chore: rebase

Festo-se · Jan 11, 2025 · 38863e0 · 38863e0
1 parent 92b7cd4
commit 38863e0
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 35 deletions.
diff --git a/cdxev/auxiliary/identity.py b/cdxev/auxiliary/identity.py
@@ -246,7 +246,7 @@ def __eq__(self, other: object) -> bool:
         return self.one_of_ids_is_in(other.aliases)
 
     def __str__(self) -> str:
-        if id not in self.aliases:
+        if id not in self.aliases:  # type: ignore[comparison-overlap]
             string = self.id
         for ref in self.aliases:
             if ref not in string:

diff --git a/cdxev/auxiliary/sbomFunctions.py b/cdxev/auxiliary/sbomFunctions.py
@@ -11,8 +11,8 @@
 
 from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component
-from univers.version_range import VersionRange
-from univers.versions import nuget
+from univers.version_range import VersionRange  # type: ignore[import-untyped]
+from univers.versions import nuget  # type: ignore[import-untyped]
 
 from cdxev.auxiliary.identity import ComponentIdentity, VulnerabilityIdentity
 from cdxev.log import LogMessage

diff --git a/cdxev/merge.py b/cdxev/merge.py
@@ -40,7 +40,7 @@ def merge_components(governing_sbom: dict, sbom_to_be_merged: dict) -> t.List[di
     Output:
     list_of_merged_components: List with the uniquely merged components of the submitted sboms
     """
-    list_of_merged_components = governing_sbom.get("components", [])
+    list_of_merged_components: list[dict] = governing_sbom.get("components", [])
     list_of_added_components = sbom_to_be_merged.get("components", [])
     for component in list_of_added_components:
         is_in_list, _ = get_corresponding_reference_to_component(
@@ -55,37 +55,8 @@ def merge_components(governing_sbom: dict, sbom_to_be_merged: dict) -> t.List[di
                 )
             )
         else:
-            if not (component.get("bom-ref", 1) in list_of_merged_bom_refs):
-                list_of_merged_components.append(component)
-                list_of_merged_bom_refs.append(component.get("bom-ref"))
-            else:
-                # if the bom-ref already exists in the components, add a incrementing number to
-                # the bom-ref
-                list_of_bom_refs_to_be_added = get_ref_from_components(
-                    sbom_to_be_merged.get("components", [])
-                )
-                list_of_bom_refs_to_be_added.append(
-                    sbom_to_be_merged.get("metadata", {})
-                    .get("component", {})
-                    .get("bom-ref", "")
-                )
-                bom_ref_is_not_unique = False
-                new_bom_ref = component.get("bom-ref")
-                n = 0
-                while new_bom_ref in list_of_merged_bom_refs or bom_ref_is_not_unique:
-                    n += 1
-                    new_bom_ref = component.get("bom-ref") + "_" + str(n)
-                    # The new bom-ref must not appear in either of the sboms
-                    if new_bom_ref in list_of_bom_refs_to_be_added:
-                        bom_ref_is_not_unique = True
-                    else:
-                        bom_ref_is_not_unique = False
-                replace_ref_in_sbom(
-                    new_bom_ref, component.get("bom-ref", ""), sbom_to_be_merged
-                )
-                list_of_merged_components.append(component)
-                list_of_merged_bom_refs.append(new_bom_ref)
-    return list_of_merged_components  # type:ignore [no-any-return]
+            list_of_merged_components.append(component)
+    return list_of_merged_components
 
 
 def merge_dependency(