devops-kung-fu · mirxcle · Mar 11, 2024 · Mar 11, 2024 · Mar 11, 2024 · Mar 11, 2024
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -60,11 +60,9 @@
                 "ahebrank.yaml2json",
                 "amazonwebservices.aws-toolkit-vscode",
                 "markis.code-coverage",
-                //"defaltd.go-coverage-viewer",
-                "Gruntfuggly.todo-tree", // Highlights TODO comments",
-                "Semgrep.semgrep"
+                "Gruntfuggly.todo-tree" // Highlights TODO comments",
             ]
         }
     },
     "postCreateCommand": "/usr/bin/bash ./.devcontainer/post-create.sh > ~/post-create.log"
-}
+}
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -4,54 +4,113 @@
     // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
     "version": "0.2.0",
     "configurations": [
-
         {
             "name": "Debug (output default)",
             "type": "go",
             "request": "launch",
             "mode": "auto",
             "program": "${workspaceFolder}/main.go",
-            "args": ["--debug=true", "convert", "./_TESTDATA_/juiceshop.cyclonedx.json"]
+            "args": [
+                "--debug=true",
+                "convert",
+                "./_TESTDATA_/juiceshop.cyclonedx.json"
+            ]
+        },
+        {
+            "name": "Debug (output default, output folder)",
+            "type": "go",
+            "request": "launch",
+            "mode": "auto",
+            "program": "${workspaceFolder}/main.go",
+            "args": [
+                "--debug=true",
+                "--output-folder=./_TESTDATA_/",
+                "convert",
+                "./_TESTDATA_/juiceshop.cyclonedx.json"
+            ]
+        },
+        {
+            "name": "Debug (input cdx 1.5, output default, output folder)",
+            "type": "go",
+            "request": "launch",
+            "mode": "auto",
+            "program": "${workspaceFolder}/main.go",
+            "args": [
+                "--debug=true",
+                "--output-folder=./_TESTDATA_/",
+                "convert",
+                "./_TESTDATA_/1.5.cyclonedx.json"
+            ]
         },
         {
             "name": "Debug (output json)",
             "type": "go",
             "request": "launch",
             "mode": "auto",
             "program": "${workspaceFolder}/main.go",
-            "args": ["--debug=true", "convert","--format", "yaml", "./_TESTDATA_/juiceshop.cyclonedx.json"]
+            "args": [
+                "--debug=true",
+                "convert",
+                "--format",
+                "yaml",
+                "./_TESTDATA_/juiceshop.cyclonedx.json"
+            ]
         },
         {
             "name": "Debug (output yaml)",
             "type": "go",
             "request": "launch",
             "mode": "auto",
             "program": "${workspaceFolder}/main.go",
-            "args": ["--debug=true", "convert","--format", "yaml", "./_TESTDATA_/juiceshop.cyclonedx.json"]
+            "args": [
+                "--debug=true",
+                "convert",
+                "--format",
+                "yaml",
+                "./_TESTDATA_/juiceshop.cyclonedx.json"
+            ]
         },
         {
             "name": "Debug (output csv)",
             "type": "go",
             "request": "launch",
             "mode": "auto",
             "program": "${workspaceFolder}/main.go",
-            "args": ["--debug=true", "convert","--format", "csv", "./_TESTDATA_/juiceshop.cyclonedx.json"]
+            "args": [
+                "--debug=true",
+                "convert",
+                "--format",
+                "csv",
+                "./_TESTDATA_/juiceshop.cyclonedx.json"
+            ]
         },
         {
             "name": "Debug (output minimal)",
             "type": "go",
             "request": "launch",
             "mode": "auto",
             "program": "${workspaceFolder}/main.go",
-            "args": ["--debug=true", "convert","--format", "minimal", "./_TESTDATA_/juiceshop.cyclonedx.json"]
+            "args": [
+                "--debug=true",
+                "convert",
+                "--format",
+                "minimal",
+                "./_TESTDATA_/juiceshop.cyclonedx.json"
+            ]
         },
         {
             "name": "Debug (output compatible)",
             "type": "go",
             "request": "launch",
             "mode": "auto",
             "program": "${workspaceFolder}/main.go",
-            "args": ["--debug=true", "convert","--format", "compatible", "./_TESTDATA_/juiceshop.cyclonedx.json"]
+            "args": [
+                "--debug=true",
+                "convert",
+                "--format",
+                "compatible",
+                "./_TESTDATA_/juiceshop.cyclonedx.json"
+            ]
         },
     ]
 }
diff --git a/_TESTDATA_/1.5.cyclonedx.json b/_TESTDATA_/1.5.cyclonedx.json
@@ -0,0 +1,32 @@
+{
+    "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
+    "bomFormat": "CycloneDX",
+    "specVersion": "1.5",
+    "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79",
+    "version": 1,
+    "components": [
+        {
+            "type": "application",
+            "name": "Acme Application",
+            "version": "9.1.1",
+            "cpe": "cpe:/a:acme:application:9.1.1",
+            "swid": {
+                "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1",
+                "name": "Acme Application",
+                "version": "9.1.1",
+                "text": {
+                    "contentType": "text/xml",
+                    "encoding": "base64",
+                    "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg=="
+                }
+            }
+        },
+        {
+            "type": "library",
+            "group": "org.apache.tomcat",
+            "name": "tomcat-catalina",
+            "version": "9.0.14",
+            "purl": "pkg:maven/org.apache.tomcat/[email protected]"
+        }
+    ]
+}
diff --git a/cmd/convert.go b/cmd/convert.go
@@ -16,6 +16,7 @@ var (
 	outputFormats = []string{"json", "yaml", "csv", "minimal", "compatible"}
 
