Add add_tests and add_build on cycloneDX tool (#17695)

* add feat and test

* add_test false by default | change import path

* feat `add_tool_requires` and test

* improve if

* Turn add_build default to false

Author: ErniGH

conan/tools/sbom/__init__.py

@@ -0,0 +1 @@
+from conan.tools.sbom.cyclonedx import cyclonedx_1_4

conan/tools/sbom/cyclonedx.py

@@ -1,5 +1,6 @@
 
-def cyclonedx_1_4(graph, **kwargs):
+
+def cyclonedx_1_4(graph, add_build=False, add_tests=False, **kwargs):
     """
     (Experimental) Generate cyclone 1.4 sbom with json format
     """
@@ -9,8 +10,7 @@ def cyclonedx_1_4(graph, **kwargs):
 
     has_special_root_node = not (getattr(graph.root.ref, "name", False) and getattr(graph.root.ref, "version", False) and getattr(graph.root.ref, "revision", False))
     special_id = str(uuid.uuid4())
-
-    components = [node for node in graph.nodes]
+    components = [node for node in graph.nodes if (node.context == "host" or add_build) and (not node.test or add_tests)]
     if has_special_root_node:
         components = components[1:]
 
@@ -22,7 +22,9 @@ def cyclonedx_1_4(graph, **kwargs):
         dependencies.append(deps)
     for c in components:
         deps = {"ref": f"pkg:conan/{c.name}@{c.ref.version}?rref={c.ref.revision}"}
-        depends_on = [f"pkg:conan/{d.dst.name}@{d.dst.ref.version}?rref={d.dst.ref.revision}" for d in c.dependencies]
+        dep = [d for d in c.dependencies if (d.dst.context == "host" or add_build) and (not d.dst.test or add_tests)]
+
+        depends_on = [f"pkg:conan/{d.dst.name}@{d.dst.ref.version}?rref={d.dst.ref.revision}" for d in dep]
         if depends_on:
             deps["dependsOn"] = depends_on
         dependencies.append(deps)

test/functional/sbom/test_cyclonedx.py

@@ -13,10 +13,10 @@
 import os
 from conan.errors import ConanException
 from conan.api.output import ConanOutput
-from conan.tools.sbom.cyclonedx import cyclonedx_1_4
+from conan.tools.sbom import cyclonedx_1_4
 
 def post_package(conanfile):
-    sbom_cyclonedx_1_4 = cyclonedx_1_4(conanfile.subgraph)
+    sbom_cyclonedx_1_4 = cyclonedx_1_4(conanfile.subgraph, add_build=%s, add_tests=%s)
     metadata_folder = conanfile.package_metadata_folder
     file_name = "sbom.cdx.json"
     with open(os.path.join(metadata_folder, file_name), 'w') as f:
@@ -28,14 +28,28 @@ def post_package(conanfile):
 def hook_setup_post_package():
     tc = TestClient()
     hook_path = os.path.join(tc.paths.hooks_path, "hook_sbom.py")
-    save(hook_path, sbom_hook_post_package)
+    save(hook_path, sbom_hook_post_package % ("True", "True"))
+    return tc
+
+@pytest.fixture()
+def hook_setup_post_package_no_tool_requires():
+    tc = TestClient()
+    hook_path = os.path.join(tc.paths.hooks_path, "hook_sbom.py")
+    save(hook_path, sbom_hook_post_package % ("False", "True"))
+    return tc
+
+@pytest.fixture()
+def hook_setup_post_package_no_test():
+    tc = TestClient()
+    hook_path = os.path.join(tc.paths.hooks_path, "hook_sbom.py")
+    save(hook_path, sbom_hook_post_package % ("True", "False"))
     return tc
 
 @pytest.fixture()
 def hook_setup_post_package_tl(transitive_libraries):
     tc = transitive_libraries
     hook_path = os.path.join(tc.paths.hooks_path, "hook_sbom.py")
-    save(hook_path, sbom_hook_post_package)
+    save(hook_path, sbom_hook_post_package % ("True", "True"))
     return tc
 
 
@@ -65,14 +79,63 @@ def test_sbom_generation_skipped_dependencies(hook_setup_post_package):
     # A skipped dependency also shows up in the sbom
     assert "pkg:conan/[email protected]?rref=6a99f55e933fb6feeb96df134c33af44" in content
 
+def test_sbom_generation_no_tool_requires(hook_setup_post_package_no_tool_requires):
+    tc = hook_setup_post_package_no_tool_requires
+    tc.save({"app/conanfile.py": GenConanfile("app", "1.0")
+                                .with_package_type("application"),
+             "conanfile.py": GenConanfile("foo", "1.0").with_tool_requires("app/1.0")})
+    tc.run("create app")
+    tc.run("create .")
+    create_layout = tc.created_layout()
+
+    cyclone_path = os.path.join(create_layout.metadata(), "sbom.cdx.json")
+    content = tc.load(cyclone_path)
+
+    assert "pkg:conan/app" not in content
+
+def test_sbom_generation_transitive_test_requires(hook_setup_post_package_no_test):
+    tc = hook_setup_post_package_no_test
+    tc.save({"test_re/conanfile.py": GenConanfile("test_re", "1.0"),
+             "app/conanfile.py": GenConanfile("app", "1.0")
+                                .with_package_type("application")
+                                .with_test_requires("test_re/1.0"),
+             "conanfile.py": GenConanfile("foo", "1.0").with_tool_requires("app/1.0")})
+    tc.run("create test_re")
+
+    tc.run("create app")
+    create_layout = tc.created_layout()
+    cyclone_path = os.path.join(create_layout.metadata(), "sbom.cdx.json")
+    content = tc.load(cyclone_path)
+    assert "pkg:conan/[email protected]" not in content
+
+    tc.run("create .")
+    create_layout = tc.created_layout()
+    cyclone_path = os.path.join(create_layout.metadata(), "sbom.cdx.json")
+    content = tc.load(cyclone_path)
+    assert "pkg:conan/[email protected]" not in content
+
+def test_sbom_generation_dependency_test_require(hook_setup_post_package_no_test):
+    tc = hook_setup_post_package_no_test
+    tc.save({"special/conanfile.py": GenConanfile("special", "1.0"),
+             "foo/conanfile.py": GenConanfile("foo", "1.0")
+            .with_test_requires("special/1.0"),
+             "conanfile.py": GenConanfile("bar", "1.0").with_tool_requires("foo/1.0").with_require("special/1.0")})
+    tc.run("create special")
+    tc.run("create foo")
+
+    tc.run("create .")
+    create_layout = tc.created_layout()
+    cyclone_path = os.path.join(create_layout.metadata(), "sbom.cdx.json")
+    content = tc.load(cyclone_path)
+    assert "pkg:conan/[email protected]" in content
 
 # Using the sbom tool with "conan install"
 sbom_hook_post_generate = """
 import json
 import os
 from conan.errors import ConanException
 from conan.api.output import ConanOutput
-from conan.tools.sbom.cyclonedx import cyclonedx_1_4
+from conan.tools.sbom import cyclonedx_1_4
 
 def post_generate(conanfile):
     sbom_cyclonedx_1_4 = cyclonedx_1_4(conanfile.subgraph)