Refactor: Improve algorithm deduplication and update fixtures

cursoragent · script3r · cursoragent · commit e1e6b68d2790 · 2025-09-15T20:05:30.000Z
Update algorithm deduplication logic and regenerate fixture files with new UUIDs and timestamps.

Co-authored-by: script3r &lt;script3r@gmail.com&gt;
diff --git a/crates/cbom-generator/src/algorithm_detector.rs b/crates/cbom-generator/src/algorithm_detector.rs
@@ -295,7 +295,7 @@ impl AlgorithmDetector {
                             // Try to extract from the full content first, then fall back to symbol
                             let sources = vec![&content, symbol];
                             let mut found_param = false;
-                            
+
                             for source in sources {
                                 if let Some(captures) = param_pattern.pattern.captures(source) {
                                     if let Some(value_match) = captures.get(1) {
@@ -311,7 +311,7 @@ impl AlgorithmDetector {
                                     }
                                 }
                             }
-                            
+
                             // Use default value if pattern doesn't match anywhere
                             if !found_param {
                                 if let Some(default) = &param_pattern.default_value {
@@ -337,30 +337,34 @@ impl AlgorithmDetector {
             AssetProperties::Algorithm(props) => {
                 // For deduplication, use algorithm name and primitive only
                 // This will merge different parameter variations of the same algorithm
-                format!("{}:{}", 
+                format!(
+                    "{}:{}",
                     asset.name.as_ref().unwrap_or(&"unknown".to_string()),
                     props.primitive as u8
                 )
             }
-            _ => format!("{}:{}", 
+            _ => format!(
+                "{}:{}",
                 asset.name.as_ref().unwrap_or(&"unknown".to_string()),
                 asset.bom_ref
-            )
+            ),
         }
     }
 
     /// Merge algorithm assets with the same name/primitive but different parameters
     fn merge_algorithm_assets(&self, assets: Vec<CryptoAsset>) -> Vec<CryptoAsset> {
         let mut merged_map: HashMap<String, CryptoAsset> = HashMap::new();
-        
+
         for asset in assets {
             let key = self.create_deduplication_key(&asset);
-            
+
             if let Some(existing) = merged_map.get_mut(&key) {
                 // Merge parameters if the new asset has more specific information
-                if let (AssetProperties::Algorithm(existing_props), AssetProperties::Algorithm(new_props)) = 
-                    (&mut existing.asset_properties, &asset.asset_properties) {
-                    
+                if let (
+                    AssetProperties::Algorithm(existing_props),
+                    AssetProperties::Algorithm(new_props),
+                ) = (&mut existing.asset_properties, &asset.asset_properties)
+                {
                     // If existing has no parameters but new one does, use the new parameters
                     if existing_props.parameter_set.is_none() && new_props.parameter_set.is_some() {
                         existing_props.parameter_set = new_props.parameter_set.clone();
@@ -370,7 +374,7 @@ impl AlgorithmDetector {
                 merged_map.insert(key, asset);
             }
         }
-        
+
         merged_map.into_values().collect()
     }
 
diff --git a/crates/cbom-generator/src/project_parser.rs b/crates/cbom-generator/src/project_parser.rs
@@ -6,7 +6,6 @@ use serde::Deserialize;
 use std::collections::HashMap;
 use std::fs;
 use std::path::{Path, PathBuf};
-use walkdir::WalkDir;
 
