[elbe-devel] [PATCH 1/1] elbepack: commands: cyclonedx-sbom.py: minor code fixes

Thomas Weißschuh t-8ch at linutronix.de
Tue May 7 15:40:33 CEST 2024 

Hi,

please create all patch revisions against the repository state.
Not as interdiff between the revisions.

On Tue, May 07, 2024 at 03:12:29PM GMT, Eduard Krein wrote:
> minor code fixes
> 
> Signed-off-by: Eduard Krein <eduard.krein at linutronix.de>
> ---
>  elbepack/commands/cyclonedx-sbom.py | 48 ++++++++++++++++++-----------
>  1 file changed, 30 insertions(+), 18 deletions(-)
> 
> diff --git a/elbepack/commands/cyclonedx-sbom.py b/elbepack/commands/cyclonedx-sbom.py
> index e8fce54f..765318ae 100644
> --- a/elbepack/commands/cyclonedx-sbom.py
> +++ b/elbepack/commands/cyclonedx-sbom.py
> @@ -2,19 +2,25 @@
>  
>  import datetime
>  import json
> +import optparse
>  import os
> -from json import JSONEncoder
> -from optparse import OptionParser
> +import sys
>  
>  from elbepack.elbexml import ElbeXML
>  from elbepack.uuid7 import uuid7
>  
>  
> +class CycloneDXEncoder(json.JSONEncoder):
> +    def default(self, obj):
> +        if isinstance(obj, (datetime.date, datetime.datetime)):
> +            return obj.isoformat()
> +
> +
>  def run_command(argv):
>  
> -    oparser = OptionParser()
> -    oparser.add_option('-d', type='string', dest='elbe_build')
> -    (options, args) = oparser.parse_args()
> +    oparser = optparse.OptionParser()
> +    oparser.add_option('-d', dest='elbe_build')
> +    options, args = oparser.parse_args()
>  
>      xmlpath = os.path.join(options.elbe_build, 'source.xml')
>      data = ElbeXML(xmlpath)
> @@ -22,16 +28,22 @@ def run_command(argv):
>      elbe_uuid = uuid7(ts)
>      urn_uuid = 'urn:uuid:' + str(elbe_uuid)
>      elbeversion = data.get_elbe_version()
> -    output = {'bomFormat': 'CycloneDX', 'specVersion': '1.4',
> -              'serialNumber': urn_uuid, 'version': 1, 'metadata':
> -              {'timestamp': ts, 'tools': [{'vendor': 'Linutronix',
> -               'name': 'Elbe', 'version': elbeversion}]}}
> -
> -    json_string = json.dumps(output, indent=2, cls=DateTimeEncoder)
> -    print(json_string)
> -
> -
> -class DateTimeEncoder(JSONEncoder):
> -    def default(self, obj):
> -        if isinstance(obj, (datetime.date, datetime.datetime)):
> -            return obj.isoformat()
> +    output = {
> +        'bomFormat': 'CycloneDX',
> +        'specVersion': '1.4',
> +        'serialNumber': urn_uuid,
> +        'version': 1,
> +        'metadata': {
> +          'timestamp': ts,
> +          'tools': [
> +            {
> +              'vendor': 'Linutronix',
> +              'name': 'Elbe',
> +              'version': elbeversion

Trailing commas everywhere please.

> +            }

Comma,

> +          ]

Comma,

> +        }

Comma,

> +    }
> +
> +    json.dump(output, sys.stdout, indent=2, cls=CycloneDXEncoder)
> +    sys.stdout.write('\n')

Also some testcases would be great.
Can you send them with the v3?

It would be great to have a built source.xml (from one of the examples)
as a testcase that then gets processed by the tool.

Then the test should compare that output against a checked-in reference
document and also validate the output against the CycloneDX schema.

Doing this now has the advantage that later you can focus on the real
features and the testcases can grow together with those.


Thanks,
Thomas

More information about the elbe-devel mailing list