wip

interlynk-io · Aug 17, 2024 · a0c6401 · a0c6401
1 parent fd44423
commit a0c6401
Show file tree

Hide file tree

Showing 5 changed files with 362 additions and 8 deletions.
diff --git a/cmd/assemble.go b/cmd/assemble.go
@@ -89,7 +89,6 @@ func init() {
 	assembleCmd.Flags().BoolP("json", "j", true, "output in json format")
 	assembleCmd.MarkFlagsMutuallyExclusive("xml", "json")
 
-	assembleCmd.PersistentFlags().BoolP("debug", "d", false, "debug output")
 }
 
 func validatePath(path string) error {

diff --git a/cmd/edit.go b/cmd/edit.go
@@ -4,14 +4,18 @@ Copyright © 2024 NAME HERE <EMAIL ADDRESS>
 package cmd
 
 import (
+	"context"
+
+	"github.com/interlynk-io/sbomasm/pkg/edit"
+	"github.com/interlynk-io/sbomasm/pkg/logger"
 	"github.com/spf13/cobra"
 )
 
 // editCmd represents the edit command
 var editCmd = &cobra.Command{
 	Use:   "edit",
 	Short: "helps editing an sbom",
-	Long: `The edit command allows you to modify an existing Software Bill of Materials (SBOM) by filling in gaps or adding information that may have been missed during the generation process. This command operates by first locating the entity to edit and then adding the required information.
+	Long: `The edit command allows you to modify an existing Software Bill of Materials (SBOM) by filling in gaps or adding information that may have been missed during the generation process. This command operates by first locating the entity to edit and then adding the required information. The goal of edit is not to provide a full editing experience but to help fill in filling in missing information useful for compliance and security purposes.
 
 Usage
 	sbomasm edit [flags] <input-sbom-file>
@@ -38,8 +42,25 @@ Advanced Example:
 	$ sbomasm edit --subject primary-component --hash "MD5 (hash1)" --hash "SHA256 (hash2)" in-sbom-5.json
 	`,
 	SilenceUsage: true,
+	Args:         cobra.ExactArgs(1),
 	RunE: func(cmd *cobra.Command, args []string) error {
-		return nil
+		debug, _ := cmd.Flags().GetBool("debug")
+		if debug {
+			logger.InitDebugLogger()
+		} else {
+			logger.InitProdLogger()
+		}
+
+		ctx := logger.WithLogger(context.Background())
+
+		editParams, err := extractEditArgs(cmd, args)
+
+		if err != nil {
+			return err
+		}
+
+		editParams.Ctx = &ctx
+		return edit.Edit(editParams)
 	},
 }
 
@@ -50,6 +71,7 @@ func init() {
 
 	// Edit locations
 	editCmd.Flags().String("subject", "document", "subject to edit (document, primary-component, component-name-version)")
+	editCmd.MarkFlagRequired("subject")
 	editCmd.Flags().String("search", "", "search string to find the entity")
 
 	// Edit controls
@@ -60,17 +82,83 @@ func init() {
 	editCmd.Flags().String("name", "", "name of the entity")
 	editCmd.Flags().String("version", "", "version of the entity")
 	editCmd.Flags().String("supplier", "", "supplier to add e.g 'name (email)'")
-	editCmd.Flags().String("author", "", "author to add e.g 'name (email)'")
+	editCmd.Flags().StringSlice("author", []string{}, "author to add e.g 'name (email)'")
 	editCmd.Flags().String("purl", "", "purl to add e.g 'pkg:deb/debian/abc@1.0.0'")
 	editCmd.Flags().String("cpe", "", "cpe to add e.g 'cpe:2.3:a:microsoft:internet_explorer:8.*:sp?:*:*:*:*:*:*'")
-	editCmd.Flags().String("license", "", "license to add e.g 'MIT'")
-	editCmd.Flags().String("hash", "", "checksum to add e.g 'MD5 (hash'")
-	editCmd.Flags().String("tool", "", "tool to add e.g 'sbomasm (v1.0.0)'")
+	editCmd.Flags().StringSlice("license", []string{}, "license to add e.g 'MIT'")
+	editCmd.Flags().StringSlice("hash", []string{}, "checksum to add e.g 'MD5 (hash'")
+	editCmd.Flags().StringSlice("tool", []string{}, "tool to add e.g 'sbomasm (v1.0.0)'")
 	editCmd.Flags().String("copyright", "", "copyright to add e.g 'Copyright © 2024'")
-	editCmd.Flags().String("lifecycle", "", "lifecycle to add e.g 'build'")
+	editCmd.Flags().StringSlice("lifecycle", []string{}, "lifecycle to add e.g 'build'")
 	editCmd.Flags().String("description", "", "description to add e.g 'this is a cool app'")
 	editCmd.Flags().String("repository", "", "repository to add e.g 'github.com/interlynk-io/sbomasm'")
 	editCmd.Flags().String("type", "", "type to add e.g 'application'")
 
