Merge pull request #99 from viveksahu26/merge_multiple_dt_projects

Merge multiple dt projects
interlynk-io · Sep 7, 2024 · 692861d · 692861d
2 parents 9c27836 + 29984a8
commit 692861d
Show file tree

Hide file tree

Showing 12 changed files with 472 additions and 30 deletions.
diff --git a/cmd/assemble.go b/cmd/assemble.go
@@ -60,7 +60,13 @@ Advanced Example:
 		}
 
 		assembleParams.Ctx = &ctx
-		return assemble.Assemble(assembleParams)
+
+		// Populate the config object
+		config, err := assemble.PopulateConfig(assembleParams)
+		if err != nil {
+			fmt.Println("Error populating config:", err)
+		}
+		return assemble.Assemble(config)
 	},
 }
 
@@ -88,12 +94,10 @@ func init() {
 	assembleCmd.Flags().BoolP("xml", "x", false, "output in xml format")
 	assembleCmd.Flags().BoolP("json", "j", true, "output in json format")
 	assembleCmd.MarkFlagsMutuallyExclusive("xml", "json")
-
 }
 
 func validatePath(path string) error {
 	stat, err := os.Stat(path)
-
 	if err != nil {
 		return err
 	}

diff --git a/cmd/dt.go b/cmd/dt.go
@@ -0,0 +1,224 @@
+// Copyright 2023 Interlynk.io
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//	http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/google/uuid"
+	"github.com/interlynk-io/sbomasm/pkg/assemble"
+	"github.com/interlynk-io/sbomasm/pkg/dt"
+	"github.com/interlynk-io/sbomasm/pkg/logger"
+	"github.com/spf13/cobra"
+)
+
+// assembleCmd represents the assemble command
+var dtCmd = &cobra.Command{
+	Use:   "dt",
+	Short: "helps assembling multiple DT project sboms into a final sbom",
+	Long: `The dt command will help assembling sboms into a final sbom.
+
+Basic Example:
+    $ sbomasm dt -u "http://localhost:8080/" -k "odt_gwiwooi29i1N5Hewkkddkkeiwi3ii" -n "mega-app" -v "1.0.0" -t "application" -o finalsbom.json 11903ba9-a585-4dfb-9a0c-f348345a5473 34103ba2-rt63-2fga-3a8b-t625261g6262
+	`,
+	SilenceUsage: true,
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if len(args) == 0 {
+			return fmt.Errorf("please provide at least one sbom file to assemble")
+		}
+
+		debug, _ := cmd.Flags().GetBool("debug")
+		if debug {
+			logger.InitDebugLogger()
+		} else {
+			logger.InitProdLogger()
+		}
+
+		ctx := logger.WithLogger(context.Background())
+
+		dtParams, err := extractDtArgs(cmd, args)
+		if err != nil {
+			return err
+		}
+
+		dtParams.Ctx = &ctx
+
+		// retrieve Input Files
+		dtParams.PopulateInputField(ctx)
+
+		assembleParams, err := extractArgsFromDTtoAssemble(dtParams)
+		fmt.Println("assemble.Input: ", assembleParams.Input)
+		if err != nil {
+			return err
+		}
+		assembleParams.Ctx = &ctx
+
+		config, err := assemble.PopulateConfig(assembleParams)
+		if err != nil {
+			fmt.Println("Error populating config:", err)
+		}
+		return assemble.Assemble(config)
+	},
+}
+
+func extractArgsFromDTtoAssemble(dtParams *dt.Params) (*assemble.Params, error) {
+	aParams := assemble.NewParams()
+
+	aParams.Output = dtParams.Output
+	aParams.Upload = dtParams.Upload
+	aParams.UploadProjectID = dtParams.UploadProjectID
+	aParams.Url = dtParams.Url
+	aParams.ApiKey = dtParams.ApiKey
+
+	aParams.Name = dtParams.Name
+	aParams.Version = dtParams.Version
+	aParams.Type = dtParams.Type
+
+	aParams.FlatMerge = dtParams.FlatMerge
+	aParams.HierMerge = dtParams.HierMerge
+	aParams.AssemblyMerge = dtParams.AssemblyMerge
+
+	aParams.Xml = dtParams.Xml
+	aParams.Json = dtParams.Json
+
+	aParams.OutputSpecVersion = dtParams.OutputSpecVersion
+
+	aParams.OutputSpec = dtParams.OutputSpec
+
+	aParams.Input = dtParams.Input
+
+	return aParams, nil
+}
+
+func extractDtArgs(cmd *cobra.Command, args []string) (*dt.Params, error) {
+	aParams := dt.NewParams()
+
+	url, err := cmd.Flags().GetString("url")
+	if err != nil {
+		return nil, err
+	}
+
+	apiKey, err := cmd.Flags().GetString("api-key")
