Merge branch 'master' into mkumykov-multi-image

Author: snps-kumykov

examples/client/batch_generate_sbom.py

@@ -2,6 +2,13 @@
 Created on April 13, 2023
 @author: kumykov
 
+##################### DISCLAIMER ##########################
+##  This script was created for a specific purpose and   ##
+##   SHOULD NOT BE USED as a general purpose utility.    ##
+##   For general purpose utility use                     ##
+##      /examples/client/generate_sbom.py                ##
+###########################################################
+
 Copyright (C) 2023 Synopsys, Inc.
 http://www.blackducksoftware.com/
 

examples/client/batch_update_project_phase.py

@@ -100,11 +100,11 @@ def process_csv_file(filename):
     project_phase_idx = None
     for row in csvreader:
         row_number = csvreader.line_num
-        if not (project_name_idx and project_version_idx and project_phase_idx):
+        if (project_name_idx == None and project_version_idx == None and project_phase_idx == None):
             project_name_idx = row.index(project_name_column)
             project_version_idx = row.index(project_version_column)
             project_phase_idx = row.index(project_phase_column)
-        elif project_name_idx and project_version_idx and project_phase_idx:
+        elif project_name_idx != None and project_version_idx != None and project_phase_idx != None:
             project_name = row[project_name_idx].strip() if project_name_idx < len(row) else ''
             version_name = row[project_version_idx].strip() if project_version_idx < len(row) else ''
             phase = row[project_phase_idx] if project_phase_idx < len(row) else ''
@@ -130,11 +130,11 @@ def process_excel_file(filename):
     row_number = 0
     for row in ws.values:
         row_number += 1
-        if not (project_name_idx and project_version_idx and project_phase_idx):
+        if (project_name_idx == None and project_version_idx == None and project_phase_idx == None):
             project_name_idx = row.index(project_name_column)
             project_version_idx = row.index(project_version_column)
             project_phase_idx = row.index(project_phase_column)
-        elif project_name_idx and project_version_idx and project_phase_idx:
+        elif project_name_idx != None and project_version_idx != None and project_phase_idx != None:
             project_name = row[project_name_idx] if project_name_idx < len(row) else ''
             version_name = row[project_version_idx] if project_version_idx < len(row) else ''
             phase = row[project_phase_idx] if project_phase_idx < len(row) else ''

examples/client/consolidated_file_report.py

@@ -0,0 +1,159 @@
+'''
+Created on October 12, 2023
+@author: kumykov
+
+Copyright (C) 2023 Synopsys, Inc.
+http://www.synopsys.com/
+
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+
+This script is provided as an example of populating custom field data 
+based on BOM components crypto information. 
+The goal is to enable policy functionality that would be triggered by 
+cryptographic features of a component.
+
+The script will analyze ciphers included in a component and will set 
+a BOM Component custom field value to reflect that a known weakness is present.
+
+Requirements
+
+- python3 version 3.8 or newer recommended
+- the following packages are used by the script and should be installed 
+  prior to use:	
+    argparse
+    blackduck
+    logging
+    sys
+    json
+    pprint
+- Blackduck instance
+- API token with sufficient privileges to perform project version phase 
+  change.
+
+Install python packages with the following command:
+
+ pip3 install argparse blackduck logging sys json pprint
+
+Using
+
+Script expects a boolean custom field labeled "BadCrypto" on a BOM Component.
+A policy that is triggered by BadCrypto custom field value used to visualize 
+results.
+
+usage: crypto-to-custom.py [-h] -u BASE_URL -t TOKEN_FILE -pn PROJECT_NAME -vn VERSION_NAME [-nv] [--reset]
+
+options:
+  -h, --help            show this help message and exit
+  -u BASE_URL, --base-url BASE_URL
+                        Hub server URL e.g. https://your.blackduck.url
+  -t TOKEN_FILE, --token-file TOKEN_FILE
+                        File containing access token
+  -pn PROJECT_NAME, --project-name PROJECT_NAME
+                        Project Name
+  -vn VERSION_NAME, --version-name VERSION_NAME
+                        Version Name
+  -nv, --no-verify      Disable TLS certificate verification
+  --reset               Undo the changes made by this script 
+
+
+'''
+
+import argparse
+from blackduck import Client
+from pprint import pprint
+import logging
+import sys
+import json
+
+logging.basicConfig(format='%(asctime)s:%(levelname)s:%(message)s', stream=sys.stderr, level=logging.DEBUG)
+logging.getLogger("requests").setLevel(logging.INFO)
+logging.getLogger("urllib3").setLevel(logging.INFO)
+logging.getLogger("blackduck").setLevel(logging.INFO)
+
+def find_project_by_name(project_name):
+    params = {
+        'q': [f"name:{project_name}"]
+    }
+    projects = [p for p in bd.get_resource('projects', params=params) if p['name'] == project_name]
+    if len(projects) == 1:
+        return projects[0]
+    else:
+        return None
+
+def find_project_version_by_name(project, version_name):
+    params = {
+        'q': [f"versionName:{version_name}"]
+    }
+    versions = [v for v in bd.get_resource('versions', project, params=params) if v['versionName'] == version_name]
+    if len(versions) == 1:
+        return versions[0]
+    else:
+        return None
+
+def parse_command_args():
+
+    parser = argparse.ArgumentParser("crypto-to-custom.py")
+    parser.add_argument("-u", "--base-url",     required=True, help="Hub server URL e.g. https://your.blackduck.url")
+    parser.add_argument("-t", "--token-file",   required=True, help="File containing access token")
+    parser.add_argument("-pn", "--project-name",   required=True, help="Project Name")
+    parser.add_argument("-vn", "--version-name",   required=True, help="Version Name")
+    parser.add_argument("-nv", "--no-verify",   action='store_false', help="Disable TLS certificate verification")
+    parser.add_argument("--reset",   action='store_true', help="Undo the changes made by this script")
+    return parser.parse_args()
+
+def set_custom_field(field, url, value):
+    payload = {"fields": [{"customField": field['_meta']['href'],"values": value}]}
+    headers = {"Accept": "application/vnd.blackducksoftware.bill-of-materials-6+json",
+               "Content-Type": "application/vnd.blackducksoftware.bill-of-materials-6+json"}
+    response = bd.session.put(url, data=json.dumps(payload), headers=headers)
+    print(response)
+
+def process_project_version(args):
+    project = find_project_by_name(args.project_name)
+    version = find_project_version_by_name(project, args.version_name)
+
+    components = bd.get_resource('components',version)
+    for component in components:
+        print (component['componentName'], component['componentVersionName'])
+        custom_fields = bd.get_resource('custom-fields',component, items=False)
+        custom_fields_url = custom_fields['_meta']['href']
+        c = [x for x in custom_fields['items'] if x['label'] == 'BadCrypto'][0]
+        resources = bd.list_resources(component)
+        if 'crypto-algorithms' in resources.keys():
+            crypto_algorithms = bd.get_resource('crypto-algorithms', component)
+            for crypto in crypto_algorithms:
+                if crypto['knownWeaknesses']:
+                    pprint('Has Weakness')
+                    value = ['true']
+                    if args.reset:
+                        value = []
+                    set_custom_field(c, custom_fields_url, value=value)
+                    break
+
+def main():
+    args = parse_command_args()
+    with open(args.token_file, 'r') as tf:
+        access_token = tf.readline().strip()
+    global bd
+    bd = Client(base_url=args.base_url, token=access_token, verify=args.no_verify, timeout=60.0, retries=4)
+
+    process_project_version(args)
+
+if __name__ == "__main__":
+    sys.exit(main())
+

