@backstage-community/plugin-blackduck-backend 0.0.7 → 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,22 @@
|
|
|
1
1
|
# @backstage-community/plugin-blackduck-backend
|
|
2
2
|
|
|
3
|
+
## 0.1.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- a1470d8: Backstage version bump to v1.34.1
|
|
8
|
+
|
|
9
|
+
### Patch Changes
|
|
10
|
+
|
|
11
|
+
- Updated dependencies [a1470d8]
|
|
12
|
+
- @backstage-community/plugin-blackduck-common@0.1.0
|
|
13
|
+
|
|
14
|
+
## 0.0.8
|
|
15
|
+
|
|
16
|
+
### Patch Changes
|
|
17
|
+
|
|
18
|
+
- ca201c4: Deprecated `createRouter` and its router options in favour of the new backend system.
|
|
19
|
+
|
|
3
20
|
## 0.0.7
|
|
4
21
|
|
|
5
22
|
### Patch Changes
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BlackDuckRestApi.cjs.js","sources":["../../src/api/BlackDuckRestApi.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { LoggerService } from '@backstage/backend-plugin-api';\nimport {\n BD_REST_API_RESPONSE,\n BD_PROJECT_DETAIL,\n BD_VERISON_DETAIL,\n BD_VERSIONS_API_RESPONSE,\n BD_PROJECTS_API_RESPONSE,\n} from '@backstage-community/plugin-blackduck-common';\n\nexport class BlackDuckRestApi {\n private _bearer: string;\n private _limit: number;\n public constructor(\n private readonly logger: LoggerService,\n private readonly host: string,\n private readonly token: string,\n ) {\n this._bearer = '';\n this._limit = 1000;\n }\n\n public async auth() {\n try {\n const auth = await fetch(`${this.host}/tokens/authenticate`, {\n method: 'POST',\n headers: {\n Authorization: `token ${this.token}`,\n Accept: 'application/vnd.blackducksoftware.user-4+json',\n 'Content-Type': 'application/json',\n },\n });\n const token = await auth.json();\n this.logger.info('Auth Successfull');\n this._bearer = token.bearerToken;\n return token.bearerToken;\n } catch (error) {\n throw error;\n }\n }\n public async getProjects(name: string): Promise<BD_REST_API_RESPONSE> {\n const projects = await fetch(\n `${this.host}/projects?limit=999&q=name:${name}`,\n {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${this._bearer}`,\n Accept: 'application/vnd.blackducksoftware.project-detail-4+json',\n 'Content-Type': 'application/json',\n },\n },\n );\n this.logger.debug('Retrived Projects!!');\n return projects.json();\n }\n\n public async getVersions(\n projectUrl: string,\n versionName: string,\n ): Promise<BD_VERSIONS_API_RESPONSE> {\n const versions = await fetch(\n `${projectUrl}/versions?limit=999&q=versionName:${versionName}`,\n {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${this._bearer}`,\n Accept: 'application/vnd.blackducksoftware.project-detail-5+json',\n 'Content-Type': 'application/json',\n },\n },\n );\n this.logger.debug('Retrived Versions!!');\n return versions.json();\n }\n\n public async getProjectVersionDetails(\n projectName: string,\n projectVersion: string,\n ) {\n let projectDetail: BD_PROJECT_DETAIL | any;\n let versionDetail: BD_VERISON_DETAIL | any;\n const projects: BD_PROJECTS_API_RESPONSE = await this.getProjects(\n projectName,\n );\n projects.items.forEach((item: any) => {\n if (item.name === projectName) {\n projectDetail = item;\n }\n });\n if (projectDetail === undefined) {\n this.logger.error('Provide full project name');\n }\n this.logger.debug(`Fetched Project : ${projectName} details`);\n const versions: BD_VERSIONS_API_RESPONSE = await this.getVersions(\n projectDetail._meta.href,\n projectVersion,\n );\n versions.items.forEach((item: any) => {\n if (item.versionName === projectVersion) {\n versionDetail = item;\n }\n });\n if (versionDetail === undefined) {\n this.logger.error('Provide full version name');\n }\n this.logger.debug(\n `Fetched Project : ${projectName}, Version: ${projectVersion} details`,\n );\n\n return versionDetail;\n }\n\n public async getVulnerableComponents(\n projectName: string,\n projectVersion: string,\n ) {\n const versionDetail = await this.getProjectVersionDetails(\n projectName,\n projectVersion,\n );\n const vuln_url = `${versionDetail._meta.href}/vulnerable-bom-components?limit=${this._limit}`;\n const vulns: any = await fetch(vuln_url, {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${this._bearer}`,\n Accept: 'application/vnd.blackducksoftware.bill-of-materials-6+json',\n 'Content-Type': 'application/json',\n },\n });\n this.logger.debug(\n `Fetched Project : ${projectName}, Version: ${projectVersion} Vulnerable Components`,\n );\n return vulns.json();\n }\n\n public async getRiskProfile(projectName: string, projectVersion: string) {\n const versionDetail = await this.getProjectVersionDetails(\n projectName,\n projectVersion,\n );\n const risk_profile_url = `${versionDetail._meta.href}/risk-profile`;\n const risk_profile: any = await fetch(risk_profile_url, {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${this._bearer}`,\n // Accept: 'application/vnd.blackducksoftware.component-detail-5+json',\n 'Content-Type': 'application/json',\n },\n });\n this.logger.debug(\n `Fetched Project : ${projectName}, Version: ${projectVersion} risk profile`,\n );\n return risk_profile.json();\n }\n}\n"],"names":[],"mappings":";;AAwBO,MAAM,gBAAiB,CAAA;AAAA,EAGrB,WAAA,CACY,MACA,EAAA,IAAA,EACA,KACjB,EAAA;AAHiB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA
|
|
1
|
+
