Skip to content

Adds components.properties filtering in bom#373

Closed
timmyteo wants to merge 4 commits intoowasp-dep-scan:masterfrom
timmyteo:feature/issue-362
Closed

Adds components.properties filtering in bom#373
timmyteo wants to merge 4 commits intoowasp-dep-scan:masterfrom
timmyteo:feature/issue-362

Conversation

@timmyteo
Copy link
Copy Markdown
Contributor

@timmyteo timmyteo commented Nov 14, 2024

Implements #362

Filters the desired components.properties objects by name. This implementation uses an exclude list instead of an allow list. Filtering is applied to the file sbom-universal.vdr.json

Attached are before and after bom files to demonstrate filtering in action on an example. In this example, the bom only had the property "ImportedModules"
after.json
before.json

@timmyteo
Adds components.properties filtering in bom
a76c3b9 
Signed-off-by: Tim Messing <141575989+timmyteo@users.noreply.github.com>
@timmyteo
Null Handling
8b3ebde 
Signed-off-by: Tim Messing <141575989+timmyteo@users.noreply.github.com>
@timmyteo
Proper null handling
78b44b6 
Signed-off-by: Tim Messing <141575989+timmyteo@users.noreply.github.com>
@prabhu prabhu requested a review from cerrussell November 16, 2024 21:51
cerrussell
cerrussell reviewed Nov 18, 2024
View reviewed changes
Comment thread depscan/cli.py Outdated
json_dump(vdr_file, bom_data, error_msg=f"Unable to generate VDR file at {vdr_file}", log=LOG)


def remove_extra_properties(bom_data):
Copy link
Copy Markdown
Collaborator

@cerrussell cerrussell Nov 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@timmyteo Could we refactor this to simplify?

exclude_properties = {"Namespaces", "ImportedModules"}
for i, component in enumerate(bom_data["components"]):
    if properties := component.get("properties"):
         bom_data["components"][i]["properties"] = [p for p in properties if p.get("name") not in exclude_properties]
return bom_data

@prabhu Do we want to make the excluded or allowed properties an optional argument for this function?

Copy link
Copy Markdown
Member

@prabhu prabhu Nov 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optional argument sounds good. Support for regex or startswith since blint uses "internal:" prefix

@timmyteo
Simplify Code. Add regular expression matching.
e829f8c 
Signed-off-by: Tim Messing <141575989+timmyteo@users.noreply.github.com>
@timmyteo
Copy link
Copy Markdown
Contributor Author

timmyteo commented Nov 18, 2024

@prabhu - I have added regular expression matching for exclusion and made the feature controlled by an optional argument to the command line.

@cerrussell - Thanks for the simplified code! If you see a way of further simplifying the new logic added for the regular expression matching, please let me know.

@prabhu
Copy link
Copy Markdown
Member

prabhu commented Nov 18, 2024

@timmyteo Thank you for the improvements. I am not convinced about a cli argument specifically for this. Perhaps, this could be part of some profile with some trimming happening by default. Let me include these changes in a new PR, since I am also planning to do some refactoring.

@prabhu prabhu marked this pull request as draft November 18, 2024 16:30
@prabhu
Copy link
Copy Markdown
Member

prabhu commented Apr 22, 2025

This is implemented in a different manner now.

@prabhu prabhu closed this Apr 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prabhu prabhu prabhu left review comments

+1 more reviewer

@cerrussell cerrussell cerrussell left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@timmyteo @prabhu @cerrussell