diff --git a/README.md b/README.md index 4fc1c884..057a3740 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,6 @@ - # Introduction The Continuous Clearing Tool scans and collects the 3rd party OSS components used in a NPM/NuGet/Maven/Debian project and uploads it to SW360 and Fossology by accepting respective project ID for license clearing. diff --git a/src/LCT.Common/CycloneDXBomParser.cs b/src/LCT.Common/CycloneDXBomParser.cs index b4ec0449..af407172 100644 --- a/src/LCT.Common/CycloneDXBomParser.cs +++ b/src/LCT.Common/CycloneDXBomParser.cs @@ -6,10 +6,12 @@ using CycloneDX.Json; using CycloneDX.Models; +using LCT.Common.Model; using log4net; using log4net.Core; using Newtonsoft.Json; using System; +using System.Collections.Generic; using System.IO; using System.Reflection; diff --git a/src/LCT.Common/Interface/ICycloneDXBomParser.cs b/src/LCT.Common/Interface/ICycloneDXBomParser.cs index 23cd62da..f5250f4f 100644 --- a/src/LCT.Common/Interface/ICycloneDXBomParser.cs +++ b/src/LCT.Common/Interface/ICycloneDXBomParser.cs @@ -5,6 +5,7 @@ // -------------------------------------------------------------------------------------------------------------------- using CycloneDX.Models; +using System.Collections.Generic; namespace LCT.Common { diff --git a/src/LCT.Common/appSettings.json b/src/LCT.Common/appSettings.json index 0c2831c9..082e0aec 100644 --- a/src/LCT.Common/appSettings.json +++ b/src/LCT.Common/appSettings.json @@ -42,7 +42,7 @@ "ExcludedComponents": [] }, "Nuget": { - "Include": [ "pack*.config", "p*.lock.json" ], + "Include": [ "pack*.config", "p*.lock.json","*.cdx.json" ], "Exclude": [], "JfrogNugetRepoList": [ "", //This is a mirror repo for nuget.org in JFrog @@ -51,7 +51,7 @@ "ExcludedComponents": [] }, "Maven": { - "Include": [ "pom.xml" ], + "Include": [ "pom.xml","*.cdx.json" ], "Exclude": [], "JfrogMavenRepoList": [ "", //This is a mirror repo for repo.maven in JFrog diff --git a/src/LCT.PackageIdentifier.UTest/MavenParserTests.cs b/src/LCT.PackageIdentifier.UTest/MavenParserTests.cs index e531690c..636ad66d 100644 --- a/src/LCT.PackageIdentifier.UTest/MavenParserTests.cs +++ b/src/LCT.PackageIdentifier.UTest/MavenParserTests.cs @@ -28,7 +28,7 @@ public void ParsePackageFile_PackageLockWithDuplicateComponents_ReturnsCountOfDu string exePath = System.Reflection.Assembly.GetExecutingAssembly().Location; string outFolder = Path.GetDirectoryName(exePath); string filepath = outFolder + @"\PackageIdentifierUTTestFiles"; - string[] Includes = { "POM.xml" }; + string[] Includes = { "*.cdx.json" }; string[] Excludes = { "lol" }; CommonAppSettings appSettings = new CommonAppSettings() @@ -45,7 +45,7 @@ public void ParsePackageFile_PackageLockWithDuplicateComponents_ReturnsCountOfDu Bom bom = MavenProcessor.ParsePackageFile(appSettings); //Assert - Assert.That(bom.Components.Count, Is.EqualTo(3), "Returns the count of components"); + Assert.That(bom.Components.Count, Is.EqualTo(2), "Returns the count of components"); } @@ -56,7 +56,7 @@ public void IsDevDependent_GivenListOfMavenDevComponents_ReturnsNonDevComponents string exePath = System.Reflection.Assembly.GetExecutingAssembly().Location; string outFolder = Path.GetDirectoryName(exePath); string filepath = outFolder + @"\PackageIdentifierUTTestFiles"; - string[] Includes = { "POM.xml" }; + string[] Includes = { "*.cdx.json" }; string[] Excludes = { "lol" }; CommonAppSettings appSettings = new CommonAppSettings() @@ -73,7 +73,7 @@ public void IsDevDependent_GivenListOfMavenDevComponents_ReturnsNonDevComponents Bom bom = MavenProcessor.ParsePackageFile(appSettings); //Assert - Assert.That(bom.Components.Count, Is.EqualTo(1), "Returns the count of NON Dev Dependency components"); + Assert.That(bom.Components.Count-BomCreator.bomKpiData.DevDependentComponents, Is.EqualTo(1), "Returns the count of NON Dev Dependency components"); } [Test] diff --git a/src/LCT.PackageIdentifier.UTest/NugetParserTests.cs b/src/LCT.PackageIdentifier.UTest/NugetParserTests.cs index 83cb93da..65629c3c 100644 --- a/src/LCT.PackageIdentifier.UTest/NugetParserTests.cs +++ b/src/LCT.PackageIdentifier.UTest/NugetParserTests.cs @@ -52,7 +52,7 @@ public void ParsePackageConfig_GivenAInputFilePath_ReturnsSuccess() public void ParsePackageLockJson_GivenAInputFilePath_ReturnsSuccess() { //Arrange - int expectednoofcomponents = 152; + int expectednoofcomponents = 153; string exePath = System.Reflection.Assembly.GetExecutingAssembly().Location; string outFolder = Path.GetDirectoryName(exePath); string packagefilepath = outFolder + @"\PackageIdentifierUTTestFiles\packages.lock.json"; diff --git a/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/Duplicate_Cyclonedx.json b/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/Duplicate_Cyclonedx.json index e31ee157..8ff4ce7c 100644 --- a/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/Duplicate_Cyclonedx.json +++ b/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/Duplicate_Cyclonedx.json @@ -1,9 +1,3 @@ -// -------------------------------------------------------------------------------------------------------------------- -// SPDX-FileCopyrightText: 2023 Siemens AG -// -// SPDX-License-Identifier: MIT - -// -------------------------------------------------------------------------------------------------------------------- { "bomFormat": "CycloneDX", "specVersion": "1.3", diff --git a/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/POM.xml b/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/POM.xml index fb80d2b5..87fbb69b 100644 --- a/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/POM.xml +++ b/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/POM.xml @@ -29,6 +29,11 @@ + + org.cyclonedx + cyclonedx-maven-plugin + 2.5.3 + org.apache.maven.plugins maven-shade-plugin diff --git a/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/bom.cdx.json b/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/bom.cdx.json new file mode 100644 index 00000000..ef8163bc --- /dev/null +++ b/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/bom.cdx.json @@ -0,0 +1,147 @@ +{ + "bomFormat" : "CycloneDX", + "specVersion" : "1.3", + "serialNumber" : "urn:uuid:cf9dd7ef-4b1b-4343-be5a-44837cfa5005", + "version" : 1, + "metadata" : { + "timestamp" : "2023-06-30T05:34:37Z", + "tools" : [ + { + "vendor" : "CycloneDX", + "name" : "CycloneDX Maven plugin", + "version" : "2.5.3", + "hashes" : [ + { + "alg" : "MD5", + "content" : "4f7d894200ad695fc9f0aad66d7da40a" + }, + { + "alg" : "SHA-1", + "content" : "c044d9b726650cbea3adeb5cc1715c67d8356c0a" + }, + { + "alg" : "SHA-256", + "content" : "b9a385e430e1f5efd9b835a084c195dde4d5e1bc79e469a8187ec58275c15313" + }, + { + "alg" : "SHA-384", + "content" : "d96f68ef4b8830d70dc2eb5f2de5211d96b70dd1169da641f34474265c06a5321b63d2c80fe2d82d74c767391225e480" + }, + { + "alg" : "SHA-512", + "content" : "1d7d1129cdc8604772b3c454d8dff98d936f85af705c95705e3263a038c0bb58fdd58c0b90efa3f56b4ce8ef9c84d3154b74b8451e0470f856f4d688489704b0" + }, + { + "alg" : "SHA3-256", + "content" : "44231962fe0c1e5501ca38ad3320f9223ea5e8d62aa8aad170577818801ce349" + }, + { + "alg" : "SHA3-384", + "content" : "99659ce3e58d8416f9e28d6b87c800442a79c4a5703fb657f6a9da87495d1d9d3b9788e06a3d6ea0e1b659a4681a4c92" + }, + { + "alg" : "SHA3-512", + "content" : "8d5c3f0ee5a53cc714c4d829ccc07688f951a6b6655ad1e6435b8ab1c281bc38a78073b329bdaaf4887114b6843723ac8b5176a5f954581960a43662c688a95a" + } + ] + } + ], + "component" : { + "group" : "org.springframework", + "name" : "gs-maven", + "version" : "0.1.0", + "licenses" : [ ], + "purl" : "pkg:maven/org.springframework/gs-maven@0.1.0?type=jar", + "type" : "library", + "bom-ref" : "pkg:maven/org.springframework/gs-maven@0.1.0?type=jar" + } + }, + "components" : [ + { + "publisher" : "Joda.org", + "group" : "joda-time", + "name" : "joda-time", + "version" : "2.9.2", + "description" : "Date and time library to replace JDK date handling", + "scope" : "optional", + "hashes" : [ + { + "alg" : "MD5", + "content" : "32a794b6a820daf3fad92e59988df64c" + }, + { + "alg" : "SHA-1", + "content" : "36d6e77a419cb455e6fd5909f6f96b168e21e9d0" + }, + { + "alg" : "SHA-256", + "content" : "0be5c40e8cdce9ec0643d76be99f276db17c45d7616a217fd1b19b7ef73ca7b1" + }, + { + "alg" : "SHA-384", + "content" : "fe4d61fa8c2ae6bfe94b897fb100a23678bbd172b5c939531197c5566c5836f9a719484b5cf2f70960996bd397c0025c" + }, + { + "alg" : "SHA-512", + "content" : "52bf64e32ae5303ecf78510f78acfdce46b1654214a106f4d92f7c8e09ab4214790567198dd4c54b0f6e2b75765ad0c7b4a2d2cb3483e2782f16faed5546a8da" + }, + { + "alg" : "SHA3-256", + "content" : "361583e31c9add8f66af3220979a7a96aea0f2886644cd40e15e90ac5da0ca24" + }, + { + "alg" : "SHA3-384", + "content" : "4aaa49db59997ce580609dfb0142ed91656cb2f8db667e9fc7d8e206f4480e379601c8c16ee3e7a8870048b7da8209f0" + }, + { + "alg" : "SHA3-512", + "content" : "047292bca529cf8e9702041982348af816dbcec95917df377197eb22d798c3ac3d09a70591d21cea16a4e5e55ec491c74e0a9d062994303a7715548a9b122454" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/joda-time/joda-time@2.9.2?type=jar", + "externalReferences" : [ + { + "type" : "website", + "url" : "http://www.joda.org" + }, + { + "type" : "distribution", + "url" : "http://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type" : "mailing-list", + "url" : "http://sourceforge.net/mailarchive/forum.php?forum_name=joda-interest" + }, + { + "type" : "vcs", + "url" : "https://github.com/JodaOrg/joda-time" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/joda-time/joda-time@2.9.2?type=jar" + } + ], + "dependencies" : [ + { + "ref" : "pkg:maven/org.springframework/gs-maven@0.1.0?type=jar", + "dependsOn" : [ + "pkg:maven/joda-time/joda-time@2.9.2?type=jar" + ] + }, + { + "ref" : "pkg:maven/joda-time/joda-time@2.9.2?type=jar", + "dependsOn" : [ ] + } + ] +} \ No newline at end of file diff --git a/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/bom1.cdx.json b/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/bom1.cdx.json new file mode 100644 index 00000000..8597f6a3 --- /dev/null +++ b/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/bom1.cdx.json @@ -0,0 +1,147 @@ +{ + "bomFormat" : "CycloneDX", + "specVersion" : "1.3", + "serialNumber" : "urn:uuid:f33a1063-8d60-45e0-aa93-ae7352b6fe86", + "version" : 1, + "metadata" : { + "timestamp" : "2023-06-30T05:40:11Z", + "tools" : [ + { + "vendor" : "CycloneDX", + "name" : "CycloneDX Maven plugin", + "version" : "2.5.3", + "hashes" : [ + { + "alg" : "MD5", + "content" : "4f7d894200ad695fc9f0aad66d7da40a" + }, + { + "alg" : "SHA-1", + "content" : "c044d9b726650cbea3adeb5cc1715c67d8356c0a" + }, + { + "alg" : "SHA-256", + "content" : "b9a385e430e1f5efd9b835a084c195dde4d5e1bc79e469a8187ec58275c15313" + }, + { + "alg" : "SHA-384", + "content" : "d96f68ef4b8830d70dc2eb5f2de5211d96b70dd1169da641f34474265c06a5321b63d2c80fe2d82d74c767391225e480" + }, + { + "alg" : "SHA-512", + "content" : "1d7d1129cdc8604772b3c454d8dff98d936f85af705c95705e3263a038c0bb58fdd58c0b90efa3f56b4ce8ef9c84d3154b74b8451e0470f856f4d688489704b0" + }, + { + "alg" : "SHA3-256", + "content" : "44231962fe0c1e5501ca38ad3320f9223ea5e8d62aa8aad170577818801ce349" + }, + { + "alg" : "SHA3-384", + "content" : "99659ce3e58d8416f9e28d6b87c800442a79c4a5703fb657f6a9da87495d1d9d3b9788e06a3d6ea0e1b659a4681a4c92" + }, + { + "alg" : "SHA3-512", + "content" : "8d5c3f0ee5a53cc714c4d829ccc07688f951a6b6655ad1e6435b8ab1c281bc38a78073b329bdaaf4887114b6843723ac8b5176a5f954581960a43662c688a95a" + } + ] + } + ], + "component" : { + "group" : "org.springframework", + "name" : "gs-maven", + "version" : "0.1.0", + "licenses" : [ ], + "purl" : "pkg:maven/org.springframework/gs-maven@0.1.0?type=jar", + "type" : "library", + "bom-ref" : "pkg:maven/org.springframework/gs-maven@0.1.0?type=jar" + } + }, + "components" : [ + { + "publisher" : "Joda.org", + "group" : "joda-time", + "name" : "joda-time", + "version" : "2.9.2", + "description" : "Date and time library to replace JDK date handling", + "scope" : "optional", + "hashes" : [ + { + "alg" : "MD5", + "content" : "32a794b6a820daf3fad92e59988df64c" + }, + { + "alg" : "SHA-1", + "content" : "36d6e77a419cb455e6fd5909f6f96b168e21e9d0" + }, + { + "alg" : "SHA-256", + "content" : "0be5c40e8cdce9ec0643d76be99f276db17c45d7616a217fd1b19b7ef73ca7b1" + }, + { + "alg" : "SHA-384", + "content" : "fe4d61fa8c2ae6bfe94b897fb100a23678bbd172b5c939531197c5566c5836f9a719484b5cf2f70960996bd397c0025c" + }, + { + "alg" : "SHA-512", + "content" : "52bf64e32ae5303ecf78510f78acfdce46b1654214a106f4d92f7c8e09ab4214790567198dd4c54b0f6e2b75765ad0c7b4a2d2cb3483e2782f16faed5546a8da" + }, + { + "alg" : "SHA3-256", + "content" : "361583e31c9add8f66af3220979a7a96aea0f2886644cd40e15e90ac5da0ca24" + }, + { + "alg" : "SHA3-384", + "content" : "4aaa49db59997ce580609dfb0142ed91656cb2f8db667e9fc7d8e206f4480e379601c8c16ee3e7a8870048b7da8209f0" + }, + { + "alg" : "SHA3-512", + "content" : "047292bca529cf8e9702041982348af816dbcec95917df377197eb22d798c3ac3d09a70591d21cea16a4e5e55ec491c74e0a9d062994303a7715548a9b122454" + } + ], + "licenses" : [ + { + "license" : { + "id" : "Apache-2.0" + } + } + ], + "purl" : "pkg:maven/joda-time/joda-time@2.9.2?type=jar", + "externalReferences" : [ + { + "type" : "website", + "url" : "http://www.joda.org" + }, + { + "type" : "distribution", + "url" : "http://oss.sonatype.org/content/repositories/joda-releases" + }, + { + "type" : "issue-tracker", + "url" : "https://github.com/JodaOrg/joda-time/issues" + }, + { + "type" : "mailing-list", + "url" : "http://sourceforge.net/mailarchive/forum.php?forum_name=joda-interest" + }, + { + "type" : "vcs", + "url" : "https://github.com/JodaOrg/joda-time" + } + ], + "type" : "library", + "bom-ref" : "pkg:maven/joda-time/joda-time@2.9.2?type=jar" + } + ], + "dependencies" : [ + { + "ref" : "pkg:maven/org.springframework/gs-maven@0.1.0?type=jar", + "dependsOn" : [ + "pkg:maven/joda-time/joda-time@2.9.2?type=jar" + ] + }, + { + "ref" : "pkg:maven/joda-time/joda-time@2.9.2?type=jar", + "dependsOn" : [ ] + } + ] +} \ No newline at end of file diff --git a/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/dependency-reduced-pom.xml b/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/dependency-reduced-pom.xml new file mode 100644 index 00000000..991e7487 --- /dev/null +++ b/src/LCT.PackageIdentifier.UTest/PackageIdentifierUTTestFiles/dependency-reduced-pom.xml @@ -0,0 +1,53 @@ + + + 4.0.0 + org.springframework + gs-maven + 0.1.0 + + + + org.cyclonedx + cyclonedx-maven-plugin + 2.5.3 + + + maven-shade-plugin + 3.2.4 + + + package + + shade + + + + + hello.HelloWorld + + + + + + + + + + + junit + junit + 4.12 + test + + + hamcrest-core + org.hamcrest + + + + + + 1.8 + 1.8 + + diff --git a/src/LCT.PackageIdentifier/BomCreator.cs b/src/LCT.PackageIdentifier/BomCreator.cs index 1c0ac41e..12d64a6a 100644 --- a/src/LCT.PackageIdentifier/BomCreator.cs +++ b/src/LCT.PackageIdentifier/BomCreator.cs @@ -80,32 +80,13 @@ public async Task GenerateBom(CommonAppSettings appSettings, IBomHelper bomHelpe private static void WritecontentsToBOM(CommonAppSettings appSettings, BomKpiData bomKpiData, Bom listOfComponentsToBom) { - if (string.IsNullOrEmpty(appSettings.CycloneDxBomFilePath)) - { + WriteContentToComparisonBOM(appSettings, listOfComponentsToBom, ref bomKpiData); - } - else - { - WriteContentToCycloneDxBOM(appSettings, listOfComponentsToBom, ref bomKpiData); - } + } - private static void WriteContentToCycloneDxBOM(CommonAppSettings appSettings, Bom listOfComponentsToBom, ref BomKpiData bomKpiData) - { - IFileOperations fileOperations = new FileOperations(); - if (string.IsNullOrEmpty(appSettings.IdentifierBomFilePath)) - { - fileOperations.WriteContentToCycloneDXFile(listOfComponentsToBom, appSettings.BomFolderPath, appSettings.CycloneDxBomFilePath); - } - else - { - listOfComponentsToBom = fileOperations.CombineComponentsFromExistingBOM(listOfComponentsToBom, appSettings.IdentifierBomFilePath); - bomKpiData.ComponentsInComparisonBOM = listOfComponentsToBom.Components.Count; - fileOperations.WriteContentToCycloneDXFile(listOfComponentsToBom, appSettings.BomFolderPath, appSettings.CycloneDxBomFilePath); - } - } private static void WriteContentToComparisonBOM(CommonAppSettings appSettings, Bom listOfComponentsToBom, ref BomKpiData bomKpiData) { diff --git a/src/LCT.PackageIdentifier/DebianProcessor.cs b/src/LCT.PackageIdentifier/DebianProcessor.cs index 9dab146b..464c661f 100644 --- a/src/LCT.PackageIdentifier/DebianProcessor.cs +++ b/src/LCT.PackageIdentifier/DebianProcessor.cs @@ -44,9 +44,7 @@ public Bom ParsePackageFile(CommonAppSettings appSettings) { Logger.Debug($"ParsePackageFile():FileName: " + filepath); listofComponents.AddRange(ParseCycloneDX(filepath)); - } - - //todo:testing is pending for the new logic addition + } int initialCount = listofComponents.Count; GetDistinctComponentList(ref listofComponents); diff --git a/src/LCT.PackageIdentifier/MavenProcessor.cs b/src/LCT.PackageIdentifier/MavenProcessor.cs index 32e5e9de..3347caae 100644 --- a/src/LCT.PackageIdentifier/MavenProcessor.cs +++ b/src/LCT.PackageIdentifier/MavenProcessor.cs @@ -30,60 +30,38 @@ public Bom ParsePackageFile(CommonAppSettings appSettings) { List componentsForBOM = new(); Bom bom = new(); - - string depFilePath = ""; - int totalComponentsIdentified = 0; - List configFiles = new(); + List configFiles=new(); if (string.IsNullOrEmpty(appSettings.CycloneDxBomFilePath)) { - //Create empty dependency list file - if (!string.IsNullOrEmpty(appSettings.PackageFilePath)) - { - configFiles = FolderScanner.FileScanner(appSettings.PackageFilePath, appSettings.Maven); - depFilePath = Path.Combine(appSettings.PackageFilePath, "POMDependencies.txt"); - File.Create(depFilePath).Close(); - } - - foreach (var bomFilePath in configFiles) - { - Result result = BomHelper.GetDependencyList(bomFilePath, depFilePath); - if (result.ExitCode != 0) - { - Logger.Debug("Error in downloading maven packages"); - } - } - - ParseConfigFile(depFilePath, appSettings, ref componentsForBOM); - - totalComponentsIdentified = componentsForBOM.Count; - - componentsForBOM = componentsForBOM.Distinct(new ComponentEqualityComparer()).ToList(); - - BomCreator.bomKpiData.DuplicateComponents = totalComponentsIdentified - componentsForBOM.Count; - - var componentsWithMultipleVersions = componentsForBOM.GroupBy(s => s.Name) - .Where(g => g.Count() > 1).SelectMany(g => g).ToList(); - - if (componentsWithMultipleVersions.Count != 0) - { - Logger.Warn($"Multiple versions detected :\n"); - foreach (var item in componentsWithMultipleVersions) - { - Logger.Warn($"Component Name : {item.Name}\nComponent Version : {item.Version}\nPackage Found in : {appSettings.PackageFilePath}\n"); - } - } - bom.Components = componentsForBOM; + configFiles = FolderScanner.FileScanner(appSettings.PackageFilePath, appSettings.Maven); } else { - bom = ParseCycloneDXBom(appSettings.CycloneDxBomFilePath); - BomCreator.bomKpiData.ComponentsinPackageLockJsonFile = bom.Components.Count; + configFiles = FolderScanner.FileScanner(appSettings.CycloneDxBomFilePath, appSettings.Maven); + } + + foreach (string filepath in configFiles) + { + Bom bomList = ParseCycloneDXBom(filepath); + componentsForBOM.AddRange(bomList.Components); } + foreach (var component in componentsForBOM) + { + component.Properties = new List(); + Property isDev = new() { Name = Dataconstant.Cdx_IsDevelopment, Value = "false" }; + Property identifierType = new() { Name = Dataconstant.Cdx_IdentifierType, Value = "Manually" }; + component.Properties.Add(isDev); + component.Properties.Add(identifierType); + + } + bom.Components = componentsForBOM; + BomCreator.bomKpiData.ComponentsinPackageLockJsonFile = bom.Components.Count; + BomCreator.bomKpiData.ComponentsInComparisonBOM = bom.Components.Count; Logger.Debug($"ParsePackageFile():End"); return bom; } - private static void ParseConfigFile(string depFilePath, CommonAppSettings appSettings, ref List foundPackages) + private static void ParseDependencyTextFile(string depFilePath, CommonAppSettings appSettings, ref List foundPackages) { string[] lines = File.ReadAllLines(depFilePath); int noOfExcludedComponents = 0; @@ -101,18 +79,23 @@ private static void ParseConfigFile(string depFilePath, CommonAppSettings appSet string scope = ""; bool isDevelopmentComponent; + Property isDev = new() { Name = Dataconstant.Cdx_IsDevelopment, Value = "false" }; + Property identifierType = new() { Name = Dataconstant.Cdx_IdentifierType, Value = "Discovered" }; scope = GetPackageDetails(parts, out component); - + component.Properties = new List(); isDevelopmentComponent = GetDevDependentScopeList(appSettings, scope); - - if (!component.Version.Contains("win") && !isDevelopmentComponent) - { - foundPackages.Add(component); - } if (isDevelopmentComponent) { + isDev.Value = "true"; BomCreator.bomKpiData.DevDependentComponents++; } + component.Properties.Add(isDev); + component.Properties.Add(identifierType); + if (!component.Version.Contains("win")) + { + foundPackages.Add(component); + } + } } BomCreator.bomKpiData.ComponentsinPackageLockJsonFile = totalComponenstinInputFile; @@ -174,7 +157,7 @@ public async Task IdentificationOfInternalComponents( { currentIterationItem.Properties = new List(); } - + Property isInternal = new() { Name = Dataconstant.Cdx_IsInternal, Value = "false" }; if (isTrue) { diff --git a/src/LCT.PackageIdentifier/Model/NugetPackage.cs b/src/LCT.PackageIdentifier/Model/NugetPackage.cs index ec9f7112..c2717113 100644 --- a/src/LCT.PackageIdentifier/Model/NugetPackage.cs +++ b/src/LCT.PackageIdentifier/Model/NugetPackage.cs @@ -19,6 +19,7 @@ public class NugetPackage public string Version { get; set; } public string Filepath { get; set; } + public string IsDev { get; set; } } } diff --git a/src/LCT.PackageIdentifier/NpmProcessor.cs b/src/LCT.PackageIdentifier/NpmProcessor.cs index bd4d72fa..b8fa41af 100644 --- a/src/LCT.PackageIdentifier/NpmProcessor.cs +++ b/src/LCT.PackageIdentifier/NpmProcessor.cs @@ -332,25 +332,27 @@ private void ParsingInputFileForBOM(CommonAppSettings appSettings, ref List ParsePackageConfig(string packagesFilePath, CommonAppSettings appSettings) { List nugetPackages = new List(); + string isDev = "false"; try { List referenceList = Parsecsproj(appSettings); @@ -79,7 +80,7 @@ public static List ParsePackageConfig(string packagesFilePath, Com { BomCreator.bomKpiData.DevDependentComponents++; - continue; + isDev = "true"; } if (idAttribute?.Value == null) @@ -97,7 +98,8 @@ public static List ParsePackageConfig(string packagesFilePath, Com { ID = idAttribute.Value, Version = versionAttribute.Value, - Filepath = packagesFilePath + Filepath = packagesFilePath, + IsDev= isDev }; nugetPackages.Add(package); } @@ -116,6 +118,7 @@ public static List ParsePackageConfig(string packagesFilePath, Com public static List ParsePackageLock(string packagesFilePath, CommonAppSettings appSettings) { List packageList = new List(); + string isDev = "false"; try { List referenceList = Parsecsproj(appSettings); @@ -134,8 +137,8 @@ public static List ParsePackageLock(string packagesFilePath, Commo string version = dependencyToken.First.Value("resolved"); if (dependencyToken.First.Value("type") == "Dev" || IsDevDependent(referenceList, id, version)) { - BomCreator.bomKpiData.DevDependentComponents++; - continue; + BomCreator.bomKpiData.DevDependentComponents++; + isDev = "true"; } if (dependencyToken.First.Value("type") == "Project" || string.IsNullOrEmpty(version) && string.IsNullOrEmpty(id)) { @@ -149,7 +152,9 @@ public static List ParsePackageLock(string packagesFilePath, Commo { ID = id, Version = version, - Filepath = packagesFilePath + Filepath = packagesFilePath, + IsDev= isDev + }; packageList.Add(package); } @@ -396,6 +401,8 @@ public static Bom RemoveExcludedComponents(CommonAppSettings appSettings, Bom cy private void ParsingInputFileForBOM(CommonAppSettings appSettings, ref List listComponentForBOM, ref Bom bom) { List configFiles; + List componentsForBOM=new List(); + if (string.IsNullOrEmpty(appSettings.CycloneDxBomFilePath)) { configFiles = FolderScanner.FileScanner(appSettings.PackageFilePath, appSettings.Nuget); @@ -407,7 +414,21 @@ private void ParsingInputFileForBOM(CommonAppSettings appSettings, ref List(); + Property isDev = new() { Name = Dataconstant.Cdx_IsDevelopment, Value = "false" }; + Property identifierType = new() { Name = Dataconstant.Cdx_IdentifierType, Value = "Manually Added" }; + component.Properties.Add(isDev); + component.Properties.Add(identifierType); + } + bom.Components = componentsForBOM; BomCreator.bomKpiData.ComponentsinPackageLockJsonFile = bom.Components.Count; bom = RemoveExcludedComponents(appSettings, bom); listComponentForBOM = bom.Components; @@ -427,6 +448,19 @@ private static void ConvertToCycloneDXModel(List listComponentForBOM, components.Purl = $"{ApiConstant.NugetExternalID}{prop.ID}@{components.Version}"; components.BomRef = $"{ApiConstant.NugetExternalID}{prop.ID}@{components.Version}"; components.Description = prop.Filepath; + components.Properties = new List() + { + new() + { + Name = Dataconstant.Cdx_IsDevelopment, Value = prop.IsDev + }, + new Property() + { + Name=Dataconstant.Cdx_IdentifierType,Value="Discovered" + } + }; + + listComponentForBOM.Add(components); } }