{"version":3,"file":"BlackDuckRestApi.cjs.js","sources":["../../src/api/BlackDuckRestApi.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { LoggerService } from '@backstage/backend-plugin-api';\nimport {\n BD_REST_API_RESPONSE,\n BD_PROJECT_DETAIL,\n BD_VERISON_DETAIL,\n BD_VERSIONS_API_RESPONSE,\n BD_PROJECTS_API_RESPONSE,\n} from '@backstage-community/plugin-blackduck-common';\n\nexport class BlackDuckRestApi {\n private _bearer: string;\n private _limit: number;\n public constructor(\n private readonly logger: LoggerService,\n private readonly host: string,\n private readonly token: string,\n ) {\n this._bearer = '';\n this._limit = 1000;\n }\n\n public async auth() {\n try {\n const auth = await fetch(`${this.host}/tokens/authenticate`, {\n method: 'POST',\n headers: {\n Authorization: `token ${this.token}`,\n Accept: 'application/vnd.blackducksoftware.user-4+json',\n 'Content-Type': 'application/json',\n },\n });\n const token = await auth.json();\n this.logger.info('Auth Successfull');\n this._bearer = token.bearerToken;\n return token.bearerToken;\n } catch (error) {\n throw error;\n }\n }\n public async getProjects(name: string): Promise<BD_REST_API_RESPONSE> {\n const projects = await fetch(\n `${this.host}/projects?limit=999&q=name:${name}`,\n {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${this._bearer}`,\n Accept: 'application/vnd.blackducksoftware.project-detail-4+json',\n 'Content-Type': 'application/json',\n },\n },\n );\n this.logger.debug('Retrived Projects!!');\n return projects.json();\n }\n\n public async getVersions(\n projectUrl: string,\n versionName: string,\n ): Promise<BD_VERSIONS_API_RESPONSE> {\n const versions = await fetch(\n `${projectUrl}/versions?limit=999&q=versionName:${versionName}`,\n {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${this._bearer}`,\n Accept: 'application/vnd.blackducksoftware.project-detail-5+json',\n 'Content-Type': 'application/json',\n },\n },\n );\n this.logger.debug('Retrived Versions!!');\n return versions.json();\n }\n\n public async getProjectVersionDetails(\n projectName: string,\n projectVersion: string,\n ) {\n let projectDetail: BD_PROJECT_DETAIL | any;\n let versionDetail: BD_VERISON_DETAIL | any;\n const projects: BD_PROJECTS_API_RESPONSE = await this.getProjects(\n projectName,\n );\n projects.items.forEach((item: any) => {\n if (item.name === projectName) {\n projectDetail = item;\n }\n });\n if (projectDetail === undefined) {\n this.logger.error('Provide full project name');\n }\n this.logger.debug(`Fetched Project : ${projectName} details`);\n const versions: BD_VERSIONS_API_RESPONSE = await this.getVersions(\n projectDetail._meta.href,\n projectVersion,\n );\n versions.items.forEach((item: any) => {\n if (item.versionName === projectVersion) {\n versionDetail = item;\n }\n });\n if (versionDetail === undefined) {\n this.logger.error('Provide full version name');\n }\n this.logger.debug(\n `Fetched Project : ${projectName}, Version: ${projectVersion} details`,\n );\n\n return versionDetail;\n }\n\n public async getVulnerableComponents(\n projectName: string,\n projectVersion: string,\n ) {\n const versionDetail = await this.getProjectVersionDetails(\n projectName,\n projectVersion,\n );\n const vuln_url = `${versionDetail._meta.href}/vulnerable-bom-components?limit=${this._limit}`;\n const vulns: any = await fetch(vuln_url, {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${this._bearer}`,\n Accept: 'application/vnd.blackducksoftware.bill-of-materials-6+json',\n 'Content-Type': 'application/json',\n },\n });\n this.logger.debug(\n `Fetched Project : ${projectName}, Version: ${projectVersion} Vulnerable Components`,\n );\n return vulns.json();\n }\n\n public async getRiskProfile(projectName: string, projectVersion: string) {\n const versionDetail = await this.getProjectVersionDetails(\n projectName,\n projectVersion,\n );\n const risk_profile_url = `${versionDetail._meta.href}/risk-profile`;\n const risk_profile: any = await fetch(risk_profile_url, {\n method: 'GET',\n headers: {\n Authorization: `Bearer ${this._bearer}`,\n // Accept: 'application/vnd.blackducksoftware.component-detail-5+json',\n 'Content-Type': 'application/json',\n },\n });\n this.logger.debug(\n `Fetched Project : ${projectName}, Version: ${projectVersion} risk profile`,\n );\n return risk_profile.json();\n }\n}\n"],"names":[],"mappings":";;AAwBO,MAAM,gBAAiB,CAAA;AAAA,EAGrB,WAAA,CACY,MACA,EAAA,IAAA,EACA,KACjB,EAAA;AAHiB,IAAA,IAAA,CAAA,MAAA,GAAA,MAAA;AACA,IAAA,IAAA,CAAA,IAAA,GAAA,IAAA;AACA,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AAEjB,IAAA,IAAA,CAAK,OAAU,GAAA,EAAA;AACf,IAAA,IAAA,CAAK,MAAS,GAAA,GAAA;AAAA;AAChB,EATQ,OAAA;AAAA,EACA,MAAA;AAAA,EAUR,MAAa,IAAO,GAAA;AAClB,IAAI,IAAA;AACF,MAAA,MAAM,OAAO,MAAM,KAAA,CAAM,CAAG,EAAA,IAAA,CAAK,IAAI,CAAwB,oBAAA,CAAA,EAAA;AAAA,QAC3D,MAAQ,EAAA,MAAA;AAAA,QACR,OAAS,EAAA;AAAA,UACP,aAAA,EAAe,CAAS,MAAA,EAAA,IAAA,CAAK,KAAK,CAAA,CAAA;AAAA,UAClC,MAAQ,EAAA,+CAAA;AAAA,UACR,cAAgB,EAAA;AAAA;AAClB,OACD,CAAA;AACD,MAAM,MAAA,KAAA,GAAQ,MAAM,IAAA,CAAK,IAAK,EAAA;AAC9B,MAAK,IAAA,CAAA,MAAA,CAAO,KAAK,kBAAkB,CAAA;AACnC,MAAA,IAAA,CAAK,UAAU,KAAM,CAAA,WAAA;AACrB,MAAA,OAAO,KAAM,CAAA,WAAA;AAAA,aACN,KAAO,EAAA;AACd,MAAM,MAAA,KAAA;AAAA;AACR;AACF,EACA,MAAa,YAAY,IAA6C,EAAA;AACpE,IAAA,MAAM,WAAW,MAAM,KAAA;AAAA,MACrB,CAAG,EAAA,IAAA,CAAK,IAAI,CAAA,2BAAA,EAA8B,IAAI,CAAA,CAAA;AAAA,MAC9C;AAAA,QACE,MAAQ,EAAA,KAAA;AAAA,QACR,OAAS,EAAA;AAAA,UACP,aAAA,EAAe,CAAU,OAAA,EAAA,IAAA,CAAK,OAAO,CAAA,CAAA;AAAA,UACrC,MAAQ,EAAA,yDAAA;AAAA,UACR,cAAgB,EAAA;AAAA;AAClB;AACF,KACF;AACA,IAAK,IAAA,CAAA,MAAA,CAAO,MAAM,qBAAqB,CAAA;AACvC,IAAA,OAAO,SAAS,IAAK,EAAA;AAAA