Skip to content

Commit 7b905c9

Browse files
Suhas2109GMishx
authored andcommitted
fix(sbom-import): handle invalid VCS URLs in SBOM-import
Signed-off-by: Suhas2109 <[email protected]>
1 parent cb4c201 commit 7b905c9

File tree

2 files changed

+14
-1
lines changed

2 files changed

+14
-1
lines changed

backend/common/src/main/java/org/eclipse/sw360/cyclonedx/CycloneDxBOMImporter.java

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,7 @@ public class CycloneDxBOMImporter {
108108
private static final String PROJECT_ID = "projectId";
109109
private static final String PROJECT_NAME = "projectName";
110110
private static final String REDIRECTED_VCS = "redirectedVCS";
111+
public static final String INVALID_VCS_COMPONENT = "invalidVcsComponent";
111112
private static final Predicate<ExternalReference.Type> typeFilter = Type.VCS::equals;
112113

113114
private final ProjectDatabaseHandler projectDatabaseHandler;
@@ -447,6 +448,7 @@ private Map<String, String> importAllComponentsAsReleases(Map<String, List<org.c
447448
final Set<String> duplicateComponents = new HashSet<>();
448449
final Set<String> duplicateReleases = new HashSet<>();
449450
final Set<String> invalidReleases = new HashSet<>();
451+
final Set<String> invalidVcsComponents = new HashSet<>();
450452
final Map<String, ProjectReleaseRelationship> releaseRelationMap = CommonUtils.isNullOrEmptyMap(project.getReleaseIdToUsage()) ? new HashMap<>() : project.getReleaseIdToUsage();
451453
countMap.put(COMP_CREATION_COUNT_KEY, 0); countMap.put(COMP_REUSE_COUNT_KEY, 0);
452454
countMap.put(REL_CREATION_COUNT_KEY, 0); countMap.put(REL_REUSE_COUNT_KEY, 0);
@@ -471,6 +473,10 @@ private Map<String, String> importAllComponentsAsReleases(Map<String, List<org.c
471473
} else {
472474
compReuseCount++;
473475
}
476+
} else if (AddDocumentRequestStatus.INVALID_INPUT.equals(compAddSummary.getRequestStatus())) {
477+
log.warn("Invalid VCS URL for component: " + comp.getName());
478+
invalidVcsComponents.add(comp.getName()+ " (" + comp.getVcs() + ")");
479+
continue;
474480
} else {
475481
// in case of more than 1 duplicate found, then continue and show error message in UI.
476482
log.warn("found multiple components: " + comp.getName());
@@ -550,6 +556,7 @@ private Map<String, String> importAllComponentsAsReleases(Map<String, List<org.c
550556
messageMap.put(DUPLICATE_COMPONENT, String.join(JOINER, duplicateComponents));
551557
messageMap.put(DUPLICATE_RELEASE, String.join(JOINER, duplicateReleases));
552558
messageMap.put(INVALID_RELEASE, String.join(JOINER, invalidReleases));
559+
messageMap.put(INVALID_VCS_COMPONENT, String.join(JOINER, invalidVcsComponents));
553560
messageMap.put(PROJECT_ID, project.getId());
554561
messageMap.put(PROJECT_NAME, SW360Utils.getVersionedName(project.getName(), project.getVersion()));
555562
messageMap.put(COMP_CREATION_COUNT_KEY, String.valueOf(compCreationCount));
@@ -569,6 +576,7 @@ private Map<String, String> importAllComponentsAsPackages(Map<String, List<org.c
569576
final Set<String> invalidReleases = new HashSet<>();
570577
final Set<String> nonPkgManagedCompWithoutVCS = new HashSet<>();
571578
final Set<String> invalidPackages = new HashSet<>();
579+
final Set<String> invalidVcsComponents = new HashSet<>();
572580
final Map<String, ProjectReleaseRelationship> releaseRelationMap = CommonUtils.isNullOrEmptyMap(project.getReleaseIdToUsage()) ? new HashMap<>() : project.getReleaseIdToUsage();
573581
final Set<String> projectPkgIds = CommonUtils.isNullOrEmptyCollection(project.getPackageIds()) ? new HashSet<>() : project.getPackageIds();
574582
countMap.put(REL_CREATION_COUNT_KEY, 0); countMap.put(REL_REUSE_COUNT_KEY, 0);
@@ -599,6 +607,10 @@ private Map<String, String> importAllComponentsAsPackages(Map<String, List<org.c
599607
comp.setId(compAddSummary.getId());
600608
String existingCompName = getComponetNameById(comp.getId(), user);
601609
comp.setName(existingCompName);
610+
} else if (AddDocumentRequestStatus.INVALID_INPUT.equals(compAddSummary.getRequestStatus())) {
611+
log.warn("Invalid VCS URL for component: " + comp.getName());
612+
invalidVcsComponents.add(comp.getName() + " (" + comp.getVcs() + ")");
613+
continue;
602614
} else {
603615
// in case of more than 1 duplicate found, then continue and show error message in UI.
604616
log.warn("found multiple components: " + comp.getName());
@@ -799,6 +811,7 @@ private Map<String, String> importAllComponentsAsPackages(Map<String, List<org.c
799811
messageMap.put(REDIRECTED_VCS, String.join(JOINER, repositoryURL.getRedirectedUrls()));
800812
messageMap.put(NON_PKG_MANAGED_COMP_WITHOUT_VCS, String.join(JOINER, nonPkgManagedCompWithoutVCS));
801813
messageMap.put(INVALID_PACKAGE, String.join(JOINER, invalidPackages));
814+
messageMap.put(INVALID_VCS_COMPONENT, String.join(JOINER, invalidVcsComponents));
802815
messageMap.put(PROJECT_ID, project.getId());
803816
messageMap.put(PROJECT_NAME, SW360Utils.getVersionedName(project.getName(), project.getVersion()));
804817
messageMap.put(REL_CREATION_COUNT_KEY, String.valueOf(relCreationCount));

backend/common/src/main/java/org/eclipse/sw360/datahandler/db/ComponentDatabaseHandler.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -466,7 +466,7 @@ public AddDocumentRequestSummary addComponent(Component component, String user)
466466
}
467467
return addDocumentRequestSummary;
468468
}
469-
if (!CommonUtils.isValidUrl(vcsUrl)) {
469+
if (!isValidUrl(vcsUrl)) {
470470
log.error("Invalid VCS URL: " + vcsUrl);
471471
return new AddDocumentRequestSummary().setRequestStatus(AddDocumentRequestStatus.INVALID_INPUT);
472472
}

0 commit comments

Comments
 (0)