 	selectedFormat string
+	outputFolder   string
 	convertCmd     = &cobra.Command{
 		Use:   "convert",
 		Short: "Converts a provided CycloneDX file to a KISSBOM format",
@@ -28,6 +29,7 @@ var (
 		Run: func(cmd *cobra.Command, args []string) {
 			converter := lib.NewConverter()
 			converter.OutputFormat = selectedFormat
+			converter.OutputFolder = outputFolder
 
 			log.Println("starting conversion")
 			err := converter.Convert(args[0])
@@ -47,6 +49,7 @@ var (
 func init() {
 	rootCmd.AddCommand(convertCmd)
 	convertCmd.Flags().StringVarP(&selectedFormat, "format", "f", "json", fmt.Sprintf("select one of the valid options: %s", outputFormats))
+	convertCmd.Flags().StringVarP(&outputFolder, "output-folder", "o", ".", "the output folder for the converted file")
 	_ = rootCmd.Flags().SetAnnotation("format", cobra.BashCompOneRequiredFlag, []string{"true"})
 
 }
diff --git a/lib/converter.go b/lib/converter.go
@@ -5,6 +5,8 @@
 	"bytes"
 	"fmt"
 	"log"
+	"path"
+	"time"
 
 	"github.com/CycloneDX/cyclonedx-go"
 	"github.com/spf13/afero"
@@ -16,6 +18,7 @@
 type Converter struct {
 	Afs            *afero.Afero // Afero file system abstraction for file operations.
 	OutputFileName string       // Name of the output file.
+	OutputFolder   string       //The folder in which to save the generated file.
 	OutputFormat   string       // Desired output format.
 }
 
@@ -46,7 +49,8 @@
 		return err
 	}
 
-	return c.writeToFile(kissbom)
+	filename = path.Join(c.OutputFolder, filename)
+	return c.writeToFile(kissbom, c.OutputFormat, filename)
 }
 
 // transform takes a byte slice representing a CycloneDX Bill of Materials (BOM) in JSON format,
@@ -79,7 +83,8 @@
 		timestamp := cdx.Metadata.Timestamp
 		c.OutputFileName = fmt.Sprintf("%s_%s_%s", subject, publisher, timestamp)
 	}
-	return c.OutputFileName
+	t := time.Now()
+	return fmt.Sprint(t.Format("20060102150405"))
 }
 
 // Function to write the KissBOM to a file based on the specified output format

diff --git a/lib/converter_test.go b/lib/converter_test.go
@@ -1,6 +1,8 @@
 package lib
 
 import (
+	"io"
+	"os"
 	"testing"
 	"time"
 
@@ -36,7 +38,23 @@ func TestConvert_Success(t *testing.T) {
 		Afs: &afero.Afero{Fs: afero.NewMemMapFs()},
 	}
 
-	converter.Afs.WriteFile("test.json", []byte(jsonContent), 0644)
+	e := func() error {
+		var data []byte = []byte(jsonContent)
+		f, err := (converter.Afs).Fs.OpenFile("test.json", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, os.FileMode(0644))
+		if err != nil {
+			return err
+		}
+		n, err := f.Write(data)
+		if err == nil && n < len(data) {
+			err = io.ErrShortWrite
+		}
+		if err1 := f.Close(); err == nil {
+			err = err1
+		}
+		return err
+	}()
+
+	assert.NoError(t, e)
 
 	converter.OutputFormat = "json" // Choose a valid output format for testing
 	converter.OutputFileName = "test_output"
@@ -63,7 +81,23 @@ func TestConvert_Success(t *testing.T) {
 	err = converter.Convert("test.json")
 	assert.Error(t, err, "Expected no error")
 
-	converter.Afs.WriteFile("test.json", []byte("<>test"), 0644)
+	e = func() error {
+		var data []byte = []byte("<>test")
+		f, err := (*converter.Afs).Fs.OpenFile("test.json", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, os.FileMode(0644))
+		if err != nil {
+			return err
+		}
+		n, err := f.Write(data)
+		if err == nil && n < len(data) {
+			err = io.ErrShortWrite
+		}
+		if err1 := f.Close(); err == nil {
+			err = err1
+		}
+		return err
+	}()
+
+	assert.NoError(t,e)
 	converter.OutputFormat = "csv" // Choose a valid output format for testing
 	err = converter.Convert("test.json")
 	assert.Error(t, err, "Expected no error")

diff --git a/models/structs.go b/models/structs.go
@@ -54,12 +54,14 @@ func NewKissBOMFromCycloneDX(cdx *cyclonedx.BOM) (kissbom KissBOM) {
 
 	// Iterate through each component and populate the KissBOM Packages
 	for _, component := range *cdx.Components {
-		kissbom.Packages = append(kissbom.Packages, Package{
-			Purl:      component.PackageURL,
-			License:   extractLicense(component),
-			Copyright: component.Copyright,
-			Notes:     component.Description,
-		})
+		if component.PackageURL != "" {
+			kissbom.Packages = append(kissbom.Packages, Package{
+				Purl:      component.PackageURL,
+				License:   extractLicense(component),
+				Copyright: component.Copyright,
+				Notes:     component.Description,
+			})
+		}
 	}
 
 	// Return the populated KissBOM