From 85b0c92a6361edd712c276ebab1c1951ecc4e071 Mon Sep 17 00:00:00 2001 From: Jordan Wong Date: Wed, 20 Dec 2023 15:40:18 -1000 Subject: [PATCH 1/2] Fix compare --- .../plugfest/tooling/differ/DiffReport.java | 62 +++++++++---------- 1 file changed, 29 insertions(+), 33 deletions(-) diff --git a/core/src/main/java/org/nvip/plugfest/tooling/differ/DiffReport.java b/core/src/main/java/org/nvip/plugfest/tooling/differ/DiffReport.java index 29e8e779..d9305e0b 100644 --- a/core/src/main/java/org/nvip/plugfest/tooling/differ/DiffReport.java +++ b/core/src/main/java/org/nvip/plugfest/tooling/differ/DiffReport.java @@ -8,7 +8,6 @@ import org.nvip.plugfest.tooling.differ.conflicts.SBOMConflictType; import org.nvip.plugfest.tooling.sbom.Component; import org.nvip.plugfest.tooling.sbom.SBOM; -import org.nvip.plugfest.tooling.sbom.uids.PURL; import java.util.*; @@ -77,7 +76,7 @@ public void setMetadataSimilarity(int similarity) { * @param similarity similarity amount */ public void setComponentSimilarity(int similarity) { - this.metadataSimilarity = similarity; + this.componentSimilarity = similarity; } /** @@ -153,13 +152,10 @@ public DiffReport(String targetUID, SBOM targetSBOM){ */ public void compare(String otherUID, SBOM otherSBOM) { - int similarity = 0; - ConflictBody body = new ConflictBody(); // Compare SBOM level differences compareSBOMs(otherSBOM, body); // Compare Component level Differences - body.setComponentSimilarity(compareComponents(otherSBOM.getAllComponents(), body)); // Add similarity to report @@ -248,8 +244,8 @@ private int compareComponents(Set otherComponents, ConflictBody body) continue; // add to target map - targetComponentMap.put(targetComponent.getName(), targetComponent); - targetComponentNames.add(targetComponent.getName()); + targetComponentMap.put(targetComponent.toString(), targetComponent); + targetComponentNames.add(targetComponent.toString()); } // Check to see if all other components are in target @@ -259,16 +255,16 @@ private int compareComponents(Set otherComponents, ConflictBody body) continue; // add to other map - otherComponentNames.add(otherComponent.getName()); + otherComponentNames.add(otherComponent.toString()); // Check to see if target SBOM contains the other component - if (!targetComponentMap.containsKey(otherComponent.getName())) { + if (!targetComponentNames.contains(otherComponent.toString())) { // target doesn't contain other component ComponentConflict conflict = new ComponentConflict(null, otherComponent); componentConflicts.add(conflict); } else { // Compare the two - ComponentConflict conflict = new ComponentConflict(targetComponentMap.get(otherComponent.getName()), otherComponent); + ComponentConflict conflict = new ComponentConflict(targetComponentMap.get(otherComponent.toString()), otherComponent); // add new conflict to existing conflict if (conflict.getConflictTypes().size() > 0) @@ -280,10 +276,10 @@ private int compareComponents(Set otherComponents, ConflictBody body) } // Check to see if target SBOM contains the other component - for (String targetComponent : targetComponentNames) { - if (!otherComponentNames.contains(targetComponent)) { + for (String targetComponentName : targetComponentNames) { + if (!otherComponentNames.contains(targetComponentName)) { // other doesn't contain target component - ComponentConflict conflict = new ComponentConflict(targetComponentMap.get(targetComponent), null); + ComponentConflict conflict = new ComponentConflict(targetComponentMap.get(targetComponentName), null); componentConflicts.add(conflict); } @@ -299,8 +295,8 @@ private int compareComponents(Set otherComponents, ConflictBody body) switch (ct) { // todo need better way to handle this case COMPONENT_NOT_FOUND -> { - targetValue = conflict.getComponentA() == null ? null : conflict.getComponentA().getName(); - otherValue = conflict.getComponentB() == null ? null : conflict.getComponentB().getName(); + targetValue = conflict.getComponentA() == null ? null : conflict.getComponentA().toString(); + otherValue = conflict.getComponentB() == null ? null : conflict.getComponentB().toString(); } case COMPONENT_VERSION_MISMATCH -> { targetValue = conflict.getComponentA().getVersion(); @@ -318,15 +314,15 @@ private int compareComponents(Set otherComponents, ConflictBody