From 805bae613b0aa040b738cb886ecdc392ab30fb17 Mon Sep 17 00:00:00 2001 From: Alex Goodman Date: Wed, 16 Nov 2022 12:27:13 -0500 Subject: [PATCH 1/2] fix decoding package groups from cyclonedx sboms Signed-off-by: Alex Goodman --- syft/formats/common/cyclonedxhelpers/component.go | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/syft/formats/common/cyclonedxhelpers/component.go b/syft/formats/common/cyclonedxhelpers/component.go index 0f2c1fd89b3..b456003f1e9 100644 --- a/syft/formats/common/cyclonedxhelpers/component.go +++ b/syft/formats/common/cyclonedxhelpers/component.go @@ -70,7 +70,7 @@ func decodeComponent(c *cyclonedx.Component) *pkg.Package { } p := &pkg.Package{ - Name: c.Name, + Name: decodeName(c.Group, c.Name), Version: c.Version, Locations: decodeLocations(values), Licenses: decodeLicenses(c), @@ -95,6 +95,13 @@ func decodeComponent(c *cyclonedx.Component) *pkg.Package { return p } +func decodeName(group string, name string) string { + if group != "" { + return group + "/" + name + } + return name +} + func decodeLocations(vals map[string]string) source.LocationSet { v := common.Decode(reflect.TypeOf([]source.Location{}), vals, "syft:location", CycloneDXFields) out, ok := v.([]source.Location) From f8d254019d14bce81310d489760f26b2502eaba1 Mon Sep 17 00:00:00 2001 From: Christopher Phillips Date: Tue, 24 Jan 2023 10:29:30 -0500 Subject: [PATCH 2/2] feat: add naive implementation for discussion Signed-off-by: Christopher Phillips --- .../common/cyclonedxhelpers/component.go | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/syft/formats/common/cyclonedxhelpers/component.go b/syft/formats/common/cyclonedxhelpers/component.go index b456003f1e9..307e07ef4f9 100644 --- a/syft/formats/common/cyclonedxhelpers/component.go +++ b/syft/formats/common/cyclonedxhelpers/component.go @@ -2,6 +2,7 @@ package cyclonedxhelpers import ( "reflect" + "strings" "github.com/CycloneDX/cyclonedx-go" @@ -27,10 +28,15 @@ func encodeComponent(p pkg.Package) cyclonedx.Component { properties = &props } + name, group := encodeName(p.Name) + if group == "" { + group = encodeGroup(p) + } + return cyclonedx.Component{ Type: cyclonedx.ComponentTypeLibrary, - Name: p.Name, - Group: encodeGroup(p), + Name: name, + Group: group, Version: p.Version, PackageURL: p.PURL, Licenses: encodeLicenses(p), @@ -44,6 +50,13 @@ func encodeComponent(p pkg.Package) cyclonedx.Component { } } +func encodeName(name string) (string, string) { + if strings.Contains(name, "/") { + parts := strings.Split(name, "/") + return parts[0], parts[1] + } +} + func deriveBomRef(p pkg.Package) string { // try and parse the PURL if possible and append syft id to it, to make // the purl unique in the BOM.