Skip to content

Commit

Permalink
Merge pull request #158 from siemens/feature/hashaddition
Browse files Browse the repository at this point in the history
Updating SBOM with component Hashes
  • Loading branch information
Vijayalakshmi027 authored Jun 11, 2024
2 parents 70a1493 + 41bb415 commit 3cde00e
Show file tree
Hide file tree
Showing 36 changed files with 1,295 additions and 121 deletions.
29 changes: 28 additions & 1 deletion src/ArtifactoryUploader/Model/DisplayPackagesInfo.cs
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,16 @@
// SPDX-License-Identifier: MIT
// --------------------------------------------------------------------------------------------------------------------
using LCT.APICommunications.Model;
using Newtonsoft.Json;
using System.Collections.Generic;

namespace LCT.ArtifactoryUploader.Model
{
/// <summary>
/// The Model class for UnkmownPackagesAll
/// The Model class for DisplayPackagesInfo
/// </summary>

[System.Diagnostics.CodeAnalysis.ExcludeFromCodeCoverage]
public class DisplayPackagesInfo
{
public List<ComponentsToArtifactory> UnknownPackagesNpm { get; set; }
Expand Down Expand Up @@ -39,4 +42,28 @@ public class DisplayPackagesInfo
public List<ComponentsToArtifactory> SuccessfullPackagesMaven { get; set; }

}
public class ProjectResponse
{
[JsonProperty("npm")]
public List<JsonComponents> Npm { get; set; }
[JsonProperty("nuget")]
public List<JsonComponents> Nuget { get; set; }
[JsonProperty("conan")]
public List<JsonComponents> Conan { get; set; }
[JsonProperty("python")]
public List<JsonComponents> Python { get; set; }
[JsonProperty("debian")]
public List<JsonComponents> Debian { get; set; }
[JsonProperty("maven")]
public List<JsonComponents> Maven { get; set; }

}

public class JsonComponents
{
[JsonProperty("name")]
public string Name { get; set; }
[JsonProperty("version")]
public string Version { get; set; }
}
}
285 changes: 268 additions & 17 deletions src/ArtifactoryUploader/PackageUploadHelper.cs

Large diffs are not rendered by default.

24 changes: 16 additions & 8 deletions src/ArtifactoryUploader/PackageUploader.cs
Original file line number Diff line number Diff line change
Expand Up @@ -123,15 +123,23 @@ public static void DisplayAllSettings(List<Component> m_ComponentsInBOM, CommonA

private static void PackageSettings(Config project)
{
string includeList = string.Empty;
string excludeList = string.Empty;
if (project.Include != null)
{
includeList = string.Join(",", project.Include?.ToList());
}
if (project.Exclude != null)
{
excludeList = string.Join(",", project.Exclude?.ToList());
}

Logger.Logger.Log(null, Level.Notice, $"\tDEVDEP_REPO_NAME:\t`{project.JfrogDevDestRepoName}`\n\t" +
$"THIRD_PARTY_REPO_NAME:\t`{project.JfrogThirdPartyDestRepoName}`\n\t" +
$"INTERNAL_REPO_NAME:\t`{project.JfrogInternalDestRepoName}`\n\t" +
$"Config:\n\t" +
$"Include: \t", null);
project.Include?.ToList().ForEach(x => Logger.Logger.Log(null, Level.Notice, $"\t\t\t\t`{x}`\t", null));
Logger.Logger.Log(null, Level.Notice, $"\tExclude:", null);
project.Exclude?.ToList().ForEach(x => Logger.Logger.Log(null, Level.Notice, $"\t\t\t\t`{x}`\n\t", null));
Logger.Logger.Log(null, Level.Notice, $"\tDEVDEP_REPO_NAME:\t{project.JfrogDevDestRepoName}\n\t" +
$"THIRD_PARTY_REPO_NAME:\t{project.JfrogThirdPartyDestRepoName}\n\t" +
$"INTERNAL_REPO_NAME:\t{project.JfrogInternalDestRepoName}\n\t" +
$"Config:\n\t" +
$"Exclude:\t\t{excludeList}\n\t" +
$"Include: \t\t{includeList}\n", null);
}
}
}
1 change: 0 additions & 1 deletion src/ArtifactoryUploader/Program.cs
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ static async Task Main(string[] args)
Logger.Logger.Log(null, Level.Info, $"Input Parameters used in Artifactory Uploader:\n\t", null);
Logger.Logger.Log(null, Level.Notice, $"\tBomFilePath:\t\t {appSettings.BomFilePath}\n\t" +
$"JFrogUrl:\t\t {appSettings.JFrogApi}\n\t" +
$"Artifactory User:\t {appSettings.ArtifactoryUploadUser}\n\t" +
$"Release:\t\t {appSettings.Release}\n\t" +
$"LogFolderPath:\t\t {Path.GetFullPath(FolderPath)}\n", null);

