siemens · karthika-g · Aug 9, 2023 · Jul 31, 2023 · Aug 1, 2023 · Aug 1, 2023
diff --git a/TestFiles/IntegrationTestFiles/SystemTest1stIterationData/Nuget-Assets/project.assets.json b/TestFiles/IntegrationTestFiles/SystemTest1stIterationData/Nuget-Assets/project.assets.json
@@ -0,0 +1,151 @@
+{
+  "version": 3,
+  "targets": {
+    "net6.0": {
+      "Newtonsoft.Json/13.0.3": {
+        "type": "package",
+        "compile": {
+          "lib/net6.0/Newtonsoft.Json.dll": {
+            "related": ".xml"
+          }
+        },
+        "runtime": {
+          "lib/net6.0/Newtonsoft.Json.dll": {
+            "related": ".xml"
+          }
+        }
+      },
+      "SonarAnalyzer.CSharp/9.5.0.73987": {
+        "type": "package"
+      }
+    }
+  },
+  "libraries": {
+    "Newtonsoft.Json/13.0.3": {
+      "sha512": "HrC5BXdl00IP9zeV+0Z848QWPAoCr9P3bDEZguI+gkLcBKAOxix/tLEAAHC+UvDNPv4a2d18lOReHMOagPa+zQ==",
+      "type": "package",
+      "path": "newtonsoft.json/13.0.3",
+      "files": [
+        ".nupkg.metadata",
+        ".signature.p7s",
+        "LICENSE.md",
+        "README.md",
+        "lib/net20/Newtonsoft.Json.dll",
+        "lib/net20/Newtonsoft.Json.xml",
+        "lib/net35/Newtonsoft.Json.dll",
+        "lib/net35/Newtonsoft.Json.xml",
+        "lib/net40/Newtonsoft.Json.dll",
+        "lib/net40/Newtonsoft.Json.xml",
+        "lib/net45/Newtonsoft.Json.dll",
+        "lib/net45/Newtonsoft.Json.xml",
+        "lib/net6.0/Newtonsoft.Json.dll",
+        "lib/net6.0/Newtonsoft.Json.xml",
+        "lib/netstandard1.0/Newtonsoft.Json.dll",
+        "lib/netstandard1.0/Newtonsoft.Json.xml",
+        "lib/netstandard1.3/Newtonsoft.Json.dll",
+        "lib/netstandard1.3/Newtonsoft.Json.xml",
+        "lib/netstandard2.0/Newtonsoft.Json.dll",
+        "lib/netstandard2.0/Newtonsoft.Json.xml",
+        "newtonsoft.json.13.0.3.nupkg.sha512",
+        "newtonsoft.json.nuspec",
+        "packageIcon.png"
+      ]
+    },
+    "SonarAnalyzer.CSharp/9.5.0.73987": {
+      "sha512": "gmcKNWJ7kZqERbOcMnwyGtflOz5LhLwN17bPvs7AUqy8np8pdlFhDNKYmhuhfnFo0lRctLbS2Fr6HJM9QPsymw==",
+      "type": "package",
+      "path": "sonaranalyzer.csharp/9.5.0.73987",
+      "hasTools": true,
+      "files": [
+        ".nupkg.metadata",
+        ".signature.p7s",
+        "analyzers/Google.Protobuf.dll",
+        "analyzers/SonarAnalyzer.CFG.dll",
+        "analyzers/SonarAnalyzer.CSharp.dll",
+        "analyzers/SonarAnalyzer.dll",
+        "images/sonarsource_64.png",
+        "license/THIRD-PARTY-NOTICES.txt",
+        "sonaranalyzer.csharp.9.5.0.73987.nupkg.sha512",
+        "sonaranalyzer.csharp.nuspec",
+        "tools/install.ps1",
+        "tools/uninstall.ps1"
+      ]
+    }
+  },
+  "projectFileDependencyGroups": {
+    "net6.0": [
+      "Newtonsoft.Json >= 13.0.3",
+      "SonarAnalyzer.CSharp >= 9.5.0.73987"
+    ]
+  },
+  "packageFolders": {
+    "": {}
+  },
+  "project": {
+    "version": "1.0.0",
+    "restore": {
+      "projectUniqueName": "D:\\Nuget-SBOM\\ProjectAssets\\ProjectAssets\\ProjectAssets\\ProjectAssets.csproj",
+      "projectName": "ProjectAssets",
+      "projectPath": "D:\\Nuget-SBOM\\ProjectAssets\\ProjectAssets\\ProjectAssets\\ProjectAssets.csproj",
+      "packagesPath": "",
+      "outputPath": "D:\\Nuget-SBOM\\ProjectAssets\\ProjectAssets\\ProjectAssets\\obj\\",
+      "projectStyle": "PackageReference",
+      "configFilePaths": [
+        "C:\\Users\\z004neay\\AppData\\Roaming\\NuGet\\NuGet.Config",
+        "C:\\Program Files (x86)\\NuGet\\Config\\Microsoft.VisualStudio.Offline.config"
