Fix CycloneDX report generation

Commit 0891287 introduced using the OCIImage class instead of DockerImage for container image analysis. There is a difference in the name and type of the variable that holds the repository tag ('repotags' list for DockerImage vs 'repotag' string for OCIImage) which is causing the CycloneDX format to break. This was not caught prior to the release because there are no tests for the CycloneDX format in the ci test file. This commit resolves the CycloneDX format bug by using the repository tag variable name depending on image type and also adds an appropriate test in the ci test file to try to avoid this issue in the future. Resolves tern-tools#1097 Signed-off-by: Rose Judge <rjudge@vmware.com>
rnjudge · Jan 20, 2022 · 8f62361 · 8f62361
1 parent 723f43d
commit 8f62361
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/ci/test_files_touched.py b/ci/test_files_touched.py
@@ -99,7 +99,8 @@
         'tern report -f spdxtagvalue -i photon:3.0',
         'tern report -f spdxjson -i photon:3.0',
         'tern report -d samples/alpine_python/Dockerfile',
-        'tern report -f html -i photon:3.0'],
+        'tern report -f html -i photon:3.0',
+        'tern report -f cyclonedxjson -i photon:3.0'],
     # tern/formats/spdx
     re.compile('tern/formats/spdx'): [
         'tern report -f spdxtagvalue -i photon:3.0 -o spdx.spdx && ' \

diff --git a/tern/formats/cyclonedx/cyclonedxjson/image_helpers.py b/tern/formats/cyclonedx/cyclonedxjson/image_helpers.py
@@ -10,6 +10,8 @@
 
 from tern.formats.cyclonedx import cyclonedx_common
 from packageurl import PackageURL
+from tern.classes.oci_image import OCIImage
+from tern.classes.docker_image import DockerImage
 
 
 def get_image_dict(image_obj):
@@ -28,9 +30,11 @@ def get_image_dict(image_obj):
     purl = PackageURL('docker', None, image_dict['name'], image_dict['version'])
     image_dict['purl'] = str(purl)
 
-    if image_obj.repotags:
+    if isinstance(image_obj, DockerImage):
         for repotag in image_obj.repotags:
             image_dict['properties'].append(cyclonedx_common.get_property('tern:repotag', repotag))
+    elif isinstance(image_obj, OCIImage):
+        image_dict['properties'].append(cyclonedx_common.get_property('tern:repotag', image_obj.repotag))
 
     os_guess = cyclonedx_common.get_os_guess(image_obj)
     if os_guess: