diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f03697bb..212b89c5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -106,7 +106,7 @@ jobs: cd cmd/debricked go generate -v -x - - uses: goreleaser/goreleaser-action@v5 + - uses: goreleaser/goreleaser-action@v6 with: distribution: goreleaser version: latest diff --git a/.gitignore b/.gitignore index 63172472..3c3dd29e 100644 --- a/.gitignore +++ b/.gitignore @@ -46,3 +46,5 @@ test/resolve/testdata/gradle/gradle.debricked.lock debricked-call-graph.* internal/scan/testdata/npm/result.json /internal/file/testdata/misc/yarn.lock +/internal/callgraph/finder/javafinder/testdata/guava/maven.debricked.lock +/internal/resolution/pm/maven/testdata/guava/maven.debricked.lock diff --git a/go.mod b/go.mod index 21572310..55a02ef7 100644 --- a/go.mod +++ b/go.mod @@ -9,13 +9,16 @@ require ( github.com/fatih/color v1.16.0 github.com/go-git/go-billy/v5 v5.5.0 github.com/go-git/go-git/v5 v5.11.0 + github.com/golang-jwt/jwt v3.2.2+incompatible github.com/hashicorp/go-retryablehttp v0.7.7 github.com/jedib0t/go-pretty/v6 v6.4.6 + github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c github.com/schollz/progressbar/v3 v3.13.1 github.com/spf13/cobra v1.7.0 github.com/spf13/viper v1.15.0 github.com/stretchr/testify v1.8.4 github.com/vifraa/gopom v0.2.1 + github.com/zalando/go-keyring v0.2.5 golang.org/x/oauth2 v0.22.0 golang.org/x/tools v0.19.0 gopkg.in/yaml.v3 v3.0.1 @@ -27,8 +30,6 @@ require ( github.com/Microsoft/go-winio v0.6.1 // indirect github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect github.com/alessio/shellescape v1.4.1 // indirect - github.com/cli/browser v1.0.0 // indirect - github.com/cli/safeexec v1.0.0 // indirect github.com/cloudflare/circl v1.3.7 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/danieljoos/wincred v1.2.0 // indirect @@ -36,9 +37,7 @@ require ( github.com/emirpasic/gods v1.18.1 // indirect github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/go-oauth2/oauth2 v3.9.2+incompatible // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect - github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/hcl v1.0.0 // indirect @@ -54,7 +53,6 @@ require ( github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/pelletier/go-toml/v2 v2.0.7 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect - github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/rivo/uniseg v0.4.4 // indirect github.com/sergi/go-diff v1.3.1 // indirect @@ -66,7 +64,6 @@ require ( github.com/stretchr/objx v0.5.0 // indirect github.com/subosito/gotenv v1.4.2 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect - github.com/zalando/go-keyring v0.2.5 // indirect golang.org/x/crypto v0.21.0 // indirect golang.org/x/mod v0.16.0 // indirect golang.org/x/net v0.22.0 // indirect diff --git a/go.sum b/go.sum index ad105d80..6bc268f9 100644 --- a/go.sum +++ b/go.sum @@ -60,14 +60,7 @@ github.com/chelnak/ysmrr v0.2.1/go.mod h1:9TEgLy2xDMGN62zJm9XZrEWY/fHoGoBslSVEkE github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/cli/browser v1.0.0 h1:RIleZgXrhdiCVgFBSjtWwkLPUCWyhhhN5k5HGSBt1js= -github.com/cli/browser v1.0.0/go.mod h1:IEWkHYbLjkhtjwwWlwTHW2lGxeS5gezEQBMLTwDHf5Q= -github.com/cli/oauth v1.0.1 h1:pXnTFl/qUegXHK531Dv0LNjW4mLx626eS42gnzfXJPA= -github.com/cli/oauth v1.0.1/go.mod h1:qd/FX8ZBD6n1sVNQO3aIdRxeu5LGw9WhKnYhIIoC2A4= -github.com/cli/safeexec v1.0.0 h1:0VngyaIyqACHdcMNWfo6+KdUYnqEr2Sg+bSP1pdF+dI= -github.com/cli/safeexec v1.0.0/go.mod h1:Z/D4tTN8Vs5gXYHDCbaM1S/anmEDnJb1iW0+EJ5zx3Q= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= @@ -91,8 +84,6 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= -github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= @@ -109,8 +100,6 @@ github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lK github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-oauth2/oauth2 v3.9.2+incompatible h1:A8gSjq4110EgZDVk4ZtcpusynU2Fto9eM6sXvxL+EOs= -github.com/go-oauth2/oauth2 v3.9.2+incompatible/go.mod h1:GGcZ+i513KxN4yS7zBYfmwo3P+cyGvCS675uCNmWv/g= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= @@ -174,11 +163,7 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= -github.com/hashicorp/go-retryablehttp v0.7.2 h1:AcYqCvkpalPnPF2pn0KamgwamS42TqUDDYFRKq/RAd0= -github.com/hashicorp/go-retryablehttp v0.7.2/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -213,8 +198,6 @@ github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxec github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98= -github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.13/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= @@ -457,8 +440,6 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= diff --git a/internal/cmd/report/report.go