capycli 2.0.0.dev8__py3-none-any.whl

capycli/project/show_licenses.py

@@ -0,0 +1,211 @@
+# -------------------------------------------------------------------------------
+# Copyright (c) 2019-23 Siemens
+# All Rights Reserved.
+# Author: thomas.graf@siemens.com
+#
+# SPDX-License-Identifier: MIT
+# -------------------------------------------------------------------------------
+
+import logging
+import os
+import shutil
+import sys
+import traceback
+
+import cli_support
+from colorama import Fore, Style
+
+import capycli.common.script_base
+from capycli.common.print import print_red, print_text, print_yellow
+from capycli.main.result_codes import ResultCode
+
+LOG = capycli.get_logger(__name__)
+
+
+class ShowLicenses(capycli.common.script_base.ScriptBase):
+    TEMPFOLDER = ".\\_cli_temp_"
+
+    """Show licenses of all cleared compponents."""
+    def __init__(self):
+        self.nodelete = False
+        self.global_license_list = []
+
+    @classmethod
+    def ensure_dir(cls, folder_path):
+        """Ensures that the given path exists"""
+        if not os.path.exists(folder_path):
+            os.makedirs(folder_path)
+
+        if not os.path.exists(folder_path):
+            print_red("  Unable to create temp folder!")
+
+    @classmethod
+    def print_license_list(cls, license_list):
+        """Displays the licenses color-coded"""
+        for lic in license_list:
+            color = Fore.RESET
+            check = lic.upper()
+            if "GPL" in check:
+                color = Fore.LIGHTYELLOW_EX
+
+            if "EPL" in check:
+                color = Fore.LIGHTYELLOW_EX
+
+            if "MPL" in check:
+                color = Fore.LIGHTYELLOW_EX
+
+            if "CDDL" in check:
+                color = Fore.LIGHTYELLOW_EX
+
+            if "CPL" in check:
+                color = Fore.LIGHTYELLOW_EX
+
+            print(color + lic + " ", end="", flush=True)
+
+        print(Style.RESET_ALL)
+
+    def process_release(self, release, tempfolder):
+        """Processes a single release"""
+        if "_embedded" not in release:
+            print_red("    No license information available!")
+            return
+
+        if "sw360:attachments" not in release["_embedded"]:
+            print_red("    No license information available!")
+            return
+
+        cli_filename = ""
+        attachment_infos = release["_embedded"]["sw360:attachments"]
+        for key in attachment_infos:
+            att_href = key["_links"]["self"]["href"]
+            attachment = self.client.get_attachment_by_url(att_href)
+            if attachment.get("attachmentType", "") != "COMPONENT_LICENSE_INFO_XML":
+                continue
+
+            filename = key["filename"]
+            filename = os.path.join(tempfolder, filename)
+            release_id = self.client.get_id_from_href(release["_links"]["self"]["href"])
+            attachment_id = self.client.get_id_from_href(att_href)
+            self.client.download_release_attachment(filename, release_id, attachment_id)
+            if os.path.isfile(filename):
+                cli_filename = filename
+                break
+            else:
+                print_red("    Error downloading CLI file!")
+
+        if not cli_filename:
+            print_yellow("    No CLI file found!")
+            return
+
+        clifile = cli_support.CLI.CliFile()
+
+        try:
+            clifile.read_from_file(cli_filename)
+        except OSError as ex:
+            print_red("    Error reading CLI file: " + cli_filename)
+            print_red("    Error '{0}' occured. Arguments {1}.".format(ex.errno, ex.args))
+
+        license_list = []
+        for lic in clifile.licenses:
+            license_list.append(lic.name + " (" + lic.spdx_identifier + ")")
+            if lic.name not in self.global_license_list:
+                self.global_license_list.append(lic.name)
+
+        self.print_license_list(license_list)
+
+    def show_licenses(self, id):
+        tempfolder = self.TEMPFOLDER
+        self.ensure_dir(tempfolder)
+
+        try:
+            project = self.client.get_project(id)
+        except Exception as ex:
+            print_red(
+                "Error searching for project: \n" +
+                repr(ex) + "\n" +
+                str(traceback.format_exc()))
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
+        print_text("  Project name: " + project["name"] + ", " + project["version"])
+        print_text("  Project owner: " + project["projectOwner"])
+        print_text("  Clearing state: " + project["clearingState"])
+        if self.nodelete:
+            print_text("  Temp folder", tempfolder, "will not get deleted.")
