capycli 2.0.0.dev8__py3-none-any.whl

License.md

@@ -0,0 +1,27 @@
+<!--
+# SPDX-FileCopyrightText: (c) 2018-2023 Siemens
+# SPDX-License-Identifier: MIT
+-->
+
+# MIT License
+
+Copyright (c) 2019-2023 Siemens
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice (including the next
+paragraph) shall be included in all copies or substantial portions of the
+Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

capycli/__init__.py

@@ -0,0 +1,214 @@
+# -------------------------------------------------------------------------------
+# Copyright (c) 2019-23 Siemens
+# All Rights Reserved.
+# Author: thomas.graf@siemens.com
+#
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: (c) 2019-2023 Siemens
+# -------------------------------------------------------------------------------
+
+"""Top-level module for CaPyCli.
+
+This module
+- initializes logging for the command-line tool
+- tracks the version of the package
+- provides a way to configure logging for the command-line tool
+"""
+
+import importlib
+import logging
+import sys
+from typing import Any
+
+import tomli
+from colorama import Fore, Style, init
+
+APP_NAME = "CaPyCli"
+VERBOSITY_LEVEL = 1
+
+
+def is_debug_logging_enabled() -> bool:
+    return VERBOSITY_LEVEL > 1
+
+
+def _get_project_meta() -> Any:
+    """Read version information from poetry configuration file."""
+    try:
+        with open('pyproject.toml', mode='rb') as pyproject:
+            return tomli.load(pyproject)['tool']['poetry']
+    except Exception:
+        # ignore all errors
+        pass
+
+
+def get_app_version() -> str:
+    """Get the version string of this application"""
+    version = ""
+    try:
+        # this will only work when the package has been installed
+        version = importlib.metadata.version("capycli")
+    except:  # noqa
+        pass
+
+    if not version:
+        # use version information from poetry
+        pkg_meta = _get_project_meta()
+        version = str(pkg_meta['version'])
+
+    if not version:
+        version = "0.0.0-no-version"
+
+    return version
+
+
+# There is nothing lower than logging.DEBUG (10) in the logging library,
+# but we want an extra level to avoid being too verbose when using -vv.
+_EXTRA_VERBOSE = 5
+logging.addLevelName(_EXTRA_VERBOSE, "VERBOSE")
+
+_VERBOSITY_TO_LOG_LEVEL = {
+    # output more than warnings but not debugging info
+    1: logging.INFO,  # INFO is a numerical level of 20
+    # output debugging information
+    2: logging.DEBUG,  # DEBUG is a numerical level of 10
+    # output extra verbose debugging information
+    3: _EXTRA_VERBOSE,
+}
+
+# initialize colorama
+init()
+
+
+class ConsoleHandler(logging.Handler):
+    """Handler that write to stderr for errors and to stdout
+    for other logiing records."""
+    def __init__(self) -> None:
+        super().__init__()
+
+    def emit(self, record: logging.LogRecord) -> None:
+        """Emit a record."""
+        try:
+            msg = self.format(record)
+            if record.levelno >= 40:
+                # error, critical
+                sys.stderr.write(msg)
+            elif record.levelno >= 30:
+                # warning
+                sys.stderr.write(msg)
+                print(msg)
+            else:
+                # info, debug, all other
+                print(msg)
+        except Exception:
