Merge pull request #101 from nzupan/fix/revert-logic-that-overrides-s…

…w360-urls fix: override logic of sw360 urls and rework prevention of .git upload
sw360 · Nov 26, 2024 · 0e19d78 · 0e19d78
2 parents f19ca91 + aa7b392
commit 0e19d78
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 6 deletions.
diff --git a/capycli/bom/create_components.py b/capycli/bom/create_components.py
@@ -299,8 +299,6 @@ def update_release(self, cx_comp: Component, release_data: Dict[str, Any]) -> No
                 print_yellow(
                     "    WARNING: SW360 source URL", release_data["sourceCodeDownloadurl"],
                     "differs from BOM URL", data["sourceCodeDownloadurl"])
-                if data["sourceCodeDownloadurl"].endswith(('zip', 'tgz', 'tar.gz', 'tar')):
-                    update_data["sourceCodeDownloadurl"] = data["sourceCodeDownloadurl"]
 
         if "binaryDownloadurl" in data and data["binaryDownloadurl"]:
             if not release_data.get("binaryDownloadurl", ""):
@@ -368,10 +366,6 @@ def upload_file(
             filename = str(CycloneDxSupport.get_ext_ref_binary_file(cx_comp))
             filehash = str(CycloneDxSupport.get_binary_file_hash(cx_comp))
 
-        if filename is not None and filename.endswith('.git'):
-            print_red("    WARNING: resetting filename to prevent uploading .git file")
-            filename = None
-
         # Note that we retrieve the SHA1 has from the CycloneDX data.
         # But there is no guarantee that this *IS* really a SHA1 hash!
 
@@ -380,6 +374,10 @@ def upload_file(
             if filename_parsed:
                 filename = os.path.basename(filename_parsed.path)
 
+        if filetype in ["SOURCE", "SOURCE_SELF"] and filename is not None and filename.endswith('.git'):
+            print_red("    WARNING: resetting filename to prevent uploading .git file")
+            filename = None
+
         if not filename:
             print_red("    Unable to identify filename from url!")
             return

diff --git a/tests/test_bom_create_releases.py b/tests/test_bom_create_releases.py
@@ -668,6 +668,61 @@ def test_upload_file_local(self) -> None:
         assert "Error" not in captured.out
         assert captured.err == ""
 
+    @responses.activate
+    def test_upload_file_prevent_git_source_upload(self) -> None:
+        """Prevent uploading SOURCE, SOURCE_SELF file with .git file type
+        """
+        responses.add(
+            responses.GET, 'https://github.com/babel/babel.git',
+            body="content")
+
+        self.app.download = True
+        item = Component(
+            name="activemodel",
+            version="5.2.1"
+        )
+        CycloneDxSupport.update_or_set_ext_ref(
+            item, ExternalReferenceType.DISTRIBUTION,
+            CaPyCliBom.SOURCE_URL_COMMENT, "https://github.com/babel/babel.git")
+        CycloneDxSupport.update_or_set_ext_ref(
+            item, ExternalReferenceType.DISTRIBUTION,
+            CaPyCliBom.SOURCE_FILE_COMMENT, "babel.git")
+
+        self.app.upload_file(item, {}, "06a6e7", "SOURCE", "")
+        captured = self.capsys.readouterr()  # type: ignore
+        assert len(responses.calls) == 0
+        assert "WARNING: resetting filename to prevent uploading .git file" in captured.out
+        assert captured.err == ""
+
+    @responses.activate
+    def test_upload_file_allow_git_binary_upload(self) -> None:
+        """Allow uploading BINARY file with .git file type
+        """
+        responses.add(
+            responses.GET, 'https://github.com/babel/babel.git',
+            body="content")
+        responses.add(
+            responses.POST, SW360_BASE_URL + 'releases/06a6e7/attachments',
+            match=[upload_matcher("babel.git")])
+
+        self.app.download = True
+        item = Component(
+            name="activemodel",
+            version="5.2.1"
+        )
+        CycloneDxSupport.update_or_set_ext_ref(
+            item, ExternalReferenceType.DISTRIBUTION,
+            CaPyCliBom.BINARY_URL_COMMENT, "https://github.com/babel/babel.git")
+        CycloneDxSupport.update_or_set_ext_ref(
+            item, ExternalReferenceType.DISTRIBUTION,
+            CaPyCliBom.BINARY_FILE_COMMENT, "babel.git")
+
+        self.app.upload_file(item, {}, "06a6e7", "BINARY", "")
+        captured = self.capsys.readouterr()  # type: ignore
+        assert len(responses.calls) == 2
+        assert "WARNING: resetting filename to prevent uploading .git file" not in captured.out
+        assert captured.err == ""
+
     @responses.activate
     def test_upload_binary_file_local(self) -> None:
         """Upload local file
@@ -783,6 +838,7 @@ def test_update_release_SourceUrl(self) -> None:
         self.app.update_release(item2, release_data)
         captured = self.capsys.readouterr()  # type: ignore
         assert "differs from BOM URL" in captured.out
+        assert len(responses.calls) == 0  # assure data in SW360 is not changed
 
         # no existing URL, set new URL
         responses.add(