def cb_configserver(button, bdserver, apikey, usecerts):
global bd
if button is None:
raise dash.exceptions.PreventUpdate
if usecerts == 'INSECURE':
verify = False
else:
verify = True
bd = Client(
token=apikey,
base_url=bdserver,
timeout=300,
verify=verify # TLS certificate verification
)
try:
bd.list_resources()
except Exception as exc:
toast = make_connect_toast('Unable to eonnect - {}'.format(str(exc)))
return True, None, '', '', '', False, toast
projdf = projs.get_project_data(bd)
projlabel = "Projects (" + str(len(projdf.index)) + ")"
return False, projdf.to_dict(
'records'), projlabel, bdserver, apikey, verify, ''
def main():
upstream_copyright_data_file='copyright_data.txt'
parser = argparse.ArgumentParser("Enumerate BOM componets without copyrigth statements. retrieve copyright statements form upstream channel and/or version")
parser.add_argument("-u", "--base-url", required=True, help="Hub server URL e.g. https://your.blackduck.url")
parser.add_argument("-t", "--token-file", dest='token_file', required=True, help="containing access token")
parser.add_argument("-nv", "--no-verify", dest='verify', action='store_false', help="disable TLS certificate verification")
parser.add_argument("-o", "--outputdir", dest='outputdir', default='outdir', help="disable TLS certificate verification")
args = parser.parse_args()
with open(args.token_file, 'r') as tf:
access_token = tf.readline().strip()
global bd
bd = Client(base_url=args.base_url, token=access_token, verify=args.verify, timeout = 60.0)
outdir=None
if args.outputdir:
outdir = args.outputdir
import os
if not os.path.exists(outdir):
os.mkdir(outdir)
projects = bd.get_resource('projects')
for project in projects:
versions = bd.get_resource('versions',project)
for version in versions:
codelocations = bd.get_resource('codelocations', version)
for codelocation in codelocations:
resources = bd.list_resources(codelocation)
url = resources['scan-data']
filename = url.split('/')[6]
response = bd.session.get(url, stream=True, verify=False)
print (response.status_code)
print (response.ok)
print (url)
if response.ok:
pathname = os.path.join(outdir, filename)
with open(pathname, "wb") as f:
for data in response.iter_content():
f.write(data)
print(f"{filename}, {pathname}")
if v['versionName'] == args.version_name
]
assert len(
versions
) == 1, f"There should be one, and only one version named {args.version_name}. We found {len(versions)}"
version = versions[0]
logging.debug(f"Found {project['name']}:{version['versionName']}")
reports_l = args.reports.split(",")
reports_l = [version_name_map[r.lower()] for r in reports_l]
post_data = {
'categories': reports_l,
'versionId': version['_meta']['href'].split("/")[-1],
'reportType': 'VERSION',
'reportFormat': "CSV"
}
version_reports_url = bd.list_resources(version).get('versionReport')
assert version_reports_url, "Ruh-roh, a version should always have a versionReport resource under it"
r = bd.session.post(version_reports_url, json=post_data)
r.raise_for_status()
location = r.headers.get('Location')
assert location, "Hmm, this does not make sense. If we successfully created a report then there needs to be a location where we can get it from"
logging.debug(
f"Created version details report for project {args.project_name}, version {args.version_name} at location {location}"
)
download_report(bd, location, args.zip_file_name)
from blackduck.Authentication import CookieAuth
import argparse
import logging
from pprint import pprint
logging.basicConfig(
level=logging.DEBUG,
format="[%(asctime)s] {%(module)s:%(lineno)d} %(levelname)s - %(message)s")
parser = argparse.ArgumentParser()
parser.add_argument("--base-url",
required=True,
help="Hub server URL e.g. https://your.blackduck.url")
parser.add_argument("--username", required=True, help="Hub user")
parser.add_argument("--password", required=True, help="Hub user")
parser.add_argument("--no-verify",
dest='verify',
action='store_false',
help="disable TLS certificate verification")
args = parser.parse_args()
verify = args.verify
base_url = args.base_url
session = HubSession(base_url, timeout=15.0, retries=3, verify=verify)
auth = CookieAuth(session, username=args.username, password=args.password)
bd = Client(base_url=base_url, session=session, auth=auth, verify=verify)
pprint(bd.list_resources())
logging.debug(f"Found {project['name']}:{version['versionName']}")
all_bom_component_vulns = []
for bom_component_vuln in bd.get_resource('vulnerable-components', version):
vuln_name = bom_component_vuln['vulnerabilityWithRemediation'][
'vulnerabilityName']
vuln_source = bom_component_vuln['vulnerabilityWithRemediation']['source']
upgrade_guidance = bd.get_json(
f"{bom_component_vuln['componentVersion']}/upgrade-guidance")
bom_component_vuln['upgrade_guidance'] = upgrade_guidance
vuln_details = bd.get_json(f"/api/vulnerabilities/{vuln_name}")
bom_component_vuln['vulnerability_details'] = vuln_details
if 'related-vulnerability' in bd.list_resources(vuln_details):
related_vuln = bd.get_resource("related-vulnerability",
vuln_details,
items=False)
else:
related_vuln = None
bom_component_vuln['related_vulnerability'] = related_vuln
all_bom_component_vulns.append(bom_component_vuln)
if args.csv_file:
'''Note: See the BD API doc and in particular .../api-doc/public.html#_bom_vulnerability_endpoints
for a complete list of the fields available. The below code shows a subset of them just to
illustrate how to write out the data into a CSV format.
'''
logging.info(
f"Exporting {len(all_bom_component_vulns)} records to CSV file {args.csv_file}"
help="Hub server URL e.g. https://your.blackduck.url")
parser.add_argument("--token-file",
dest='token_file',
required=True,
help="containing access token")
parser.add_argument("--no-verify",
dest='verify',
action='store_false',
help="disable TLS certificate verification")
args = parser.parse_args()
with open(args.token_file, 'r') as tf:
access_token = tf.readline().strip()
bd = Client(base_url=args.base_url, token=access_token, verify=args.verify)
for project in bd.get_resource('projects'):
print(f"Project: {project['name']}")
print("Project list_resources():")
pprint(bd.list_resources(project))
for version in bd.get_resource('versions', project):
print(f"Version: {version['versionName']}")
for bom_component in bd.get_resource('components', version):
print(
f"BOM component: {bom_component['componentName']}:{bom_component['componentVersionName']}"
)
# print(f"Version list_resources():")
# pprint(bd.list_resources(version))
# print("Exiting after printing first project and version")
# quit(0)
try:
r = bd.session.post("/api/projects", json=project_data)
r.raise_for_status()
print(f"created project {r.links['project']['url']}")
except requests.HTTPError as err:
# more fine grained error handling here; otherwise:
bd.http_error_handler(err)
# GET
params = {
'q': [f"name:{project_name}"]
}
project_url = None
for project in bd.get_items("/api/projects", params=params):
if project['name'] == project_name:
project_url = bd.list_resources(project)['href']
print(f"project url: {project_url}")
# PUT
project_data = {
'name': project_name,
'description': "a different description"
}
try:
r = bd.session.put(project_url, json=project_data)
r.raise_for_status()
print("updated project")
except requests.HTTPError as err:
bd.http_error_handler(err)