Skip to content

Commit 2640119

Browse files
gernot-hgernot-h
committed
feat(project CreateBom): ignore rejected attachments
This unfortunately requires retrieving attachment info for each attachment.
1 parent e73870d commit 2640119

File tree

3 files changed

+103
-33
lines changed

3 files changed

+103
-33
lines changed

ChangeLog.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
* fix: urls coming from granularity file are repository urls and not source code
1111
download urls.
1212
* fix wrong variable to correct `bom findsources`.
13+
* `project createbom` will not add rejected attachments to SBOM
1314
* `project createbom` adds CLI and report information to SBOM
1415
* new command `bom downloadattachments` to download CLI and report attachments
1516

capycli/project/create_bom.py

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -109,13 +109,16 @@ def create_project_bom(self, project: Dict[str, Any], create_controlfile: bool)
109109
if at_type not in CaPyCliBom.FILE_COMMENTS:
110110
continue
111111
comment = CaPyCliBom.FILE_COMMENTS[at_type]
112+
at_data = self.client.get_attachment_by_url(attachment["_links"]["self"]["href"])
113+
if at_data.get("checkStatus") == "REJECTED":
114+
print_yellow(" WARNING: ignoring REJECTED attachment",
115+
attachment["filename"])
116+
continue
112117
if at_type in ("SOURCE", "SOURCE_SELF", "BINARY", "BINARY_SELF"):
113118
ext_ref_type = ExternalReferenceType.DISTRIBUTION
114119
else:
115120
ext_ref_type = ExternalReferenceType.OTHER
116121
if create_controlfile:
117-
at_data = self.client.get_attachment_by_url(attachment["_links"]["self"]["href"])
118-
119122
at_details = {
120123
"ComponentName": " ".join((release["name"], release["version"])),
121124
"Sw360Id": sw360_id,

tests/test_create_bom.py

Lines changed: 97 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -150,7 +150,7 @@ def test_create_bom_multiple_purls(self, capsys: Any) -> None:
150150
content_type="application/json",
151151
adding_headers={"Authorization": "Token " + self.MYTOKEN},
152152
)
153-
153+
self.add_project_attachment_responses()
154154
cdx_components, _ = sut.create_project_bom(self.get_project_for_test(),
155155
create_controlfile=False)
156156
captured = capsys.readouterr()
@@ -217,6 +217,86 @@ def add_project_releases_responses(self):
217217
)
218218
return release
219219

220+
def add_project_attachment_responses(self):
221+
responses.add(
222+
method=responses.GET,
223+
url=self.MYURL + "resource/api/attachments/r001a002",
224+
body="""
225+
{
226+
"filename": "wheel-0.38.4.zip",
227+
"attachmentType": "SOURCE"
228+
}""",
229+
status=200,
230+
content_type="application/json",
231+
adding_headers={"Authorization": "Token " + self.MYTOKEN},
232+
)
233+
responses.add(
234+
method=responses.GET,
235+
url=self.MYURL + "resource/api/attachments/r001a001",
236+
body="""
237+
{
238+
"filename": "CLIXML_wheel-0.38.4.xml",
239+
"sha1": "ccd9f1ed2f59c46ff3f0139c05bfd76f83fd9851",
240+
"attachmentType": "COMPONENT_LICENSE_INFO_XML"
241+
}""",
242+
status=200,
243+
content_type="application/json",
244+
adding_headers={"Authorization": "Token " + self.MYTOKEN},
245+
)
246+
247+
responses.add(
248+
method=responses.GET,
249+
url=self.MYURL + "resource/api/attachments/r002a001",
250+
body="""
251+
{
252+
"filename": "clipython-1.3.0.zip",
253+
"attachmentType": "SOURCE"
254+
}""",
255+
status=200,
256+
content_type="application/json",
257+
adding_headers={"Authorization": "Token " + self.MYTOKEN},
258+
)
259+
responses.add(
260+
method=responses.GET,
261+
url=self.MYURL + "resource/api/attachments/r002a002",
262+
body="""
263+
{
264+
"filename": "CLIXML_clipython-1.3.0.xml",
265+
"sha1": "dd4c38387c6811dba67d837af7742d84e61e20de",
266+
"attachmentType": "COMPONENT_LICENSE_INFO_XML",
267+
"checkedBy": "[email protected]",
268+
"checkStatus": "ACCEPTED",
269+
"createdBy": "[email protected]"
270+
}""",
271+
status=200,
272+
content_type="application/json",
273+
adding_headers={"Authorization": "Token " + self.MYTOKEN},
274+
)
275+
responses.add(
276+
method=responses.GET,
277+
url=self.MYURL + "resource/api/attachments/r002a003",
278+
body="""
279+
{
280+
"filename": "clipython-repacked-for-fun.zip",
281+
"attachmentType": "SOURCE_SELF"
282+
}""",
283+
status=200,
284+
content_type="application/json",
285+
adding_headers={"Authorization": "Token " + self.MYTOKEN},
286+
)
287+
responses.add(
288+
method=responses.GET,
289+
url=self.MYURL + "resource/api/attachments/r002a004",
290+
body="""
291+
{
292+
"filename": "clipython-1.3.0.docx",
293+
"attachmentType": "CLEARING_REPORT"
294+
}""",
295+
status=200,
296+
content_type="application/json",
297+
adding_headers={"Authorization": "Token " + self.MYTOKEN},
298+
)
299+
220300
@responses.activate
221301
def test_project_by_id(self) -> None:
222302
sut = CreateBom()
@@ -225,6 +305,7 @@ def test_project_by_id(self) -> None:
225305
sut.login(token=TestBasePytest.MYTOKEN, url=TestBasePytest.MYURL)
226306

