From 990019998d5918efdc94be601cec306098d781bf Mon Sep 17 00:00:00 2001
From: Matt Rutkowski <mrutkows@us.ibm.com>
Date: Wed, 1 May 2024 11:35:00 -0500
Subject: [PATCH] Update README to reflect new columns on resource list command

Signed-off-by: Matt Rutkowski <mrutkows@us.ibm.com>
---
 README.md                        | 51 ++++++++++++++++++--------------
 schema/bom_hash.go               | 39 ++++++++++++------------
 schema/cyclonedx_abstractions.go | 20 +++++++++++++
 3 files changed, 69 insertions(+), 41 deletions(-)

diff --git a/README.md b/README.md
index fbfac19e..d07a72d4 100644
--- a/README.md
+++ b/README.md
@@ -1276,21 +1276,22 @@ Currently, all `resource list` command results are sorted by resource `type` the
 ```
 
 ```bash
-type       name               version  bom-ref
-----       ----               -------  -------
-component  ACME Application   2.0.0    pkg:app/sample@1.0.0
-component  Library A          1.0.0    pkg:lib/libraryA@1.0.0
-component  Library B          1.0.0    pkg:lib/libraryB@1.0.0
-component  Library C          1.0.0    pkg:lib/libraryC@1.0.0
-component  Library D          1.0.0    pkg:lib/libraryD@1.0.0
-component  Library E          1.0.0    pkg:lib/libraryE@1.0.0
-component  Library F          1.0.0    pkg:lib/libraryF@1.0.0
-component  Library G          1.0.0    pkg:lib/libraryG@1.0.0
-component  Library H          1.0.0    pkg:lib/libraryH@1.0.0
-component  Library J          1.0.0    pkg:lib/libraryJ@1.0.0
-component  Library NoLicense  1.0.0    pkg:lib/libraryNoLicense@1.0.0
-service    Bar                         service:example.com/myservices/bar
-service    Foo                         service:example.com/myservices/foo
+resource-type  group   name               version  description                       bom-ref
+-------------  -----   ----               -------  -----------                       -------
+component              ACME Application   2.0.0    ACME sample application           pkg:app/sample@1.0.0
+component              Library A          1.0.0    Library A description             pkg:lib/libraryA@1.0.0
+component              Library C          1.0.0    Library C description.            pkg:lib/libraryC@1.0.0
+component              Library F          1.0.0    Library F description.            pkg:lib/libraryF@1.0.0
+component              Library G          1.0.0    Library G description.            pkg:lib/libraryG@1.0.0
+component              Library H          1.0.0    Library H description.            pkg:lib/libraryH@1.0.0
+component              Library NoLicense  1.0.0    Library "NoLicense" description.  pkg:lib/libraryNoLicense@1.0.0
+component      blue    Library B          1.0.0    Library B description.            pkg:lib/libraryB@1.0.0
+component      blue    Library E          1.0.0    Library E description.            pkg:lib/libraryE@1.0.0
+component      green   Library D          1.0.0    Library D description.            pkg:lib/libraryD@1.0.0
+component      green   Library J          1.0.0    Library J description.            pkg:lib/libraryJ@1.0.0
+service                Bar                         Bar service                       service:example.com/myservices/bar
+service                Foo                         Foo service                       service:example.com/myservices/foo
+
 ```
 
 ##### Example: resource list using `--type service`
@@ -1302,10 +1303,16 @@ This example uses the `type` flag to specific `service`.  The other valid type i
 ```
 
 ```bash
-type     name    version  bom-ref
-----     ----    -------  -------
-service  Bar              service:example.com/myservices/bar
-service  Foo              service:example.com/myservices/foo
+resource-type  group   name    version  description  bom-ref
+-------------  -----   ----    -------  -----------  -------
+service                Bar              Bar service  service:example.com/myservices/bar
+service                Foo              Foo service  service:example.com/myservices/foo
+```
+
+**Note** The results would be equivalent to using the `--where` filter:
+
+```bash
+./sbom-utility resource list -i test/cyclonedx/cdx-1-3-resource-list.json --where "resource-type=service" --quiet
 ```
 
 ##### Example: list with `name` regex match
@@ -1317,9 +1324,9 @@ This example uses the `where` filter on the `name` field. In this case we supply
 ```
 
