feat: Enhance algorithm detection and update fixtures

This commit improves the algorithm detection logic to consider multiple sources for parameter extraction. It also updates various fixtures with new UUIDs and algorithm definitions, including RSA, AES, ECDSA, and SHA-256, for better representation.

Co-authored-by: script3r <[email protected]>

Author: cursoragent

crates/cbom-generator/src/algorithm_detector.rs

@@ -171,24 +171,37 @@ impl AlgorithmDetector {
     ) -> Result<HashMap<String, serde_json::Value>> {
         let mut parameters = HashMap::new();
 
-        // Extract parameters from symbol
+        // Try to extract parameters from multiple sources
+        let sources = vec![&finding.symbol, &finding.snippet];
+
         for param_pattern in &algorithm.parameter_patterns {
-            if let Some(captures) = param_pattern.pattern.captures(&finding.symbol) {
-                if let Some(value_match) = captures.get(1) {
-                    let value_str = value_match.as_str();
-
-                    // Try to parse as number first, then as string
-                    let value = if let Ok(num) = value_str.parse::<u64>() {
-                        json!(num)
-                    } else {
-                        json!(value_str)
-                    };
-
-                    parameters.insert(param_pattern.name.clone(), value);
+            let mut found_value = false;
+
+            // Try each source (symbol, snippet) for parameter extraction
+            for source in &sources {
+                if let Some(captures) = param_pattern.pattern.captures(source) {
+                    if let Some(value_match) = captures.get(1) {
+                        let value_str = value_match.as_str();
+
+                        // Try to parse as number first, then as string
+                        let value = if let Ok(num) = value_str.parse::<u64>() {
+                            json!(num)
+                        } else {
+                            json!(value_str)
+                        };
+
+                        parameters.insert(param_pattern.name.clone(), value);
+                        found_value = true;
+                        break; // Found value, no need to check other sources
+                    }
+                }
+            }
+
+            // Use default value if pattern doesn't match any source
+            if !found_value {
+                if let Some(default) = &param_pattern.default_value {
+                    parameters.insert(param_pattern.name.clone(), default.clone());
                 }
-            } else if let Some(default) = &param_pattern.default_value {
-                // Use default value if pattern doesn't match
-                parameters.insert(param_pattern.name.clone(), default.clone());
             }
         }
 

fixtures/c/openssl-mixed/mv-cbom.json

@@ -1,14 +1,14 @@
 {
   "bomFormat": "MV-CBOM",
   "specVersion": "1.0",
-  "serialNumber": "urn:uuid:f7699f6e-deb2-4df5-a35f-cdfc3e75fac2",
+  "serialNumber": "urn:uuid:fc0dc0c3-dddc-4a08-9bb5-ec9e8c57513d",
   "version": 1,
   "metadata": {
     "component": {
       "name": "openssl-mixed",
       "path": "/workspace/fixtures/c/openssl-mixed"
     },
-    "timestamp": "2025-09-15T17:50:59.203450522Z",
+    "timestamp": "2025-09-15T19:16:12.263741214Z",
     "tools": [
       {
         "name": "cipherscope",
@@ -19,7 +19,7 @@
   },
   "cryptoAssets": [
     {
-      "bom-ref": "8ec4b990-c242-4dce-b287-f03f5ad7d944",
+      "bom-ref": "5da73c7c-874f-4a4a-bdd5-b788a4fd9828",
       "assetType": "algorithm",
       "name": "RSA",
       "assetProperties": {
@@ -28,7 +28,25 @@
       }
     },
     {
-      "bom-ref": "b0eeb295-734e-4802-84a1-c10c77b8c84d",
+      "bom-ref": "949c682f-245a-48ac-929c-321883f113e5",
+      "assetType": "algorithm",
+      "name": "RSA",
+      "assetProperties": {
+        "primitive": "signature",
+        "nistQuantumSecurityLevel": 0
+      }
+    },
+    {
+      "bom-ref": "21e6b5c1-a73c-4f06-9e65-2abb21dc7b8a",
+      "assetType": "algorithm",
+      "name": "RSA",
+      "assetProperties": {
+        "primitive": "signature",
+        "nistQuantumSecurityLevel": 0
+      }
+    },
+    {
+      "bom-ref": "d9ad0e25-6a6a-4795-b6c6-6fe43df020d9",
       "assetType": "algorithm",
       "name": "ChaCha20Poly1305",
       "assetProperties": {
@@ -37,7 +55,7 @@
       }
     },
     {
-      "bom-ref": "618e2556-e493-4d3d-b7a3-e541ccaf533e",
+      "bom-ref": "d17963d8-afc3-4d9d-9639-40207e59cba2",
       "assetType": "algorithm",
       "name": "ChaCha20Poly1305",
       "assetProperties": {
@@ -48,9 +66,9 @@
   ],
   "dependencies": [
     {
-      "ref": "7b79d53e-9174-40a2-ab0e-90ce576f0eea",
+      "ref": "9913e268-477a-44bd-b83c-e4507a13a864",
       "dependsOn": [
-        "8ec4b990-c242-4dce-b287-f03f5ad7d944"
+        "5da73c7c-874f-4a4a-bdd5-b788a4fd9828"
       ],
       "dependencyType": "implements"
     }

