From 117a74989ea3edc3bee34b0280ed8106c6024682 Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <wolfgang.hottgenroth@icloud.com>
Date: Thu, 10 Jul 2025 12:06:41 +0200
Subject: [PATCH] hallo hier ein commit

---
 src/converter.py  | 22 ++++++++++++++++++++--
 src/sbom-dt-dd.py | 29 ++++++++++++++++++++++++-----
 2 files changed, 44 insertions(+), 7 deletions(-)

diff --git a/src/converter.py b/src/converter.py
index ed58687..f20146c 100644
--- a/src/converter.py
+++ b/src/converter.py
@@ -63,7 +63,8 @@ def minimalSbomFormatConverter(minimalSbom, classifier):
 
     bom.metadata.component = root_component = Component(
         name=minimalSbomObject['product'],
-        type=__converterClassifierToComponentType(classifier),
+        type=__converterClassifierToComponentType(minimalSbomObject['classifier']),
+        description=minimalSbomObject['description'],
         version=minimalSbomObject['version'],
         licenses=[lc_factory.make_from_string(minimalSbomObject['license'])],
         supplier=OrganizationalEntity(
@@ -73,6 +74,21 @@ def minimalSbomFormatConverter(minimalSbom, classifier):
         bom_ref = f"urn:uuid:{uuid.uuid4()}"
     )
 
+    component = Component(
+        type=__converterClassifierToComponentType(minimalSbomObject['classifier']),
+        name=f"{minimalSbomObject['supplier']['name']}´s own code",
+        version=minimalSbomObject['version'],
+        licenses=[lc_factory.make_from_string(minimalSbomObject['license'])],
+        supplier=OrganizationalEntity(
+            name=minimalSbomObject['supplier']['name'],
+            urls=[XsUri(minimalSbomObject['supplier']['url'])]
+        ),
+        bom_ref = f"urn:uuid:{uuid.uuid4()}"
+    )
+    bom.components.add(component)
+    bom.register_dependency(root_component, [component])
+
+
     for minimalComponentDescription in minimalSbomObject['components']:
         component = Component(
             type=ComponentType.LIBRARY,
@@ -91,6 +107,8 @@ def minimalSbomFormatConverter(minimalSbom, classifier):
     outputSbom = JsonV1Dot5(bom).output_as_string(indent=2)
     logger.info(outputSbom)
 
+    with open('/tmp/bom.json', 'w') as f:
+        f.write(outputSbom)
 
-    raise Exception("Conversion aborted")
+    return (outputSbom, minimalSbomObject['product'], minimalSbomObject['version'], minimalSbomObject['classifier'], minimalSbomObject['description'])
 
diff --git a/src/sbom-dt-dd.py b/src/sbom-dt-dd.py
index 965e671..beaf36b 100644
--- a/src/sbom-dt-dd.py
+++ b/src/sbom-dt-dd.py
@@ -63,13 +63,16 @@ except KeyError as e:
 parser = argparse.ArgumentParser(description='sbom-dt-dd glue logic')
 parser.add_argument('--name', '-n',
                     help='Project Name',
-                    required=True)
+                    required=False,
+                    default=''),
 parser.add_argument('--version', '-v',
                     help='Project Version',
-                    required=True)
+                    required=False,
+                    default='')
 parser.add_argument('--description', '-d',
                     help='Project Description',
-                    required=True)
+                    required=False,
+                    default='')
 parser.add_argument('--type', '-t',
                     help='Product Type from DefectDojo',
                     type=int,
@@ -78,7 +81,8 @@ parser.add_argument('--classifier', '-c',
                     help='Project Classifier from DependencyTrack',
                     choices=['APPLICATION', 'FRAMEWORK', 'LIBRARY', 'CONTAINER', 'OPERATING_SYSTEM', 'DEVICE', 
                              'FIRMWARE', 'FILE', 'PLATFORM', 'DEVICE_DRIVER', 'MACHINE_LEARNING_MODEL', 'DATA'],
-                    required=True)
+                    required=False,
+                    default='')
 parser.add_argument('--uploadsbom', '-U',
                     help='Upload a already existing SBOM instead of generating it. Give the SBOM file at -F instead of a target',
                     required=False,
@@ -91,6 +95,10 @@ parser.add_argument('--minimalsbomformat', '-K',
                     help='SBOM file comes in dedicated minimal format and will be converted into cyclonedx before uploading',
                     action='store_true',
                     default=False)
+parser.add_argument('--overwritemetadata', '-O',
+                    help='Overwrite name, version, description and classifier with data from minimal SBOM',
+                    action='store_true',
+                    default=False)
 parser.add_argument('--target', '-T',
                     help='Target to scan, either path name for sources or docker image tag',
                     required=False)
@@ -113,6 +121,12 @@ if uploadSbomFlag:
 else:
     target = args.target
 
+if minimalSbomFormat:
+    overwriteMetadata = args.overwritemetadata
+
+if not overwriteMetadata and not (projectName and projectVersion and projectClassifier and projectDescription):
+    raise MyLocalException("If overwriteMetadata is not selected, projectName, projectVersion, projectClassifier and projectDescription must be set.")
+
 VERBOSE = args.verbose
 
 
@@ -126,8 +140,13 @@ if uploadSbomFlag:
     logger.info("SBOM file read.")
     if minimalSbomFormat:
         logger.info("Start converting from minimal format into cyclonedx")
-        sbom = minimalSbomFormatConverter(sbom, projectClassifier)
+        (sbom, nameFromMinimalSbom, versionFromMinimalSbom, classifierFromMinimalSbom, descriptionFromMinimalSbom) = minimalSbomFormatConverter(sbom, projectClassifier)
         logger.info("Converted")
+        if overwriteMetadata:
+            projectName = nameFromMinimalSbom
+            projectVersion = versionFromMinimalSbom
+            projectClassifier = classifierFromMinimalSbom
+            projectDescription = descriptionFromMinimalSbom
     logger.info("Done.")
 else:
     # ------- generate SBOM ------------