Fix cyclonedx bug (#213)

Signed-off-by: jiyeong.seok <[email protected]>

Author: dd-jy

src/fosslight_util/correct.py

@@ -61,17 +61,15 @@ def correct_with_yaml(correct_filepath, path_to_scan, scan_item):
 
                     yaml_path_exists = True
                     exclude_fileitems.append(idx)
-
-            if not yaml_path_exists:
+            if scanner_name == FOSSLIGHT_SOURCE and not yaml_path_exists:
                 correct_item = copy.deepcopy(yaml_file_item)
                 if os.path.exists(os.path.normpath(yaml_file_item.source_name_or_path)):
                     correct_item.comment = 'Loaded from sbom-info.yaml'
                     correct_fileitems.append(correct_item)
                 else:
-                    if scanner_name == FOSSLIGHT_SOURCE:
-                        correct_item.exclude = True
-                        correct_item.comment = 'Added by sbom-info.yaml'
-                        correct_fileitems.append(correct_item)
+                    correct_item.exclude = True
+                    correct_item.comment = 'Added by sbom-info.yaml'
+                    correct_fileitems.append(correct_item)
         if correct_fileitems:
             scan_item.append_file_items(correct_fileitems, scanner_name)
             find_match = True

src/fosslight_util/write_cyclonedx.py

@@ -73,7 +73,7 @@ def write_cyclonedx(output_file_without_ext, output_extension, scan_item):
                         comp_type = ComponentType.LIBRARY
 
                     for oss_item in file_item.oss_items:
-                        if oss_item.name == '':
+                        if oss_item.name == '' or oss_item.name == '-':
                             if scanner_name == FOSSLIGHT_DEPENDENCY:
                                 continue
                             else:
@@ -93,7 +93,8 @@ def write_cyclonedx(output_file_without_ext, output_extension, scan_item):
                         if scanner_name == FOSSLIGHT_DEPENDENCY and file_item.purl:
                             comp.purl = PackageURL.from_string(file_item.purl)
                         if scanner_name != FOSSLIGHT_DEPENDENCY:
-                            comp.hashes = [HashType(alg=HashAlgorithm.SHA_1, content=file_item.checksum)]
+                            if file_item.checksum != '0':
+                                comp.hashes = [HashType(alg=HashAlgorithm.SHA_1, content=file_item.checksum)]
 
                         if oss_item.download_location != '':
                             comp.external_references = [ExternalReference(url=XsUri(oss_item.download_location),