Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merge multiple dt projects #99

Merged
merged 7 commits into from
Sep 7, 2024
Merged

Merge multiple dt projects #99

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
163038f
add dtAssemble command
viveksahu26 Aug 27, 2024
e85f5f3
add dt as sub-commandd of assemble
viveksahu26 Sep 4, 2024
0295330
init dt cmd
viveksahu26 Sep 4, 2024
b770929
Created 'dt' sub-command under 'edit'
viveksahu26 Sep 4, 2024
01a34e4
support mixing of files with project ids
viveksahu26 Sep 4, 2024
02ec998
add upload functionality dt project id
viveksahu26 Sep 4, 2024
29984a8
remove support of edit for ft
viveksahu26 Sep 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions cmd/assemble.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,13 @@ Advanced Example:
}

assembleParams.Ctx = &ctx
return assemble.Assemble(assembleParams)

// Populate the config object
config, err := assemble.PopulateConfig(assembleParams)
if err != nil {
fmt.Println("Error populating config:", err)
}
return assemble.Assemble(config)
},
}

Expand Down Expand Up @@ -88,12 +94,10 @@ func init() {
assembleCmd.Flags().BoolP("xml", "x", false, "output in xml format")
assembleCmd.Flags().BoolP("json", "j", true, "output in json format")
assembleCmd.MarkFlagsMutuallyExclusive("xml", "json")

}

func validatePath(path string) error {
stat, err := os.Stat(path)

if err != nil {
return err
}
Expand Down
224 changes: 224 additions & 0 deletions cmd/dt.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,224 @@
// Copyright 2023 Interlynk.io
//
// SPDX-License-Identifier: Apache-2.0
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cmd

import (
"context"
"fmt"
"os"

"github.com/google/uuid"
"github.com/interlynk-io/sbomasm/pkg/assemble"
"github.com/interlynk-io/sbomasm/pkg/dt"
"github.com/interlynk-io/sbomasm/pkg/logger"
"github.com/spf13/cobra"
)

// assembleCmd represents the assemble command
var dtCmd = &cobra.Command{
Use: "dt",
Short: "helps assembling multiple DT project sboms into a final sbom",
Long: `The dt command will help assembling sboms into a final sbom.

Basic Example:
$ sbomasm dt -u "http://localhost:8080/" -k "odt_gwiwooi29i1N5Hewkkddkkeiwi3ii" -n "mega-app" -v "1.0.0" -t "application" -o finalsbom.json 11903ba9-a585-4dfb-9a0c-f348345a5473 34103ba2-rt63-2fga-3a8b-t625261g6262
`,
SilenceUsage: true,
RunE: func(cmd *cobra.Command, args []string) error {
if len(args) == 0 {
return fmt.Errorf("please provide at least one sbom file to assemble")
}

debug, _ := cmd.Flags().GetBool("debug")
if debug {
logger.InitDebugLogger()
} else {
logger.InitProdLogger()
}

ctx := logger.WithLogger(context.Background())

dtParams, err := extractDtArgs(cmd, args)
if err != nil {
return err
}

dtParams.Ctx = &ctx

// retrieve Input Files
dtParams.PopulateInputField(ctx)

assembleParams, err := extractArgsFromDTtoAssemble(dtParams)
fmt.Println("assemble.Input: ", assembleParams.Input)
if err != nil {
return err
}
assembleParams.Ctx = &ctx

config, err := assemble.PopulateConfig(assembleParams)
if err != nil {
fmt.Println("Error populating config:", err)
}
return assemble.Assemble(config)
},
}

func extractArgsFromDTtoAssemble(dtParams *dt.Params) (*assemble.Params, error) {
aParams := assemble.NewParams()

aParams.Output = dtParams.Output
aParams.Upload = dtParams.Upload
aParams.UploadProjectID = dtParams.UploadProjectID
aParams.Url = dtParams.Url
aParams.ApiKey = dtParams.ApiKey

aParams.Name = dtParams.Name
aParams.Version = dtParams.Version
aParams.Type = dtParams.Type

aParams.FlatMerge = dtParams.FlatMerge
aParams.HierMerge = dtParams.HierMerge
aParams.AssemblyMerge = dtParams.AssemblyMerge

aParams.Xml = dtParams.Xml
aParams.Json = dtParams.Json

aParams.OutputSpecVersion = dtParams.OutputSpecVersion

aParams.OutputSpec = dtParams.OutputSpec

aParams.Input = dtParams.Input

return aParams, nil
}

func extractDtArgs(cmd *cobra.Command, args []string) (*dt.Params, error) {
aParams := dt.NewParams()

url, err := cmd.Flags().GetString("url")
if err != nil {
return nil, err
}

apiKey, err := cmd.Flags().GetString("api-key")
if err != nil {
return nil, err
}
aParams.Url = url
aParams.ApiKey = apiKey

name, _ := cmd.Flags().GetString("name")
version, _ := cmd.Flags().GetString("version")
typeValue, _ := cmd.Flags().GetString("type")

aParams.Name = name
aParams.Version = version
aParams.Type = typeValue

flatMerge, _ := cmd.Flags().GetBool("flatMerge")
hierMerge, _ := cmd.Flags().GetBool("hierMerge")
assemblyMerge, _ := cmd.Flags().GetBool("assemblyMerge")

aParams.FlatMerge = flatMerge
aParams.HierMerge = hierMerge
aParams.AssemblyMerge = assemblyMerge

xml, _ := cmd.Flags().GetBool("xml")
json, _ := cmd.Flags().GetBool("json")

