• file
• latest
• revisions
• annotate
• diff
• comparison
• raw

eric7/CycloneDXInterface/CycloneDXUtilities.py@5bcdef5207f6 (annotated)

eric7/CycloneDXInterface/CycloneDXUtilities.py

Sat, 04 Jun 2022 15:53:41 +0200

author

Detlev Offenbach <detlev@die-offenbachs.de>

date

Sat, 04 Jun 2022 15:53:41 +0200

branch

eric7

changeset 9119

5bcdef5207f6

parent 9117

c6afba2049cf

child 9122

ddf8ed8f7387

permissions

-rw-r--r--

CycloneDX
- added capability to list vulnerabilities in the SBOM file

9117 c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	1	# -*- coding: utf-8 -*-
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	2
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	3	# Copyright (c) 2022 Detlev Offenbach <detlev@die-offenbachs.de>
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	4	#
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	5
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	6	"""
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	7	Module implementing the interface to CycloneDX.
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	8	"""
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	9
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	10	import os
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	11
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	12	from PyQt6.QtCore import QCoreApplication
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	13	from PyQt6.QtWidgets import QDialog
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	14
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	15	from EricWidgets.EricApplication import ericApp
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	16	from EricWidgets import EricMessageBox
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	17
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	18	from packageurl import PackageURL
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	19
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	20	from cyclonedx.model import LicenseChoice
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	21	from cyclonedx.model.bom import Bom
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	22	from cyclonedx.model.component import Component
9119 5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	23	from cyclonedx.model.vulnerability import Vulnerability, VulnerabilitySource
9117 c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	24	from cyclonedx.output import (
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	25	OutputFormat, SchemaVersion, get_instance as get_output_instance
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	26	)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	27	from cyclonedx.parser import BaseParser
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	28
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	29	from cyclonedx_py.parser.pipenv import PipEnvFileParser
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	30	from cyclonedx_py.parser.poetry import PoetryFileParser
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	31	from cyclonedx_py.parser.requirements import RequirementsFileParser
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	32
9119 5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	33	from PipInterface.PipVulnerabilityChecker import (
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	34	Package, VulnerabilityCheckError
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	35	)
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	36
9117 c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	37
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	38	class CycloneDXEnvironmentParser(BaseParser):
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	39	"""
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	40	Class implementing a parser to get package data for a named environment.
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	41	"""
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	42	def __init__(self, venvName):
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	43	"""
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	44	Constructor
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	45
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	46	@param venvName name of the virtual environment
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	47	@type str
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	48	"""
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	49	super().__init__()
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	50
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	51	pip = ericApp().getObject("Pip")
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	52	packages = pip.getLicenses(venvName)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	53	for package in packages:
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	54	comp = Component(
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	55	name=package["Name"],
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	56	version=package["Version"],
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	57	author=package["Author"],
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	58	description=package["Description"],
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	59	purl=PackageURL(
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	60	type='pypi',
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	61	name=package["Name"],
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	62	version=package["Version"]
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	63	)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	64	)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	65	for lic in package["License"].split(";"):
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	66	comp.licenses.add(
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	67	LicenseChoice(license_expression=lic.strip())
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	68	)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	69
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	70	self._components.append(comp)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	71
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	72
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	73	def createCycloneDXFile(venvName):
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	74	"""
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	75	Function to create a CyccloneDX SBOM file.
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	76
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	77	@param venvName name of the virtual environment
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	78	@type str
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	79	@exception RuntimeError raised to indicate illegal creation parameters
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	80	"""
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	81	from .CycloneDXConfigDialog import CycloneDXConfigDialog
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	82	dlg = CycloneDXConfigDialog(venvName)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	83	if dlg.exec() == QDialog.DialogCode.Accepted:
9119 5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	84	(inputSource, inputFile, fileFormat, schemaVersion, sbomFile,
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	85	withVulnerabilities) = dlg.getData()
9117 c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	86
9119 5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	87	# check error conditions first
9117 c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	88	if inputSource not in ("environment", "pipenv", "poetry",
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	89	"requirements"):
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	90	raise RuntimeError("Unsupported input source given.")
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	91	if fileFormat not in ("XML", "JSON"):
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	92	raise RuntimeError("Unsupported SBOM file format given.")
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	93
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	94	if inputSource == "environment":
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	95	parser = CycloneDXEnvironmentParser(venvName)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	96	else:
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	97	# all other parsers need an input file
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	98	if not os.path.isfile(inputFile):
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	99	EricMessageBox.warning(
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	100	None,
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	101	QCoreApplication.translate(
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	102	"CycloneDX", "CycloneDX - SBOM Creation"),
