From d6758598b3a20ae1958054ed167cc6d30175057e Mon Sep 17 00:00:00 2001
From: Xin Lin <47510956+xlin7799@users.noreply.github.com>
Date: Wed, 10 Aug 2022 12:02:58 -0700
Subject: [PATCH] Change file name to file path in SBOM (#48)

* Update sbom_utils.py

* Update scan_dir.py

* Update sbom_utils.py
---
 sbom-generator/sbom_utils.py | 8 ++++----
 sbom-generator/scan_dir.py   | 6 +++---
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/sbom-generator/sbom_utils.py b/sbom-generator/sbom_utils.py
index 58de830a..a923cb85 100644
--- a/sbom-generator/sbom_utils.py
+++ b/sbom-generator/sbom_utils.py
@@ -20,10 +20,10 @@ def package_hash(file_list: str) -> str:
     h = hashlib.sha1("".join(file_list).encode())
     return h.hexdigest()
 
-def file_writer(output, filepath: str, filename: str, sha1: str, license: str, copyright='NOASSERTION', comment='NOASSERTION'):
-    output.write('FileName: '+ filename + '\n')
-    output.write('SPDXID: SPDXRef-File-'+ filename.replace('/', '-') + '\n')
-    output.write('FileChecksum: SHA1: '+ hash_sha1(filepath) + '\n')
+def file_writer(output, filepath: str, sha1: str, license: str, copyright='NOASSERTION', comment='NOASSERTION'):
+    output.write('FileName: .'+ filepath + '\n')
+    output.write('SPDXID: SPDXRef-File'+ filepath.replace('/', '-') + '\n')
+    output.write('FileChecksum: SHA1: '+ sha1 + '\n')
     output.write('LicenseConcluded: '+ license + '\n')
     output.write('FileCopyrightText: '+ copyright + '\n')
     output.write('FileComment: '+ comment + '\n')
diff --git a/sbom-generator/scan_dir.py b/sbom-generator/scan_dir.py
index 577e35b8..cb0aa192 100644
--- a/sbom-generator/scan_dir.py
+++ b/sbom-generator/scan_dir.py
@@ -44,7 +44,7 @@ def scan_dir():
             file_checksum = hash_sha1(filepath)
             total_file_list.append(file_checksum)
             if file.endswith('.c'):
-                file_writer(output_buffer[root_name], filepath, file, file_checksum, root_license)
+                file_writer(output_buffer[root_name], filepath.replace(SOURCE_PATH, ''), file_checksum, root_license)
 
     #scan dependencies
     if os.path.exists(dependency_path):
@@ -69,7 +69,7 @@ def scan_dir():
                     filepath = os.path.join(subdir, file)
                     file_checksum = hash_sha1(filepath)
                     if file.endswith('.c'):
-                        file_writer(buffer, filepath, file, file_checksum, library_lic)
+                        file_writer(buffer, filepath.replace(SOURCE_PATH, ''), file_checksum, library_lic)
                     total_file_list.append(file_checksum)
                     temp_list.append(file_checksum)
 
@@ -96,7 +96,7 @@ def scan_dir():
                     filepath = os.path.join(subdir, file)
                     file_checksum = hash_sha1(filepath)
                     if file.endswith('.c'):
-                        file_writer(buffer, filepath, file, file_checksum, library_lic)
+                        file_writer(buffer, filepath.replace(SOURCE_PATH, ''), file_checksum, library_lic)
                     total_file_list.append(file_checksum)
                     temp_list.append(file_checksum)