Example #1
0
def cb_configserver(button, bdserver, apikey, usecerts):
    global bd

    if button is None:
        raise dash.exceptions.PreventUpdate

    if usecerts == 'INSECURE':
        verify = False
    else:
        verify = True

    bd = Client(
        token=apikey,
        base_url=bdserver,
        timeout=300,
        verify=verify  # TLS certificate verification
    )
    try:
        bd.list_resources()
    except Exception as exc:
        toast = make_connect_toast('Unable to eonnect - {}'.format(str(exc)))
        return True, None, '', '', '', False, toast

    projdf = projs.get_project_data(bd)
    projlabel = "Projects (" + str(len(projdf.index)) + ")"

    return False, projdf.to_dict(
        'records'), projlabel, bdserver, apikey, verify, ''
def main():
    upstream_copyright_data_file='copyright_data.txt'

    parser = argparse.ArgumentParser("Enumerate BOM componets without copyrigth statements. retrieve copyright statements form upstream channel and/or version")
    parser.add_argument("-u", "--base-url", required=True, help="Hub server URL e.g. https://your.blackduck.url")
    parser.add_argument("-t", "--token-file", dest='token_file', required=True, help="containing access token")
    parser.add_argument("-nv", "--no-verify", dest='verify', action='store_false', help="disable TLS certificate verification")
    parser.add_argument("-o", "--outputdir", dest='outputdir', default='outdir', help="disable TLS certificate verification")
    args = parser.parse_args()

    with open(args.token_file, 'r') as tf:
        access_token = tf.readline().strip()

    global bd
    bd = Client(base_url=args.base_url, token=access_token, verify=args.verify, timeout = 60.0)
    outdir=None
    if args.outputdir:
        outdir = args.outputdir
    import os
    if not os.path.exists(outdir):
        os.mkdir(outdir)
    projects = bd.get_resource('projects')
    for project in projects:
        versions = bd.get_resource('versions',project)
        for version in versions:
            codelocations = bd.get_resource('codelocations', version)
            for codelocation in codelocations:
                resources = bd.list_resources(codelocation)
                url = resources['scan-data']
                filename = url.split('/')[6]
                response = bd.session.get(url, stream=True, verify=False)
                print (response.status_code)
                print (response.ok)
                print (url)
                if response.ok:
                    pathname = os.path.join(outdir, filename)
                    with open(pathname, "wb") as f:
                        for data in response.iter_content():
                            f.write(data)
                    print(f"{filename}, {pathname}")
Example #3
0
    if v['versionName'] == args.version_name
]
assert len(
    versions
) == 1, f"There should be one, and only one version named {args.version_name}. We found {len(versions)}"
version = versions[0]

logging.debug(f"Found {project['name']}:{version['versionName']}")

reports_l = args.reports.split(",")
reports_l = [version_name_map[r.lower()] for r in reports_l]

post_data = {
    'categories': reports_l,
    'versionId': version['_meta']['href'].split("/")[-1],
    'reportType': 'VERSION',
    'reportFormat': "CSV"
}
version_reports_url = bd.list_resources(version).get('versionReport')
assert version_reports_url, "Ruh-roh, a version should always have a versionReport resource under it"

r = bd.session.post(version_reports_url, json=post_data)
r.raise_for_status()
location = r.headers.get('Location')
assert location, "Hmm, this does not make sense. If we successfully created a report then there needs to be a location where we can get it from"

logging.debug(
    f"Created version details report for project {args.project_name}, version {args.version_name} at location {location}"
)
download_report(bd, location, args.zip_file_name)
Example #4
0
from blackduck.Authentication import CookieAuth

import argparse
import logging
from pprint import pprint

logging.basicConfig(
    level=logging.DEBUG,
    format="[%(asctime)s] {%(module)s:%(lineno)d} %(levelname)s - %(message)s")

