From 6791350ba3c79b152732acc43f9a76f07099a8d5 Mon Sep 17 00:00:00 2001
From: Paul Hewlett <paul.hewlett@jitsuin.com>
Date: Fri, 26 Nov 2021 15:42:44 +0000
Subject: [PATCH] SBOM scraper uploads only PUBLIC files

Problem:
The backend has defaulted to private uploads but this script should
default to PUBLIC uploads.

Solution:
Added -p option to specify PRIVATE and default to PUBLIC if unspecified.

Signed-off-by: Paul Hewlett <phewlett76@gmail.com>
---
 scripts/sbom_scraper.sh | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/scripts/sbom_scraper.sh b/scripts/sbom_scraper.sh
index 7dd0c2c..106f12a 100755
--- a/scripts/sbom_scraper.sh
+++ b/scripts/sbom_scraper.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# Scrape a docker image and upload as SBOM file
+# Scrape a docker image and upload as public or private SBOM file 
 #
 # Preparation:
 #
@@ -48,20 +48,22 @@ FORMAT=cyclonedx
 # credentials directory has 0600 permissions
 CLIENTSECRET_FILE=credentials/client_secret
 SBOM=false
+PRIVACY=PUBLIC
 
 URL=https://app.rkvst.io
 
 usage() {
     cat >&2 <<EOF
 
-Scrape an SBOM from a docker image
+Scrape an SBOM from a docker image and upload to abom archivist
 
-Usage: $SCRIPTNAME [-c clientsecretfile] [-o output format] [-s sbomFile ] [-u url] client_id [docker-image|sbom file]
+Usage: $SCRIPTNAME [-p] [-c clientsecretfile] [-o output format] [-s sbomFile ] [-u url] client_id [docker-image|sbom file]
 
    -c clientsecretfile containing client secret (default ${CLIENTSECRET_FILE})
    -o FORMAT           default ($FORMAT) [cyclonedx]
    -s                  default ($SBOM) if specified the second argument is an sbom file
                        and -o is ignored.
+   -p                  upload private SBOM
    -u URL              URL Default ($URL)
 
 Example:
@@ -73,12 +75,14 @@ EOF
     exit 1
 }
 
-while getopts "c:ho:su:" o; do
+while getopts "c:ho:psu:" o; do
     case "${o}" in
         c) CLIENTSECRET_FILE="${OPTARG}"
            ;;
         o) FORMAT=${OPTARG}
            ;;
+        p) PRIVACY=PRIVATE
+           ;;
         s) SBOM=true
            ;;
         u) URL=$OPTARG
@@ -165,14 +169,14 @@ EOF
 # ----------------------------------------------------------------------------
 # Upload SBOM
 # ----------------------------------------------------------------------------
-log "Upload ${OUTPUT}"
+log "Upload ${PRIVACY} ${OUTPUT}"
 
 HTTP_STATUS=$(curl -s -w "%{http_code}" -X POST \
     -o "${TEMPDIR}/upload" \
     -H "@${BEARER_TOKEN_FILE}" \
     -H "content_type=text/xml" \
     -F "sbom=@${OUTPUT}" \
-    "${URL}/archivist/v1/sboms")
+    "${URL}/archivist/v1/sboms?privacy=${PRIVACY}")
 
 if [ "${HTTP_STATUS}" != "200" ]
 then