Simplify get_cyclonedx_bom #1066

Signed-off-by: tdruez <[email protected]>
aboutcode-org · Jun 3, 2024 · 72d1ec6 · 72d1ec6
1 parent e30de4e
commit 72d1ec6
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 17 deletions.
diff --git a/scanpipe/models.py b/scanpipe/models.py
@@ -3339,13 +3339,11 @@ def prefetch_for_serializer(self):
         `DiscoveredDependencySerializer`.
         Only the fields required by the serializer are fetched on the relations.
         """
+        manager = DiscoveredPackage.objects
         return self.prefetch_related(
-            Prefetch(
-                "for_package", queryset=DiscoveredPackage.objects.only("package_uid")
-            ),
-            Prefetch(
-                "datafile_resource", queryset=CodebaseResource.objects.only("path")
-            ),
+            Prefetch("for_package", queryset=manager.only("package_uid")),
+            Prefetch("resolved_to_package", queryset=manager.only("package_uid")),
+            Prefetch("datafile_resource", queryset=manager.only("path")),
         )
 
 

diff --git a/scanpipe/pipes/output.py b/scanpipe/pipes/output.py
@@ -675,24 +675,21 @@ def get_cyclonedx_bom(project):
         ],
     )
 
-    components = []
     vulnerabilities = []
-    for package in get_queryset(project, "discoveredpackage"):
+
+    package_qs = get_queryset(project, "discoveredpackage")
+    package_qs = package_qs.prefetch_related("children_packages")
+
+    for package in package_qs:
         component = package.as_cyclonedx()
-        components.append(component)
+        bom.components.add(component)
+        bom.register_dependency(project_as_root_component, [component])
 
         for vulnerability_data in package.affected_by_vulnerabilities:
             vulnerabilities.append(
-                vulnerability_as_cyclonedx(
-                    vulnerability_data=vulnerability_data,
-                    component_bom_ref=component.bom_ref,
-                )
+                vulnerability_as_cyclonedx(vulnerability_data, component.bom_ref)
             )
 
-    for component in components:
-        bom.components.add(component)
-        bom.register_dependency(project_as_root_component, [component])
-
     bom.vulnerabilities = vulnerabilities
 
     return bom

diff --git a/scanpipe/tests/test_models.py b/scanpipe/tests/test_models.py
@@ -2165,6 +2165,8 @@ def test_scanpipe_package_model_integrity_with_toolkit_package_model(self):
             "tag",
             "declared_dependencies",
             "resolved_from_dependencies",
+            "parent_packages",
+            "children_packages",
         ]
 
         package_data_only_field = ["datasource_id", "dependencies"]