add cpe, version and handle circular deps

trustification · Nov 15, 2024 · 0e3a828 · 0e3a828
1 parent 1131075
commit 0e3a828
Show file tree

Hide file tree

Showing 5 changed files with 295 additions and 368 deletions.
diff --git a/etc/test-data/spdx/simple.json b/etc/test-data/spdx/simple.json
@@ -5,12 +5,12 @@
     "creators": [
       "Trustify"
     ],
-    "comment": "This is an example for an SBOM with looping refs. Based upon an existing SBOM.",
+    "comment": "This is a simple example for an spdx SBOM.",
     "licenseListVersion": "3.8"
   },
   "dataLicense": "CC0-1.0",
   "documentNamespace": "uri:just-an-example",
-  "name": "loop",
+  "name": "simple",
   "packages": [
 
     {
@@ -25,8 +25,8 @@
         },
         {
           "referenceCategory": "SECURITY",
-          "referenceLocator": "cpe:/app:redhat:simple:1::el9",
-          "referenceType": "cpe22Type"
+          "referenceLocator": "cpe:/a:redhat:simple:1::el9",
+          "referenceType": "cpe23Type"
         }
       ],
       "filesAnalyzed": false,
@@ -158,11 +158,6 @@
           "referenceCategory": "PACKAGE_MANAGER",
           "referenceLocator": "pkg:rpm/redhat/[email protected]?arch=src",
           "referenceType": "purl"
-        },
-        {
-          "referenceCategory": "SECURITY",
-          "referenceLocator": "cpe:/a:redhat:simple:1::el9",
-          "referenceType": "cpe22Type"
         }
       ],
       "filesAnalyzed": false,
@@ -180,14 +175,9 @@
       "copyrightText": "NOASSERTION",
       "downloadLocation": "foo",
       "externalRefs": [
-        {
-          "referenceCategory": "PACKAGE_MANAGER",
-          "referenceLocator": "pkg:rpm/redhat/[email protected]",
-          "referenceType": "purl"
-        },
         {
           "referenceCategory": "SECURITY",
-          "referenceLocator": "cpe:/a:redhat:simple:1::el9",
+          "referenceLocator": "cpe:/a:redhat:a-FF:1:*:*:*:*:*",
           "referenceType": "cpe22Type"
         }
       ],

diff --git a/modules/analysis/src/endpoints.rs b/modules/analysis/src/endpoints.rs
@@ -324,7 +324,7 @@ mod test {
             "pkg:rpm/redhat/[email protected]"
         );
 
-        Ok(assert_eq!(&response["total"], 2))
+        Ok(assert_eq!(&response["total"], 3))
     }
 
     #[test_context(TrustifyContext)]

diff --git a/modules/analysis/src/model.rs b/modules/analysis/src/model.rs
@@ -27,6 +27,7 @@ pub struct PackageNode {
     pub node_id: String,
     pub purl: String,
     pub name: String,
+    pub version: String,
     pub published: String,
     pub document_id: String,
     pub product_name: String,
@@ -44,6 +45,7 @@ pub struct AncNode {
     pub node_id: String,
     pub purl: String,
     pub name: String,
+    pub version: String,
 }
 
 impl fmt::Display for AncNode {
@@ -58,6 +60,7 @@ pub struct AncestorSummary {
     pub node_id: String,
     pub purl: String,
     pub name: String,
+    pub version: String,
     pub published: String,
     pub document_id: String,
     pub product_name: String,
@@ -71,6 +74,7 @@ pub struct DepNode {
     pub node_id: String,
     pub purl: String,
     pub name: String,
+    pub version: String,
     #[schema(no_recursion)]
     pub deps: Vec<DepNode>,
 }
@@ -85,6 +89,7 @@ pub struct DepSummary {
     pub node_id: String,
     pub purl: String,
     pub name: String,
+    pub version: String,
     pub published: String,
     pub document_id: String,
     pub product_name: String,