Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use filename as qualifier for SBOM file references #1546

Merged
merged 6 commits into from Feb 12, 2024
Merged

Use filename as qualifier for SBOM file references #1546

merged 6 commits into from Feb 12, 2024

Conversation

ridhoq
Copy link
Contributor

@ridhoq ridhoq commented Dec 1, 2023
edited

Description of the PR

As per #1545, there is a bug with how SPDX relative filenames are handled. Fix this by changing the SPDX/CycloneDX parser to use filename in qualifier instead of subpath.

PR Checklist

  • All commits have a Developer Certificate of Origin (DCO) -- they are generated using -s flag to git commit.
  • All new changes are covered by tests
  • If GraphQL schema is changed, make generate has been run
  • If collectsub protobuf has been changed, make proto has been run
  • All CI checks are passing (tests and formatting)
  • All dependent PRs have already been merged

@ridhoq ridhoq mentioned this pull request Dec 1, 2023
Closed
@stale Stale
Copy link

stale bot commented Jan 30, 2024

This pull request has been automatically marked as stale because it has not had recent activity (60 days of inactivity).
It will be closed in 30 days if no further activity occurs.
Thank you for your contribution!

@stale stale bot added the wontfix This will not be worked on label Jan 30, 2024
@pxp928
Copy link
Collaborator

pxp928 commented Jan 30, 2024

@ridhoq I think we should get a the work around for this staged in this PR

@stale stale bot removed the wontfix This will not be worked on label Jan 30, 2024
@ridhoq
failing test case
c32668d 
Signed-off-by: Ridwan Hoq <ridwanhoq@microsoft.com>
@ridhoq
update test to move filename to qualifier
f8b54a5 
Signed-off-by: Ridwan Hoq <ridwanhoq@microsoft.com>
@ridhoq
change SPDX parser to use filename in qualifier instead of subpath
6b4c6e9 
Signed-off-by: Ridwan Hoq <ridwanhoq@microsoft.com>
@pull-request-size pull-request-size bot added size/M and removed size/XS labels Feb 8, 2024
@ridhoq
fix TestGuacFilePurl
f2788e7 
Signed-off-by: Ridwan Hoq <ridwanhoq@microsoft.com>
@ridhoq
fix Test_ingestPredicatesParser
025d93f 
Signed-off-by: Ridwan Hoq <ridwanhoq@microsoft.com>
@ridhoq
fix Test_cyclonedxParser_addRootPackage
ab15cca 
Signed-off-by: Ridwan Hoq <ridwanhoq@microsoft.com>
@ridhoq ridhoq marked this pull request as ready for review February 8, 2024 23:54
@ridhoq ridhoq changed the title Fix issue with SPDX files with relative paths Use filename as qualifier for SBOM file references Feb 8, 2024
@kodiakhq kodiakhq bot merged commit f6e9f46 into guacsec:main Feb 12, 2024
8 checks passed
ridhoq added a commit to ridhoq/guac that referenced this pull request May 21, 2024
@ridhoq
Revert "Use filename as qualifier for SBOM file references (guacsec#1546
f04a698 
)"

This reverts commit f6e9f46.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mihaimaruseac mihaimaruseac mihaimaruseac approved these changes

@pxp928 pxp928 pxp928 approved these changes

Assignees
No one assigned
Labels
size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@ridhoq @pxp928 @mihaimaruseac