Skip to content

Commit

Permalink
Fix downgrading of external references
Browse files Browse the repository at this point in the history
Signed-off-by: andreas hilti <69210561+andreas-hilti@users.noreply.github.com>
  • Loading branch information
andreas-hilti committed Nov 24, 2024
1 parent b457bb9 commit 45fae77
Showing 1 changed file with 231 additions and 9 deletions.
240 changes: 231 additions & 9 deletions src/CycloneDX.Core/BomUtils.cs
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using CycloneDX.Models;
using CycloneDX.Models.Vulnerabilities;
using static CycloneDX.Models.EvidenceIdentity;
Expand Down Expand Up @@ -86,9 +87,9 @@ internal static Bom CopyBomAndDowngrade(Bom bom)

EnumerateAllComponents(bomCopy, (component) =>
{
#pragma warning disable 618
#pragma warning disable 618
component.Author = null;
#pragma warning restore 618
#pragma warning restore 618
component.MimeType = null;
component.Supplier = null;
component.Swid = null;
Expand Down Expand Up @@ -332,6 +333,20 @@ internal static Bom CopyBomAndDowngrade(Bom bom)
licenseChoice.Acknowledgement = null;
});

EnumerateAllExternalReferences(bomCopy, (externalReference) =>
{
if (externalReference != null)
{
if (externalReference.Type == ExternalReference.ExternalReferenceType.Source_Distribution
|| externalReference.Type == ExternalReference.ExternalReferenceType.Electronic_Signature
|| externalReference.Type == ExternalReference.ExternalReferenceType.Digital_Signature
|| externalReference.Type == ExternalReference.ExternalReferenceType.Rfc_9116)
{
externalReference.Type = ExternalReference.ExternalReferenceType.Other;
}
}
});

}

// triggers a bunch of stuff, don't remove unless you know what you are doing
Expand All @@ -353,7 +368,7 @@ public static void EnqueueMany<T>(this Queue<T> queue, IEnumerable<T> items)
{
foreach (var item in items.Where(item => item != null))
{
queue.Enqueue(item);
queue.Enqueue(item);
}
}
}
Expand All @@ -365,7 +380,7 @@ public static void EnumerateAllComponents(Bom bom, Action<Component> callback)
q.Enqueue(bom.Metadata?.Component);
q.EnqueueMany(bom.Metadata?.Tools?.Components);
q.EnqueueMany(bom.Components);
q.EnqueueMany(bom.Annotations?.Select(an => an.Annotator).Where(anor => anor.Component != null).Select(anor => anor.Component) ?? new List<Component>());
q.EnqueueMany(bom.Annotations?.Select(an => an.Annotator).Where(anor => anor.Component != null).Select(anor => anor.Component) ?? new List<Component>());
q.EnqueueMany(bom.Declarations?.Targets?.Components);
q.EnqueueMany(bom.Formulation?.Where(f => f.Components != null).SelectMany(f => f.Components));
q.EnqueueMany(bom.Vulnerabilities?.Where(v => v.Tools?.Components != null).SelectMany(v => v.Tools.Components));
Expand All @@ -392,7 +407,7 @@ public static void EnumerateAllServices(Bom bom, Action<Service> callback)
q.EnqueueMany(bom.Metadata?.Tools?.Services);
q.EnqueueMany(bom.Services);
q.EnqueueMany(bom.Annotations?.Select(an => an.Annotator).Where(anor => anor.Service != null).Select(anor => anor.Service) ?? new List<Service>());
q.EnqueueMany(bom.Declarations?.Targets?.Services);
q.EnqueueMany(bom.Declarations?.Targets?.Services);
q.EnqueueMany(bom.Formulation?.Where(f => f.Services != null).SelectMany(f => f.Services));
q.EnqueueMany(bom.Vulnerabilities?.Where(v => v.Tools?.Services != null).SelectMany(v => v.Tools.Services));

Expand Down Expand Up @@ -539,7 +554,7 @@ public static void EnumerateAllOrganizationalEntity(Bom bom, Action<Organization
if (energyProvider?.Organization != null)
{
callback(energyProvider.Organization);
}
}
}));


Expand Down Expand Up @@ -607,9 +622,9 @@ public static void EnumerateAllDependencies(Bom bom, Action<Dependency> callback
{
var q = new Queue<Dependency>();


q.EnqueueMany(bom.Dependencies);


while (q.Count > 0)
{
Expand All @@ -625,12 +640,219 @@ public static void EnumerateAllDependencies(Bom bom, Action<Dependency> callback

public static void EnumerateAllDatasetChoices(Bom bom, Action<DatasetChoices> callback)
{
EnumerateAllComponents(bom, (component) => {
EnumerateAllComponents(bom, (component) =>
{
if (component?.ModelCard?.ModelParameters?.Datasets != null)
{
callback(component.ModelCard.ModelParameters.Datasets);
}
});
}

public static void EnumerateAllExternalReferences(Bom bom, Action<ExternalReference> callback)
{
if (bom.ExternalReferences != null)
{
foreach (var item in bom.ExternalReferences)
{
callback(item);
}
}

