fix: revive root component in generated sbom for python pip

Signed-off-by: Jude Niroshan <jude.niroshan11@gmail.com>
RHEcosystemAppEng · Apr 27, 2024 · f362c32 · f362c32
1 parent 62e4445
commit f362c32
Showing 1 changed file with 4 additions and 18 deletions.
diff --git a/src/main/java/com/redhat/exhort/providers/PythonPipProvider.java b/src/main/java/com/redhat/exhort/providers/PythonPipProvider.java
@@ -42,6 +42,8 @@
 public final class PythonPipProvider extends Provider {
 
   private Logger log = LoggersFactory.getLogger(this.getClass().getName());
+  private static final String DEFAULT_PIP_ROOT_COMPONENT_NAME = "default-pip-root";
+  private static final String DEFAULT_PIP_ROOT_COMPONENT_VERSION = "0.0.0";
 
   public void setPythonController(PythonControllerBase pythonController) {
     this.pythonController = pythonController;
@@ -76,22 +78,14 @@ public Content provideStack(Path manifestPath) throws IOException {
         pythonController.getDependencies(manifestPath.toString(), true);
     printDependenciesTree(dependencies);
     Sbom sbom = SbomFactory.newInstance(Sbom.BelongingCondition.PURL, "sensitive");
-    try {
-      sbom.addRoot(new PackageURL(Ecosystem.Type.PYTHON.getType(), "root"));
-    } catch (MalformedPackageURLException e) {
-      throw new RuntimeException(e);
-    }
+    sbom.addRoot(toPurl(DEFAULT_PIP_ROOT_COMPONENT_NAME, DEFAULT_PIP_ROOT_COMPONENT_VERSION));
     dependencies.stream()
         .forEach(
             (component) -> {
               addAllDependencies(sbom.getRoot(), component, sbom);
             });
     byte[] requirementsFile = Files.readAllBytes(manifestPath);
     handleIgnoredDependencies(new String(requirementsFile), sbom);
-    // In python' pip requirements.txt, there is no real root element, then need to remove dummy
-    // root element that
-    // was created for creating the sbom.
-    sbom.removeRootComponent();
     return new Content(
         sbom.getAsJsonString().getBytes(StandardCharsets.UTF_8), Api.CYCLONEDX_MEDIA_TYPE);
   }
@@ -132,11 +126,7 @@ public Content provideComponent(byte[] manifestContent) throws IOException {
         pythonController.getDependencies(manifestPath.toString(), false);
     printDependenciesTree(dependencies);
     Sbom sbom = SbomFactory.newInstance();
-    try {
-      sbom.addRoot(new PackageURL(Ecosystem.Type.PYTHON.getType(), "root"));
-    } catch (MalformedPackageURLException e) {
-      throw new RuntimeException(e);
-    }
+    sbom.addRoot(toPurl(DEFAULT_PIP_ROOT_COMPONENT_NAME, DEFAULT_PIP_ROOT_COMPONENT_VERSION));
     dependencies.stream()
         .forEach(
             (component) -> {
@@ -147,10 +137,6 @@ public Content provideComponent(byte[] manifestContent) throws IOException {
     Files.delete(manifestPath);
     Files.delete(tempRepository);
     handleIgnoredDependencies(new String(manifestContent), sbom);
-    // In python' pip requirements.txt, there is no real root element, then need to remove dummy
-    // root element that
-    // was created for creating the sbom.
-    sbom.removeRootComponent();
     return new Content(
         sbom.getAsJsonString().getBytes(StandardCharsets.UTF_8), Api.CYCLONEDX_MEDIA_TYPE);
   }