;AACvB,EAEA,MAAa,WACX,CAAA,UAAA,EACA,WACmC,EAAA;AACnC,IAAA,MAAM,WAAW,MAAM,KAAA;AAAA,MACrB,CAAA,EAAG,UAAU,CAAA,kCAAA,EAAqC,WAAW,CAAA,CAAA;AAAA,MAC7D;AAAA,QACE,MAAQ,EAAA,KAAA;AAAA,QACR,OAAS,EAAA;AAAA,UACP,aAAA,EAAe,CAAU,OAAA,EAAA,IAAA,CAAK,OAAO,CAAA,CAAA;AAAA,UACrC,MAAQ,EAAA,yDAAA;AAAA,UACR,cAAgB,EAAA;AAAA;AAClB;AACF,KACF;AACA,IAAK,IAAA,CAAA,MAAA,CAAO,MAAM,qBAAqB,CAAA;AACvC,IAAA,OAAO,SAAS,IAAK,EAAA;AAAA;AACvB,EAEA,MAAa,wBACX,CAAA,WAAA,EACA,cACA,EAAA;AACA,IAAI,IAAA,aAAA;AACJ,IAAI,IAAA,aAAA;AACJ,IAAM,MAAA,QAAA,GAAqC,MAAM,IAAK,CAAA,WAAA;AAAA,MACpD;AAAA,KACF;AACA,IAAS,QAAA,CAAA,KAAA,CAAM,OAAQ,CAAA,CAAC,IAAc,KAAA;AACpC,MAAI,IAAA,IAAA,CAAK,SAAS,WAAa,EAAA;AAC7B,QAAgB,aAAA,GAAA,IAAA;AAAA;AAClB,KACD,CAAA;AACD,IAAA,IAAI,kBAAkB,KAAW,CAAA,EAAA;AAC/B,MAAK,IAAA,CAAA,MAAA,CAAO,MAAM,2BAA2B,CAAA;AAAA;AAE/C,IAAA,IAAA,CAAK,MAAO,CAAA,KAAA,CAAM,CAAqB,kBAAA,EAAA,WAAW,CAAU,QAAA,CAAA,CAAA;AAC5D,IAAM,MAAA,QAAA,GAAqC,MAAM,IAAK,CAAA,WAAA;AAAA,MACpD,cAAc,KAAM,CAAA,IAAA;AAAA,MACpB;AAAA,KACF;AACA,IAAS,QAAA,CAAA,KAAA,CAAM,OAAQ,CAAA,CAAC,IAAc,KAAA;AACpC,MAAI,IAAA,IAAA,CAAK,gBAAgB,cAAgB,EAAA;AACvC,QAAgB,aAAA,GAAA,IAAA;AAAA;AAClB,KACD,CAAA;AACD,IAAA,IAAI,kBAAkB,KAAW,CAAA,EAAA;AAC/B,MAAK,IAAA,CAAA,MAAA,CAAO,MAAM,2BAA2B,CAAA;AAAA;AAE/C,IAAA,IAAA,CAAK,MAAO,CAAA,KAAA;AAAA,MACV,CAAA,kBAAA,EAAqB,WAAW,CAAA,WAAA,EAAc,cAAc,CAAA,QAAA;AAAA,KAC9D;AAEA,IAAO,OAAA,aAAA;AAAA;AACT,EAEA,MAAa,uBACX,CAAA,WAAA,EACA,cACA,EAAA;AACA,IAAM,MAAA,aAAA,GAAgB,MAAM,IAAK,CAAA,wBAAA;AAAA,MAC/B,WAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,MAAM,WAAW,CAAG,EAAA,aAAA,CAAc,MAAM,IAAI,CAAA,iCAAA,EAAoC,KAAK,MAAM,CAAA,CAAA;AAC3F,IAAM,MAAA,KAAA,GAAa,MAAM,KAAA,CAAM,QAAU,EAAA;AAAA,MACvC,MAAQ,EAAA,KAAA;AAAA,MACR,OAAS,EAAA;AAAA,QACP,aAAA,EAAe,CAAU,OAAA,EAAA,IAAA,CAAK,OAAO,CAAA,CAAA;AAAA,QACrC,MAAQ,EAAA,4DAAA;AAAA,QACR,cAAgB,EAAA;AAAA;AAClB,KACD,CAAA;AACD,IAAA,IAAA,CAAK,MAAO,CAAA,KAAA;AAAA,MACV,CAAA,kBAAA,EAAqB,WAAW,CAAA,WAAA,EAAc,cAAc,CAAA,sBAAA;AAAA,KAC9D;AACA,IAAA,OAAO,MAAM,IAAK,EAAA;AAAA;AACpB,EAEA,MAAa,cAAe,CAAA,WAAA,EAAqB,cAAwB,EAAA;AACvE,IAAM,MAAA,aAAA,GAAgB,MAAM,IAAK,CAAA,wBAAA;AAAA,MAC/B,WAAA;AAAA,MACA;AAAA,KACF;AACA,IAAA,MAAM,gBAAmB,GAAA,CAAA,EAAG,aAAc,CAAA,KAAA,CAAM,IAAI,CAAA,aAAA,CAAA;AACpD,IAAM,MAAA,YAAA,GAAoB,MAAM,KAAA,CAAM,gBAAkB,EAAA;AAAA,MACtD,MAAQ,EAAA,KAAA;AAAA,MACR,OAAS,EAAA;AAAA,QACP,aAAA,EAAe,CAAU,OAAA,EAAA,IAAA,CAAK,OAAO,CAAA,CAAA;AAAA;AAAA,QAErC,cAAgB,EAAA;AAAA;AAClB,KACD,CAAA;AACD,IAAA,IAAA,CAAK,MAAO,CAAA,KAAA;AAAA,MACV,CAAA,kBAAA,EAAqB,WAAW,CAAA,WAAA,EAAc,cAAc,CAAA,aAAA;AAAA,KAC9D;AACA,IAAA,OAAO,aAAa,IAAK,EAAA;AAAA;AAE7B;;;;"}
|
package/dist/index.d.ts
CHANGED
|
@@ -24,7 +24,10 @@ declare class BlackDuckConfig {
|
|
|
24
24
|
getHostConfigByName(name: string): BlackDuckHostConfig;
|
|
25
25
|
}
|
|
26
26
|
|
|
27
|
-
/**
|
|
27
|
+
/**
|
|
28
|
+
* @deprecated Please migrate to the new backend system as this will be removed in the future.
|
|
29
|
+
*
|
|
30
|
+
* @public */
|
|
28
31
|
interface RouterOptions {
|
|
29
32
|
logger: LoggerService;
|
|
30
33
|
config: Config;
|
|
@@ -33,7 +36,10 @@ interface RouterOptions {
|
|
|
33
36
|
httpAuth?: HttpAuthService;
|
|
34
37
|
blackDuckConfig: BlackDuckConfig;
|
|
35
38
|
}
|
|
36
|
-
/**
|
|
39
|
+
/**
|
|
40
|
+
* @deprecated Please migrate to the new backend system as this will be removed in the future.
|
|
41
|
+
*
|
|
42
|
+
* @public */
|
|
37
43
|
declare function createRouter(options: RouterOptions): Promise<express.Router>;
|
|
38
44
|
|
|
39
45
|
/**
|
package/dist/plugin.cjs.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"plugin.cjs.js","sources":["../src/plugin.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n coreServices,\n createBackendPlugin,\n} from '@backstage/backend-plugin-api';\nimport { BlackDuckConfig } from './service/BlackDuckConfig';\nimport { createRouter } from './service/router';\n\n/**\n * blackduckPlugin backend plugin\n *\n * @public\n */\nexport const blackduckPlugin = createBackendPlugin({\n pluginId: 'blackduck',\n register(env) {\n env.registerInit({\n deps: {\n httpRouter: coreServices.httpRouter,\n logger: coreServices.logger,\n config: coreServices.rootConfig,\n permissions: coreServices.permissions,\n discovery: coreServices.discovery,\n httpAuth: coreServices.httpAuth,\n },\n async init({\n httpRouter,\n logger,\n config,\n permissions,\n discovery,\n httpAuth,\n }) {\n httpRouter.use(\n await createRouter({\n logger,\n config,\n permissions,\n discovery,\n httpAuth,\n blackDuckConfig: BlackDuckConfig.fromConfig(config),\n }),\n );\n httpRouter.addAuthPolicy({\n path: '/health',\n allow: 'unauthenticated',\n });\n },\n });\n },\n});\n"],"names":["createBackendPlugin","coreServices","createRouter","BlackDuckConfig"],"mappings":";;;;;;AA2BO,MAAM,kBAAkBA,oCAAoB,CAAA;AAAA,EACjD,QAAU,EAAA,WAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,YAAYC,6BAAa,CAAA,UAAA;AAAA,QACzB,QAAQA,6BAAa,CAAA,MAAA;AAAA,QACrB,QAAQA,6BAAa,CAAA,UAAA;AAAA,QACrB,aAAaA,6BAAa,CAAA,WAAA;AAAA,QAC1B,WAAWA,6BAAa,CAAA,SAAA;AAAA,QACxB,UAAUA,6BAAa,CAAA
|
|
1
|
+
