From e995c54ca258387b634092e5d26915ff283b9aae Mon Sep 17 00:00:00 2001 From: Prabhu Subramanian Date: Thu, 26 Dec 2024 23:26:59 +0000 Subject: [PATCH] Fixes #1353 Signed-off-by: Prabhu Subramanian --- .github/workflows/repotests.yml | 10 ++++++ lib/cli/index.js | 62 ++++++++++++++++----------------- 2 files changed, 41 insertions(+), 31 deletions(-) diff --git a/.github/workflows/repotests.yml b/.github/workflows/repotests.yml index a3b793109..bdc06e4b5 100644 --- a/.github/workflows/repotests.yml +++ b/.github/workflows/repotests.yml @@ -262,6 +262,11 @@ jobs: repository: 'quarkusio/quarkus-quickstarts' path: 'repotests/quarkus-quickstarts' ref: '3.17.3' + - uses: actions/checkout@v4 + with: + repository: 'aws-solutions/iot-device-simulator' + path: 'repotests/iot-device-simulator' + ref: 'v3.0.9' - uses: dtolnay/rust-toolchain@stable - name: setup sdkman run: | @@ -310,6 +315,11 @@ jobs: bin/cdxgen.js -p -r -t quarkus repotests/quarkus-quickstarts -o bomresults/bom-quarkus-quickstarts-quarkus.json --no-recurse bin/cdxgen.js -p -r -t quarkus repotests/quarkus-quickstarts -o bomresults/bom-quarkus-quickstarts-quarkus.json --no-recurse --spec-version 1.5 shell: bash + - name: repotests iot-device-simulator + run: | + bin/cdxgen.js -p -t js -o bomresults/bom-iot.json --evidence repotests/iot-device-simulator + bin/cdxgen.js -p -t js -o bomresults/bom-iot15.json --evidence repotests/iot-device-simulator --spec-version 1.5 + shell: bash - name: repotests evidence run: | bin/cdxgen.js -p -t js --no-recurse -o bomresults/bom.json --evidence . diff --git a/lib/cli/index.js b/lib/cli/index.js index 285ed036f..aef1e08a6 100644 --- a/lib/cli/index.js +++ b/lib/cli/index.js @@ -905,37 +905,6 @@ function addComponent( delete component.swhid; } processHashes(pkg, component); - // Retain evidence - if ( - options.specVersion >= 1.5 && - pkg.evidence && - Object.keys(pkg.evidence).length - ) { - component.evidence = pkg.evidence; - // Convert evidence.identity section to an array for 1.6 and above - if ( - options.specVersion >= 1.6 && - pkg.evidence && - pkg.evidence.identity && - !Array.isArray(pkg.evidence.identity) - ) { - // Automatically add concludedValue - if (pkg.evidence.identity?.methods?.length === 1) { - pkg.evidence.identity.concludedValue = - pkg.evidence.identity.methods[0].value; - } - component.evidence.identity = [pkg.evidence.identity]; - } - // Convert evidence.identity section to an object for 1.5 - if ( - options.specVersion === 1.5 && - pkg.evidence && - pkg.evidence.identity && - Array.isArray(pkg.evidence.identity) - ) { - component.evidence.identity = pkg.evidence.identity[0]; - } - } // Upgrade authors section if (options.specVersion >= 1.6 && component.author) { const authorsList = []; @@ -983,6 +952,37 @@ function addComponent( component = mergedComponents[0]; } } + // Retain evidence + if ( + options.specVersion >= 1.5 && + pkg.evidence && + Object.keys(pkg.evidence).length + ) { + component.evidence = pkg.evidence; + // Convert evidence.identity section to an array for 1.6 and above + if ( + options.specVersion >= 1.6 && + pkg.evidence && + pkg.evidence.identity && + !Array.isArray(pkg.evidence.identity) + ) { + // Automatically add concludedValue + if (pkg.evidence.identity?.methods?.length === 1) { + pkg.evidence.identity.concludedValue = + pkg.evidence.identity.methods[0].value; + } + component.evidence.identity = [pkg.evidence.identity]; + } + // Convert evidence.identity section to an object for 1.5 + if ( + options.specVersion === 1.5 && + pkg.evidence && + pkg.evidence.identity && + Array.isArray(pkg.evidence.identity) + ) { + component.evidence.identity = pkg.evidence.identity[0]; + } + } compMap[component.purl] = component; } if (pkg.dependencies) {