Skip to content

Commit

Permalink
Merge pull request #3 from Santandersecurityresearch/dev
Browse files Browse the repository at this point in the history
Merge release 1.0.1 to main
  • Loading branch information
emilejq authored Dec 7, 2023
2 parents a96ec7f + a15811f commit 7c64f91
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 5 deletions.
13 changes: 13 additions & 0 deletions CHANGELOG.rst
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,19 @@ The format is based on `keep a changelog`_, and this project adheres to `semanti
This file is autogenerated by `gitchangelog`_. Please do not edit it manually.


1.0.1 (2023-12-07)
------------------

Added
~~~~~
- Add application name option to CLI. [emilejq]

Fixed
~~~~~
- Add default root component when version control information is not
available. [emilejq]


1.0.0 (2023-12-04)
------------
- Initial release.
Expand Down
2 changes: 1 addition & 1 deletion cbom/__init__.py
Original file line number Diff line number Diff line change
@@ -1 +1 @@
__version__ = '1.0.0'
__version__ = '1.0.1'
15 changes: 11 additions & 4 deletions cbom/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
from pathlib import Path

from cyclonedx.model.bom import Bom
from cyclonedx.model.component import Component, ComponentType
from cyclonedx.model.crypto import AssetType
from cyclonedx.output.json import JsonV1Dot4CbomV1Dot0

Expand All @@ -19,6 +20,7 @@
def start():
parser = ArgumentParser()
parser.add_argument('path', type=Path, help='Directory path or file path to parse')
parser.add_argument('--application-name', '-an', help='Name of the root application for the CBOM')
parser.add_argument('--exclude', '-e', help='Exclude CodeQL findings in files that match a regex')
parser.add_argument('--cryptocheck', '-cc', action='store_true', default=False, help='Enable crypto vulnerability scanning')
parser.add_argument('--rules-file', '-rf', type=Path, help='Use a custom ruleset for CryptoCheck analysis')
Expand All @@ -28,15 +30,15 @@ def start():

exclusion_pattern = re.compile(args.exclude) if args.exclude else None
if (path := args.path).is_file():
_read_file(path, exclusion_pattern)
_read_file(path, application_name=args.application_name, exclusion_pattern=exclusion_pattern)
for unregistered_dependency in unregistered_dependencies:
_link_dependency(unregistered_dependency)
else:
global file_count

for file in [*list(path.glob('*.sarif')), *list(path.glob('*.json'))]:
file_count += 1
_read_file(file, exclusion_pattern)
_read_file(file, application_name=args.application_name, exclusion_pattern=exclusion_pattern)
for unregistered_dependency in unregistered_dependencies:
_link_dependency(unregistered_dependency) # must be done only after all components have been added to CBOM

Expand All @@ -50,14 +52,19 @@ def start():
json.dump(json.loads(cbom_output), output_file, indent=4)


def _read_file(query_file, exclusion_pattern=None):
def _read_file(query_file, application_name=None, exclusion_pattern=None):
with open(query_file) as query_output:
query_output = json.load(query_output)['runs'][0]

if file_count < 2:
if version_control_details := query_output.get('versionControlProvenance'):
if application_name:
cbom.metadata.component = Component(name=application_name, type=ComponentType.APPLICATION)
elif version_control_details := query_output.get('versionControlProvenance'):
root_component = metadata.get_root_component_info(version_control_details=version_control_details[0])
cbom.metadata.component = root_component
else:
cbom.metadata.component = Component(name='root', type=ComponentType.APPLICATION)

for tool in metadata.get_tool_info(tool_info=query_output['tool']):
cbom.metadata.tools.add(tool)

Expand Down

0 comments on commit 7c64f91

Please sign in to comment.