Expand Down
2 changes: 1 addition & 1 deletion src/LCT.APICommunications/JfrogAqlApiCommunication.cs
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ public async Task<HttpResponseMessage> GetInternalComponentDataByRepo(string rep
StringBuilder query = new();
query.Append("items.find({\"repo\":\"");
query.Append($"{repoName}");
query.Append("\"}).include(\"repo\", \"path\", \"name\")");
query.Append("\"}).include(\"repo\", \"path\", \"name\", \"actual_sha1\",\"actual_md5\",\"sha256\")");

string aqlQueryToBody = query.ToString();
string uri = $"{DomainName}{ApiConstant.JfrogArtifactoryApiSearchAql}";
Expand Down
9 changes: 9 additions & 0 deletions src/LCT.APICommunications/Model/AQL/AqlResult.cs
Original file line number Diff line number Diff line change
Expand Up @@ -22,5 +22,14 @@ public class AqlResult

[JsonProperty("name")]
public string Name { get; set; }

[JsonProperty("actual_md5")]
public string MD5 { get; set; }

[JsonProperty("actual_sha1")]
public string SHA1 { get; set; }

[JsonProperty("sha256")]
public string SHA256 { get; set; }
}
}
2 changes: 2 additions & 0 deletions src/LCT.Common/Constants/FileConstant.cs
Original file line number Diff line number Diff line change
Expand Up @@ -50,5 +50,7 @@ public static class FileConstant
public const string CycloneDXFileExtension = ".cdx.json";
public const string SBOMTemplateFileExtension = "CATemplate.cdx.json";
public const string NugetAssetFile = "project.assets.json";
public const string multipleversionsFileName = "Multipleversions.json";
public const string artifactoryReportNotApproved = "ReportNotApproved.json";
}
}
5 changes: 3 additions & 2 deletions src/LCT.Common/CycloneDXBomParser.cs
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ public Bom ParseCycloneDXBom(string filePath)
{
Bom bom = new Bom();
string json = string.Empty;
Logger.Logger.Log(null, Level.Notice, $"Consuming cyclonedx file data from "+ filePath + "...\n", null);
Logger.Logger.Log(null, Level.Notice, $"Consuming cyclonedx file data from " + filePath + "...\n", null);

try
{
Expand Down Expand Up @@ -81,7 +81,7 @@ public static void CheckValidComponentsForProjectType(List<Component> bom, strin
foreach (var component in bom.ToList())
{
if (!string.IsNullOrEmpty(component.Name) && !string.IsNullOrEmpty(component.Version)
&& !string.IsNullOrEmpty(component.Purl) &&
&& !string.IsNullOrEmpty(component.Purl) &&
component.Purl.Contains(Dataconstant.PurlCheck()[projectType.ToUpper()]))
{
//Taking Valid Components for perticular projects
Expand All @@ -94,5 +94,6 @@ public static void CheckValidComponentsForProjectType(List<Component> bom, strin
}
}
}

}
}
4 changes: 2 additions & 2 deletions src/LCT.Common/ExceptionHandling.cs
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 +35,11 @@ public static void FossologyException(HttpRequestException ex)
{
if (500 <= Convert.ToInt32(ex.StatusCode) && Convert.ToInt32(ex.StatusCode) <= 599)
{
Logger.Logger.Log(null, Level.Error, $"The exception may arise because fossology is currently unresponsive:{ex.Message} Please try again later", null);
Logger.Logger.Log(null, Level.Error, $"\tThe exception may arise because fossology is currently unresponsive:{ex.Message} Please try again later", null);
}
else
{
Logger.Logger.Log(null, Level.Error, $"The exception may be caused by an incorrect or missing token for fossology :{ex.Message} Please ensure that a valid token is provided and try again", null);
Logger.Logger.Log(null, Level.Error, $"\tThe exception may be caused by an incorrect or missing token for fossology :{ex.Message} Please ensure that a valid token is provided and try again", null);
}
}

Expand Down
84 changes: 80 additions & 4 deletions src/LCT.Common/FileOperations.cs
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,14 @@
using LCT.Common.Interface;
using log4net;
using Newtonsoft.Json;
using Newtonsoft.Json.Converters;
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Security;
using Newtonsoft.Json.Converters;

namespace LCT.Common
{
Expand Down Expand Up @@ -49,10 +51,9 @@ public void ValidateFilePath(string filePath)
public string WriteContentToFile<T>(T dataToWrite, string folderPath, string fileNameWithExtension, string projectName)
{
try
{
Logger.Debug($"WriteContentToFile():folderpath-{folderPath},fileNameWithExtension-{fileNameWithExtension}," +
$"projectName-{projectName}");
string jsonString = JsonConvert.SerializeObject(dataToWrite, Formatting.Indented);
{
Logger.Debug($"WriteContentToFile():folderpath-{folderPath},fileNameWithExtension-{fileNameWithExtension}," + $"projectName-{projectName}");
string jsonString = JsonConvert.SerializeObject(dataToWrite, Formatting.Indented, new StringEnumConverter());
string fileName = $"{projectName}_{fileNameWithExtension}";

