Skip to content

Fix technique filtering logic by correctly checking for intersection #1848

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 8, 2025
Merged

Fix technique filtering logic by correctly checking for intersection #1848

merged 1 commit into from
Jun 8, 2025

Conversation

yuvalmich
Copy link
Contributor

@yuvalmich yuvalmich commented Jun 8, 2025
edited
Loading

Bug Summary

This PR fixes a logic bug in the technique filtering block where the code attempted to check for an intersection between two sets (usedTechniques and allowedTechniques) using:

if (!new Set([...usedTechniques].filter((i) => allowedTechniques.has(i))))

However, this condition is flawed because new Set(...) always returns a truthy object, even if the set is empty. As a result, the condition never evaluated to true, and the intended filtering logic was never triggered.

Fix

The condition has been updated to use .some() without set usage:

if (
  usedTechniques &&
  ![...usedTechniques].some((i) => allowedTechniques.has(i))
)

This correctly checks whether any technique in usedTechniques is present in allowedTechniques, and filters out the component if there is no match.

Linked Issue

#1849

@yuvalmich yuvalmich requested a review from prabhu as a code owner June 8, 2025 08:58
@yuvalmich yuvalmich force-pushed the bugfix/technique-option-filter branch from f8b63d7 to 02871ea Compare June 8, 2025 09:10
@yuvalmich
fix: ensure components are filtered out when no matching techniques a…
ffd4458 
…re found

Signed-off-by: Yuval Michaeli <yuvalmich2@gmail.com>
@yuvalmich yuvalmich force-pushed the bugfix/technique-option-filter branch from 02871ea to ffd4458 Compare June 8, 2025 09:11
@yuvalmich yuvalmich mentioned this pull request Jun 8, 2025
Closed
prabhu
prabhu reviewed Jun 8, 2025
View reviewed changes
lib/stages/postgen/postgen.js
@@ -304,7 +304,7 @@ export function filterBom(bomJson, options) {
// Set.intersection is only available in node >= 22. See Bug# 1651
if (
usedTechniques &&
!new Set([...usedTechniques].filter((i) => allowedTechniques.has(i)))
![...usedTechniques].some((i) => allowedTechniques.has(i))
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you tried adding .size? That must work too.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes it also works.

However, using .some() is a bit more efficient than converting to a Set and checking .size because it stops at the first match and avoids creating intermediate data structures.

@prabhu prabhu merged commit 1252f36 into CycloneDX:master Jun 8, 2025
68 of 69 checks passed
@prabhu prabhu linked an issue Jun 9, 2025 that may be closed by this pull request
[Bug] technique Filtering Logic Is Ineffective Due to Always-Truthy Set Check #1849
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prabhu prabhu prabhu approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Bug] technique Filtering Logic Is Ineffective Due to Always-Truthy Set Check
2 participants
@yuvalmich @prabhu