feat: improve discoverComps readability and test coverage

lib/ecosystems/enrich_cyclonedx.go

@@ -191,25 +191,31 @@ func enrichCDXTopics(component cdx.Component, packageData packages.Package) cdx.
 	return component
 }
 
-func discoverComps(comps *[]*cdx.Component, childComps *[]cdx.Component) {
-	if childComps == nil {
+func discoverComps(comps *[]*cdx.Component, comp *cdx.Component) {
+	*comps = append(*comps, comp)
+	if comp.Components == nil {
 		return
 	}
-	for i := range *childComps {
-		*comps = append(*comps, &(*childComps)[i])
-		discoverComps(comps, (*childComps)[i].Components)
+	for i := range *comp.Components {
+		discoverComps(comps, &(*comp.Components)[i])
 	}
 }
 
 func enrichCDX(bom *cdx.BOM) {
-	if bom.Components == nil {
-		return
+	comps := make([]*cdx.Component, 0)
+
+	if bom.Metadata != nil && bom.Metadata.Component != nil {
+		discoverComps(&comps, bom.Metadata.Component)
+	}
+
+	if bom.Components != nil {
+		for i := range *bom.Components {
+			discoverComps(&comps, &(*bom.Components)[i])
+		}
 	}
 
 	wg := sizedwaitgroup.New(20)
-	deepComps := make([]*cdx.Component, 0)
-	discoverComps(&deepComps, bom.Components)
-	for i := range deepComps {
+	for i := range comps {
 		wg.Add()
 		go func(component *cdx.Component) {
 			defer wg.Done()
@@ -226,7 +232,7 @@ func enrichCDX(bom *cdx.BOM) {
 					}
 				}
 			}
-		}(deepComps[i])
+		}(comps[i])
 	}
 	wg.Wait()
 }

lib/ecosystems/enrich_cyclonedx_test.go

@@ -44,6 +44,15 @@ func TestEnrichSBOM_CycloneDX(t *testing.T) {
 		})
 
 	bom := &cdx.BOM{
+		Metadata: &cdx.Metadata{
+			Component: &cdx.Component{
+				BOMRef:     "pkg:golang/github.com/ACME/[email protected]",
+				Type:       cdx.ComponentTypeApplication,
+				Name:       "Project",
+				Version:    "v1.0.0",
+				PackageURL: "pkg:golang/github.com/ACME/[email protected]",
+			},
+		},
 		Components: &[]cdx.Component{
 			{
 				BOMRef:     "pkg:golang/github.com/CycloneDX/[email protected]",
@@ -69,7 +78,45 @@ func TestEnrichSBOM_CycloneDX(t *testing.T) {
 
 	httpmock.GetTotalCallCount()
 	calls := httpmock.GetCallCountInfo()
-	assert.Equal(t, len(components), calls[`GET =~^https://packages.ecosyste.ms/api/v1/registries`])
+	assert.Equal(t, 2, calls[`GET =~^https://packages.ecosyste.ms/api/v1/registries`])
+}
+
+func TestEnrichSBOM_CycloneDX_NestedComps(t *testing.T) {
+	httpmock.Activate()
+	defer httpmock.DeactivateAndReset()
+
+	httpmock.RegisterResponder("GET", `=~^https://packages.ecosyste.ms/api/v1/registries`,
+		func(req *http.Request) (*http.Response, error) {
+			return httpmock.NewJsonResponse(200, map[string]interface{}{})
+		})
+
+	bom := &cdx.BOM{
+		Components: &[]cdx.Component{
+			{
+				BOMRef:     "@emotion/[email protected]",
+				Type:       cdx.ComponentTypeLibrary,
+				Name:       "babel-plugin",
+				Version:    "v11.11.0",
+				PackageURL: "pkg:npm/%40emotion/[email protected]",
+				Components: &[]cdx.Component{
+					{
+						Type:       cdx.ComponentTypeLibrary,
+						Name:       "convert-source-map",
+						Version:    "v1.9.0",
+						BOMRef:     "@emotion/[email protected]|[email protected]",
+						PackageURL: "pkg:npm/[email protected]",
+					},
+				},
+			},
+		},
+	}
+	doc := &sbom.SBOMDocument{BOM: bom}
+
+	EnrichSBOM(doc)
+
+	httpmock.GetTotalCallCount()
+	calls := httpmock.GetCallCountInfo()
+	assert.Equal(t, 2, calls[`GET =~^https://packages.ecosyste.ms/api/v1/registries`])
 }
 
 func TestEnrichSBOMWithoutLicense(t *testing.T) {
@@ -280,3 +327,18 @@ func TestEnrichLocation(t *testing.T) {
 	result = enrichCDXLocation(component, packageData)
 	assert.Equal(expectedComponent, result)
 }
+
+func TestDiscoverComps(t *testing.T) {
+	assert := assert.New(t)
+
+	component := cdx.Component{
+		Name: "Parent",
+		Components: &[]cdx.Component{
+			{Name: "Child"},
+		},
+	}
+	result := make([]*cdx.Component, 0)
+	discoverComps(&result, &component)
+
+	assert.Equal(len(result), 2)
+}