fix(1.6): convert occurrences of OrganizationalEntity

Closes #174.

Signed-off-by: Maximilian Combüchen <max.combuchen@snyk.io>

convert.go

@@ -66,13 +66,11 @@ func (b *BOM) convert(specVersion SpecVersion) {
 			b.Metadata.Lifecycles = nil
 		}
 
-		if specVersion < SpecVersion1_5 {
-			b.Metadata.Lifecycles = nil
-		}
-
 		recurseComponent(b.Metadata.Component, componentConverter(specVersion))
 		convertLicenses(b.Metadata.Licenses, specVersion)
 		convertTools(b.Metadata.Tools, specVersion)
+		convertOrganizationalEntity(b.Metadata.Manufacture, specVersion)
+		convertOrganizationalEntity(b.Metadata.Supplier, specVersion)
 	}
 
 	if b.Components != nil {
@@ -99,6 +97,10 @@ func (b *BOM) convert(specVersion SpecVersion) {
 		convertExternalReferences(b.ExternalReferences, specVersion)
 	}
 
+	if b.Annotations != nil {
+		convertAnnotations(b.Annotations, specVersion)
+	}
+
 	b.SpecVersion = specVersion
 	b.XMLNS = xmlNamespaces[specVersion]
 	b.JSONSchema = jsonSchemas[specVersion]
@@ -293,13 +295,39 @@ func convertLicenses(licenses *Licenses, specVersion SpecVersion) {
 	if specVersion < SpecVersion1_6 {
 		for i := range *licenses {
 			choice := &(*licenses)[i]
-			if choice.License != nil {
-				choice.License.Acknowledgement = ""
+			if choice.License == nil {
+				continue
+			}
+
+			choice.License.Acknowledgement = ""
+
+			if choice.License.Licensing == nil {
+				continue
+			}
+
+			if choice.License.Licensing.Licensor != nil {
+				convertOrganizationalEntity(choice.License.Licensing.Licensor.Organization, specVersion)
+			}
+			if choice.License.Licensing.Licensee != nil {
+				convertOrganizationalEntity(choice.License.Licensing.Licensee.Organization, specVersion)
+			}
+			if choice.License.Licensing.Purchaser != nil {
+				convertOrganizationalEntity(choice.License.Licensing.Purchaser.Organization, specVersion)
 			}
 		}
 	}
 }
 
+func convertOrganizationalEntity(org *OrganizationalEntity, specVersion SpecVersion) {
+	if org == nil {
+		return
+	}
+
+	if specVersion < SpecVersion1_6 {
+		org.Address = nil
+	}
+}
+
 func convertVulnerabilities(vulns *[]Vulnerability, specVersion SpecVersion) {
 	if vulns == nil {
 		return
@@ -316,6 +344,16 @@ func convertVulnerabilities(vulns *[]Vulnerability, specVersion SpecVersion) {
 			vuln.Workaround = ""
 		}
 
+		if specVersion < SpecVersion1_6 {
+			if vuln.Credits != nil {
+				if vuln.Credits.Organizations != nil {
+					for i := range *vuln.Credits.Organizations {
+						convertOrganizationalEntity(&(*vuln.Credits.Organizations)[i], specVersion)
+					}
+				}
+			}
+		}
+
 		if vuln.Ratings != nil {
 			for j := range *vuln.Ratings {
 				rating := &(*vuln.Ratings)[j]
@@ -327,6 +365,25 @@ func convertVulnerabilities(vulns *[]Vulnerability, specVersion SpecVersion) {
 	}
 }
 
+func convertAnnotations(annotations *[]Annotation, specVersion SpecVersion) {
+	if annotations == nil {
+		return
+	}
+
+	if specVersion < SpecVersion1_6 {
+		for i := range *annotations {
+			ann := (*annotations)[i]
+
+			if ann.Annotator == nil {
+				continue
+			}
+
+			convertOrganizationalEntity(ann.Annotator.Organization, specVersion)
+			recurseService(ann.Annotator.Service, serviceConverter(specVersion))
+		}
+	}
+}
+
 // serviceConverter modifies a Service such that it adheres to a given SpecVersion.
 func serviceConverter(specVersion SpecVersion) func(*Service) {
 	return func(s *Service) {
@@ -338,6 +395,7 @@ func serviceConverter(specVersion SpecVersion) func(*Service) {
 			s.ReleaseNotes = nil
 		}
 
+		convertOrganizationalEntity(s.Provider, specVersion)
 		convertExternalReferences(s.ExternalReferences, specVersion)
 	}
 }
@@ -379,6 +437,12 @@ func convertTools(tools *ToolsChoice, specVersion SpecVersion) {
 		}
 	}
 
+	if tools.Services != nil {
+		for i := range *tools.Services {
+			convertOrganizationalEntity((*tools.Services)[i].Provider, specVersion)
+		}
+	}
+
 	if tools.Tools != nil {
 		for i := range *tools.Tools {
 			convertTool(&(*tools.Tools)[i], specVersion)

convert_test.go

@@ -93,3 +93,66 @@ func Test_convertLicenses(t *testing.T) {
 		assert.Zero(t, (*(*bom.Components)[0].Licenses)[0].License.Acknowledgement)
 	})
 }
+
+func Test_convertTools_OrganizationalEntity(t *testing.T) {
+	t.Run("spec 1.5 and lower", func(t *testing.T) {
+		orgStub := func() *OrganizationalEntity {
+			t.Helper()
+			return &OrganizationalEntity{
+				Name:    "Acme Corp",
+				Address: &PostalAddress{},
+			}
+		}
+
+		bom := NewBOM()
+		bom.Metadata = &Metadata{
+			Manufacture: orgStub(),
+			Supplier:    orgStub(),
+			Tools: &ToolsChoice{
+				Services: &[]Service{{Provider: orgStub()}},
+			},
+			Licenses: &Licenses{
+				{
+					License: &License{
+						Licensing: &Licensing{
+							Licensor:  &OrganizationalEntityOrContact{Organization: orgStub()},
+							Licensee:  &OrganizationalEntityOrContact{Organization: orgStub()},
+							Purchaser: &OrganizationalEntityOrContact{Organization: orgStub()},
+						},
+					},
+				},
+			},
+		}
+		bom.Vulnerabilities = &[]Vulnerability{
+			{
+				ID: "some-vuln",
+				Credits: &Credits{
+					Organizations: &[]OrganizationalEntity{*orgStub()},
+				},
+			},
+		}
+		bom.Annotations = &[]Annotation{
+			{
+				Annotator: &Annotator{
+					Organization: orgStub(),
+					Service:      &Service{Provider: orgStub()},
+				},
+			},
+		}
+
+		bom.convert(SpecVersion1_5)
+
+		assert.Nil(t, bom.Metadata.Manufacture.Address)
+		assert.Nil(t, bom.Metadata.Supplier.Address)
+		assert.Nil(t, (*bom.Metadata.Tools.Services)[0].Provider.Address)
+
+		assert.Nil(t, (*bom.Metadata.Licenses)[0].License.Licensing.Licensor.Organization.Address)
+		assert.Nil(t, (*bom.Metadata.Licenses)[0].License.Licensing.Licensee.Organization.Address)
+		assert.Nil(t, (*bom.Metadata.Licenses)[0].License.Licensing.Purchaser.Organization.Address)
+
+		assert.Nil(t, (*(*bom.Vulnerabilities)[0].Credits.Organizations)[0].Address)
+
+		assert.Nil(t, (*bom.Annotations)[0].Annotator.Organization.Address)
+		assert.Nil(t, (*bom.Annotations)[0].Annotator.Service.Provider.Address)
+	})
+}