carve out cpe

djcrabhat · djcrabhat · commit 614d9632d911 · 2022-09-04T14:10:20.000-07:00
Signed-off-by: djcrabhat &lt;djcrabhat@sosimplerecords.com&gt;
diff --git a/src/main/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/generator/AlpineSBomGenerator.java b/src/main/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/generator/AlpineSBomGenerator.java
@@ -66,7 +66,7 @@ public Bom generateSBom()
 			detailMap = produceDetailMap(software);
 			version = getVersion(software);
 			component = createComponents(software, detailMap, null, null,
-					version, null, null);
+					version, null, null, null);
 			bom.addComponent(addPackageManager(component, PACKAGE_MANAGER));
 		}
 		return bom;
diff --git a/src/main/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/generator/RedHatSBomGenerator.java b/src/main/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/generator/RedHatSBomGenerator.java
@@ -79,6 +79,7 @@ public Bom generateSBom() {
         LicenseChoice license = null;
         PackageURL purl = null;
         Component component = null;
+		String cpe = null;
         for (String software : softwareList) {
             if (logger.isDebugEnabled())
                 logger.debug("Generating Component (" + software + ")");
@@ -94,6 +95,7 @@ public Bom generateSBom() {
             } catch (MalformedPackageURLException e) {
                 logger.debug("Can't get purl", e);
             }
+			cpe = getCpe(software, version);
 
 			try {
 				String downloadUrl = getPackageDownloadUrl(software);
@@ -104,12 +106,17 @@ public Bom generateSBom() {
 				logger.debug("Error getting Download-Url", e);
 			}
             component = createComponents(software, detailMap, license, group,
-                    version, purl, detailMap.get("Priority"));
+                    version, purl, detailMap.get("Priority"), cpe);
             bom.addComponent(addPackageManager(component, PACKAGE_MANAGER));
         }
         return bom;
     }
 
+	private String getCpe(String software, String version) {
+		// TODO
+		return null;
+	}
+
 	/**
 	 * (U) This method is used to attempt to figure out which file is the license file. If any.
 	 *
diff --git a/src/main/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/generator/SBomGenerator.java b/src/main/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/generator/SBomGenerator.java
@@ -145,13 +145,13 @@ public static void createBomFile(Bom bom, SBomCommons.AVAILABLE_FORMATS format)
 	 *                       imageUrl provided.
 	 */
 	public static Component createMasterComponent(String imageUrl, String name,
-					String group, String version) throws SBomException
+					String group, String version, String cpe) throws SBomException
 	{
 		Component master = null;
 		if ((StringUtils.isValid(imageUrl)) || 
 						(StringUtils.isValid(name) && ((StringUtils.isValid(version)))))
 		{
-			master = createMasterComponent(imageUrl);
+			master = createMasterComponent(imageUrl,name,group,version, imageUrl ,cpe);
 			
 			if (StringUtils.isValid(imageUrl))
 			{
@@ -175,8 +175,9 @@ public static Component createMasterComponent(String imageUrl, String name,
 				}
 			}else{
 				master.setType(Component.Type.OPERATING_SYSTEM);
-				// TODO: should we set the CPE reported by hostnamectl here?
-				//master.setCpe();
+				if(StringUtils.isValid(cpe)){
+					master.setCpe(cpe);
+				}
 			}
 			if (StringUtils.isValid(name))
 				master.setName(name.toLowerCase());
@@ -310,7 +311,7 @@ private static Component createMasterComponent(CommandLine cli) throws SBomExcep
 				cpe = osUtils.getOsCpe();
 		}
 
