--- a/eric7/CycloneDXInterface/CycloneDXUtilities.py Wed Jun 08 19:13:35 2022 +0200
+++ b/eric7/CycloneDXInterface/CycloneDXUtilities.py Thu Jun 09 16:13:18 2022 +0200
@@ -17,7 +17,10 @@
from packageurl import PackageURL
-from cyclonedx.model import LicenseChoice
+from cyclonedx.model import (
+ ExternalReference, ExternalReferenceType, LicenseChoice,
+ OrganizationalContact, OrganizationalEntity, Tool, XsUri
+)
from cyclonedx.model.bom import Bom
from cyclonedx.model.component import Component
from cyclonedx.model.vulnerability import Vulnerability, VulnerabilitySource
@@ -82,7 +85,7 @@
dlg = CycloneDXConfigDialog(venvName)
if dlg.exec() == QDialog.DialogCode.Accepted:
(inputSource, inputFile, fileFormat, schemaVersion, sbomFile,
- withVulnerabilities, withDependencies) = dlg.getData()
+ withVulnerabilities, withDependencies, metadataDict) = dlg.getData()
# check error conditions first
if inputSource not in ("environment", "pipenv", "poetry",
@@ -143,6 +146,8 @@
)
bom = Bom.from_parser(parser=parser)
+ # TODO: add meta data to the BOM
+ _amendMetaData(bom.metadata, metadataDict)
output = get_output_instance(
bom=bom,
output_format=outputFormat,
@@ -250,3 +255,112 @@
return component
return None
+
+
+def _amendMetaData(bomMetaData, metadataDict):
+ """
+ Function to amend the SBOM meta data according the given data.
+
+ The modifications done are:
+ <ul>
+ <li>add eric7 to the tools</li>
+ </ul>
+
+ @param bomMetaData reference to the SBOM meta data object
+ @type BomMetaData
+ @param metadataDict dictionary containing additional meta data
+ @type dict
+ @return reference to the modified SBOM meta data object
+ @rtype BomMetaData
+ """
+ # add a Tool entry for eric7
+ try:
+ from importlib.metadata import version as meta_version
+ __EricToolVersion = str(meta_version('eric-ide'))
+ except Exception:
+ from UI.Info import Version
+ __EricToolVersion = Version
+
+ EricTool = Tool(vendor='python-projects.org',
+ name='eric-ide',
+ version=__EricToolVersion)
+ EricTool.external_references.update([
+ ExternalReference(
+ reference_type=ExternalReferenceType.DISTRIBUTION,
+ url=XsUri(
+ "https://pypi.org/project/eric-ide/"
+ )
+ ),
+ ExternalReference(
+ reference_type=ExternalReferenceType.DOCUMENTATION,
+ url=XsUri(
+ "https://pypi.org/project/eric-ide/"
+ )
+ ),
+ ExternalReference(
+ reference_type=ExternalReferenceType.ISSUE_TRACKER,
+ url=XsUri(
+ "https://tracker.die-offenbachs.homelinux.org"
+ )
+ ),
+ ExternalReference(
+ reference_type=ExternalReferenceType.LICENSE,
+ url=XsUri(
+ "https://hg.die-offenbachs.homelinux.org/eric/file/tip/docs/"
+ "LICENSE.GPL3"
+ )
+ ),
+ ExternalReference(
+ reference_type=ExternalReferenceType.RELEASE_NOTES,
+ url=XsUri(
+ "https://hg.die-offenbachs.homelinux.org/eric/file/tip/docs/"
+ "changelog"
+ )
+ ),
+ ExternalReference(
+ reference_type=ExternalReferenceType.VCS,
+ url=XsUri(
+ "https://hg.die-offenbachs.homelinux.org/eric"
+ )
+ ),
+ ExternalReference(
+ reference_type=ExternalReferenceType.WEBSITE,
+ url=XsUri(
+ "https://eric-ide.python-projects.org"
+ )
+ )
+ ])
+ bomMetaData.tools.add(EricTool)
+
+ # add the meta data info entered by the user (if any)
+ if metadataDict is not None:
+ # TODO: add the meta info
+ if metadataDict["AuthorName"]:
+ bomMetaData.authors = [OrganizationalContact(
+ name=metadataDict["AuthorName"],
+ email=metadataDict["AuthorEmail"]
+ )]
+ if metadataDict["Manufacturer"]:
+ bomMetaData.manufacture = OrganizationalEntity(
+ name=metadataDict["Manufacturer"]
+ )
+ if metadataDict["Supplier"]:
+ bomMetaData.supplier = OrganizationalEntity(
+ name=metadataDict["Supplier"])
+ if metadataDict["License"]:
+ bomMetaData.licenses = [LicenseChoice(
+ license_expression=metadataDict["License"]
+ )]
+ if metadataDict["Name"]:
+ bomMetaData.component = Component(
+ name=metadataDict["Name"],
+ component_type=metadataDict["Type"],
+ version=metadataDict["Version"],
+ description=metadataDict["Description"],
+ author=metadataDict["AuthorName"],
+ licenses=[LicenseChoice(
+ license_expression=metadataDict["License"]
+ )],
+ )
+
+ return bomMetaData
