Merge pull request #222 from nokia/fix-SBOM-type-issue

fixed a bug when the CISA SBOM type was followed by another line of t…

Author: vargenau

tools/openchain_telco_sbom_validator/README.md

@@ -3,6 +3,9 @@
 A script to validate SBOMs against
 the [OpenChain Telco SBOM Guide](https://github.com/OpenChain-Project/Telco-WG/blob/main/OpenChain-Telco-SBOM-Guide_EN.md).
 
+What is new in version 0.3.3:
+* fixed a bug when the CISA SBOM type was followed by another line of text in the comment.
+
 What is new in version 0.3.2:
 * option `--strict-url-check` now also checks the value of the PackageChecksum if present.
 

tools/openchain_telco_sbom_validator/setup.cfg

@@ -1,6 +1,6 @@
 [metadata]
 name = openchain-telco-sbom-validator
-version = 0.3.2
+version = 0.3.3
 author = Gergely Csatari, Marc-Etienne Vargenau
 author_email = gergely.csatari@nokia.com, marc-etienne.vargenau@nokia.com
 description = Validator against versions 1.0 and 1.1 of the OpenChain Telco SBOM Guide

tools/openchain_telco_sbom_validator/src/openchain_telco_sbom_validator/validator.py

@@ -377,6 +377,8 @@ def validate(self,
                 # Remove punctuation
                 translator = str.maketrans('', '', string.punctuation)
                 creator_comment = creator_comment.translate(translator)
+                # Replace carriage return and line feed by space
+                creator_comment = creator_comment.replace('\r', ' ').replace('\n', ' ')
                 tokens = re.split(r'[ :]+', creator_comment)
                 logger.debug(f"Strict check is off. (CreatorComment words: {tokens})")
                 if not any(sbom_type in tokens for sbom_type in cisaSBOMTypes):