+            self.handleError(record)
+
+
+class ColorFormatter(logging.Formatter):
+    """
+    A logging formatter for color cosole output.
+    Critical messages and errors are displayed in red.
+    Warnings are displayed in yellow.
+    Infos are displayed in white.
+    Debug messages are displayed in blue.
+    """
+    def __init__(self, verbosity: int) -> None:
+        super().__init__()
+        self.verbosity = verbosity
+        self.fmt = "%(asctime)s:%(levelname)s:%(name)s: %(message)s"
+        if self.verbosity == 1:
+            self.fmt = "%(message)s"
+
+    def get_color_format(self, levelno: int, fmt: str) -> Any:
+        if levelno >= 50:
+            color = Fore.LIGHTRED_EX
+        elif levelno >= 40:
+            color = Fore.LIGHTRED_EX
+        elif levelno >= 30:
+            color = Fore.LIGHTYELLOW_EX
+        elif levelno >= 20:
+            color = Fore.LIGHTWHITE_EX
+        elif levelno >= 10:
+            color = Fore.LIGHTBLUE_EX
+        else:
+            color = Fore.WHITE
+
+        return color + fmt + Style.RESET_ALL
+
+    def format(self, record: logging.LogRecord) -> str:
+        log_fmt = self.get_color_format(record.levelno, self.fmt)
+        formatter = logging.Formatter(log_fmt)
+        return formatter.format(record)
+
+
+class ColoredLogger(logging.Logger):
+    """
+    A color console logger that uses ColorFormatter
+    to display colored log messages and uses ConsoleHandler
+    to output critical messages, errors and warnings to stderr.
+    Infos and debug messages will be sent to stdout.
+    """
+    def __init__(self, name: str):
+        logging.Logger.__init__(self, name, logging.DEBUG)
+
+        self.propagate = False
+        self.setVerbosity(1)
+
+    def getVerbosity(self) -> int:
+        return self.__verbosity
+
+    def setVerbosity(self, value: int) -> None:
+        self.__verbosity = value
+        console = ConsoleHandler()
+        color_formatter = ColorFormatter(self.__verbosity)
+        console.setFormatter(color_formatter)
+        self.handlers.clear()
+        self.addHandler(console)
+
+    def handle(self, record: logging.LogRecord) -> None:
+        if self.isEnabledFor(record.levelno):
+            return super().handle(record)
+
+
+def configure_logging(verbosity: int) -> logging.Logger:
+    """
+    Configure logging.
+
+    :param int verbosity:
+        How verbose to be in logging information.
+    """
+    logging.setLoggerClass(ColoredLogger)
+
+    global VERBOSITY_LEVEL
+    VERBOSITY_LEVEL = verbosity
+
+    if verbosity < 0:
+        verbosity = 0
+    if verbosity > 3:
+        verbosity = 3
+
+    log_level = _VERBOSITY_TO_LOG_LEVEL[verbosity]
+
+    # log_level = logging.DEBUG # too much output from other libraries
+    logging.basicConfig(level=log_level)
+
+    logger = logging.getLogger(__name__)
+    logger.setVerbosity(verbosity)  # type: ignore
+    logger.setLevel(log_level)
+
+    global LOG
+    LOG = logger
+
+    return logger
+
+
+def get_logger(name: str) -> logging.Logger:
+    """Get one of our colored loggers for the specified name."""
+    logger = logging.getLogger(name)
+    logger.setVerbosity(VERBOSITY_LEVEL)  # type: ignore
+    log_level = _VERBOSITY_TO_LOG_LEVEL[VERBOSITY_LEVEL]
+    logger.setLevel(log_level)
+    return logger
+
+
+# Initialize logging
+LOG = configure_logging(1)

