feat(project CreateBom): ignore rejected attachments

This unfortunately requires retrieving attachment info for each
attachment.

Author: gernot-h

ChangeLog.md

@@ -14,6 +14,7 @@
   If multiple purls are found, a warning is printed asking user to manually edit SBOM.
 * `project createbom` add SW360 attachment info as external references to SBOM
   (currently supported: source, binary, CLI, report).
+* `project createbom` will not add rejected attachments to SBOM
 * `project createbom` adds SW360 project name, version and description to SBOM.
 * new command `bom downloadattachments` to download CLI and report attachments
 

capycli/project/create_bom.py

@@ -101,13 +101,16 @@ def create_project_bom(self, project, create_controlfile) -> Tuple[list, list]:
                     if at_type not in CaPyCliBom.FILE_COMMENTS:
                         continue
                     comment = CaPyCliBom.FILE_COMMENTS[at_type]
+                    at_data = self.client.get_attachment_by_url(attachment["_links"]["self"]["href"])
+                    if at_data.get("checkStatus") == "REJECTED":
+                        print_yellow("      WARNING: ignoring REJECTED attachment",
+                                     attachment["filename"])
+                        continue
                     if at_type in ("SOURCE", "SOURCE_SELF", "BINARY", "BINARY_SELF"):
                         ext_ref_type = ExternalReferenceType.DISTRIBUTION
                     else:
                         ext_ref_type = ExternalReferenceType.OTHER
                         if create_controlfile:
-                            at_data = self.client.get_attachment_by_url(attachment["_links"]["self"]["href"])
-
                             at_details = {
                                 "ComponentName": " ".join((release["name"], release["version"])),
                                 "Sw360Id": sw360_id,

tests/test_create_bom.py

@@ -149,7 +149,7 @@ def test_create_bom_multiple_purls(self, capsys):
             content_type="application/json",
             adding_headers={"Authorization": "Token " + self.MYTOKEN},
         )
-
+        self.add_project_attachment_responses()
         cdx_components, _ = sut.create_project_bom(self.get_project_for_test(),
                                                    create_controlfile=False)
         captured = capsys.readouterr()
@@ -214,6 +214,86 @@ def add_project_releases_responses(self):
         )
         return release
 
+    def add_project_attachment_responses(self):
+        responses.add(
+            method=responses.GET,
+            url=self.MYURL + "resource/api/attachments/r001a002",
+            body="""
+                {
+                    "filename": "wheel-0.38.4.zip",
+                    "attachmentType": "SOURCE"
+                }""",
+            status=200,
+            content_type="application/json",
+            adding_headers={"Authorization": "Token " + self.MYTOKEN},
+        )
+        responses.add(
+            method=responses.GET,
+            url=self.MYURL + "resource/api/attachments/r001a001",
+            body="""
+                {
+                    "filename": "CLIXML_wheel-0.38.4.xml",
+                    "sha1": "ccd9f1ed2f59c46ff3f0139c05bfd76f83fd9851",
+                    "attachmentType": "COMPONENT_LICENSE_INFO_XML"
+                }""",
+            status=200,
+            content_type="application/json",
+            adding_headers={"Authorization": "Token " + self.MYTOKEN},
+        )
+
+        responses.add(
+            method=responses.GET,
+            url=self.MYURL + "resource/api/attachments/r002a001",
+            body="""
+                {
+                    "filename": "clipython-1.3.0.zip",
+                    "attachmentType": "SOURCE"
+                }""",
+            status=200,
+            content_type="application/json",
+            adding_headers={"Authorization": "Token " + self.MYTOKEN},
+        )
+        responses.add(
+            method=responses.GET,
+            url=self.MYURL + "resource/api/attachments/r002a002",
+            body="""
+                {
+                    "filename": "CLIXML_clipython-1.3.0.xml",
+                    "sha1": "dd4c38387c6811dba67d837af7742d84e61e20de",
+                    "attachmentType": "COMPONENT_LICENSE_INFO_XML",
+                    "checkedBy": "[email protected]",
+                    "checkStatus": "ACCEPTED",
+                    "createdBy": "[email protected]"
+                }""",
+            status=200,
+            content_type="application/json",
+            adding_headers={"Authorization": "Token " + self.MYTOKEN},
+        )
+        responses.add(
+            method=responses.GET,
+            url=self.MYURL + "resource/api/attachments/r002a003",
+            body="""
+                {
+                    "filename": "clipython-repacked-for-fun.zip",
+                    "attachmentType": "SOURCE_SELF"
+                }""",
+            status=200,
+            content_type="application/json",
+            adding_headers={"Authorization": "Token " + self.MYTOKEN},
+        )
+        responses.add(
+            method=responses.GET,
+            url=self.MYURL + "resource/api/attachments/r002a004",
+            body="""
+                {
+                    "filename": "clipython-1.3.0.docx",
+                    "attachmentType": "CLEARING_REPORT"
+                }""",
+            status=200,
+            content_type="application/json",
+            adding_headers={"Authorization": "Token " + self.MYTOKEN},
+        )
+
     @responses.activate
     def test_project_by_id(self):
         sut = CreateBom()
@@ -222,6 +302,7 @@ def test_project_by_id(self):
         sut.login(token=TestBasePytest.MYTOKEN, url=TestBasePytest.MYURL)
 
         release = self.add_project_releases_responses()
+        self.add_project_attachment_responses()
         project = self.get_project_for_test()
 
         cdx_bom, _ = sut.create_project_cdx_bom("p001", create_controlfile=False)
@@ -273,37 +354,8 @@ def test_project_by_id_controlfile(self):
         sut.login(token=TestBasePytest.MYTOKEN, url=TestBasePytest.MYURL)
 
         self.add_project_releases_responses()
+        self.add_project_attachment_responses()
 
-        # attachment info
-        responses.add(
-            method=responses.GET,
-            url=self.MYURL + "resource/api/attachments/r001a001",
-            body="""
-                {
-                    "filename": "CLIXML_wheel-0.38.4.xml",
-                    "sha1": "ccd9f1ed2f59c46ff3f0139c05bfd76f83fd9851",
-                    "attachmentType": "COMPONENT_LICENSE_INFO_XML"
-                }""",
-            status=200,
-            content_type="application/json",
-            adding_headers={"Authorization": "Token " + self.MYTOKEN},
-        )
-        responses.add(
-            method=responses.GET,
-            url=self.MYURL + "resource/api/attachments/r002a002",
-            body="""
-                {
-                    "filename": "CLIXML_clipython-1.3.0.xml",
-                    "sha1": "dd4c38387c6811dba67d837af7742d84e61e20de",
-                    "attachmentType": "COMPONENT_LICENSE_INFO_XML",
-                    "checkedBy": "[email protected]",
-                    "checkStatus": "ACCEPTED",
-                    "createdBy": "[email protected]"
-                }""",
-            status=200,
-            content_type="application/json",
-            adding_headers={"Authorization": "Token " + self.MYTOKEN},
-        )
         responses.add(
             method=responses.GET,
             url=self.MYURL + "resource/api/attachments/r002a004",
@@ -413,6 +465,7 @@ def test_project_show_by_name(self):
             content_type="application/json",
             adding_headers={"Authorization": "Token " + self.MYTOKEN},
         )
+        self.add_project_attachment_responses()
 
         self.delete_file(self.OUTPUTFILE)
         out = self.capture_stdout(sut.run, args)
@@ -452,6 +505,7 @@ def test_create_project_bom_release_error(self):
             content_type="application/json",
             adding_headers={"Authorization": "Token " + self.MYTOKEN},
         )
+        self.add_project_attachment_responses()
         with pytest.raises(SystemExit):
             bom, _ = sut.create_project_bom(self.get_project_for_test(), create_controlfile=False)
 
@@ -478,6 +532,18 @@ def test_create_project_bom_controlfile_attachment_error(self):
             content_type="application/json",
             adding_headers={"Authorization": "Token " + self.MYTOKEN},
         )
+        responses.add(
+            method=responses.GET,
+            url=self.MYURL + "resource/api/attachments/r002a001",
+            body="""
+                {
+                    "filename": "clipython-1.3.0.zip",
+                    "attachmentType": "COMPONENT_LICENSE_INFO_XML"
+                }""",
+            status=200,
+            content_type="application/json",
+            adding_headers={"Authorization": "Token " + self.MYTOKEN},
+        )
         responses.add(
             method=responses.GET,
             url=self.MYURL + "resource/api/attachments/r002a002",