examples/client/crypto-to-custom.py

@@ -1,4 +1,27 @@
 '''
+Created on June 4, 2023
+@author: kumykov
+
+Copyright (C) 2023 Synopsys, Inc.
+http://www.blackducksoftware.com/
+
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+
 Purpose: Deactivates Deep Licenses that were detected by Deep License search
 
 usage: deactivate_deep_licenses.py [-h] -u BASE_URL -t TOKEN_FILE -p PROJECT_NAME -pv VERSION_NAME [-mt MATCH_TYPE] [-nv] [--active]
@@ -96,4 +119,4 @@ def main():
 
 
 if __name__ == "__main__":
-    sys.exit(main())
+    sys.exit(main())

examples/client/deactivate_deep_licenses.py

@@ -45,10 +45,10 @@ class FailedReportDownload(Exception):
 parser.add_argument("token_file", help="containing access token")
 parser.add_argument("project_name")
 parser.add_argument("version_name")
-parser.add_argument("-z", "--zip_file_name", default="reports.zip")
-parser.add_argument("-t", "--type", type=str, nargs='?', default="SPDX_22", choices=["SPDX_22", "CYCLONEDX_13"], help="Choose the type of SBOM report")
+parser.add_argument("-t", "--type", type=str, nargs='?', default="SPDX_23", choices=["SPDX_22", "SPDX_23", "CYCLONEDX_13", "CYCLONEDX_14"], help="Choose the type of SBOM report")
 parser.add_argument('-r', '--retries', default=4, type=int, help="How many times to retry downloading the report, i.e. wait for the report to be generated")
-parser.add_argument('-s', '--sleep_time', default=5, type=int, help="The amount of time to sleep in-between (re-)tries to download the report")
+parser.add_argument('-s', '--sleep_seconds', default=60, type=int, help="The amount of time to sleep in-between (re-)tries to download the report")
+parser.add_argument('--include-subprojects', dest='include_subprojects', action='store_false', help="whether subprojects should be included")
 parser.add_argument('--no-verify', dest='verify', action='store_false', help="disable TLS certificate verification")
 
 args = parser.parse_args()
@@ -75,8 +75,8 @@ def download_report(bd_client, location, filename, retries=args.retries):
 				logging.error("Ruh-roh, not sure what happened here")
 		else:
 			logging.debug(f"Failed to retrieve report {report_id}, report status: {report_status}")
-			logging.debug("Probably not ready yet, waiting 5 seconds then retrying...")
-			time.sleep(args.sleep_time)
+			logging.debug(f"Probably not ready yet, waiting {args.sleep_seconds} seconds then retrying...")
+			time.sleep(args.sleep_seconds)
 			retries -= 1
 			download_report(bd_client, location, filename, retries)
 	else:
@@ -105,16 +105,19 @@ def download_report(bd_client, location, filename, retries=args.retries):
 
 post_data = {
         'reportFormat': "JSON",
-        'reportType': 'SBOM',
-        'sbomType': args.type,	
+        'sbomType': args.type,
+		'includeSubprojects': args.include_subprojects	
 }
 sbom_reports_url = version['_meta']['href'] + "/sbom-reports"
 
+bd.session.headers["Content-Type"] = "application/vnd.blackducksoftware.report-4.json"
 r = bd.session.post(sbom_reports_url, json=post_data)
+if (r.status_code == 403):
+	logging.debug("Authorization Error - Please ensure the token you are using has write permissions!")
 r.raise_for_status()
 location = r.headers.get('Location')
 assert location, "Hmm, this does not make sense. If we successfully created a report then there needs to be a location where we can get it from"
 
 logging.debug(f"Created SBOM report of type {args.type} for project {args.project_name}, version {args.version_name} at location {location}")
-download_report(bd, location, args.zip_file_name)
+download_report(bd, location, f"{args.project_name}({args.version_name}).zip")