Bom: initialize its own metadata #256
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
… SerialNumber, Version, Metadata/Tools[] for current library and its consumer script) Signed-off-by: Jim Klimov <jimklimov@gmail.com>
…kit() to pre-init HierarchicalMerge() and FlatMerge() output object Signed-off-by: Jim Klimov <jimklimov@gmail.com>
…library 6.0.0 with its intermediate ToolChoices type (for CDX spec 1.5) Signed-off-by: Jim Klimov <jimklimov@gmail.com>
…is concerns Signed-off-by: Jim Klimov <jimklimov@gmail.com>
Signed-off-by: Jim Klimov <jimklimov@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR is yet another part of my larger proposal of Merge ability changes stacked in the PR queue.
It adds some utility methods to
Bomclass, so it can be in charge of initializing a (usuallynew) Bom object into a usefully populated one, e.g. the mergeresultto pile other Bom's into, while being the authoritative location to know and care about the class and data structure involved - well in OOP style.These methods allow the
Bomobject to initialize:Metadata/Tools(now updated to match recent changes in upstream code of the library with aToolChoiceslayer) pre-populated with the current version of thecyclonedx-dotnet-libraryand if possible to discover - its consumer like thecyclonedx-clitool;Version=1if this is a new document (or if explicitly requested by method argument), or increment theVersionfield if it is a re-iteration of an existing document.Library consumers which modify these fields directly (e.g.
MergeCommand.csincyclonedx-cli) would benefit from being updated accordingly; a PR to this effect will be posted shortly.Calls to these methods were added to
HierarchicalMerge()andFlatMerge(Boms, ...)methods, to pre-populate theresultobject into which merged information would land, since after any processing we conceptually yield a new document.Note that it would be pedantically prudent to also do this in
FlatMerge(Bom, Bom)method which does most of the actual merging work - however, it does so in a loop (called fromFlatMerge(Boms, ...)) and in currentMerge.cscodebase would just waste CPU time on detection or generation of needed information just to forget it with the next cycle. Still, it would be "correct" to populate this information for the benefit of (theoretically possible, not seen yet) "other consumers" who would only call this method directly, and not know/care about populating those fields on their own, whether "manually" or by using theBommethods introduced here on the object that pops out from theFlatMerge()call. I did not pursue this corner case here, because it is addressed differently (with an API change to pass toggles whether to do or skip such pre-init) in the larger solution for merge ability improvements.As it happens, this PR also fixes an issue reported earlier:
Closes: #183