b/internal/cmd/report/report.go index 60bcb458..d307f446 100644 --- a/internal/cmd/report/report.go +++ b/internal/cmd/report/report.go @@ -2,8 +2,10 @@ package report import ( "github.com/debricked/cli/internal/cmd/report/license" + "github.com/debricked/cli/internal/cmd/report/sbom" "github.com/debricked/cli/internal/cmd/report/vulnerability" licenseReport "github.com/debricked/cli/internal/report/license" + sbomReport "github.com/debricked/cli/internal/report/sbom" vulnerabilityReport "github.com/debricked/cli/internal/report/vulnerability" "github.com/spf13/cobra" "github.com/spf13/viper" @@ -12,12 +14,13 @@ import ( func NewReportCmd( licenseReporter licenseReport.Reporter, vulnerabilityReporter vulnerabilityReport.Reporter, + sbomReporter sbomReport.Reporter, ) *cobra.Command { cmd := &cobra.Command{ Use: "report", Short: "Generate reports", Long: `Generate reports. -This is a premium feature. Please visit https://debricked.com/pricing/ for more info.`, +Premium is required for license and vulnerability reports. Enterprise is required for SBOM reports. Please visit https://debricked.com/pricing/ for more info.`, PreRun: func(cmd *cobra.Command, _ []string) { _ = viper.BindPFlags(cmd.Flags()) }, @@ -25,6 +28,7 @@ This is a premium feature. Please visit https://debricked.com/pricing/ for more cmd.AddCommand(license.NewLicenseCmd(licenseReporter)) cmd.AddCommand(vulnerability.NewVulnerabilityCmd(vulnerabilityReporter)) + cmd.AddCommand(sbom.NewSBOMCmd(sbomReporter)) return cmd } diff --git a/internal/cmd/report/report_test.go b/internal/cmd/report/report_test.go index 19de982c..084826e3 100644 --- a/internal/cmd/report/report_test.go +++ b/internal/cmd/report/report_test.go @@ -4,20 +4,22 @@ import ( "testing" "github.com/debricked/cli/internal/report/license" + "github.com/debricked/cli/internal/report/sbom" "github.com/debricked/cli/internal/report/vulnerability" "github.com/stretchr/testify/assert" ) func TestNewReportCmd(t *testing.T) { - cmd := NewReportCmd(license.Reporter{}, vulnerability.Reporter{}) + cmd := NewReportCmd(license.Reporter{}, vulnerability.Reporter{}, sbom.Reporter{}) commands := cmd.Commands() - nbrOfCommands := 2 + nbrOfCommands := 3 assert.Lenf(t, commands, nbrOfCommands, "failed to assert that there were %d sub commands connected", nbrOfCommands) } func TestPreRun(t *testing.T) { var licenseReporter license.Reporter var vulnReporter vulnerability.Reporter - cmd := NewReportCmd(licenseReporter, vulnReporter) + var sbomReporter sbom.Reporter + cmd := NewReportCmd(licenseReporter, vulnReporter, sbomReporter) cmd.PreRun(cmd, nil) } diff --git a/internal/cmd/report/sbom/sbom.go b/internal/cmd/report/sbom/sbom.go new file mode 100644 index 00000000..e0c63e80 --- /dev/null +++ b/internal/cmd/report/sbom/sbom.go @@ -0,0 +1,94 @@ +package sbom + +import ( + "fmt" + + "github.com/debricked/cli/internal/report" + "github.com/debricked/cli/internal/report/sbom" + "github.com/fatih/color" + "github.com/spf13/cobra" + "github.com/spf13/viper" +) + +var commitId string +var repositoryId string +var branch string +var format string +var vulnerabilities bool +var licenses bool +var output string + +const CommitFlag = "commit" +const RepositorylFlag = "repository" +const TokenFlag = "token" +const BranchFlag = "branch" +const VulnerabilitiesFlag = "vulnerabilities" +const LicensesFlag = "licenses" +const OutputFlag = "output" +const FormatFlag = "format" + +func NewSBOMCmd(reporter report.IReporter) *cobra.Command { + cmd := &cobra.Command{ + Use: "sbom", + Short: "Generate SBOM report", + Long: `Generate SBOM report for chosen commit and repository. +For an example of the SBOM format see https://github.com/debricked/blog-snippets/blob/main/example-sbom-report/SBOM_2022-12-14.json. + +This is an enterprise feature. Please visit https://debricked.com/pricing/ for more info.`, + PreRun: func(cmd *cobra.Command, _ []string) { + _ = viper.BindPFlags(cmd.Flags()) + }, + RunE: RunE(reporter), + } + + cmd.Flags().StringVarP(&commitId, CommitFlag, "c", "", "The commit that you want an SBOM report for") + _ = cmd.MarkFlagRequired(CommitFlag) + viper.MustBindEnv(CommitFlag) + + cmd.Flags().StringVarP(&repositoryId, RepositorylFlag, "r", "", "The repository that you want an SBOM report for") + _ = cmd.MarkFlagRequired(RepositorylFlag) + viper.MustBindEnv(RepositorylFlag) + + cmd.Flags().StringVarP(&branch, BranchFlag, "b", "", "The branch that you want an SBOM report for") + viper.MustBindEnv(BranchFlag) + + cmd.Flags().StringVarP(&format, FormatFlag, "f", "", `The format that you want the SBOM report in. + +Supported options are: 'CycloneDX', 'SPDX'`, + ) + viper.MustBindEnv(FormatFlag) + + cmd.Flags().BoolVar(&vulnerabilities, VulnerabilitiesFlag, true, "Toggle