parser = argparse.ArgumentParser()
parser.add_argument("--base-url",
                    required=True,
                    help="Hub server URL e.g. https://your.blackduck.url")
parser.add_argument("--username", required=True, help="Hub user")
parser.add_argument("--password", required=True, help="Hub user")
parser.add_argument("--no-verify",
                    dest='verify',
                    action='store_false',
                    help="disable TLS certificate verification")
args = parser.parse_args()

verify = args.verify
base_url = args.base_url
session = HubSession(base_url, timeout=15.0, retries=3, verify=verify)
auth = CookieAuth(session, username=args.username, password=args.password)

bd = Client(base_url=base_url, session=session, auth=auth, verify=verify)

pprint(bd.list_resources())
logging.debug(f"Found {project['name']}:{version['versionName']}")

all_bom_component_vulns = []

for bom_component_vuln in bd.get_resource('vulnerable-components', version):
    vuln_name = bom_component_vuln['vulnerabilityWithRemediation'][
        'vulnerabilityName']
    vuln_source = bom_component_vuln['vulnerabilityWithRemediation']['source']
    upgrade_guidance = bd.get_json(
        f"{bom_component_vuln['componentVersion']}/upgrade-guidance")
    bom_component_vuln['upgrade_guidance'] = upgrade_guidance

    vuln_details = bd.get_json(f"/api/vulnerabilities/{vuln_name}")
    bom_component_vuln['vulnerability_details'] = vuln_details

    if 'related-vulnerability' in bd.list_resources(vuln_details):
        related_vuln = bd.get_resource("related-vulnerability",
                                       vuln_details,
                                       items=False)
    else:
        related_vuln = None
    bom_component_vuln['related_vulnerability'] = related_vuln
    all_bom_component_vulns.append(bom_component_vuln)

if args.csv_file:
    '''Note: See the BD API doc and in particular .../api-doc/public.html#_bom_vulnerability_endpoints
        for a complete list of the fields available. The below code shows a subset of them just to
        illustrate how to write out the data into a CSV format.
    '''
    logging.info(
        f"Exporting {len(all_bom_component_vulns)} records to CSV file {args.csv_file}"
                    help="Hub server URL e.g. https://your.blackduck.url")
parser.add_argument("--token-file",
                    dest='token_file',
                    required=True,
                    help="containing access token")
parser.add_argument("--no-verify",
                    dest='verify',
                    action='store_false',
                    help="disable TLS certificate verification")
args = parser.parse_args()

with open(args.token_file, 'r') as tf:
    access_token = tf.readline().strip()

bd = Client(base_url=args.base_url, token=access_token, verify=args.verify)

for project in bd.get_resource('projects'):
    print(f"Project: {project['name']}")
    print("Project list_resources():")
    pprint(bd.list_resources(project))
    for version in bd.get_resource('versions', project):
        print(f"Version: {version['versionName']}")
        for bom_component in bd.get_resource('components', version):
            print(
                f"BOM component: {bom_component['componentName']}:{bom_component['componentVersionName']}"
            )
        # print(f"Version list_resources():")
        # pprint(bd.list_resources(version))
        # print("Exiting after printing first project and version")
        # quit(0)
try:
    r = bd.session.post("/api/projects", json=project_data)
    r.raise_for_status()
    print(f"created project {r.links['project']['url']}")
except requests.HTTPError as err:
    # more fine grained error handling here; otherwise:
    bd.http_error_handler(err)

# GET
params = {
    'q': [f"name:{project_name}"]
}
project_url = None
for project in bd.get_items("/api/projects", params=params):
    if project['name'] == project_name:
        project_url = bd.list_resources(project)['href']
        print(f"project url: {project_url}")

# PUT
project_data = {
    'name': project_name,
    'description': "a different description"
}

try:
    r = bd.session.put(project_url, json=project_data)
    r.raise_for_status()
    print("updated project")
except requests.HTTPError as err:
    bd.http_error_handler(err)