Merge pull request #42 from RHEcosystemAppEng/hotfix/fix-wrong-purl

zvigrinberg · web-flow · commit 63552ff870b0 · 2023-08-31T02:11:55.000+03:00
fix: purl of components in sbom sometimes wrongly shows [Object Object]
diff --git a/src/cyclone_dx_sbom.js b/src/cyclone_dx_sbom.js
@@ -1,3 +1,5 @@
+import {PackageURL} from "packageurl-js";
+
 /**
  *
  * @param component {PackageURL}
@@ -7,25 +9,32 @@
  */
 function getComponent(component,type) {
 	let componentObject;
-	if(component.namespace) {
-		componentObject = {
-			"group": component.namespace,
-			"name": component.name,
-			"version": component.version,
-			"purl": component.toString(),
-			"type": type,
-			"bom-ref": component.toString()
+	if(component instanceof PackageURL)
+	{
+		if(component.namespace) {
+			componentObject = {
+				"group": component.namespace,
+				"name": component.name,
+				"version": component.version,
+				"purl": component.toString(),
+				"type": type,
+				"bom-ref": component.toString()
+			}
+		}
+		else
+		{
+			componentObject = {
+				"name": component.name,
+				"version": component.version,
+				"purl": component.toString(),
+				"type": type,
+				"bom-ref": component.toString()
+			}
 		}
 	}
 	else
 	{
-		componentObject = {
-			"name": component.name,
-			"version": component.version,
-			"purl": component.toString(),
-			"type": type,
-			"bom-ref": component.toString()
-		}
+		componentObject = component
 	}
 	return componentObject
 }
@@ -76,7 +85,7 @@ export default class CycloneDxSbom {
 	}
 
 	/**
-	 * @param {Component} sourceRef current target Component ( Starting from root component by clients)
+	 * @param {component} sourceRef current target Component ( Starting from root component by clients)
 	 * @param {PackageURL} targetRef current dependency to add to Dependencies list of component sourceRef
 	 * @return Sbom
 	 */
@@ -139,7 +148,7 @@ export default class CycloneDxSbom {
 
 	/**
 	 *
-	 * @param {Component} theComponent - Component Object with purl field.
+	 * @param {component} theComponent - Component Object with purl field.
 	 * @return {int} index of the found component entry, if not found returns -1.
 	 * @private
 	 */
diff --git a/test/providers/tst_manifests/golang/go_mod_with_ignore/expected_sbom_stack_analysis.json b/test/providers/tst_manifests/golang/go_mod_with_ignore/expected_sbom_stack_analysis.json
@@ -1191,25 +1191,28 @@
 			"bom-ref": "pkg:golang/golang.org/x/xerrors@v0.0.0-20191204190536-9bdfabe68543"
 		},
 		{
+			"group": "github.com/kr",
 			"name": "pretty",
 			"version": "v0.2.0",
-			"purl": "[object Object]",
+			"purl": "pkg:golang/github.com/kr/pretty@v0.2.0",
 			"type": "library",
-			"bom-ref": "[object Object]"
+			"bom-ref": "pkg:golang/github.com/kr/pretty@v0.2.0"
 		},
 		{
+			"group": "github.com/stoewer",
 			"name": "go-strcase",
 			"version": "v1.2.0",
-			"purl": "[object Object]",
+			"purl": "pkg:golang/github.com/stoewer/go-strcase@v1.2.0",
 			"type": "library",
-			"bom-ref": "[object Object]"
+			"bom-ref": "pkg:golang/github.com/stoewer/go-strcase@v1.2.0"
 		},
 		{
+			"group": "golang.org/x",
 			"name": "tools",
 			"version": "v0.0.0-20190524140312-2c0ae7006135",
-			"purl": "[object Object]",
+			"purl": "pkg:golang/golang.org/x/tools@v0.0.0-20190524140312-2c0ae7006135",
 			"type": "library",
-			"bom-ref": "[object Object]"
+			"bom-ref": "pkg:golang/golang.org/x/tools@v0.0.0-20190524140312-2c0ae7006135"
 		},
 		{
 			"group": "golang.org/x",
@@ -1219,13 +1222,6 @@
 			"type": "library",
 			"bom-ref": "pkg:golang/golang.org/x/net@v0.0.0-20190311183353-d8887717615a"
 		},
-		{
-			"name": "tools",
-			"version": "v0.0.0-20190524140312-2c0ae7006135",
-			"purl": "[object Object]",
-			"type": "library",
-			"bom-ref": "[object Object]"
-		},
 		{
 			"group": "golang.org/x",
 			"name": "sync",
@@ -1235,11 +1231,12 @@
 			"bom-ref": "pkg:golang/golang.org/x/sync@v0.0.0-20190423024810-112230192c58"
 		},
 		{
+			"group": "google.golang.org",
 			"name": "genproto",
 			"version": "v0.0.0-20201019141844-1ed22bb0c154",
-			"purl": "[object Object]",
+			"purl": "pkg:golang/google.golang.org/genproto@v0.0.0-20201019141844-1ed22bb0c154",
 			"type": "library",
-			"bom-ref": "[object Object]"
+			"bom-ref": "pkg:golang/google.golang.org/genproto@v0.0.0-20201019141844-1ed22bb0c154"
 		},
 		{
 			"group": "github.com/golang",
@@ -1249,13 +1246,6 @@
 			"type": "library",
 			"bom-ref": "pkg:golang/github.com/golang/protobuf@v1.4.1"
 		},
-		{
-			"name": "genproto",
-			"version": "v0.0.0-20201019141844-1ed22bb0c154",
-			"purl": "[object Object]",
-			"type": "library",
-			"bom-ref": "[object Object]"
-		},
 		{
 			"group": "golang.org/x",
 			"name": "lint",
@@ -1264,28 +1254,6 @@
 			"type": "library",
 			"bom-ref": "pkg:golang/golang.org/x/lint@v0.0.0-20190313153728-d0100b6bd8b3"
 		},
-		{
-			"name": "genproto",
-			"version": "v0.0.0-20201019141844-1ed22bb0c154",
-			"purl": "[object Object]",
-			"type": "library",
-			"bom-ref": "[object Object]"
-		},
-		{
-			"group": "golang.org/x",
-			"name": "tools",
-			"version": "v0.0.0-20190524140312-2c0ae7006135",
-			"purl": "pkg:golang/golang.org/x/tools@v0.0.0-20190524140312-2c0ae7006135",
-			"type": "library",
-			"bom-ref": "pkg:golang/golang.org/x/tools@v0.0.0-20190524140312-2c0ae7006135"
-		},
-		{
-			"name": "genproto",
-			"version": "v0.0.0-20201019141844-1ed22bb0c154",
-			"purl": "[object Object]",
-			"type": "library",
-			"bom-ref": "[object Object]"
-		},
 		{
 			"group": "google.golang.org",
 			"name": "grpc",
@@ -1294,13 +1262,6 @@
 			"type": "library",
 			"bom-ref": "pkg:golang/google.golang.org/grpc@v1.27.0"
 		},
-		{
-			"name": "genproto",
-			"version": "v0.0.0-20201019141844-1ed22bb0c154",
-			"purl": "[object Object]",
-			"type": "library",
-			"bom-ref": "[object Object]"
-		},
 		{
 			"group": "google.golang.org",
 			"name": "protobuf",