227307
release = self.add_project_releases_responses()
308+
self.add_project_attachment_responses()
228309
project = self.get_project_for_test()
229310

230311
cdx_bom, _ = sut.create_project_cdx_bom("p001", create_controlfile=False)
@@ -278,37 +359,8 @@ def test_project_by_id_controlfile(self):
278359
sut.login(token=TestBasePytest.MYTOKEN, url=TestBasePytest.MYURL)
279360

280361
self.add_project_releases_responses()
362+
self.add_project_attachment_responses()
281363

282-
# attachment info
283-
responses.add(
284-
method=responses.GET,
285-
url=self.MYURL + "resource/api/attachments/r001a001",
286-
body="""
287-
{
288-
"filename": "CLIXML_wheel-0.38.4.xml",
289-
"sha1": "ccd9f1ed2f59c46ff3f0139c05bfd76f83fd9851",
290-
"attachmentType": "COMPONENT_LICENSE_INFO_XML"
291-
}""",
292-
status=200,
293-
content_type="application/json",
294-
adding_headers={"Authorization": "Token " + self.MYTOKEN},
295-
)
296-
responses.add(
297-
method=responses.GET,
298-
url=self.MYURL + "resource/api/attachments/r002a002",
299-
body="""
300-
{
301-
"filename": "CLIXML_clipython-1.3.0.xml",
302-
"sha1": "dd4c38387c6811dba67d837af7742d84e61e20de",
303-
"attachmentType": "COMPONENT_LICENSE_INFO_XML",
304-
"checkedBy": "[email protected]",
305-
"checkStatus": "ACCEPTED",
306-
"createdBy": "[email protected]"
307-
}""",
308-
status=200,
309-
content_type="application/json",
310-
adding_headers={"Authorization": "Token " + self.MYTOKEN},
311-
)
312364
responses.add(
313365
method=responses.GET,
314366
url=self.MYURL + "resource/api/attachments/r002a004",
@@ -418,6 +470,7 @@ def test_project_show_by_name(self) -> None:
418470
content_type="application/json",
419471
adding_headers={"Authorization": "Token " + self.MYTOKEN},
420472
)
473+
self.add_project_attachment_responses()
421474

422475
self.delete_file(self.OUTPUTFILE)
423476
out = self.capture_stdout(sut.run, args)
@@ -457,6 +510,7 @@ def test_create_project_bom_release_error(self):
457510
content_type="application/json",
458511
adding_headers={"Authorization": "Token " + self.MYTOKEN},
459512
)
513+
self.add_project_attachment_responses()
460514
with pytest.raises(SystemExit):
461515
bom, _ = sut.create_project_bom(self.get_project_for_test(), create_controlfile=False)
462516

@@ -483,6 +537,18 @@ def test_create_project_bom_controlfile_attachment_error(self):
483537
content_type="application/json",
484538
adding_headers={"Authorization": "Token " + self.MYTOKEN},
485539
)
540+
responses.add(
541+
method=responses.GET,
542+
url=self.MYURL + "resource/api/attachments/r002a001",
543+
body="""
544+
{
545+
"filename": "clipython-1.3.0.zip",
546+
"attachmentType": "COMPONENT_LICENSE_INFO_XML"
547+
}""",
548+
status=200,
549+
content_type="application/json",
550+
adding_headers={"Authorization": "Token " + self.MYTOKEN},
551+
)
486552
responses.add(
487553
method=responses.GET,
488554
url=self.MYURL + "resource/api/attachments/r002a002",

0 commit comments

Comments
 (0)