{"version":3,"file":"plugin.cjs.js","sources":["../src/plugin.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport {\n coreServices,\n createBackendPlugin,\n} from '@backstage/backend-plugin-api';\nimport { BlackDuckConfig } from './service/BlackDuckConfig';\nimport { createRouter } from './service/router';\n\n/**\n * blackduckPlugin backend plugin\n *\n * @public\n */\nexport const blackduckPlugin = createBackendPlugin({\n pluginId: 'blackduck',\n register(env) {\n env.registerInit({\n deps: {\n httpRouter: coreServices.httpRouter,\n logger: coreServices.logger,\n config: coreServices.rootConfig,\n permissions: coreServices.permissions,\n discovery: coreServices.discovery,\n httpAuth: coreServices.httpAuth,\n },\n async init({\n httpRouter,\n logger,\n config,\n permissions,\n discovery,\n httpAuth,\n }) {\n httpRouter.use(\n await createRouter({\n logger,\n config,\n permissions,\n discovery,\n httpAuth,\n blackDuckConfig: BlackDuckConfig.fromConfig(config),\n }),\n );\n httpRouter.addAuthPolicy({\n path: '/health',\n allow: 'unauthenticated',\n });\n },\n });\n },\n});\n"],"names":["createBackendPlugin","coreServices","createRouter","BlackDuckConfig"],"mappings":";;;;;;AA2BO,MAAM,kBAAkBA,oCAAoB,CAAA;AAAA,EACjD,QAAU,EAAA,WAAA;AAAA,EACV,SAAS,GAAK,EAAA;AACZ,IAAA,GAAA,CAAI,YAAa,CAAA;AAAA,MACf,IAAM,EAAA;AAAA,QACJ,YAAYC,6BAAa,CAAA,UAAA;AAAA,QACzB,QAAQA,6BAAa,CAAA,MAAA;AAAA,QACrB,QAAQA,6BAAa,CAAA,UAAA;AAAA,QACrB,aAAaA,6BAAa,CAAA,WAAA;AAAA,QAC1B,WAAWA,6BAAa,CAAA,SAAA;AAAA,QACxB,UAAUA,6BAAa,CAAA;AAAA,OACzB;AAAA,MACA,MAAM,IAAK,CAAA;AAAA,QACT,UAAA;AAAA,QACA,MAAA;AAAA,QACA,MAAA;AAAA,QACA,WAAA;AAAA,QACA,SAAA;AAAA,QACA;AAAA,OACC,EAAA;AACD,QAAW,UAAA,CAAA,GAAA;AAAA,UACT,MAAMC,mBAAa,CAAA;AAAA,YACjB,MAAA;AAAA,YACA,MAAA;AAAA,YACA,WAAA;AAAA,YACA,SAAA;AAAA,YACA,QAAA;AAAA,YACA,eAAA,EAAiBC,+BAAgB,CAAA,UAAA,CAAW,MAAM;AAAA,WACnD;AAAA,SACH;AACA,QAAA,UAAA,CAAW,aAAc,CAAA;AAAA,UACvB,IAAM,EAAA,SAAA;AAAA,UACN,KAAO,EAAA;AAAA,SACR,CAAA;AAAA;AACH,KACD,CAAA;AAAA;AAEL,CAAC;;;;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BlackDuckConfig.cjs.js","sources":["../../src/service/BlackDuckConfig.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { Config } from '@backstage/config';\n\n/**\n * @public\n */\nexport interface BlackDuckHostConfig {\n name: string;\n host: string;\n token: string;\n}\n\nconst DEFAULT_HOST_NAME = 'default';\n\n/**\n * blackduckPlugin config\n *\n * @public\n */\nexport class BlackDuckConfig {\n constructor(\n private readonly hosts: BlackDuckHostConfig[],\n private readonly defaultHost: string,\n ) {}\n\n static fromConfig(config: Config): BlackDuckConfig {\n let hosts: BlackDuckHostConfig[] = [];\n let defaultHost: string = DEFAULT_HOST_NAME;\n\n if (config.has('blackduck.host') && config.has('blackduck.hosts')) {\n throw new Error('Cannot have both blackduck.host and blackduck.hosts');\n }\n\n if (config.has('blackduck.host') && config.has('blackduck.token')) {\n const singleHost = {\n name: 'default',\n host: config.getString('blackduck.host'),\n token: config.getString('blackduck.token'),\n };\n hosts = [singleHost];\n } else if (\n config.has('blackduck.hosts') &&\n config.has('blackduck.default')\n ) {\n hosts = config.getConfigArray('blackduck.hosts').map(hostConfig => ({\n name: hostConfig.getString('name'),\n host: hostConfig.getString('host'),\n token: hostConfig.getString('token'),\n }));\n defaultHost = config.getString('blackduck.default');\n } else {\n throw new Error('Invalid BlackDuck config found');\n }\n\n return new BlackDuckConfig(hosts, defaultHost);\n }\n\n getHostConfigByName(name: string): BlackDuckHostConfig {\n const hostName = name === DEFAULT_HOST_NAME ? this.defaultHost : name;\n\n const hostConfig = this.hosts.find(host => host.name === hostName);\n\n if (!hostConfig) {\n throw new Error(`No host found with name: ${name}`);\n }\n\n return hostConfig;\n }\n}\n"],"names":[],"mappings":";;AA0BA,MAAM,iBAAoB,GAAA,SAAA
|
|
1
|
+
{"version":3,"file":"BlackDuckConfig.cjs.js","sources":["../../src/service/BlackDuckConfig.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { Config } from '@backstage/config';\n\n/**\n * @public\n */\nexport interface BlackDuckHostConfig {\n name: string;\n host: string;\n token: string;\n}\n\nconst DEFAULT_HOST_NAME = 'default';\n\n/**\n * blackduckPlugin config\n *\n * @public\n */\nexport class BlackDuckConfig {\n constructor(\n private readonly hosts: BlackDuckHostConfig[],\n private readonly defaultHost: string,\n ) {}\n\n static fromConfig(config: Config): BlackDuckConfig {\n let hosts: BlackDuckHostConfig[] = [];\n let defaultHost: string = DEFAULT_HOST_NAME;\n\n if (config.has('blackduck.host') && config.has('blackduck.hosts')) {\n throw new Error('Cannot have both blackduck.host and blackduck.hosts');\n }\n\n if (config.has('blackduck.host') && config.has('blackduck.token')) {\n const singleHost = {\n name: 'default',\n host: config.getString('blackduck.host'),\n token: config.getString('blackduck.token'),\n };\n hosts = [singleHost];\n } else if (\n config.has('blackduck.hosts') &&\n config.has('blackduck.default')\n ) {\n hosts = config.getConfigArray('blackduck.hosts').map(hostConfig => ({\n name: hostConfig.getString('name'),\n host: hostConfig.getString('host'),\n token: hostConfig.getString('token'),\n }));\n defaultHost = config.getString('blackduck.default');\n } else {\n throw new Error('Invalid BlackDuck config found');\n }\n\n return new BlackDuckConfig(hosts, defaultHost);\n }\n\n getHostConfigByName(name: string): BlackDuckHostConfig {\n const hostName = name === DEFAULT_HOST_NAME ? this.defaultHost : name;\n\n const hostConfig = this.hosts.find(host => host.name === hostName);\n\n if (!hostConfig) {\n throw new Error(`No host found with name: ${name}`);\n }\n\n return hostConfig;\n }\n}\n"],"names":[],"mappings":";;AA0BA,MAAM,iBAAoB,GAAA,SAAA;AAOnB,MAAM,eAAgB,CAAA;AAAA,EAC3B,WAAA,CACmB,OACA,WACjB,EAAA;AAFiB,IAAA,IAAA,CAAA,KAAA,GAAA,KAAA;AACA,IAAA,IAAA,CAAA,WAAA,GAAA,WAAA;AAAA;AAChB,EAEH,OAAO,WAAW,MAAiC,EAAA;AACjD,IAAA,IAAI,QAA+B,EAAC;AACpC,IAAA,IAAI,WAAsB,GAAA,iBAAA;AAE1B,IAAA,IAAI,OAAO,GAAI,CAAA,gBAAgB,KAAK,MAAO,CAAA,GAAA,CAAI,iBAAiB,CAAG,EAAA;AACjE,MAAM,MAAA,IAAI,MAAM,qDAAqD,CAAA;AAAA;AAGvE,IAAA,IAAI,OAAO,GAAI,CAAA,gBAAgB,KAAK,MAAO,CAAA,GAAA,CAAI,iBAAiB,CAAG,EAAA;AACjE,MAAA,MAAM,UAAa,GAAA;AAAA,QACjB,IAAM,EAAA,SAAA;AAAA,QACN,IAAA,EAAM,MAAO,CAAA,SAAA,CAAU,gBAAgB,CAAA;AAAA,QACvC,KAAA,EAAO,MAAO,CAAA,SAAA,CAAU,iBAAiB;AAAA,OAC3C;AACA,MAAA,KAAA,GAAQ,CAAC,UAAU,CAAA;AAAA,KACrB,MAAA,IACE,OAAO,GAAI,CAAA,iBAAiB,KAC5B,MAAO,CAAA,GAAA,CAAI,mBAAmB,CAC9B,EAAA;AACA,MAAA,KAAA,GAAQ,MAAO,CAAA,cAAA,CAAe,iBAAiB,CAAA,CAAE,IAAI,CAAe,UAAA,MAAA;AAAA,QAClE,IAAA,EAAM,UAAW,CAAA,SAAA,CAAU,MAAM,CAAA;AAAA,QACjC,IAAA,EAAM,UAAW,CAAA,SAAA,CAAU,MAAM,CAAA;AAAA,QACjC,KAAA,EAAO,UAAW,CAAA,SAAA,CAAU,OAAO;AAAA,OACnC,CAAA,CAAA;AACF,MAAc,WAAA,GAAA,MAAA,CAAO,UAAU,mBAAmB,CAAA;AAAA,KAC7C,MAAA;AACL,MAAM,MAAA,IAAI,MAAM,gCAAgC,CAAA;AAAA;AAGlD,IAAO,OAAA,IAAI,eAAgB,CAAA,KAAA,EAAO,WAAW,CAAA;AAAA;AAC/C,EAEA,oBAAoB,IAAmC,EAAA;AACrD,IAAA,MAAM,QAAW,GAAA,IAAA,KAAS,iBAAoB,GAAA,IAAA,CAAK,WAAc,GAAA,IAAA;AAEjE,IAAA,MAAM,aAAa,IAAK,CAAA,KAAA,CAAM,KAAK,CAAQ,IAAA,KAAA,IAAA,CAAK,SAAS,QAAQ,CAAA;AAEjE,IAAA,IAAI,CAAC,UAAY,EAAA;AACf,MAAA,MAAM,IAAI,KAAA,CAAM,CAA4B,yBAAA,EAAA,IAAI,CAAE,CAAA,CAAA;AAAA;AAGpD,IAAO,OAAA,UAAA;AAAA;AAEX;;;;"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"router.cjs.js","sources":["../../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { MiddlewareFactory } from '@backstage/backend-defaults/rootHttpRouter';\nimport {\n DiscoveryService,\n HttpAuthService,\n LoggerService,\n PermissionsService,\n} from '@backstage/backend-plugin-api';\nimport { Config } from '@backstage/config';\nimport express from 'express';\nimport Router from 'express-promise-router';\nimport { createPermissionIntegrationRouter } from '@backstage/plugin-permission-node';\nimport { InputError, NotAllowedError } from '@backstage/errors';\nimport { AuthorizeResult } from '@backstage/plugin-permission-common';\nimport { createLegacyAuthAdapters } from '@backstage/backend-common';\nimport {\n blackduckPermissions,\n blackduckRiskProfileReadPermission,\n blackduckVulnerabilitiesReadPermission,\n} from '@backstage-community/plugin-blackduck-common';\nimport { BlackDuckRestApi } from '../api/BlackDuckRestApi';\nimport { BlackDuckConfig } from './BlackDuckConfig';\n\n/** @public */\nexport interface RouterOptions {\n logger: LoggerService;\n config: Config;\n permissions: PermissionsService;\n discovery: DiscoveryService;\n httpAuth?: HttpAuthService;\n blackDuckConfig: BlackDuckConfig;\n}\n\n/** @public */\nexport async function createRouter(\n options: RouterOptions,\n): Promise<express.Router> {\n const { logger, permissions, config, blackDuckConfig } = options;\n const { httpAuth } = createLegacyAuthAdapters(options);\n const permissionIntegrationRouter = createPermissionIntegrationRouter({\n permissions: blackduckPermissions,\n });\n\n const router = Router();\n router.use(express.json());\n router.use(permissionIntegrationRouter);\n\n router.get('/health', (_, response) => {\n logger.info('PONG!');\n response.json({ status: 'ok' });\n });\n\n const middleware = MiddlewareFactory.create({ logger, config });\n\n router.post(\n '/risk-profile/:hostKey/:projectName/:projectVersion',\n async (_request, response) => {\n logger.debug('getting vulnarabilities..');\n const { hostKey, projectName, projectVersion } = _request.params;\n\n if (!hostKey || !projectName || !projectVersion) {\n response.status(400).json({\n message: 'The hostKey, projectName and projectVersion are required',\n });\n return;\n }\n\n let host: string;\n let token: string;\n\n try {\n const hostConfig = blackDuckConfig.getHostConfigByName(hostKey);\n host = hostConfig.host;\n token = hostConfig.token;\n } catch (error) {\n response.status(400).json({\n message: 'The hostKey is not valid.',\n });\n return;\n }\n\n const credentials = await httpAuth.credentials(_request);\n const entityRef = _request.body.entityRef;\n logger.info('getting risk profile for project: ', entityRef);\n if (typeof entityRef !== 'string') {\n throw new InputError('Invalid entityRef, not a string');\n }\n\n const decision = (\n await permissions.authorize(\n [\n {\n permission: blackduckRiskProfileReadPermission,\n resourceRef: entityRef,\n },\n ],\n {\n credentials,\n },\n )\n )[0];\n\n if (decision.result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('Unauthorized');\n }\n\n const blackDuck = new BlackDuckRestApi(logger, host, token);\n\n await blackDuck.auth();\n const risk_profile = await blackDuck.getRiskProfile(\n projectName,\n projectVersion,\n );\n response.json(risk_profile);\n },\n );\n\n router.post(\n '/vulns/:hostKey/:projectName/:projectVersion',\n async (_request, response) => {\n const { hostKey, projectName, projectVersion } = _request.params;\n const credentials = await httpAuth.credentials(_request);\n const entityRef = _request.body.entityRef;\n logger.info('getting vulnarabilities for project: ', entityRef);\n if (typeof entityRef !