 ```bash
-type       name       version  bom-ref
-----       ----       -------  -------
-component  Library A  1.0.0    pkg:lib/libraryA@1.0.0
+resource-type  group   name       version  description            bom-ref
+-------------  -----   ----       -------  -----------            -------
+component              Library A  1.0.0    Library A description  pkg:lib/libraryA@1.0.0
 ```
 
 ---
diff --git a/schema/bom_hash.go b/schema/bom_hash.go
index 196b0f4d..ac9e9f6a 100644
--- a/schema/bom_hash.go
+++ b/schema/bom_hash.go
@@ -79,7 +79,7 @@ func (bom *BOM) HashmapComponents(components []CDXComponent, whereFilters []comm
 // Hash a CDX Component and recursively those of any "nested" components
 // TODO: we should WARN if version is not a valid semver (e.g., examples/cyclonedx/BOM/laravel-7.12.0/bom.1.3.json)
 // TODO: Use pointer for CDXComponent
-func (bom *BOM) HashmapComponent(cdxComponent CDXComponent, whereFilters []common.WhereFilter, root bool) (hashed bool, err error) {
+func (bom *BOM) HashmapComponent(cdxComponent CDXComponent, whereFilters []common.WhereFilter, isRoot bool) (hashed bool, err error) {
 	getLogger().Enter()
 	defer getLogger().Exit(err)
 	//var componentInfo CDXResourceInfo
@@ -103,23 +103,24 @@ func (bom *BOM) HashmapComponent(cdxComponent CDXComponent, whereFilters []commo
 		getLogger().Warningf("component named `%s` missing `bom-ref`", cdxComponent.Name)
 	}
 
-	// hash any component w/o a license using special key name
-	componentInfo.IsRoot = root
-	componentInfo.ResourceType = RESOURCE_TYPE_COMPONENT
-	componentInfo.Component = cdxComponent
-	componentInfo.Name = cdxComponent.Name
-	if cdxComponent.BOMRef != nil {
-		ref := *cdxComponent.BOMRef
-		componentInfo.BOMRef = ref.String()
-	}
-	componentInfo.Group = cdxComponent.Group
-	componentInfo.Description = cdxComponent.Description
-	componentInfo.Version = cdxComponent.Version
-	if cdxComponent.Supplier != nil {
-		componentInfo.SupplierProvider = cdxComponent.Supplier
-	}
-	componentInfo.Properties = cdxComponent.Properties
-	componentInfo.Type = cdxComponent.Type
+	// // hash any component w/o a license using special key name
+	// componentInfo.IsRoot = root
+	// componentInfo.ResourceType = RESOURCE_TYPE_COMPONENT
+	// componentInfo.Component = cdxComponent
+	// componentInfo.Name = cdxComponent.Name
+	// if cdxComponent.BOMRef != nil {
+	// 	ref := *cdxComponent.BOMRef
+	// 	componentInfo.BOMRef = ref.String()
+	// }
+	// componentInfo.Group = cdxComponent.Group
+	// componentInfo.Description = cdxComponent.Description
+	// componentInfo.Version = cdxComponent.Version
+	// if cdxComponent.Supplier != nil {
+	// 	componentInfo.SupplierProvider = cdxComponent.Supplier
+	// }
+	// componentInfo.Properties = cdxComponent.Properties
+	// componentInfo.Type = cdxComponent.Type
+	componentInfo.MapCDXComponentData(cdxComponent, isRoot)
 
 	var match bool = true
 	if len(whereFilters) > 0 {
@@ -137,7 +138,7 @@ func (bom *BOM) HashmapComponent(cdxComponent CDXComponent, whereFilters []commo
 	// Recursively hash licenses for all child components (i.e., hierarchical composition)
 	pComponent := cdxComponent.Components
 	if pComponent != nil && len(*pComponent) > 0 {
-		err = bom.HashmapComponents(*cdxComponent.Components, whereFilters, root)
+		err = bom.HashmapComponents(*cdxComponent.Components, whereFilters, isRoot)
 		if err != nil {
 			return
 		}
diff --git a/schema/cyclonedx_abstractions.go b/schema/cyclonedx_abstractions.go
index a4ce7419..389ce284 100644
--- a/schema/cyclonedx_abstractions.go
+++ b/schema/cyclonedx_abstractions.go
@@ -81,6 +81,26 @@ type CDXComponentInfo struct {
 	CDXResourceInfo
 }
 
+func (componentInfo *CDXComponentInfo) MapCDXComponentData(cdxComponent CDXComponent, isRoot bool) {
+	// hash any component w/o a license using special key name
+	componentInfo.IsRoot = isRoot
+	componentInfo.ResourceType = RESOURCE_TYPE_COMPONENT
+	componentInfo.Component = cdxComponent
+	componentInfo.Name = cdxComponent.Name
+	if cdxComponent.BOMRef != nil {
+		ref := *cdxComponent.BOMRef
+		componentInfo.BOMRef = ref.String()
+	}
+	componentInfo.Group = cdxComponent.Group
+	componentInfo.Description = cdxComponent.Description
+	componentInfo.Version = cdxComponent.Version
+	if cdxComponent.Supplier != nil {
+		componentInfo.SupplierProvider = cdxComponent.Supplier
+	}
+	componentInfo.Properties = cdxComponent.Properties
+	componentInfo.Type = cdxComponent.Type
+}
+
 // -------------------
 // Services
 // -------------------