Add component list tests; support copyright column

Signed-off-by: Matt Rutkowski <[email protected]>

cmd/component.go

@@ -57,6 +57,8 @@ const (
 	COMPONENT_FILTER_KEY_BOMREF        = "bom-ref"
 	COMPONENT_FILTER_KEY_SUPPLIER_NAME = "supplier-name"
 	COMPONENT_FILTER_KEY_SUPPLIER_URL  = "supplier-url"
+	COMPONENT_FILTER_KEY_NUM_LICENSES  = "number-licenses"
+	COMPONENT_FILTER_KEY_COPYRIGHT     = "copyright"
 )
 
 var VALID_COMPONENT_FILTER_KEYS = []string{
@@ -66,6 +68,8 @@ var VALID_COMPONENT_FILTER_KEYS = []string{
 	COMPONENT_FILTER_KEY_DESCRIPTION,
 	COMPONENT_FILTER_KEY_VERSION,
 	COMPONENT_FILTER_KEY_BOMREF,
+	COMPONENT_FILTER_KEY_NUM_LICENSES,
+	COMPONENT_FILTER_KEY_COPYRIGHT,
 }
 
 var COMPONENT_LIST_ROW_DATA = []ColumnFormatData{
@@ -77,6 +81,8 @@ var COMPONENT_LIST_ROW_DATA = []ColumnFormatData{
 	*NewColumnFormatData(COMPONENT_FILTER_KEY_SUPPLIER_NAME, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false),
 	*NewColumnFormatData(COMPONENT_FILTER_KEY_SUPPLIER_URL, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false),
 	*NewColumnFormatData(COMPONENT_FILTER_KEY_BOMREF, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false),
+	*NewColumnFormatData(COMPONENT_FILTER_KEY_NUM_LICENSES, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false),
+	*NewColumnFormatData(COMPONENT_FILTER_KEY_COPYRIGHT, REPORT_DO_NOT_TRUNCATE, REPORT_SUMMARY_DATA, false),
 }
 
 // Flags. Reuse query flag values where possible
@@ -248,6 +254,9 @@ func sortComponents(entries []multimap.Entry) {
 	sort.Slice(entries, func(i, j int) bool {
 		resource1 := (entries[i].Value).(*schema.CDXComponentInfo)
 		resource2 := (entries[j].Value).(*schema.CDXComponentInfo)
+		if resource1.Group != resource2.Group {
+			return resource1.Group < resource2.Group
+		}
 		if resource1.Type != resource2.Type {
 			return resource1.Type < resource2.Type
 		}

cmd/report.go

@@ -149,11 +149,14 @@ func wrapTableRowText(maxChars int, joinChar string, columns ...interface{}) (ta
 			rowData[iCol] = strconv.FormatBool(data)
 		case int:
 			rowData[iCol] = strconv.Itoa(data)
+		case float64:
+			// NOTE: JSON Unmarshal() always decodes JSON Numbers as "float64" type
+			rowData[iCol] = strconv.FormatFloat(data, 'f', -1, 64)
 		case nil:
 			//getLogger().Tracef("nil value for column: `%v`", columnData.DataKey)
 			rowData[iCol] = REPORT_LIST_VALUE_NONE
 		default:
-			err = getLogger().Errorf("Unexpected type for report data: type: `%T`, value: `%v`", data, data)
+			err = getLogger().Errorf("Unexpected type for report data: column: %s, type: `%T`, value: `%v`", rowData[iCol], data, data)
 		}
 	}
 
@@ -252,6 +255,9 @@ func prepareReportLineData(structIn interface{}, formatData []ColumnFormatData,
 			lineData = append(lineData, strconv.FormatBool(typedData))
 		case int:
 			lineData = append(lineData, strconv.Itoa(typedData))
+		case float64:
+			// NOTE: JSON Unmarshal() always decodes JSON Numbers as "float64" type
+			lineData = append(lineData, strconv.FormatFloat(typedData, 'f', -1, 64))
 		case []interface{}:
 			// convert to []string
 			for _, value := range typedData {
@@ -281,7 +287,7 @@ func prepareReportLineData(structIn interface{}, formatData []ColumnFormatData,
 			//getLogger().Tracef("nil value for column: `%v`", columnData.DataKey)
 			lineData = append(lineData, REPORT_LIST_VALUE_NONE)
 		default:
-			err = getLogger().Errorf("Unexpected type for report data: type: `%T`, value: `%v`", data, data)
+			err = getLogger().Errorf("Unexpected type for report data: column: %s, type: `%T`, value: `%v`", columnData.DataKey, data, data)
 		}
 	}
 

