Skip to content

Commit

Permalink
bundler(fix): Generate purls for platform specific gems
Browse files Browse the repository at this point in the history 
This commit fixes a bug when downloading platform
specific gems. All SBOM components are de-duplicated
by the PURL as the key. We have to ensure that all
gems that are downloaded are accurately recorded
in the SBOM, so all downloaded gems must have an
unique PURL -> add platform qualifier to the PURL.

+ Regenerate test data to reflect this change.

Signed-off-by: Michal Šoltis <[email protected]>
  • Loading branch information
@slimreaper35
slimreaper35 committed Nov 5, 2024
1 parent fce7117 commit ff4f85a
Show file tree
Hide file tree
Showing 4 changed files with 178 additions and 2 deletions.
7 changes: 7 additions & 0 deletions cachi2/core/package_managers/bundler/parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,13 @@ class GemPlatformSpecificDependency(GemDependency):

platform: str

@property
def purl(self) -> str:
"""Get PURL for this dependency."""
qualifiers = {"platform": self.platform}
purl = PackageURL(type="gem", name=self.name, version=self.version, qualifiers=qualifiers)
return purl.to_string()

@property
def remote_location(self) -> str:
"""Return remote location to download this gem from."""
Expand Down
82 changes: 81 additions & 1 deletion tests/integration/test_data/bundler_everything_present/bom.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -397,7 +397,87 @@
"value": "cachi2"
}
],
"purl": "pkg:gem/[email protected]",
"purl": "pkg:gem/[email protected]?platform=aarch64-linux",
"type": "library",
"version": "1.16.7"
},
{
"name": "nokogiri",
"properties": [
{
"name": "cachi2:bundler:package:binary",
"value": "true"
},
{
"name": "cachi2:found_by",
"value": "cachi2"
}
],
"purl": "pkg:gem/[email protected]?platform=arm-linux",
"type": "library",
"version": "1.16.7"
},
{
"name": "nokogiri",
"properties": [
{
"name": "cachi2:bundler:package:binary",
"value": "true"
},
{
"name": "cachi2:found_by",
"value": "cachi2"
}
],
"purl": "pkg:gem/[email protected]?platform=arm64-darwin",
"type": "library",
"version": "1.16.7"
},
{
"name": "nokogiri",
"properties": [
{
"name": "cachi2:bundler:package:binary",
"value": "true"
},
{
"name": "cachi2:found_by",
"value": "cachi2"
}
],
"purl": "pkg:gem/[email protected]?platform=x86-linux",
"type": "library",
"version": "1.16.7"
},
{
"name": "nokogiri",
"properties": [
{
"name": "cachi2:bundler:package:binary",
"value": "true"
},
{
"name": "cachi2:found_by",
"value": "cachi2"
}
],
"purl": "pkg:gem/[email protected]?platform=x86_64-darwin",
"type": "library",
"version": "1.16.7"
},
{
"name": "nokogiri",
"properties": [
{
"name": "cachi2:bundler:package:binary",
"value": "true"
},
{
"name": "cachi2:found_by",
"value": "cachi2"
}
],
"purl": "pkg:gem/[email protected]?platform=x86_64-linux",
"type": "library",
"version": "1.16.7"
},
Expand Down
82 changes: 81 additions & 1 deletion tests/integration/test_data/bundler_everything_present_except_gemspec/bom.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -408,7 +408,87 @@
"value": "cachi2"
}
],
"purl": "pkg:gem/[email protected]",
"purl": "pkg:gem/[email protected]?platform=aarch64-linux",
"type": "library",
"version": "1.16.7"
},
{
"name": "nokogiri",
"properties": [
{
"name": "cachi2:bundler:package:binary",
"value": "true"
},
{
"name": "cachi2:found_by",
"value": "cachi2"
}
],
"purl": "pkg:gem/[email protected]?platform=arm-linux",
"type": "library",
"version": "1.16.7"
},
{
"name": "nokogiri",
"properties": [
{
"name": "cachi2:bundler:package:binary",
"value": "true"
},
{
"name": "cachi2:found_by",
"value": "cachi2"
}
],
"purl": "pkg:gem/[email protected]?platform=arm64-darwin",
"type": "library",
"version": "1.16.7"
},
{
"name": "nokogiri",
"properties": [
{
"name": "cachi2:bundler:package:binary",
"value": "true"
},
{
"name": "cachi2:found_by",
"value": "cachi2"
}
],
"purl": "pkg:gem/[email protected]?platform=x86-linux",
"type": "library",
"version": "1.16.7"
},
{
"name": "nokogiri",
"properties": [
{
"name": "cachi2:bundler:package:binary",
"value": "true"
},
{
"name": "cachi2:found_by",
"value": "cachi2"
}
],
"purl": "pkg:gem/[email protected]?platform=x86_64-darwin",
"type": "library",
"version": "1.16.7"
},
{
"name": "nokogiri",
"properties": [
{
"name": "cachi2:bundler:package:binary",
"value": "true"
},
{
"name": "cachi2:found_by",
"value": "cachi2"
}
],
"purl": "pkg:gem/[email protected]?platform=x86_64-linux",
"type": "library",
"version": "1.16.7"
},
Expand Down
9 changes: 9 additions & 0 deletions tests/unit/package_managers/bundler/test_parser.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,6 +318,15 @@ def test_purls(rooted_tmp_path_repo: RootedPath) -> None:
),
"pkg:gem/[email protected]",
),
(
GemPlatformSpecificDependency(
name="my-platform-gem-dep",
version="0.1.0",
source="https://rubygems.org",
platform="x86_64_linux",
),
"pkg:gem/[email protected]?platform=x86_64_linux",
),
(
GitDependency(
name="my-git-dep",
Expand Down

0 comments on commit ff4f85a

Please sign in to comment.