Skip to content

Commit

Permalink
Sbom reading changes (#100)
Browse files Browse the repository at this point in the history
* Sbom reading changes

* Update

---------

Co-authored-by: Sumanth K B <[email protected]>
  • Loading branch information
sumanthkb44 and Sumanth K B authored Oct 31, 2023
1 parent 3c1ac4f commit eda934c
Show file tree
Hide file tree
Showing 2 changed files with 89 additions and 29 deletions.
116 changes: 88 additions & 28 deletions src/LCT.PackageIdentifier/ConanProcessor.cs
Original file line number Diff line number Diff line change
Expand Up @@ -50,18 +50,15 @@ public ConanProcessor()
#region public methods
public Bom ParsePackageFile(CommonAppSettings appSettings)
{
List<Component> componentsForBOM = new List<Component>();
List<Component> componentsForBOM;
Bom bom = new Bom();
List<Dependency> dependencies = new List<Dependency>();
int totalComponentsIdentified = 0;

ParsingInputFileForBOM(appSettings, ref componentsForBOM, ref dependencies);
totalComponentsIdentified = componentsForBOM.Count;
ParsingInputFileForBOM(appSettings, ref bom);
componentsForBOM = bom.Components;

componentsForBOM = GetExcludedComponentsList(componentsForBOM);
componentsForBOM = componentsForBOM.Distinct(new ComponentEqualityComparer()).ToList();

BomCreator.bomKpiData.DuplicateComponents = totalComponentsIdentified - componentsForBOM.Count;
var componentsWithMultipleVersions = componentsForBOM.GroupBy(s => s.Name)
.Where(g => g.Count() > 1).SelectMany(g => g).ToList();

Expand All @@ -73,8 +70,8 @@ public Bom ParsePackageFile(CommonAppSettings appSettings)
Logger.Warn($"Component Name : {item.Name}\nComponent Version : {item.Version}\nPackage Found in : {item.Description}\n");
}
}

bom.Components = componentsForBOM;
bom.Dependencies = dependencies;
Logger.Debug($"ParsePackageFile():End");
return bom;
}
Expand Down Expand Up @@ -166,31 +163,67 @@ public static bool IsDevDependency(ConanPackage component, List<string> buildNod
#endregion

#region private methods
private void ParsingInputFileForBOM(CommonAppSettings appSettings, ref List<Component> componentsForBOM, ref List<Dependency> dependenciesForBom)
private void ParsingInputFileForBOM(CommonAppSettings appSettings, ref Bom bom)
{
List<string> configFiles;
List<Dependency> dependencies = new List<Dependency>();
List<Component> componentsForBOM = new List<Component>();
configFiles = FolderScanner.FileScanner(appSettings.PackageFilePath, appSettings.Conan);

foreach (string filepath in configFiles)
{
Logger.Debug($"ParsingInputFileForBOM():FileName: " + filepath);
var components = ParsePackageLockJson(filepath, appSettings, ref dependencies);
AddingIdentifierType(components, "PackageFile");
componentsForBOM.AddRange(components);
dependenciesForBom.AddRange(dependencies);
if (filepath.ToLower().EndsWith("conan.lock"))
{
Logger.Debug($"ParsingInputFileForBOM():FileName: " + filepath);
var components = ParsePackageLockJson(filepath, ref dependencies);
AddingIdentifierType(components, "PackageFile");
componentsForBOM.AddRange(components);
}
else if (filepath.EndsWith(FileConstant.CycloneDXFileExtension) && !filepath.EndsWith(FileConstant.SBOMTemplateFileExtension))
{
Logger.Debug($"ParsingInputFileForBOM():Found as CycloneDXFile");
bom = cycloneDXBomParser.ParseCycloneDXBom(filepath);
CheckValidComponentsForProjectType(bom.Components, appSettings.ProjectType);
componentsForBOM.AddRange(bom.Components);
GetDetailsforManuallyAddedComp(componentsForBOM);
}
}

int initialCount = componentsForBOM.Count;
GetDistinctComponentList(ref componentsForBOM);
BomCreator.bomKpiData.DuplicateComponents = initialCount - componentsForBOM.Count;
BomCreator.bomKpiData.ComponentsinPackageLockJsonFile = componentsForBOM.Count;
bom.Components = componentsForBOM;

if (bom.Dependencies != null)
{
bom.Dependencies.AddRange(dependencies);
}
else
{
bom.Dependencies = dependencies;
}

if (File.Exists(appSettings.CycloneDxSBomTemplatePath) && appSettings.CycloneDxSBomTemplatePath.EndsWith(FileConstant.SBOMTemplateFileExtension))
{
//Adding Template Component Details
Bom templateDetails;
templateDetails = ExtractSBOMDetailsFromTemplate(cycloneDXBomParser.ParseCycloneDXBom(appSettings.CycloneDxSBomTemplatePath));
CheckValidComponentsForProjectType(templateDetails.Components, appSettings.ProjectType);
SbomTemplate.AddComponentDetails(bom.Components, templateDetails);
}

bom = RemoveExcludedComponents(appSettings, bom);
}

private List<Component> ParsePackageLockJson(string filepath, CommonAppSettings appSettings, ref List<Dependency> dependencies)
private static List<Component> ParsePackageLockJson(string filepath, ref List<Dependency> dependencies)
{
List<Component> lstComponentForBOM = new List<Component>();
int noOfDevDependent = 0;
int noOfExcludedComponents = 0;

try
{
string jsonContent = File.ReadAllText(filepath);

var jsonDeserialized = JObject.Parse(jsonContent);
var nodes = jsonDeserialized["graph_lock"]["nodes"];

