Track php per-module tree (CycloneDX#1475)

* Track php per-module tree Signed-off-by: Prabhu Subramanian <[email protected]> * Bug fix Signed-off-by: Prabhu Subramanian <[email protected]> --------- Signed-off-by: Prabhu Subramanian <[email protected]>
AnsahMohammad · Dec 2, 2024 · a720d3b · a720d3b
1 parent 5abfcd5
commit a720d3b
Show file tree

Hide file tree

Showing 14 changed files with 348 additions and 202 deletions.
diff --git a/deno.json b/deno.json
@@ -60,7 +60,7 @@
     "find-up": "npm:[email protected]",
     "glob": "npm:glob@^11.0.0",
     "global-agent": "npm:global-agent@^3.0.0",
-    "got": "npm:got@^14.4.4",
+    "got": "npm:got@^14.4.5",
     "iconv-lite": "npm:iconv-lite@^0.6.3",
     "js-yaml": "npm:js-yaml@^4.1.0",
     "jws": "npm:jws@^4.0.0",

diff --git a/lib/cli/index.js b/lib/cli/index.js
@@ -92,6 +92,7 @@ import {
   parseCljDep,
   parseCloudBuildData,
   parseCmakeLikeFile,
+  parseComposerJson,
   parseComposerLock,
   parseConanData,
   parseConanLockData,
@@ -817,6 +818,7 @@ function addComponent(
   if (!isRootPkg) {
     const pkgIdentifier = parsePackageJsonName(pkg.name);
     const author = pkg.author || undefined;
+    const authors = pkg.authors || undefined;
     const publisher = pkg.publisher || undefined;
     let group = pkg.group || pkgIdentifier.scope;
     // Create empty group
@@ -869,6 +871,7 @@ function addComponent(
     }
     const component = {
       author,
+      authors,
       publisher,
       group,
       name,
@@ -920,6 +923,15 @@ function addComponent(
       component.authors = authorsList;
       delete component.author;
     }
+    // Downgrade authors section for < 1.5 :(
+    if (options.specVersion < 1.6) {
+      if (component?.authors?.length) {
+        component.author = component.authors
+          .map((a) => (a.email ? `${a.name} <${a.email}>` : a.name))
+          .join(",");
+      }
+      delete component.authors;
+    }
     // Retain any tags
     if (
       options.specVersion >= 1.6 &&
@@ -4850,57 +4862,46 @@ export function createPHPBom(path, options) {
     options,
   );
   if (composerLockFiles.length) {
+    // Look for any root composer.json to capture the parentComponent
+    if (existsSync(join(path, "composer.json"))) {
+      const { moduleParent } = parseComposerJson(join(path, "composer.json"));
+      parentComponent = moduleParent;
+    }
     for (const f of composerLockFiles) {
       const basePath = dirname(f);
+      let moduleParent;
       if (DEBUG_MODE) {
         console.log(`Parsing ${f}`);
       }
-      let rootRequires = [];
-      // Is there a composer.json to find the parent component
-      if (
-        !Object.keys(parentComponent).length &&
-        existsSync(join(basePath, "composer.json"))
-      ) {
-        const composerData = JSON.parse(
-          readFileSync(join(basePath, "composer.json"), { encoding: "utf-8" }),
-        );
-        rootRequires = composerData.require;
-        const pkgName = composerData.name;
-        if (pkgName) {
-          parentComponent.group = dirname(pkgName);
-          if (parentComponent.group === ".") {
-            parentComponent.group = "";
-          }
-          parentComponent.name = basename(pkgName);
-          parentComponent.type = "application";
-          parentComponent.version = composerData.version || "latest";
-          parentComponent["bom-ref"] = decodeURIComponent(
-            new PackageURL(
-              "composer",
-              parentComponent.group,
-              parentComponent.name,
-              parentComponent.version,
-              null,
-              null,
-            ).toString(),
-          );
+      const rootRequires = [];
+      // Is there a composer.json to find the module parent component
+      if (existsSync(join(basePath, "composer.json"))) {
+        const retMap = parseComposerJson(join(basePath, "composer.json"));
+        moduleParent = retMap.moduleParent;
+        const rootRequires = retMap.rootRequires;
+        // Track all the modules in a mono-repo
+        if (!Object.keys(parentComponent).length) {
+          parentComponent = moduleParent;
+        } else {
+          parentComponent.components = parentComponent.components || [];
+          parentComponent.components.push(moduleParent);
         }
       }
       const retMap = parseComposerLock(f, rootRequires);
       if (retMap.pkgList?.length) {
         pkgList = pkgList.concat(retMap.pkgList);
       }
+      if (!moduleParent) {
+        moduleParent = createDefaultParentComponent(
+          basePath,
+          "composer",
+          options,
+        );
+      }
       if (retMap.dependenciesList) {
-        if (!Object.keys(parentComponent).length) {
-          parentComponent = createDefaultParentComponent(
-            path,
-            "composer",
-            options,
-          );
-        }
         // Complete the dependency tree by making parent component depend on the first level
         const pdependencies = {
-          ref: parentComponent["bom-ref"],
+          ref: moduleParent["bom-ref"],
           dependsOn: [
             ...new Set(retMap.rootList.map((p) => p["bom-ref"])),
           ].sort(),
@@ -4912,6 +4913,17 @@ export function createPHPBom(path, options) {
         );
       }
     }
+    // Complete the root dependency tree
+    if (parentComponent?.components?.length) {
+      const parentDependsOn = parentComponent.components.map(
+        (d) => d["bom-ref"],
+      );
+      dependencies = mergeDependencies(
+        [{ ref: parentComponent["bom-ref"], dependsOn: parentDependsOn }],
+        dependencies,
+        parentComponent,
+      );
+    }
     return buildBomNSData(options, pkgList, "composer", {
       src: path,
       filename: composerLockFiles.join(", "),