+	if err != nil {
+		return nil, err
+	}
+	aParams.Url = url
+	aParams.ApiKey = apiKey
+
+	name, _ := cmd.Flags().GetString("name")
+	version, _ := cmd.Flags().GetString("version")
+	typeValue, _ := cmd.Flags().GetString("type")
+
+	aParams.Name = name
+	aParams.Version = version
+	aParams.Type = typeValue
+
+	flatMerge, _ := cmd.Flags().GetBool("flatMerge")
+	hierMerge, _ := cmd.Flags().GetBool("hierMerge")
+	assemblyMerge, _ := cmd.Flags().GetBool("assemblyMerge")
+
+	aParams.FlatMerge = flatMerge
+	aParams.HierMerge = hierMerge
+	aParams.AssemblyMerge = assemblyMerge
+
+	xml, _ := cmd.Flags().GetBool("xml")
+	json, _ := cmd.Flags().GetBool("json")
+
+	aParams.Xml = xml
+	aParams.Json = json
+
+	if aParams.Xml {
+		aParams.Json = false
+	}
+
+	specVersion, _ := cmd.Flags().GetString("outputSpecVersion")
+	aParams.OutputSpecVersion = specVersion
+
+	cdx, _ := cmd.Flags().GetBool("outputSpecCdx")
+
+	if cdx {
+		aParams.OutputSpec = "cyclonedx"
+	} else {
+		aParams.OutputSpec = "spdx"
+	}
+
+	output, err := cmd.Flags().GetString("output")
+	if err != nil {
+		return nil, err
+	}
+	// Check if the output is a valid UUID, i.e. project ID
+	if _, err := uuid.Parse(output); err == nil {
+		aParams.Upload = true
+		aParams.UploadProjectID = uuid.MustParse(output)
+		fmt.Printf("Upload: %v and SBOM to Project ID: %v \n", aParams.Upload, aParams.UploadProjectID)
+	} else {
+		// Assume it's a file path
+		aParams.Output = output
+		aParams.Upload = false
+		fmt.Printf("Upload: %v and SBOM to Project ID: %v \n", aParams.Upload, aParams.Output)
+	}
+
+	for _, arg := range args {
+		// Check if the argument is a file
+		if _, err := os.Stat(arg); err == nil {
+			if err := validatePath(arg); err != nil {
+				return nil, err
+			}
+			aParams.Input = append(aParams.Input, arg)
+			continue
+		}
+
+		argID, err := uuid.Parse(arg)
+		if err != nil {
+			return nil, err
+		}
+		aParams.ProjectIds = append(aParams.ProjectIds, argID)
+	}
+	return aParams, nil
+}
+
+func init() {
+	// Add dt as a sub-command of assemble
+	assembleCmd.AddCommand(dtCmd)
+
+	dtCmd.Flags().StringP("url", "u", "", "dependency track url https://localhost:8080/")
+	dtCmd.Flags().StringP("api-key", "k", "", "dependency track api key, requires VIEW_PORTFOLIO for scoring and PORTFOLIO_MANAGEMENT for tagging")
+	dtCmd.MarkFlagsRequiredTogether("url", "api-key")
+
+	dtCmd.Flags().StringP("output", "o", "", "path to file or project id for newly assembled sbom, defaults to stdout")
+
+	dtCmd.Flags().StringP("name", "n", "", "name of the assembled sbom")
+	dtCmd.Flags().StringP("version", "v", "", "version of the assembled sbom")
+	dtCmd.Flags().StringP("type", "t", "", "product type of the assembled sbom (application, framework, library, container, device, firmware)")
+	dtCmd.MarkFlagsRequiredTogether("name", "version", "type")
+
+	dtCmd.Flags().BoolP("flatMerge", "f", false, "flat merge")
+	dtCmd.Flags().BoolP("hierMerge", "m", false, "hierarchical merge")
+	dtCmd.Flags().BoolP("assemblyMerge", "a", false, "assembly merge")
+	dtCmd.MarkFlagsMutuallyExclusive("flatMerge", "hierMerge", "assemblyMerge")
+
+	dtCmd.Flags().BoolP("outputSpecCdx", "g", true, "output in cdx format")
+	dtCmd.Flags().BoolP("outputSpecSpdx", "s", false, "output in spdx format")
+	dtCmd.MarkFlagsMutuallyExclusive("outputSpecCdx", "outputSpecSpdx")
+
+	dtCmd.Flags().StringP("outputSpecVersion", "e", "", "spec version of the output sbom")
+
+	dtCmd.Flags().BoolP("xml", "x", false, "output in xml format")
+	dtCmd.Flags().BoolP("json", "j", true, "output in json format")
+	dtCmd.MarkFlagsMutuallyExclusive("xml", "json")
+}
diff --git a/cmd/edit.go b/cmd/edit.go
@@ -54,7 +54,6 @@ Advanced Example:
 		ctx := logger.WithLogger(context.Background())
 
