Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not add external reference if URL is explicitly empty #388

Closed
mtgag opened this issue Aug 16, 2023 · 2 comments
Closed

Do not add external reference if URL is explicitly empty #388

mtgag opened this issue Aug 16, 2023 · 2 comments
Labels
enhancement

Comments

@mtgag
Copy link
Contributor

mtgag commented Aug 16, 2023

Projects that inherit properties like scm or url from parent pom files always include the website or vcs external references like that

  "externalReferences" : [
    {
      "type" : "website",
      "url" : "URL value"
    },
    {
      "type" : "vcs",
      "url" : "URL value"
    }
  ],

One option is to provide empty values in child pom.xml like that:

<scm>
    <url></url>
</scm>
<url></url>

which leads to this bom file:

  "externalReferences" : [
    {
      "type" : "website",
      "url" : ""
    },
    {
      "type" : "vcs",
      "url" : ""
    }
  ],

and another option is to place correct URLs, which in some scenarios may not be desired.

Therefore the bom file may appear like that:

  1. The external parameters are present and have the parent values, or
  2. The external parameters are present and have empty values, or
  3. The external parameters are present and have correct (or placeholder) values

Do other options exist?

Would it be meaningful to change this code:

cyclonedx-maven-plugin/src/main/java/org/cyclonedx/maven/DefaultModelConverter.java

Line 272 in 47742b1

if (url == null || doesComponentHaveExternalReference(component, referenceType)) {

to:

    if (url == null || url.isEmpty() || url.trim().length() == 0 || doesComponentHaveExternalReference(component, referenceType)) {
        return;
    }

to allow not to add an externalReference for a certain type if the URL provided for this type is explicitly empty?
@hboutemy
Copy link
Contributor

you're right that the intent of url == null is more isEmpty(url)
can you provide a PR, please?

mtgag added a commit to MTG-AG/cyclonedx-maven-plugin that referenced this issue Sep 12, 2023
@mtgag
addressing issue CycloneDX#388. Checking if URL is null, empty, or bl…
72ff141 
…ank (using Java 1.8 compatibility)
@mtgag mtgag mentioned this issue Sep 12, 2023
Merged
mtgag added a commit to MTG-AG/cyclonedx-maven-plugin that referenced this issue Sep 14, 2023
@mtgag
addressing issue CycloneDX#388. Checking if URL is null, empty, or bl…
c38c2e4 
…ank (using Java 1.8 compatibility)

Signed-off-by: mtgag <githreg@mtg.de>
hboutemy pushed a commit that referenced this issue Sep 14, 2023
@mtgag @hboutemy
addressing issue #388. Checking if URL is null, empty, or blank (usin…
c08b9c7 
…g Java 1.8 compatibility)

Signed-off-by: mtgag <githreg@mtg.de>
@hboutemy
Copy link
Contributor

fixed by #396

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hboutemy @mtgag