scanoss · francostramana · Feb 27, 2024 · Feb 27, 2024
diff --git a/__tests__/result-service.test.ts b/__tests__/result-service.test.ts
@@ -1,5 +1,5 @@
 import { ScannerResults } from '../src/services/result.interfaces';
 import { getComponents, getLicenses, License } from '../src/services/result.service';

 const licenseTableTest: { name: string; description: string; content: string; licenses: License[] }[] = [
  {
@@ -60,15 +60,3 @@
     });
   }
 });
-
-describe('Test components service', () => {
-  const t = licenseTableTest[3];
-  it(`test c`, () => {
-    const scannerResults = JSON.parse(t.content) as ScannerResults;
-    const components = getComponents(scannerResults);
-
-    const componentsWithCopyleft = components.filter(component =>
-      component.licenses.some(license => !!license.copyleft)
-    );
-  });
-});
diff --git a/dist/index.js b/dist/index.js
diff --git a/src/policies/copyleft-policy-check.ts b/src/policies/copyleft-policy-check.ts
@@ -1,7 +1,7 @@
 import { ScannerResults } from '../services/result.interfaces';
 import { CHECK_NAME } from '../app.config';
 import { PolicyCheck } from './policy-check';
-import { Component, getComponents, getLicenses } from '../services/result.service';
+import { Component, getComponents } from '../services/result.service';
 import { generateTable } from '../utils/markdown.utils';
 
 export class CopyleftPolicyCheck extends PolicyCheck {
@@ -34,8 +34,8 @@ export class CopyleftPolicyCheck extends PolicyCheck {
       : `### :x: Policy Fail \n #### ${components.length} component(s) with copyleft licenses were found. \n See details for more information.`;
   }
 
-  private getDetails(components: Component[]): string {
-    if (components.length === 0) return '';
+  private getDetails(components: Component[]): string | undefined {
+    if (components.length === 0) return undefined;
 
     const headers = ['Component', 'Version', 'License', 'URL', 'Copyleft'];
     const rows: string[][] = [];

diff --git a/src/policies/policy-check.ts b/src/policies/policy-check.ts
@@ -5,7 +5,7 @@
 import { GitHub } from '@actions/github/lib/utils';
 import * as inputs from '../app.input';

 export enum CONCLUSION {
  ActionRequired = 'action_required',
  Cancelled = 'cancelled',
  Failure = 'failure',
@@ -16,7 +16,7 @@
  TimedOut = 'timed_out'
 }

 export enum STATUS {
  UNINITIALIZED = 'UNINITIALIZED',
  INITIALIZED = 'INITIALIZED',
  RUNNING = 'RUNNING',
@@ -30,7 +30,7 @@

  private checkRunId: number;

  private _raw: any;

  private _status: STATUS;

@@ -44,7 +44,7 @@
    this.checkRunId = -1;
  }

  async start(): Promise<any> {
    const result = await this.octokit.rest.checks.create({
      owner: context.repo.owner,
      repo: context.repo.repo,
@@ -67,7 +67,7 @@
    return this._conclusion;
  }

  get raw(): any {
    return this._raw;
  }

@@ -75,7 +75,7 @@
    return `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}/job/${this.raw.id}`;
  }

  async run(scannerResults: ScannerResults): Promise<void> {
    if (this._status === STATUS.UNINITIALIZED)
      throw new Error(`Error on finish. Policy "${this.checkName}" is not created.`);

@@ -83,18 +83,18 @@
     this._status = STATUS.RUNNING;
   }
 
-  protected async success(summary: string, text: string): Promise<void> {
+  protected async success(summary: string, text?: string): Promise<void> {
     this._conclusion = CONCLUSION.Success;
     return await this.finish(summary, text);
   }
 
-  protected async reject(summary: string, text: string): Promise<void> {
+  protected async reject(summary: string, text?: string): Promise<void> {
     if (inputs.POLICIES_HALT_ON_FAILURE) this._conclusion = CONCLUSION.Failure;
     else this._conclusion = CONCLUSION.Neutral;
     return await this.finish(summary, text);
   }
 