string filePath = Path.Combine(folderPath, fileName);
Expand Down Expand Up @@ -193,5 +194,80 @@ private static void BackupTheGivenFile(string folderPath, string fileName)
Environment.ExitCode = -1;
}
}
/// <summary>
/// writes the content to the specified file
/// </summary>
/// <typeparam name="T"></typeparam>
/// <param name="dataToWrite">dataToWrite</param>
/// <param name="folderPath">folderPath</param>
/// <param name="fileNameWithExtension">fileNameWithExtension</param>
/// <param name="projectName">projectName</param>
public string WriteContentToReportNotApprovedFile<T>(T dataToWrite, string folderPath, string fileNameWithExtension, string name)
{
try
{
Logger.Debug($"WriteContentToReportNotApprovedFile():folderpath-{folderPath},fileNameWithExtension-{fileNameWithExtension}," +
$"Name-{name}");
string jsonString = JsonConvert.SerializeObject(dataToWrite, Formatting.Indented, new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore });
string fileName = $"{name}_{fileNameWithExtension}";

string filePath = Path.Combine(folderPath, fileName);
Logger.Debug($"filePath-{filePath}");
File.WriteAllText(filePath, jsonString);

}
catch (IOException e)
{
Logger.Debug($"WriteContentToReportNotApprovedFile():Error:", e);
return "failure";
}
catch (UnauthorizedAccessException e)
{
Logger.Debug($"WriteContentToReportNotApprovedFile():Error:", e);
return "failure";
}
catch (SecurityException e)
{
Logger.Debug($"WriteContentToReportNotApprovedFile():Error:", e);
return "failure";
}
Logger.Debug($"WriteContentToReportNotApprovedFile():End");
return "success";

}
public string WriteContentToMultipleVersionsFile<T>(T dataToWrite, string folderPath, string fileNameWithExtension, string projectName)
{
try
{
Logger.Debug($"WriteContentToMultipleVersionsFile():folderpath-{folderPath},fileNameWithExtension-{fileNameWithExtension}," +
$"projectName-{projectName}");
string jsonString = JsonConvert.SerializeObject(dataToWrite, Formatting.Indented, new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore });
string fileName = $"{projectName}_{fileNameWithExtension}";

string filePath = Path.Combine(folderPath, fileName);
Logger.Debug($"filePath-{filePath}");
BackupTheGivenFile(folderPath, fileName);
File.WriteAllText(filePath, jsonString);

}
catch (IOException e)
{
Logger.Debug($"WriteContentToMultipleVersionsFile():Error:", e);
return "failure";
}
catch (UnauthorizedAccessException e)
{
Logger.Debug($"WriteContentToMultipleVersionsFile():Error:", e);
return "failure";
}
catch (SecurityException e)
{
Logger.Debug($"WriteContentToMultipleVersionsFile():Error:", e);
return "failure";
}
Logger.Debug($"WriteContentToMultipleVersionsFile():End");
return "success";

}
}
}
18 changes: 18 additions & 0 deletions src/LCT.Common/Interface/IFileOperations.cs
Original file line number Diff line number Diff line change
Expand Up @@ -41,5 +41,23 @@ public interface IFileOperations
/// <param name="dataToWrite">comparisonBOM data</param>
/// <param name="filePath">filePath</param>
public string WriteContentToCycloneDXFile<T>(T dataToWrite, string filePath, string fileNameWithExtension);

/// <summary>
/// Writes the given content to the file
/// </summary>
/// <typeparam name="T">Any type</typeparam>
/// <param name="dataToWrite">Data to write</param>
/// <param name="folderPath">Folder path to save the file</param>
/// <param name="fileNameWithExtension">File Name with Extension</param>
public string WriteContentToReportNotApprovedFile<T>(T dataToWrite, string folderPath, string fileNameWithExtension, string name);

/// <summary>
/// Writes the given content to the file
/// </summary>
/// <typeparam name="T">Any type</typeparam>
/// <param name="dataToWrite">Data to write</param>
/// <param name="folderPath">Folder path to save the file</param>
/// <param name="fileNameWithExtension">File Name with Extension</param>
public string WriteContentToMultipleVersionsFile<T>(T dataToWrite, string folderPath, string fileNameWithExtension, string projectName);
}
}
30 changes: 30 additions & 0 deletions src/LCT.Common/Model/MultipleVersionValues.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
// --------------------------------------------------------------------------------------------------------------------
// SPDX-FileCopyrightText: 2024 Siemens AG
//
// SPDX-License-Identifier: MIT
// --------------------------------------------------------------------------------------------------------------------

using System.Collections.Generic;
using System.Diagnostics.CodeAnalysis;

namespace LCT.Common.Model
{
/// <summary>
/// MultipleVersionValues model
/// </summary>
[ExcludeFromCodeCoverage]
public class MultipleVersionValues
{
public string ComponentName { get; set; }
public string ComponentVersion { get; set; }
public string PackageFoundIn { get; set; }

}

public class MultipleVersions
{
public List<MultipleVersionValues> Npm { get; set; }
public List<MultipleVersionValues> Nuget { get; set; }
public List<MultipleVersionValues> Conan { get; set; }
}
}
Loading

0 comments on commit 3cde00e

Please sign in to comment.