Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: fix SBOM license parsing #82

Merged
merged 2 commits into from
Oct 16, 2024
Merged

fix: fix SBOM license parsing #82

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
98eaf60
fix: fix SBOM license parsing
t-graf Oct 16, 2024
93ff33c
tests: fox unit tests
t-graf Oct 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions ChangeLog.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
* fix: urls coming from granularity file are repository urls and not source code
download urls.
* fix wrong variable to correct `bom findsources`.
* fix loading of SBOMs that support different kinds of licenses.

## 2.5.0 (2024-07-19)

Expand Down
20 changes: 18 additions & 2 deletions capycli/common/capycli_bom_support.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# -------------------------------------------------------------------------------
# Copyright (c) 2023 Siemens
# Copyright (c) 2023-2024 Siemens
# All Rights Reserved.
# Author: thomas.graf@siemens.com
#
Expand Down Expand Up @@ -160,7 +160,23 @@ def read_license(self, param: Dict[str, Any]) -> Optional[License]:
return None

text = param.get("text", None)
license_text = AttachedText(content=text) if text else None
if text:
if isinstance(text, dict):
content_type = text.get("contentType", "text/plain")
encoding = text.get("encoding", "base64")
content = text.get("content", "")
license_text = AttachedText(content_type=content_type,
encoding=encoding,
content=content)
else:
# This is some text - not CycloneDX spec >= 1.2 compliant
license_text = AttachedText(content=text)
else:
license_text = None

# NOTE: CycloneDX spec 1.4:
# "If SPDX does not define the license used, this field may be used to provide the license name"
# The CycloneDX python lib just ignores the name if id (=SPDX) has been specified!
return License(
spdx_license_id=param.get("id", None),
license_name=param.get("name", None),
Expand Down
3 changes: 2 additions & 1 deletion tests/test_bom_filter.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,13 @@
import os
from typing import Any, Dict, List

from cyclonedx.model import XsUri

import capycli.bom.filter_bom
import capycli.common.json_support
import capycli.common.script_base
from capycli.common.capycli_bom_support import CaPyCliBom, CycloneDxSupport
from capycli.main.result_codes import ResultCode
from cyclonedx.model import XsUri
from tests.test_base import AppArguments, TestBase


Expand Down
Loading
Loading