set CPE of master OS component

djcrabhat · djcrabhat · commit 12be30a0b75e · 2022-09-04T14:10:20.000-07:00
Signed-off-by: djcrabhat &lt;djcrabhat@sosimplerecords.com&gt;
diff --git a/src/main/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/generator/SBomGenerator.java b/src/main/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/generator/SBomGenerator.java
@@ -296,6 +296,7 @@ private static Component createMasterComponent(CommandLine cli) throws SBomExcep
 		String name = cli.getOptionValue("name");
 		String group = cli.getOptionValue("group");
 		String version = cli.getOptionValue("version");
+		String cpe = cli.getOptionValue("cpe");
 
 		if ((!StringUtils.isValid(name)) || (!StringUtils.isValid(version)))
 		{
@@ -305,6 +306,8 @@ private static Component createMasterComponent(CommandLine cli) throws SBomExcep
 				name = osUtils.getOsVendor();
 			if (!StringUtils.isValid(version))
 				version = osUtils.getOsVersion();
+			if (!StringUtils.isValid(cpe))
+				cpe = osUtils.getOsCpe();
 		}
 
 		master = createMasterComponent(imageUrl, name, group, version);
diff --git a/src/main/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/utils/OperatingSystemUtils.java b/src/main/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/utils/OperatingSystemUtils.java
@@ -30,9 +30,9 @@
 public class OperatingSystemUtils
 {
 	private static final Logger logger = Logger.getLogger(OperatingSystemUtils.class.getName());
-	
+
 	private static final String OS_RELEASE_FILE = "/etc/os-release";
-	
+
 	private Map<String, String> osMap = null;
 
 	/**
@@ -113,6 +113,25 @@ public String getOsVersion()
 		return version;
 	}
 
+	/**
+	 * (U) This method is used to get the operating system's CPE, if it has one defined.
+	 *
+	 * @return String the operating system CPE.
+	 */
+	public String getOsCpe()
+	{
+		String cpe = null;
+
+		if (osMap.containsKey("CPE_NAME"))
+			cpe = osMap.get("CPE_NAME");
+		if (StringUtils.isValid(cpe))
+			cpe = CharMatcher.is('\"').trimFrom(cpe);
+
+		return cpe;
+	}
+
+
+
 	/**
 	 * (U) This method is used to get the operating system. From the /etc/os-release
 	 * file.
@@ -133,12 +152,14 @@ public Map<String, String> getOs()
 		catch (IOException ioe)
 		{
 			String error = "Unable to read file(" + OS_RELEASE_FILE + ") to get the " +
-					"operating sytem!";
+					"operating system!";
 			logger.error(error, ioe);
 			throw new SBomException(error, ioe);
 		}
 		return detailMap;
 	}
+
+
 	
 	/**
 	 * (U) This method is used to read the contents of the OS file.
diff --git a/src/test/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/utils/OperatingSystemUtilsTest.java b/src/test/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/utils/OperatingSystemUtilsTest.java
@@ -570,6 +570,49 @@ void testOsVersion(String file, String expectedOsVersion)
 		}
 	}
 
+	/**
+	 * (U) Convenience method used to test the reading of the CPE from the
+	 * "/etc/os-release" file.
+	 *
+	 * @param file              String value of the contents of the
+	 *                          "/etc/os-release" file.
+	 * @param expectedCpe	 	String value of the expected CPE.
+	 */
+	void testCpe(String file, String expectedCpe)
+	{
+		try (InputStream inputStream = OperatingSystemUtilsTest.class.getResourceAsStream(file))
+		{
+			String osReleaseFileContents = IOUtils.toString(inputStream);
+
+			OperatingSystemUtils osUtils = new OperatingSystemUtils(osReleaseFileContents);
+
+			String actualCpe = osUtils.getOsCpe();
+
+			if (expectedCpe.equalsIgnoreCase(actualCpe))
+				watcher.getLogger().debug("Got expected CPE (" +
+						expectedCpe + ").");
+			else
+				watcher.getLogger().debug("Did NOT get expected CPE!\n" +
+						"	Expected: " + expectedCpe + "\n" +
+						"	Acutal: " + actualCpe);
+
+			Assert.assertEquals(expectedCpe, actualCpe);
+		}
+		catch (IOException ioe)
+		{
+			String error = "Our test case failed to read the operating system " +
+					"etc/os-release file(" + file + ").";
+			watcher.getLogger().error(error, ioe);
+			Assert.fail("Unable to read /etc/os-release File (" + file + "). ");
+		}
+		catch (Exception e)
+		{
+			String error = "Our test case failed unexpectedly.";
+			watcher.getLogger().error(error, e);
+			Assert.fail(error);
+		}
+	}
+
 	/**
 	 * (U) This method is used to test the parsing of the Ubuntu Os File.
 	 */
@@ -625,6 +668,33 @@ void testReadOsUbuntu()
 		}
 	}
 
+	/**
+	 * (U) This method is used to test the getting of the OS name from the
+	 * os-release file. For Redhat.
+	 */
+	@Test
+	void getOsCpeRedhat()
+	{
+		// @formatter:off
+		String methodName = new Object(){}.getClass().getEnclosingMethod().getName();
+		// @formatter:on
+
+		Date startDate = DateUtils.rightNowDate();
+
+		TestUtils.logTestStart(methodName, watcher.getLogger());
+
+		String file = "/osReleaseFiles/redhat-os-release.txt";
+		String expectedCpe = "cpe:/o:redhat:enterprise_linux:8.1:GA";
+		try
+		{
+			testCpe(file, expectedCpe);
+		}
+		finally
+		{
+			TestUtils.logTestFinish(methodName, startDate, watcher.getLogger());
+		}
+	}
+
 	private Map<String, String> readOs(String content)
 	{
 		Map<String, String> detailMap = new HashMap<>();

Original file line number	Diff line number	Diff line change
`@@ -296,6 +296,7 @@ private static Component createMasterComponent(CommandLine cli) throws SBomExcep`
`296`	`296`	`String name = cli.getOptionValue("name");`
`297`	`297`	`String group = cli.getOptionValue("group");`
`298`	`298`	`String version = cli.getOptionValue("version");`
	`299`	`+ String cpe = cli.getOptionValue("cpe");`
`299`	`300`
`300`	`301`	`if ((!StringUtils.isValid(name)) \|\| (!StringUtils.isValid(version)))`
`301`	`302`	`{`
`@@ -305,6 +306,8 @@ private static Component createMasterComponent(CommandLine cli) throws SBomExcep`
`305`	`306`	`name = osUtils.getOsVendor();`
`306`	`307`	`if (!StringUtils.isValid(version))`
`307`	`308`	`version = osUtils.getOsVersion();`
	`309`	`+ if (!StringUtils.isValid(cpe))`
	`310`	`+ cpe = osUtils.getOsCpe();`
`308`	`311`	`}`
`309`	`312`
`310`	`313`	`master = createMasterComponent(imageUrl, name, group, version);`