+
+        self.global_license_list = []
+        if "sw360:releases" in project["_embedded"]:
+            print_text("\nComponents: ")
+            releases = project["_embedded"]["sw360:releases"]
+            print_text("  Scanning", len(releases), "releases.")
+            for key in sorted(releases, key=lambda item: item["name"]):
+                href = key["_links"]["self"]["href"]
+                print_text("\n  " + key["name"] + ", " + key["version"])
+                release = self.client.get_release_by_url(href)
+
+                try:
+                    self.process_release(release, tempfolder)
+                except Exception as ex:
+                    print_red("Error processing release: \n" + repr(ex))
+
+            print_text("\nLicense summary:")
+            self.print_license_list(self.global_license_list)
+        else:
+            print_text("\n  No linked releases")
+
+        if not self.nodelete:
+            shutil.rmtree(tempfolder)
+
+    def show_command_help(self):
+        print("\nusage: CaPyCli project licenses [options]")
+        print("Options:")
+        print("""
+  -id ID           SW360 id of the project
+  -t SW360_TOKEN   use this token for access to SW360
+  -oa,             this is an oauth2 token
+  -url SW360_URL   use this URL for access to SW360
+  -name            name of the project, component or release
+  -version         version of the project, component or release
+        """)
+
+        print()
+
+    def run(self, args):
+        """Main method()"""
+        if args.debug:
+            global LOG
+            LOG = capycli.get_logger(__name__)
+        else:
+            # suppress (debug) log output from requests and urllib
+            logging.getLogger("requests").setLevel(logging.WARNING)
+            logging.getLogger("urllib3").setLevel(logging.WARNING)
+            logging.getLogger("urllib3.connectionpool").setLevel(logging.WARNING)
+
+        print_text(
+            "\n" + capycli.APP_NAME + ", " + capycli.get_app_version() +
+            " - Show licenses of all cleared components.")
+
+        if args.help:
+            self.show_command_help()
+            return
+
+        if not self.login(token=args.sw360_token, url=args.sw360_url, oauth2=args.oauth2):
+            print_red("ERROR: login failed!")
+            sys.exit(ResultCode.RESULT_AUTH_ERROR)
+
+        name = args.name
+        version = None
+        if args.version:
+            version = args.version
+
+        if args.id:
+            self.show_licenses(args.id)
+        elif (args.name and args.version):
+            # find_project() is part of script_base.py
+            pid = self.find_project(name, version)
+            if pid:
+                self.show_licenses(pid)
+            else:
+                print_yellow("  No matching project found")
+        else:
+            print_red("Neither name and version nor project id specified!")
+            sys.exit(ResultCode.RESULT_COMMAND_ERROR)

capycli/project/show_project.py

@@ -0,0 +1,215 @@
+# -------------------------------------------------------------------------------
+# Copyright (c) 2019-23 Siemens
+# All Rights Reserved.
+# Author: thomas.graf@siemens.com
+#
+# SPDX-License-Identifier: MIT
+# -------------------------------------------------------------------------------
+
+import logging
+import sys
+
+import sw360
+from colorama import Fore
+
+import capycli.common.json_support
+import capycli.common.script_base
+from capycli.common.print import print_red, print_text, print_yellow
+from capycli.main.result_codes import ResultCode
+
+LOG = capycli.get_logger(__name__)
+
+
+class ShowProject(capycli.common.script_base.ScriptBase):
+    """Show project details."""