EnumerateAllComponents(bom, (component) =>
{
if (component?.ExternalReferences != null)
{
foreach (var item in component.ExternalReferences)
{
callback(item);
}
}
if (component?.ModelCard?.Considerations?.EnvironmentalConsiderations?.EnergyConsumptions != null)
{
foreach (var energyConsumption in component.ModelCard.Considerations.EnvironmentalConsiderations.EnergyConsumptions)
{
if (energyConsumption?.EnergyProviders != null)
{
foreach (var energyProvider in energyConsumption.EnergyProviders)
{
if (energyProvider?.ExternalReferences != null)
{
foreach (var item in energyProvider.ExternalReferences)
{
callback(item);
}
}
}
}
}
}
});

EnumerateAllServices(bom, (service) =>
{
if (service?.ExternalReferences != null)
{
foreach (var item in service.ExternalReferences)
{
callback(item);
}
}
});


EnumerateAllToolChoices(bom, (toolsChoice) =>
{
if (toolsChoice?.Tools != null)
{
foreach (var tool in toolsChoice.Tools)
{
if (tool.ExternalReferences != null)
{
foreach (var item in tool.ExternalReferences)
{
callback(item);
}
}
}
}
});

if (bom.Declarations?.Claims != null)
{
foreach (var claim in bom.Declarations.Claims)
{
if (claim?.ExternalReferences != null)
{
foreach (var item in claim.ExternalReferences)
{
callback(item);
}
}
}
}

if (bom.Declarations?.Affirmation?.Signatories != null)
{
foreach (var signatory in bom.Declarations?.Affirmation?.Signatories)
{
if (signatory?.ExternalReference != null)
{
callback(signatory.ExternalReference);
}
}
}

if (bom.Definitions?.Standards != null)
{
foreach (var standard in bom.Definitions.Standards)
{
if (standard?.ExternalReferences != null)
{
foreach (var item in standard.ExternalReferences)
{
callback(item);
}
}
}
}

EnumerateAllResourceReferenceChoices(bom, (resoureReferenceChoice) =>
{
if (resoureReferenceChoice?.ExternalReference != null)
{
callback(resoureReferenceChoice.ExternalReference);
}
});

}

public static void EnumerateAllWorkflows(Bom bom, Action<Workflow> callback)
{
if (bom.Formulation != null)
{
foreach (var formulation in bom.Formulation)
{
if (formulation?.Workflows != null)
{
foreach (var workflow in formulation.Workflows)
{
callback(workflow);
}
}
}
}
}

public static void EnumerateAllResourceReferenceChoices(Bom bom, Action<ResourceReferenceChoice> callback)
{
EnumerateAllWorkflows(bom, (workflow) =>
{
if (workflow?.ResourceReferences != null)
{
foreach (var resourceReference in workflow.ResourceReferences)
{
callback(resourceReference);
}
}
if (workflow?.Inputs != null)
{
foreach (var input in workflow.Inputs)
{
if (input.Resource != null) { callback(input.Resource); };
if (input.Source != null) { callback(input.Source); };
if (input.Target != null) { callback(input.Target); };
}
}
if (workflow?.Outputs != null)
{
foreach (var output in workflow.Outputs)
{
if (output.Resource != null) { callback(output.Resource); };
if (output.Source != null) { callback(output.Source); };
if (output.Target != null) { callback(output.Target); };
}
}
if (workflow?.Trigger?.Event != null)
{
if (workflow.Trigger.Event.Source != null) { callback(workflow.Trigger.Event.Source); };
if (workflow.Trigger.Event.Target != null) { callback(workflow.Trigger.Event.Target); };
}

foreach (var task in workflow.Tasks)
{
if (task?.ResourceReferences != null)
{
foreach (var resourceReference in task.ResourceReferences)
{
callback(resourceReference);
}
}
if (task?.Inputs != null)
{
foreach (var input in task.Inputs)
{
if (input.Resource != null) { callback(input.Resource); };
if (input.Source != null) { callback(input.Source); };
if (input.Target != null) { callback(input.Target); };
}
}
if (task?.Outputs != null)
{
foreach (var output in task.Outputs)
{
if (output.Resource != null) { callback(output.Resource); };
if (output.Source != null) { callback(output.Source); };
if (output.Target != null) { callback(output.Target); };
}
}
if (task?.Trigger?.Event != null)
{
if (task.Trigger.Event.Source != null) { callback(task.Trigger.Event.Source); };
if (task.Trigger.Event.Target != null) { callback(task.Trigger.Event.Target); };
}
}
});
}
}
}

0 comments on commit 45fae77

Please sign in to comment.