From e6c91b0648dcd4b35840bbf9097c6e07790420a7 Mon Sep 17 00:00:00 2001 From: Xin Lin <47510956+xlin7799@users.noreply.github.com> Date: Tue, 9 Aug 2022 15:46:36 -0700 Subject: [PATCH 1/3] Update sbom_utils.py --- sbom-generator/sbom_utils.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sbom-generator/sbom_utils.py b/sbom-generator/sbom_utils.py index 58de830a..16d906ba 100644 --- a/sbom-generator/sbom_utils.py +++ b/sbom-generator/sbom_utils.py @@ -20,10 +20,10 @@ def package_hash(file_list: str) -> str: h = hashlib.sha1("".join(file_list).encode()) return h.hexdigest() -def file_writer(output, filepath: str, filename: str, sha1: str, license: str, copyright='NOASSERTION', comment='NOASSERTION'): - output.write('FileName: '+ filename + '\n') - output.write('SPDXID: SPDXRef-File-'+ filename.replace('/', '-') + '\n') - output.write('FileChecksum: SHA1: '+ hash_sha1(filepath) + '\n') +def file_writer(output, filepath: str, sha1: str, license: str, copyright='NOASSERTION', comment='NOASSERTION'): + output.write('FileName: .'+ filename + '\n') + output.write('SPDXID: SPDXRef-File'+ filename.replace('/', '-') + '\n') + output.write('FileChecksum: SHA1: '+ sha1 + '\n') output.write('LicenseConcluded: '+ license + '\n') output.write('FileCopyrightText: '+ copyright + '\n') output.write('FileComment: '+ comment + '\n') From 4cda6b3d0d0c72b39a53d3e814a11d8c37ee6893 Mon Sep 17 00:00:00 2001 From: Xin Lin <47510956+xlin7799@users.noreply.github.com> Date: Tue, 9 Aug 2022 15:47:53 -0700 Subject: [PATCH 2/3] Update scan_dir.py --- sbom-generator/scan_dir.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sbom-generator/scan_dir.py b/sbom-generator/scan_dir.py index 577e35b8..cb0aa192 100644 --- a/sbom-generator/scan_dir.py +++ b/sbom-generator/scan_dir.py @@ -44,7 +44,7 @@ def scan_dir(): file_checksum = hash_sha1(filepath) total_file_list.append(file_checksum) if file.endswith('.c'): - file_writer(output_buffer[root_name], filepath, file, file_checksum, root_license) + file_writer(output_buffer[root_name], filepath.replace(SOURCE_PATH, ''), file_checksum, root_license) #scan dependencies if os.path.exists(dependency_path): @@ -69,7 +69,7 @@ def scan_dir(): filepath = os.path.join(subdir, file) file_checksum = hash_sha1(filepath) if file.endswith('.c'): - file_writer(buffer, filepath, file, file_checksum, library_lic) + file_writer(buffer, filepath.replace(SOURCE_PATH, ''), file_checksum, library_lic) total_file_list.append(file_checksum) temp_list.append(file_checksum) @@ -96,7 +96,7 @@ def scan_dir(): filepath = os.path.join(subdir, file) file_checksum = hash_sha1(filepath) if file.endswith('.c'): - file_writer(buffer, filepath, file, file_checksum, library_lic) + file_writer(buffer, filepath.replace(SOURCE_PATH, ''), file_checksum, library_lic) total_file_list.append(file_checksum) temp_list.append(file_checksum) From 60e63c1f5b02420246a98f4a4b15fd6d385f91e1 Mon Sep 17 00:00:00 2001 From: Xin Lin <47510956+xlin7799@users.noreply.github.com> Date: Tue, 9 Aug 2022 15:50:37 -0700 Subject: [PATCH 3/3] Update sbom_utils.py --- sbom-generator/sbom_utils.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sbom-generator/sbom_utils.py b/sbom-generator/sbom_utils.py index 16d906ba..a923cb85 100644 --- a/sbom-generator/sbom_utils.py +++ b/sbom-generator/sbom_utils.py @@ -21,8 +21,8 @@ def package_hash(file_list: str) -> str: return h.hexdigest() def file_writer(output, filepath: str, sha1: str, license: str, copyright='NOASSERTION', comment='NOASSERTION'): - output.write('FileName: .'+ filename + '\n') - output.write('SPDXID: SPDXRef-File'+ filename.replace('/', '-') + '\n') + output.write('FileName: .'+ filepath + '\n') + output.write('SPDXID: SPDXRef-File'+ filepath.replace('/', '-') + '\n') output.write('FileChecksum: SHA1: '+ sha1 + '\n') output.write('LicenseConcluded: '+ license + '\n') output.write('FileCopyrightText: '+ copyright + '\n')