 		editParams, err := extractEditArgs(cmd, args)
-
 		if err != nil {
 			return err
 		}

diff --git a/go.mod b/go.mod
@@ -22,21 +22,26 @@ require (
 )
 
 require (
+	github.com/DependencyTrack/client-go v0.13.0
 	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/anchore/go-struct-converter v0.0.0-20230627203149-c72ef8859ca9 // indirect
 	github.com/cloudflare/circl v1.3.9 // indirect
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/rogpeppe/go-internal v1.12.0 // indirect
 	github.com/spdx/gordf v0.0.0-20221230105357-b735bd5aac89 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/stretchr/testify v1.9.0
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.26.0 // indirect
 	golang.org/x/oauth2 v0.22.0 // indirect
 	golang.org/x/sys v0.24.0 // indirect
 	golang.org/x/text v0.17.0 // indirect
 	gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -1,6 +1,8 @@
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/CycloneDX/cyclonedx-go v0.9.0 h1:inaif7qD8bivyxp7XLgxUYtOXWtDez7+j72qKTMQTb8=
 github.com/CycloneDX/cyclonedx-go v0.9.0/go.mod h1:NE/EWvzELOFlG6+ljX/QeMlVt9VKcTwu8u0ccsACEsw=
+github.com/DependencyTrack/client-go v0.13.0 h1:w2TvudrBbgBtS2oMbisfo9Av4rJnS1g9VsdCpZ6PU/8=
+github.com/DependencyTrack/client-go v0.13.0/go.mod h1:XLZnOksOs56Svq+K4xmBkN8U97gpP7r1BkhCc/xA8Iw=
 github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
 github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
@@ -35,6 +37,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/jarcoal/httpmock v1.3.0 h1:2RJ8GP0IIaWwcC9Fp2BmVi8Kog3v2Hn7VXM3fTd+nuc=
+github.com/jarcoal/httpmock v1.3.0/go.mod h1:3yb8rc4BI7TCBhFY8ng0gjuLKJNquuDNiPaZjnENuYg=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=

diff --git a/pkg/assemble/cdx/interface.go b/pkg/assemble/cdx/interface.go
@@ -21,6 +21,7 @@ import (
 	"strings"
 
 	cydx "github.com/CycloneDX/cyclonedx-go"
+	"github.com/google/uuid"
 	"github.com/samber/lo"
 )
 
@@ -98,10 +99,14 @@ type app struct {
 }
 
 type output struct {
-	FileFormat  string
-	Spec        string
-	SpecVersion string
-	File        string
+	FileFormat      string
+	Spec            string
+	SpecVersion     string
+	File            string
+	Upload          bool
+	UploadProjectID uuid.UUID
+	Url             string
+	ApiKey          string
 }
 
 type input struct {