fixtures/java/bazel-tink/mv-cbom.json

@@ -1,14 +1,14 @@
 {
   "bomFormat": "MV-CBOM",
   "specVersion": "1.0",
-  "serialNumber": "urn:uuid:88fe9b38-0f8f-4845-9de5-bfb5ff06140e",
+  "serialNumber": "urn:uuid:e1eb7020-382a-490d-9c92-469752da89b5",
   "version": 1,
   "metadata": {
     "component": {
-      "name": "test-case-bazel-java",
-      "path": "/workspace/test-cases/test-case-bazel-java"
+      "name": "bazel-tink",
+      "path": "/workspace/fixtures/java/bazel-tink"
     },
-    "timestamp": "2025-09-15T17:22:54.702513263Z",
+    "timestamp": "2025-09-15T19:16:12.241784417Z",
     "tools": [
       {
         "name": "cipherscope",
@@ -17,6 +17,118 @@
       }
     ]
   },
-  "cryptoAssets": [],
+  "cryptoAssets": [
+    {
+      "bom-ref": "ba0df8fe-5e3b-492c-8f01-9f3358ef9297",
+      "assetType": "algorithm",
+      "name": "RSA",
+      "assetProperties": {
+        "primitive": "signature",
+        "nistQuantumSecurityLevel": 0
+      }
+    },
+    {
+      "bom-ref": "21c2707d-320f-4d89-bd67-fbd8f95b3f77",
+      "assetType": "algorithm",
+      "name": "RSA",
+      "assetProperties": {
+        "primitive": "signature",
+        "nistQuantumSecurityLevel": 0
+      }
+    },
+    {
+      "bom-ref": "06134af5-446d-4e36-afc2-88748f6c22f8",
+      "assetType": "algorithm",
+      "name": "RSA",
+      "assetProperties": {
+        "primitive": "signature",
+        "nistQuantumSecurityLevel": 0
+      }
+    },
+    {
+      "bom-ref": "f6072edb-c2ba-4007-b969-69b13739c360",
+      "assetType": "algorithm",
+      "name": "RSA",
+      "assetProperties": {
+        "primitive": "signature",
+        "nistQuantumSecurityLevel": 0
+      }
+    },
+    {
+      "bom-ref": "a5d23b59-8db1-4ee0-85e8-c2655dde0724",
+      "assetType": "algorithm",
+      "name": "AES-GCM",
+      "assetProperties": {
+        "primitive": "aead",
+        "parameterSet": {
+          "keySize": 256
+        },
+        "nistQuantumSecurityLevel": 3
+      }
+    },
+    {
+      "bom-ref": "dee29965-0905-40d1-a1b3-a58d8c27fb75",
+      "assetType": "algorithm",
+      "name": "AES-GCM",
+      "assetProperties": {
+        "primitive": "aead",
+        "nistQuantumSecurityLevel": 3
+      }
+    },
+    {
+      "bom-ref": "6ad6b958-0279-43c3-9630-adc14e3aab1a",
+      "assetType": "algorithm",
+      "name": "AES-GCM",
+      "assetProperties": {
+        "primitive": "aead",
+        "nistQuantumSecurityLevel": 3
+      }
+    },
+    {
+      "bom-ref": "f7131de9-57b5-4367-8ca9-b7eb4b85917c",
+      "assetType": "algorithm",
+      "name": "AES-GCM",
+      "assetProperties": {
+        "primitive": "aead",
+        "nistQuantumSecurityLevel": 3
+      }
+    },
+    {
+      "bom-ref": "61fb5bc1-e119-468c-acb2-a0cd8e15a97b",
+      "assetType": "algorithm",
+      "name": "AES-GCM",
+      "assetProperties": {
+        "primitive": "aead",
+        "nistQuantumSecurityLevel": 3
+      }
+    },
+    {
+      "bom-ref": "7efb9e25-c4be-4254-98e7-7a324225e1ff",
+      "assetType": "algorithm",
+      "name": "AES-GCM",
+      "assetProperties": {
+        "primitive": "aead",
+        "nistQuantumSecurityLevel": 3
+      }
+    },
+    {
+      "bom-ref": "bd07c47d-9736-4c07-948f-75c05d4654d8",
+      "assetType": "algorithm",
+      "name": "AES-GCM",
+      "assetProperties": {
+        "primitive": "aead",
+        "nistQuantumSecurityLevel": 3
+      }
+    },
+    {
+      "bom-ref": "de8c36ae-8680-49d0-9776-42f0c395d945",
+      "assetType": "algorithm",
+      "name": "AES-GCM",
+      "assetProperties": {
+        "primitive": "aead",
+        "nistQuantumSecurityLevel": 3
+      }
+    }
+  ],
   "dependencies": []
 }