add completeness extractor

viveksahu26 · viveksahu26 · commit eb5fd8610619 · 2025-10-10T21:12:18.000+05:30
diff --git a/pkg/scorer/v2/engine/farmulas.go b/pkg/scorer/v2/engine/farmulas.go
@@ -20,6 +20,13 @@ import (
 	"github.com/interlynk-io/sbomqs/pkg/scorer/v2/config"
 )
 
+func ScoreNA() config.FeatureScore {
+	return config.FeatureScore{
+		Score:  PerComponentScore(0, 0),
+		Desc:   NoComponentsNA(),
+		Ignore: true,
+	}
+}
 func NoComponentsNA() string           { return "N/A (no components)" }
 func MissingField(field string) string { return "missing " + field }
 func PresentField(field string) string { return "present " + field }
diff --git a/pkg/scorer/v2/extractors/completeness.go b/pkg/scorer/v2/extractors/completeness.go
@@ -14,14 +14,140 @@
 
 package extractors
 
-// comp_with_dependencies: Valid dependency graph ?
+import (
+	"strings"
+
+	"github.com/interlynk-io/sbomqs/pkg/sbom"
+	"github.com/interlynk-io/sbomqs/pkg/scorer/v2/config"
+	"github.com/interlynk-io/sbomqs/pkg/scorer/v2/engine"
+	"github.com/samber/lo"
+)
+
+// comp_with_dependencies (component-level coverage)
+// SPDX: relationships (DEPENDS_ON); CDX: component.dependencies / bom.dependencies
+func CompWithDependencies(doc sbom.Document) config.FeatureScore {
+	comps := doc.Components()
+	if len(comps) == 0 {
+		return engine.ScoreNA()
+	}
+
+	have := lo.CountBy(comps, func(c sbom.GetComponent) bool {
+		return c.HasRelationShips() || c.CountOfDependencies() > 0
+	})
+
+	return config.FeatureScore{
+		Score:  engine.PerComponentScore(have, len(comps)),
+		Desc:   engine.CompDescription(have, len(comps), "dependencies"),
+		Ignore: false,
+	}
+}
 
 // comp_with_declared_completeness: Completeness declaration present
+func CompWithCompleteness(doc sbom.Document) config.FeatureScore {
+	comps := doc.Components()
+	if len(comps) == 0 {
+		return engine.ScoreNA()
+	}
+
+	spec := doc.Spec().GetSpecType()
+
+	switch spec {
+	case string(sbom.SBOMSpecSPDX):
+		// N/A for SPDX
+		return config.FeatureScore{
+			Score:  engine.BooleanScore(false),
+			Desc:   engine.NonSupportedSPDXField(),
+			Ignore: true,
+		}
+
+	case string(sbom.SBOMSpecCDX):
+		// TODO: to add this method in our sbom module, then only we can fetch it here
+		// Compositions/Aggregate
+		// have := lo.CountBy(doc.Components(), func(c sbom.GetComponent) bool {
+		// 	return c.GetComposition() != ""
+		// })
+	}
+
+	return config.FeatureScore{
+		Score:  engine.BooleanScore(false),
+		Desc:   engine.UnknownSpec(),
+		Ignore: true,
+	}
+}
 
 // sbom_with_primary_comp: Single primary component defined
+func SBOMWithPrimaryComponent(doc sbom.Document) config.FeatureScore {
+	comps := doc.Components()
+	isPrimaryPresent := doc.PrimaryComp().IsPresent()
+
+	if !isPrimaryPresent {
+		return config.FeatureScore{
+			Score:  engine.PerComponentScore(0, len(comps)),
+			Desc:   "absent",
+			Ignore: true,
+		}
+	}
+
+	return config.FeatureScore{
+		Score:  engine.BooleanScore(isPrimaryPresent),
+		Desc:   "identified",
+		Ignore: false,
+	}
+}
 