body) licenseB.removeAll(conflict.getComponentA().getLicenses()); for (String license : licenseA) { body.addComponentConflict( - conflict.getComponentA().getName(), - conflict.getComponentB().getName(), + conflict.getComponentA().toString(), + conflict.getComponentB().toString(), new ConflictData(COMPONENT_LICENSE_MISMATCH.name(), license, null) ); } for (String license : licenseB) { body.addComponentConflict( - conflict.getComponentB().getName(), - conflict.getComponentA().getName(), + conflict.getComponentB().toString(), + conflict.getComponentA().toString(), new ConflictData(COMPONENT_LICENSE_MISMATCH.name(), null, license) ); } @@ -350,15 +346,15 @@ private int compareComponents(Set otherComponents, ConflictBody body) cpeB.removeAll(conflict.getComponentA().getCpes()); for (String cpe : cpeA) { body.addComponentConflict( - conflict.getComponentA().getName(), - conflict.getComponentB().getName(), + conflict.getComponentA().toString(), + conflict.getComponentB().toString(), new ConflictData(COMPONENT_CPE_MISMATCH.name(), cpe, null) ); } for (String cpe : cpeB) { body.addComponentConflict( - conflict.getComponentB().getName(), - conflict.getComponentA().getName(), + conflict.getComponentB().toString(), + conflict.getComponentA().toString(), new ConflictData(COMPONENT_CPE_MISMATCH.name(), null, cpe) ); } @@ -374,15 +370,15 @@ private int compareComponents(Set otherComponents, ConflictBody body) purlB.removeAll(conflict.getComponentA().getPurls()); for (String purl : purlA) { body.addComponentConflict( - conflict.getComponentA().getName(), - conflict.getComponentB().getName(), + conflict.getComponentA().toString(), + conflict.getComponentB().toString(), new ConflictData(COMPONENT_PURL_MISMATCH.name(), purl, null) ); } for (String purl : purlB) { body.addComponentConflict( - conflict.getComponentB().getName(), - conflict.getComponentA().getName(), + conflict.getComponentB().toString(), + conflict.getComponentA().toString(), new ConflictData(COMPONENT_PURL_MISMATCH.name(), null, purl) ); } @@ -398,15 +394,15 @@ private int compareComponents(Set otherComponents, ConflictBody body) swidB.removeAll(conflict.getComponentA().getSwids()); for (String swid : swidA) { body.addComponentConflict( - conflict.getComponentA().getName(), - conflict.getComponentB().getName(), + conflict.getComponentA().toString(), + conflict.getComponentB().toString(), new ConflictData(COMPONENT_SWID_MISMATCH.name(), swid, null) ); } for (String swid : swidB) { body.addComponentConflict( - conflict.getComponentB().getName(), - conflict.getComponentA().getName(), + conflict.getComponentB().toString(), + conflict.getComponentA().toString(), new ConflictData(COMPONENT_SWID_MISMATCH.name(), null, swid) ); } @@ -426,8 +422,8 @@ private int compareComponents(Set otherComponents, ConflictBody body) } } - String targetIdentifier = conflict.getComponentA() == null ? MISSING_TAG : conflict.getComponentA().getName(); - String conflictIdentifier = conflict.getComponentB() == null ? MISSING_TAG : conflict.getComponentB().getName(); + String targetIdentifier = conflict.getComponentA() == null ? MISSING_TAG : conflict.getComponentA().getUniqueID(); + String conflictIdentifier = conflict.getComponentB() == null ? MISSING_TAG : conflict.getComponentB().getUniqueID(); // Skip if keys are null if(targetIdentifier == null || conflictIdentifier == null) From 9c28e216619bd74127337f51b2d71bd563cc0f52 Mon Sep 17 00:00:00 2001 From: Jordan Wong Date: Wed, 20 Dec 2023 21:15:37 -1000 Subject: [PATCH 2/2] Update changelog --- doc/changelog.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/doc/changelog.md b/doc/changelog.md index ab217954..5686d317 100644 --- a/doc/changelog.md +++ b/doc/changelog.md @@ -6,11 +6,15 @@ and this project adheres to [Semantic Versioning](http://semver.org/). Beta --- -## [1.2.1] - 2013-11-29 +## [1.2.2] - 2023-12-20 +### Fixed +- Fixed similarity counts for components in `DiffReport` + +## [1.2.1] - 2023-11-29 ### Fixed - If select all was pressed first on compare than it would always compare all sboms even if one was unchecked -## [1.2.0] - 2013-11-28 +## [1.2.0] - 2023-11-28 ### Added - `DiffReport` now tracks similarity and difference count for metadata and components - Download button added to compare and metrics