root component gets a fallback name

fix #252 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
CycloneDX · Feb 11, 2022 · 76bb7a7 · 76bb7a7
1 parent 26056b0
commit 76bb7a7
Show file tree

Hide file tree

Showing 8 changed files with 172 additions and 1 deletion.
diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml
@@ -56,6 +56,9 @@ jobs:
       - name: install testing-project "with-dev-dependencies"
         run: npm ci
         working-directory: tests/with-dev-dependencies
+      - name: install testing-project "with-dev-dependencies"
+        run: npm ci
+        working-directory: tests/no-name
       - name: run tests
         run: >
           npm run test:unit --

diff --git a/model/Bom.js b/model/Bom.js
@@ -35,7 +35,11 @@ class Bom extends CycloneDXObject {
     if (includeSerialNumber) {
       this._serialNumber = 'urn:uuid:' + uuid.v4()
     }
-    if (pkg) {
+    if (pkg && typeof pkg === 'object') {
+      if (!pkg.name) {
+        pkg = Object.assign({}, pkg) // work with a modified/fixed clone
+        pkg.name = 'NO-NAME-PACKAGE'
+      }
       this._metadata = this.createMetadata(pkg, componentType)
       this._components = this.listComponents(pkg, lockfile)
     } else {

diff --git a/test.sh b/test.sh
@@ -8,6 +8,7 @@ npm ci
 ## install testing-projects
 npm ci --prefix 'tests/with-packages'
 npm ci --prefix 'tests/with-dev-dependencies'
+npm ci --prefix 'tests/no-name'
 
 ## run tests
 npm test

diff --git a/tests/__snapshots__/index.test.js.snap b/tests/__snapshots__/index.test.js.snap
diff --git a/tests/index.test.js b/tests/index.test.js
@@ -111,3 +111,15 @@ test('createbom produces a BOM when all dependencies are dev-dependencies that s
     done()
   })
 })
+
+test('createbom produces a BOM when there is no name in the root package', done => {
+  // test for https://github.com/CycloneDX/cyclonedx-node-module/issues/252
+  bomHelpers.createbom('library', false, true, './tests/no-name', { dev: true }, (err, bom) => {
+    expect(err).toBeFalsy()
+
+    bom.metadata.timestamp = timestamp
+    bom.metadata.tools[0].version = programVersion
+    expect(bom.toJSON()).toMatchSnapshot()
+    done()
+  })
+})
diff --git a/tests/no-name/README.txt b/tests/no-name/README.txt
@@ -0,0 +1,2 @@
+this test case is related to
+https://github.com/CycloneDX/cyclonedx-node-module/issues/252
diff --git a/tests/no-name/package-lock.json b/tests/no-name/package-lock.json
diff --git a/tests/no-name/package.json b/tests/no-name/package.json
@@ -0,0 +1,7 @@
+{
+  "description": "an package without a name. see https://github.com/CycloneDX/cyclonedx-node-module/issues/252",
+  "private": true,
+  "dependencies": {
+    "packageurl-js": "^0.0.1"
+  }
+}