TC-1842 CycloneDX CPE management

mrizzi · mrizzi · commit 4d0bd0ca17ee · 2024-10-30T14:10:50.000+01:00
Signed-off-by: mrizzi &lt;mrizzi@redhat.com&gt;
diff --git a/bombastic/index/src/sbom/mod.rs b/bombastic/index/src/sbom/mod.rs
@@ -334,6 +334,10 @@ impl Index {
             });
         }
 
+        if let Some(cpe) = &component.cpe {
+            document.add_text(fields.cpe, cpe);
+        };
+
         document.add_text(fields.classifier, component.component_type.to_string());
     }
 
@@ -791,8 +795,16 @@ mod tests {
             let result = search(&index, "ubi9-containe in:package");
             assert_eq!(result.0.len(), 1);
 
+            // SPDX CPE
             let result = search(&index, "\"cpe:/a:redhat:kernel_module_management:1.0::el9\" in:package");
             assert_eq!(result.0.len(), 1);
+
+            // CycloneDX CPE
+            let result = search(
+                &index,
+                "\"cpe:/o:io.seedwing:seedwing-java-example:1.0.0-SNAPSHOT::\" in:package",
+            );
+            assert_eq!(result.0.len(), 1);
         });
     }
 
diff --git a/bombastic/testdata/my-sbom.json b/bombastic/testdata/my-sbom.json
@@ -53,7 +53,8 @@
       "licenses" : [ ],
       "purl" : "pkg:maven/io.seedwing/seedwing-java-example@1.0.0-SNAPSHOT?type=jar",
       "type" : "library",
-      "bom-ref" : "pkg:maven/io.seedwing/seedwing-java-example@1.0.0-SNAPSHOT?type=jar"
+      "bom-ref" : "pkg:maven/io.seedwing/seedwing-java-example@1.0.0-SNAPSHOT?type=jar",
+      "cpe": "cpe:/o:io.seedwing:seedwing-java-example:1.0.0-SNAPSHOT::"
     }
   },
   "components" : [
@@ -7296,4 +7297,5 @@
       ]
     }
   ]
-}
+}
+
diff --git a/spog/ui/crates/components/src/cyclonedx/mod.rs b/spog/ui/crates/components/src/cyclonedx/mod.rs
@@ -1,11 +1,13 @@
 mod packages;
 
+use std::collections::BTreeMap;
 use std::rc::Rc;
 
 pub use packages::*;
 
 use patternfly_yew::prelude::*;
 use serde_json::Value;
+use spog_ui_common::utils::OrNone;
 use yew::prelude::*;
 
 #[derive(PartialEq, Properties)]
@@ -71,3 +73,56 @@ pub fn cyclonedx_creator(bom: &cyclonedx_bom::prelude::Bom) -> Html {
         </Card>
     )
 }
+
+pub fn cyclonedx_main(bom: &cyclonedx_bom::prelude::Bom) -> Html {
+    match bom.metadata.as_ref() {
+        Some(metadata) => match metadata.component.as_ref() {
+            Some(component) => {
+                html!(
+                    <Card>
+                        <CardTitle><Title size={Size::XLarge}>{ "Package" }</Title></CardTitle>
+                        <CardBody>
+                            <DescriptionList>
+                                <DescriptionGroup term="Name">{ component.name.to_string() }</DescriptionGroup>
+                                <DescriptionGroup term="Version">{ OrNone(component.version.as_ref()) }</DescriptionGroup>
+                                <DescriptionGroup term="Type">{ component.component_type.to_string() }</DescriptionGroup>
+                                <DescriptionGroup term="External References"> { cyclonedx_external_references(component)} </DescriptionGroup>
+                            </DescriptionList>
+                        </CardBody>
+                    </Card>
+                )
+            }
+            None => html!(),
+        },
+        None => html!(),
+    }
+}
+
+pub fn cyclonedx_external_references(component: &cyclonedx_bom::prelude::Component) -> Html {
+    let mut external_references = BTreeMap::new();
+    // since in SPDX SBOM both CPE and PURL are listed in the external references
+    // for UX conistency among the UI, they are managed in the same way in Cyclone SBOM
+    if let Some(cpe) = component.cpe.as_ref() {
+        external_references.insert(cpe.to_string(), "CPE".to_string());
+    }
+    if let Some(purl) = component.purl.as_ref() {
+        external_references.insert(purl.to_string(), "PURL".to_string());
+    }
+    if let Some(ext_refs) = component.external_references.as_ref() {
+        ext_refs.0.iter().for_each(|e| {
+            external_references.insert(e.url.to_string(), e.external_reference_type.to_string());
+        })
+    }
+    html!(
+        <List>
+            { for external_references.iter()
+                .map(|(value, label)| {
+                    html_nested!( <ListItem>
+                        {&value} { " " }
+                        <Label label={format!("{}", label)} color={Color::Grey} />
+                    </ListItem> )
+                })
+            }
+        </List>
+    )
+}
diff --git a/spog/ui/src/pages/sbom/mod.rs b/spog/ui/src/pages/sbom/mod.rs
@@ -258,6 +258,11 @@ fn details(props: &DetailsProps) -> Html {
                                     </GridItem>
                                 </Grid>
                             </StackItem>
+                            <StackItem>
+                                <Grid gutter=true>
+                                    <GridItem cols={[12]}>{cyclonedx_main(bom)}</GridItem>
+                                </Grid>
+                            </StackItem>
                         </Stack>
                     </PageSection>
 

Original file line number	Diff line number	Diff line change
`@@ -53,7 +53,8 @@`
`53`	`53`	`"licenses" : [ ],`
`54`	`54`	`"purl" : "pkg:maven/io.seedwing/[email protected]?type=jar",`
`55`	`55`	`"type" : "library",`
`56`		`- "bom-ref" : "pkg:maven/io.seedwing/[email protected]?type=jar"`
	`56`	`+ "bom-ref" : "pkg:maven/io.seedwing/[email protected]?type=jar",`
	`57`	`+ "cpe": "cpe:/o:io.seedwing:seedwing-java-example:1.0.0-SNAPSHOT::"`
`57`	`58`	`}`
`58`	`59`	`},`
`59`	`60`	`"components" : [`
`@@ -7296,4 +7297,5 @@`
`7296`	`7297`	`]`
`7297`	`7298`	`}`
`7298`	`7299`	`]`
`7299`		`-}`
	`7300`	`+}`
	`7301`	`+`