err)
 	}
 
-	return FormatUnknown, false
-}
+	// ✅ Map detected format to our SBOMFormat type
+	switch specFormat {
 
-func (p *SBOMProcessor) detectXMLFormat(content []byte) (SBOMFormat, bool) {
-	var cdx cycloneDXXML
-	if err := xml.Unmarshal(content, &cdx); err == nil {
-		return FormatCycloneDXXML, true
+	case detect.SBOMSpecSPDX:
+		if fileFormat == detect.FileFormatJSON {
+			doc.Format = FormatSPDXJSON
+		} else if fileFormat == detect.FileFormatTagValue {
+			doc.Format = FormatSPDXTag
+		} else if fileFormat == detect.FileFormatYAML {
+			doc.Format = FormatSPDXYAML
+		}
+	case detect.SBOMSpecCDX:
+		if fileFormat == detect.FileFormatJSON {
+			doc.Format = FormatCycloneDXJSON
+		} else if fileFormat == detect.FileFormatXML {
+			doc.Format = FormatCycloneDXXML
+		}
+	default:
+		doc.Format = FormatUnknown
+		return fmt.Errorf("unknown SBOM format")
 	}
-	return FormatUnknown, false
+	return p.parseSBOMContent(doc)
 }
 
-func (p *SBOMProcessor) parseJSONContent(doc *SBOMDocument) error {
+func (p *SBOMProcessor) parseSBOMContent(doc *SBOMDocument) error {
 	switch doc.Format {
-	case FormatCycloneDXJSON:
+	case FormatCycloneDXJSON, FormatCycloneDXXML:
 		var cdx cycloneDXJSON
-		if err := json.Unmarshal(doc.Content, &cdx); err != nil {
-			return fmt.Errorf("parsing CycloneDX JSON: %w", err)
+		if err := json.Unmarshal(doc.Content, &cdx); err == nil {
+			doc.SpecVersion = cdx.SpecVersion
 		}
-		doc.SpecVersion = cdx.SpecVersion
-
-	case FormatSPDXJSON:
+	case FormatSPDXJSON, FormatSPDXYAML:
 		var spdx spdxJSON
-		if err := json.Unmarshal(doc.Content, &spdx); err != nil {
-			return fmt.Errorf("parsing SPDX JSON: %w", err)
+		if err := json.Unmarshal(doc.Content, &spdx); err == nil {
+			doc.SpecVersion = spdx.SpecVersion
 		}
-		doc.SpecVersion = spdx.SpecVersion
-	}
-	return nil
-}
-
-func (p *SBOMProcessor) parseXMLContent(doc *SBOMDocument) error {
-	var cdx cycloneDXXML
-	if err := xml.Unmarshal(doc.Content, &cdx); err != nil {
-		return fmt.Errorf("parsing CycloneDX XML: %w", err)
-	}
-	doc.SpecVersion = cdx.SpecVersion
-	return nil
-}
 
-func (p *SBOMProcessor) parseSPDXTagContent(doc *SBOMDocument) error {
-	lines := strings.Split(string(doc.Content), "\n")
-	for _, line := range lines {
-		if strings.HasPrefix(line, "SPDXVersion:") {
-			doc.SpecVersion = strings.TrimSpace(strings.TrimPrefix(line, "SPDXVersion:"))
-			break
+	case FormatSPDXTag:
+		lines := strings.Split(string(doc.Content), "\n")
+		for _, line := range lines {
+			if strings.HasPrefix(line, "SPDXVersion:") {
+				doc.SpecVersion = strings.TrimSpace(strings.TrimPrefix(line, "SPDXVersion:"))
+				break
+			}
 		}
+	default:
+		return fmt.Errorf("unsupported SBOM format for parsing: %s", doc.Format)
 	}
 	return nil
 }
diff --git a/pkg/sbom/output.go b/pkg/sbom/output.go
@@ -16,9 +16,14 @@ package sbom
 
 import (
 	"bytes"
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
+	"os"
+	"path/filepath"
+
+	"github.com/interlynk-io/sbommv/pkg/logger"
 )
 
 // PrettyPrintSBOM prints an SBOM in formatted JSON
@@ -41,3 +46,27 @@ func PrettyPrintSBOM(w io.Writer, Content []byte) error {
 	_, err := w.Write(buf.Bytes())
 	return err
 }
+
+// WriteSBOM writes an SBOM to the output directory
+func (p *SBOMProcessor) WriteSBOM(doc SBOMDocument, repoName string) error {
+	if p.outputDir == "" {
+		return nil // No output directory specified, skip writing
+	}
+
+	// Construct full path: sboms/<org>/<repo>.sbom.json
+	outputPath := filepath.Join(p.outputDir, repoName+".sbom.json")
+	outputDir := filepath.Dir(outputPath) // Extract directory path
+
+	// Ensure all parent directories exist
+	if err := os.MkdirAll(outputDir, 0o755); err != nil {
+		return fmt.Errorf("creating output directory: %w", err)
+	}
+
+	// Write SBOM file
+	if err := os.WriteFile(outputPath, doc.Content, 0o644); err != nil {
+		return fmt.Errorf("writing SBOM file: %w", err)
+	}
+
+	logger.LogDebug(context.Background(), "SBOM successfully written", "path", outputPath)
+	return nil
+}
diff --git a/pkg/sbom/processor.go b/pkg/sbom/processor.go
@@ -15,16 +15,8 @@
 package sbom
 
 import (
-	"context"
-	"encoding/json"
-	"encoding/xml"
 	"errors"
 	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/interlynk-io/sbommv/pkg/logger"
 )
 