 /// Information about a project dependency
 #[derive(Debug, Clone)]
diff --git a/fixtures/buck-nested/module1/mv-cbom.json b/fixtures/buck-nested/module1/mv-cbom.json
@@ -1,14 +1,14 @@
 {
   "bomFormat": "MV-CBOM",
   "specVersion": "1.0",
-  "serialNumber": "urn:uuid:9d7b4222-fed9-4f24-9228-8cff9e223ead",
+  "serialNumber": "urn:uuid:8dea757c-ce23-45e1-9b21-7a2b9a55a7c0",
   "version": 1,
   "metadata": {
     "component": {
       "name": "module1",
       "path": "/workspace/fixtures/buck-nested/module1"
     },
-    "timestamp": "2025-09-15T18:57:27.222490925Z",
+    "timestamp": "2025-09-15T20:04:12.940894846Z",
     "tools": [
       {
         "name": "cipherscope",
@@ -17,6 +17,28 @@
       }
     ]
   },
-  "cryptoAssets": [],
+  "cryptoAssets": [
+    {
+      "bom-ref": "47fbbd88-adec-4f4c-a272-87c9f90e6453",
+      "assetType": "algorithm",
+      "name": "AES-GCM",
+      "assetProperties": {
+        "primitive": "aead",
+        "nistQuantumSecurityLevel": 3
+      }
+    },
+    {
+      "bom-ref": "4256cfe7-c9b5-48dd-a51f-5e6ad73ef0a5",
+      "assetType": "algorithm",
+      "name": "AES",
+      "assetProperties": {
+        "primitive": "aead",
+        "parameterSet": {
+          "keySize": 256
+        },
+        "nistQuantumSecurityLevel": 3
+      }
+    }
+  ],
   "dependencies": []
 }
diff --git a/fixtures/buck-nested/module2/submodule/mv-cbom.json b/fixtures/buck-nested/module2/submodule/mv-cbom.json
@@ -1,14 +1,14 @@
 {
   "bomFormat": "MV-CBOM",
   "specVersion": "1.0",
-  "serialNumber": "urn:uuid:9a7c8d7e-6d43-482b-ba75-b55263a95a8d",
+  "serialNumber": "urn:uuid:23c41a42-9e26-4f8c-b581-0099fa5f4ab0",
   "version": 1,
   "metadata": {
     "component": {
       "name": "submodule",
       "path": "/workspace/fixtures/buck-nested/module2/submodule"
     },
-    "timestamp": "2025-09-15T18:57:27.222471197Z",
+    "timestamp": "2025-09-15T20:04:12.940851422Z",
     "tools": [
       {
         "name": "cipherscope",
@@ -17,6 +17,49 @@
       }
     ]
   },
-  "cryptoAssets": [],
+  "cryptoAssets": [
+    {
+      "bom-ref": "89e5f071-e3e5-4614-8816-a55755074a2f",
+      "assetType": "algorithm",
+      "name": "RSA",
+      "assetProperties": {
+        "primitive": "signature",
+        "parameterSet": {
+          "keySize": 2048
+        },
+        "nistQuantumSecurityLevel": 0
+      }
+    },
+    {
+      "bom-ref": "deb92c4c-a6b5-4aed-8739-3f459c6c687f",
+      "assetType": "algorithm",
+      "name": "AES-GCM",
+      "assetProperties": {
+        "primitive": "aead",
+        "parameterSet": {
+          "keySize": 256
+        },
+        "nistQuantumSecurityLevel": 3
+      }
+    },
+    {
+      "bom-ref": "619b6407-5305-4c88-a9ea-4774007cda4d",
+      "assetType": "algorithm",
+      "name": "ECDSA",
+      "assetProperties": {
+        "primitive": "signature",
+        "nistQuantumSecurityLevel": 0
+      }
+    },
+    {
+      "bom-ref": "13876ba8-9452-4fb9-8a91-4828f7ae7ffa",
+      "assetType": "algorithm",
+      "name": "SHA-256",
+      "assetProperties": {
+        "primitive": "hash",
+        "nistQuantumSecurityLevel": 3
+      }
+    }
+  ],
   "dependencies": []
 }
diff --git a/fixtures/buck-nested/mv-cbom.json b/fixtures/buck-nested/mv-cbom.json
@@ -1,14 +1,14 @@
 {
   "bomFormat": "MV-CBOM",
   "specVersion": "1.0",
-  "serialNumber": "urn:uuid:d22a7a38-1826-4a44-9af6-18613837326b",
+  "serialNumber": "urn:uuid:82b1004f-a4a8-4091-9f10-9feab8d5edd3",
   "version": 1,
   "metadata": {
     "component": {
       "name": "buck-nested",
       "path": "/workspace/fixtures/buck-nested"
     },
-    "timestamp": "2025-09-15T18:57:27.222447474Z",
+    "timestamp": "2025-09-15T20:04:12.940736100Z",
