Merge pull request #3 from Santandersecurityresearch/dev

Merge release 1.0.1 to main
Santandersecurityresearch · Dec 7, 2023 · 7c64f91 · 7c64f91
2 parents a96ec7f + a15811f
commit 7c64f91
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 5 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -7,6 +7,19 @@ The format is based on `keep a changelog`_, and this project adheres to `semanti
 This file is autogenerated by `gitchangelog`_. Please do not edit it manually.
 
 
+1.0.1 (2023-12-07)
+------------------
+
+Added
+~~~~~
+- Add application name option to CLI. [emilejq]
+
+Fixed
+~~~~~
+- Add default root component when version control information is not
+  available. [emilejq]
+
+
 1.0.0 (2023-12-04)
 ------------
 - Initial release.

diff --git a/cbom/__init__.py b/cbom/__init__.py
@@ -1 +1 @@
-__version__ = '1.0.0'
+__version__ = '1.0.1'
diff --git a/cbom/main.py b/cbom/main.py
@@ -4,6 +4,7 @@
 from pathlib import Path
 
 from cyclonedx.model.bom import Bom
+from cyclonedx.model.component import Component, ComponentType
 from cyclonedx.model.crypto import AssetType
 from cyclonedx.output.json import JsonV1Dot4CbomV1Dot0
 
@@ -19,6 +20,7 @@
 def start():
     parser = ArgumentParser()
     parser.add_argument('path', type=Path, help='Directory path or file path to parse')
+    parser.add_argument('--application-name', '-an', help='Name of the root application for the CBOM')
     parser.add_argument('--exclude', '-e', help='Exclude CodeQL findings in files that match a regex')
     parser.add_argument('--cryptocheck', '-cc', action='store_true', default=False, help='Enable crypto vulnerability scanning')
     parser.add_argument('--rules-file', '-rf', type=Path, help='Use a custom ruleset for CryptoCheck analysis')
@@ -28,15 +30,15 @@ def start():
 
     exclusion_pattern = re.compile(args.exclude) if args.exclude else None
     if (path := args.path).is_file():
-        _read_file(path, exclusion_pattern)
+        _read_file(path, application_name=args.application_name, exclusion_pattern=exclusion_pattern)
         for unregistered_dependency in unregistered_dependencies:
             _link_dependency(unregistered_dependency)
     else:
         global file_count
 
         for file in [*list(path.glob('*.sarif')), *list(path.glob('*.json'))]:
             file_count += 1
-            _read_file(file, exclusion_pattern)
+            _read_file(file, application_name=args.application_name, exclusion_pattern=exclusion_pattern)
         for unregistered_dependency in unregistered_dependencies:
             _link_dependency(unregistered_dependency)  # must be done only after all components have been added to CBOM
 
@@ -50,14 +52,19 @@ def start():
         json.dump(json.loads(cbom_output), output_file, indent=4)
 
 
-def _read_file(query_file, exclusion_pattern=None):
+def _read_file(query_file, application_name=None, exclusion_pattern=None):
     with open(query_file) as query_output:
         query_output = json.load(query_output)['runs'][0]
 
         if file_count < 2:
-            if version_control_details := query_output.get('versionControlProvenance'):
+            if application_name:
+                cbom.metadata.component = Component(name=application_name, type=ComponentType.APPLICATION)
+            elif version_control_details := query_output.get('versionControlProvenance'):
                 root_component = metadata.get_root_component_info(version_control_details=version_control_details[0])
                 cbom.metadata.component = root_component
+            else:
+                cbom.metadata.component = Component(name='root', type=ComponentType.APPLICATION)
+
             for tool in metadata.get_tool_info(tool_info=query_output['tool']):
                 cbom.metadata.tools.add(tool)