Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accept the path to a bom file (in the /scan endpoint) while running dep-scan in the server mode #169

Merged
merged 4 commits into from
Dec 4, 2023
Merged

Accept the path to a bom file (in the /scan endpoint) while running dep-scan in the server mode #169

merged 4 commits into from
Dec 4, 2023

Conversation

saketjajoo
Copy link
Collaborator

Reference Issue: #157

prabhu
prabhu reviewed Nov 27, 2023
View reviewed changes
depscan/cli.py Outdated Show resolved Hide resolved
prabhu
prabhu reviewed Nov 27, 2023
View reviewed changes
depscan/cli.py Show resolved Hide resolved
prabhu
prabhu reviewed Nov 29, 2023
View reviewed changes
depscan/cli.py Outdated Show resolved Hide resolved
prabhu
prabhu reviewed Nov 29, 2023
View reviewed changes
depscan/cli.py Show resolved Hide resolved
prabhu
prabhu approved these changes Nov 29, 2023
View reviewed changes
Copy link
Member

@prabhu prabhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Just some minor comments

prabhu
prabhu reviewed Nov 30, 2023
View reviewed changes
depscan/cli.py Outdated Show resolved Hide resolved
prabhu
prabhu reviewed Dec 2, 2023
View reviewed changes
depscan/cli.py Outdated Show resolved Hide resolved
prabhu
prabhu reviewed Dec 2, 2023
View reviewed changes
depscan/cli.py

if uploaded_bom_file.get('file', None) is not None:
bom_file = uploaded_bom_file['file']
bom_file_content = bom_file.read().decode('utf-8')
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At this point the uploaded file could be of any extension including videos and binaries. Is there another eay to configure quart to only accept specific mimetypes?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By default, the mime-type of a file is interpreted as a binary blob of data, and the mime-type is set to application/octet-stream. Hence, filtering (or accepting) the input files based on their mime-types is difficult.

Ref: https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types

prabhu
prabhu approved these changes Dec 4, 2023
View reviewed changes
Copy link
Member

@prabhu prabhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you. Could you also add a curl example to the readme to show the upload in action?

curl -F 'file=@/tmp/bom.json'

@prabhu prabhu merged commit bcb885f into owasp-dep-scan:master Dec 4, 2023
39 checks passed
@saketjajoo
Copy link
Collaborator Author

I've created a PR (#172) to update the README.

@saketjajoo saketjajoo mentioned this pull request Dec 4, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prabhu prabhu prabhu approved these changes

@cerrussell cerrussell Awaiting requested review from cerrussell

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@saketjajoo @prabhu