cmd/resource_test.go

@@ -50,7 +50,6 @@ func (ti *ResourceTestInfo) String() string {
 
 func NewResourceTestInfo(inputFile string, outputFormat string, listSummary bool, whereClause string,
 	resultExpectedLineCount int, resourceType string) *ResourceTestInfo {
-
 	var ti = new(ResourceTestInfo)
 	var pCommon = &ti.CommonTestInfo
 	// initialize common fields
@@ -65,6 +64,8 @@ func NewResourceTestInfoBasic(inputFile string, listFormat string, resultExpecte
 	var ti = new(ResourceTestInfo)
 	var pCommon = &ti.CommonTestInfo
 	pCommon.InitBasic(inputFile, listFormat, resultExpectedError)
+	// Initialize resource-unique fields
+	ti.ResourceType = resourceType
 	return ti
 }
 

schema/cyclonedx_abstractions.go

@@ -50,23 +50,25 @@ func IsValidResourceType(value string) bool {
 // Please note that the JSON annotations MUST match those declared by
 // the CDX types CDXComponent and CDXService.
 type CDXResourceInfo struct {
-	IsRoot       bool
-	ResourceType string `json:"resource-type"`
-	Group        string `json:"group"`
-	Name         string `json:"name"`
-	Version      string `json:"version"`
-	Description  string `json:"description"`
-	BOMRef       string `json:"bom-ref"`
-	Properties   *[]CDXProperty
-	Component    CDXComponent
-	Service      CDXService
-	HasLicense   bool
+	IsRoot         bool
+	ResourceType   string `json:"resource-type"`
+	Group          string `json:"group"`
+	Name           string `json:"name"`
+	Version        string `json:"version"`
+	Description    string `json:"description"`
+	BOMRef         string `json:"bom-ref"`
+	NumberLicenses int    `json:"number-licenses"`
+	NumberHashes   int    `json:"number-hashes"`
+	Properties     *[]CDXProperty
+	Component      CDXComponent
+	Service        CDXService
+	HasLicense     bool
 }
 
 // -------------------
 // Components
 // -------------------
-// TODO: Supplier (*CDXOrganizationalEntity), Authors (*[]CDXOrganizationalContact)
+// TODO: Authors (*[]CDXOrganizationalContact)
 // TODO: HasHashes, HasLicenses, HasPedigree, HasEvidence, HasComponents, HasReleaseNotes
 // TODO: HasModelCard, HasData, HasTags, HasSignature (*JSFSignature)
 // TODO: OmniborId (new), Swhid (new)
@@ -77,8 +79,8 @@ type CDXComponentInfo struct {
 	Publisher    string   `json:"publisher"`
 	Scope        string   `json:"scope"`
 	Copyright    string   `json:"copyright"`
-	Cpe          string   `json:"cpe"`  // See: https://nvd.nist.gov/products/cpe
-	Purl         string   `json:"purl"` // See: https://github.com/package-url/purl-spec
+	Cpe          string   `json:"cpe"`
+	Purl         string   `json:"purl"`
 	Swid         *CDXSwid `json:"swid"`
 	CDXResourceInfo
 }
@@ -109,13 +111,20 @@ func (componentInfo *CDXComponentInfo) MapCDXComponentData(cdxComponent CDXCompo
 		}
 	}
 	componentInfo.Properties = cdxComponent.Properties
-	componentInfo.Type = cdxComponent.Type
 
 	// Mark the component has having no licenses declared (at all)
 	// TODO: Need to further mark ones that have licenses array, yet no valid (e.g., empty) license
-	if cdxComponent.Licenses == nil {
-		componentInfo.HasLicense = false
+	if cdxComponent.Licenses != nil {
+		numLicenses := len(*cdxComponent.Licenses)
+		if numLicenses > 0 {
+			componentInfo.HasLicense = true
+			componentInfo.NumberLicenses = numLicenses
+		}
 	}
+
+	// Component-specific fields/properties
+	componentInfo.Type = cdxComponent.Type
+	componentInfo.Copyright = cdxComponent.Copyright
 }
 
 // -------------------
@@ -159,8 +168,12 @@ func (serviceInfo *CDXServiceInfo) MapCDXServiceData(cdxService CDXService) {
 	serviceInfo.Properties = cdxService.Properties
 	// Mark the service has having no licenses declared (at all)
 	// TODO: Need to further mark ones that have licenses array, yet no valid (e.g., empty) license
-	if cdxService.Licenses == nil {
-		serviceInfo.HasLicense = false
+	if cdxService.Licenses != nil {
+		numLicenses := len(*cdxService.Licenses)
+		if numLicenses > 0 {
+			serviceInfo.HasLicense = true
+			serviceInfo.NumberLicenses = numLicenses
+		}
 	}
 }
 

test/cyclonedx/cdx-1-3-resource-list.json

@@ -65,6 +65,7 @@
       "name": "Library A",
       "version": "1.0.0",
       "description": "Library A description",
+      "copyright": "Copyright 2024 Apache Software Foundation",
       "licenses": [
         {
           "license": {
@@ -148,6 +149,7 @@
       "name": "Library E",
       "version": "1.0.0",
       "description": "Library E description.",
+      "copyright": "© E. Enterprises",
       "licenses": [
         {
           "license": {