SBOM vulnerability data inclusion") + viper.MustBindEnv(VulnerabilitiesFlag) + + cmd.Flags().BoolVar(&licenses, LicensesFlag, true, "Toggle SBOM license data inclusion") + viper.MustBindEnv(LicensesFlag) + + cmd.Flags().StringVarP(&output, OutputFlag, "o", "", `Set output path for downloaded SBOM json file. + +If no output path is set the file is created in the format -.sbom.json`, + ) + viper.MustBindEnv(OutputFlag) + + return cmd +} + +func RunE(r report.IReporter) func(_ *cobra.Command, args []string) error { + return func(_ *cobra.Command, _ []string) error { + orderArgs := sbom.OrderArgs{ + RepositoryID: viper.GetString(RepositorylFlag), + CommitID: viper.GetString(CommitFlag), + Branch: viper.GetString(BranchFlag), + Vulnerabilities: viper.GetBool(VulnerabilitiesFlag), + Licenses: viper.GetBool(LicensesFlag), + Output: viper.GetString(OutputFlag), + Format: viper.GetString(FormatFlag), + } + + if err := r.Order(orderArgs); err != nil { + return fmt.Errorf("%s %s", color.RedString("⨯"), err.Error()) + } + + return nil + } +} diff --git a/internal/cmd/report/sbom/sbom_test.go b/internal/cmd/report/sbom/sbom_test.go new file mode 100644 index 00000000..971275ca --- /dev/null +++ b/internal/cmd/report/sbom/sbom_test.go @@ -0,0 +1,63 @@ +package sbom + +import ( + "errors" + "testing" + + "github.com/debricked/cli/internal/cmd/report/testdata" + "github.com/debricked/cli/internal/report" + "github.com/spf13/viper" + "github.com/stretchr/testify/assert" +) + +func TestNewSBOMCmd(t *testing.T) { + var r report.IReporter + cmd := NewSBOMCmd(r) + commands := cmd.Commands() + nbrOfCommands := 0 + assert.Len(t, commands, nbrOfCommands) + + viperKeys := viper.AllKeys() + flags := cmd.Flags() + flagAssertions := map[string]string{ + CommitFlag: "c", + RepositorylFlag: "r", + } + for name, shorthand := range flagAssertions { + flag := flags.Lookup(name) + assert.NotNil(t, flag) + assert.Equalf(t, shorthand, flag.Shorthand, "failed to assert that %s flag shorthand %s was set correctly", name, shorthand) + + match := false + for _, key := range viperKeys { + if key == name { + match = true + } + } + assert.Truef(t, match, "failed to assert that %s was present", name) + } +} + +func TestRunEError(t *testing.T) { + reporterMock := testdata.NewReporterMock() + reporterMock.SetError(errors.New("")) + runeE := RunE(reporterMock) + + err := runeE(nil, nil) + + assert.ErrorContains(t, err, "⨯") +} + +func TestRunE(t *testing.T) { + reporterMock := testdata.NewReporterMock() + runeE := RunE(reporterMock) + + err := runeE(nil, nil) + + assert.NoError(t, err) +} + +func TestPreRun(t *testing.T) { + cmd := NewSBOMCmd(nil) + cmd.PreRun(cmd, nil) +} diff --git a/internal/cmd/resolve/resolve.go b/internal/cmd/resolve/resolve.go index 282a76f6..8603df37 100644 --- a/internal/cmd/resolve/resolve.go +++ b/internal/cmd/resolve/resolve.go @@ -67,7 +67,7 @@ Examples: $ debricked scan . --include '**/node_modules/**'`) regenerateDoc := strings.Join( []string{ - "Toggles regeneration of already existing lock files between 3 modes:\n", + "Toggle regeneration of already existing lock files between 3 modes:\n", "Force Regeneration Level | Meaning", "------------------------ | -------", "0 (default) | No regeneration", diff --git a/internal/cmd/root/root.go b/internal/cmd/root/root.go index a98177f3..51a9c481 100644 --- a/internal/cmd/root/root.go +++ b/internal/cmd/root/root.go @@ -42,7 +42,7 @@ Read more: https://docs.debricked.com/product/administration/generate-access-tok var debClient = container.DebClient() debClient.SetAccessToken(&accessToken) - rootCmd.AddCommand(report.NewReportCmd(container.LicenseReporter(), container.VulnerabilityReporter())) + rootCmd.AddCommand(report.NewReportCmd(container.LicenseReporter(), container.VulnerabilityReporter(), container.SBOMReporter())) rootCmd.AddCommand(files.NewFilesCmd(container.Finder())) rootCmd.AddCommand(scan.NewScanCmd(container.Scanner())) rootCmd.AddCommand(fingerprint.NewFingerprintCmd(container.Fingerprinter())) diff --git a/internal/cmd/root/root_test.go b/internal/cmd/root/root_test.go index cb6ce145..81a655cf 100644 --- a/internal/cmd/root/root_test.go +++ b/internal/cmd/root/root_test.go @@ -35,7 +35,7 @@ func TestNewRootCmd(t *testing.T) { } } assert.Truef(t, match, "failed to assert that flag was present: "+AccessTokenFlag) - assert.Len(t, viperKeys, 15) + assert.Len(t, viperKeys, 21) } func TestPreRun(t *testing.T) { diff --git a/internal/cmd/scan/scan.go b/internal/cmd/scan/scan.go index 18895dda..2a2a71ce 100644 --- a/internal/cmd/scan/scan.go +++ b/internal/cmd/scan/scan.go @@ -33,6 +33,8 @@ var repositoryName string var repositoryUrl string var verbose bool var versionHint bool +var sbom string +var sbomOutput string