capycli/__main__.py

@@ -0,0 +1,13 @@
+# -------------------------------------------------------------------------------
+# Copyright (c) 2019-23 Siemens
+# All Rights Reserved.
+# Author: thomas.graf@siemens.com
+#
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: (c) 2019-2023 Siemens
+# -------------------------------------------------------------------------------
+
+"""Module allowing for ``python -m CaPyCli ...``."""
+from capycli.main import cli
+
+cli.main()

capycli/bom/__init__.py

@@ -0,0 +1,10 @@
+# -------------------------------------------------------------------------------
+# Copyright (c) 2019-23 Siemens
+# All Rights Reserved.
+# Author: thomas.graf@siemens.com
+#
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: (c) 2018-2023 Siemens
+# -------------------------------------------------------------------------------
+
+"""SBOM specific methods"""

capycli/bom/bom_convert.py

@@ -0,0 +1,163 @@
+# -------------------------------------------------------------------------------
+# Copyright (c) 2023 Siemens
+# All Rights Reserved.
+# Author: thomas.graf@siemens.com
+#
+# SPDX-License-Identifier: MIT
+# -------------------------------------------------------------------------------
+
+import os
+import sys
+
+# from enum import StrEnum  # not supported in Python 3.10.3
+from enum import Enum
+from typing import Any
+
+import capycli.common.json_support
+import capycli.common.script_base
+from capycli import get_logger
+from capycli.common.capycli_bom_support import CaPyCliBom
+from capycli.common.print import print_red, print_text
+from capycli.main.exceptions import CaPyCliException
+from capycli.main.result_codes import ResultCode
+
+from .csv import CsvSupport
+from .html import HtmlConversionSupport
+from .legacy import LegacySupport
+from .legacy_cx import LegacyCx
+from .plaintext import PlainTextSupport
+
+LOG = get_logger(__name__)
+
+
+class BomFormat(str, Enum):
+    # CaPyCLI flavor of Siemens Standard BOM/CycloneDX
+    CAPYCLI = "capycli"
+    # Siemens Standard BOM
+    SBOM = "sbom"
+    # plain text
+    TEXT = "text"
+    # CSV
+    CSV = "csv"
+    # CaPyCLI JSON
+    LEGACY = "legacy"
+    # CaPyCLI CycloneDX
+    LEGACY_CX = "legacy-cx"
+    # HTML
+    HTML = "html"
+
+
+class BomConvert(capycli.common.script_base.ScriptBase):
+    def convert(self,
+                inputfile: str,
+                inputformat: str,
+                outputfile: str,
+                outputformat: str) -> None:
+        """Main conversion method."""
+        if not outputformat:
+            # default is CaPyCLI
+            outputformat = BomFormat.CAPYCLI
+
+        cdx_components = []
+        project = None
+        sbom = None
+        try:
+            if inputformat == BomFormat.TEXT:
+                cdx_components = PlainTextSupport.flatlist_to_cdx_components(inputfile)
+                print_text(f"  {len(cdx_components)} components read from file {inputfile}")
+            elif inputformat == BomFormat.CSV:
+                cdx_components = CsvSupport.csv_to_cdx_components(inputfile)
+                print_text(f"  {len(cdx_components)} components read from file {inputfile}")
+            elif (inputformat == BomFormat.CAPYCLI) or (inputformat == BomFormat.SBOM):
+                sbom = CaPyCliBom.read_sbom(inputfile)
+                cdx_components = sbom.components
+                project = sbom.metadata.component
+                print_text(f"  {len(cdx_components)} components read from file {inputfile}")
+            elif inputformat == BomFormat.LEGACY:
+                cdx_components = LegacySupport.legacy_to_cdx_components(inputfile)
+                print_text(f"  {len(cdx_components)} components read from file {inputfile}")
+            elif inputformat == BomFormat.LEGACY_CX:
+                sbom = LegacyCx.read_sbom(inputfile)
+                cdx_components = sbom.components
+                print_text(f"  {len(cdx_components)} components read from file {inputfile}")
+            else:
