diff --git a/convert.go b/convert.go index 438fc02..98cf0fb 100644 --- a/convert.go +++ b/convert.go @@ -66,13 +66,11 @@ func (b *BOM) convert(specVersion SpecVersion) { b.Metadata.Lifecycles = nil } - if specVersion < SpecVersion1_5 { - b.Metadata.Lifecycles = nil - } - recurseComponent(b.Metadata.Component, componentConverter(specVersion)) convertLicenses(b.Metadata.Licenses, specVersion) convertTools(b.Metadata.Tools, specVersion) + convertOrganizationalEntity(b.Metadata.Manufacture, specVersion) + convertOrganizationalEntity(b.Metadata.Supplier, specVersion) } if b.Components != nil { @@ -99,6 +97,10 @@ func (b *BOM) convert(specVersion SpecVersion) { convertExternalReferences(b.ExternalReferences, specVersion) } + if b.Annotations != nil { + convertAnnotations(b.Annotations, specVersion) + } + b.SpecVersion = specVersion b.XMLNS = xmlNamespaces[specVersion] b.JSONSchema = jsonSchemas[specVersion] @@ -293,13 +295,39 @@ func convertLicenses(licenses *Licenses, specVersion SpecVersion) { if specVersion < SpecVersion1_6 { for i := range *licenses { choice := &(*licenses)[i] - if choice.License != nil { - choice.License.Acknowledgement = "" + if choice.License == nil { + continue + } + + choice.License.Acknowledgement = "" + + if choice.License.Licensing == nil { + continue + } + + if choice.License.Licensing.Licensor != nil { + convertOrganizationalEntity(choice.License.Licensing.Licensor.Organization, specVersion) + } + if choice.License.Licensing.Licensee != nil { + convertOrganizationalEntity(choice.License.Licensing.Licensee.Organization, specVersion) + } + if choice.License.Licensing.Purchaser != nil { + convertOrganizationalEntity(choice.License.Licensing.Purchaser.Organization, specVersion) } } } } +func convertOrganizationalEntity(org *OrganizationalEntity, specVersion SpecVersion) { + if org == nil { + return + } + + if specVersion < SpecVersion1_6 { + org.Address = nil + } +} + func convertVulnerabilities(vulns *[]Vulnerability, specVersion SpecVersion) { if vulns == nil { return @@ -316,6 +344,16 @@ func convertVulnerabilities(vulns *[]Vulnerability, specVersion SpecVersion) { vuln.Workaround = "" } + if specVersion < SpecVersion1_6 { + if vuln.Credits != nil { + if vuln.Credits.Organizations != nil { + for i := range *vuln.Credits.Organizations { + convertOrganizationalEntity(&(*vuln.Credits.Organizations)[i], specVersion) + } + } + } + } + if vuln.Ratings != nil { for j := range *vuln.Ratings { rating := &(*vuln.Ratings)[j] @@ -327,6 +365,25 @@ func convertVulnerabilities(vulns *[]Vulnerability, specVersion SpecVersion) { } } +func convertAnnotations(annotations *[]Annotation, specVersion SpecVersion) { + if annotations == nil { + return + } + + if specVersion < SpecVersion1_6 { + for i := range *annotations { + ann := (*annotations)[i] + + if ann.Annotator == nil { + continue + } + + convertOrganizationalEntity(ann.Annotator.Organization, specVersion) + recurseService(ann.Annotator.Service, serviceConverter(specVersion)) + } + } +} + // serviceConverter modifies a Service such that it adheres to a given SpecVersion. func serviceConverter(specVersion SpecVersion) func(*Service) { return func(s *Service) { @@ -338,6 +395,7 @@ func serviceConverter(specVersion SpecVersion) func(*Service) { s.ReleaseNotes = nil } + convertOrganizationalEntity(s.Provider, specVersion) convertExternalReferences(s.ExternalReferences, specVersion) } } @@ -379,6 +437,12 @@ func convertTools(tools *ToolsChoice, specVersion SpecVersion) { } } + if tools.Services != nil { + for i := range *tools.Services { + convertOrganizationalEntity((*tools.Services)[i].Provider, specVersion) + } + } + if tools.Tools != nil { for i := range *tools.Tools { convertTool(&(*tools.Tools)[i], specVersion) diff --git a/convert_test.go b/convert_test.go index 9699ecb..cb781da 100644 --- a/convert_test.go +++ b/convert_test.go @@ -93,3 +93,66 @@ func Test_convertLicenses(t *testing.T) { assert.Zero(t, (*(*bom.Components)[0].Licenses)[0].License.Acknowledgement) }) } + +func Test_convertTools_OrganizationalEntity(t *testing.T) { + t.Run("spec 1.5 and lower", func(t *testing.T) { + orgStub := func() *OrganizationalEntity { + t.Helper() + return &OrganizationalEntity{ + Name: "Acme Corp", + Address: &PostalAddress{}, + } + } + + bom := NewBOM() + bom.Metadata = &Metadata{ + Manufacture: orgStub(), + Supplier: orgStub(), + Tools: &ToolsChoice{ + Services: &[]Service{{Provider: orgStub()}}, + }, + Licenses: &Licenses{ + { + License: &License{ + Licensing: &Licensing{ + Licensor: &OrganizationalEntityOrContact{Organization: orgStub()}, + Licensee: &OrganizationalEntityOrContact{Organization: orgStub()}, + Purchaser: &OrganizationalEntityOrContact{Organization: orgStub()}, + }, + }, + }, + }, + } + bom.Vulnerabilities = &[]Vulnerability{ + { + ID: "some-vuln", + Credits: &Credits{ + Organizations: &[]OrganizationalEntity{*orgStub()}, + }, + }, + } + bom.Annotations = &[]Annotation{ + { + Annotator: &Annotator{ + Organization: orgStub(), + Service: &Service{Provider: orgStub()}, + }, + }, + } + + bom.convert(SpecVersion1_5) + + assert.Nil(t, bom.Metadata.Manufacture.Address) + assert.Nil(t, bom.Metadata.Supplier.Address) + assert.Nil(t, (*bom.Metadata.Tools.Services)[0].Provider.Address) + + assert.Nil(t, (*bom.Metadata.Licenses)[0].License.Licensing.Licensor.Organization.Address) + assert.Nil(t, (*bom.Metadata.Licenses)[0].License.Licensing.Licensee.Organization.Address) + assert.Nil(t, (*bom.Metadata.Licenses)[0].License.Licensing.Purchaser.Organization.Address) + + assert.Nil(t, (*(*bom.Vulnerabilities)[0].Credits.Organizations)[0].Address) + + assert.Nil(t, (*bom.Annotations)[0].Annotator.Organization.Address) + assert.Nil(t, (*bom.Annotations)[0].Annotator.Service.Provider.Address) + }) +}