Add tests cleanup readme (#2232)

Author: Lukasz-Juranek

sbom/BUILD.bazel

@@ -14,6 +14,8 @@ package(default_visibility = ["//visibility:public"])
 exports_files([
     "defs.bzl",
     "extensions.bzl",
+    "cpp_metadata.json",
+    "crates_metadata.json",
 ])
 
 # Filegroup for all SBOM-related bzl files

sbom/SBOM_Readme.md

@@ -26,12 +26,19 @@ py_library(
     ],
 )
 
+py_library(
+    name = "utils",
+    srcs = ["utils.py"],
+)
+
 py_library(
     name = "spdx_formatter",
     srcs = ["spdx_formatter.py"],
+    deps = [":utils"],
 )
 
 py_library(
     name = "cyclonedx_formatter",
     srcs = ["cyclonedx_formatter.py"],
+    deps = [":utils"],
 )

sbom/docs/requirements/component_requirements.rst

@@ -6,23 +6,10 @@
 CycloneDX 1.6 Specification: https://cyclonedx.org/docs/1.6/json/
 """
 
-import re
 import uuid
 from typing import Any
 
-
-def _normalize_spdx_license(expr: str) -> str:
-    """Normalize SPDX boolean operators to uppercase as required by the spec.
-
-    dash-license-scan returns lowercase operators (e.g. 'Apache-2.0 or MIT').
-    SPDX 2.3 Appendix IV and CycloneDX 1.6 both require uppercase OR/AND/WITH.
-    Uses space-delimited substitution to avoid modifying license identifiers
-    that contain 'or'/'and' as substrings (e.g. GPL-2.0-or-later).
-    """
-    expr = re.sub(r" or ", " OR ", expr, flags=re.IGNORECASE)
-    expr = re.sub(r" and ", " AND ", expr, flags=re.IGNORECASE)
-    expr = re.sub(r" with ", " WITH ", expr, flags=re.IGNORECASE)
-    return expr
+from sbom.internal.generator.utils import _normalize_spdx_license
 
 
 def generate_cyclonedx(

sbom/docs/requirements/feature_requirements.rst

@@ -546,6 +546,44 @@ def filter_repos(repos: list[str], exclude_patterns: list[str]) -> list[str]:
     return filtered
 
 
+def _build_crate_result(
+    crate_name: str,
+    version: str,
+    crate_meta: dict[str, Any],
+) -> dict[str, Any]:
+    """Build a crate component dict from parsed name/version and cache metadata."""
+    result: dict[str, Any] = {
+        "name": crate_name,
+        "version": version,
+        "purl": f"pkg:cargo/{crate_name}@{version}",
+        "type": "library",
+        "source": "crates.io",
+    }
+    if crate_meta.get("license"):
+        result["license"] = crate_meta["license"]
+    if crate_meta.get("description"):
+        result["description"] = crate_meta["description"]
+    if crate_meta.get("supplier"):
+        result["supplier"] = crate_meta["supplier"]
+    if crate_meta.get("cpe"):
+        result["cpe"] = crate_meta["cpe"]
+    if crate_meta.get("aliases"):
+        result["aliases"] = crate_meta["aliases"]
+    if crate_meta.get("pedigree_ancestors"):
+        result["pedigree_ancestors"] = crate_meta["pedigree_ancestors"]
+    if crate_meta.get("pedigree_descendants"):
+        result["pedigree_descendants"] = crate_meta["pedigree_descendants"]
+    if crate_meta.get("pedigree_variants"):
+        result["pedigree_variants"] = crate_meta["pedigree_variants"]
+    if crate_meta.get("pedigree_notes"):
+        result["pedigree_notes"] = crate_meta["pedigree_notes"]
+    if crate_meta.get("repository"):
+        result["url"] = crate_meta["repository"]
+    if crate_meta.get("checksum"):
+        result["checksum"] = crate_meta["checksum"]
+    return result
+
+
 def resolve_component(
     repo_name: str, metadata: dict[str, Any]
 ) -> dict[str, Any] | None:
@@ -711,37 +749,7 @@ def resolve_component(
                 crate_meta = cached_crates.get(crate_name) or cached_crates.get(
                     crate_name.replace("-", "_"), {}
                 )
-
-                result = {
-                    "name": crate_name,
-                    "version": version,
-                    "purl": f"pkg:cargo/{crate_name}@{version}",
-                    "type": "library",
-                    "source": "crates.io",
-                }
-                if crate_meta.get("license"):
-                    result["license"] = crate_meta["license"]
-                if crate_meta.get("description"):
-                    result["description"] = crate_meta["description"]
-                if crate_meta.get("supplier"):
-                    result["supplier"] = crate_meta["supplier"]
-                if crate_meta.get("cpe"):
-                    result["cpe"] = crate_meta["cpe"]
-                if crate_meta.get("aliases"):
-                    result["aliases"] = crate_meta["aliases"]
-                if crate_meta.get("pedigree_ancestors"):
-                    result["pedigree_ancestors"] = crate_meta["pedigree_ancestors"]
-                if crate_meta.get("pedigree_descendants"):
-                    result["pedigree_descendants"] = crate_meta["pedigree_descendants"]
-                if crate_meta.get("pedigree_variants"):
-                    result["pedigree_variants"] = crate_meta["pedigree_variants"]
-                if crate_meta.get("pedigree_notes"):
-                    result["pedigree_notes"] = crate_meta["pedigree_notes"]
-                if crate_meta.get("repository"):
-                    result["url"] = crate_meta["repository"]
-                if crate_meta.get("checksum"):
-                    result["checksum"] = crate_meta["checksum"]
-                return result
+                return _build_crate_result(crate_name, version, crate_meta)
 