+
+    def get_clearing_state(self, proj: dict, href: str):
+        """Returns the clearing state of the given component/release"""
+        rel = proj["linkedReleases"]
+        for key in rel:
+            if key["release"] == href:
+                return key["mainlineState"]
+
+        return None
+
+    def show_project_status(self, result: dict):
+        if not result:
+            return
+
+        print_text("  Project name: " + result["Name"] + ", " + result["Version"])
+        if "ProjectResponsible" in result:
+            print_text("  Project responsible: " + result["ProjectResponsible"])
+        print_text("  Project owner: " + result["ProjectOwner"])
+        print_text("  Clearing state: " + result["ClearingState"])
+
+        if len(result["Projects"]) > 0:
+            print_text("\n  Linked projects: ")
+            for project in result["Projects"]:
+                print_text("    " + project["Name"] + ", " + project["Version"])
+        else:
+            print_text("\n    No linked projects")
+
+        if len(result["Releases"]) > 0:
+            print_text("\n  Components: ")
+            releases = result["Releases"]
+            releases.sort(key=lambda s: s["Name"].lower())
+            for release in releases:
+                state = self.get_clearing_state(self.project, release["Href"])
+                prereq = ""
+                if state == "OPEN":
+                    print(Fore.LIGHTYELLOW_EX, end="", flush=True)
+                    if release["SourceAvailable"] == "False":
+                        print(Fore.LIGHTRED_EX, end="", flush=True)
+                        prereq = "; No source provided"
+                else:
+                    prereq = ""
+
+                print(
+                    "    " + release["Name"] +
+                    ", " + release["Version"] + " = " +
+                    release.get("ProjectClearingState", "Unknown") + ", " +
+                    release.get("ClearingState", "Unknown") +
+                    prereq + Fore.RESET)
+        else:
+            print_text("    No linked releases")
+
+    def get_project_status(self, project_id: str) -> dict:
+        """Get the project status for the project with the specified id"""
+        print_text("Retrieving project details...")
+        result = {}
+
+        try:
+            self.project = self.client.get_project(project_id)
+        except sw360.SW360Error as swex:
+            print_red("  ERROR: unable to access project: " + repr(swex))
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
+        if not self.project:
+            print_red("  ERROR: unable to read project data!")
+            sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
+        result["Name"] = self.project.get("name", "")
+        result["Version"] = self.project.get("version", "")
+        result["ProjectOwner"] = self.project.get("projectOwner", "")
+        result["ProjectResponsible"] = self.project.get("projectResponsible", "")
+        result["SecurityResponsibles"] = self.project.get("securityResponsibles", [])
+        result["BusinessUnit"] = self.project.get("businessUnit", "")
+        result["Tag"] = self.project.get("tag", "")
+        result["enableSvm"] = self.project.get("enableSvm", None)
+        result["EnableVulnerabilitiesDisplay"] = self.project.get("enableVulnerabilitiesDisplay", None)
+        result["ClearingState"] = self.project.get("clearingState", "OPEN")
+        if self.sw360_url:
+            result["ProjectLink"] = (
+                self.sw360_url + "group/guest/projects/-/project/detail/" + project_id
+            )
+
+        result["Releases"] = []
+
+        if "sw360:releases" in self.project["_embedded"]:
+            releases = self.project["_embedded"]["sw360:releases"]
+            releases.sort(key=lambda s: s["name"].lower())
+            for release in releases:
+                href = release["_links"]["self"]["href"]
+                state = self.get_clearing_state(self.project, href)
+
+                rel_item = {}
+                rel_item["Name"] = release["name"]
+                rel_item["Version"] = release["version"]
+                rel_item["ProjectClearingState"] = state
+                rel_item["Id"] = self.client.get_id_from_href(href)
+                rel_item["Sw360Id"] = rel_item["Id"]
+                rel_item["Href"] = href
+                rel_item["Url"] = (
+                    self.sw360_url
+                    + "group/guest/components/-/component/release/detailRelease/"