== 'string') {\n throw new InputError('Invalid entityRef, not a string');\n }\n\n if (!hostKey || !projectName || !projectVersion) {\n response.status(400).json({\n message: 'The hostKey, projectName and projectVersion are required',\n });\n return;\n }\n\n let host: string;\n let token: string;\n\n try {\n const hostConfig = blackDuckConfig.getHostConfigByName(hostKey);\n host = hostConfig.host;\n token = hostConfig.token;\n } catch (error) {\n response.status(400).json({\n message: 'The hostKey is not valid.',\n });\n return;\n }\n\n const decision = (\n await permissions.authorize(\n [\n {\n permission: blackduckVulnerabilitiesReadPermission,\n resourceRef: entityRef,\n },\n ],\n {\n credentials,\n },\n )\n )[0];\n logger.info('decision', decision);\n if (decision.result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('Unauthorized');\n }\n\n const blackDuck = new BlackDuckRestApi(logger, host, token);\n\n await blackDuck.auth();\n const vulns = await blackDuck.getVulnerableComponents(\n projectName,\n projectVersion,\n );\n response.json(vulns);\n },\n );\n\n router.use(middleware.error());\n return router;\n}\n"],"names":["createLegacyAuthAdapters","createPermissionIntegrationRouter","blackduckPermissions","Router","express","MiddlewareFactory","InputError","blackduckRiskProfileReadPermission","AuthorizeResult","NotAllowedError","BlackDuckRestApi","blackduckVulnerabilitiesReadPermission"],"mappings":";;;;;;;;;;;;;;;;;AAgDA,eAAsB,aACpB,OACyB,EAAA;AACzB,EAAA,MAAM,EAAE,MAAA,EAAQ,WAAa,EAAA,MAAA,EAAQ,iBAAoB,GAAA,OAAA,CAAA;AACzD,EAAA,MAAM,EAAE,QAAA,EAAa,GAAAA,sCAAA,CAAyB,OAAO,CAAA,CAAA;AACrD,EAAA,MAAM,8BAA8BC,sDAAkC,CAAA;AAAA,IACpE,WAAa,EAAAC,0CAAA;AAAA,GACd,CAAA,CAAA;AAED,EAAA,MAAM,SAASC,uBAAO,EAAA,CAAA;AACtB,EAAO,MAAA,CAAA,GAAA,CAAIC,wBAAQ,CAAA,IAAA,EAAM,CAAA,CAAA;AACzB,EAAA,MAAA,CAAO,IAAI,2BAA2B,CAAA,CAAA;AAEtC,EAAA,MAAA,CAAO,GAAI,CAAA,SAAA,EAAW,CAAC,CAAA,EAAG,QAAa,KAAA;AACrC,IAAA,MAAA,CAAO,KAAK,OAAO,CAAA,CAAA;AACnB,IAAA,QAAA,CAAS,IAAK,CAAA,EAAE,MAAQ,EAAA,IAAA,EAAM,CAAA,CAAA;AAAA,GAC/B,CAAA,CAAA;AAED,EAAA,MAAM,aAAaC,gCAAkB,CAAA,MAAA,CAAO,EAAE,MAAA,EAAQ,QAAQ,CAAA,CAAA;AAE9D,EAAO,MAAA,CAAA,IAAA;AAAA,IACL,qDAAA;AAAA,IACA,OAAO,UAAU,QAAa,KAAA;AAC5B,MAAA,MAAA,CAAO,MAAM,2BAA2B,CAAA,CAAA;AACxC,MAAA,MAAM,EAAE,OAAA,EAAS,WAAa,EAAA,cAAA,KAAmB,QAAS,CAAA,MAAA,CAAA;AAE1D,MAAA,IAAI,CAAC,OAAA,IAAW,CAAC,WAAA,IAAe,CAAC,cAAgB,EAAA;AAC/C,QAAS,QAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA;AAAA,UACxB,OAAS,EAAA,0DAAA;AAAA,SACV,CAAA,CAAA;AACD,QAAA,OAAA;AAAA,OACF;AAEA,MAAI,IAAA,IAAA,CAAA;AACJ,MAAI,IAAA,KAAA,CAAA;AAEJ,MAAI,IAAA;AACF,QAAM,MAAA,UAAA,GAAa,eAAgB,CAAA,mBAAA,CAAoB,OAAO,CAAA,CAAA;AAC9D,QAAA,IAAA,GAAO,UAAW,CAAA,IAAA,CAAA;AAClB,QAAA,KAAA,GAAQ,UAAW,CAAA,KAAA,CAAA;AAAA,eACZ,KAAO,EAAA;AACd,QAAS,QAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA;AAAA,UACxB,OAAS,EAAA,2BAAA;AAAA,SACV,CAAA,CAAA;AACD,QAAA,OAAA;AAAA,OACF;AAEA,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,QAAQ,CAAA,CAAA;AACvD,MAAM,MAAA,SAAA,GAAY,SAAS,IAAK,CAAA,SAAA,CAAA;AAChC,MAAO,MAAA,CAAA,IAAA,CAAK,sCAAsC,SAAS,CAAA,CAAA;AAC3D,MAAI,IAAA,OAAO,cAAc,QAAU,EAAA;AACjC,QAAM,MAAA,IAAIC,kBAAW,iCAAiC,CAAA,CAAA;AAAA,OACxD;AAEA,MAAM,MAAA,QAAA,GAAA,CACJ,MAAM,WAAY,CAAA,SAAA;AAAA,QAChB;AAAA,UACE;AAAA,YACE,UAAY,EAAAC,wDAAA;AAAA,YACZ,WAAa,EAAA,SAAA;AAAA,WACf;AAAA,SACF;AAAA,QACA;AAAA,UACE,WAAA;AAAA,SACF;AAAA,SAEF,CAAC,CAAA,CAAA;AAEH,MAAI,IAAA,QAAA,CAAS,MAAW,KAAAC,sCAAA,CAAgB,KAAO,EAAA;AAC7C,QAAM,MAAA,IAAIC,uBAAgB,cAAc,CAAA,CAAA;AAAA,OAC1C;AAEA,MAAA,MAAM,SAAY,GAAA,IAAIC,iCAAiB,CAAA,MAAA,EAAQ,MAAM,KAAK,CAAA,CAAA;AAE1D,MAAA,MAAM,UAAU,IAAK,EAAA,CAAA;AACrB,MAAM,MAAA,YAAA,GAAe,MAAM,SAAU,CAAA,cAAA;AAAA,QACnC,WAAA;AAAA,QACA,cAAA;AAAA,OACF,CAAA;AACA,MAAA,QAAA,CAAS,KAAK,YAAY,CAAA,CAAA;AAAA,KAC5B;AAAA,GACF,CAAA;AAEA,EAAO,MAAA,CAAA,IAAA;AAAA,IACL,8CAAA;AAAA,IACA,OAAO,UAAU,QAAa,KAAA;AAC5B,MAAA,MAAM,EAAE,OAAA,EAAS,WAAa,EAAA,cAAA,KAAmB,QAAS,CAAA,MAAA,CAAA;AAC1D,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,QAAQ,CAAA,CAAA;AACvD,MAAM,MAAA,SAAA,GAAY,SAAS,IAAK,CAAA,SAAA,CAAA;AAChC,MAAO,MAAA,CAAA,IAAA,CAAK,yCAAyC,SAAS,CAAA,CAAA;AAC9D,MAAI,IAAA,OAAO,cAAc,QAAU,EAAA;AACjC,QAAM,MAAA,IAAIJ,kBAAW,iCAAiC,CAAA,CAAA;AAAA,OACxD;AAEA,MAAA,IAAI,CAAC,OAAA,IAAW,CAAC,WAAA,IAAe,CAAC,cAAgB,EAAA;AAC/C,QAAS,QAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA;AAAA,UACxB,OAAS,EAAA,0DAAA;AAAA,SACV,CAAA,CAAA;AACD,QAAA,OAAA;AAAA,OACF;AAEA,MAAI,IAAA,IAAA,CAAA;AACJ,MAAI,IAAA,KAAA,CAAA;AAEJ,MAAI,IAAA;AACF,QAAM,MAAA,UAAA,GAAa,eAAgB,CAAA,mBAAA,CAAoB,OAAO,CAAA,CAAA;AAC9D,QAAA,IAAA,GAAO,UAAW,CAAA,IAAA,CAAA;AAClB,QAAA,KAAA,GAAQ,UAAW,CAAA,KAAA,CAAA;AAAA,eACZ,KAAO,EAAA;AACd,QAAS,QAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA;AAAA,UACxB,OAAS,EAAA,2BAAA;AAAA,SACV,CAAA,CAAA;AACD,QAAA,OAAA;AAAA,OACF;AAEA,MAAM,MAAA,QAAA,GAAA,CACJ,MAAM,WAAY,CAAA,SAAA;AAAA,QAChB;AAAA,UACE;AAAA,YACE,UAAY,EAAAK,4DAAA;AAAA,YACZ,WAAa,EAAA,SAAA;AAAA,WACf;AAAA,SACF;AAAA,QACA;AAAA,UACE,WAAA;AAAA,SACF;AAAA,SAEF,CAAC,CAAA,CAAA;AACH,MAAO,MAAA,CAAA,IAAA,CAAK,YAAY,QAAQ,CAAA,CAAA;AAChC,MAAI,IAAA,QAAA,CAAS,MAAW,KAAAH,sCAAA,CAAgB,KAAO,EAAA;AAC7C,QAAM,MAAA,IAAIC,uBAAgB,cAAc,CAAA,CAAA;AAAA,OAC1C;AAEA,MAAA,MAAM,SAAY,GAAA,IAAIC,iCAAiB,CAAA,MAAA,EAAQ,MAAM,KAAK,CAAA,CAAA;AAE1D,MAAA,MAAM,UAAU,IAAK,EAAA,CAAA;AACrB,MAAM,MAAA,KAAA,GAAQ,MAAM,SAAU,CAAA,uBAAA;AAAA,QAC5B,WAAA;AAAA,QACA,cAAA;AAAA,OACF,CAAA;AACA,MAAA,QAAA,CAAS,KAAK,KAAK,CAAA,CAAA;AAAA,KACrB;AAAA,GACF,CAAA;AAEA,EAAO,MAAA,CAAA,GAAA,CAAI,UAAW,CAAA,KAAA,EAAO,CAAA,CAAA;AAC7B,EAAO,OAAA,MAAA,CAAA;AACT;;;;"}
|
|
1
|
+
