Capture nuget tags

Signed-off-by: Prabhu Subramanian <[email protected]>
CycloneDX · Nov 17, 2024 · c224b7c · c224b7c
1 parent c0bacdd
commit c224b7c
Show file tree

Hide file tree

Showing 9 changed files with 45 additions and 12 deletions.
diff --git a/data/component-tags.json b/data/component-tags.json
@@ -119,8 +119,7 @@
       "projections",
       "performance",
       "plugins",
-      "non-block",
-      "microsoft"
+      "non-block"
     ]
   },
   "properties": {
@@ -237,11 +236,15 @@
         ]
       },
       {
-        "security": ["(boringssl|openssl|libressl|libssl|gnutls|jose|keyutils)"]
+        "security": [
+          "(boringssl|openssl|libressl|libssl|gnutls|jose|keyutils|Azure\\.Security|System\\.Security)"
+        ]
       },
       { "native": ["(ffi|native)"] },
       { "parse": ["(parser)"] },
-      { "transform": ["(transformer)"] }
+      { "transform": ["(transformer)"] },
+      { "telemetry": ["(OpenTelemetry)"] },
+      { "logging": ["(Microsoft\\.Extensions\\.Logging|Log4net)"] }
     ],
     "obom": [
       {

diff --git a/data/frameworks-list.json b/data/frameworks-list.json
@@ -3,7 +3,9 @@
     "System.Web",
     "System.ServiceModel",
     "System.Data",
-    "spring",
+    "Microsoft.AspNetCore",
+    "Microsoft.NETCore",
+    "springframework",
     "pkg:pypi/flask",
     "pkg:pypi/django",
     "beego",

diff --git a/lib/cli/index.js b/lib/cli/index.js
@@ -36,7 +36,6 @@ import {
   CARGO_CMD,
   CLJ_CMD,
   DEBUG_MODE,
-  FETCH_LICENSE,
   LEIN_CMD,
   MAX_BUFFER,
   PREFER_MAVEN_DEPS_TREE,
@@ -146,6 +145,7 @@ import {
   parseYarnLock,
   readZipEntry,
   recomputeScope,
+  shouldFetchLicense,
   splitOutputByGradleProjects,
 } from "../helpers/utils.js";
 import {
@@ -3163,7 +3163,7 @@ export async function createPythonBom(path, options) {
   }
   // Re-compute the component scope
   pkgList = recomputeScope(pkgList, dependencies);
-  if (FETCH_LICENSE) {
+  if (shouldFetchLicense()) {
     pkgList = await getPyMetadata(pkgList, false);
   }
   return buildBomNSData(options, pkgList, "pypi", {
@@ -4425,7 +4425,7 @@ export async function createSwiftBom(path, options) {
       }
     }
   }
-  if (FETCH_LICENSE) {
+  if (shouldFetchLicense()) {
     pkgList = await getSwiftPackageMetadata(pkgList);
   }
   return buildBomNSData(options, pkgList, "swift", {
@@ -5370,7 +5370,7 @@ export async function createCsharpBom(path, options) {
       dependsOn: Array.from(parentDependsOn).sort(),
     });
   }
-  if (FETCH_LICENSE) {
+  if (shouldFetchLicense()) {
     const retMap = await getNugetMetadata(pkgList, dependencies);
     if (retMap.dependencies?.length) {
       dependencies = mergeDependencies(

diff --git a/lib/helpers/utils.js b/lib/helpers/utils.js
@@ -135,7 +135,7 @@ export const PREFER_MAVEN_DEPS_TREE = !["false", "0"].includes(
   process.env?.PREFER_MAVEN_DEPS_TREE,
 );
 
-function shouldFetchLicense() {
+export function shouldFetchLicense() {
   return (
     process.env.FETCH_LICENSE &&
     ["true", "1"].includes(process.env.FETCH_LICENSE)
@@ -12429,6 +12429,15 @@ export async function getNugetMetadata(pkgList, dependencies = undefined) {
                 (await getRepoLicense(p.license, undefined)) || p.license;
             }
           }
+          // Capture the tags
+          if (
+            body.catalogEntry?.tags?.length &&
+            Array.isArray(body.catalogEntry.tags)
+          ) {
+            p.tags = body.catalogEntry.tags.map((t) =>
+              t.toLowerCase().replaceAll(" ", "-"),
+            );
+          }
           if (body.catalogEntry.projectUrl) {
             p.repository = { url: body.catalogEntry.projectUrl };
             p.homepage = {

diff --git a/lib/helpers/utils.test.js b/lib/helpers/utils.test.js
@@ -2570,6 +2570,15 @@ test("get nget metadata", async () => {
       repository: {
         url: "http://www.castleproject.org/",
       },
+      tags: [
+        "castle",
+        "dynamicproxy",
+        "dynamic",
+        "proxy",
+        "dynamicproxy2",
+        "dictionaryadapter",
+        "emailsender",
+      ],
       version: "4.4.0",
     },
     {
@@ -2585,6 +2594,7 @@ test("get nget metadata", async () => {
       repository: {
         url: "https://serilog.net/",
       },
+      tags: ["serilog", "logging", "semantic", "structured"],
       version: "3.0.1",
     },
   ]);

diff --git a/lib/stages/postgen/annotator.js b/lib/stages/postgen/annotator.js
@@ -270,6 +270,14 @@ export function extractTags(
   }
   bomType = bomType?.toLowerCase();
   const tags = new Set();
+  if (component?.type !== "library") {
+    tags.add(component.type);
+  }
+  (component?.tags || []).forEach((tag) => {
+    if (tag.length) {
+      tags.add(tag);
+    }
+  });
   const desc = component?.description?.toLowerCase();
   const compProps = component.properties || [];
   // Collect both the BOM specific tags and all tags

diff --git a/types/lib/helpers/utils.d.ts b/types/lib/helpers/utils.d.ts
@@ -1,3 +1,4 @@
+export function shouldFetchLicense(): boolean;
 export function getJavaCommand(): string;
 export function getPythonCommand(): string;
 /**

diff --git a/types/lib/helpers/utils.d.ts.map b/types/lib/helpers/utils.d.ts.map
diff --git a/types/lib/stages/postgen/annotator.d.ts.map b/types/lib/stages/postgen/annotator.d.ts.map