+                    + self.client.get_id_from_href(href))
+
+                try:
+                    release_details = self.client.get_release_by_url(href)
+                    # capycli.common.json_support.print_json(release_details)
+                    rel_item["ClearingState"] = release_details["clearingState"]
+                    rel_item["ReleaseMainlineState"] = release_details.get("mainlineState", "")
+                    rel_item["SourceAvailable"] = "False"
+                    if "externalIds" in release_details:
+                        rel_item["ExternalIds"] = release_details["externalIds"]
+                    if "_embedded" in release_details:
+                        if "sw360:attachments" in release_details["_embedded"]:
+                            att = release_details["_embedded"]["sw360:attachments"]
+                            for key in att:
+                                if key["attachmentType"] == "SOURCE":
+                                    rel_item["SourceAvailable"] = "True"
+                except sw360.SW360Error as swex:
+                    print_red("  ERROR: unable to access project:" + repr(swex))
+                    sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
+                result["Releases"].append(rel_item)
+
+        result["Projects"] = []
+        if "sw360:projects" in self.project["_embedded"]:
+            projects = self.project["_embedded"]["sw360:projects"]
+            projects.sort(key=lambda s: s["name"].lower())
+            for project in projects:
+                proj_item = {}
+                proj_item["Name"] = project["name"]
+                proj_item["Version"] = project["version"]
+                proj_item["Href"] = project["_links"]["self"]["href"]
+                result["Projects"].append(proj_item)
+
+        return result
+
+    def run(self, args):
+        """Main method()"""
+        if args.debug:
+            global LOG
+            LOG = capycli.get_logger(__name__)
+        else:
+            # suppress (debug) log output from requests and urllib
+            logging.getLogger("requests").setLevel(logging.WARNING)
+            logging.getLogger("urllib3").setLevel(logging.WARNING)
+            logging.getLogger("urllib3.connectionpool").setLevel(logging.WARNING)
+
+        print_text(
+            "\n" + capycli.APP_NAME + ", " + capycli.get_app_version() +
+            " - Show project details\n")
+
+        if args.help:
+            print("usage: CaPyCli project show [-h] -t TOKEN -name NAME -version VERSION"
+                  "[-id PROJECT_ID] [-o OUTPUTFILE]")
+            print("")
+            print("optional arguments:")
+            print("    -h, --help            show this help message and exit")
+            print("    -name NAME            name of the project")
+            print("    -version VERSION      version of the project")
+            print("    -id PROJECT_ID        SW360 id of the project, supersedes name and version parameters")
+            print("    -t SW360_TOKEN        use this token for access to SW360")
+            print("    -oa,                  this is an oauth2 token")
+            print("    -url SW360_URL        use this URL for access to SW360")
+            print("    -o OUTPUTFILE         output file to write project details to")
+            return
+
+        if not self.login(token=args.sw360_token, url=args.sw360_url, oauth2=args.oauth2):
+            print_red("ERROR: login failed!")
+            sys.exit(ResultCode.RESULT_AUTH_ERROR)
+
+        name = args.name
+        version = None
+        pid = None
+        if args.version:
+            version = args.version
+
+        if args.id:
+            pid = args.id
+        elif (args.name and args.version):
+            # find_project() is part of script_base.py
+            pid = self.find_project(name, version)
+        else:
+            print_red("Neither name and version nor project id specified!")
+            sys.exit(ResultCode.RESULT_COMMAND_ERROR)
+
+        if pid:
+            status = self.get_project_status(pid)
+            self.show_project_status(status)
+            if args.outputfile:
+                capycli.common.json_support.write_json_to_file(status, args.outputfile)
+        else:
+            print_yellow("  No matching project found")

capycli/project/show_vulnerabilities.py

@@ -0,0 +1,238 @@
+# -------------------------------------------------------------------------------
+# Copyright (c) 2020-2023 Siemens
+# All Rights Reserved.
