From f2596d531320c4c3333e01f62bf3446e5ffdb12e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maximilian=20Comb=C3=BCchen?= Date: Tue, 20 Jun 2023 19:58:49 +0200 Subject: [PATCH] refactor: use abstract SBOM in lib/snyk --- internal/commands/snyk/enrich.go | 18 ++++++++---------- lib/scorecard/enrich_test.go | 3 ++- lib/snyk/enrich.go | 9 ++++++--- 3 files changed, 16 insertions(+), 14 deletions(-) diff --git a/internal/commands/snyk/enrich.go b/internal/commands/snyk/enrich.go index cc077cc..5330ca8 100644 --- a/internal/commands/snyk/enrich.go +++ b/internal/commands/snyk/enrich.go @@ -1,14 +1,13 @@ package snyk import ( - "bytes" "os" - cdx "github.com/CycloneDX/cyclonedx-go" "github.com/rs/zerolog" "github.com/spf13/cobra" "github.com/snyk/parlay/internal/utils" + "github.com/snyk/parlay/lib/sbom" "github.com/snyk/parlay/lib/snyk" ) @@ -23,16 +22,15 @@ func NewEnrichCommand(logger zerolog.Logger) *cobra.Command { logger.Fatal().Err(err).Msg("Problem reading input") } - bom := new(cdx.BOM) - decoder := cdx.NewBOMDecoder(bytes.NewReader(b), cdx.BOMFileFormatJSON) - if err = decoder.Decode(bom); err != nil { - logger.Fatal().Err(err).Msg("Problem decoding SBOM") + doc, err := sbom.DecodeSBOMDocument(b) + if err != nil { + logger.Fatal().Err(err).Msg("Failed to read SBOM input") } - bom = snyk.EnrichSBOM(bom) - err = cdx.NewBOMEncoder(os.Stdout, cdx.BOMFileFormatJSON).Encode(bom) - if err != nil { - logger.Fatal().Err(err).Msg("Problem encoding SBOM") + snyk.EnrichSBOM(doc) + + if err := doc.Encode(os.Stdout); err != nil { + logger.Fatal().Err(err).Msg("Failed to encode new SBOM") } }, } diff --git a/lib/scorecard/enrich_test.go b/lib/scorecard/enrich_test.go index 96f29b1..35fa643 100644 --- a/lib/scorecard/enrich_test.go +++ b/lib/scorecard/enrich_test.go @@ -7,8 +7,9 @@ import ( cdx "github.com/CycloneDX/cyclonedx-go" "github.com/jarcoal/httpmock" - "github.com/snyk/parlay/lib/sbom" "github.com/stretchr/testify/assert" + + "github.com/snyk/parlay/lib/sbom" ) func TestEnrichSBOM(t *testing.T) { diff --git a/lib/snyk/enrich.go b/lib/snyk/enrich.go index d16ddd3..66291ab 100644 --- a/lib/snyk/enrich.go +++ b/lib/snyk/enrich.go @@ -26,12 +26,15 @@ import ( "github.com/package-url/packageurl-go" "github.com/remeh/sizedwaitgroup" + "github.com/snyk/parlay/lib/sbom" "github.com/snyk/parlay/snyk/issues" ) -func EnrichSBOM(bom *cdx.BOM) *cdx.BOM { +func EnrichSBOM(doc *sbom.SBOMDocument) *sbom.SBOMDocument { + bom := doc.BOM + if bom.Components == nil { - return bom + return doc } wg := sizedwaitgroup.New(20) @@ -157,7 +160,7 @@ func EnrichSBOM(bom *cdx.BOM) *cdx.BOM { } } bom.Vulnerabilities = &vulns - return bom + return doc } func levelToCdxSeverity(level *string) (severity cdx.Severity) {