Merge pull request #249 from BenediktMKuehne/sbom_api

quick_Sbom_api

Author: BenediktMKuehne

Pipfile.lock

@@ -1 +1 @@
-0.2-051390d9
+0.3

VERSION.txt

@@ -26,5 +26,6 @@
     path('dashboard/report/addlabel/<uuid:analysis_id>', views.add_label, name='embark-dashboard-add-label'),
     path('dashboard/report/rmlabel/<uuid:analysis_id><str:label_name>', views.rm_label, name='embark-dashboard-remove-label'),
     path('dashboard/report/sbom/<uuid:analysis_id>', views.get_sbom_analysis, name='embark-dashboard-sbom'),
-    path('dashboard/report/sbom/<uuid:sbom_id>', views.get_sbom, name='embark-get-sbom')
+    path('dashboard/report/sbom/<uuid:sbom_id>', views.get_sbom, name='embark-get-sbom'),
+    path('api/sbom/<uuid:analysis_id>', views.api_sbom_analysis, name='api-sbom-analysis')
 ]

embark/dashboard/urls.py

@@ -25,6 +25,7 @@
 from dashboard.models import Result, SoftwareBillOfMaterial
 from dashboard.forms import LabelSelectForm, StopAnalysisForm
 from porter.views import make_zip
+from users.decorators import require_api_key
 
 
 logger = logging.getLogger(__name__)
@@ -437,3 +438,28 @@ def get_sbom_analysis(request, analysis_id):
         response['Content-Disposition'] = 'inline; filename=' + str(analysis_id) + '_sbom.json'
         messages.success(request, 'Analysis: ' + str(analysis_id) + ' successfully exported sbom')
         return response
+
+
+@require_api_key
+@require_http_methods(["GET"])
+def api_sbom_analysis(request, analysis_id):
+    """
+    exports sbom as raw json
+    """
+    logger.info("export sbom with analysis id: %s", analysis_id)
+    response = JsonResponse({"ERROR": "SBOM for this analysis-id does not exist"})
+    try:
+        analysis = FirmwareAnalysis.objects.get(id=analysis_id)
+        result = Result.objects.get(firmware_analysis=analysis)
+        sbom = result.sbom
+    except Result.DoesNotExist:
+        response = JsonResponse({"ERROR": "Result for this analysis-id does not exist"})
+    # check if user auth
+    if not user_is_auth(request.user, analysis.user):
+        response = JsonResponse({"ERROR": "You are not authorized!"})
+    if sbom is not None:
+        with open(sbom.file, "r", encoding='UTF-8') as sbom_file:
+            response = JsonResponse(json.load(sbom_file))
+            logger.info("export sbom with analysis id: %s", analysis_id)
+    response['Content-Disposition'] = 'inline; filename=' + str(analysis_id) + '_sbom.json'
+    return response

embark/dashboard/views.py

@@ -10,10 +10,11 @@
         </div>
         <div class="d-flex justify-content-center">
             <!--  TODO put actual version here-->
-            <h2><span class="badge bg-primary">New</span>  Version 0.2</h2>
+            <h2><span class="badge bg-primary">New</span>  Version 0.3</h2>
         </div>
         <div class="d-flex justify-content-center">
-          <h3><span class="badge bg-secondary">New</span>  Track you SBOM</h3>
+          <h3><span class="badge bg-secondary">New</span>  Troopers25-edition </h3>
+          <h3><span class="badge bg-secondary">New</span>  API </h3>
         </div>
         <div class="login">
             <form action="{% url 'embark-login' %}" class="login-form" method="post" novalidate>
@@ -35,4 +36,4 @@ <h2 class="title">Sign in</h2>
         </div>
 
     </div>
-{% endblock maincontent %}
+{% endblock maincontent %}

embark/templates/user/login.html

@@ -20,6 +20,7 @@ def _wrapped_view(*args, **kwargs):
         try:
             user = User.objects.get(api_key=api_key)
             request.api_user = user
+            request.user = user  # For compatibility with Django's request.user
         except User.DoesNotExist:
             return JsonResponse({'error': 'Invalid API key'}, status=401)
 

embark/users/decorators.py

@@ -22,7 +22,7 @@ exec 2>&1
 while :; do
   if ! ip a show embark_backend | grep -q "172.22.0.1" ; then
     systemctl restart docker
-    echo "$(date +"%D %T")""retstarted docker"
+    echo "$(date +"%D %T")"" restarted docker"
   fi
-  sleep 1m
+  sleep 2s
 done