ObjectLocator#locate does not search any objects in a given BOM, if the BOM is missing a metadata.component node:
|
public ObjectLocator locate() { |
|
if (this.bom == null || this.bomRef == null) return this; |
|
|
|
// TODO is BOM-Link |
|
|
|
|
|
if (this.bom.getMetadata() != null && this.bom.getMetadata().getComponent() != null) { |
|
Component c = findComponent(Collections.singletonList(this.bom.getMetadata().getComponent()), this.bomRef); |
|
if (c != null) { |
|
this.isMetadataComponent = true; |
|
this.object = c; |
|
} |
|
c = findComponent(this.bom.getComponents(), this.bomRef); |
|
if (c != null) { |
|
this.object = c; |
|
} |
|
final Service s = findService(this.bom.getServices(), this.bomRef); |
|
if (s != null) { |
|
this.object = s; |
|
} |
|
final Vulnerability v = findVulnerability(this.bom.getVulnerabilities(), this.bomRef); |
|
if (v != null) { |
|
this.object = v; |
|
} |
|
} |
|
return this; |
|
} |
It should be able to search in components, services, and vulnerabilities, even when metadata.component is not set.
