From 6a05ed9092574b8e68a1e639b9313810b334fb1a Mon Sep 17 00:00:00 2001
From: Sebastian Ziebell <sebastian.ziebell@ferrous-systems.com>
Date: Mon, 13 May 2024 11:28:20 +0200
Subject: [PATCH] Append SBOM file suffix instead of replacing

Instead of replacing the file extension, the `.cargo-sbom.json` suffix
is appended to the output file. This is to keep existing file extensions
in place.

* refactor logic to set `sbom` property from build config
* expand build script related test to check JSON output
---
 src/cargo/core/compiler/build_config.rs     | 17 +++--
 src/cargo/core/compiler/build_runner/mod.rs | 10 ++-
 tests/testsuite/sbom.rs                     | 71 +++++++++++++++++++++
 3 files changed, 88 insertions(+), 10 deletions(-)

diff --git a/src/cargo/core/compiler/build_config.rs b/src/cargo/core/compiler/build_config.rs
index 09ab25b450f0..859179c1ce0f 100644
--- a/src/cargo/core/compiler/build_config.rs
+++ b/src/cargo/core/compiler/build_config.rs
@@ -105,17 +105,16 @@ impl BuildConfig {
         }
 
         // If sbom flag is set, it requires the unstable feature
-        let mut sbom = match gctx.get_env_os("CARGO_BUILD_SBOM") {
-            Some(sbom) => sbom == "true",
-            None => cfg.sbom == Some(true),
+        let sbom = match (cfg.sbom, gctx.cli_unstable().sbom) {
+            (Some(sbom), true) => sbom,
+            (Some(_), false) => {
+                gctx.shell()
+                    .warn("ignoring 'sbom' config, pass `-Zsbom` to enable it")?;
+                false
+            }
+            (None, _) => false,
         };
 
-        if sbom && !gctx.cli_unstable().sbom {
-            gctx.shell()
-                .warn("ignoring 'sbom' config, pass `-Zsbom` to enable it")?;
-            sbom = false;
-        }
-
         Ok(BuildConfig {
             requested_kinds,
             jobs,
diff --git a/src/cargo/core/compiler/build_runner/mod.rs b/src/cargo/core/compiler/build_runner/mod.rs
index 4ef45eb1a231..05eb7b446f4f 100644
--- a/src/cargo/core/compiler/build_runner/mod.rs
+++ b/src/cargo/core/compiler/build_runner/mod.rs
@@ -427,13 +427,21 @@ impl<'a, 'gctx> BuildRunner<'a, 'gctx> {
     ///
     /// Only call this function when `sbom` is active.
     pub fn sbom_output_files(&self, unit: &Unit) -> CargoResult<Vec<PathBuf>> {
+        const SBOM_FILE_EXTENSION: &str = ".cargo-sbom.json";
+
+        fn append_sbom_suffix(link: &PathBuf, suffix: &str) -> PathBuf {
+            let mut link_buf = link.clone().into_os_string();
+            link_buf.push(suffix);
+            PathBuf::from(link_buf)
+        }
+
         assert!(self.bcx.build_config.sbom);
         let files = self
             .outputs(unit)?
             .iter()
             .filter(|o| matches!(o.flavor, FileFlavor::Normal | FileFlavor::Linkable))
             .filter_map(|output_file| output_file.hardlink.as_ref())
-            .map(|link_dst| link_dst.with_extension("cargo-sbom.json"))
+            .map(|link| append_sbom_suffix(link, SBOM_FILE_EXTENSION))
             .collect::<Vec<_>>();
         Ok(files)
     }
diff --git a/tests/testsuite/sbom.rs b/tests/testsuite/sbom.rs
index a64bc7cb2328..afe170ab8d9c 100644
--- a/tests/testsuite/sbom.rs
+++ b/tests/testsuite/sbom.rs
@@ -181,6 +181,77 @@ fn build_sbom_with_simple_build_script() {
 
     let path = p.bin("foo").with_extension("cargo-sbom.json");
     assert!(path.is_file());
+
+    assert_json_output(
+        path,
+        r#"
+        {
+            "format_version": 1,
+            "package_id": "path+file:///[..]/foo#0.0.1",
+            "name": "foo",
+            "version": "0.0.1",
+            "source": "[ROOT]/foo",
+            "target": {
+                "kind": [
+                    "bin"
+                ],
+                "crate_type": "bin",
+                "name": "foo",
+                "edition": "2015"
+            },
+            "profile": {
+                "name": "dev",
+                "opt_level": "0",
+                "lto": "false",
+                "codegen_backend": null,
+                "codegen_units": null,
+                "debuginfo": 2,
+                "split_debuginfo": "{...}",
+                "debug_assertions": true,
+                "overflow_checks": true,
+                "rpath": false,
+                "incremental": false,
+                "panic": "unwind",
+                "strip": {
+                    "deferred": "None"
+                }
+            },
+            "packages": [
+                {
+                    "build_type": "build",
+                    "dependencies": [
+                        {
+                            "features": [],
+                            "name": "foo",
+                            "package_id": "foo 0.0.1 (path+file:///[..]/foo)",
+                            "version": "0.0.1"
+                        }
+                    ],
+                    "extern_crate_name": "build_script_build",
+                    "features": [],
+                    "package": "foo",
+                    "package_id": "foo 0.0.1 (path+file:///[..]/foo)",
+                    "version": "0.0.1"
+                },
+                {
+                    "package_id": "foo 0.0.1 (path+file:///[..]/foo)",
+                    "package": "foo",
+                    "version": "0.0.1",
+                    "features": [],
+                    "build_type": "normal",
+                    "extern_crate_name": "build_script_build",
+                    "dependencies": []
+                }
+            ],
+            "features": [],
+            "rustc": {
+                "version": "[..]",
+                "wrapper": null,
+                "commit_hash": "[..]",
+                "host": "[..]"
+            }
+        }"#,
+    );
 }
 
 #[cargo_test]