diff --git a/src/LCT.Common/CycloneDXBomParser.cs b/src/LCT.Common/CycloneDXBomParser.cs index b4ec0449..af407172 100644 --- a/src/LCT.Common/CycloneDXBomParser.cs +++ b/src/LCT.Common/CycloneDXBomParser.cs @@ -6,10 +6,12 @@ using CycloneDX.Json; using CycloneDX.Models; +using LCT.Common.Model; using log4net; using log4net.Core; using Newtonsoft.Json; using System; +using System.Collections.Generic; using System.IO; using System.Reflection; diff --git a/src/LCT.Common/Interface/ICycloneDXBomParser.cs b/src/LCT.Common/Interface/ICycloneDXBomParser.cs index 23cd62da..f5250f4f 100644 --- a/src/LCT.Common/Interface/ICycloneDXBomParser.cs +++ b/src/LCT.Common/Interface/ICycloneDXBomParser.cs @@ -5,6 +5,7 @@ // -------------------------------------------------------------------------------------------------------------------- using CycloneDX.Models; +using System.Collections.Generic; namespace LCT.Common { diff --git a/src/LCT.Common/appSettings.json b/src/LCT.Common/appSettings.json index 0c2831c9..082e0aec 100644 --- a/src/LCT.Common/appSettings.json +++ b/src/LCT.Common/appSettings.json @@ -42,7 +42,7 @@ "ExcludedComponents": [] }, "Nuget": { - "Include": [ "pack*.config", "p*.lock.json" ], + "Include": [ "pack*.config", "p*.lock.json","*.cdx.json" ], "Exclude": [], "JfrogNugetRepoList": [ "", //This is a mirror repo for nuget.org in JFrog @@ -51,7 +51,7 @@ "ExcludedComponents": [] }, "Maven": { - "Include": [ "pom.xml" ], + "Include": [ "pom.xml","*.cdx.json" ], "Exclude": [], "JfrogMavenRepoList": [ "", //This is a mirror repo for repo.maven in JFrog diff --git a/src/LCT.PackageIdentifier.UTest/MavenParserTests.cs b/src/LCT.PackageIdentifier.UTest/MavenParserTests.cs index e531690c..f15ab249 100644 --- a/src/LCT.PackageIdentifier.UTest/MavenParserTests.cs +++ b/src/LCT.PackageIdentifier.UTest/MavenParserTests.cs @@ -73,7 +73,7 @@ public void IsDevDependent_GivenListOfMavenDevComponents_ReturnsNonDevComponents Bom bom = MavenProcessor.ParsePackageFile(appSettings); //Assert - Assert.That(bom.Components.Count, Is.EqualTo(1), "Returns the count of NON Dev Dependency components"); + Assert.That(bom.Components.Count-BomCreator.bomKpiData.DevDependentComponents, Is.EqualTo(1), "Returns the count of NON Dev Dependency components"); } [Test] diff --git a/src/LCT.PackageIdentifier.UTest/NugetParserTests.cs b/src/LCT.PackageIdentifier.UTest/NugetParserTests.cs index 83cb93da..65629c3c 100644 --- a/src/LCT.PackageIdentifier.UTest/NugetParserTests.cs +++ b/src/LCT.PackageIdentifier.UTest/NugetParserTests.cs @@ -52,7 +52,7 @@ public void ParsePackageConfig_GivenAInputFilePath_ReturnsSuccess() public void ParsePackageLockJson_GivenAInputFilePath_ReturnsSuccess() { //Arrange - int expectednoofcomponents = 152; + int expectednoofcomponents = 153; string exePath = System.Reflection.Assembly.GetExecutingAssembly().Location; string outFolder = Path.GetDirectoryName(exePath); string packagefilepath = outFolder + @"\PackageIdentifierUTTestFiles\packages.lock.json"; diff --git a/src/LCT.PackageIdentifier/BomCreator.cs b/src/LCT.PackageIdentifier/BomCreator.cs index db1101df..d04f690e 100644 --- a/src/LCT.PackageIdentifier/BomCreator.cs +++ b/src/LCT.PackageIdentifier/BomCreator.cs @@ -80,14 +80,9 @@ public async Task GenerateBom(CommonAppSettings appSettings, IBomHelper bomHelpe private static void WritecontentsToBOM(CommonAppSettings appSettings, BomKpiData bomKpiData, Bom listOfComponentsToBom) { - if (string.IsNullOrEmpty(appSettings.CycloneDxBomFilePath)) - { + WriteContentToComparisonBOM(appSettings, listOfComponentsToBom, ref bomKpiData); - } - else - { - WriteContentToCycloneDxBOM(appSettings, listOfComponentsToBom, ref bomKpiData); - } + } @@ -96,13 +91,13 @@ private static void WriteContentToCycloneDxBOM(CommonAppSettings appSettings, Bo IFileOperations fileOperations = new FileOperations(); if (string.IsNullOrEmpty(appSettings.IdentifierBomFilePath)) { - fileOperations.WriteContentToCycloneDXFile(listOfComponentsToBom, appSettings.BomFolderPath, appSettings.CycloneDxBomFilePath); + fileOperations.WriteContentToCycloneDXFile(listOfComponentsToBom, appSettings.BomFolderPath, appSettings.SW360ProjectName); } else { listOfComponentsToBom = fileOperations.CombineComponentsFromExistingBOM(listOfComponentsToBom, appSettings.IdentifierBomFilePath); bomKpiData.ComponentsInComparisonBOM = listOfComponentsToBom.Components.Count; - fileOperations.WriteContentToCycloneDXFile(listOfComponentsToBom, appSettings.BomFolderPath, appSettings.CycloneDxBomFilePath); + fileOperations.WriteContentToCycloneDXFile(listOfComponentsToBom, appSettings.BomFolderPath, appSettings.SW360ProjectName); } } diff --git a/src/LCT.PackageIdentifier/DebianProcessor.cs b/src/LCT.PackageIdentifier/DebianProcessor.cs index 9dab146b..d3e83d07 100644 --- a/src/LCT.PackageIdentifier/DebianProcessor.cs +++ b/src/LCT.PackageIdentifier/DebianProcessor.cs @@ -46,7 +46,7 @@ public Bom ParsePackageFile(CommonAppSettings appSettings) listofComponents.AddRange(ParseCycloneDX(filepath)); } - //todo:testing is pending for the new logic addition + int initialCount = listofComponents.Count; GetDistinctComponentList(ref listofComponents); diff --git a/src/LCT.PackageIdentifier/MavenProcessor.cs b/src/LCT.PackageIdentifier/MavenProcessor.cs index 32e5e9de..dc71ac48 100644 --- a/src/LCT.PackageIdentifier/MavenProcessor.cs +++ b/src/LCT.PackageIdentifier/MavenProcessor.cs @@ -53,7 +53,7 @@ public Bom ParsePackageFile(CommonAppSettings appSettings) } } - ParseConfigFile(depFilePath, appSettings, ref componentsForBOM); + ParseDependencyTextFile(depFilePath, appSettings, ref componentsForBOM); totalComponentsIdentified = componentsForBOM.Count; @@ -76,14 +76,29 @@ public Bom ParsePackageFile(CommonAppSettings appSettings) } else { - bom = ParseCycloneDXBom(appSettings.CycloneDxBomFilePath); + configFiles = FolderScanner.FileScanner(appSettings.CycloneDxBomFilePath, appSettings.Npm); + foreach (string filepath in configFiles) + { + Bom bomList=ParseCycloneDXBom(filepath); + componentsForBOM.AddRange(bomList.Components); + } + foreach (var component in componentsForBOM) + { + component.Properties = new List(); + Property isDev = new() { Name = Dataconstant.Cdx_IsDevelopment, Value = "false" }; + Property identifierType = new() { Name = Dataconstant.Cdx_IdentifierType, Value = "Manually Added" }; + component.Properties.Add(isDev); + component.Properties.Add(identifierType); + + } + bom.Components = componentsForBOM; BomCreator.bomKpiData.ComponentsinPackageLockJsonFile = bom.Components.Count; } Logger.Debug($"ParsePackageFile():End"); return bom; } - private static void ParseConfigFile(string depFilePath, CommonAppSettings appSettings, ref List foundPackages) + private static void ParseDependencyTextFile(string depFilePath, CommonAppSettings appSettings, ref List foundPackages) { string[] lines = File.ReadAllLines(depFilePath); int noOfExcludedComponents = 0; @@ -101,18 +116,23 @@ private static void ParseConfigFile(string depFilePath, CommonAppSettings appSet string scope = ""; bool isDevelopmentComponent; + Property isDev = new() { Name = Dataconstant.Cdx_IsDevelopment, Value = "false" }; + Property identifierType = new() { Name = Dataconstant.Cdx_IdentifierType, Value = "Discovered" }; scope = GetPackageDetails(parts, out component); - + component.Properties = new List(); isDevelopmentComponent = GetDevDependentScopeList(appSettings, scope); - - if (!component.Version.Contains("win") && !isDevelopmentComponent) - { - foundPackages.Add(component); - } if (isDevelopmentComponent) { + isDev.Value = "true"; BomCreator.bomKpiData.DevDependentComponents++; } + component.Properties.Add(isDev); + component.Properties.Add(identifierType); + if (!component.Version.Contains("win")) + { + foundPackages.Add(component); + } + } } BomCreator.bomKpiData.ComponentsinPackageLockJsonFile = totalComponenstinInputFile; @@ -174,7 +194,7 @@ public async Task IdentificationOfInternalComponents( { currentIterationItem.Properties = new List(); } - + Property isInternal = new() { Name = Dataconstant.Cdx_IsInternal, Value = "false" }; if (isTrue) { diff --git a/src/LCT.PackageIdentifier/Model/NugetPackage.cs b/src/LCT.PackageIdentifier/Model/NugetPackage.cs index ec9f7112..c2717113 100644 --- a/src/LCT.PackageIdentifier/Model/NugetPackage.cs +++ b/src/LCT.PackageIdentifier/Model/NugetPackage.cs @@ -19,6 +19,7 @@ public class NugetPackage public string Version { get; set; } public string Filepath { get; set; } + public string IsDev { get; set; } } } diff --git a/src/LCT.PackageIdentifier/NpmProcessor.cs b/src/LCT.PackageIdentifier/NpmProcessor.cs index 32139ffb..039d1d7f 100644 --- a/src/LCT.PackageIdentifier/NpmProcessor.cs +++ b/src/LCT.PackageIdentifier/NpmProcessor.cs @@ -353,7 +353,20 @@ private void ParsingInputFileForBOM(CommonAppSettings appSettings, ref List ParsePackageConfig(string packagesFilePath, CommonAppSettings appSettings) { List nugetPackages = new List(); + string isDev = "false"; try { List referenceList = Parsecsproj(appSettings); @@ -79,7 +80,7 @@ public static List ParsePackageConfig(string packagesFilePath, Com { BomCreator.bomKpiData.DevDependentComponents++; - continue; + isDev = "true"; } if (idAttribute?.Value == null) @@ -97,7 +98,8 @@ public static List ParsePackageConfig(string packagesFilePath, Com { ID = idAttribute.Value, Version = versionAttribute.Value, - Filepath = packagesFilePath + Filepath = packagesFilePath, + IsDev= isDev }; nugetPackages.Add(package); } @@ -116,6 +118,7 @@ public static List ParsePackageConfig(string packagesFilePath, Com public static List ParsePackageLock(string packagesFilePath, CommonAppSettings appSettings) { List packageList = new List(); + string isDev = "false"; try { List referenceList = Parsecsproj(appSettings); @@ -134,8 +137,8 @@ public static List ParsePackageLock(string packagesFilePath, Commo string version = dependencyToken.First.Value("resolved"); if (dependencyToken.First.Value("type") == "Dev" || IsDevDependent(referenceList, id, version)) { - BomCreator.bomKpiData.DevDependentComponents++; - continue; + BomCreator.bomKpiData.DevDependentComponents++; + isDev = "true"; } if (dependencyToken.First.Value("type") == "Project" || string.IsNullOrEmpty(version) && string.IsNullOrEmpty(id)) { @@ -149,7 +152,9 @@ public static List ParsePackageLock(string packagesFilePath, Commo { ID = id, Version = version, - Filepath = packagesFilePath + Filepath = packagesFilePath, + IsDev= isDev + }; packageList.Add(package); } @@ -396,6 +401,8 @@ public static Bom RemoveExcludedComponents(CommonAppSettings appSettings, Bom cy private void ParsingInputFileForBOM(CommonAppSettings appSettings, ref List listComponentForBOM, ref Bom bom) { List configFiles; + List componentsForBOM=new List(); + if (string.IsNullOrEmpty(appSettings.CycloneDxBomFilePath)) { configFiles = FolderScanner.FileScanner(appSettings.PackageFilePath, appSettings.Nuget); @@ -407,7 +414,21 @@ private void ParsingInputFileForBOM(CommonAppSettings appSettings, ref List(); + Property isDev = new() { Name = Dataconstant.Cdx_IsDevelopment, Value = "false" }; + Property identifierType = new() { Name = Dataconstant.Cdx_IdentifierType, Value = "Manually Added" }; + component.Properties.Add(isDev); + component.Properties.Add(identifierType); + } + bom.Components = componentsForBOM; BomCreator.bomKpiData.ComponentsinPackageLockJsonFile = bom.Components.Count; bom = RemoveExcludedComponents(appSettings, bom); listComponentForBOM = bom.Components; @@ -427,6 +448,19 @@ private static void ConvertToCycloneDXModel(List listComponentForBOM, components.Purl = $"{ApiConstant.NugetExternalID}{prop.ID}@{components.Version}"; components.BomRef = $"{ApiConstant.NugetExternalID}{prop.ID}@{components.Version}"; components.Description = prop.Filepath; + components.Properties = new List() + { + new() + { + Name = Dataconstant.Cdx_IsDevelopment, Value = prop.IsDev + }, + new Property() + { + Name=Dataconstant.Cdx_IdentifierType,Value="Discovered" + } + }; + + listComponentForBOM.Add(components); } }