 // comps_with_source_code: Valid VCS URL
+func CompWithSourceCode(doc sbom.Document) config.FeatureScore {
+	comps := doc.Components()
+	if len(comps) == 0 {
+		return engine.ScoreNA()
+	}
+
+	have := lo.CountBy(doc.Components(), func(c sbom.GetComponent) bool {
+		return strings.TrimSpace(c.SourceCodeURL()) != ""
+	})
+
+	return config.FeatureScore{
+		Score:  engine.PerComponentScore(have, len(comps)),
+		Desc:   engine.CompDescription(have, len(comps), "source URIs"),
+		Ignore: false,
+	}
+}
 
 // comp_with_supplier
+func CompWithSupplier(doc sbom.Document) config.FeatureScore {
+	comps := doc.Components()
+	if len(comps) == 0 {
+		return engine.ScoreNA()
+	}
+
+	have := lo.CountBy(comps, func(c sbom.GetComponent) bool {
+		s := c.Suppliers()
+		hasName := strings.TrimSpace(s.GetName()) != ""
+		hasContact := strings.TrimSpace(s.GetEmail()) != "" || strings.TrimSpace(s.GetURL()) != ""
+		return c.Suppliers().IsPresent() && hasName && hasContact
+	})
+
+	return config.FeatureScore{
+		Score:  engine.PerComponentScore(have, len(comps)),
+		Desc:   engine.CompDescription(have, len(comps), "suppliers"),
+		Ignore: false,
+	}
+}
 
 // comp_with_primary_purpose
+func CompWithPackagePurpose(doc sbom.Document) config.FeatureScore {
+	comps := doc.Components()
+	if len(comps) == 0 {
+		return engine.ScoreNA()
+	}
+
+	have := lo.CountBy(comps, func(c sbom.GetComponent) bool {
+		return c.PrimaryPurpose() != ""
+	})
+
+	return config.FeatureScore{
+		Score:  engine.PerComponentScore(have, len(comps)),
+		Desc:   engine.CompDescription(have, len(comps), "type"),
+		Ignore: false,
+	}
+}
diff --git a/pkg/scorer/v2/extractors/identification.go b/pkg/scorer/v2/extractors/identification.go
@@ -26,62 +26,48 @@ import (
 
 // CompWithName: percentage of components that have a non-empty name.
 func CompWithName(doc sbom.Document) config.FeatureScore {
-	total := len(doc.Components())
-	if total == 0 {
-		return config.FeatureScore{
-			Score:  engine.PerComponentScore(0, total),
-			Desc:   engine.NoComponentsNA(),
-			Ignore: true,
-		}
+	comps := doc.Components()
+	if len(comps) == 0 {
+		return engine.ScoreNA()
 	}
 
 	have := lo.CountBy(doc.Components(), func(c sbom.GetComponent) bool {
 		return strings.TrimSpace(c.GetName()) != ""
 	})
 
 	return config.FeatureScore{
-		Score: engine.PerComponentScore(have, total),
-		Desc:  engine.CompDescription(have, total, "names"),
-
+		Score:  engine.PerComponentScore(have, len(comps)),
+		Desc:   engine.CompDescription(have, len(comps), "names"),
 		Ignore: false,
 	}
 }
 
 // CompWithVersion: percentage of components that have a non-empty version.
 func CompWithVersion(doc sbom.Document) config.FeatureScore {
-	total := len(doc.Components())
-	if total == 0 {
-		return config.FeatureScore{
-			Score:  engine.PerComponentScore(0, total),
-			Desc:   engine.NoComponentsNA(),
-			Ignore: true,
-		}
+	comps := doc.Components()
+	if len(comps) == 0 {
+		return engine.ScoreNA()
 	}
 
 	have := lo.CountBy(doc.Components(), func(c sbom.GetComponent) bool {
 		return strings.TrimSpace(c.GetVersion()) != ""
 	})
 
 	return config.FeatureScore{
-		Score:  engine.PerComponentScore(have, total),
-		Desc:   engine.CompDescription(have, total, "versions"),
+		Score:  engine.PerComponentScore(have, len(comps)),
+		Desc:   engine.CompDescription(have, len(comps), "versions"),
 		Ignore: false,
 	}
 }
 
