Merge pull request #42 from nzupan/fix/getdependencies-javascript-sea…

…rch-meta-data fix: override incorrect source archive URL for github URLs
sw360 · Aug 26, 2023 · 78365a6 · 78365a6
2 parents dd94dcb + c3eef6f
commit 78365a6
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 7 deletions.
diff --git a/capycli/dependencies/javascript.py b/capycli/dependencies/javascript.py
@@ -172,16 +172,12 @@ def try_find_component_metadata(self, bomitem: Component, package_source: str) -
         if "github.com" in url:
             if not str(url).startswith("http"):
                 url = "https://" + url
+            url = self.find_source_file(url, bomitem.name, bomitem.version)
             CycloneDxSupport.update_or_set_ext_ref(
                 bomitem,
                 ExternalReferenceType.DISTRIBUTION,
                 CaPyCliBom.SOURCE_URL_COMMENT,
                 url)
-            source_file_url = self.find_source_file(url, bomitem.name, bomitem.version)
-            ext_ref = ExternalReference(
-                reference_type=ExternalReferenceType.DISTRIBUTION,
-                comment=CaPyCliBom.SOURCE_URL_COMMENT,
-                url=source_file_url)
         bomitem.description = info.get("description", "")
         if not CycloneDxSupport.get_binary_file_hash(bomitem):
             ext_ref = CycloneDxSupport.get_ext_ref(

diff --git a/capycli/dependencies/maven_list.py b/capycli/dependencies/maven_list.py
@@ -264,7 +264,7 @@ def create_full_dependency_list_from_maven_list_file(self, maven_list_file: str,
 
     def create_bom_item(self, x) -> Component:
         """
-        Crrate a CycloneDX BOM item.
+        Create a CycloneDX BOM item.
         """
         dependency = x[1]
         # print("dependency", dependency)

diff --git a/tests/test_dependencies_javascript.py → tests/test_get_dependencies_javascript.py b/tests/test_dependencies_javascript.py → tests/test_get_dependencies_javascript.py
@@ -137,7 +137,7 @@ def test_try_find_metadata_simple(self):
         self.assertEqual("zone.js", enhanced.components[0].name)
         self.assertEqual("Zones for JavaScript", enhanced.components[0].description)
         val = CycloneDxSupport.get_ext_ref_source_url(sbom.components[0])
-        self.assertEqual("https://github.com/angular/angular.git", val)
+        self.assertEqual("", val)
 
         self.delete_file("test_package_lock_1.json")
 
@@ -153,6 +153,36 @@ def test_issue_100(self):
             "https://registry.npmjs.org/")
         self.assertEqual(1, len(enhanced.components))
 
+    def test_get_metadata_source_archive_url(self) -> None:
+        sut = capycli.dependencies.javascript.GetJavascriptDependencies()
+
+        # create argparse command line argument object
+        args = AppArguments()
+        args.command = []
+        args.command.append("getdependencies")
+        args.command.append("javascript")
+        args.inputfile = os.path.join(os.path.dirname(__file__), "fixtures", self.INPUTFILE1)
+        args.outputfile = self.OUTPUTFILE1
+        args.debug = True
+        args.search_meta_data = True
+
+        out = self.capture_stdout(sut.run, args)
+        self.assertTrue(self.INPUTFILE1 in out)
+        self.assertTrue("Writing new SBOM to output.json" in out)
+        self.assertTrue("6 components written to file output.json" in out)
+
+        sbom = CaPyCliBom.read_sbom(self.OUTPUTFILE1)
+        self.assertIsNotNone(sbom)
+        self.assertEqual(6, len(sbom.components))
+
+        self.assertEqual("tslib", sbom.components[4].name)
+        self.assertEqual("2.3.1", sbom.components[4].version)
+        val = CycloneDxSupport.get_ext_ref_source_url(sbom.components[4])
+        print(val)
+        self.assertEqual("https://github.com/Microsoft/tslib/archive/refs/tags/2.3.1.zip", val)
+
+        self.delete_file(self.OUTPUTFILE1)
+
     def test_real_package_lock(self) -> None:
         sut = capycli.dependencies.javascript.GetJavascriptDependencies()