Skip to content

Commit

Permalink
sort components, dependencies, and dependsOn for CycloneDX BOM
Browse files Browse the repository at this point in the history
  • Loading branch information
LogFlames committed Sep 8, 2024
1 parent f65d1eb commit 389f766
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 0 deletions.
12 changes: 12 additions & 0 deletions entities/buildinfo.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ import (
"golang.org/x/exp/maps"
"golang.org/x/exp/slices"
"regexp"
"sort"
"strings"
"time"

Expand Down Expand Up @@ -200,13 +201,24 @@ func (targetBuildInfo *BuildInfo) ToCycloneDxBom() (*cdx.BOM, error) {
}
}

sort.Slice(components, func(i, j int) bool {
return components[i].BOMRef < components[j].BOMRef
})

// Convert the map of dependencies to CycloneDX dependency objects
var dependencies []cdx.Dependency
for compRef, deps := range depMap {
depsSlice := maps.Keys(deps)
sort.Slice(depsSlice, func(i, j int) bool {
return depsSlice[i] < depsSlice[j]
})
dependencies = append(dependencies, cdx.Dependency{Ref: compRef, Dependencies: &depsSlice})
}

sort.Slice(dependencies, func(i, j int) bool {
return dependencies[i].Ref < dependencies[j].Ref
})

bom := cdx.NewBOM()
bom.Components = &components
bom.Dependencies = &dependencies
Expand Down
34 changes: 34 additions & 0 deletions entities/buildinfo_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package entities

import (
"reflect"
"sort"
"testing"

"github.com/stretchr/testify/assert"
Expand Down Expand Up @@ -239,3 +240,36 @@ func TestAppend(t *testing.T) {
assert.NoError(t, err)
assert.True(t, results)
}

func TestToCycloneDxBOM(t *testing.T) {
dependencyA := Dependency{Id: "dependency-a", Checksum: Checksum{Sha1: "dependency-a-sha"}, RequestedBy: [][]string{{"dependency-c"}}}
dependencyB := Dependency{Id: "dependency-b", Checksum: Checksum{Sha1: "dependency-b-sha"}, RequestedBy: [][]string{{"dependency-b"}, {"dependency-c"}}}
dependencyC := Dependency{Id: "dependency-c", Checksum: Checksum{Sha1: "dependency-c-sha"}}

buildInfo := BuildInfo{
Modules: []Module{{
Id: "module-id1",
Dependencies: []Dependency{dependencyC, dependencyB, dependencyA},
}},
}

cdxBom, err := buildInfo.ToCycloneDxBom()
assert.NoError(t, err)

componentsIsSorted := sort.SliceIsSorted(*cdxBom.Components, func(i, j int) bool {
return (*cdxBom.Components)[i].BOMRef < (*cdxBom.Components)[j].BOMRef
})
assert.True(t, componentsIsSorted)

dependenciesIsSorted := sort.SliceIsSorted(*cdxBom.Dependencies, func(i, j int) bool {
return (*cdxBom.Dependencies)[i].Ref < (*cdxBom.Dependencies)[j].Ref
})
assert.True(t, dependenciesIsSorted)

for _, dep := range *cdxBom.Dependencies {
dependsOnIsSorted := sort.SliceIsSorted(*dep.Dependencies, func(i, j int) bool {
return (*dep.Dependencies)[i] < (*dep.Dependencies)[j]
})
assert.True(t, dependsOnIsSorted)
}
}

0 comments on commit 389f766

Please sign in to comment.