-		master = createMasterComponent(imageUrl, name, group, version);
+		master = createMasterComponent(imageUrl, name, group, version, cpe);
 
 		return master;
 	}
@@ -319,12 +320,17 @@ private static Component createMasterComponent(CommandLine cli) throws SBomExcep
 	 * (U) This method is used to create the master component. It will then fill in
 	 * the image information (if provided).
 	 * 
+	 *
+	 * @param url
+	 * @param name
+	 * @param group
+	 * @param version
 	 * @param imageUrl String value of where to get the docker image from.
 	 * @return Component created, and filled in if the imageUrl is provided.
 	 * @throws SBomException in the event we are unable to pull the image via the
 	 *                       image URL provided.
 	 */
-	private static Component createMasterComponent(String imageUrl) throws SBomException
+	private static Component createMasterComponent(String url, String name, String group, String version, String imageUrl, String cpe) throws SBomException
 	{
 		Component master = new Component();
 		master.setType(org.cyclonedx.model.Component.Type.CONTAINER);
diff --git a/src/main/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/generator/UbuntuSBomGenerator.java b/src/main/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/generator/UbuntuSBomGenerator.java
@@ -71,7 +71,7 @@ public Bom generateSBom()
 			group = detailMap.get("Release");
 			license = processLicense(software);
 			component = createComponents(software, detailMap, license, group,
-					version, null, detailMap.get("Priority"));
+					version, null, detailMap.get("Priority"), null);
 			bom.addComponent(addPackageManager(component, PACKAGE_MANAGER));
 		}
 		
diff --git a/src/main/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/generator/UnixSBomGenerator.java b/src/main/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/generator/UnixSBomGenerator.java
@@ -129,10 +129,11 @@ else if (priority.equalsIgnoreCase("optional"))
 	 * @param version   String value to set the version to.
 	 * @param purl      String to set the URL used to pull the software from.
 	 * @param scope     String value to help us set the scope of the software.
+	 * @param cpe	    String value for cpe, if relevant
 	 * @return Component Sbom Component created from the supplied inputs.
 	 */
 	public Component createComponents(String software, Map<String, String> detailMap,
-									  LicenseChoice license, String group, String version, PackageURL purl, String scope)
+									  LicenseChoice license, String group, String version, PackageURL purl, String scope, String cpe)
 	{
 		Component component = new Component();
 		component.setType(Type.OPERATING_SYSTEM);
@@ -146,6 +147,9 @@ public Component createComponents(String software, Map<String, String> detailMap
 		if(purl!=null) {
 			component.setPurl(purl);
 		}
+		if(cpe!=null){
+			component.setCpe(cpe);
+		}
 		component.setScope(buildScope(scope));
 		component.setVersion(version);
 		
diff --git a/src/test/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/generator/UnixSBomGeneratorTest.java b/src/test/java/org/cyclonedx/contrib/com/lmco/efoss/unix/sbom/generator/UnixSBomGeneratorTest.java
@@ -137,7 +137,7 @@ void createComponentsTest()
 			String version = detailMap.get("Version");
 			String group = detailMap.get("Release");
 			Component component = generator.createComponents("zip",
-					detailMap, null, group, version, null, detailMap.get("Priority"));
+					detailMap, null, group, version, null, detailMap.get("Priority"), null);
 			
 			String actualComponentName = component.getName();
 			String actualComponentVerison = component.getVersion();

Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ public Bom generateSBom()`
`66`	`66`	`detailMap = produceDetailMap(software);`
`67`	`67`	`version = getVersion(software);`
`68`	`68`	`component = createComponents(software, detailMap, null, null,`
`69`		`- version, null, null);`
	`69`	`+ version, null, null, null);`
`70`	`70`	`bom.addComponent(addPackageManager(component, PACKAGE_MANAGER));`
`71`	`71`	`}`
`72`	`72`	`return bom;`
Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ public Bom generateSBom()`
`71`	`71`	`group = detailMap.get("Release");`
`72`	`72`	`license = processLicense(software);`
`73`	`73`	`component = createComponents(software, detailMap, license, group,`
`74`		`- version, null, detailMap.get("Priority"));`
	`74`	`+ version, null, detailMap.get("Priority"), null);`
`75`	`75`	`bom.addComponent(addPackageManager(component, PACKAGE_MANAGER));`
`76`	`76`	`}`
`77`	`77`