+                print_red("Unsupported input format!")
+                sys.exit(ResultCode.RESULT_COMMAND_ERROR)
+        except CaPyCliException as error:
+            LOG.error(f"Error processing input file: {str(error)}")
+            sys.exit(ResultCode.RESULT_COMMAND_ERROR)
+
+        try:
+            if outputformat == BomFormat.TEXT:
+                PlainTextSupport.write_cdx_components_as_flatlist(cdx_components, outputfile)
+                print_text(f"  {len(cdx_components)} components written to file {outputfile}")
+            elif outputformat == BomFormat.CSV:
+                CsvSupport.write_cdx_components_as_csv(cdx_components, outputfile)
+                print_text(f"  {len(cdx_components)} components written to file {outputfile}")
+            elif outputformat == BomFormat.HTML:
+                HtmlConversionSupport.write_cdx_components_as_html(cdx_components, outputfile, project)
+                print_text(f"  {len(cdx_components)} components written to file {outputfile}")
+            elif outputformat == BomFormat.CAPYCLI:
+                if sbom:
+                    CaPyCliBom.write_sbom(sbom, outputfile)
+                    print_text(f"  {len(sbom.components)} components written to file {outputfile}")
+                else:
+                    CaPyCliBom.write_simple_sbom(cdx_components, outputfile)
+                    print_text(f"  {len(cdx_components)} components written to file {outputfile}")
+            elif outputformat == BomFormat.LEGACY:
+                LegacySupport.write_cdx_components_as_legacy(cdx_components, outputfile)
+                print_text(f"  {len(cdx_components)} components written to file {outputfile}")
+            else:
+                LOG.error("Unsupported output format!")
+                sys.exit(ResultCode.RESULT_COMMAND_ERROR)
+        except CaPyCliException as error:
+            LOG.error(f"Error creating output file: {str(error)}")
+            sys.exit(ResultCode.RESULT_COMMAND_ERROR)
+
+    def check_arguments(self, args: Any) -> None:
+        """Check input arguments."""
+        if not args.inputfile:
+            LOG.error("No input file specified!")
+            sys.exit(ResultCode.RESULT_COMMAND_ERROR)
+
+        if not os.path.isfile(args.inputfile):
+            LOG.error("Input file not found!")
+            sys.exit(ResultCode.RESULT_FILE_NOT_FOUND)
+
+        if not args.inputformat:
+            LOG.error("No input format specified!")
+            sys.exit(ResultCode.RESULT_COMMAND_ERROR)
+
+        if not args.outputfile:
+            LOG.error("No output file specified!")
+            sys.exit(ResultCode.RESULT_COMMAND_ERROR)
+
+        if not args.outputformat:
+            LOG.warning("No output format specified, defaulting to sbom")
+
+    def display_help(self) -> None:
+        """Display (local) help."""
+        print("usage: CaPyCli bom convert [-h] [-i INPUTFILE] [-if {capycli,text,csv,legacy,legacy-cx}]")
+        print("                           [-o OUTPUTFILE] [-of {capycli,text,csv,legacy,legacy-cx,html}]")
+        print("")
+        print("optional arguments:")
+        print("    -h, --help            Show this help message and exit")
+        print("    -i INPUTFILE          Input BOM filename (JSON)")
+        print("    -o OUTPUTFILE         Output BOM filename")
+        print("    -if INPUTFORMAT       Specify input file format: capycli|sbom|text|csv|legacy|legacy-cx")
+        print("    -of OUTPUTFORMAT      Specify output file format: capycli|text|csv|legacy|html")
+
+    def run(self, args):
+        """Main method()"""
+        print("\n" + capycli.APP_NAME + ", " + capycli.get_app_version() + " - Convert SBOM formats\n")
+
+        if args.help:
+            self.display_help()
+            return
+
+        self.check_arguments(args)
+        if args.debug:
+            global LOG
+            LOG = get_logger(__name__)
+
+        self.convert(args.inputfile, args.inputformat, args.outputfile, args.outputformat)