 	editCmd.Flags().Bool("timestamp", false, "add created-at timestamp")
 }
+
+func extractEditArgs(cmd *cobra.Command, args []string) (*edit.EditParams, error) {
+	editParams := edit.NewEditParams()
+
+	editParams.Input = args[0]
+	editParams.Output, _ = cmd.Flags().GetString("output")
+
+	subject, _ := cmd.Flags().GetString("subject")
+	editParams.Subject = subject
+
+	search, _ := cmd.Flags().GetString("search")
+	editParams.Search = search
+
+	missing, _ := cmd.Flags().GetBool("missing")
+	editParams.Missing = missing
+
+	append, _ := cmd.Flags().GetBool("append")
+	editParams.Append = append
+
+	name, _ := cmd.Flags().GetString("name")
+	editParams.Name = name
+
+	version, _ := cmd.Flags().GetString("version")
+	editParams.Version = version
+
+	supplier, _ := cmd.Flags().GetString("supplier")
+	editParams.Supplier = supplier
+
+	authors, _ := cmd.Flags().GetStringSlice("author")
+	editParams.Authors = authors
+
+	purl, _ := cmd.Flags().GetString("purl")
+	editParams.Purl = purl
+
+	cpe, _ := cmd.Flags().GetString("cpe")
+	editParams.Cpe = cpe
+
+	licenses, _ := cmd.Flags().GetStringSlice("license")
+	editParams.Licenses = licenses
+
+	hashes, _ := cmd.Flags().GetStringSlice("hash")
+	editParams.Hashes = hashes
+
+	tools, _ := cmd.Flags().GetStringSlice("tool")
+	editParams.Tools = tools
+
+	copyright, _ := cmd.Flags().GetString("copyright")
+	editParams.CopyRight = copyright
+
+	lifecycles, _ := cmd.Flags().GetStringSlice("lifecycle")
+	editParams.Lifecycles = lifecycles
+
+	description, _ := cmd.Flags().GetString("description")
+	editParams.Description = description
+
+	repository, _ := cmd.Flags().GetString("repository")
+	editParams.Repository = repository
+
+	typ, _ := cmd.Flags().GetString("type")
+	editParams.Type = typ
+
+	timestamp, _ := cmd.Flags().GetBool("timestamp")
+	editParams.Timestamp = timestamp
+
+	return editParams, nil
+}
diff --git a/cmd/root.go b/cmd/root.go
@@ -60,6 +60,7 @@ func init() {
 	// Cobra also supports local flags, which will only run
 	// when this action is called directly.
 	rootCmd.Flags().BoolP("toggle", "t", false, "Help message for toggle")
+	rootCmd.PersistentFlags().BoolP("debug", "d", false, "debug output")
 }
 
