Fix for when there is no dependencies (evryfs#134)

* Fix for when there is no dependencies When no dependencies, just rely on components. No need to check for the dependencies length. * add a test. check in packaged js Co-authored-by: Kjetil Oen <[email protected]>
egym · Oct 21, 2022 · f496df3 · f496df3
1 parent 5c1aea8
commit f496df3
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 8 deletions.
diff --git a/__tests__/main.test.ts b/__tests__/main.test.ts
@@ -65,6 +65,21 @@ describe('Map to GH dep submission', () => {
     expect(manifest.directDependencies().length).toBe(903)
     expect(manifest.indirectDependencies().length).toBe(0) // dropwizard example has all deps listed as direct
   })
+
+  test('testBaseUbuntuSyftExample', () => {
+    const bomfile: string = '__tests__/data/base_ubuntu_syft_packages.json'
+    const bom: SBom = parseSbomFile(bomfile)
+    const snapshot: Snapshot = map(bom, bomfile)
+    expect(snapshot).not.toBeNull()
+
+    expect(Object.keys(snapshot.manifests).length).toBe(1)
+
+    const manifest: Manifest =
+      snapshot.manifests[Object.keys(snapshot.manifests)[0]]
+    expect(manifest.directDependencies().length).toBe(118)
+    expect(manifest.indirectDependencies().length).toBe(0)
+  })
+
 })
 
 describe('GitHub action', () => {

diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/lib/main.js b/lib/main.js
@@ -82,7 +82,7 @@ function process(sbomFile) {
 }
 exports.process = process;
 function map(sbom, sbomFilename) {
-    var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l;
+    var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k;
     //const bom: SBom = sbom as SBom
     const detectors = Array.from(sbom.metadata.tools.values()).map(tool => {
         var _a, _b, _c, _d;
@@ -107,11 +107,11 @@ function map(sbom, sbomFilename) {
     snap.addManifest(buildTarget);
     const packageCache = new dependency_submission_toolkit_1.PackageCache();
     const deps = dependencyForPackage((_j = (_h = sbom.metadata.component) === null || _h === void 0 ? void 0 : _h.purl) === null || _j === void 0 ? void 0 : _j.toString(), sbom.dependencies);
-    if (!deps.length && ((_k = sbom.dependencies) === null || _k === void 0 ? void 0 : _k.length) && sbom.components) {
+    if (!deps.length && sbom.components) {
         // main package url has not defined explicit dependencies in SBOM, add all components
         for (const c of sbom.components) {
             if (c.purl)
-                deps.push((_l = c.purl) === null || _l === void 0 ? void 0 : _l.toString());
+                deps.push((_k = c.purl) === null || _k === void 0 ? void 0 : _k.toString());
         }
     }
     for (const dep of deps) {

diff --git a/src/main.ts b/src/main.ts
@@ -88,7 +88,7 @@ export function map(sbom: SBom, sbomFilename?: string): Snapshot {
     sbom.metadata.component?.purl?.toString(),
     sbom.dependencies
   )
-  if (!deps.length && sbom.dependencies?.length && sbom.components) {
+  if (!deps.length && sbom.components) {
     // main package url has not defined explicit dependencies in SBOM, add all components
     for (const c of sbom.components) {
       if (c.purl) deps.push(c.purl?.toString())