fix: BaseSerializer discriminate nested components

jkowalleck · jkowalleck · commit e183d0c29d10 · 2022-08-15T02:10:26.000+02:00
fixes #175 Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
diff --git a/src/serialize/baseSerializer.ts b/src/serialize/baseSerializer.ts
@@ -17,7 +17,7 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
-import { Bom, BomRef } from '../models'
+import { Component, Bom, BomRef } from '../models'
 import { BomRefDiscriminator } from './bomRefDiscriminator'
 import { NormalizerOptions, Serializer, SerializerOptions } from './types'
 
@@ -38,12 +38,19 @@ export abstract class BaseSerializer<NormalizedBom> implements Serializer {
 
   #getAllBomRefs (bom: Bom): Iterable<BomRef> {
     const bomRefs = new Set<BomRef>()
+    function iterComponents (cs: Iterable<Component>): void {
+      for (const { bomRef, components } of cs) {
+        bomRefs.add(bomRef)
+        iterComponents(components)
+      }
+    }
+
     if (bom.metadata.component !== undefined) {
       bomRefs.add(bom.metadata.component.bomRef)
+      iterComponents(bom.metadata.component.components)
     }
-    for (const { bomRef } of bom.components) {
-      bomRefs.add(bomRef)
-    }
+    iterComponents(bom.components)
+
     return bomRefs.values()
   }
 
diff --git a/tests/integration/Serialize.JsonSerialize.test.js b/tests/integration/Serialize.JsonSerialize.test.js
@@ -25,6 +25,7 @@ const { createComplexStructure } = require('../_data/models')
 const { loadSerializeResult, writeSerializeResult } = require('../_data/serialize')
 
 const {
+  Models, Enums,
   Serialize: {
     JSON: { Normalize: { Factory: JsonNormalizeFactory } },
     JsonSerializer
@@ -52,6 +53,7 @@ describe('Serialize.JsonSerialize', function () {
 
     it('serialize', function () {
       const serializer = new JsonSerializer(normalizerFactory)
+
       const serialized = serializer.serialize(
         this.bom, {
           sortLists: true,
@@ -69,4 +71,56 @@ describe('Serialize.JsonSerialize', function () {
 
     // TODO add more tests
   }))
+
+  describe('make bom-refs unique', () => {
+    it('as expected', () => {
+      const bom = new Models.Bom({
+        metadata: new Models.Metadata({
+          component: new Models.Component(Enums.ComponentType.Library, 'root', {
+            bomRef: 'testing',
+            components: new Models.ComponentRepository([
+              new Models.Component(Enums.ComponentType.Library, 'c2', {
+                bomRef: 'testing'
+              })
+            ])
+          })
+        }),
+        components: new Models.ComponentRepository([
+          new Models.Component(Enums.ComponentType.Library, 'c1', {
+            bomRef: 'testing',
+            components: new Models.ComponentRepository([
+              new Models.Component(Enums.ComponentType.Library, 'c2', {
+                bomRef: 'testing'
+              })
+            ])
+          })
+        ])
+      })
+      const knownBomRefs = [
+        bom.metadata.component.bomRef,
+        [...bom.metadata.component.components][0].bomRef,
+        [...bom.components.values()][0].bomRef,
+        [...[...bom.components][0].components][0].bomRef
+      ]
+      const normalizedBomRefs = new Set(/* will be filled on call */)
+      const bomNormalizer = {
+        normalize: (bom) => {
+          normalizedBomRefs.add(bom.metadata.component.bomRef.value)
+          normalizedBomRefs.add([...bom.metadata.component.components][0].bomRef.value)
+          normalizedBomRefs.add([...bom.components.values()][0].bomRef.value)
+          normalizedBomRefs.add([...[...bom.components][0].components][0].bomRef.value)
+          return {}
+        }
+      }
+      const normalizerFactory = { makeForBom: () => bomNormalizer, spec: Spec1dot4 }
+      const serializer = new JsonSerializer(normalizerFactory)
+
+      serializer.serialize(bom)
+
+      assert.strictEqual(normalizedBomRefs.has('testing'), true)
+      assert.strictEqual(normalizedBomRefs.size, 4, 'not every value was unique')
+      // everything back to before - all have
+      knownBomRefs.forEach(({ value }) => assert.strictEqual(value, 'testing'))
+    })
+  })
 })
diff --git a/tests/integration/Serialize.XmlSerialize.test.js b/tests/integration/Serialize.XmlSerialize.test.js
@@ -25,6 +25,7 @@ const { createComplexStructure } = require('../_data/models')
 const { loadSerializeResult, writeSerializeResult } = require('../_data/serialize')
 
 const {
+  Models, Enums,
   Serialize: {
     XML: { Normalize: { Factory: XmlNormalizeFactory } },
     XmlSerializer
@@ -52,6 +53,7 @@ describe('Serialize.XmlSerialize', function () {
 
     it('serialize', function () {
       const serializer = new XmlSerializer(normalizerFactory)
+
       const serialized = serializer.serialize(
         this.bom, {
           sortLists: true,
@@ -69,4 +71,51 @@ describe('Serialize.XmlSerialize', function () {
 
     // TODO add more tests
   }))
+
+  describe('make bom-refs unique', () => {
+    it('as expected', () => {
+      const bom = new Models.Bom({
+        metadata: new Models.Metadata({
+          component: new Models.Component(Enums.ComponentType.Library, 'root', {
+            bomRef: 'testing'
+          })
+        }),
+        components: new Models.ComponentRepository([
+          new Models.Component(Enums.ComponentType.Library, 'c1', {
+            bomRef: 'testing',
+            components: new Models.ComponentRepository([
+              new Models.Component(Enums.ComponentType.Library, 'c2', {
+                bomRef: 'testing'
+              })
+            ])
+          })
+        ])
+      })
+      const knownBomRefs = [
+        bom.metadata.component.bomRef,
+        [...bom.metadata.component.components][0].bomRef,
+        [...bom.components.values()][0].bomRef,
+        [...[...bom.components][0].components][0].bomRef
+      ]
+      const normalizedBomRefs = new Set(/* will be filled on call */)
+      const bomNormalizer = {
+        normalize: (bom) => {
+          normalizedBomRefs.add(bom.metadata.component.bomRef.value)
+          normalizedBomRefs.add([...bom.metadata.component.components][0].bomRef.value)
+          normalizedBomRefs.add([...bom.components.values()][0].bomRef.value)
+          normalizedBomRefs.add([...[...bom.components][0].components][0].bomRef.value)
+          return { type: 'element', name: 'dummy' }
+        }
+      }
+      const normalizerFactory = { makeForBom: () => bomNormalizer, spec: Spec1dot4 }
+      const serializer = new XmlSerializer(normalizerFactory)
+
+      serializer.serialize(bom)
+
+      assert.strictEqual(normalizedBomRefs.has('testing'), true)
+      assert.strictEqual(normalizedBomRefs.size, 4, 'not every value was unique')
+      // everything back to before - all have
+      knownBomRefs.forEach(({ value }) => assert.strictEqual(value, 'testing'))
+    })
+  })
 })
