fix(cyclonedx): count validation failures in compImportErrorCount

Aman-Cool · GMishx · commit f712b5b602be · 2026-04-06T13:18:14.000+05:30
Packages/releases rejected by pre-creation validation (missing purl,
name, version) were added to invalidPackages/invalidReleases sets but
never incremented compImportErrorCount, so the counter always showed 0
despite visible failures in the UI. Add the missing increments at every
validation-rejection site in both import methods and the outer method.
diff --git a/backend/common/src/main/java/org/eclipse/sw360/cyclonedx/CycloneDxBOMImporter.java b/backend/common/src/main/java/org/eclipse/sw360/cyclonedx/CycloneDxBOMImporter.java
@@ -229,6 +229,8 @@ public RequestSummary importFromBOM(InputStream inputStream, AttachmentContent a
                         Integer relReuseCount = Integer.valueOf(messageMap.get(REL_REUSE_COUNT_KEY));
                         Integer pkgReuseCount = Integer.valueOf(messageMap.get(PKG_REUSE_COUNT_KEY));
                         Integer pkgCreationCount = Integer.valueOf(messageMap.get(PKG_CREATION_COUNT_KEY));
+                        String errorCountStr = messageMap.get(COMPONENT_IMPORT_ERROR_COUNT_KEY);
+                        int compImportErrorCount = CommonUtils.isNullEmptyOrWhitespace(errorCountStr) ? 0 : Integer.parseInt(errorCountStr);
 
                         String packages = messageMap.get(DUPLICATE_PACKAGE);
                         if (CommonUtils.isNotNullEmptyOrWhitespace(packages)) {
@@ -254,6 +256,7 @@ public RequestSummary importFromBOM(InputStream inputStream, AttachmentContent a
                                 if (pkg == null || CommonUtils.isNullEmptyOrWhitespace(pkg.getName()) || CommonUtils.isNullEmptyOrWhitespace(pkg.getVersion())
                                         || CommonUtils.isNullEmptyOrWhitespace(pkg.getPurl())) {
                                     invalidPackages.add(fullName);
+                                    compImportErrorCount++;
                                     log.error(String.format("Invalid package '%s' found in SBoM, missing name or version or purl! ", fullName));
                                     continue;
                                 }
@@ -288,6 +291,7 @@ public RequestSummary importFromBOM(InputStream inputStream, AttachmentContent a
                                     project.setPackageIds(linkedPackages);
                                 } catch (SW360Exception e) {
                                     log.error("An error occured while creating/adding package from SBOM: " + e.getMessage());
+                                    compImportErrorCount++;
                                     continue;
                                 }
                             }
@@ -306,6 +310,7 @@ public RequestSummary importFromBOM(InputStream inputStream, AttachmentContent a
                         messageMap.put(REL_REUSE_COUNT_KEY, String.valueOf(relReuseCount));
                         messageMap.put(PKG_CREATION_COUNT_KEY, String.valueOf(pkgCreationCount));
                         messageMap.put(PKG_REUSE_COUNT_KEY, String.valueOf(pkgReuseCount));
+                        messageMap.put(COMPONENT_IMPORT_ERROR_COUNT_KEY, String.valueOf(compImportErrorCount));
                         requestSummary.setMessage(convertCollectionToJSONString(messageMap));
                     }
                 } else {
@@ -508,6 +513,7 @@ private Map<String, String> importAllComponentsAsReleases(Map<String, List<org.c
                 if (CommonUtils.isNullEmptyOrWhitespace(release.getVersion()) ) {
                     log.error("release version is not present in SBoM for component: " + comp.getName());
                     invalidReleases.add(comp.getName());
+                    compImportErrorCount++;
                     continue;
                 }
                 relName = SW360Utils.getVersionedName(release.getName(), release.getVersion());
@@ -650,6 +656,7 @@ private Map<String, String> importAllComponentsAsPackages(Map<String, List<org.c
                     if (CommonUtils.isNullEmptyOrWhitespace(release.getVersion()) ) {
                         log.error("release version is not present in SBoM for component: " + comp.getName());
                         invalidReleases.add(comp.getName());
+                        compImportErrorCount++;
                         continue;
                     }
                     String relName = SW360Utils.getVersionedName(release.getName(), release.getVersion());
@@ -712,6 +719,7 @@ private Map<String, String> importAllComponentsAsPackages(Map<String, List<org.c
                     if (pkg == null || CommonUtils.isNullEmptyOrWhitespace(pkg.getName()) || CommonUtils.isNullEmptyOrWhitespace(pkg.getVersion())
                             || CommonUtils.isNullEmptyOrWhitespace(pkg.getPurl())) {
                         invalidPackages.add(pkgName);
+                        compImportErrorCount++;
                         log.error(String.format("Invalid package '%s' found in SBoM, missing name or version or purl! ", pkgName));
                         continue;
                     }
@@ -786,6 +794,7 @@ private Map<String, String> importAllComponentsAsPackages(Map<String, List<org.c
                     if (CommonUtils.isNullEmptyOrWhitespace(release.getVersion()) ) {
                         log.error("release version is not present in SBoM for component: " + comp.getName());
                         invalidReleases.add(comp.getName());
+                        compImportErrorCount++;
                         continue;
                     }
 
