Merge pull request #5 from ozonru/release/1.1.0

Release/1.1.0

go.mod

@@ -2,4 +2,7 @@ module github.com/ozonru/cyclonedx-go
 
 go 1.13
 
-require github.com/google/uuid v1.1.1
+require (
+	github.com/google/uuid v1.1.1
+	github.com/package-url/packageurl-go v0.1.0
+)

go.sum

@@ -1,2 +1,4 @@
 github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/package-url/packageurl-go v0.1.0 h1:efWBc98O/dBZRg1pw2xiDzovnlMjCa9NPnfaiBduh8I=
+github.com/package-url/packageurl-go v0.1.0/go.mod h1:C/ApiuWpmbpni4DIOECf6WCjFUZV7O1Fx7VAzrZHgBw=

internal/bom/bom.go

@@ -5,6 +5,7 @@ import (
 	"encoding/json"
 	"encoding/xml"
 	"github.com/google/uuid"
+	"github.com/package-url/packageurl-go"
 	"io"
 	"os/exec"
 	"strings"
@@ -22,12 +23,33 @@ type Component struct {
 	Type    string   `xml:"type,attr"`
 	Name    string   `xml:"name"`
 	Version string   `xml:"version"`
+	PURL    string   `xml:"purl"`
 }
 
 func (m Module) NormalizeVersion(v string) string {
 	return strings.TrimPrefix(v, "v")
 }
 
+func (m Module) PURL() string {
+	var ns, n string
+	n = m.Path
+	chunks := strings.Split(m.Path, "/")
+
+	if len(chunks) > 1 {
+		ns = strings.Join(chunks[:len(chunks)-1], "/")
+		n = chunks[len(chunks)-1]
+	}
+
+	p := packageurl.NewPackageURL(
+		packageurl.TypeGolang,
+		ns,
+		n,
+		m.NormalizeVersion(m.Version),
+		nil,
+		"")
+	return p.ToString()
+}
+
 // See https://cyclonedx.org/docs/1.1/
 type BOM struct {
 	XMLName      xml.Name    `xml:"bom"`
@@ -37,19 +59,11 @@ type BOM struct {
 	Components   []Component `xml:"components>component"`
 }
 
-func Generate() (string, error) {
+func GenerateFromJSON(j []byte) (string, error) {
 	var result string
-
-	cmd := exec.Command("go", "list", "-json", "-m", "all")
-	out, err := cmd.Output()
-
-	if err != nil {
-		return result, err
-	}
-
 	bom := BOM{XMLNs: "http://cyclonedx.org/schema/bom/1.1", Version: 1}
 	bom.SerialNumber = uuid.New().URN()
-	dec := json.NewDecoder(bytes.NewReader(out))
+	dec := json.NewDecoder(bytes.NewReader(j))
 	var components []Component
 
 	for {
@@ -64,6 +78,7 @@ func Generate() (string, error) {
 		if m.Main != true {
 			c.Name = m.Path
 			c.Type = "library"
+			c.PURL = m.PURL()
 			c.Version = m.NormalizeVersion(m.Version)
 			components = append(components, c)
 		}
@@ -76,3 +91,16 @@ func Generate() (string, error) {
 	result = xml.Header + string(xmlOut)
 	return result, nil
 }
+
+func Generate() (string, error) {
+	var result string
+
+	cmd := exec.Command("go", "list", "-json", "-m", "all")
+	out, err := cmd.Output()
+
+	if err != nil {
+		return result, err
+	}
+
+	return GenerateFromJSON(out)
+}

internal/bom/bom_test.go

@@ -0,0 +1,42 @@
+package bom
+
+import (
+	"testing"
+	"encoding/xml"
+)
+
+var inputData []byte = []byte(`{
+"Path": "github.com/google/uuid",
+"Version": "v1.1.1",
+"Time": "2019-02-27T21:05:49Z",
+"Dir": "/go/pkg/mod/github.com/google/[email protected]",
+"GoMod": "/go/pkg/mod/cache/download/github.com/google/uuid/@v/v1.1.1.mod"
+}`)
+
+func TestName(t *testing.T) {
+	var b BOM
+	want := "github.com/google/uuid"
+	xmlResult, _ := GenerateFromJSON(inputData)
+	_ = xml.Unmarshal([]byte(xmlResult), &b)
+	if got := b.Components[0].Name; got != want {
+		t.Errorf(
+		"Package name from result CycloneDX BOM = %q, want %q",
+		got,
+		want,
+		)
+	}
+}
+
+func TestVersion(t *testing.T) {
+	var b BOM
+	want := "1.1.1"
+	xmlResult, _ := GenerateFromJSON(inputData)
+	_ = xml.Unmarshal([]byte(xmlResult), &b)
+	if got := b.Components[0].Version; got != want {
+		t.Errorf(
+		"Package version from result CycloneDX BOM = %q, want %q",
+		got,
+		want,
+		)
+	}
+}