     # Handle legacy crate universe format (e.g., crates_io__tokio-1.10.0)
     if repo_name.startswith("crates_io__") or "_crates__" in repo_name:
@@ -759,37 +767,7 @@ def resolve_component(
                 crate_meta = cached_crates.get(crate_name) or cached_crates.get(
                     crate_name.replace("-", "_"), {}
                 )
-
-                result = {
-                    "name": crate_name,
-                    "version": version,
-                    "purl": f"pkg:cargo/{crate_name}@{version}",
-                    "type": "library",
-                    "source": "crates.io",
-                }
-                if crate_meta.get("license"):
-                    result["license"] = crate_meta["license"]
-                if crate_meta.get("description"):
-                    result["description"] = crate_meta["description"]
-                if crate_meta.get("supplier"):
-                    result["supplier"] = crate_meta["supplier"]
-                if crate_meta.get("cpe"):
-                    result["cpe"] = crate_meta["cpe"]
-                if crate_meta.get("aliases"):
-                    result["aliases"] = crate_meta["aliases"]
-                if crate_meta.get("pedigree_ancestors"):
-                    result["pedigree_ancestors"] = crate_meta["pedigree_ancestors"]
-                if crate_meta.get("pedigree_descendants"):
-                    result["pedigree_descendants"] = crate_meta["pedigree_descendants"]
-                if crate_meta.get("pedigree_variants"):
-                    result["pedigree_variants"] = crate_meta["pedigree_variants"]
-                if crate_meta.get("pedigree_notes"):
-                    result["pedigree_notes"] = crate_meta["pedigree_notes"]
-                if crate_meta.get("repository"):
-                    result["url"] = crate_meta["repository"]
-                if crate_meta.get("checksum"):
-                    result["checksum"] = crate_meta["checksum"]
-                return result
+                return _build_crate_result(crate_name, version, crate_meta)
 
     # Check if repo is a sub-library of a known parent (e.g., boost.config+ -> boost)
     # rules_boost splits Boost into individual repos like boost.config+, boost.assert+, etc.

sbom/internal/generator/BUILD

@@ -10,19 +10,7 @@
 import uuid
 from typing import Any
 
-
-def _normalize_spdx_license(expr: str) -> str:
-    """Normalize SPDX boolean operators to uppercase as required by the spec.
-
-    dash-license-scan returns lowercase operators (e.g. 'Apache-2.0 or MIT').
-    SPDX 2.3 requires uppercase OR/AND/WITH (Appendix IV).
-    Uses space-delimited substitution to avoid modifying license identifiers
-    that contain 'or'/'and' as substrings (e.g. GPL-2.0-or-later).
-    """
-    expr = re.sub(r" or ", " OR ", expr, flags=re.IGNORECASE)
-    expr = re.sub(r" and ", " AND ", expr, flags=re.IGNORECASE)
-    expr = re.sub(r" with ", " WITH ", expr, flags=re.IGNORECASE)
-    return expr
+from sbom.internal.generator.utils import _normalize_spdx_license
 
 
 def generate_spdx(

sbom/internal/generator/cyclonedx_formatter.py

@@ -0,0 +1,17 @@
+"""Shared utilities for SBOM formatters."""
+
+import re
+
+
+def _normalize_spdx_license(expr: str) -> str:
+    """Normalize SPDX boolean operators to uppercase as required by the spec.
+
+    dash-license-scan returns lowercase operators (e.g. 'Apache-2.0 or MIT').
+    SPDX 2.3 requires uppercase OR/AND/WITH (Appendix IV).
+    Uses space-delimited substitution to avoid modifying license identifiers
+    that contain 'or'/'and' as substrings (e.g. GPL-2.0-or-later).
+    """
+    expr = re.sub(r" or ", " OR ", expr, flags=re.IGNORECASE)
+    expr = re.sub(r" and ", " AND ", expr, flags=re.IGNORECASE)
+    expr = re.sub(r" with ", " WITH ", expr, flags=re.IGNORECASE)
+    return expr