Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add switch to add license text to BOM result #427

Draft
wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

feat: add switch to add license text to BOM result #427

wants to merge 2 commits into from

Conversation

CompartMSL
Copy link

@CompartMSL CompartMSL commented Jan 10, 2023
edited by jkowalleck
Loading

fixes #256

@CompartMSL CompartMSL requested a review from a team as a code owner January 10, 2023 17:24
@CompartMSL CompartMSL closed this Jan 11, 2023
@CompartMSL CompartMSL deleted the feature/addLicTexts branch January 11, 2023 06:51
@CompartMSL CompartMSL restored the feature/addLicTexts branch January 11, 2023 06:52
@CompartMSL CompartMSL reopened this Jan 11, 2023
@jkowalleck
Copy link
Member

jkowalleck commented Jan 11, 2023
edited
Loading

❌ Please add proper tests.

PS: this is already ongoing

@CompartMSL CompartMSL force-pushed the feature/addLicTexts branch 2 times, most recently from 217a4c8 to b53631e Compare January 16, 2023 12:39
jkowalleck
jkowalleck requested changes Jan 18, 2023
View reviewed changes
.gitignore Outdated Show resolved Hide resolved
tests/integration/synthetics/cli.run.test.js Outdated Show resolved Hide resolved
tests/_data/dummy_projects/with-lockfile/node_modules/my-local-a/LICENSE Outdated Show resolved Hide resolved
@jkowalleck
Copy link
Member

jkowalleck commented Jan 19, 2023
edited
Loading

Based on the proposed implementation, the new switch --add-license-text contradicts the existing switch --package-lock-only.

The --package-lock-only (options.packageLockOnly) should have priority - meaning if options.packageLockOnly is true, then options.addLicenseText should be set to false regardless of the user's input. (see how options.packageLockOnly is handled in src/cli.ts)

@CompartMSL, how do you see this?

@CompartMSL
Copy link
Author

Based on the proposed implementation, the new switch --add-license-text contradicts the existing switch --package-lock-only.

The --package-lock-only (options.packageLockOnly) should have priority - meaning if options.packageLockOnly is true, then options.addLicenseText should be set to false regardless of the user's input. (see how options.packageLockOnly is handled in src/cli.ts)

@CompartMSL, how do you see this?

You are right.
After the implementation of this change I recognized, after the run of the tests, that the chosen test approach for --add-license-texts is disturbed by this change. The files in tests_data\sbom_demo-results\add-license-text\ shows not the wanted effect anymore.
Currently, I see the need to search another test approach and have no idea where to start.

@jkowalleck jkowalleck changed the title FEAT: Option to add license text to BOM output (#256) feat: Option to add license text to BOM output (#256) Jan 23, 2023
@jkowalleck jkowalleck changed the title feat: Option to add license text to BOM output (#256) feat: add switch to add license text to BOM result Jan 23, 2023
@jkowalleck
Copy link
Member

@CompartMSL re #427 (comment)

Ignore the tests for a while, and just take care of the needed implementation details.
Maybe just revert the tests you added, for a while. I will assist setting up a test, as soon as the desired feature is shaped properly.

jkowalleck
jkowalleck reviewed Jan 24, 2023
View reviewed changes
src/licensetexts.ts Outdated Show resolved Hide resolved
jkowalleck
jkowalleck reviewed Jan 24, 2023
View reviewed changes
src/licensetexts.ts Outdated
if (pkgPath.length < 1) {
return licenseFilenamesWType
}
const typicalFilenames = ['LICENSE', 'License', 'license', 'LICENCE', 'Licence', 'licence', 'NOTICE', 'Notice', 'notice']
Copy link
Member

@jkowalleck jkowalleck Jan 24, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please change the list/implementation to be case-insensitive.
I'd suggest having only lowercased entries in the list.
I'd suggest using a scandir-like behavior where all files are lowercased before they are compared against the list of known files.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I chose the other way first to get a list of all files and match case-insensitive. Maybe there is later an idea to handle multiple files

@jkowalleck jkowalleck marked this pull request as draft January 24, 2023 13:46
@jkowalleck
Copy link
Member

converted PR to "draft", since the implementation is not final, yet.

@CompartMSL CompartMSL force-pushed the feature/addLicTexts branch 2 times, most recently from d0c1d1c to 2efa5b7 Compare January 25, 2023 08:38
jkowalleck
jkowalleck reviewed Jan 25, 2023
View reviewed changes
src/licensetexts.ts

import { Enums, Models } from '@cyclonedx/cyclonedx-library'
import * as fs from 'fs'
import * as minimatch from 'minimatch'
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

❓ where does this come from?

src/cli.ts
@@ -226,6 +235,10 @@ export function run (process: NodeJS.Process): void {
myConsole
).buildFromProjectDir(projectDir, process)

if (options.addLicenseText) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do this after everything is set?
I'd suggest putting the code in the existing BomBuilder.makeComponent()

@jkowalleck
Copy link
Member

jkowalleck commented Jan 25, 2023
edited
Loading

@CompartMSL I find the proposed current implementation disturbing, as it does not stick to chosen design principles and architecture of this project.

my suggestion: write the needed function and usage in the builders.ts file.

  • Add the option whether to add the license texts to existing BomBuilderOptions and act based on it in the exiting BomBuilder. This option could be called shouldAddLicenseTexts.
  • Create a new class there, that has a method that returns or updates needed structures based on a given directory path.
  • inject your own builder into BomBuilder - like BomBuilder.componentBuilder.
    It could be called LicensBuilder and be available internally as this.licensBuilder.
  • hook into the existing BomBuilder.makeComponent() and call needed methods like 
    const component = this.componentBuilder.makeComponent(data, type)
// ...
if (!this.packageLockOnly && this.shouldAddLicenseTexts && data.path) {
  this.licensBuilder.addTexts(component.licenses, data.path)
}
// ...
return component

jkowalleck
jkowalleck reviewed Mar 2, 2023
View reviewed changes
src/licensetexts.ts
* @param {Models.DisjunctiveLicense} license
* @param {string} installPath
*/
function addLicTextBasedOnLicenseFiles (license: Models.DisjunctiveLicense, installPath: string): void {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

license text detection is not completely solved.

Therefore, the result shall be an evidence, rather than n license attachment.

@jkowalleck jkowalleck added the enhancement New feature or request label Jun 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkowalleck jkowalleck jkowalleck requested changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

FEAT: Option to add license text to SBOM result
2 participants
@CompartMSL @jkowalleck