const ( BranchFlag = "branch" @@ -55,6 +57,8 @@ const ( RepositoryUrlFlag = "repository-url" VerboseFlag = "verbose" VersionHintFlag = "version-hint" + SBOMFlag = "sbom" + SBOMOutputFlag = "sbom-output" ) var scanCmdError error @@ -115,7 +119,7 @@ Examples: $ debricked scan . --include '**/node_modules/**'`) regenerateDoc := strings.Join( []string{ - "Toggles regeneration of already existing lock files between 3 modes:\n", + "Toggle regeneration of already existing lock files between 3 modes:\n", "Force Regeneration Level | Meaning", "------------------------ | -------", "0 (default) | No regeneration", @@ -126,7 +130,7 @@ $ debricked scan . --include '**/node_modules/**'`) cmd.Flags().IntVar(®enerate, RegenerateFlag, 0, regenerateDoc) versionHintDoc := strings.Join( []string{ - "Toggles version hinting, i.e using manifest versions to help manifestless resolution.\n", + "Toggle version hinting, i.e using manifest versions to help manifestless resolution.\n", "\nExample:\n$ debricked scan . --version-hint=false", }, "\n") cmd.Flags().BoolVar(&versionHint, VersionHintFlag, true, versionHintDoc) @@ -139,7 +143,7 @@ $ debricked scan . --include '**/node_modules/**'`) cmd.Flags().BoolVarP(&passOnDowntime, PassOnTimeOut, "p", false, "pass scan if there is a service access timeout") cmd.Flags().BoolVar(&noResolve, NoResolveFlag, false, `disables resolution of manifest files that lack lock files. Resolving manifest files enables more accurate dependency scanning since the whole dependency tree will be analysed. For example, if there is a "go.mod" in the target path, its dependencies are going to get resolved onto a lock file, and latter scanned.`) - cmd.Flags().BoolVar(&noFingerprint, NoFingerprintFlag, false, "toggles fingerprinting for undeclared component identification. Can be run as a standalone command [fingerprint] with more granular options.") + cmd.Flags().BoolVar(&noFingerprint, NoFingerprintFlag, false, "Toggle fingerprinting for undeclared component identification. Can be run as a standalone command [fingerprint] with more granular options.") cmd.Flags().BoolVar(&callgraph, CallGraphFlag, false, `Enables call graph generation during scan.`) cmd.Flags().IntVar(&callgraphUploadTimeout, CallGraphUploadTimeoutFlag, 10*60, "Set a timeout (in seconds) on call graph upload.") cmd.Flags().IntVar(&callgraphGenerateTimeout, CallGraphGenerateTimeoutFlag, 60*60, "Set a timeout (in seconds) on call graph generation.") @@ -150,6 +154,11 @@ For example, if there is a "go.mod" in the target path, its dependencies are goi "Example: debricked resolve --prefer-npm", }, "\n") cmd.Flags().BoolP(NpmPreferredFlag, "", npmPreferred, npmPreferredDoc) + cmd.Flags().StringVar(&sbom, SBOMFlag, "", `Toggle generating and downloading SBOM report after scan completion of specified format. +Supported formats are: 'CycloneDX', 'SPDX' +Leaving the field empty results in no SBOM generation.`, + ) + cmd.Flags().StringVar(&sbomOutput, SBOMOutputFlag, "", `Set output path of downloaded SBOM report (if sbom is toggled)`) viper.MustBindEnv(RepositoryFlag) viper.MustBindEnv(CommitFlag) @@ -159,6 +168,8 @@ For example, if there is a "go.mod" in the target path, its dependencies are goi viper.MustBindEnv(IntegrationFlag) viper.MustBindEnv(PassOnTimeOut) viper.MustBindEnv(NpmPreferredFlag) + viper.MustBindEnv(SBOMFlag) + viper.MustBindEnv(SBOMOutputFlag) return cmd } @@ -173,6 +184,8 @@ func RunE(s *scan.IScanner) func(_ *cobra.Command, args []string) error { Path: path, Resolve: !viper.GetBool(NoResolveFlag), Fingerprint: !viper.GetBool(NoFingerprintFlag), + SBOM: viper.GetString(SBOMFlag), + SBOMOutput: viper.GetString(SBOMOutputFlag), Exclusions: viper.GetStringSlice(ExclusionFlag), Verbose: viper.GetBool(VerboseFlag), Regenerate: viper.GetInt(RegenerateFlag), diff --git a/internal/report/sbom/report.go b/internal/report/sbom/report.go new file mode 100644 index 00000000..0032fb06 --- /dev/null +++ b/internal/report/sbom/report.go @@ -0,0 +1,199 @@ +package sbom + +import ( + "bytes" + "encoding/json" + "errors" + "fmt" + "io" + "net/http" + "strings" + "time" + + "github.com/debricked/cli/internal/client" + internalIO "github.com/debricked/cli/internal/io" + "github.com/debricked/cli/internal/report" + "github.com/fatih/color" +) + +var ( + ErrHandleArgs = errors.New("failed to handle args") + ErrSubscription = errors.New("enterprise feature. Please visit https://debricked.com/pricing/ for more info") +) + +type generateSbom struct { + Format string `json:"format"` + RepositoryID string `json:"repositoryId"` + IntegrationName string `json:"integrationName"` + CommitID string `json:"commitId"` + Email string `json:"email"` + Branch string `json:"branch"` + Locale string `json:"locale"` + Licenses bool `json:"licenses"` + Vulnerabilities bool `json:"vulnerabilities"` + SendEmail bool `json:"sendEmail"` + VulnerabilityStatuses []string `json:"vulnerabilityStatuses"` +} + +type generateSbomResponse struct { + Message string `json:"message"` + ReportUUID string `json:"reportUuid"` + Notes []string `json:"notes"` +} + +type OrderArgs struct { + RepositoryID string + CommitID string + Branch string + Output string + Format string + Vulnerabilities bool + Licenses bool +} + +type Reporter struct { + DebClient client.IDebClient + FileWriter internalIO.IFileWriter +} + +func (r Reporter) Order(args report.IOrderArgs) error { + orderArgs, ok := args.