+# Author: thomas.graf@siemens.com
+#
+# SPDX-License-Identifier: MIT
+# -------------------------------------------------------------------------------
+
+import logging
+import sys
+
+import requests
+import sw360
+from colorama import Fore, Style
+
+import capycli.common.json_support
+import capycli.common.script_base
+from capycli.common.print import print_green, print_red, print_text, print_yellow
+from capycli.main.result_codes import ResultCode
+
+LOG = capycli.get_logger(__name__)
+
+
+class ShowSecurityVulnerability(capycli.common.script_base.ScriptBase):
+    """Show security vulnerabilities of a project."""
+
+    def __init__(self):
+        """Initialize."""
+        self.verbose = False
+        self.format = "text"
+
+    def list_projects(self, name, version):
+        try:
+            print_text("  Searching for projects by name (and version)")
+            projects = self.client.get_projects_by_name(name)
+
+            if not projects:
+                print_yellow("  No matching project found!")
+                sys.exit(ResultCode.RESULT_PROJECT_NOT_FOUND)
+
+            for project in projects:
+                if version:
+                    proj_version = project.get("version", "")
+                    if proj_version == version:
+                        self.display_project(project)
+                else:
+                    self.display_project(project)
+
+        except Exception as ex:
+            print_red("Error searching for project: \n" + repr(ex))
+
+    def show_project_by_id(self, project_id) -> dict:
+        """
+        Show information about a single project by project id.
+        """
+        try:
+            project = self.client.get_project(project_id)
+            if not project:
+                print_yellow("No project with given id found!")
+                sys.exit(ResultCode.RESULT_PROJECT_NOT_FOUND)
+
+            return self.display_project(project)
+        except sw360.sw360_api.SW360Error as swex:
+            if swex.response.status_code == requests.codes['not_found']:
+                print_yellow("Project not found!")
+                sys.exit(ResultCode.RESULT_PROJECT_NOT_FOUND)
+            else:
+                print_red("Error searching for project: \n")
+                print_red("  Status Code: " + str(swex.response.status_code))
+                if swex.message:
+                    print_red("    Message: " + swex.message)
+                sys.exit(ResultCode.RESULT_ERROR_ACCESSING_SW360)
+
+    def display_project(self, project, pid=-1) -> dict:
+        """
+        Show information about a single project.
+        """
+        report = {}
+        href = None
+        if pid > -1:
+            project = self.client.get_project(pid)
+        else:
+            href = project["_links"]["self"]["href"]
+            project = self.client.get_project_by_url(href)
+
+        if not href:
+            href = project["_links"]["self"]["href"]
+
+        report["Name"] = project["name"]
+        report["Version"] = project.get("version", "")
+        report["Id"] = self.client.get_id_from_href(href)
+        report["Sw360Id"] = report["Id"]
+        report["Vulnerabilities"] = []
+
+        print_text("Project information:")
+        print_text("  Name:", project["name"])
+        print_text("  Version:", project.get("version", ""))
+        if self.verbose:
+            print_text("  Id:", self.client.get_id_from_href(href))
+
+        vuls = self.client.get_project_vulnerabilities(self.client.get_id_from_href(href))
+        # capycli.common.json_support.write_json_to_file(vuls, "vuls.json")
+        if "_embedded" not in vuls:
+            return report
+
+        # 2022-07-01: SW360 changed "sw360:vulnerabilityDToes" to "sw360:vulnerabilityDTOes" - arrgghhh
+        if "sw360:vulnerabilityDTOes" not in vuls["_embedded"]:
+            return report
+
+        report["Vulnerabilities"] = vuls["_embedded"]["sw360:vulnerabilityDTOes"]
+
+        print_text("\nVulnerabilities: ")
+        if len(report["Vulnerabilities"]) == 0:
+            print_green("  No security vulnerabilities known or feature not enabled\n")
+
+        for vu in report["Vulnerabilities"]:
+            relevance = vu.get("projectRelevance", "???")
+            prio = vu.get("priority", "???")