capycli/bom/check_bom.py

@@ -0,0 +1,187 @@
+# -------------------------------------------------------------------------------
+# Copyright (c) 2019-23 Siemens
+# All Rights Reserved.
+# Author: thomas.graf@siemens.com
+#
+# SPDX-License-Identifier: MIT
+# -------------------------------------------------------------------------------
+
+import logging
+import os
+import sys
+
+import requests
+import sw360.sw360_api
+from colorama import Fore, Style
+from cyclonedx.model.bom import Bom
+from cyclonedx.model.component import Component
+
+import capycli.common.script_base
+from capycli.common.capycli_bom_support import CaPyCliBom, CycloneDxSupport
+from capycli.common.print import print_green, print_red, print_text, print_yellow
+from capycli.main.result_codes import ResultCode
+
+LOG = capycli.get_logger(__name__)
+
+
+class CheckBom(capycli.common.script_base.ScriptBase):
+    """
+    Check that all releases listed in the SBOM really exist
+    """
+
+    def _bom_has_items_without_id(self, bom: Bom) -> bool:
+        """Determines whether there is at least one SBOM item
+        without Sw360Id."""
+        for item in bom.components:
+            sw360id = CycloneDxSupport.get_property_value(item, CycloneDxSupport.CDX_PROP_SW360ID)
+            if not sw360id:
+                return True
+
+        return False
+
+    def _find_by_id(self, component: Component) -> dict:
+        sw360id = CycloneDxSupport.get_property_value(component, CycloneDxSupport.CDX_PROP_SW360ID)
+        for step in range(3):
+            try:
+                release_details = self.client.get_release(sw360id)
+                return release_details
+            except sw360.sw360_api.SW360Error as swex:
+                if swex.response.status_code == requests.codes['not_found']:
+                    print_yellow(
+                        "  Not found " + component.name +
+                        ", " + component.version + ", " + sw360id)
+                    break
+
+                # only report other errors if this is the third attempt
+                if step >= 2:
+                    print(Fore.LIGHTRED_EX + "  Error retrieving release data: ")
+                    print(
+                        "  " + component.name + ", " + component.version +
+                        ", " + sw360id)
+                    print("  Status Code: " + str(swex.response.status_code))
+                    if swex.message:
+                        print("    Message: " + swex.message)
+                    print(Style.RESET_ALL)
+
+        return None
+
+    def _find_by_name(self, component: Component) -> dict:
+        for step in range(3):
+            try:
+                releases = self.client.get_releases_by_name(component.name)
+                if not releases:
+                    return None
+
+                for r in releases:
+                    if r.get("version", "") == component.version:
+                        return r
+
+                return None
+            except sw360.sw360_api.SW360Error as swex:
+                if swex.response.status_code == requests.codes['not_found']:
+                    print_yellow(
+                        "  Not found " + component.name +
+                        ", " + component.version)
+                    break
+
+                # only report other errors if this is the third attempt
+                if step >= 2:
+                    print(Fore.LIGHTRED_EX + "  Error retrieving release data: ")
+                    print(
+                        "  " + component.name + ", " + component.version)
+                    print("  Status Code: " + str(swex.response.status_code))
+                    if swex.message:
+                        print("    Message: " + swex.message)
+                    print(Style.RESET_ALL)
+
+        return None
+
+    def check_releases(self, bom: Bom) -> int:
+        """Checks for each release in the list whether it can be found on the specified
+        SW360 instance."""
+        found_count = 0
+        for component in bom.components:
+            release_details = None
+            sw360id = CycloneDxSupport.get_property_value(component, CycloneDxSupport.CDX_PROP_SW360ID)
+            if sw360id:
+                release_details = self._find_by_id(component)
+            else:
+                release_details = self._find_by_name(component)
+
+            if release_details:
+                sid = self.client.get_id_from_href(release_details["_links"]["self"]["href"])
+                print_green(
+                    "  Found " + release_details["name"] +
+                    ", " + release_details["version"] + ", " + sid)
+                found_count += 1
+                continue
+
+            if not id:
+                print_yellow(
+                    "  " + component.name +
+                    ", " + component.version +
+                    " - No id available - skipping!")
+                continue
+
+        return found_count
+
+    def run(self, args):
+        """Main method()"""
+        if args.debug:
+            global LOG
+            LOG = capycli.get_logger(__name__)
+        else:
+            # suppress (debug) log output from requests and urllib
+            logging.getLogger("requests").setLevel(logging.WARNING)
+            logging.getLogger("urllib3").setLevel(logging.WARNING)
+            logging.getLogger("urllib3.connectionpool").setLevel(logging.WARNING)
+
+        print_text(
+            "\n" + capycli.APP_NAME + ", " + capycli.get_app_version() +
+            " - Check that all releases in the SBOM exist on target SW360 instance.\n")
+
+        if args.help:
+            print("usage: CaPyCli bom check [-h] [-t SW360_TOKEN] [-oa] [-url SW360_URL] [-v] -i bomfile")
+            print("")
+            print("optional arguments:")
+            print("    -h, --help            show this help message and exit")
+            print("    -t SW360_TOKEN,       SW360_TOKEN")
+            print("                          use this token for access to SW360")
+            print("    -oa, --oauth2         this is an oauth2 token")
+            print("    -url SW360_URL        use this URL for access to SW360")
+            print("    -i INPUTFILE          SBOM file to read from")
+            print("    -v                    be verbose")
+            return
+
+        if not args.inputfile:
+            print_red("No input file specified!")
+            sys.exit(ResultCode.RESULT_COMMAND_ERROR)
+
+        if not os.path.isfile(args.inputfile):
+            print_red("Input file not found!")
+            sys.exit(ResultCode.RESULT_FILE_NOT_FOUND)
+
+        print("Loading SBOM file", args.inputfile)
+        try:
+            bom = CaPyCliBom.read_sbom(args.inputfile)
+        except Exception as ex:
+            print_red("Error loading SBOM: " + repr(ex))
+            sys.exit(ResultCode.RESULT_ERROR_READING_BOM)
+
+        if args.verbose:
+            print_text(" ", self.get_comp_count_text(bom), " read from SBOM")
+
+        if self._bom_has_items_without_id(bom):
+            print("There are SBOM items without Sw360 id - searching per name may take a little bit longer...")
+
+        if args.sw360_token and args.oauth2:
+            self.analyze_token(args.sw360_token)
+
+        if not self.login(token=args.sw360_token, url=args.sw360_url, oauth2=args.oauth2):
+            print_red("ERROR: login failed!")
+            sys.exit(ResultCode.RESULT_AUTH_ERROR)
+
+        found = self.check_releases(bom)
+
+        print()
+        print(len(bom.components), "components checked,", found, "successfully found.")