aParams.Xml = xml
aParams.Json = json

if aParams.Xml {
aParams.Json = false
}

specVersion, _ := cmd.Flags().GetString("outputSpecVersion")
aParams.OutputSpecVersion = specVersion

cdx, _ := cmd.Flags().GetBool("outputSpecCdx")

if cdx {
aParams.OutputSpec = "cyclonedx"
} else {
aParams.OutputSpec = "spdx"
}

output, err := cmd.Flags().GetString("output")
if err != nil {
return nil, err
}
// Check if the output is a valid UUID, i.e. project ID
if _, err := uuid.Parse(output); err == nil {
aParams.Upload = true
aParams.UploadProjectID = uuid.MustParse(output)
fmt.Printf("Upload: %v and SBOM to Project ID: %v \n", aParams.Upload, aParams.UploadProjectID)
} else {
// Assume it's a file path
aParams.Output = output
aParams.Upload = false
fmt.Printf("Upload: %v and SBOM to Project ID: %v \n", aParams.Upload, aParams.Output)
}

for _, arg := range args {
// Check if the argument is a file
if _, err := os.Stat(arg); err == nil {
if err := validatePath(arg); err != nil {
return nil, err
}
aParams.Input = append(aParams.Input, arg)
continue
}

argID, err := uuid.Parse(arg)
if err != nil {
return nil, err
}
aParams.ProjectIds = append(aParams.ProjectIds, argID)
}
return aParams, nil
}

func init() {
// Add dt as a sub-command of assemble
assembleCmd.AddCommand(dtCmd)

dtCmd.Flags().StringP("url", "u", "", "dependency track url https://localhost:8080/")
dtCmd.Flags().StringP("api-key", "k", "", "dependency track api key, requires VIEW_PORTFOLIO for scoring and PORTFOLIO_MANAGEMENT for tagging")
dtCmd.MarkFlagsRequiredTogether("url", "api-key")

dtCmd.Flags().StringP("output", "o", "", "path to file or project id for newly assembled sbom, defaults to stdout")

dtCmd.Flags().StringP("name", "n", "", "name of the assembled sbom")
dtCmd.Flags().StringP("version", "v", "", "version of the assembled sbom")
dtCmd.Flags().StringP("type", "t", "", "product type of the assembled sbom (application, framework, library, container, device, firmware)")
dtCmd.MarkFlagsRequiredTogether("name", "version", "type")

dtCmd.Flags().BoolP("flatMerge", "f", false, "flat merge")
dtCmd.Flags().BoolP("hierMerge", "m", false, "hierarchical merge")
dtCmd.Flags().BoolP("assemblyMerge", "a", false, "assembly merge")
dtCmd.MarkFlagsMutuallyExclusive("flatMerge", "hierMerge", "assemblyMerge")

dtCmd.Flags().BoolP("outputSpecCdx", "g", true, "output in cdx format")
dtCmd.Flags().BoolP("outputSpecSpdx", "s", false, "output in spdx format")
dtCmd.MarkFlagsMutuallyExclusive("outputSpecCdx", "outputSpecSpdx")

dtCmd.Flags().StringP("outputSpecVersion", "e", "", "spec version of the output sbom")

dtCmd.Flags().BoolP("xml", "x", false, "output in xml format")
dtCmd.Flags().BoolP("json", "j", true, "output in json format")
dtCmd.MarkFlagsMutuallyExclusive("xml", "json")
}
1 change: 0 additions & 1 deletion cmd/edit.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,6 @@ Advanced Example:
ctx := logger.WithLogger(context.Background())

editParams, err := extractEditArgs(cmd, args)

if err != nil {
return err
}
Expand Down
5 changes: 5 additions & 0 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,21 +22,26 @@ require (
)

require (
github.com/DependencyTrack/client-go v0.13.0
github.com/ProtonMail/go-crypto v1.0.0 // indirect
github.com/anchore/go-struct-converter v0.0.0-20230627203149-c72ef8859ca9 // indirect
github.com/cloudflare/circl v1.3.9 // indirect
github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/rogpeppe/go-internal v1.12.0 // indirect
github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/stretchr/testify v1.9.0
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/crypto v0.26.0 // indirect
golang.org/x/oauth2 v0.22.0 // indirect
golang.org/x/sys v0.24.0 // indirect
golang.org/x/text v0.17.0 // indirect
gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)
4 changes: 4 additions & 0 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/CycloneDX/cyclonedx-go v0.9.0 h1:inaif7qD8bivyxp7XLgxUYtOXWtDez7+j72qKTMQTb8=
github.com/CycloneDX/cyclonedx-go v0.9.0/go.mod h1:NE/EWvzELOFlG6+ljX/QeMlVt9VKcTwu8u0ccsACEsw=
github.com/DependencyTrack/client-go v0.13.0 h1:w2TvudrBbgBtS2oMbisfo9Av4rJnS1g9VsdCpZ6PU/8=
github.com/DependencyTrack/client-go v0.13.0/go.mod h1:XLZnOksOs56Svq+K4xmBkN8U97gpP7r1BkhCc/xA8Iw=
github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
Expand Down Expand Up @@ -35,6 +37,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
Expand Down
13 changes: 9 additions & 4 deletions pkg/assemble/cdx/interface.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
"strings"

cydx "github.com/CycloneDX/cyclonedx-go"
"github.com/google/uuid"
"github.com/samber/lo"
)

Expand Down Expand Up @@ -98,10 +99,14 @@ type app struct {
}

type output struct {
FileFormat string
Spec string
SpecVersion string
File string
FileFormat string
Spec string
SpecVersion string
File string
Upload bool
UploadProjectID uuid.UUID
Url string
ApiKey string
}

type input struct {
Expand Down
Loading