+            color = Style.RESET_ALL
+            if relevance == "RESOLVED":
+                color = Fore.LIGHTGREEN_EX
+            elif relevance == "IN_ANALYSIS":
+                color = Fore.LIGHTYELLOW_EX
+            elif ((prio == "1 - critical") or (prio == "2 - major")):
+                color = Fore.LIGHTRED_EX
+
+            print_text(color, " Priority:         ", prio)
+            print_text("  Project Relevance:", relevance)
+            print_text("  Project Comment:  ", vu.get("comment", "???"))
+            print_text("  Project Action:   ", vu.get("projectAction", "???"))
+            print_text("  Component:        ", vu.get("intReleaseName", "???"))
+            print(Style.RESET_ALL)
+
+        return report
+
+    def check_report_for_critical_findings(self, report: dict, prio_text: str) -> bool:
+        """
+        Checks the report data for critical findings, i.e. a vulnerability
+        with priority less than or equal to prio and greater than 0.
+        1 - critical
+        2 - major
+        3 - minor
+        """
+
+        try:
+            prio = int(prio_text)
+        except ValueError:
+            prio = 0
+
+        if prio < 0:
+            prio = 0
+
+        if prio > 5:
+            prio = 5
+
+        if prio == 0:
+            # no check requested
+            return False
+
+        for v in report.get("Vulnerabilities", []):
+            vprio_text = v.get("priority", "0")
+            if len(vprio_text) < 1:
+                continue
+
+            vprio = int(vprio_text[0])
+            if vprio > prio:
+                continue
+
+            if v.get("projectRelevance", "???") == "NOT_CHECKED":
+                return True
+
+        return False
+
+    def show_command_help(self):
+        print("\nusage: CaPyCli project vulnerabilities [options]")
+        print("Options:")
+        print("""
+  -id ID           SW360 id of the project
+  -t SW360_TOKEN   use this token for access to SW360
+  -oa,             this is an oauth2 token
+  -url SW360_URL   use this URL for access to SW360
+  -name            name of the project, component or release
+  -version         version of the project, component or release
+  -v               be verbose
+  -format FMT      output format, one of [text, json], default is text
+  -fe PRIO         minimum vulnerability priority to force exit code != 0
+        """)
+
+        print()
+
+    def run(self, args):
+        """Main method()"""
+        if args.debug:
+            global LOG
+            LOG = capycli.get_logger(__name__)
+        else:
+            # suppress (debug) log output from requests and urllib
+            logging.getLogger("requests").setLevel(logging.WARNING)
+            logging.getLogger("urllib3").setLevel(logging.WARNING)
+            logging.getLogger("urllib3.connectionpool").setLevel(logging.WARNING)
+
+        print_text(
+            "\n" + capycli.APP_NAME + ", " + capycli.get_app_version() +
+            " - Show security vulnerabilities of a project")
+
+        if args.help:
+            self.show_command_help()
+            return
+
+        if args.verbose:
+            self.verbose = args.verbose
+
+        self.format = args.format
+        if args.verbose:
+            print("Output format is", self.format)
+
+        if not self.login(token=args.sw360_token, url=args.sw360_url, oauth2=args.oauth2):
+            print_red("ERROR: login failed!")
+            sys.exit(ResultCode.RESULT_AUTH_ERROR)
+
+        report = None
+        if args.id:
+            report = self.show_project_by_id(args.id)
+            if args.outputfile and report:
+                capycli.common.json_support.write_json_to_file(report, args.outputfile)
+        else:
+            if args.name:
+                self.list_projects(args.name, args.version)
+            else:
+                print_red("Neither name nor external id specified!")
+                sys.exit(ResultCode.RESULT_COMMAND_ERROR)
+
+        # do we have to set an exit code?
+        if args.force_exit and report:
+            critical = self.check_report_for_critical_findings(report, args.force_exit)
+            if critical:
+                print_yellow("Unhandled security vulnerability found, exiting with code != 0")
+                sys.exit(ResultCode.RESULT_UNHANDLED_SECURITY_VULNERABILITY_FOUND)