Merge pull request #272 from ruromero/unknown-deps

ruromero · web-flow · commit 58314b125aa6 · 2024-02-06T22:10:42.000+01:00
feat: consider components with unknown deps as direct deps
diff --git a/src/main/java/com/redhat/exhort/integration/backend/sbom/cyclonedx/CycloneDxParser.java b/src/main/java/com/redhat/exhort/integration/backend/sbom/cyclonedx/CycloneDxParser.java
@@ -27,6 +27,7 @@
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
+import java.util.function.Predicate;
 import java.util.stream.Collectors;
 
 import org.cyclonedx.model.Bom;
@@ -109,6 +110,7 @@ private Map<PackageRef, DirectDependency> buildDependencies(
                           .toList();
                     }));
     List<PackageRef> directDeps;
+    addUnknownDependencies(dependencies, componentPurls);
     if (rootRef != null && dependencies.get(rootRef) != null) {
       directDeps = dependencies.get(rootRef);
     } else {
@@ -123,6 +125,15 @@ private Map<PackageRef, DirectDependency> buildDependencies(
         .collect(Collectors.toMap(DirectDependency::ref, d -> d));
   }
 
+  private void addUnknownDependencies(
+      Map<PackageRef, List<PackageRef>> dependencies, Map<String, PackageRef> componentPurls) {
+    Set<PackageRef> knownDeps = new HashSet<>(dependencies.keySet());
+    dependencies.values().forEach(v -> knownDeps.addAll(v));
+    componentPurls.values().stream()
+        .filter(Predicate.not(knownDeps::contains))
+        .forEach(d -> dependencies.put(d, Collections.emptyList()));
+  }
+
   // The SBOM generator does not have info about the dependency hierarchy
   private Map<PackageRef, DirectDependency> buildUnknownDependencies(
       Map<String, PackageRef> componentPurls) {
diff --git a/src/main/java/com/redhat/exhort/integration/providers/ProviderResponseHandler.java b/src/main/java/com/redhat/exhort/integration/providers/ProviderResponseHandler.java
@@ -85,23 +85,32 @@ public ProviderResponse aggregateSplit(ProviderResponse oldExchange, ProviderRes
     if (oldExchange.status() != null && !Boolean.TRUE.equals(oldExchange.status().getOk())) {
       return oldExchange;
     }
-    oldExchange
-        .issues()
-        .entrySet()
-        .forEach(
-            e -> {
-              var issues = newExchange.issues().get(e.getKey());
-              if (issues != null) {
-                e.getValue().addAll(issues);
-              }
-            });
-    newExchange.issues().keySet().stream()
-        .filter(k -> !oldExchange.issues().keySet().contains(k))
-        .forEach(
-            k -> {
-              oldExchange.issues().put(k, newExchange.issues().get(k));
-            });
-    return oldExchange;
+    var exchange = new ProviderResponse(new HashMap<>(), oldExchange.status());
+    if (oldExchange.issues() != null) {
+      exchange.issues().putAll(oldExchange.issues());
+    }
+    if (newExchange.issues() != null) {
+      exchange
+          .issues()
+          .entrySet()
+          .forEach(
+              e -> {
+                var issues = newExchange.issues().get(e.getKey());
+                if (issues != null) {
+                  e.getValue().addAll(issues);
+                }
+              });
+
+      newExchange.issues().keySet().stream()
+          .filter(k -> !exchange.issues().keySet().contains(k))
+          .forEach(
+              k -> {
+                exchange.issues().put(k, newExchange.issues().get(k));
+              });
+    } else if (Boolean.FALSE.equals(newExchange.status().getOk())) {
+      return new ProviderResponse(exchange.issues(), newExchange.status());
+    }
+    return exchange;
   }
 
   protected ProviderStatus defaultOkStatus(String provider) {