 // CompWithUniqIDs: percentage of components whose ID is present and unique within the SBOM.
 func CompWithUniqLocalIDs(doc sbom.Document) config.FeatureScore {
-	total := len(doc.Components())
-	if total == 0 {
-		return config.FeatureScore{
-			Score:  engine.PerComponentScore(0, total),
-			Desc:   engine.NoComponentsNA(),
-			Ignore: true,
-		}
+	comps := doc.Components()
+	if len(comps) == 0 {
+		return engine.ScoreNA()
 	}
 
 	have := lo.FilterMap(doc.Components(), func(c sbom.GetComponent, _ int) (string, bool) {
-		// cross-check: is this local unique id or unique id like purl, cpe ?
 		if c.GetID() == "" {
 			fmt.Println("c.GetID(): ", c.GetID())
 			return "", false
@@ -90,8 +76,8 @@ func CompWithUniqLocalIDs(doc sbom.Document) config.FeatureScore {
 	})
 
 	return config.FeatureScore{
-		Score:  engine.PerComponentScore(len(have), total),
-		Desc:   engine.CompDescription(len(have), total, "unique IDs"),
+		Score:  engine.PerComponentScore(len(have), len(comps)),
+		Desc:   engine.CompDescription(len(have), len(comps), "unique IDs"),
 		Ignore: false,
 	}
 }
diff --git a/pkg/scorer/v2/extractors/integrity.go b/pkg/scorer/v2/extractors/integrity.go
@@ -29,13 +29,8 @@ import (
 // (SHA-1, SHA-256, SHA-384, or SHA-512).
 func CompWithSHA1Plus(doc sbom.Document) config.FeatureScore {
 	comps := doc.Components()
-	total := len(comps)
-	if total == 0 {
-		return config.FeatureScore{
-			Score:  engine.PerComponentScore(0, 0),
-			Desc:   engine.NoComponentsNA(),
-			Ignore: true,
-		}
+	if len(comps) == 0 {
+		return engine.ScoreNA()
 	}
 
 	have := 0
@@ -46,22 +41,17 @@ func CompWithSHA1Plus(doc sbom.Document) config.FeatureScore {
 	}
 
 	return config.FeatureScore{
-		Score:  engine.PerComponentScore(have, total),
-		Desc:   engine.CompDescription(have, total, "SHA-1+"),
+		Score:  engine.PerComponentScore(have, len(comps)),
+		Desc:   engine.CompDescription(have, len(comps), "SHA-1+"),
 		Ignore: false,
 	}
 }
 
 // CompWithSHA256Plus returns coverage of components that have SHA-256 or stronger.
 func CompWithSHA256Plus(doc sbom.Document) config.FeatureScore {
 	comps := doc.Components()
-	total := len(comps)
-	if total == 0 {
-		return config.FeatureScore{
-			Score:  engine.PerComponentScore(0, 0),
-			Desc:   engine.NoComponentsNA(),
-			Ignore: true,
-		}
+	if len(comps) == 0 {
+		return engine.ScoreNA()
 	}
 
 	have := 0
@@ -72,8 +62,8 @@ func CompWithSHA256Plus(doc sbom.Document) config.FeatureScore {
 	}
 
 	return config.FeatureScore{
-		Score:  engine.PerComponentScore(have, total),
-		Desc:   engine.CompDescription(have, total, "SHA-256+"),
+		Score:  engine.PerComponentScore(have, len(comps)),
+		Desc:   engine.CompDescription(have, len(comps), "SHA-256+"),
 		Ignore: false,
 	}
 }
