Add more functional tests for the patch "remove" operation (#70)

* Add patch verification tests for remove and replace operations Signed-off-by: Matt Rutkowski <[email protected]> * Add in-line patch remove operation test Signed-off-by: Matt Rutkowski <[email protected]> * Update Go language version to go1.21 for GitHub workflows Signed-off-by: Matt Rutkowski <[email protected]> * Update Go GitHub Actions to v4 Signed-off-by: Matt Rutkowski <[email protected]> * Update Go GitHub Actions to v4 Signed-off-by: Matt Rutkowski <[email protected]> --------- Signed-off-by: Matt Rutkowski <[email protected]>
CycloneDX · Jan 29, 2024 · 5aad55c · 5aad55c
1 parent bbfe543
commit 5aad55c
Show file tree

Hide file tree

Showing 9 changed files with 326 additions and 307 deletions.
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -14,12 +14,12 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Set up Go
-      uses: actions/setup-go@v3
+      uses: actions/setup-go@v4
       with:
-        go-version: 1.18
+        go-version: '1.21'
 
     - name: Build
       run: go build -v ./...

diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
@@ -18,10 +18,11 @@ jobs:
     name: lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v3
-        with:
-          go-version: 1.18
       - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.21'
+          #cache: false
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:

diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -5,103 +5,22 @@
     "version": "0.2.0",
     "configurations": [
         {
-            "showGlobalVariables": true,
-            "name": "Query: SELECT * FROM metadata.component",
+            "name": "DebugServer",
             "type": "go",
             "request": "launch",
             "mode": "debug",
-            "program": "main.go", // "program": "${file}",
-            "args": ["query", "-i", "test/cyclonedx/cdx-1-4-mature-example-1.json", "--select", "*", "--from", "metadata.component"]
+            "program": "${workspaceFolder}",
+            "dlvFlags": ["--check-go-version=false"]
         },
         {
             "showGlobalVariables": true,
-            "name": "license: list: BAD license exp.",
-            "type": "go",
-            "request": "launch",
-            "mode": "debug",
-            "program": "main.go", // "program": "${file}",
-            "args": ["license", "list", "-i", "test/cyclonedx/cdx-1-2-invalid-license-name-has-expression.json", "--summary"]
-        },
-        {
-            "showGlobalVariables": true,
-            "name": "license policy",
-            "type": "go",
-            "request": "launch",
-            "mode": "debug",
-            "program": "main.go",
-            "args": ["license", "policy", "-t"]
-        },
-        {
-            "showGlobalVariables": true,
-            "name": "license policy --format csv",
-            "type": "go",
-            "request": "launch",
-            "mode": "debug",
-            "program": "main.go",
-            "args": ["license", "policy", "--format", "csv", "-t"]
-        },
-        {
-            "showGlobalVariables": true,
-            "name": "license: list: CDX: test/cyclonedx/cdx-1-3-license-list.json",
-            "type": "go",
-            "request": "launch",
-            "mode": "debug",
-            "program": "main.go", // "program": "${file}",
-            "args": ["license", "list", "-i", "test/cyclonedx/cdx-1-3-license-list.json"]
-        },
-        {
-            "showGlobalVariables": true,
-            "name": "validate: CDX: test/cyclonedx/cdx-1-3-license-list.json",
-            "type": "go",
-            "request": "launch",
-            "mode": "debug",
-            "program": "main.go", // "program": "${file}",
-            "args": ["validate", "-i", "test/cyclonedx/cdx-1-3-license-list.json", "-t"]
-        },
-        {
-            "showGlobalVariables": true,
-            "name": "validate: CDX: juice-shop/bom.json: indent",
-            "type": "go",
-            "request": "launch",
-            "mode": "debug",
-            "program": "main.go", // "program": "${file}",
-            "args": ["validate", "-i", "examples/cyclonedx/juice-shop/bom.json", "-t", "--indent"]
-        },
-        {
-            "showGlobalVariables": true,
-            "name": "validate: CDX: EXAMPLE: juice-shop/bom.json (infer 1.2)",
-            "type": "go",
-            "request": "launch",
-            "mode": "debug",
-            "program": "main.go", // "program": "${file}",
-            "args": ["validate", "-i", "examples/cyclonedx/juice-shop/bom.json", "-t"]
-        },
-        {
-            "showGlobalVariables": true,
-            "name": "validate: SPDX: spdx-min-required.json (infer 2.2)",
-            "type": "go",
-            "request": "launch",
-            "mode": "debug",
-            "program": "main.go", // "program": "${file}",
-            "args": ["validate", "-i", "test/spdx/spdx-min-required.json"]
-        },
-        {
-            "showGlobalVariables": true,
-            "name": "validate: SPDX: spdx-min-required-missing-creationinfo.json (infer)",
-            "type": "go",
-            "request": "launch",
-            "mode": "debug",
-            "program": "main.go", // "program": "${file}",
-            "args": ["validate", "-i", "test/spdx/spdx-min-required-missing-creationinfo.json"]
-        },
-        {
-            "showGlobalVariables": true,
-            "name": "validate: SPDX: EXAMPLE: examples/spdx/example1/example1.json (infer schema)",
+            "name": "Query: SELECT * FROM metadata.component",
             "type": "go",
             "request": "launch",
             "mode": "debug",
             "program": "main.go", // "program": "${file}",
-            "args": ["validate", "-i", "examples/spdx/example1/example1.json"]
+            "args": ["query", "-i", "test/cyclonedx/cdx-1-4-mature-example-1.json", "--select", "*", "--from", "metadata.component"],
+            "dlvFlags": ["--check-go-version=false"]
         },
     ]
 }
diff --git a/README.md b/README.md
@@ -2,17 +2,17 @@
 
