API changes to support SPDX 3.0 #924
Conversation
|
This PR changes files in the API project. Does it change any of the API interfaces in any way? Please note that this includes the following types of changes:
Because any of these changes can potentially break a downstream consumer with customized interface implementations, these changes need to be treated as breaking changes. Please do one of the following: Option 1 - Publish this as a breaking change
Option 2 - Refactor the changes to be non-breaking
|
|
This PR changes files in the API project. Does it change any of the API interfaces in any way? Please note that this includes the following types of changes:
Because any of these changes can potentially break a downstream consumer with customized interface implementations, these changes need to be treated as breaking changes. Please do one of the following: Option 1 - Publish this as a breaking change
Option 2 - Refactor the changes to be non-breaking
|
|
This PR changes files in the API project. Does it change any of the API interfaces in any way? Please note that this includes the following types of changes:
Because any of these changes can potentially break a downstream consumer with customized interface implementations, these changes need to be treated as breaking changes. Please do one of the following: Option 1 - Publish this as a breaking change
Option 2 - Refactor the changes to be non-breaking
|
…s other breaking changes
|
This PR changes files in the API project. Does it change any of the API interfaces in any way? Please note that this includes the following types of changes:
Because any of these changes can potentially break a downstream consumer with customized interface implementations, these changes need to be treated as breaking changes. Please do one of the following: Option 1 - Publish this as a breaking change
Option 2 - Refactor the changes to be non-breaking
|
| var directory = Path.GetDirectoryName(spdxSbomConfig.ManifestJsonFilePath); | ||
| directory = fileSystemUtils.GetFullPath(directory); | ||
| if (!string.IsNullOrEmpty(directory)) | ||
| if (sbomConfigs.TryGet(supportedSpdxManifest, out var spdxSbomConfig)) |
There was a problem hiding this comment.
Presumably we can only match 1 config--should we break out of the loop after the first match?
There was a problem hiding this comment.
I wasn't sure if the customer was allowed to pass in multiple manifests. Seems like the conclusion is that there is only matching manifest based on your comment and what I've seen in the rest of the code, so I'll add a break statement after a successful match
|
|
||
| namespace Microsoft.Sbom.Api.Workflows.Helpers; | ||
|
|
||
| public interface IJsonSerializationStrategy |
There was a problem hiding this comment.
I'm not seeing this interface in any test classes. Is that a gap we should address?
There was a problem hiding this comment.
This is tested in the workflow tests where there are UTs to switch to different serialization strategies based on the manifest version. So I don't think that there's necessarily a gap here.
src/Microsoft.Sbom.Api/Executors/JsonSerializationStrategyFactory.cs
Outdated
Show resolved
Hide resolved
| private readonly IEnumerable<ISourcesProvider> sourcesProviders; | ||
|
|
||
| private readonly IRecorder recorder; | ||
|
|
||
| public ISbomConfig SbomConfig { get; set; } |
There was a problem hiding this comment.
Can SbomConfig and SpdxManifestVersion be set more than once? Not for this PR, but a small follow-up PR could easily add a class that makes these write-once
There was a problem hiding this comment.
No they should only be write-once, I will create a work item to make sure this change gets taken up in a separate PR.
src/Microsoft.Sbom.Api/Workflows/Helpers/ExternalDocumentReferenceGenerator.cs
Show resolved
Hide resolved
| } | ||
|
|
||
| public IEnumerable<string> Contexts => ((IEnumerable<string>)this.Result!).Select(r => r); | ||
| public IEnumerable<object> Contexts { get; set; } |
There was a problem hiding this comment.
object can literally be anything. Is there a way to improve the type safety?
| @@ -187,7 +187,11 @@ private class PinnedIFileTypeUtils : IFileTypeUtils | |||
|
|
|||
| private class PinnedIJsonArrayGenerator : IJsonArrayGenerator<PinnedIJsonArrayGenerator> | |||
There was a problem hiding this comment.
With these changes, we are intentionally doing away with the Version 3 interface, so this file should be in a different folder--calling it Version_4_0 would be consistent with the previous naming
|
/azp run |
| /// <exception cref="ParserException"></exception> | ||
| public void ValidateSbomDocCreationForNTIA(List<Element> elementsList) | ||
| { | ||
| var spdxDocumentElements = elementsList.Where(element => element is SpdxDocument); |
There was a problem hiding this comment.
Where returns an IEnumerable, which has some benefits, but the first thing that happens is to call Count(), which walks the entire list. Would the code to simpler if you made spdxDocumentElements a List by appending .ToList() on line 339?
|
|
||
| metadata.SpdxVersion = spdxCreationInfoElement?.SpecVersion; | ||
|
|
||
| return metadata; |
There was a problem hiding this comment.
This can set multiple properties of SpdxMetadata to null, when they're not declared as nullable in SpdxMetadata. .NET 8.0 assumes non-nullable types unless we explicitly tell it otherwise
There was a problem hiding this comment.
If result has null values then SpdxMetadata should also have those values set to null, so this is intentional
src/Microsoft.Sbom.Parsers.Spdx30SbomParser/Utils/SPDXToSbomFormatConverterExtensions.cs
Show resolved
Hide resolved
| @@ -100,4 +102,25 @@ public async Task When_GenerateSbomAsync_WithNoRecordedErrors_Then_EmptyEntityEr | |||
| mockRecorder.Verify(); | |||
| mockWorkflow.Verify(); | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
Code coverage for the generator hits most of the happy paths, but leaves a lot of error cases untouched. Should we try to cover more of the error paths?
test/Microsoft.Sbom.Api.Tests/Workflows/ManifestGenerationWorkflowTests.cs
Show resolved
Hide resolved
test/Microsoft.Sbom.Api.Tests/Workflows/SbomParserBasedValidationWorkflowTests.cs
Show resolved
Hide resolved
| @@ -379,4 +464,143 @@ public async Task SbomParserBasedValidationWorkflowTests_ReturnsSuccessAndValida | |||
| fileSystemMock.VerifyAll(); | |||
| osUtilsMock.VerifyAll(); | |||
| } | |||
|
|
|||
| [TestMethod] | |||
| public async Task SbomParserBasedValidationWorkflowTests_SetsComplianceStandard_Succeeds() | |||
There was a problem hiding this comment.
Code smell: If we need to have > 100 lines of code to run a 2 line test, we probably have some fundamental problems with our interface story
There was a problem hiding this comment.
Since I am setting the compliance standard in the workflow (when the parser gets created), all of these mocks are created in order to run the workflow which will set the compliance standard that I am asserting for.
There was a problem hiding this comment.
Maybe I can create a work item to take this issue up in a separate PR? I think it would involve some extensive rewriting of interfaces
|
This PR changes files in the API project. Does it change any of the API interfaces in any way? Please note that this includes the following types of changes:
Because any of these changes can potentially break a downstream consumer with customized interface implementations, these changes need to be treated as breaking changes. Please do one of the following: Option 1 - Publish this as a breaking change
Option 2 - Refactor the changes to be non-breaking
|
|
/azp run |
|
This PR changes files in the API project. Does it change any of the API interfaces in any way? Please note that this includes the following types of changes:
Because any of these changes can potentially break a downstream consumer with customized interface implementations, these changes need to be treated as breaking changes. Please do one of the following: Option 1 - Publish this as a breaking change
Option 2 - Refactor the changes to be non-breaking
|
|
/azp run |
parse SbomFileExample.txt -complianceStandard NTIA