{"version":3,"file":"router.cjs.js","sources":["../../src/service/router.ts"],"sourcesContent":["/*\n * Copyright 2024 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport { MiddlewareFactory } from '@backstage/backend-defaults/rootHttpRouter';\nimport {\n DiscoveryService,\n HttpAuthService,\n LoggerService,\n PermissionsService,\n} from '@backstage/backend-plugin-api';\nimport { Config } from '@backstage/config';\nimport express from 'express';\nimport Router from 'express-promise-router';\nimport { createPermissionIntegrationRouter } from '@backstage/plugin-permission-node';\nimport { InputError, NotAllowedError } from '@backstage/errors';\nimport { AuthorizeResult } from '@backstage/plugin-permission-common';\nimport { createLegacyAuthAdapters } from '@backstage/backend-common';\nimport {\n blackduckPermissions,\n blackduckRiskProfileReadPermission,\n blackduckVulnerabilitiesReadPermission,\n} from '@backstage-community/plugin-blackduck-common';\nimport { BlackDuckRestApi } from '../api/BlackDuckRestApi';\nimport { BlackDuckConfig } from './BlackDuckConfig';\n\n/**\n * @deprecated Please migrate to the new backend system as this will be removed in the future.\n *\n * @public */\nexport interface RouterOptions {\n logger: LoggerService;\n config: Config;\n permissions: PermissionsService;\n discovery: DiscoveryService;\n httpAuth?: HttpAuthService;\n blackDuckConfig: BlackDuckConfig;\n}\n\n/**\n * @deprecated Please migrate to the new backend system as this will be removed in the future.\n *\n * @public */\nexport async function createRouter(\n options: RouterOptions,\n): Promise<express.Router> {\n const { logger, permissions, config, blackDuckConfig } = options;\n const { httpAuth } = createLegacyAuthAdapters(options);\n const permissionIntegrationRouter = createPermissionIntegrationRouter({\n permissions: blackduckPermissions,\n });\n\n const router = Router();\n router.use(express.json());\n router.use(permissionIntegrationRouter);\n\n router.get('/health', (_, response) => {\n logger.info('PONG!');\n response.json({ status: 'ok' });\n });\n\n const middleware = MiddlewareFactory.create({ logger, config });\n\n router.post(\n '/risk-profile/:hostKey/:projectName/:projectVersion',\n async (_request, response) => {\n logger.debug('getting vulnarabilities..');\n const { hostKey, projectName, projectVersion } = _request.params;\n\n if (!hostKey || !projectName || !projectVersion) {\n response.status(400).json({\n message: 'The hostKey, projectName and projectVersion are required',\n });\n return;\n }\n\n let host: string;\n let token: string;\n\n try {\n const hostConfig = blackDuckConfig.getHostConfigByName(hostKey);\n host = hostConfig.host;\n token = hostConfig.token;\n } catch (error) {\n response.status(400).json({\n message: 'The hostKey is not valid.',\n });\n return;\n }\n\n const credentials = await httpAuth.credentials(_request);\n const entityRef = _request.body.entityRef;\n logger.info('getting risk profile for project: ', entityRef);\n if (typeof entityRef !== 'string') {\n throw new InputError('Invalid entityRef, not a string');\n }\n\n const decision = (\n await permissions.authorize(\n [\n {\n permission: blackduckRiskProfileReadPermission,\n resourceRef: entityRef,\n },\n ],\n {\n credentials,\n },\n )\n )[0];\n\n if (decision.result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('Unauthorized');\n }\n\n const blackDuck = new BlackDuckRestApi(logger, host, token);\n\n await blackDuck.auth();\n const risk_profile = await blackDuck.getRiskProfile(\n projectName,\n projectVersion,\n );\n response.json(risk_profile);\n },\n );\n\n router.post(\n '/vulns/:hostKey/:projectName/:projectVersion',\n async (_request, response) => {\n const { hostKey, projectName, projectVersion } = _request.params;\n const credentials = await httpAuth.credentials(_request);\n const entityRef = _request.body.entityRef;\n logger.info('getting vulnarabilities for project: ', entityRef);\n if (typeof entityRef !== 'string') {\n throw new InputError('Invalid entityRef, not a string');\n }\n\n if (!hostKey || !projectName || !projectVersion) {\n response.status(400).json({\n message: 'The hostKey, projectName and projectVersion are required',\n });\n return;\n }\n\n let host: string;\n let token: string;\n\n try {\n const hostConfig = blackDuckConfig.getHostConfigByName(hostKey);\n host = hostConfig.host;\n token = hostConfig.token;\n } catch (error) {\n response.status(400).json({\n message: 'The hostKey is not valid.',\n });\n return;\n }\n\n const decision = (\n await permissions.authorize(\n [\n {\n permission: blackduckVulnerabilitiesReadPermission,\n resourceRef: entityRef,\n },\n ],\n {\n credentials,\n },\n )\n )[0];\n logger.info('decision', decision);\n if (decision.result !== AuthorizeResult.ALLOW) {\n throw new NotAllowedError('Unauthorized');\n }\n\n const blackDuck = new BlackDuckRestApi(logger, host, token);\n\n await blackDuck.auth();\n const vulns = await blackDuck.getVulnerableComponents(\n projectName,\n projectVersion,\n );\n response.json(vulns);\n },\n );\n\n router.use(middleware.error());\n return