diff --git a/components/consumers/dependency-track/main_test.go b/components/consumers/dependency-track/main_test.go index 41ef3402d..d1755eef3 100644 --- a/components/consumers/dependency-track/main_test.go +++ b/components/consumers/dependency-track/main_test.go @@ -59,7 +59,7 @@ func TestUploadBomsFromRaw(t *testing.T) { require.NoError(t, err) client = c - issues, err := cyclonedx.ToDracon(rawSaaSBOM, "json") + issues, err := cyclonedx.ToDracon(rawSaaSBOM, "json", "") require.NoError(t, err) ltr := v1.LaunchToolResponse{ @@ -112,7 +112,7 @@ func TestUploadBomsFromEnriched(t *testing.T) { require.NoError(t, err) client = c - issues, err := cyclonedx.ToDracon(rawSaaSBOM, "json") + issues, err := cyclonedx.ToDracon(rawSaaSBOM, "json", "") require.NoError(t, err) ltr := v1.LaunchToolResponse{ @@ -206,7 +206,7 @@ func TestUploadBomsFromEnrichedWithOwners(t *testing.T) { require.NoError(t, err) client = c - issues, err := cyclonedx.ToDracon(rawSaaSBOM, "json") + issues, err := cyclonedx.ToDracon(rawSaaSBOM, "json", "") require.NoError(t, err) ltr := v1.LaunchToolResponse{ diff --git a/components/enrichers/depsdev/main.go b/components/enrichers/depsdev/main.go index c39d276a6..46acbf176 100644 --- a/components/enrichers/depsdev/main.go +++ b/components/enrichers/depsdev/main.go @@ -184,7 +184,7 @@ func enrichIssue(i *v1.Issue) (*v1.EnrichedIssue, error) { if err != nil { return &enrichedIssue, err } - originalIssue, err := cyclonedx.ToDracon(marshalled, "json") + originalIssue, err := cyclonedx.ToDracon(marshalled, "json", "") if err != nil { return &enrichedIssue, err } diff --git a/components/producers/cdxgen/main.go b/components/producers/cdxgen/main.go index 09f8e9d31..ca2d4c147 100644 --- a/components/producers/cdxgen/main.go +++ b/components/producers/cdxgen/main.go @@ -31,5 +31,5 @@ func main() { } func handleCycloneDX(inFile []byte) ([]*v1.Issue, error) { - return cyclonedx.ToDracon(inFile, "json") + return cyclonedx.ToDracon(inFile, "json", "") } diff --git a/components/producers/docker-trivy/main.go b/components/producers/docker-trivy/main.go index 973688190..b13abd917 100644 --- a/components/producers/docker-trivy/main.go +++ b/components/producers/docker-trivy/main.go @@ -92,7 +92,7 @@ func handleSarif(inFile []byte) ([]*v1.Issue, error) { } func handleCycloneDX(inFile []byte) ([]*v1.Issue, error) { - return cyclonedx.ToDracon(inFile, "json") + return cyclonedx.ToDracon(inFile, "json", "") } func parseCombinedOut(results types.CombinedOut) []*v1.Issue { diff --git a/pkg/cyclonedx/cyclonedx.go b/pkg/cyclonedx/cyclonedx.go index 8a71a055b..afe8e6310 100644 --- a/pkg/cyclonedx/cyclonedx.go +++ b/pkg/cyclonedx/cyclonedx.go @@ -12,7 +12,7 @@ import ( ) // ToDracon accepts a cycloneDX bom file and transforms to an array containing a singular v1.Issue. -func ToDracon(inFile []byte, format string) ([]*v1.Issue, error) { +func ToDracon(inFile []byte, format, targetOverride string) ([]*v1.Issue, error) { bom := new(cdx.BOM) var decoder cdx.BOMDecoder var issues []*v1.Issue @@ -42,10 +42,15 @@ func ToDracon(inFile []byte, format string) ([]*v1.Issue, error) { } result := strings.TrimSpace(buf.String()) target := "" - if bom.Metadata.Component.BOMRef != "" { - target = bom.Metadata.Component.BOMRef - } else { - target = bom.Metadata.Component.PackageURL + if bom.Metadata != nil && bom.Metadata.Component != nil { + if bom.Metadata.Component.BOMRef != "" { + target = bom.Metadata.Component.BOMRef + } else { + target = bom.Metadata.Component.PackageURL + } + } + if targetOverride != "" { + target = targetOverride } return []*v1.Issue{ diff --git a/pkg/cyclonedx/cyclonedx_test.go b/pkg/cyclonedx/cyclonedx_test.go index 8839ffb2c..4fb66fffe 100644 --- a/pkg/cyclonedx/cyclonedx_test.go +++ b/pkg/cyclonedx/cyclonedx_test.go @@ -15,7 +15,7 @@ func TestToDraconLibrary(t *testing.T) { rawLibraryBOM, err := os.ReadFile("./testdata/libraryBOM.json") require.NoError(t, err) - issues, err := ToDracon(rawLibraryBOM, "json") + issues, err := ToDracon(rawLibraryBOM, "json", "") require.NoError(t, err) libraryBOM := string(rawLibraryBOM) @@ -43,7 +43,7 @@ func TestToDraconSaaSInfra(t *testing.T) { rawSaaSBOM, err := os.ReadFile("./testdata/saasBOM.json") require.NoError(t, err) - issues, err := ToDracon(rawSaaSBOM, "json") + issues, err := ToDracon(rawSaaSBOM, "json", "") require.NoError(t, err) saasBOM := string(rawSaaSBOM) @@ -66,3 +66,31 @@ func TestToDraconSaaSInfra(t *testing.T) { require.NoError(t, json.Unmarshal([]byte(*issues[0].CycloneDXSBOM), &sbom2)) assert.Equal(t, sbom1, sbom2) } + +func TestToDraconTargetOverride(t *testing.T) { + rawSaaSBOM, err := os.ReadFile("./testdata/saasBOM.json") + require.NoError(t, err) + + issues, err := ToDracon(rawSaaSBOM, "json", "my-awesome-infra") + require.NoError(t, err) + + saasBOM := string(rawSaaSBOM) + expectedIssues := []*v1.Issue{ + { + Target: "my-awesome-infra", + Type: "SBOM", + Title: "SBOM for my-awesome-infra", + Severity: v1.Severity_SEVERITY_INFO, + CycloneDXSBOM: &saasBOM, + }, + } + assert.Equal(t, expectedIssues[0].Target, issues[0].Target) + assert.Equal(t, expectedIssues[0].Type, issues[0].Type) + assert.Equal(t, expectedIssues[0].Title, issues[0].Title) + assert.Equal(t, expectedIssues[0].Severity, issues[0].Severity) + + var sbom1, sbom2 map[string]interface{} + require.NoError(t, json.Unmarshal([]byte(*expectedIssues[0].CycloneDXSBOM), &sbom1)) + require.NoError(t, json.Unmarshal([]byte(*issues[0].CycloneDXSBOM), &sbom2)) + assert.Equal(t, sbom1, sbom2) +}