Skip to content

Commit

Permalink
feat(project CreateBom): add info about clearing results
Browse files Browse the repository at this point in the history
  • Loading branch information
gernot-h committed Jul 18, 2023
1 parent 788aa7e commit 2ee751e
Show file tree
Hide file tree
Showing 4 changed files with 79 additions and 23 deletions.
5 changes: 5 additions & 0 deletions capycli/common/capycli_bom_support.py
Original file line number Diff line number Diff line change
Expand Up @@ -631,6 +631,11 @@ class CaPyCliBom():
SOURCE_FILE_COMMENT = "source archive (local copy)"
BINARY_URL_COMMENT = "binary (download location)"
BINARY_FILE_COMMENT = "relativePath"
# machine-readable XML description of licensing situation of a component
# see https://github.com/sw360/clipython for more information
CLI_FILE_COMMENT = "component license information (local copy)"
# human-readable description of licensing situation and obligations
CRT_FILE_COMMENT = "clearing report (local copy)"

@classmethod
def read_sbom(cls, inputfile: str) -> Bom:
Expand Down
5 changes: 5 additions & 0 deletions capycli/common/script_base.py
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,11 @@ def release_web_url(self, release_id) -> str:
return (self.sw360_url + "group/guest/components/-/component/release/detailRelease/"
+ release_id)

def attachment_api_url(self, release_id, attachment_id) -> str:
"""Returns the REST API URL for an attachment."""
return (self.sw360_url + "resource/api/releases/" + release_id
+ "/attachments/" + attachment_id)

def find_project(self, name: str, version: str, show_results: bool = False) -> str:
"""Find the project with the matching name and version on SW360"""
print_text(" Searching for project...")
Expand Down
33 changes: 25 additions & 8 deletions capycli/project/create_bom.py
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,15 @@
class CreateBom(capycli.common.script_base.ScriptBase):
"""Create a SBOM for a project on SW360."""

comments = {
"SOURCE": CaPyCliBom.SOURCE_FILE_COMMENT,
"SOURCE_SELF": CaPyCliBom.SOURCE_FILE_COMMENT,
"BINARY": CaPyCliBom.BINARY_FILE_COMMENT,
"BINARY_SELF": CaPyCliBom.BINARY_FILE_COMMENT,
"COMPONENT_LICENSE_INFO_XML": CaPyCliBom.CLI_FILE_COMMENT,
"CLEARING_REPORT": CaPyCliBom.CRT_FILE_COMMENT
}

def get_external_id(self, name: str, release_details: dict):
"""Returns the external id with the given name or None."""
if "externalIds" not in release_details:
Expand All @@ -51,6 +60,7 @@ def create_project_bom(self, project) -> list:
for release in releases:
print_text(" ", release["name"], release["version"])
href = release["_links"]["self"]["href"]
sw360_id = self.client.get_id_from_href(href)

try:
release_details = self.client.get_release_by_url(href)
Expand Down Expand Up @@ -85,13 +95,21 @@ def create_project_bom(self, project) -> list:
CycloneDxSupport.set_ext_ref(rel_item, ExternalReferenceType.VCS, comment=None,
value=release_details["repository"]["url"])

for at_type, comment in (("SOURCE", CaPyCliBom.SOURCE_FILE_COMMENT),
("BINARY", CaPyCliBom.BINARY_FILE_COMMENT)):
attachments = self.get_release_attachments(release_details, (at_type, at_type + "_SELF"))
for attachment in attachments:
CycloneDxSupport.set_ext_ref(rel_item, ExternalReferenceType.DISTRIBUTION,
comment, attachment["filename"],
HashAlgorithm.SHA_1, attachment.get("sha1"))
attachments = self.get_release_attachments(release_details)
for attachment in attachments:
at_type = attachment["attachmentType"]
if at_type not in self.comments:
continue
comment = self.comments[at_type]
if at_type in ("SOURCE", "SOURCE_SELF", "BINARY", "BINARY_SELF"):
ext_ref_type = ExternalReferenceType.DISTRIBUTION
else:
ext_ref_type = ExternalReferenceType.OTHER
comment += (", sw360Id: "
+ self.client.get_id_from_href(attachment["_links"]["self"]["href"]))
CycloneDxSupport.set_ext_ref(rel_item, ext_ref_type,
comment, attachment["filename"],
HashAlgorithm.SHA_1, attachment.get("sha1"))

except sw360.SW360Error as swex:
print_red(" ERROR: unable to access project:" + repr(swex))
Expand All @@ -101,7 +119,6 @@ def create_project_bom(self, project) -> list:
if state:
CycloneDxSupport.set_property(rel_item, CycloneDxSupport.CDX_PROP_PROJ_STATE, state)

sw360_id = self.client.get_id_from_href(href)
CycloneDxSupport.set_property(rel_item, CycloneDxSupport.CDX_PROP_SW360ID, sw360_id)