(OrderArgs) + var err error + if !ok { + return ErrHandleArgs + } + + uuid, err := r.generate(orderArgs) + if err != nil { + return err + } + sbom, err := r.download(uuid) + if err != nil { + return err + } + + return r.writeSBOM(orderArgs, sbom) + +} + +func (r Reporter) generate(orderArgs OrderArgs) (string, error) { + // Tries to start generating an SBOM and returns the UUID for the report + body, err := json.Marshal(generateSbom{ + Format: orderArgs.Format, + RepositoryID: orderArgs.RepositoryID, + CommitID: orderArgs.CommitID, + Email: "", + Branch: orderArgs.Branch, + Locale: "en", + Vulnerabilities: orderArgs.Vulnerabilities, + Licenses: orderArgs.Licenses, + SendEmail: false, + VulnerabilityStatuses: []string{"vulnerable", "unexamined", "paused", "snoozed"}, + }) + + if err != nil { + return "", err + } + + response, err := (r.DebClient).Post( + "/api/1.0/open/sbom/generate", + "application/json", + bytes.NewBuffer(body), + 0, + ) + if err != nil { + return "", err + } + defer response.Body.Close() + if response.StatusCode == http.StatusPaymentRequired { + return "", ErrSubscription + } else if response.StatusCode != http.StatusOK { + return "", fmt.Errorf("failed to initialize SBOM generation due to status code %d", response.StatusCode) + } else { + fmt.Println("Successfully initialized SBOM generation") + } + + return r.parseUUID(response.Body) +} + +func (r Reporter) parseUUID(body io.Reader) (string, error) { + generateSbomResponseJSON, err := io.ReadAll(body) + if err != nil { + return "", err + } + + var generateSbomResponse generateSbomResponse + err = json.Unmarshal(generateSbomResponseJSON, &generateSbomResponse) + + return generateSbomResponse.ReportUUID, err +} + +func (r Reporter) download(uuid string) ([]byte, error) { + uri := fmt.Sprintf("/api/1.0/open/sbom/download?reportUuid=%s", uuid) + fmt.Printf("%s", color.BlueString("Downloading SBOM...")) + for { // poll download status until completion + res, err := (r.DebClient).Get(uri, "application/json") + + if err != nil { + return nil, err + } + switch statusCode := res.StatusCode; statusCode { + case http.StatusOK: + data, _ := io.ReadAll(res.Body) + defer res.Body.Close() + fmt.Printf("%s\n", color.GreenString("✔")) + + return data, nil + case http.StatusCreated: + return nil, errors.New("polling failed due to too long queue times") + case http.StatusAccepted: + time.Sleep(5000 * time.Millisecond) + default: + return nil, fmt.Errorf("download failed with status code %d", res.StatusCode) + } + } +} + +func (reporter Reporter) writeSBOM(orderArgs OrderArgs, sbomBytes []byte) error { + var filename string + if orderArgs.Output == "" { + fileEnding := fileEnding(orderArgs.Format) + filename = fmt.Sprintf( + "%s-%s%s", + orderArgs.RepositoryID, + orderArgs.CommitID, + fileEnding, + ) + } else { + filename = orderArgs.Output + } + file, err := reporter.FileWriter.Create(filename) + if err != nil { + return err + } + + return reporter.FileWriter.Write(file, sbomBytes) +} + +func fileEnding(format string) string { + switch format := format; format { + case "CycloneDX": + return ".cdx.json" + case "SPDX": + return ".spdx.json" + default: + return ".sbom.json" + } +} + +func (reporter Reporter) ParseDetailsURL(detailsURL string) (string, string, error) { + // Parses CommitID and RepositoryID from the details URL which has the format; + // https://debricked.com/app/en/repository//commit/" + urlParts := strings.Split(detailsURL, "/") + if len(urlParts) != 9 { + + return "", "", fmt.Errorf("URL \"%s\"is of wrong format", detailsURL) + } + + return urlParts[6], urlParts[8], nil +} diff --git a/internal/report/sbom/report_test.go b/internal/report/sbom/report_test.go new file mode 100644 index 00000000..236fe657 --- /dev/null +++ b/internal/report/sbom/report_test.go @@ -0,0 +1,180 @@ +package sbom + +import ( + "errors" + "io" + "net/http" + "strings" + "testing" + + "github.com/debricked/cli/internal/client/testdata" + ioTestData "github.com/debricked/cli/internal/io/testdata" + "github.com/stretchr/testify/assert" +) + +func TestOrderError(t *testing.T) { + debClientMock := testdata.NewDebClientMock() + debClientMock.AddMockResponse(testdata.MockResponse{StatusCode: http.StatusOK}) + reporter := Reporter{DebClient: debClientMock, FileWriter: &ioTestData.FileWriterMock{}} + err := reporter.Order(OrderArgs{CommitID: "", RepositoryID: ""}) + assert.Error(t, err) +} + +func TestOrder(t *testing.T) { + debClientMock := testdata.NewDebClientMock() + debClientMock.AddMockResponse(testdata.MockResponse{ + StatusCode: http.StatusOK, + ResponseBody: io.NopCloser(strings.NewReader("{}")), + }) + debClientMock.AddMockResponse(testdata.MockResponse{ + StatusCode: http.StatusOK, + ResponseBody: io.NopCloser(strings.NewReader("{}")), + }) + reporter := Reporter{DebClient: debClientMock, FileWriter: &ioTestData.FileWriterMock{}} + err := reporter.Order(OrderArgs{CommitID: "", RepositoryID: ""}) + assert.NoError(t, err) +} + +func TestOrderDownloadErr(t *testing.T) { + debClientMock := testdata.NewDebClientMock() + debClientMock.AddMockResponse(testdata.MockResponse{ + StatusCode: http.StatusOK, + ResponseBody: io.NopCloser(strings.NewReader("{}")), + }) + debClientMock.AddMockResponse(testdata.MockResponse{ + StatusCode: http.StatusForbidden, + }) + reporter := Reporter{DebClient: debClientMock, FileWriter: &ioTestData.FileWriterMock{}} + err := reporter.Order(OrderArgs{CommitID: "", RepositoryID: ""}) + assert.Error(t, err) +} + +func TestOrderArgsError(t *testing.T) { + debClientMock := testdata.NewDebClientMock() + debClientMock.AddMockResponse(testdata.MockResponse{StatusCode: http.StatusOK}) + reporter := Reporter{DebClient: debClientMock} + err := reporter.Order("") + assert.Error(t, err) +} + +func TestGenerateOK(t *testing.T) { + debClientMock := testdata.NewDebClientMock() + debClientMock.AddMockResponse(testdata.MockResponse{ + StatusCode: http.StatusOK, + ResponseBody: io.NopCloser(strings.NewReader("{}")), + }) + reporter := Reporter{DebClient: debClientMock, FileWriter: &ioTestData.FileWriterMock{}} + uuid, err := reporter.generate(orderArgs()) + assert.NoError(t, err) + assert.NotNil(t, uuid) +} + +func TestGenerateSubscriptionError(t *testing.T) { + debClientMock := testdata.NewDebClientMock() + debClientMock.AddMockResponse(testdata.MockResponse{ + StatusCode: http.StatusPaymentRequired, + ResponseBody: io.NopCloser(strings.NewReader("{}")), + }) + reporter := Reporter{DebClient: debClientMock, FileWriter: &ioTestData.FileWriterMock{}} + uuid, err := reporter.generate(orderArgs()) + assert.Error(t, err) + assert.NotNil(t, uuid) +} + +func TestGenerateError(t *testing.T) { + debClientMock := testdata.NewDebClientMock() + debClientMock.AddMockResponse(testdata.MockResponse{ + StatusCode: http.StatusForbidden, + ResponseBody: io.NopCloser(strings.NewReader("{}")), + }) + reporter := Reporter{DebClient: debClientMock, FileWriter: &ioTestData.FileWriterMock{}} + uuid, err := reporter.generate(orderArgs()) + assert.Error(t, err) + assert.NotNil(t, uuid) +} + +func TestGenerateDefaultGetError(t *testing.T) { + debClientMock := testdata.NewDebClientMock() + debClientMock.AddMockResponse(testdata.MockResponse{Error: errors.New("")}) + reporter := Reporter{DebClient: debClientMock, FileWriter: &ioTestData.FileWriterMock{}} + res, err := reporter.generate(orderArgs()) + assert.Error(t, err) + assert.Equal(t, "", res) +} + +func TestDownloadOK(t *testing.T) { + debClientMock := testdata.NewDebClientMock() + debClientMock.AddMockResponse(testdata.MockResponse{StatusCode: http.StatusOK}) + reporter := Reporter{DebClient: debClientMock, FileWriter: &ioTestData.FileWriterMock{}} + res, err := reporter.download("") + assert.NoError(t, err) + assert.NotNil(t, res) +} + +func TestDownloadTooLongQueue(t *testing.T) { + debClientMock := testdata.NewDebClientMock() + debClientMock.AddMockResponse(testdata.MockResponse{StatusCode: http.StatusCreated}) + reporter := Reporter{DebClient: debClientMock, FileWriter: &ioTestData.FileWriterMock{}} + res, err := reporter.download("") + assert.Error(t, err) + assert.Nil(t, res) +} + +func TestDownloadDefaultError(t *testing.T) { + debClientMock := testdata.NewDebClientMock() + debClientMock.AddMockResponse(testdata.MockResponse{StatusCode: http.StatusForbidden}) + reporter := Reporter{DebClient: debClientMock, FileWriter: &ioTestData.FileWriterMock{}} + res, err := reporter.download("") + assert.Error(t, err) + assert.Nil(t, res) +} + +func TestDownloadDefaultGetError(t *testing.T) { + debClientMock := testdata.NewDebClientMock() + debClientMock.AddMockResponse(testdata.MockResponse{Error: errors.New("")}) + reporter := Reporter{DebClient: debClientMock, FileWriter: &ioTestData.FileWriterMock{}} + res, err := reporter.download("") + assert.Error(t, err) + assert.Nil(t, res) +} + +func