From 135f1ed3b9991e86e78a241bd8aa05e3272a15e8 Mon Sep 17 00:00:00 2001
From: "jiyeong.seok" <jiyeong.seok@lge.com>
Date: Mon, 31 Mar 2025 17:57:32 +0900
Subject: [PATCH] Fix cyclonedx bug

Signed-off-by: jiyeong.seok <jiyeong.seok@lge.com>
---
 src/fosslight_util/correct.py         | 10 ++++------
 src/fosslight_util/write_cyclonedx.py |  5 +++--
 2 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/fosslight_util/correct.py b/src/fosslight_util/correct.py
index c88265a..94b4741 100644
--- a/src/fosslight_util/correct.py
+++ b/src/fosslight_util/correct.py
@@ -61,17 +61,15 @@ def correct_with_yaml(correct_filepath, path_to_scan, scan_item):
 
                     yaml_path_exists = True
                     exclude_fileitems.append(idx)
-
-            if not yaml_path_exists:
+            if scanner_name == FOSSLIGHT_SOURCE and not yaml_path_exists:
                 correct_item = copy.deepcopy(yaml_file_item)
                 if os.path.exists(os.path.normpath(yaml_file_item.source_name_or_path)):
                     correct_item.comment = 'Loaded from sbom-info.yaml'
                     correct_fileitems.append(correct_item)
                 else:
-                    if scanner_name == FOSSLIGHT_SOURCE:
-                        correct_item.exclude = True
-                        correct_item.comment = 'Added by sbom-info.yaml'
-                        correct_fileitems.append(correct_item)
+                    correct_item.exclude = True
+                    correct_item.comment = 'Added by sbom-info.yaml'
+                    correct_fileitems.append(correct_item)
         if correct_fileitems:
             scan_item.append_file_items(correct_fileitems, scanner_name)
             find_match = True
diff --git a/src/fosslight_util/write_cyclonedx.py b/src/fosslight_util/write_cyclonedx.py
index c645913..b7b5986 100644
--- a/src/fosslight_util/write_cyclonedx.py
+++ b/src/fosslight_util/write_cyclonedx.py
@@ -73,7 +73,7 @@ def write_cyclonedx(output_file_without_ext, output_extension, scan_item):
                         comp_type = ComponentType.LIBRARY
 
                     for oss_item in file_item.oss_items:
-                        if oss_item.name == '':
+                        if oss_item.name == '' or oss_item.name == '-':
                             if scanner_name == FOSSLIGHT_DEPENDENCY:
                                 continue
                             else:
@@ -93,7 +93,8 @@ def write_cyclonedx(output_file_without_ext, output_extension, scan_item):
                         if scanner_name == FOSSLIGHT_DEPENDENCY and file_item.purl:
                             comp.purl = PackageURL.from_string(file_item.purl)
                         if scanner_name != FOSSLIGHT_DEPENDENCY:
-                            comp.hashes = [HashType(alg=HashAlgorithm.SHA_1, content=file_item.checksum)]
+                            if file_item.checksum != '0':
+                                comp.hashes = [HashType(alg=HashAlgorithm.SHA_1, content=file_item.checksum)]
 
                         if oss_item.download_location != '':
                             comp.external_references = [ExternalReference(url=XsUri(oss_item.download_location),