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	103	QCoreApplication.translate(
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	104	"CycloneDX",
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	105	"<p>The configured input file <b>{0}</b> does not"
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	106	" exist. Aborting...</p>"
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	107	).format(inputFile)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	108	)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	109	return
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	110
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	111	if inputSource == "pipenv":
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	112	parser = PipEnvFileParser(pipenv_lock_filename=inputFile)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	113	elif inputSource == "poetry":
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	114	parser = PoetryFileParser(poetry_lock_filename=inputFile)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	115	elif inputSource == "requirements":
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	116	parser = RequirementsFileParser(requirements_file=inputFile)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	117
9119 5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	118	if withVulnerabilities:
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	119	addCycloneDXVulnerabilities(parser)
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	120
9117 c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	121	if fileFormat == "XML":
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	122	outputFormat = OutputFormat.XML
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	123	elif fileFormat == "JSON":
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	124	outputFormat = OutputFormat.JSON
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	125
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	126	if parser.has_warnings():
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	127	excludedList = ["<li>{0}</li>".format(warning.get_item())
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	128	for warning in parser.get_warnings()]
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	129	EricMessageBox.warning(
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	130	None,
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	131	QCoreApplication.translate(
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	132	"CycloneDX", "CycloneDX - SBOM Creation"),
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	133	QCoreApplication.translate(
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	134	"CycloneDX",
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	135	"<p>Some of the dependencies do not have pinned version"
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	136	" numbers.<ul>{0}</ul>The above listed packages will NOT"
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	137	" be included in the generated CycloneDX SBOM file as"
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	138	" version is a mandatory field.</p>"
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	139	).format("".join(excludedList))
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	140	)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	141
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	142	bom = Bom.from_parser(parser=parser)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	143	output = get_output_instance(
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	144	bom=bom,
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	145	output_format=outputFormat,
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	146	schema_version=SchemaVersion['V{0}'.format(
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	147	schemaVersion.replace('.', '_')
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	148	)]
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	149	)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	150	output.output_to_file(filename=sbomFile, allow_overwrite=True)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	151
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	152	EricMessageBox.information(
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	153	None,
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	154	QCoreApplication.translate(
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	155	"CycloneDX", "CycloneDX - SBOM Creation"),
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	156	QCoreApplication.translate(
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	157	"CycloneDX",
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	158	"<p>The SBOM data was written to file <b>{0}</b>.</p>"
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	159	).format(sbomFile)
c6afba2049cf CycloneDX Interface Detlev Offenbach <detlev@die-offenbachs.de> parents: diff changeset	160	)
9119 5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	161
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	162
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	163	def addCycloneDXVulnerabilities(parser):
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	164	"""
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	165	Function to add vulnerability data to the list of created components.
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	166
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	167	@param parser reference to the parser object containing the list of
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	168	components
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	169	@type BaseParser
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	170	"""
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	171	components = parser.get_components()
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	172
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	173	packages = [
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	174	Package(name=component.name, version=component.version)
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	175	for component in components
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	176	]
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	177
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	178	pip = ericApp().getObject("Pip")
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	179	error, vulnerabilities = pip.getVulnerabilityChecker().check(packages)
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	180
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	181	if error == VulnerabilityCheckError.OK:
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	182	for package in vulnerabilities:
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	183	component = findCyccloneDXComponent(components, package)
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	184	if component:
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	185	for vuln in vulnerabilities[package]:
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	186	component.add_vulnerability(Vulnerability(
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	187	id=vuln.cve,
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	188	description=vuln.advisory,
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	189	recommendation="upgrade required",
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	190	source=VulnerabilitySource(name="pyup.io")
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	191	))
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	192
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	193
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	194	def findCyccloneDXComponent(components, name):
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	195	"""
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	196	Function to find a component in a given list of components.
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	197
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	198	@param components list of components to scan
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	199	@type list of Component
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	200	@param name name of the component to search for
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	201	@type str
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	202	@return reference to the found component or None
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	203	@rtype Component or None
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	204	"""
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	205	for component in components:
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	206	if component.name == name:
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	207	return component
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	208
5bcdef5207f6 CycloneDX Detlev Offenbach <detlev@die-offenbachs.de> parents: 9117 diff changeset	209	return None