add PackageUrlFactory (#69)

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

src/builders/fromPackageJson.node.ts

@@ -17,10 +17,7 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
-import { PackageURL } from 'packageurl-js'
-
 import * as Enums from '../enums'
-import { ExternalReferenceType } from '../enums'
 import * as Models from '../models'
 import * as Factories from '../factories/index.node'
 import { PackageJson, splitNameGroup } from '../helpers/packageJson'
@@ -56,7 +53,10 @@ export class ComponentBuilder {
   readonly #extRefFactory: Factories.FromPackageJson.ExternalReferenceFactory
   readonly #licenseFactory: Factories.LicenseFactory
 
-  constructor (extRefFactory: Factories.FromPackageJson.ExternalReferenceFactory, licenseFactory: Factories.LicenseFactory) {
+  constructor (
+    extRefFactory: Factories.FromPackageJson.ExternalReferenceFactory,
+    licenseFactory: Factories.LicenseFactory
+  ) {
     this.#extRefFactory = extRefFactory
     this.#licenseFactory = licenseFactory
   }
@@ -67,7 +67,7 @@ export class ComponentBuilder {
     }
 
     const [name, group] = splitNameGroup(data.name)
-    if (name.length === 0) {
+    if (name.length <= 0) {
       return undefined
     }
 
@@ -101,28 +101,7 @@ export class ComponentBuilder {
           ? []
           : [license]
       ),
-      version,
-      purl: this.#makePurl(name, group, version, externalReferences)
+      version
     })
   }
-
-  #makePurl (
-    name: string,
-    group: string | undefined,
-    version: string | undefined,
-    externalReferences: Models.ExternalReference[]
-  ): PackageURL {
-    const qualifiers: { [key: string]: string } = {}
-    const subpath = undefined
-
-    const vcsUrl = externalReferences.filter(
-      ({ type }) => type === ExternalReferenceType.VCS
-    )[0]?.url.toString()
-    if (vcsUrl !== undefined) {
-      qualifiers.vcs_url = vcsUrl
-    }
-
-    return new PackageURL(
-      'npm', group, name, version, qualifiers, subpath)
-  }
 }

src/factories/index.common.ts

@@ -20,3 +20,4 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 // not everything is public, yet
 
 export * from './license'
+export * from './packageUrl'

src/factories/packageUrl.ts

@@ -0,0 +1,55 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+
+import { Component } from '../models'
+import { PackageURL } from 'packageurl-js'
+import { ExternalReferenceType } from '../enums'
+
+export class PackageUrlFactory {
+  readonly #type: string
+
+  constructor (type: PackageURL['type']) {
+    this.#type = type
+  }
+
+  makeFromComponent (component: Component): PackageURL | undefined {
+    const qualifiers: { [key: string]: string } = {}
+    let subpath: string | undefined
+
+    for (const e of component.externalReferences) {
+      if (e.type === ExternalReferenceType.VCS) {
+        [qualifiers.vcs_url, subpath] = e.url.toString().split('#', 2)
+        break
+      }
+    }
+
+    try {
+      return new PackageURL(
+        this.#type,
+        component.group,
+        component.name,
+        component.version,
+        qualifiers,
+        subpath
+      )
+    } catch {
+      return undefined
+    }
+  }
+}

tests/integration/Builders.FromPackageJson.ComponentBuilder.test.js

@@ -21,8 +21,6 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 const assert = require('assert')
 const { suite, test } = require('mocha')
 
-const { PackageURL } = require('packageurl-js')
-
 const {
   Enums,
   Models,
@@ -60,7 +58,6 @@ suite('Builders.FromPackageJson.ComponentBuilder', () => {
       externalReferences: new Models.ExternalReferenceRepository([`FAKE REFERENCES ${salt}`]),
       licenses: new Models.LicenseRepository([`FAKE LICENSE ${salt}`]),
       group: '@foo',
-      purl: new PackageURL('npm', '@foo', 'bar', `1.33.7-alpha.23.${salt}`, {}, undefined),
       version: `1.33.7-alpha.23.${salt}`
     }
   )

tests/unit/Builders.FromPackageJson.ToolBuilder.spec.js tests/integration/Builders.FromPackageJson.ToolBuilders.test.js

@@ -26,7 +26,7 @@ const {
   Models: { LicenseExpression, NamedLicense, SpdxLicense }
 } = require('../../')
 
-suite('LicenseFactory', () => {
+suite('Factories.LicenseFactory', () => {
   test('makeFromString() -> LicenseExpression', () => {
     const sut = new LicenseFactory()
 

tests/unit/Factories.FromPackageJson.ExternalReferenceFactory.spec.js tests/integration/Factories.FromPackageJson.ExternalReferenceFactory.test.js

@@ -0,0 +1,95 @@
+'use strict'
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+
+const assert = require('assert')
+const { suite, test } = require('mocha')
+
+const { PackageURL } = require('packageurl-js')
+
+const {
+  Enums,
+  Models,
+  Factories: { PackageUrlFactory }
+} = require('../../')
+
+suite('Factories.PackageUrlFactory', () => {
+  const salt = Math.random()
+
+  const sut = new PackageUrlFactory('testing')
+
+  suite('makeFromComponent', () => {
+    test('no-name-no-purl', () => {
+      const component = new Models.Component(
+        Enums.ComponentType.Library,
+        ''
+      )
+      const expected = undefined
+      const actual = sut.makeFromComponent(component)
+      assert.strictEqual(actual, expected)
+    })
+
+    test('name-group-version', () => {
+      const component = new Models.Component(
+        Enums.ComponentType.Library,
+        `name-${salt}`,
+        {
+          group: `@group-${salt}`,
+          version: `v1+${salt}`,
+          externalReferences: new Models.ExternalReferenceRepository([
+            new Models.ExternalReference('https://foo.bar', Enums.ExternalReferenceType.Website)
+          ])
+        }
+      )
+      const expected = new PackageURL('testing', `@group-${salt}`, `name-${salt}`, `v1+${salt}`, {}, undefined)
+      const actual = sut.makeFromComponent(component)
+      assert.deepStrictEqual(actual, expected)
+    })
+
+    test('vcs-url without subpath', () => {
+      const component = new Models.Component(
+        Enums.ComponentType.Library,
+        `name-${salt}`,
+        {
+          externalReferences: new Models.ExternalReferenceRepository([
+            new Models.ExternalReference('git://foo.bar', Enums.ExternalReferenceType.VCS)
+          ])
+        }
+      )
+      const expected = new PackageURL('testing', undefined, `name-${salt}`, undefined, { vcs_url: 'git://foo.bar' }, undefined)
+      const actual = sut.makeFromComponent(component)
+      assert.deepStrictEqual(actual, expected)
+    })
+
+    test('vcs-url with subpath', () => {
+      const component = new Models.Component(
+        Enums.ComponentType.Library,
+        `name-${salt}`,
+        {
+          externalReferences: new Models.ExternalReferenceRepository([
+            new Models.ExternalReference('git://foo.bar#sub/path', Enums.ExternalReferenceType.VCS)
+          ])
+        }
+      )
+      const expected = new PackageURL('testing', undefined, `name-${salt}`, undefined, { vcs_url: 'git://foo.bar' }, 'sub/path')
+      const actual = sut.makeFromComponent(component)
+      assert.deepStrictEqual(actual, expected)
+    })
+  })
+})