Merge pull request #7 from interlynk-io/fix/uniq-checks

Use ID for checking unique components. Name can be repetitive
interlynk-io · Feb 2, 2023 · 6c8c1e7 · 6c8c1e7
2 parents 1b06ef7 + a2dea0c
commit 6c8c1e7
Show file tree

Hide file tree

Showing 6 changed files with 54,941 additions and 8 deletions.
diff --git a/pkg/sbom/cdx.go b/pkg/sbom/cdx.go
@@ -189,6 +189,7 @@ func (c *cdxDoc) parseComps() {
 		nc.cpes = []string{sc.CPE}
 		nc.checksums = c.checksums(index)
 		nc.licenses = c.licenses(index)
+		nc.id = sc.BOMRef
 
 		c.comps = append(c.comps, nc)
 	}

diff --git a/pkg/sbom/component.go b/pkg/sbom/component.go
@@ -15,6 +15,7 @@
 package sbom
 
 type Component interface {
+	ID() string
 	SupplierName() string
 	Name() string
 	Version() string
@@ -42,6 +43,7 @@ type component struct {
 
 	purpose            string
 	isReqFieldsPresent bool
+	id                 string
 }
 
 func newComponent() *component {
@@ -75,3 +77,7 @@ func (c component) PrimaryPurpose() string {
 func (c component) RequiredFields() bool {
 	return c.isReqFieldsPresent
 }
+
+func (c component) ID() string {
+	return c.id
+}
diff --git a/pkg/sbom/spdx.go b/pkg/sbom/spdx.go
@@ -144,6 +144,7 @@ func (s *spdxDoc) parseComps() {
 		nc.cpes = s.cpes(index)
 		nc.checksums = s.checksums(index)
 		nc.licenses = s.licenses(index)
+		nc.id = string(sc.PackageSPDXIdentifier)
 
 		s.comps = append(s.comps, nc)
 	}

diff --git a/pkg/scorer/ntia.go b/pkg/scorer/ntia.go
@@ -73,15 +73,15 @@ func compWithUniqIDScore(d sbom.Document) score {
 
 	withCpe := lo.FilterMap(d.Components(), func(c sbom.Component, _ int) (string, bool) {
 		if len(c.Cpes()) > 0 {
-			return c.Name(), true
+			return c.ID(), true
 		}
-		return c.Name(), false
+		return c.ID(), false
 	})
 	withPurl := lo.FilterMap(d.Components(), func(c sbom.Component, _ int) (string, bool) {
 		if len(c.Purls()) > 0 {
-			return c.Name(), true
+			return c.ID(), true
 		}
-		return c.Name(), false
+		return c.ID(), false
 	})
 
 	compWithIDs := append(withCpe, withPurl...)

diff --git a/pkg/scorer/quality.go b/pkg/scorer/quality.go
@@ -65,15 +65,15 @@ func compWithAllIdScore(d sbom.Document) score {
 
 	withCpe := lo.FilterMap(d.Components(), func(c sbom.Component, _ int) (string, bool) {
 		if len(c.Cpes()) > 0 {
-			return c.Name(), true
+			return c.ID(), true
 		}
-		return c.Name(), false
+		return c.ID(), false
 	})
 	withPurl := lo.FilterMap(d.Components(), func(c sbom.Component, _ int) (string, bool) {
 		if len(c.Purls()) > 0 {
-			return c.Name(), true
+			return c.ID(), true
 		}
-		return c.Name(), false
+		return c.ID(), false
 	})
 
 	compsWithCPE := len(withCpe)