From 6b464d5c25a58a6c728b20cfb62fe8ea93ab2d04 Mon Sep 17 00:00:00 2001 From: Rex P Date: Mon, 3 Feb 2025 15:47:26 +1100 Subject: [PATCH] Fix filerequired for sbom extractors --- extractor/filesystem/sbom/cdx/cdx.go | 16 ++++++++++++++-- extractor/filesystem/sbom/cdx/cdx_test.go | 12 +++++++++++- extractor/filesystem/sbom/spdx/spdx.go | 9 +++++---- extractor/filesystem/sbom/spdx/spdx_test.go | 5 +++++ 4 files changed, 35 insertions(+), 7 deletions(-) diff --git a/extractor/filesystem/sbom/cdx/cdx.go b/extractor/filesystem/sbom/cdx/cdx.go index b6663c67..16233dae 100644 --- a/extractor/filesystem/sbom/cdx/cdx.go +++ b/extractor/filesystem/sbom/cdx/cdx.go @@ -47,9 +47,12 @@ type extractFunc = func(io.Reader) (cyclonedx.BOM, error) // https://cyclonedx.org/specification/overview/#recognized-file-patterns var cdxExtensions = map[string]cyclonedx.BOMFileFormat{ ".cdx.json": cyclonedx.BOMFileFormatJSON, - ".bom.json": cyclonedx.BOMFileFormatJSON, ".cdx.xml": cyclonedx.BOMFileFormatXML, - ".bom.xml": cyclonedx.BOMFileFormatXML, +} + +var cdxNames = map[string]cyclonedx.BOMFileFormat{ + "bom.json": cyclonedx.BOMFileFormatJSON, + "bom.xml": cyclonedx.BOMFileFormatXML, } // FileRequired returns true if the specified file is a supported cdx file. @@ -86,6 +89,15 @@ func findExtractor(path string) extractFunc { } } + for name, format := range cdxNames { + if strings.ToLower(filepath.Base(path)) == name { + return func(rdr io.Reader) (cyclonedx.BOM, error) { + var cdxBOM cyclonedx.BOM + return cdxBOM, cyclonedx.NewBOMDecoder(rdr, format).Decode(&cdxBOM) + } + } + } + return nil } diff --git a/extractor/filesystem/sbom/cdx/cdx_test.go b/extractor/filesystem/sbom/cdx/cdx_test.go index 3a7add44..6550218a 100644 --- a/extractor/filesystem/sbom/cdx/cdx_test.go +++ b/extractor/filesystem/sbom/cdx/cdx_test.go @@ -55,11 +55,21 @@ func TestFileRequired(t *testing.T) { { name: "sbom.bom.json", path: "testdata/sbom.bom.json", - wantIsRequired: true, + wantIsRequired: false, }, { name: "sbom.bom.xml", path: "testdata/sbom.bom.xml", + wantIsRequired: false, + }, + { + name: "bom.json", + path: "testdata/bom.json", + wantIsRequired: true, + }, + { + name: "bom.xml", + path: "testdata/bom.xml", wantIsRequired: true, }, { diff --git a/extractor/filesystem/sbom/spdx/spdx.go b/extractor/filesystem/sbom/spdx/spdx.go index 4e6c803c..48f0a502 100644 --- a/extractor/filesystem/sbom/spdx/spdx.go +++ b/extractor/filesystem/sbom/spdx/spdx.go @@ -50,10 +50,11 @@ type extractFunc = func(io.Reader) (*spdx.Document, error) // Format support based on https://spdx.dev/resources/use/#documents var extensionHandlers = map[string]extractFunc{ - ".spdx.json": json.Read, - ".spdx": tagvalue.Read, - ".spdx.yml": yaml.Read, - ".spdx.rdf": rdf.Read, + ".spdx.json": json.Read, + ".spdx": tagvalue.Read, + ".spdx.yml": yaml.Read, + ".spdx.rdf": rdf.Read, + ".spdx.rdf.xml": rdf.Read, // No support for .xsl files because those are too ambiguous and could be many other things. } diff --git a/extractor/filesystem/sbom/spdx/spdx_test.go b/extractor/filesystem/sbom/spdx/spdx_test.go index 60ea3aea..77512b20 100644 --- a/extractor/filesystem/sbom/spdx/spdx_test.go +++ b/extractor/filesystem/sbom/spdx/spdx_test.go @@ -67,6 +67,11 @@ func TestFileRequired(t *testing.T) { path: "testdata/sbom.spdx.rdf", wantIsRequired: true, }, + { + name: "sbom.spdx.rdf.xml", + path: "testdata/sbom.spdx.rdf.xml", + wantIsRequired: true, + }, { name: "random_file.ext", path: "testdata/random_file.ext",