Open
Conversation
… SerialNumber, Version, Metadata/Tools[] for current library and its consumer script) Signed-off-by: Jim Klimov <jimklimov@gmail.com>
…kit() to pre-init HierarchicalMerge() and FlatMerge() output object Signed-off-by: Jim Klimov <jimklimov@gmail.com>
…library 6.0.0 with its intermediate ToolChoices type (for CDX spec 1.5) Signed-off-by: Jim Klimov <jimklimov@gmail.com>
…is concerns Signed-off-by: Jim Klimov <jimklimov@gmail.com>
Signed-off-by: Jim Klimov <jimklimov@gmail.com>
mtsfoni
pushed a commit
to CycloneDX/cyclonedx-cli
that referenced
this pull request
Aug 11, 2024
Primarily written as a practical test case for `Bom.WalkThis()` and `Bom.RenameBomRef()` methods introduced in the library, but may be useful to have exposed for end-users. Relies on CycloneDX/cyclonedx-dotnet-library#245 for the bulk of work (BomEntity base-class and interface family, etc.) and CycloneDX/cyclonedx-dotnet-library#256 for metadata update of the output document. --------- Signed-off-by: Jim Klimov <jimklimov@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR is yet another part of my larger proposal of Merge ability changes stacked in the PR queue.
It adds some utility methods to
Bomclass, so it can be in charge of initializing a (usuallynew) Bom object into a usefully populated one, e.g. the mergeresultto pile other Bom's into, while being the authoritative location to know and care about the class and data structure involved - well in OOP style.These methods allow the
Bomobject to initialize:Metadata/Tools(now updated to match recent changes in upstream code of the library with aToolChoiceslayer) pre-populated with the current version of thecyclonedx-dotnet-libraryand if possible to discover - its consumer like thecyclonedx-clitool;Version=1if this is a new document (or if explicitly requested by method argument), or increment theVersionfield if it is a re-iteration of an existing document.Library consumers which modify these fields directly (e.g.
MergeCommand.csincyclonedx-cli) would benefit from being updated accordingly; a PR to this effect will be posted shortly.Calls to these methods were added to
HierarchicalMerge()andFlatMerge(Boms, ...)methods, to pre-populate theresultobject into which merged information would land, since after any processing we conceptually yield a new document.Note that it would be pedantically prudent to also do this in
FlatMerge(Bom, Bom)method which does most of the actual merging work - however, it does so in a loop (called fromFlatMerge(Boms, ...)) and in currentMerge.cscodebase would just waste CPU time on detection or generation of needed information just to forget it with the next cycle. Still, it would be "correct" to populate this information for the benefit of (theoretically possible, not seen yet) "other consumers" who would only call this method directly, and not know/care about populating those fields on their own, whether "manually" or by using theBommethods introduced here on the object that pops out from theFlatMerge()call. I did not pursue this corner case here, because it is addressed differently (with an API change to pass toggles whether to do or skip such pre-init) in the larger solution for merge ability improvements.As it happens, this PR also fixes an issue reported earlier:
Closes: #183