router;\n}\n"],"names":["createLegacyAuthAdapters","createPermissionIntegrationRouter","blackduckPermissions","Router","express","MiddlewareFactory","InputError","blackduckRiskProfileReadPermission","AuthorizeResult","NotAllowedError","BlackDuckRestApi","blackduckVulnerabilitiesReadPermission"],"mappings":";;;;;;;;;;;;;;;;;AAsDA,eAAsB,aACpB,OACyB,EAAA;AACzB,EAAA,MAAM,EAAE,MAAA,EAAQ,WAAa,EAAA,MAAA,EAAQ,iBAAoB,GAAA,OAAA;AACzD,EAAA,MAAM,EAAE,QAAA,EAAa,GAAAA,sCAAA,CAAyB,OAAO,CAAA;AACrD,EAAA,MAAM,8BAA8BC,sDAAkC,CAAA;AAAA,IACpE,WAAa,EAAAC;AAAA,GACd,CAAA;AAED,EAAA,MAAM,SAASC,uBAAO,EAAA;AACtB,EAAO,MAAA,CAAA,GAAA,CAAIC,wBAAQ,CAAA,IAAA,EAAM,CAAA;AACzB,EAAA,MAAA,CAAO,IAAI,2BAA2B,CAAA;AAEtC,EAAA,MAAA,CAAO,GAAI,CAAA,SAAA,EAAW,CAAC,CAAA,EAAG,QAAa,KAAA;AACrC,IAAA,MAAA,CAAO,KAAK,OAAO,CAAA;AACnB,IAAA,QAAA,CAAS,IAAK,CAAA,EAAE,MAAQ,EAAA,IAAA,EAAM,CAAA;AAAA,GAC/B,CAAA;AAED,EAAA,MAAM,aAAaC,gCAAkB,CAAA,MAAA,CAAO,EAAE,MAAA,EAAQ,QAAQ,CAAA;AAE9D,EAAO,MAAA,CAAA,IAAA;AAAA,IACL,qDAAA;AAAA,IACA,OAAO,UAAU,QAAa,KAAA;AAC5B,MAAA,MAAA,CAAO,MAAM,2BAA2B,CAAA;AACxC,MAAA,MAAM,EAAE,OAAA,EAAS,WAAa,EAAA,cAAA,KAAmB,QAAS,CAAA,MAAA;AAE1D,MAAA,IAAI,CAAC,OAAA,IAAW,CAAC,WAAA,IAAe,CAAC,cAAgB,EAAA;AAC/C,QAAS,QAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA;AAAA,UACxB,OAAS,EAAA;AAAA,SACV,CAAA;AACD,QAAA;AAAA;AAGF,MAAI,IAAA,IAAA;AACJ,MAAI,IAAA,KAAA;AAEJ,MAAI,IAAA;AACF,QAAM,MAAA,UAAA,GAAa,eAAgB,CAAA,mBAAA,CAAoB,OAAO,CAAA;AAC9D,QAAA,IAAA,GAAO,UAAW,CAAA,IAAA;AAClB,QAAA,KAAA,GAAQ,UAAW,CAAA,KAAA;AAAA,eACZ,KAAO,EAAA;AACd,QAAS,QAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA;AAAA,UACxB,OAAS,EAAA;AAAA,SACV,CAAA;AACD,QAAA;AAAA;AAGF,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,QAAQ,CAAA;AACvD,MAAM,MAAA,SAAA,GAAY,SAAS,IAAK,CAAA,SAAA;AAChC,MAAO,MAAA,CAAA,IAAA,CAAK,sCAAsC,SAAS,CAAA;AAC3D,MAAI,IAAA,OAAO,cAAc,QAAU,EAAA;AACjC,QAAM,MAAA,IAAIC,kBAAW,iCAAiC,CAAA;AAAA;AAGxD,MAAM,MAAA,QAAA,GAAA,CACJ,MAAM,WAAY,CAAA,SAAA;AAAA,QAChB;AAAA,UACE;AAAA,YACE,UAAY,EAAAC,wDAAA;AAAA,YACZ,WAAa,EAAA;AAAA;AACf,SACF;AAAA,QACA;AAAA,UACE;AAAA;AACF,SAEF,CAAC,CAAA;AAEH,MAAI,IAAA,QAAA,CAAS,MAAW,KAAAC,sCAAA,CAAgB,KAAO,EAAA;AAC7C,QAAM,MAAA,IAAIC,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAA,MAAM,SAAY,GAAA,IAAIC,iCAAiB,CAAA,MAAA,EAAQ,MAAM,KAAK,CAAA;AAE1D,MAAA,MAAM,UAAU,IAAK,EAAA;AACrB,MAAM,MAAA,YAAA,GAAe,MAAM,SAAU,CAAA,cAAA;AAAA,QACnC,WAAA;AAAA,QACA;AAAA,OACF;AACA,MAAA,QAAA,CAAS,KAAK,YAAY,CAAA;AAAA;AAC5B,GACF;AAEA,EAAO,MAAA,CAAA,IAAA;AAAA,IACL,8CAAA;AAAA,IACA,OAAO,UAAU,QAAa,KAAA;AAC5B,MAAA,MAAM,EAAE,OAAA,EAAS,WAAa,EAAA,cAAA,KAAmB,QAAS,CAAA,MAAA;AAC1D,MAAA,MAAM,WAAc,GAAA,MAAM,QAAS,CAAA,WAAA,CAAY,QAAQ,CAAA;AACvD,MAAM,MAAA,SAAA,GAAY,SAAS,IAAK,CAAA,SAAA;AAChC,MAAO,MAAA,CAAA,IAAA,CAAK,yCAAyC,SAAS,CAAA;AAC9D,MAAI,IAAA,OAAO,cAAc,QAAU,EAAA;AACjC,QAAM,MAAA,IAAIJ,kBAAW,iCAAiC,CAAA;AAAA;AAGxD,MAAA,IAAI,CAAC,OAAA,IAAW,CAAC,WAAA,IAAe,CAAC,cAAgB,EAAA;AAC/C,QAAS,QAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA;AAAA,UACxB,OAAS,EAAA;AAAA,SACV,CAAA;AACD,QAAA;AAAA;AAGF,MAAI,IAAA,IAAA;AACJ,MAAI,IAAA,KAAA;AAEJ,MAAI,IAAA;AACF,QAAM,MAAA,UAAA,GAAa,eAAgB,CAAA,mBAAA,CAAoB,OAAO,CAAA;AAC9D,QAAA,IAAA,GAAO,UAAW,CAAA,IAAA;AAClB,QAAA,KAAA,GAAQ,UAAW,CAAA,KAAA;AAAA,eACZ,KAAO,EAAA;AACd,QAAS,QAAA,CAAA,MAAA,CAAO,GAAG,CAAA,CAAE,IAAK,CAAA;AAAA,UACxB,OAAS,EAAA;AAAA,SACV,CAAA;AACD,QAAA;AAAA;AAGF,MAAM,MAAA,QAAA,GAAA,CACJ,MAAM,WAAY,CAAA,SAAA;AAAA,QAChB;AAAA,UACE;AAAA,YACE,UAAY,EAAAK,4DAAA;AAAA,YACZ,WAAa,EAAA;AAAA;AACf,SACF;AAAA,QACA;AAAA,UACE;AAAA;AACF,SAEF,CAAC,CAAA;AACH,MAAO,MAAA,CAAA,IAAA,CAAK,YAAY,QAAQ,CAAA;AAChC,MAAI,IAAA,QAAA,CAAS,MAAW,KAAAH,sCAAA,CAAgB,KAAO,EAAA;AAC7C,QAAM,MAAA,IAAIC,uBAAgB,cAAc,CAAA;AAAA;AAG1C,MAAA,MAAM,SAAY,GAAA,IAAIC,iCAAiB,CAAA,MAAA,EAAQ,MAAM,KAAK,CAAA;AAE1D,MAAA,MAAM,UAAU,IAAK,EAAA;AACrB,MAAM,MAAA,KAAA,GAAQ,MAAM,SAAU,CAAA,uBAAA;AAAA,QAC5B,WAAA;AAAA,QACA;AAAA,OACF;AACA,MAAA,QAAA,CAAS,KAAK,KAAK,CAAA;AAAA;AACrB,GACF;AAEA,EAAO,MAAA,CAAA,GAAA,CAAI,UAAW,CAAA,KAAA,EAAO,CAAA;AAC7B,EAAO,OAAA,MAAA;AACT;;;;"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@backstage-community/plugin-blackduck-backend",
|
|
3
|
-
"version": "0.0
|
|
3
|
+
"version": "0.1.0",
|
|
4
4
|
"main": "dist/index.cjs.js",
|
|
5
5
|
"types": "dist/index.d.ts",
|
|
6
6
|
"license": "Apache-2.0",
|
|
@@ -33,23 +33,23 @@
|
|
|
33
33
|
"postpack": "backstage-cli package postpack"
|
|
34
34
|
},
|
|
35
35
|
"dependencies": {
|
|
36
|
-
"@backstage-community/plugin-blackduck-common": "^0.0
|
|
36
|
+
"@backstage-community/plugin-blackduck-common": "^0.1.0",
|
|
37
37
|
"@backstage/backend-common": "^0.25.0",
|
|
38
|
-
"@backstage/backend-defaults": "^0.
|
|
39
|
-
"@backstage/backend-plugin-api": "^1.0
|
|
40
|
-
"@backstage/config": "^1.
|
|
41
|
-
"@backstage/errors": "^1.2.
|
|
42
|
-
"@backstage/plugin-permission-common": "^0.8.
|
|
43
|
-
"@backstage/plugin-permission-node": "^0.8.
|
|
38
|
+
"@backstage/backend-defaults": "^0.6.1",
|
|
39
|
+
"@backstage/backend-plugin-api": "^1.1.0",
|
|
40
|
+
"@backstage/config": "^1.3.1",
|
|
41
|
+
"@backstage/errors": "^1.2.6",
|
|
42
|
+
"@backstage/plugin-permission-common": "^0.8.3",
|
|
43
|
+
"@backstage/plugin-permission-node": "^0.8.6",
|
|
44
44
|
"express": "^4.17.1",
|
|
45
45
|
"express-promise-router": "^4.1.0",
|
|
46
46
|
"node-fetch": "^2.6.7"
|
|
47
47
|
},
|
|
48
48
|
"devDependencies": {
|
|
49
|
-
"@backstage/backend-test-utils": "^1.0
|
|
50
|
-
"@backstage/cli": "^0.
|
|
51
|
-
"@backstage/plugin-auth-backend": "^0.
|
|
52
|
-
"@backstage/plugin-auth-backend-module-guest-provider": "^0.2.
|
|
49
|
+
"@backstage/backend-test-utils": "^1.2.0",
|
|
50
|
+
"@backstage/cli": "^0.29.4",
|
|
51
|
+
"@backstage/plugin-auth-backend": "^0.24.1",
|
|
52
|
+
"@backstage/plugin-auth-backend-module-guest-provider": "^0.2.3",
|
|
53
53
|
"@types/express": "*",
|
|
54
54
|
"@types/supertest": "^6.0.0",
|
|
55
55
|
"msw": "^2.3.1",
|
|
@@ -59,5 +59,12 @@
|
|
|
59
59
|
"dist",
|
|
60
60
|
"config.d.ts"
|
|
61
61
|
],
|
|
62
|
-
"configSchema": "config.d.ts"
|
|
62
|
+
"configSchema": "config.d.ts",
|
|
63
|
+
"typesVersions": {
|
|
64
|
+
"*": {
|
|
65
|
+
"index": [
|
|
66
|
+
"dist/index.d.ts"
|
|
67
|
+
]
|
|
68
|
+
}
|
|
69
|
+
}
|
|
63
70
|
}
|