Check for invalid manifestInfo's/spdxVersion's during the redaction w…

…orkflow
microsoft · pragnya17 · Feb 28, 2025 · Feb 28, 2025 · Feb 28, 2025 · 11f3055be13d3742be96115b01adbc76e2773eac
commit 11f3055be13d3742be96115b01adbc76e2773eac
@@ -47,6 +47,11 @@ public static class Constants
         SPDX30ManifestInfo
     };
 
+    public static Collection<ManifestInfo> SupportedSpdxManifestsForRedaction = new()
+    {
+        SPDX22ManifestInfo
+    };
+
     public static List<Entities.ErrorType> SkipFailureReportingForErrors = new()
     {
         Entities.ErrorType.ManifestFolder,

@@ -4,13 +4,16 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Linq;
 using System.Text.Json;
 using System.Threading.Tasks;
 using Microsoft.Sbom.Api.FormatValidator;
 using Microsoft.Sbom.Api.Workflows.Helpers;
 using Microsoft.Sbom.Common;
 using Microsoft.Sbom.Common.Config;
+using Microsoft.Sbom.Extensions.Entities;
 using Serilog;
+using ApiConstants = Microsoft.Sbom.Api.Utils.Constants;
 
 namespace Microsoft.Sbom.Api.Workflows;
 
@@ -52,6 +55,8 @@ public virtual async Task<bool> RunAsync()
             IValidatedSBOM validatedSbom = null;
             try
             {
+                CheckIfSpdxVersionSupportsRedaction(configuration.ManifestInfo.Value);
+
                 log.Information($"Validating SBOM {sbomPath}");
                 validatedSbom = validatedSBOMFactory.CreateValidatedSBOM(sbomPath);
                 var validationDetails = await validatedSbom.GetValidationResults();
@@ -140,4 +145,17 @@ private string ValidateDirStrucutre()
 
         return outputDir;
     }
+
+    private void CheckIfSpdxVersionSupportsRedaction(IList<ManifestInfo> manifestInfos)
+    {
+        var unsupportedManifests = manifestInfos
+        .Where(manifest => !ApiConstants.SupportedSpdxManifestsForRedaction.Contains(manifest))
+        .ToList();
+
+        if (unsupportedManifests.Any())
+        {
+            throw new InvalidOperationException($"The following manifests are not supported for redaction: {string.Join(", ", unsupportedManifests)}. " +
+                $"Supported manifests include: {string.Join(", ", ApiConstants.SupportedSpdxManifestsForRedaction)}");
+        }
+    }
 }
@@ -4,6 +4,7 @@
 #pragma warning disable CS8618 // Non-nullable field must contain a non-null value when exiting constructor. Consider declaring as nullable.
 
 using System;
+using System.Collections.Generic;
 using System.IO;
 using System.Text;
 using System.Threading.Tasks;
@@ -12,6 +13,7 @@
 using Microsoft.Sbom.Api.Workflows.Helpers;
 using Microsoft.Sbom.Common;
 using Microsoft.Sbom.Common.Config;
+using Microsoft.Sbom.Extensions.Entities;
 using Microsoft.Sbom.Parsers.Spdx22SbomParser.Entities;
 using Microsoft.VisualStudio.TestTools.UnitTesting;
 using Moq;
@@ -139,6 +141,24 @@ public async Task SbomRedactionWorkflow_RunsRedactionOnValidSboms()
         Assert.IsTrue(redactedResult.Contains(@"""name"":""redacted"""));
     }
 
+    [DataRow("SPDX", "1.0")]
+    [DataRow("SPDX", "3.0")]
+    [DataRow("asdfi", "2.2")]
+    [TestMethod]
+    public async Task SbomRedactionWorkflow_FailsForInvalidManifestVersions(string name, string spdxVersion)
+    {
+        SetUpDirStructure();
+        fileSystemUtilsMock.Setup(m => m.GetFilesInDirectory(SbomDirStub, true)).Returns(new string[] { SbomPathStub }).Verifiable();
+        var invalidManifestInfo = new ConfigurationSetting<IList<ManifestInfo>>
+        {
+            Value = new List<ManifestInfo> { new ManifestInfo { Name = name, Version = spdxVersion } }
+        };
+
+        configurationMock.SetupGet(c => c.ManifestInfo).Returns(invalidManifestInfo);
+
+        await Assert.ThrowsExceptionAsync<InvalidOperationException>(testSubject.RunAsync);
+    }
+
     private void SetUpDirStructure()
     {
         configurationMock.SetupGet(c => c.SbomDir).Returns(new ConfigurationSetting<string> { Value = SbomDirStub });