Skip to content

Commit

Permalink
add_image_reference: fix handling of >1 roots
Browse files Browse the repository at this point in the history 
When the input SBOM had two or more "virtual roots", the script did not
work correctly; there was a chance it would only delete one of them. The
root cause was deleting items from a list while iterating over it.
Iterate over a copy of the list instead.

Signed-off-by: Adam Cmiel <[email protected]>
  • Loading branch information
@chmeliik
chmeliik committed Jan 8, 2025
1 parent 7e3956f commit 703677d
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
2 changes: 1 addition & 1 deletion sbom-utility-scripts/scripts/add-image-reference-script/add_image_reference.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,7 @@ def redirect_current_roots_to_new_root(sbom: dict, new_root: str) -> dict:
Returns:
dict: Updated SBOM with the new root node identifier.
"""
for relationship in sbom["relationships"]:
for relationship in sbom["relationships"].copy():
if not describes_the_document(relationship, sbom["SPDXID"]):
continue

Expand Down
14 changes: 14 additions & 0 deletions sbom-utility-scripts/scripts/add-image-reference-script/test_add_image_reference.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,12 +125,16 @@ def test_redirect_current_roots_to_new_root() -> None:
sbom = {
"packages": [
{"SPDXID": "virtual", "name": ""},
{"SPDXID": "virtual2", "name": ""},
{"SPDXID": "bar", "name": "bar"},
{"SPDXID": "baz", "name": "baz"},
{"SPDXID": "spam", "name": "spam"},
],
"relationships": [
{"spdxElementId": "foo", "relationshipType": "DESCRIBES", "relatedSpdxElement": "virtual"},
{"spdxElementId": "foo", "relationshipType": "DESCRIBES", "relatedSpdxElement": "virtual2"},
{"spdxElementId": "virtual", "relationshipType": "CONTAINS", "relatedSpdxElement": "baz"},
{"spdxElementId": "virtual2", "relationshipType": "CONTAINS", "relatedSpdxElement": "spam"},
],
"SPDXID": "foo",
}
Expand All @@ -140,9 +144,11 @@ def test_redirect_current_roots_to_new_root() -> None:
"packages": [
{"SPDXID": "bar", "name": "bar"},
{"SPDXID": "baz", "name": "baz"},
{"SPDXID": "spam", "name": "spam"},
],
"relationships": [
{"spdxElementId": "bar", "relationshipType": "CONTAINS", "relatedSpdxElement": "baz"},
{"spdxElementId": "bar", "relationshipType": "CONTAINS", "relatedSpdxElement": "spam"},
],
"SPDXID": "foo",
}
Expand All @@ -153,10 +159,14 @@ def test_redirect_current_roots_to_new_root() -> None:
{"SPDXID": "npm", "name": "npm"},
{"SPDXID": "bar", "name": "bar"},
{"SPDXID": "baz", "name": "baz"},
{"SPDXID": "pip", "name": "pip"},
{"SPDXID": "spam", "name": "spam"},
],
"relationships": [
{"spdxElementId": "foo", "relationshipType": "DESCRIBES", "relatedSpdxElement": "npm"},
{"spdxElementId": "foo", "relationshipType": "DESCRIBES", "relatedSpdxElement": "pip"},
{"spdxElementId": "npm", "relationshipType": "CONTAINS", "relatedSpdxElement": "baz"},
{"spdxElementId": "pip", "relationshipType": "CONTAINS", "relatedSpdxElement": "spam"},
],
"SPDXID": "foo",
}
Expand All @@ -167,10 +177,14 @@ def test_redirect_current_roots_to_new_root() -> None:
{"SPDXID": "npm", "name": "npm"},
{"SPDXID": "bar", "name": "bar"},
{"SPDXID": "baz", "name": "baz"},
{"SPDXID": "pip", "name": "pip"},
{"SPDXID": "spam", "name": "spam"},
],
"relationships": [
{"spdxElementId": "bar", "relationshipType": "CONTAINS", "relatedSpdxElement": "npm"},
{"spdxElementId": "bar", "relationshipType": "CONTAINS", "relatedSpdxElement": "pip"},
{"spdxElementId": "npm", "relationshipType": "CONTAINS", "relatedSpdxElement": "baz"},
{"spdxElementId": "pip", "relationshipType": "CONTAINS", "relatedSpdxElement": "spam"},
],
"SPDXID": "foo",
}
Expand Down

0 comments on commit 703677d

Please sign in to comment.