 func checkIfLatestRelease() {

diff --git a/pkg/edit/config.go b/pkg/edit/config.go
@@ -0,0 +1,195 @@
+// Copyright 2024 Interlynk.io
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package edit
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"regexp"
+	"strings"
+)
+
+type SearchParams struct {
+	subject string
+	name    string
+	version string
+	missing bool
+	append  bool
+}
+
+type paramTuple struct {
+	name  string
+	value string
+}
+
+type configParams struct {
+	ctx *context.Context
+
+	inputFilePath  string
+	outputFilePath string
+
+	search SearchParams
+
+	name        string
+	version     string
+	supplier    paramTuple
+	authors     []paramTuple
+	purl        string
+	cpe         string
+	licenses    []paramTuple
+	hashes      []paramTuple
+	tools       []paramTuple
+	copyright   string
+	lifecycles  []string
+	description string
+	repository  string
+	typ         string
+}
+
+var supportedSubjects map[string]bool = map[string]bool{
+	"document":               true,
+	"primary-component":      true,
+	"component-name-version": true,
+}
+
+func convertToConfigParams(eParams *EditParams) (*configParams, error) {
+	p := &configParams{}
+
+	//log := logger.FromContext(*eParams.Ctx)
+
+	if err := validatePath(eParams.Input); err != nil {
+		return nil, err
+	}
+
+	p.inputFilePath = eParams.Input
+
+	if eParams.Output != "" {
+		p.outputFilePath = eParams.Output
+	}
+
+	p.search = SearchParams{}
+
+	if eParams.Subject != "" {
+		p.search.subject = eParams.Subject
+	}
+
+	p.search = SearchParams{}
+
+	if eParams.Subject != "" && supportedSubjects[strings.ToLower(eParams.Subject)] {
+		p.search.subject = strings.ToLower(eParams.Subject)
+	} else {
+		return nil, fmt.Errorf("unsupported subject %s", eParams.Subject)
+	}
+
+	if p.search.subject == "component-name-version" {
+		name, version := parseInputFormat(eParams.Search)
+		if name == "" || version == "" {
+			return nil, fmt.Errorf("invalid component-name-version format both name and version must be provided")
+		}
+		p.search.name = name
+		p.search.version = version
+	}
+
+	p.search.missing = eParams.Missing
+	p.search.append = eParams.Append
+
+	p.name = eParams.Name
+	p.version = eParams.Version
+
+	if eParams.Supplier != "" {
+		name, email := parseInputFormat(eParams.Supplier)
+
+		p.supplier = paramTuple{
+			name:  name,
+			value: email,
+		}
+	}
+
+	for _, author := range eParams.Authors {
+		name, email := parseInputFormat(author)
+		p.authors = append(p.authors, paramTuple{
+			name:  name,
+			value: email,
+		})
+	}
+
+	p.purl = eParams.Purl
+	p.cpe = eParams.Cpe
+
+	for _, license := range eParams.Licenses {
+		name, url := parseInputFormat(license)
+		p.licenses = append(p.licenses, paramTuple{
+			name:  name,
+			value: url,
+		})
+	}
+
+	for _, hash := range eParams.Hashes {
+		algorithm, value := parseInputFormat(hash)
+		p.hashes = append(p.hashes, paramTuple{
+			name:  algorithm,
+			value: value,
+		})
+	}
+
+	for _, tool := range eParams.Tools {
+		name, version := parseInputFormat(tool)
+		p.tools = append(p.tools, paramTuple{
+			name:  name,
+			value: version,
+		})
+	}
+
+	p.copyright = eParams.CopyRight
+	p.lifecycles = eParams.Lifecycles
+	p.description = eParams.Description
+	p.repository = eParams.Repository
+	p.typ = eParams.Type
+
+	return p, nil
+}
+func parseInputFormat(s string) (name string, version string) {
+	// Trim any leading/trailing whitespace
+	s = strings.TrimSpace(s)
+
+	// Regular expression to match the pattern
+	re := regexp.MustCompile(`^(.+?)\s*(?:\(([^)]+)\))?$`)
+
+	matches := re.FindStringSubmatch(s)
+	if len(matches) > 1 {
+		name = strings.TrimSpace(matches[1])
+		if len(matches) > 2 {
+			version = strings.TrimSpace(matches[2])
+		}
+	} else {
+		name = s
+	}
+
+	return name, version
+}
+func validatePath(path string) error {
+	stat, err := os.Stat(path)
+
+	if err != nil {
+		return err
+	}
+
+	if stat.IsDir() {
+		return fmt.Errorf("path %s is a directory include only files", path)
+	}
+
+	return nil
+}