From 0268764c0e4289fe214d460fbba94b4f4f75a4a8 Mon Sep 17 00:00:00 2001 From: Wei Li Date: Fri, 5 Jan 2024 23:51:01 -0800 Subject: [PATCH] Add a package in the SBOM of framework_res.jar. Bug: 303906275 Test: m layoutlib dist Change-Id: Ie7a0b97173643fc2cafbd9c7e5c6618ad9c68aeb --- tools/sbom/generate-sbom-framework_res.py | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/tools/sbom/generate-sbom-framework_res.py b/tools/sbom/generate-sbom-framework_res.py index e637d53d3e..d0d232d635 100644 --- a/tools/sbom/generate-sbom-framework_res.py +++ b/tools/sbom/generate-sbom-framework_res.py @@ -52,8 +52,19 @@ def main(): filename = 'data/framework_res.jar' file_id = f'SPDXRef-{sbom_data.encode_for_spdxid(filename)}' file = sbom_data.File(id=file_id, name=filename, checksum='SHA1: ') + + package_name = 'framework_res' + package_id = f'SPDXRef-PREBUILT-{sbom_data.encode_for_spdxid(package_name)}' + package = sbom_data.Package(id=package_id, name=package_name, version='', + download_location=sbom_data.VALUE_NONE, + supplier='Organization: ', + files_analyzed=True, + verification_code='') + package.file_ids.append(file_id) + + doc.packages.append(package) doc.files.append(file) - doc.describes = file_id + doc.describes = package_id with open(args.layoutlib_sbom, 'r', encoding='utf-8') as f: layoutlib_sbom = json.load(f) @@ -72,7 +83,9 @@ def main(): if file[sbom_writers.PropNames.FILE_NAME].startswith('data/res/'): resource_file_spdxids.append(file[sbom_writers.PropNames.SPDXID]) - doc.relationships = [] + doc.relationships = [ + sbom_data.Relationship(package_id, sbom_data.RelationshipType.CONTAINS, file_id) + ] for spdxid in resource_file_spdxids: doc.relationships.append( sbom_data.Relationship(file_id, sbom_data.RelationshipType.GENERATED_FROM,