Expand All @@ -205,13 +238,6 @@ private List<Component> ParsePackageLockJson(string filepath, CommonAppSettings

GetPackagesForBom(ref lstComponentForBOM, ref noOfDevDependent, nodePackages);

if (appSettings.Conan.ExcludedComponents != null)
{
lstComponentForBOM = CommonHelper.RemoveExcludedComponents(lstComponentForBOM, appSettings.Conan.ExcludedComponents, ref noOfExcludedComponents);
BomCreator.bomKpiData.ComponentsExcluded += noOfExcludedComponents;

}

GetDependecyDetails(lstComponentForBOM, nodePackages, dependencies);

BomCreator.bomKpiData.DevDependentComponents += noOfDevDependent;
Expand All @@ -238,7 +264,7 @@ private List<Component> ParsePackageLockJson(string filepath, CommonAppSettings
private static void GetDependecyDetails(List<Component> componentsForBOM, List<ConanPackage> nodePackages, List<Dependency> dependencies)
{
foreach (Component component in componentsForBOM)
{
{
var node = nodePackages.Find(x => x.Reference.Contains($"{component.Name}/{component.Version}"));
var dependencyNodes = new List<ConanPackage>();
if (node.Dependencies != null && node.Dependencies.Count > 0)
Expand All @@ -255,8 +281,8 @@ private static void GetDependecyDetails(List<Component> componentsForBOM, List<C

dependency.Ref = component.Purl;
dependency.Dependencies = subDependencies;
if(subDependencies.Count > 0)

if (subDependencies.Count > 0)
{
dependencies.Add(dependency);
}
Expand Down Expand Up @@ -356,7 +382,7 @@ private static List<Component> GetExcludedComponentsList(List<Component> compone
else
{
BomCreator.bomKpiData.ComponentsExcluded++;
Logger.Debug($"GetExcludedComponentsList():InvalidComponent For CONAN : Component Details : {componentsInfo?.Name} @ {componentsInfo?.Version} @ {componentsInfo?.Purl}");
Logger.Debug($"GetExcludedComponentsList():InvalidComponent For CONAN : Component Details : {componentsInfo.Name} @ {componentsInfo.Version} @ {componentsInfo.Purl}");
}
}
return components;
Expand Down Expand Up @@ -388,6 +414,40 @@ private static void AddingIdentifierType(List<Component> components, string iden
}
}

private static void GetDistinctComponentList(ref List<Component> listofComponents)
{
int initialCount = listofComponents.Count;
listofComponents = listofComponents.GroupBy(x => new { x.Name, x.Version, x.Purl }).Select(y => y.First()).ToList();

if (listofComponents.Count != initialCount)
BomCreator.bomKpiData.DuplicateComponents = initialCount - listofComponents.Count;
}

private static Bom RemoveExcludedComponents(CommonAppSettings appSettings, Bom cycloneDXBOM)
{
List<Component> componentForBOM = cycloneDXBOM.Components.ToList();
int noOfExcludedComponents = 0;
if (appSettings.Conan.ExcludedComponents != null)
{
componentForBOM = CommonHelper.RemoveExcludedComponents(componentForBOM, appSettings.Conan.ExcludedComponents, ref noOfExcludedComponents);
BomCreator.bomKpiData.ComponentsExcluded += noOfExcludedComponents;
}
cycloneDXBOM.Components = componentForBOM;
return cycloneDXBOM;
}

private static void GetDetailsforManuallyAddedComp(List<Component> componentsForBOM)
{
foreach (var component in componentsForBOM)
{
component.Properties = new List<Property>();
Property isDev = new() { Name = Dataconstant.Cdx_IsDevelopment, Value = "false" };
Property identifierType = new() { Name = Dataconstant.Cdx_IdentifierType, Value = Dataconstant.ManullayAdded };
component.Properties.Add(isDev);
component.Properties.Add(identifierType);
}
}

#endregion
}
}
}
2 changes: 1 addition & 1 deletion src/LCT.Services/Sw360Service.cs
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ public async Task<List<Components>> GetAvailableReleasesInSw360(List<Components>

if (modelMappedObject != null)
{
availableComponentsList = await GetAvailableComponenentsList(modelMappedObject?.Embedded?.Sw360Releases, listOfComponentsToBom);
availableComponentsList = await GetAvailableComponenentsList(modelMappedObject.Embedded?.Sw360Releases, listOfComponentsToBom);
}
}
catch (HttpRequestException ex)
Expand Down

0 comments on commit eda934c

Please sign in to comment.