+      ],
+      "originalTargetFrameworks": [
+        "net6.0"
+      ],
+      "sources": {
+        "C:\\Program Files (x86)\\Microsoft SDKs\\NuGetPackages\\": {},
+        "https://api.nuget.org/v3/index.json": {}
+      },
+      "frameworks": {
+        "net6.0": {
+          "targetAlias": "net6.0",
+          "projectReferences": {}
+        }
+      },
+      "warningProperties": {
+        "warnAsError": [
+          "NU1605"
+        ]
+      }
+    },
+    "frameworks": {
+      "net6.0": {
+        "targetAlias": "net6.0",
+        "dependencies": {
+          "Newtonsoft.Json": {
+            "target": "Package",
+            "version": "[13.0.3, )"
+          },
+          "SonarAnalyzer.CSharp": {
+            "include": "Runtime, Build, Native, ContentFiles, Analyzers, BuildTransitive",
+            "suppressParent": "All",
+            "target": "Package",
+            "version": "[9.5.0.73987, )"
+          }
+        },
+        "imports": [
+          "net461",
+          "net462",
+          "net47",
+          "net471",
+          "net472",
+          "net48",
+          "net481"
+        ],
+        "assetTargetFallback": true,
+        "warn": true,
+        "frameworkReferences": {
+          "Microsoft.NETCore.App": {
+            "privateAssets": "all"
+          }
+        },
+        "runtimeIdentifierGraphPath": "C:\\Program Files\\dotnet\\sdk\\7.0.202\\RuntimeIdentifierGraph.json"
+      }
+    }
+  }
+}
diff --git a/...es/IntegrationTestFiles/SystemTest1stIterationData/Template-Nuget/Template_Nuget.cdx.json b/...es/IntegrationTestFiles/SystemTest1stIterationData/Template-Nuget/Template_Nuget.cdx.json
@@ -0,0 +1,69 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.4",
+  "serialNumber": "urn:uuid:43858d10-328d-40d3-8184-ad4f0b5ea53c",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2023-07-11T12:11:14Z",
+    "tools": [
+      {
+        "vendor": "anchore",
+        "name": "syft",
+        "version": "0.84.1"
+      }
+    ],
+    "component": {
+      "bom-ref": "f8e285590963f51a",
+      "type": "container",
+      "name": "",
+      "version": "sha256:b75774030c2c10178aad29230221cad47aa607c72895aa4af389b3f1f01f71f4"
+    }
+  },
+  "components": [
+    {
+      "bom-ref": "pkg:nuget/[email protected]",
+      "type": "library",
+      "publisher": "",
+      "name": "System.Memory",
+      "version": "4.5.4",
+      "licenses": [
+        {
+          "license": {
+            "id": "GPL-2.0-only"
+          }
+        }
+      ],
+      "cpe": "",
+      "purl": "pkg:nuget/[email protected]",
+      "properties": [
+        {
+          "name": "syft:package:foundBy",
+          "value": "Testing Properties"
+        }
+      ]
+    },
+    {
+      "bom-ref": "pkg:nuget/[email protected]",
+      "type": "library",
+      "publisher": "",
+      "name": "Newtonsoft.Json",
+      "version": "13.0.3",
+      "licenses": [
+        {
+          "license": {
+            "id": "GPL-2.0-only"
+          }
+        }
+      ],
+      "cpe": "",
+      "purl": "pkg:nuget/[email protected]",
+      "properties": [
+        {
+          "name": "syft:package:foundBy",
+          "value": "Testing Properties"
+        }
+      ]
+    }
+  ]
+}
diff --git a/src/LCT.Common/CommonAppSettings.cs b/src/LCT.Common/CommonAppSettings.cs
@@ -52,6 +52,7 @@ public CommonAppSettings(IFolderAction iFolderAction)
         private string m_LogFolderPath;
         private string m_FOSSURL;
         private string m_ArtifactoryUser;
+        private string m_CycloneDxSBomTemplatePath;
 