 # sbom-utility
 
-This utility was designed to be an API platform used initially to validate **CycloneDX** or **SPDX-formatted Bills-of-Materials (BOMs)** against versioned JSON schemas as published by their respective standards communities as well as customized variants designed by companies or organizations that may have stricter BOM compliance requirements.
+This utility was designed to be an API platform to validate, analyze and edit **Bills-of-Materials (BOMs)**. Primarily, it was created to validate **CycloneDX** or **SPDX-formatted** BOMs against versioned JSON schemas as published by their respective standards communities. The validation support includes customized, BOM-schema variants designed by companies or organizations that may have stricter BOM compliance requirements.
 
-The utility has now grown to include a rich set of commands, listed below, such as **trim**, **patch** (IETF RFC 6902) and **diff** as well as commands used to create filtered reports using the utility's powerful, SQL-like **query** command capability.
+The utility has steadily grown to include a rich set of commands, listed below, such as **trim**, **patch** (IETF RFC 6902) and **diff** as well as commands used to create filtered reports using the utility's powerful, SQL-like **query** command capability.
 
-In addition, commands exist to easily extract **license**, **vulnerability**, **component**, **service** and other BOM information enabling verification for [BOM use cases](#cyclonedx-use-cases) or custom security and compliance requirements.
+Supported report commands can easily extract **license**, **license policy**, **vulnerability**, **component**, **service** and other BOM information enabling verification for most [BOM use cases](#cyclonedx-use-cases) as well as custom security and compliance requirements.
 
 *Please note that the utility supports all BOM variants such as **Software** (SBOM), **Hardware** (HBOM), **Manufacturing** (MBOM), **AI/ML** (MLBOM), etc. that adhere to their respective schemas.*
 
 ## Command Overview
 
-The utility supports the following BOM-related commands:
+The utility supports the following commands:
 
 - **[license](#license)**
   - **[list](#license-list-subcommand)** produce listings or summarized reports of license data contained in a BOM along with license "usage policy" determinations using the policies declared in the `license.json` file.

diff --git a/cmd/patch.go b/cmd/patch.go
@@ -112,16 +112,13 @@ func patchCmdImpl(cmd *cobra.Command, args []string) (err error) {
 	getLogger().Enter(args)
 	defer getLogger().Exit()
 
-	// // TODO: remove
-	// buffer, _ := utils.EncodeAnyToDefaultIndentedJSONStr(utils.GlobalFlags.PatchFlags)
-	// fmt.Printf("[B] utils.GlobalFlags.PatchFlags:\n%s", buffer.String())
-
 	// Create output writer
 	outputFilename := utils.GlobalFlags.PersistentFlags.OutputFile
 	outputFile, writer, err := createOutputFile(outputFilename)
 	getLogger().Tracef("outputFile: `%v`; writer: `%v`", outputFilename, writer)
 
 	// Overcome Cobra limitation in variable reuse between diff. commands
+	// That is, as soon as ANY command sets a default value, it cannot be changed
 	utils.GlobalFlags.PersistentFlags.OutputFormat = utils.GlobalFlags.PatchFlags.OutputFormat
 
 	// use function closure to assure consistent error output based upon error type
@@ -342,6 +339,21 @@ func parseArrayIndex(indexPath string) (arrayIndex int, err error) {
 	return
 }
 
+// func parseArrayIndexFromPath(path string) (arrayIndex int, err error) {
+// 	var keys []string
+// 	keys, err = parseMapKeysFromPath(path)
+// 	if err != nil {
+// 		return
+// 	}
+
+// 	lengthKeys := len(keys)
+// 	if lengthKeys <= 0 {
+// 		err = fmt.Errorf("invalid path. Path: %s", path)
+// 		return
+// 	}
+// 	return parseArrayIndex(keys[lengthKeys-1])
+// }
+
 // The "test" operation tests that a value at the target location is
 // equal to a specified value.
 //   - The operation object MUST contain a "value" member that conveys the
@@ -526,7 +538,7 @@ func removeValue(parentMap map[string]interface{}, keys []string, value interfac
 			return
 		}
 		var newSlice []interface{}
-		newSlice, err = removeValueFromSlice(typedNode, arrayIndex)
+		newSlice, err = removeValueFromSliceAtIndex(typedNode, arrayIndex)
 		parentMap[nextNodeKey] = newSlice
 	case float64:
 		// NOTE: It is a conscious decision of tbe encoding/json package to
@@ -635,7 +647,7 @@ func insertValueIntoSlice(slice []interface{}, index int, value interface{}) []i
 	return slice
 }
 
-func removeValueFromSlice(slice []interface{}, index int) (newSlice []interface{}, err error) {
+func removeValueFromSliceAtIndex(slice []interface{}, index int) (newSlice []interface{}, err error) {
 	if index < 0 || index >= len(slice) {
 		err = fmt.Errorf("remove array element failed. Index (%v) out of range for array (length: %v). ", index, len(slice))
 		return