CycloneDxSupport.set_property(
Expand Down
59 changes: 44 additions & 15 deletions tests/test_create_bom.py
Original file line number Diff line number Diff line change
Expand Up @@ -169,6 +169,17 @@ def test_project_by_id(self):
}
}
})
release["_embedded"]["sw360:attachments"].append({
"filename": "clipython-1.3.0.docx",
"sha1": "f0d8f2ddd017bdeaecbaec72ff76a6c0a045ec66",
"attachmentType": "CLEARING_REPORT",
"_links": {
"self": {
"href": "https://my.server.com/resource/api/attachments/r002a003"
}
}
})

responses.add(
responses.GET,
url=self.MYURL + "resource/api/releases/r002",
Expand All @@ -182,21 +193,39 @@ def test_project_by_id(self):
cx_comp = cdx_bom.components[0]
self.assertEqual(cx_comp.purl, release["externalIds"]["package-url"])

ext_refs_src_url = [e for e in cx_comp.external_references if e.comment == CaPyCliBom.SOURCE_URL_COMMENT]
self.assertEqual(len(ext_refs_src_url), 1)
self.assertEqual(ext_refs_src_url[0].url, release["sourceCodeDownloadurl"])
self.assertEqual(ext_refs_src_url[0].type, ExternalReferenceType.DISTRIBUTION)

ext_refs_src_file = [e for e in cx_comp.external_references if e.comment == CaPyCliBom.SOURCE_FILE_COMMENT]
self.assertEqual(len(ext_refs_src_file), 2)
self.assertEqual(ext_refs_src_file[0].url, release["_embedded"]["sw360:attachments"][0]["filename"])
self.assertEqual(ext_refs_src_file[0].type, ExternalReferenceType.DISTRIBUTION)
self.assertEqual(ext_refs_src_file[0].hashes[0].alg, "SHA-1")
self.assertEqual(ext_refs_src_file[0].hashes[0].content, release["_embedded"]["sw360:attachments"][0]["sha1"])

ext_refs_vcs = [e for e in cx_comp.external_references if e.type == ExternalReferenceType.VCS]
self.assertEqual(len(ext_refs_vcs), 1)
self.assertEqual(ext_refs_vcs[0].url, release["repository"]["url"])
ext_refs = [e for e in cx_comp.external_references if e.comment == CaPyCliBom.SOURCE_URL_COMMENT]
self.assertEqual(len(ext_refs), 1)
self.assertEqual(ext_refs[0].url, release["sourceCodeDownloadurl"])
self.assertEqual(ext_refs[0].type, ExternalReferenceType.DISTRIBUTION)

ext_refs = [e for e in cx_comp.external_references if e.comment == CaPyCliBom.SOURCE_FILE_COMMENT]
self.assertEqual(len(ext_refs), 2)
self.assertEqual(ext_refs[0].url, release["_embedded"]["sw360:attachments"][0]["filename"])
self.assertEqual(ext_refs[0].type, ExternalReferenceType.DISTRIBUTION)
self.assertEqual(ext_refs[0].hashes[0].alg, "SHA-1")
self.assertEqual(ext_refs[0].hashes[0].content, release["_embedded"]["sw360:attachments"][0]["sha1"])

ext_refs = [e for e in cx_comp.external_references
if e.comment and e.comment.startswith(CaPyCliBom.CLI_FILE_COMMENT)]
self.assertEqual(len(ext_refs), 1)
self.assertEqual(ext_refs[0].url, release["_embedded"]["sw360:attachments"][1]["filename"])
self.assertEqual(ext_refs[0].type, ExternalReferenceType.OTHER)
self.assertEqual(ext_refs[0].comment, CaPyCliBom.CLI_FILE_COMMENT + ", sw360Id: r002a002")
self.assertEqual(ext_refs[0].hashes[0].alg, "SHA-1")
self.assertEqual(ext_refs[0].hashes[0].content, release["_embedded"]["sw360:attachments"][1]["sha1"])

ext_refs = [e for e in cx_comp.external_references
if e.comment and e.comment.startswith(CaPyCliBom.CRT_FILE_COMMENT)]
self.assertEqual(len(ext_refs), 1)
self.assertEqual(ext_refs[0].url, release["_embedded"]["sw360:attachments"][3]["filename"])
self.assertEqual(ext_refs[0].comment, CaPyCliBom.CRT_FILE_COMMENT + ", sw360Id: r002a003")
self.assertEqual(ext_refs[0].type, ExternalReferenceType.OTHER)
self.assertEqual(ext_refs[0].hashes[0].alg, "SHA-1")
self.assertEqual(ext_refs[0].hashes[0].content, release["_embedded"]["sw360:attachments"][3]["sha1"])

ext_refs = [e for e in cx_comp.external_references if e.type == ExternalReferenceType.VCS]
self.assertEqual(len(ext_refs), 1)
self.assertEqual(ext_refs[0].url, release["repository"]["url"])

self.assertEqual(cdx_bom.metadata.component.name, project["name"])
self.assertEqual(cdx_bom.metadata.component.version, project["version"])
Expand Down

0 comments on commit 2ee751e

Please sign in to comment.