Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: prevent errors on metadata handling for some specification versions #330

Merged
merged 1 commit into from
Jan 6, 2023
Merged

fix: prevent errors on metadata handling for some specification versions #330

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 32 additions & 33 deletions cyclonedx/output/json.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,44 +97,43 @@ def generate(self, force_regeneration: bool = False) -> None:
self.generated = True

def _specialise_output_for_schema_version(self, bom_json: Dict[Any, Any]) -> str:
if not self.bom_supports_metadata():
if 'metadata' in bom_json.keys():
if 'metadata' in bom_json.keys():
if not self.bom_supports_metadata():
del bom_json['metadata']
else:
if 'tools' in bom_json['metadata'].keys():
if not self.bom_metadata_supports_tools():
del bom_json['metadata']['tools']
else:
if not self.bom_metadata_supports_tools_external_references():
for _tool in bom_json['metadata']['tools']:
if 'externalReferences' in _tool.keys():
del _tool['externalReferences']
del _tool
if 'licenses' in bom_json['metadata'].keys() and not self.bom_metadata_supports_licenses():
del bom_json['metadata']['licenses']
if 'properties' in bom_json['metadata'].keys() and not self.bom_metadata_supports_properties():
del bom_json['metadata']['properties']

if self.get_bom().metadata.component:
bom_json['metadata'] = self._recurse_specialise_component(bom_json['metadata'], 'component')

bom_json = self._recurse_specialise_component(bom_json)

if not self.bom_metadata_supports_tools():
del bom_json['metadata']['tools']
Copy link
Member Author

@jkowalleck jkowalleck Jan 6, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this was a delete without checking if bom_json['metadata'] existed in the first place ...
especially when it was just deleted 3 lines before

elif not self.bom_metadata_supports_tools_external_references():
for i in range(len(bom_json['metadata']['tools'])):
if 'externalReferences' in bom_json['metadata']['tools'][i].keys():
del bom_json['metadata']['tools'][i]['externalReferences']

if not self.bom_metadata_supports_licenses() and 'licenses' in bom_json['metadata'].keys():
del bom_json['metadata']['licenses']

if not self.bom_metadata_supports_properties() and 'properties' in bom_json['metadata'].keys():
del bom_json['metadata']['properties']

# Iterate Components
if self.get_bom().metadata.component:
bom_json['metadata'] = self._recurse_specialise_component(bom_json=bom_json['metadata'],
base_key='component')
bom_json = self._recurse_specialise_component(bom_json=bom_json)

# Iterate Services
if 'services' in bom_json.keys():
for i in range(len(bom_json['services'])):
if not self.services_supports_properties() and 'properties' in bom_json['services'][i].keys():
del bom_json['services'][i]['properties']

if not self.services_supports_release_notes() and 'releaseNotes' in bom_json['services'][i].keys():
del bom_json['services'][i]['releaseNotes']
for _service in bom_json['services']:
if 'properties' in _service.keys() and not self.services_supports_properties():
del _service['properties']
if 'releaseNotes' in _service.keys() and not self.services_supports_release_notes():
del _service['releaseNotes']
del _service

# Iterate externalReferences
if 'externalReferences' in bom_json.keys():
for i in range(len(bom_json['externalReferences'])):
if not self.external_references_supports_hashes() \
and 'hashes' in bom_json['externalReferences'][i].keys():
del bom_json['externalReferences'][i]['hashes']
if not self.external_references_supports_hashes():
for _externalReference in bom_json['externalReferences']:
if 'hashes' in _externalReference.keys():
del _externalReference['hashes']
del _externalReference

return json.dumps(bom_json)

Expand Down
30 changes: 17 additions & 13 deletions tests/base.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,27 +87,31 @@ def assertEqualJsonBom(self, a: str, b: str) -> None:
"""
Remove UUID before comparison as this will be unique to each generation
"""
ab, bb = json.loads(a), json.loads(b)
ab = json.loads(a)
bb = json.loads(b)

# Null serialNumbers
ab['serialNumber'] = single_uuid
bb['serialNumber'] = single_uuid

# Unify timestamps to ensure they will compare
now = datetime.now(tz=timezone.utc)
ab['metadata']['timestamp'] = now.isoformat()
bb['metadata']['timestamp'] = now.isoformat()

# Align 'this' Tool Version
if 'tools' in ab['metadata'].keys():
for i, tool in enumerate(ab['metadata']['tools']):
if tool['name'] == cyclonedx_lib_name:
ab['metadata']['tools'][i]['version'] = cyclonedx_lib_version

if 'tools' in bb['metadata'].keys():
for i, tool in enumerate(bb['metadata']['tools']):
if tool['name'] == cyclonedx_lib_name:
bb['metadata']['tools'][i]['version'] = cyclonedx_lib_version
if 'metadata' in ab.keys():
ab['metadata']['timestamp'] = now.isoformat()
if 'tools' in ab['metadata'].keys():
for tool in ab['metadata']['tools']:
if tool['name'] == cyclonedx_lib_name:
tool['version'] = cyclonedx_lib_version
del tool

if 'metadata' in bb.keys():
bb['metadata']['timestamp'] = now.isoformat()
if 'tools' in bb['metadata'].keys():
for tool in bb['metadata']['tools']:
if tool['name'] == cyclonedx_lib_name:
tool['version'] = cyclonedx_lib_version
del tool

self.assertEqualJson(json.dumps(ab), json.dumps(bb))

Expand Down