     "tools": [
       {
         "name": "cipherscope",
@@ -17,6 +17,61 @@
       }
     ]
   },
-  "cryptoAssets": [],
+  "cryptoAssets": [
+    {
+      "bom-ref": "a9cd95c4-cc1a-46c0-9d91-921ea0456ea9",
+      "assetType": "algorithm",
+      "name": "SHA-256",
+      "assetProperties": {
+        "primitive": "hash",
+        "nistQuantumSecurityLevel": 3
+      }
+    },
+    {
+      "bom-ref": "9005e47d-dc26-46da-865a-326ec1f04eaa",
+      "assetType": "algorithm",
+      "name": "AES",
+      "assetProperties": {
+        "primitive": "aead",
+        "parameterSet": {
+          "keySize": 256
+        },
+        "nistQuantumSecurityLevel": 3
+      }
+    },
+    {
+      "bom-ref": "000253a7-a684-48cf-addc-a1115f10a2b9",
+      "assetType": "algorithm",
+      "name": "RSA",
+      "assetProperties": {
+        "primitive": "signature",
+        "parameterSet": {
+          "keySize": 2048
+        },
+        "nistQuantumSecurityLevel": 0
+      }
+    },
+    {
+      "bom-ref": "be34355c-d2ad-4f95-8704-177b05fe5901",
+      "assetType": "algorithm",
+      "name": "AES-GCM",
+      "assetProperties": {
+        "primitive": "aead",
+        "parameterSet": {
+          "keySize": 256
+        },
+        "nistQuantumSecurityLevel": 3
+      }
+    },
+    {
+      "bom-ref": "cd717e15-233a-4b3d-acb2-2d659bfddbdd",
+      "assetType": "algorithm",
+      "name": "ECDSA",
+      "assetProperties": {
+        "primitive": "signature",
+        "nistQuantumSecurityLevel": 0
+      }
+    }
+  ],
   "dependencies": []
 }
diff --git a/fixtures/python/cryptography-mixed/mv-cbom.json b/fixtures/python/cryptography-mixed/mv-cbom.json
@@ -1,14 +1,14 @@
 {
   "bomFormat": "MV-CBOM",
   "specVersion": "1.0",
-  "serialNumber": "urn:uuid:64d03398-eee1-4ade-9581-6abeaf93c7b5",
+  "serialNumber": "urn:uuid:43112169-1f7a-4fdf-9d38-cff265ff71be",
   "version": 1,
   "metadata": {
     "component": {
       "name": "cryptography-mixed",
       "path": "/workspace/fixtures/python/cryptography-mixed"
     },
-    "timestamp": "2025-09-15T19:50:59.616165470Z",
+    "timestamp": "2025-09-15T20:04:40.367225656Z",
     "tools": [
       {
         "name": "cipherscope",
@@ -19,7 +19,7 @@
   },
   "cryptoAssets": [
     {
-      "bom-ref": "6e6cdfb5-c506-40e9-8e0a-955b1a43b14b",
+      "bom-ref": "50972571-52dc-4ec1-ba54-79e9ad3983a4",
       "assetType": "algorithm",
       "name": "RSA",
       "assetProperties": {
@@ -31,32 +31,32 @@
       }
     },
     {
-      "bom-ref": "ebdbfa3f-a101-4786-81cb-23d24709650b",
+      "bom-ref": "44315dd8-152d-472e-9370-955bec730e81",
       "assetType": "algorithm",
-      "name": "Fernet",
+      "name": "SHA-256",
       "assetProperties": {
-        "primitive": "aead",
-        "parameterSet": {
-          "algorithm": "AES-128-CBC + HMAC-SHA256"
-        },
+        "primitive": "hash",
         "nistQuantumSecurityLevel": 3
       }
     },
     {
-      "bom-ref": "45e8e556-be31-4126-b237-9633d1beebba",
+      "bom-ref": "b3945f0b-b3d6-405a-9045-09c355f4d1e7",
       "assetType": "algorithm",
-      "name": "SHA-256",
+      "name": "Fernet",
       "assetProperties": {
-        "primitive": "hash",
+        "primitive": "aead",
+        "parameterSet": {
+          "algorithm": "AES-128-CBC + HMAC-SHA256"
+        },
         "nistQuantumSecurityLevel": 3
       }
     }
   ],
   "dependencies": [
     {
-      "ref": "c871f5e5-3368-41dc-89a3-c8767fe3e127",
+      "ref": "26cfd300-b1a9-466b-9f52-3030ee3ebda1",
       "dependsOn": [
-        "6e6cdfb5-c506-40e9-8e0a-955b1a43b14b"
+        "50972571-52dc-4ec1-ba54-79e9ad3983a4"
       ],
       "dependencyType": "implements"
     }