 
         public bool RemoveDevDependency { get; set; } = true;
@@ -65,7 +66,7 @@ public CommonAppSettings(IFolderAction iFolderAction)
         public Config Debian { get; set; }
         public Config Python { get; set; }
         public string CaVersion { get; set; }
-        public string CycloneDxBomFilePath { get; set; }
+        public string CycloneDxSBomTemplatePath { get; set; }
         public string[] InternalRepoList { get; set; }
         public bool EnableFossTrigger { get; set; } = true;
         public string JfrogNpmDestRepoName { get; set; }
@@ -122,7 +123,7 @@ public string PackageFilePath
             set
             {
                 if (!AppDomain.CurrentDomain.FriendlyName.Contains("SW360PackageCreator") &&
-                    !AppDomain.CurrentDomain.FriendlyName.Contains("ArtifactoryUploader") && string.IsNullOrEmpty(CycloneDxBomFilePath))
+                    !AppDomain.CurrentDomain.FriendlyName.Contains("ArtifactoryUploader"))
                 {
                     folderAction.ValidateFolderPath(value);
                     m_PackageFilePath = value;
@@ -276,6 +277,19 @@ public string BomFilePath
             }
         }
 
+        public string SBomTemplatePath
+        {
+            get
+            {
+                return m_CycloneDxSBomTemplatePath;
+            }
+            set
+            {
+                m_CycloneDxSBomTemplatePath = value;
+                _fileOperations.ValidateFilePath(m_CycloneDxSBomTemplatePath);
+            }
+        }
+
         public string ArtifactoryUploadUser
         {
             get

diff --git a/src/LCT.Common/Constants/Dataconstant.cs b/src/LCT.Common/Constants/Dataconstant.cs
@@ -4,6 +4,7 @@
 //  SPDX-License-Identifier: MIT
 // -------------------------------------------------------------------------------------------------------------------- 
 
+using System.Collections.Generic;
 using System.Diagnostics.CodeAnalysis;
 
