Skip to content

Commit 7aaf8f8

Browse files
attiasasattiasas
committed
Limit full tree size when converting from BOM
1 parent 8da9ccc commit 7aaf8f8

File tree

1 file changed

+10
-5
lines changed

1 file changed

+10
-5
lines changed

utils/results/common.go

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,9 @@ const (
3333
DirectDependencyPathLength = 2
3434
nodeModules = "node_modules"
3535

36+
// MaxUniqueAppearances defines the maximum number of times a dependency can appear in a dependency tree.
37+
MaxUniqueAppearances = 10
38+
3639
// <FILE_REF>#L<START_LINE>C<START_COLUMN>-L<END_LINE>C<END_COLUMN>
3740
LocationIdTemplate = "%s#L%dC%d-L%dC%d"
3841
// Applicability properties for cdx
@@ -1029,10 +1032,11 @@ func BomToFullTree(sbom *cyclonedx.BOM, convertToXrayCompId bool) (fullDependenc
10291032
// No dependencies or components in the SBOM, return an empty slice
10301033
return
10311034
}
1035+
dependencyAppearances := map[string]int8{}
10321036
for _, rootEntry := range cdxutils.GetRootDependenciesEntries(sbom, false) {
10331037
// Create a new GraphNode with ref as the ID, when populating the tree we need to use the ref as the ID
10341038
currentTree := &xrayUtils.GraphNode{Id: rootEntry.Ref}
1035-
populateDepsNodeDataFromBom(currentTree, sbom.Dependencies)
1039+
populateDepsNodeDataFromBom(currentTree, sbom.Dependencies, dependencyAppearances)
10361040
fullDependencyTrees = append(fullDependencyTrees, currentTree)
10371041
}
10381042
// Translate refs to Purl/Xray IDs
@@ -1042,17 +1046,18 @@ func BomToFullTree(sbom *cyclonedx.BOM, convertToXrayCompId bool) (fullDependenc
10421046
return
10431047
}
10441048

1045-
func populateDepsNodeDataFromBom(node *xrayUtils.GraphNode, dependencies *[]cyclonedx.Dependency) {
1046-
if node == nil || node.NodeHasLoop() {
1047-
// If the node is nil or has a loop, return
1049+
func populateDepsNodeDataFromBom(node *xrayUtils.GraphNode, dependencies *[]cyclonedx.Dependency, dependencyAppearances map[string]int8) {
1050+
dependencyAppearances[node.Id]++
1051+
if node == nil || dependencyAppearances[node.Id] >= MaxUniqueAppearances || node.NodeHasLoop() {
1052+
// If the node is nil or has a loop or appeared too many times, stop the recursion
10481053
return
10491054
}
10501055
for _, dep := range cdxutils.GetDirectDependencies(dependencies, node.Id) {
10511056
depNode := &xrayUtils.GraphNode{Id: dep, Parent: node}
10521057
// Add the dependency to the current node
10531058
node.Nodes = append(node.Nodes, depNode)
10541059
// Recursively populate the node data
1055-
populateDepsNodeDataFromBom(depNode, dependencies)
1060+
populateDepsNodeDataFromBom(depNode, dependencies, dependencyAppearances)
10561061
}
10571062
}
10581063

0 commit comments

Comments
 (0)