 // SBOMFormat represents supported SBOM document formats
@@ -34,6 +26,7 @@ const (
 	FormatCycloneDXJSON SBOMFormat = "CycloneDX-JSON"
 	FormatCycloneDXXML  SBOMFormat = "CycloneDX-XML"
 	FormatSPDXJSON      SBOMFormat = "SPDX-JSON"
+	FormatSPDXYAML      SBOMFormat = "SPDX-YAML"
 	FormatSPDXTag       SBOMFormat = "SPDX-Tag"
 	FormatUnknown       SBOMFormat = "Unknown"
 )
@@ -84,7 +77,6 @@ func (p *SBOMProcessor) ProcessSBOMs() (SBOMDocument, error) {
 	}
 
 	doc := SBOMDocument{
-		// Filename: fmt.Sprintf("%s.sbom.json", repoName), // Use repo name as filename
 		Filename: p.path,
 		Content:  p.data,
 	}
@@ -96,70 +88,3 @@ func (p *SBOMProcessor) ProcessSBOMs() (SBOMDocument, error) {
 
 	return doc, nil
 }
-
-// WriteSBOM writes an SBOM to the output directory
-func (p *SBOMProcessor) WriteSBOM(doc SBOMDocument, repoName string) error {
-	if p.outputDir == "" {
-		return nil // No output directory specified, skip writing
-	}
-
-	// Construct full path: sboms/<org>/<repo>.sbom.json
-	outputPath := filepath.Join(p.outputDir, repoName+".sbom.json")
-	outputDir := filepath.Dir(outputPath) // Extract directory path
-
-	// Ensure all parent directories exist
-	if err := os.MkdirAll(outputDir, 0o755); err != nil {
-		return fmt.Errorf("creating output directory: %w", err)
-	}
-
-	// Write SBOM file
-	if err := os.WriteFile(outputPath, doc.Content, 0o644); err != nil {
-		return fmt.Errorf("writing SBOM file: %w", err)
-	}
-
-	logger.LogDebug(context.Background(), "SBOM successfully written", "path", outputPath)
-	return nil
-}
-
-// detectAndParse detects the SBOM format and parses its content
-func (p *SBOMProcessor) detectAndParse(doc *SBOMDocument) error {
-	// Try JSON formats first
-	if isJSON(doc.Content) {
-		if format, ok := p.detectJSONFormat(doc.Content); ok {
-			doc.Format = format
-			return p.parseJSONContent(doc)
-		}
-	}
-
-	// Try XML formats
-	if isXML(doc.Content) {
-		if format, ok := p.detectXMLFormat(doc.Content); ok {
-			doc.Format = format
-			return p.parseXMLContent(doc)
-		}
-	}
-
-	// Try SPDX tag-value format
-	if isSPDXTag(doc.Content) {
-		doc.Format = FormatSPDXTag
-		return p.parseSPDXTagContent(doc)
-	}
-
-	doc.Format = FormatUnknown
-	return errors.New("unknown SBOM format")
-}
-
-// Helper functions to detect formats
-func isJSON(content []byte) bool {
-	var js json.RawMessage
-	return json.Unmarshal(content, &js) == nil
-}
-
-func isXML(content []byte) bool {
-	return xml.Unmarshal(content, new(interface{})) == nil
-}
-
-func isSPDXTag(content []byte) bool {
-	return strings.Contains(string(content), "SPDXVersion:") ||
-		strings.Contains(string(content), "SPDX-License-Identifier:")
-}
diff --git a/pkg/source/github/adapter.go b/pkg/source/github/adapter.go
@@ -316,7 +316,7 @@ func (g *GitHubAdapter) fetchSBOMsSequentially(ctx *tcontext.TransferMetadata, r
 		// Fetch SBOMs for the current repository
 		iter, err := NewGitHubIterator(ctx, g, repo)
 		if err != nil {
-			logger.LogError(ctx.Context, err, "Failed to fetch SBOMs for repo", "repo", repo)
+			fmt.Printf("\nFailed to fetch SBOMs for repo %s", repo)
 			continue
 		}
 

diff --git a/pkg/source/github/client.go b/pkg/source/github/client.go
@@ -121,7 +121,8 @@ func (c *Client) FindSBOMs(ctx *tcontext.TransferMetadata) ([]SBOMAsset, error)
 	sboms := c.extractSBOMs(targetReleases)
 
 	if len(sboms) == 0 {
-		return nil, fmt.Errorf("no SBOM files found in releases for repository %s/%s", c.Owner, c.Repo)
+		fmt.Printf("No SBOM files found for repository %s/%s", c.Owner, c.Repo)
+		return nil, nil
 	}
 	logger.LogDebug(ctx.Context, "Successfully retrieved SBOMs", "total_sboms", len(sboms), "repo_url", c.RepoURL)
 

diff --git a/pkg/source/github/iterator.go b/pkg/source/github/iterator.go
@@ -68,7 +68,9 @@ func NewGitHubIterator(ctx *tcontext.TransferMetadata, g *GitHubAdapter, repo st
 	}
 
 	if len(iterator.sboms) == 0 {
-		return nil, fmt.Errorf("no SBOMs found for repository")
+		fmt.Printf("no SBOMs found for repository")
+		return nil, nil
+		// return nil, fmt.Errorf("no SBOMs found for repository")
 	}
 
 	logger.LogDebug(ctx.Context, "Total SBOMs fetched", "count", len(iterator.sboms))