-  protected async finish(summary: string, text: string): Promise<void> {
+  protected async finish(summary: string, text?: string): Promise<void> {
     core.debug(`Finish policy check: ${this.checkName}. (conclusion=${this._conclusion})`);
     this._status = STATUS.FINISHED;
 

diff --git a/src/policies/undeclared-policy-check.ts b/src/policies/undeclared-policy-check.ts
@@ -1,9 +1,10 @@
 import { PolicyCheck } from './policy-check';
 import { CHECK_NAME } from '../app.config';
 import { ScannerResults } from '../services/result.interfaces';
-import { getComponents } from '../services/result.service';
+import { Component, getComponents } from '../services/result.service';
 import * as inputs from '../app.input';
 import { parseSbom } from '../utils/sbom.utils';
+import { generateTable } from '../utils/markdown.utils';
 
 export class UndeclaredPolicyCheck extends PolicyCheck {
   constructor() {
@@ -13,21 +14,53 @@ export class UndeclaredPolicyCheck extends PolicyCheck {
   async run(scannerResults: ScannerResults): Promise<void> {
     super.run(scannerResults);
 
-    const nonDeclaredComponents = new Set<string>();
+    const nonDeclaredComponents: Component[] = [];
 
     const comps = getComponents(scannerResults);
     const sbom = await parseSbom(inputs.SBOM_FILEPATH);
 
     comps.forEach(c => {
       if (!sbom.components.some(component => component.purl === c.purl)) {
-        nonDeclaredComponents.add(c.purl);
+        nonDeclaredComponents.push(c);
       }
     });
 
-    if (!nonDeclaredComponents.size) {
-      this.success('Completed succesfully', 'Undeclared components were not found');
+    const summary = this.getSummary(nonDeclaredComponents);
+    const details = this.getDetails(nonDeclaredComponents);
+
+    if (nonDeclaredComponents.length === 0) {
+      this.success(summary, details);
     } else {
-      this.reject('Failure', `Undeclared components were found: ${JSON.stringify(Array.from(nonDeclaredComponents))}`);
+      this.reject(summary, details);
     }
   }
+
+  private getSummary(components: Component[]): string {
+    return components.length === 0
+      ? '### :white_check_mark: Policy Pass \n #### Not undeclared components were found'
+      : `### :x: Policy Fail \n #### ${components.length} undeclared component(s) were found. \n See details for more information.`;
+  }
+
+  private getDetails(components: Component[]): string | undefined {
+    if (components.length === 0) return undefined;
+
+    const headers = ['Component', 'Version', 'License'];
+    const rows: string[][] = [];
+
+    components.forEach(component => {
+      const licenses = component.licenses.map(l => l.spdxid).join(' - ');
+      rows.push([component.purl, component.version, licenses]);
+    });
+
+    const snippet = JSON.stringify(
+      components.map(({ purl }) => ({ purl })),
+      null,
+      4
+    );
+
+    let content = `### Undeclared components \n ${generateTable(headers, rows)}`;
+    content += `#### Add the following snippet into your \`sbom.json\` file \n \`\`\`json \n ${snippet} \n \`\`\``;
+
+    return content;
+  }
 }
diff --git a/src/services/result.service.ts b/src/services/result.service.ts
@@ -40,16 +40,41 @@ export function getComponents(results: ScannerResults): Component[] {
           components.push({
             purl: d.purl,
             version: d.version,
-            licenses: d.licenses.map(l => ({ spdxid: l.spdx_id, copyleft: null, url: null, count: 1 }))
+            licenses: d.licenses
+              .map(l => ({ spdxid: l.spdx_id, copyleft: null, url: null, count: 1 }))
+              .filter(l => l.spdxid)
           });
         }
       }
     }
   }
 
-  //Merge duplicates purls
+  // Merge duplicates
+  const componentMap = new Map<string, Component>();
+  components.forEach((component: Component) => {
+    const key = `${component.purl}-${component.version}`;
+    const existingComponent = componentMap.get(key);
+    if (existingComponent) {
+      const licenses = [...existingComponent.licenses, ...component.licenses];
+    } else {
+      componentMap.set(key, component);
+    }
+
+    // Remove duplicates licenses
+    const spdxidSet = new Set<string>();
+    const uniqueLicenses: License[] = [];
+    component.licenses.forEach(license => {
+      if (!spdxidSet.has(license.spdxid)) {
+        spdxidSet.add(license.spdxid);
+        uniqueLicenses.push(license);
+      }
+    });
+    component.licenses = uniqueLicenses;
+  });
+
+  const unqiqueComponents = [...componentMap.values()];
 
-  return components;
+  return unqiqueComponents;
 }
 
 export function getLicenses(results: ScannerResults): License[] {