fix: better methods for checking if a Component is already represented in the BOM, and the ability to get the existing instance

madpah · madpah · commit 5fee85fc3837 · 2021-10-11T14:30:27.000+01:00
Signed-off-by: Paul Horton &lt;phorton@sonatype.com&gt;
diff --git a/cyclonedx/model/bom.py b/cyclonedx/model/bom.py
@@ -19,7 +19,7 @@
 
 import datetime
 import sys
-from typing import List
+from typing import List, Union
 from uuid import uuid4
 
 from . import HashType
@@ -187,7 +187,8 @@ def add_component(self, component: Component):
         Returns:
             None
         """
-        self._components.append(component)
+        if not self.has_component(component=component):
+            self._components.append(component)
 
     def add_components(self, components: List[Component]):
         """
@@ -211,6 +212,23 @@ def component_count(self) -> int:
         """
         return len(self._components)
 
+    def get_component_by_purl(self, purl: str) -> Union[Component, None]:
+        """
+        Get a Component already in the Bom by it's PURL
+
+        Args:
+             purl:
+                Package URL as a `str` to look and find `Component`
+
+        Returns:
+            `Component` or `None`
+        """
+        found = list(filter(lambda x: x.get_purl() == purl, self._components))
+        if len(found) == 1:
+            return found[0]
+
+        return None
+
     def get_components(self) -> List[Component]:
         """
         Get all the Components currently in this Bom.
diff --git a/tests/test_component.py b/tests/test_component.py
@@ -22,6 +22,7 @@
 
 from packageurl import PackageURL
 
+from cyclonedx.model.bom import Bom
 from cyclonedx.model.component import Component
 
 
@@ -30,6 +31,7 @@ class TestComponent(TestCase):
     @classmethod
     def setUpClass(cls) -> None:
         cls._component: Component = Component(name='setuptools', version='50.3.2')
+        cls._component_2: Component = Component(name='setuptools', version='50.3.2')
         cls._component_with_qualifiers: Component = Component(name='setuptools', version='50.3.2',
                                                               qualifiers='extension=tar.gz')
         cls._component_generic_file: Component = Component(
@@ -116,3 +118,23 @@ def test_from_file_with_path_for_bom(self):
         )
         self.assertEqual(c.to_package_url(), purl)
         self.assertEqual(len(c.get_hashes()), 1)
+
+    def test_has_component_1(self):
+        bom = Bom()
+        bom.add_component(component=TestComponent._component)
+        bom.add_component(component=TestComponent._component_2)
+        self.assertEqual(len(bom.get_components()), 1)
+        self.assertTrue(bom.has_component(component=TestComponent._component_2))
+        self.assertIsNot(TestComponent._component, TestComponent._component_2)
+
+    def test_get_component_by_purl_1(self):
+        bom = Bom()
+        bom.add_component(component=TestComponent._component)
+        bom.add_component(component=TestComponent._component_2)
+        self.assertEqual(len(bom.get_components()), 1)
+        self.assertTrue(bom.has_component(component=TestComponent._component))
+        self.assertTrue(bom.has_component(component=TestComponent._component_2))
+        self.assertEqual(bom.get_component_by_purl(
+            purl=TestComponent._component.get_purl()),
+            TestComponent._component_2
+        )
