Mercurial Repositories > eric / file diff

diff: eric7/CycloneDXInterface/CycloneDXUtilities.py

eric7/CycloneDXInterface/CycloneDXUtilities.py

branch
eric7
changeset 9122
ddf8ed8f7387
parent 9119
5bcdef5207f6
child 9141
7085ece52151
--- a/eric7/CycloneDXInterface/CycloneDXUtilities.py	Sat Jun 04 16:56:22 2022 +0200
+++ b/eric7/CycloneDXInterface/CycloneDXUtilities.py	Sat Jun 04 16:57:02 2022 +0200
@@ -82,7 +82,7 @@
     dlg = CycloneDXConfigDialog(venvName)
     if dlg.exec() == QDialog.DialogCode.Accepted:
         (inputSource, inputFile, fileFormat, schemaVersion, sbomFile,
-         withVulnerabilities) = dlg.getData()
+         withVulnerabilities, withDependencies) = dlg.getData()
         
         # check error conditions first
         if inputSource not in ("environment", "pipenv", "poetry",
@@ -118,6 +118,9 @@
         if withVulnerabilities:
             addCycloneDXVulnerabilities(parser)
         
+        if withDependencies:
+            addCycloneDXDependencies(parser, venvName)
+        
         if fileFormat == "XML":
             outputFormat = OutputFormat.XML
         elif fileFormat == "JSON":
@@ -191,6 +194,46 @@
                     ))
 
 
+def addCycloneDXDependencies(parser, venvName):
+    """
+    Function to add dependency data to the list of created components.
+    
+    @param parser reference to the parser object containing the list of
+        components
+    @type BaseParser
+    @param venvName name of the virtual environment
+    @type str
+    """
+    components = parser.get_components()
+    
+    pip = ericApp().getObject("Pip")
+    dependencies = pip.getDependencyTree(venvName)
+    for dependency in dependencies:
+        _addCycloneDXDependency(dependency, components)
+
+
+def _addCycloneDXDependency(dependency, components):
+    """
+    Function to add a dependency to the given list of components.
+    
+    @param dependency dependency to be added
+    @type dict
+    @param components list of components
+    @type list of Component
+    """
+    component = findCyccloneDXComponent(components, dependency["package_name"])
+    if component is not None:
+        bomRefs = component.dependencies
+        for dep in dependency["dependencies"]:
+            depComponent = findCyccloneDXComponent(
+                components, dep["package_name"])
+            if depComponent is not None:
+                bomRefs.add(depComponent.bom_ref)
+                # recursively add sub-dependencies
+                _addCycloneDXDependency(dep, components)
+        component.dependencies = bomRefs
+
+
 def findCyccloneDXComponent(components, name):
     """
     Function to find a component in a given list of components.

Mercurial Repository: eric

eric ide

mercurial