Skip to content

Commit 91d8425

Browse files
puercopuerco
committed
Ensure unique IDs when building documents
When adding packages from all sources to a document, the Builder object will now pass the packages through the new ensureUnique* functions. Previously, we YOLO'ed when adding new packages, hoping that names would not clash by trying to add a hierarchical name building strategy. This new approach really ensures names are unique by checking the document using the new querying capability. Signed-off-by: Adolfo García Veytia (Puerco) <adolfo.garcia@uservers.net>
1 parent 6fd3255 commit 91d8425

File tree

1 file changed

+9
-1
lines changed

1 file changed

+9
-1
lines changed

pkg/spdx/builder.go

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -191,6 +191,7 @@ func (builder *defaultDocBuilderImpl) GenerateDoc(
191191
if err != nil {
192192
return nil, errors.Wrap(err, "generating package from directory")
193193
}
194+
doc.ensureUniqueElementID(pkg)
194195

195196
if err := doc.AddPackage(pkg); err != nil {
196197
return nil, errors.Wrap(err, "adding directory package to document")
@@ -204,18 +205,22 @@ func (builder *defaultDocBuilderImpl) GenerateDoc(
204205
if err != nil {
205206
return nil, errors.Wrapf(err, "generating SPDX package from image ref %s", i)
206207
}
208+
doc.ensureUniqueElementID(p)
209+
doc.ensureUniquePeerIDs(p.GetRelationships())
207210
if err := doc.AddPackage(p); err != nil {
208211
return nil, errors.Wrap(err, "adding package to document")
209212
}
210213
}
211214

212215
// Process OCI image archives
213216
for _, tb := range genopts.Tarballs {
214-
logrus.Infof("Processing tarball %s", tb)
217+
logrus.Infof("Processing image archive %s", tb)
215218
p, err := spdx.PackageFromImageTarball(tb)
216219
if err != nil {
217220
return nil, errors.Wrap(err, "generating tarball package")
218221
}
222+
doc.ensureUniqueElementID(p)
223+
doc.ensureUniquePeerIDs(p.GetRelationships())
219224
if err := doc.AddPackage(p); err != nil {
220225
return nil, errors.Wrap(err, "adding package to document")
221226
}
@@ -228,6 +233,8 @@ func (builder *defaultDocBuilderImpl) GenerateDoc(
228233
if err != nil {
229234
return nil, errors.Wrap(err, "creating spdx package from archive")
230235
}
236+
doc.ensureUniqueElementID(p)
237+
doc.ensureUniquePeerIDs(p.GetRelationships())
231238
if err := doc.AddPackage(p); err != nil {
232239
return nil, errors.Wrap(err, "adding package to document")
233240
}
@@ -240,6 +247,7 @@ func (builder *defaultDocBuilderImpl) GenerateDoc(
240247
if err != nil {
241248
return nil, errors.Wrap(err, "adding file")
242249
}
250+
doc.ensureUniqueElementID(f)
243251
if err := doc.AddFile(f); err != nil {
244252
return nil, errors.Wrap(err, "adding file to document")
245253
}

0 commit comments

Comments
 (0)