TestParseURL(t *testing.T) { + testURL := "https://debricked.com/app/en/repository/0/commit/1" + clientMock := testdata.NewDebClientMock() + reporter := Reporter{DebClient: clientMock, FileWriter: &ioTestData.FileWriterMock{}} + repositoryID, commitID, err := reporter.ParseDetailsURL(testURL) + + assert.NoError(t, err) + assert.Equal(t, repositoryID, "0") + assert.Equal(t, commitID, "1") +} + +func TestParseURLFormatErr(t *testing.T) { + testURL := "https://debricked.com/app/en/repository/0" + clientMock := testdata.NewDebClientMock() + reporter := Reporter{DebClient: clientMock, FileWriter: &ioTestData.FileWriterMock{}} + _, _, err := reporter.ParseDetailsURL(testURL) + + assert.Error(t, err) +} + +func TestWriteSBOM(t *testing.T) { + clientMock := testdata.NewDebClientMock() + fileWriter := &ioTestData.FileWriterMock{ + CreateErr: errors.New(""), + } + reporter := Reporter{DebClient: clientMock, FileWriter: fileWriter} + err := reporter.writeSBOM(orderArgs(), nil) + assert.Error(t, err) +} + +func orderArgs() OrderArgs { + return OrderArgs{ + Vulnerabilities: false, + Licenses: false, + Branch: "", + CommitID: "", + RepositoryID: "", + Output: "", + } +} diff --git a/internal/scan/scanner.go b/internal/scan/scanner.go index a49754ef..bfcf7a23 100644 --- a/internal/scan/scanner.go +++ b/internal/scan/scanner.go @@ -15,6 +15,8 @@ import ( "github.com/debricked/cli/internal/file" "github.com/debricked/cli/internal/fingerprint" "github.com/debricked/cli/internal/git" + "github.com/debricked/cli/internal/io" + "github.com/debricked/cli/internal/report/sbom" "github.com/debricked/cli/internal/resolution" "github.com/debricked/cli/internal/tui" "github.com/debricked/cli/internal/upload" @@ -47,6 +49,8 @@ type DebrickedOptions struct { Resolve bool Fingerprint bool CallGraph bool + SBOM string + SBOMOutput string Exclusions []string Inclusions []string Verbose bool @@ -141,6 +145,28 @@ func (dScanner *DebrickedScanner) Scan(o IOptions) error { return nil } +func (dScanner *DebrickedScanner) scanReportSBOM(options DebrickedOptions, detailsURL string) error { + if options.SBOM == "" { + return nil + } + reporter := sbom.Reporter{DebClient: *dScanner.client, FileWriter: io.FileWriter{}} + repositoryID, commitID, err := reporter.ParseDetailsURL(detailsURL) + if err != nil { + + return err + } + + return reporter.Order(sbom.OrderArgs{ + Format: options.SBOM, + RepositoryID: repositoryID, + CommitID: commitID, + Branch: options.BranchName, + Vulnerabilities: true, + Licenses: true, + Output: options.SBOMOutput, + }) +} + func (dScanner *DebrickedScanner) scanResolve(options DebrickedOptions) error { resolveOptions := resolution.DebrickedOptions{ Path: options.Path, @@ -248,6 +274,13 @@ func (dScanner *DebrickedScanner) scan(options DebrickedOptions, gitMetaObject g if err != nil { return nil, err } + err = dScanner.scanReportSBOM( + options, + result.DetailsUrl, + ) + if err != nil { + return nil, err + } return result, nil } diff --git a/internal/scan/scanner_test.go b/internal/scan/scanner_test.go index ea9798cc..cb63963c 100644 --- a/internal/scan/scanner_test.go +++ b/internal/scan/scanner_test.go @@ -88,6 +88,7 @@ func TestScan(t *testing.T) { RepositoryName: repositoryName, CommitName: "commit", Fingerprint: false, + SBOM: "", BranchName: "", CommitAuthor: "", RepositoryUrl: "", @@ -151,6 +152,7 @@ func TestScanWithJsonPath(t *testing.T) { Exclusions: nil, RepositoryName: repositoryName, CommitName: "commit", + SBOM: "", BranchName: "", CommitAuthor: "", RepositoryUrl: "", @@ -757,6 +759,86 @@ func TestScanWithCallgraph(t *testing.T) { assert.Contains(t, cwd, path) } +func TestScanWithSBOMReport(t *testing.T) { + if runtime.GOOS == windowsOS { + t.Skipf("TestScan is skipped due to Windows env") + } + clientMock := testdata.NewDebClientMock() + addMockedFormatsResponse(clientMock, "package\\.json") + addMockedFileUploadResponse(clientMock) + addMockedFinishResponse(clientMock, http.StatusNoContent) + addMockedStatusResponse(clientMock, http.StatusOK, 50) + addMockedStatusResponseWithURL(clientMock) + addMockedSBOMGenerateResponse(clientMock) + addMockedSBOMDownloadResponse(clientMock) + + var finder file.IFinder + finder, _ = file.NewFinder(clientMock, ioFs.FileSystem{}) + var uploader upload.IUploader + uploader, _ = upload.NewUploader(clientMock) + var cis ci.IService = ci.NewService(nil) + var debClient client.IDebClient = clientMock + + scanner := NewDebrickedScanner(&debClient, finder, uploader, cis, nil, nil, nil) + + path := testdataNpm + repositoryName := path + cwd, _ := os.Getwd() + // reset working directory that has been manipulated in scanner.Scan + defer resetWd(t, cwd) + opts := DebrickedOptions{ + Path: path, + Exclusions: