PackageUrlFactory::makeFromComponent() checksums and download_url

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

Diff for: HISTORY.md

@@ -14,8 +14,12 @@ All notable changes to this project will be documented in this file.
     * `Serialize.JsonSerializer.normalizerFactory`
     * `Serialize.XmlBaseSerializer.normalizerFactory`,  
       `Serialize.XmlSerializer.normalizerFactory`
+  * Factory for `PackageURL` from `Models.Component` can handle additional data sources. (via [#146])
+    * `Models.Component.hashes` map -> `PackageURL.qualifiers.checksum` list
+    * `Models.Component.externalReferences[distribution].url` -> `PackageURL.qualifiers.download_url`
 
 [#145]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/145
+[#146]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/146
 
 ## 1.1.0 - 2022-07-29
 

Diff for: src/factories/packageUrl.ts

@@ -32,18 +32,37 @@ export class PackageUrlFactory {
     return this.#type
   }
 
-  makeFromComponent (component: Component): PackageURL | undefined {
+  makeFromComponent (component: Component, sort: boolean = false): PackageURL | undefined {
+    /**
+     * For the list/spec of the well-known keys, see
+     * {@link https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst#known-qualifiers-keyvalue-pairs}
+     */
     const qualifiers: PackageURL['qualifiers'] = {}
     let subpath: PackageURL['subpath']
 
-    for (const e of component.externalReferences) {
-      if (e.type === ExternalReferenceType.VCS) {
-        [qualifiers.vcs_url, subpath] = e.url.toString().split('#', 2)
-        break
+    const extRefs = component.externalReferences
+    for (const extRef of (sort ? extRefs.sorted() : extRefs)) {
+      switch (extRef.type) {
+        case ExternalReferenceType.VCS:
+          [qualifiers.vcs_url, subpath] = extRef.url.toString().split('#', 2)
+          break
+        case ExternalReferenceType.Distribution:
+          qualifiers.download_url = extRef.url.toString()
+          break
       }
     }
 
+    const hashes = component.hashes
+    if (hashes.size > 0) {
+      qualifiers.checksum = Array.from(
+        sort ? hashes.sorted() : hashes,
+        ([hashAlgo, hashCont]) => `${hashAlgo.toLowerCase()}:${hashCont.toLowerCase()}`
+      ).join(',')
+    }
+
     try {
+      // Do not beautify the parameters here, because that is in the domain of PackageURL and its representation.
+      // No need to convert an empty `subpath` string to `undefined` and such.
       return new PackageURL(
         this.#type,
         component.group,

Diff for: tests/integration/Factories.PackageUrlFactory.test.js

@@ -62,7 +62,7 @@ suite('Factories.PackageUrlFactory', () => {
       assert.deepStrictEqual(actual, expected)
     })
 
-    test('vcs-url without subpath', () => {
+    test('extRef[vcs] -> qualifiers.vcs-url without subpath', () => {
       const component = new Models.Component(
         Enums.ComponentType.Library,
         `name-${salt}`,
@@ -77,7 +77,7 @@ suite('Factories.PackageUrlFactory', () => {
       assert.deepStrictEqual(actual, expected)
     })
 
-    test('vcs-url with subpath', () => {
+    test('extRef[vcs] -> qualifiers.vcs-url with subpath', () => {
       const component = new Models.Component(
         Enums.ComponentType.Library,
         `name-${salt}`,
@@ -91,5 +91,19 @@ suite('Factories.PackageUrlFactory', () => {
       const actual = sut.makeFromComponent(component)
       assert.deepStrictEqual(actual, expected)
     })
+
+    test('extRef[distribution] -> qualifiers.download_url', () => {
+      assert.strictEqual(false, true, 'TODO')
+    })
+
+    test('hashes -> qualifiers.checksum', () => {
+      assert.strictEqual(false, true, 'TODO')
+    })
+
+    test('sorted', () => {
+      assert.strictEqual(false, true, 'TODO')
+    })
   })
+
+
 })