From 38863e05452fc12f70b81be4da03e36d42daa410 Mon Sep 17 00:00:00 2001 From: chbk Date: Sat, 11 Jan 2025 14:24:28 +0100 Subject: [PATCH] chore: rebase --- cdxev/auxiliary/identity.py | 2 +- cdxev/auxiliary/sbomFunctions.py | 4 ++-- cdxev/merge.py | 35 +++----------------------------- 3 files changed, 6 insertions(+), 35 deletions(-) diff --git a/cdxev/auxiliary/identity.py b/cdxev/auxiliary/identity.py index 8626e0ae..20b00457 100644 --- a/cdxev/auxiliary/identity.py +++ b/cdxev/auxiliary/identity.py @@ -246,7 +246,7 @@ def __eq__(self, other: object) -> bool: return self.one_of_ids_is_in(other.aliases) def __str__(self) -> str: - if id not in self.aliases: + if id not in self.aliases: # type: ignore[comparison-overlap] string = self.id for ref in self.aliases: if ref not in string: diff --git a/cdxev/auxiliary/sbomFunctions.py b/cdxev/auxiliary/sbomFunctions.py index 800c400c..65032430 100644 --- a/cdxev/auxiliary/sbomFunctions.py +++ b/cdxev/auxiliary/sbomFunctions.py @@ -11,8 +11,8 @@ from cyclonedx.model.bom import Bom from cyclonedx.model.component import Component -from univers.version_range import VersionRange -from univers.versions import nuget +from univers.version_range import VersionRange # type: ignore[import-untyped] +from univers.versions import nuget # type: ignore[import-untyped] from cdxev.auxiliary.identity import ComponentIdentity, VulnerabilityIdentity from cdxev.log import LogMessage diff --git a/cdxev/merge.py b/cdxev/merge.py index d7b9c4fb..2badd0ae 100644 --- a/cdxev/merge.py +++ b/cdxev/merge.py @@ -40,7 +40,7 @@ def merge_components(governing_sbom: dict, sbom_to_be_merged: dict) -> t.List[di Output: list_of_merged_components: List with the uniquely merged components of the submitted sboms """ - list_of_merged_components = governing_sbom.get("components", []) + list_of_merged_components: list[dict] = governing_sbom.get("components", []) list_of_added_components = sbom_to_be_merged.get("components", []) for component in list_of_added_components: is_in_list, _ = get_corresponding_reference_to_component( @@ -55,37 +55,8 @@ def merge_components(governing_sbom: dict, sbom_to_be_merged: dict) -> t.List[di ) ) else: - if not (component.get("bom-ref", 1) in list_of_merged_bom_refs): - list_of_merged_components.append(component) - list_of_merged_bom_refs.append(component.get("bom-ref")) - else: - # if the bom-ref already exists in the components, add a incrementing number to - # the bom-ref - list_of_bom_refs_to_be_added = get_ref_from_components( - sbom_to_be_merged.get("components", []) - ) - list_of_bom_refs_to_be_added.append( - sbom_to_be_merged.get("metadata", {}) - .get("component", {}) - .get("bom-ref", "") - ) - bom_ref_is_not_unique = False - new_bom_ref = component.get("bom-ref") - n = 0 - while new_bom_ref in list_of_merged_bom_refs or bom_ref_is_not_unique: - n += 1 - new_bom_ref = component.get("bom-ref") + "_" + str(n) - # The new bom-ref must not appear in either of the sboms - if new_bom_ref in list_of_bom_refs_to_be_added: - bom_ref_is_not_unique = True - else: - bom_ref_is_not_unique = False - replace_ref_in_sbom( - new_bom_ref, component.get("bom-ref", ""), sbom_to_be_merged - ) - list_of_merged_components.append(component) - list_of_merged_bom_refs.append(new_bom_ref) - return list_of_merged_components # type:ignore [no-any-return] + list_of_merged_components.append(component) + return list_of_merged_components def merge_dependency(