nil, + RepositoryName: repositoryName, + CommitName: "commit", + Fingerprint: false, + CallGraph: false, + Resolve: false, + SBOM: "CycloneDX", + BranchName: "", + CommitAuthor: "", + RepositoryUrl: "", + IntegrationName: "", + CallGraphUploadTimeout: 10 * 60, + CallGraphGenerateTimeout: 10 * 60, + } + + rescueStdout := os.Stdout + r, w, _ := os.Pipe() + os.Stdout = w + + err := scanner.Scan(opts) + + _ = w.Close() + output, _ := io.ReadAll(r) + os.Stdout = rescueStdout + + if err != nil { + t.Error("failed to assert that scan ran without errors. Error:", err) + } + + outputAssertions := []string{ + "Working directory: /", + "Successfully uploaded", + "package.json", + "Successfully initialized scan\n", + "Scanning...", + "0% |", + "50% |", + "100% |", + "32m✔", + "0 vulnerabilities found\n\n", + "For full details, visit:", + "Successfully initialized SBOM generation\n", + } + for _, assertion := range outputAssertions { + assert.Contains(t, string(output), assertion) + } + err = os.Remove("13-37.cdx.json") // Remove created "SBOM" + assert.NoError(t, err) + +} + func addMockedFormatsResponse(clientMock *testdata.DebClientMock, regex string) { formats := []file.Format{{ ManifestFileRegex: "", @@ -788,8 +870,33 @@ func addMockedFinishResponse(clientMock *testdata.DebClientMock, statusCode int) func addMockedStatusResponse(clientMock *testdata.DebClientMock, statusCode int, progress int) { finishMockRes := testdata.MockResponse{ - StatusCode: statusCode, - ResponseBody: io.NopCloser(strings.NewReader(fmt.Sprintf(`{"progress": %d}`, progress))), + StatusCode: statusCode, + ResponseBody: io.NopCloser(strings.NewReader( + fmt.Sprintf(`{"progress": %d}`, progress))), + } + clientMock.AddMockUriResponse("/api/1.0/open/ci/upload/status", finishMockRes) +} + +func addMockedSBOMGenerateResponse(clientMock *testdata.DebClientMock) { + finishMockRes := testdata.MockResponse{ + StatusCode: http.StatusOK, + ResponseBody: io.NopCloser(strings.NewReader("{}")), + } + clientMock.AddMockUriResponse("/api/1.0/open/sbom/generate", finishMockRes) +} + +func addMockedSBOMDownloadResponse(clientMock *testdata.DebClientMock) { + finishMockRes := testdata.MockResponse{ + StatusCode: http.StatusOK, + ResponseBody: io.NopCloser(strings.NewReader("{}")), + } + clientMock.AddMockUriResponse("/api/1.0/open/sbom/download", finishMockRes) +} + +func addMockedStatusResponseWithURL(clientMock *testdata.DebClientMock) { + finishMockRes := testdata.MockResponse{ + StatusCode: http.StatusOK, + ResponseBody: io.NopCloser(strings.NewReader(`{"progress": 100,"detailsUrl":"http://localhost:8888/app/en/repository/13/commit/37"}`)), } clientMock.AddMockUriResponse("/api/1.0/open/ci/upload/status", finishMockRes) } diff --git a/internal/wire/cli_container.go b/internal/wire/cli_container.go index f232f16a..fda5ad80 100644 --- a/internal/wire/cli_container.go +++ b/internal/wire/cli_container.go @@ -12,6 +12,7 @@ import ( "github.com/debricked/cli/internal/fingerprint" "github.com/debricked/cli/internal/io" licenseReport "github.com/debricked/cli/internal/report/license" + sbomReport "github.com/debricked/cli/internal/report/sbom" vulnerabilityReport "github.com/debricked/cli/internal/report/vulnerability" "github.com/debricked/cli/internal/resolution" resolutionFile "github.com/debricked/cli/internal/resolution/file" @@ -92,6 +93,7 @@ func (cc *CliContainer) wire() error { cc.licenseReporter = licenseReport.Reporter{DebClient: cc.debClient} cc.vulnerabilityReporter = vulnerabilityReport.Reporter{DebClient: cc.debClient} + cc.sbomReporter = sbomReport.Reporter{DebClient: cc.debClient, FileWriter: io.FileWriter{}} cc.authenticator = auth.NewDebrickedAuthenticator(cc.debClient) return nil @@ -111,6 +113,7 @@ type CliContainer struct { batchFactory resolutionFile.IBatchFactory licenseReporter licenseReport.Reporter vulnerabilityReporter vulnerabilityReport.Reporter + sbomReporter sbomReport.Reporter callgraph callgraph.IGenerator cgScheduler callgraph.IScheduler cgStrategyFactory callgraphStrategy.IFactory @@ -145,6 +148,10 @@ func (cc *CliContainer) VulnerabilityReporter() vulnerabilityReport.Reporter { return cc.vulnerabilityReporter } +func (cc *CliContainer) SBOMReporter() sbomReport.Reporter { + return cc.sbomReporter +} + func (cc *CliContainer) Fingerprinter() fingerprint.IFingerprint { return cc.fingerprinter } diff --git a/scripts/install.sh b/scripts/install.sh index 267048b9..bec535d2 100644 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -8,3 +8,4 @@ version=$(git symbolic-ref -q --short HEAD || git describe --tags --exact-match) ldFlags="-X main.version=${version}" go install -ldflags "${ldFlags}" ./cmd/debricked go generate -v -x ./cmd/debricked +go build -ldflags "${ldFlags}" ./cmd/debricked