Skip to content

Commit 716425a

Browse files
attiasasattiasas
committed
Limit full tree size when converting from BOM
1 parent 6976bb9 commit 716425a

File tree

1 file changed

+10
-5
lines changed

1 file changed

+10
-5
lines changed

utils/results/common.go

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,9 @@ const (
3333
DirectDependencyPathLength = 2
3434
nodeModules = "node_modules"
3535

36+
// MaxUniqueAppearances defines the maximum number of times a dependency can appear in a dependency tree.
37+
MaxUniqueAppearances = 10
38+
3639
// <FILE_REF>#L<START_LINE>C<START_COLUMN>-L<END_LINE>C<END_COLUMN>
3740
LocationIdTemplate = "%s#L%dC%d-L%dC%d"
3841
// Applicability properties for cdx
@@ -1024,10 +1027,11 @@ func BomToFullTree(sbom *cyclonedx.BOM, convertToXrayCompId bool) (fullDependenc
10241027
// No dependencies or components in the SBOM, return an empty slice
10251028
return
10261029
}
1030+
dependencyAppearances := map[string]int8{}
10271031
for _, rootEntry := range cdxutils.GetRootDependenciesEntries(sbom, false) {
10281032
// Create a new GraphNode with ref as the ID, when populating the tree we need to use the ref as the ID
10291033
currentTree := &xrayUtils.GraphNode{Id: rootEntry.Ref}
1030-
populateDepsNodeDataFromBom(currentTree, sbom.Dependencies)
1034+
populateDepsNodeDataFromBom(currentTree, sbom.Dependencies, dependencyAppearances)
10311035
fullDependencyTrees = append(fullDependencyTrees, currentTree)
10321036
}
10331037
// Translate refs to Purl/Xray IDs
@@ -1037,17 +1041,18 @@ func BomToFullTree(sbom *cyclonedx.BOM, convertToXrayCompId bool) (fullDependenc
10371041
return
10381042
}
10391043

1040-
func populateDepsNodeDataFromBom(node *xrayUtils.GraphNode, dependencies *[]cyclonedx.Dependency) {
1041-
if node == nil || node.NodeHasLoop() {
1042-
// If the node is nil or has a loop, return
1044+
func populateDepsNodeDataFromBom(node *xrayUtils.GraphNode, dependencies *[]cyclonedx.Dependency, dependencyAppearances map[string]int8) {
1045+
dependencyAppearances[node.Id]++
1046+
if node == nil || dependencyAppearances[node.Id] >= MaxUniqueAppearances || node.NodeHasLoop() {
1047+
// If the node is nil or has a loop or appeared too many times, stop the recursion
10431048
return
10441049
}
10451050
for _, dep := range cdxutils.GetDirectDependencies(dependencies, node.Id) {
10461051
depNode := &xrayUtils.GraphNode{Id: dep, Parent: node}
10471052
// Add the dependency to the current node
10481053
node.Nodes = append(node.Nodes, depNode)
10491054
// Recursively populate the node data
1050-
populateDepsNodeDataFromBom(depNode, dependencies)
1055+
populateDepsNodeDataFromBom(depNode, dependencies, dependencyAppearances)
10511056
}
10521057
}
10531058

0 commit comments

Comments
 (0)