 namespace LCT.Common.Constants
@@ -14,6 +15,15 @@ namespace LCT.Common.Constants
     [ExcludeFromCodeCoverage]
     public static class Dataconstant
     {
+        private static Dictionary<string, string> purlids = new Dictionary<string, string>
+         {
+        {"NPM", "pkg:npm"},
+        {"NUGET", "pkg:nuget"},
+        {"DEBIAN", "pkg:deb/debian"},
+        {"MAVEN", "pkg:maven"},
+        {"PYTHON", "pkg:pypi"},
+         };
+
         public const string Created = "Created";
         public const string NewlyCreated = "Newly Created";
         public const string Uploaded = "Uploaded";
@@ -31,10 +41,6 @@ public static class Dataconstant
         public const string ReleaseAttachmentComment = "Attached by CA Tool";
         public const char ForwardSlash = '/';
         public const string SourceURLSuffix = "/srcfiles?fileinfo=1";
-        public const string DebianPackage = "pkg:deb/debian";
-        public const string NpmPackage = "pkg:npm";
-        public const string MavenPackage = "pkg:maven";
-        public const string PythonPackage = "pkg:pypi";
         public const string Cdx_ArtifactoryRepoUrl = "internal:siemens:clearing:repo-url";
         public const string Cdx_ProjectType = "internal:siemens:clearing:project-type";
         public const string Cdx_ClearingState = "internal:siemens:clearing:clearing-state";
@@ -44,5 +50,10 @@ public static class Dataconstant
         public const string Cdx_IsDevelopment = "internal:siemens:clearing:development";
         public const string Cdx_IdentifierType = "internal:siemens:clearing:identifier-type";
         public const string Cdx_IsDevelopmentDependency = "internal:siemens:clearing:development";
+
+        public static Dictionary<string, string> PurlCheck()
+        {
+            return purlids;
+        }
     }
 }
diff --git a/src/LCT.Common/Constants/FileConstant.cs b/src/LCT.Common/Constants/FileConstant.cs
@@ -44,7 +44,7 @@ public static class FileConstant
         public const string DebianCombinedPatchExtension = "-debian-combined.tar.bz2";
         public const string DSCFileExtension = ".dsc";
         public static readonly string ContainerDir = Path.Combine(@"/app/opt/PatchedFiles");
-        public const string DockerImage = "clearingautomationtool";
+        public const string DockerImage = "ghcr.io/siemens/continuous-clearing";
         public static readonly string DockerCMDTool = Path.Combine(@"/bin/bash");
         public const string appSettingFileName = "appSettings.json";
         public const string CycloneDXFileExtension = ".cdx.json";

diff --git a/src/LCT.Common/CycloneDXBomParser.cs b/src/LCT.Common/CycloneDXBomParser.cs
@@ -6,13 +6,15 @@
 
 using CycloneDX.Json;
 using CycloneDX.Models;
+using LCT.Common.Constants;
 using LCT.Common.Model;
 using log4net;
 using log4net.Core;
 using Newtonsoft.Json;
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Linq;
 using System.Reflection;
 
 namespace LCT.Common
@@ -49,5 +51,46 @@ public Bom ParseCycloneDXBom(string filePath)
             }
             return bom;
         }
+
+        public Bom ExtractSBOMDetailsFromTemplate(Bom template)
+        {
+            Bom bom = new Bom();
+            bom.Components = new List<Component>();
+            if (template.Components == null)
+            {
+                return bom;
+            }
+            foreach (var component in template.Components)
+            {
+                if (!string.IsNullOrEmpty(component.Name) && !string.IsNullOrEmpty(component.Version)
+                    && !string.IsNullOrEmpty(component.Purl))
+                {
+                    //Taking SBOM Template Components
+
+                    bom.Components.Add(component);
+                }
+            }
+
+            //Taking SBOM Template Metadata
+            bom.Metadata = template.Metadata;
+            return bom;
+        }
+
+        public void CheckValidComponentsForProjectType(List<Component> bom, string projectType)
+        {
+            foreach (var component in bom.ToList())
+            {
+                if (!string.IsNullOrEmpty(component.Name) && !string.IsNullOrEmpty(component.Version)
+                    && !string.IsNullOrEmpty(component.Purl) && component.Purl.Contains(Dataconstant.PurlCheck()[projectType.ToUpper()]))
+                {
+                    //Taking Valid Components for perticular projects
+                }
+                else
+                {
+                    bom.Remove(component);
+                    Logger.Debug("CheckValidComponenstForProjectType(): Not valid Component / Purl ID " + component.Purl + " for Project Type :" + projectType);
+                }
+            }
+        }
     }
 }