Merge pull request #268 from SoftwareDesignLab/dev

SVIP v8.0.5-alpha Pre-Release

Author: dlg1206

.env

@@ -6,4 +6,11 @@ MYSQL_LOCAL_PORT=3306
 MYSQL_DOCKER_PORT=3306
 
 SPRING_LOCAL_PORT=8080
-SPRING_DOCKER_PORT=8080
+SPRING_DOCKER_PORT=8080
+SPRING_DOCKER_PORT=8080
+
+
+SPRING_DOCKER_PORT=8080
+FLASK_LOCAL_PORT=50001
+FLASK_DOCKER_ADDRESS=0.0.0.0
+FLASK_DOCKER_PORT=50001

.gitignore

@@ -28,7 +28,7 @@ app/**/*.js.map
 *.rar
 
 # Exclude our OSI image cache
-!core/src/main/java/org/svip/sbomgeneration/osi/images/osi.tar.gz
+!core/src/main/java/org/svip/generation/osi/images/osi.tar.gz
 
 # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
 hs_err_pid*
@@ -73,4 +73,7 @@ gradle-app.setting
 [tT]est[mM]ain.java
 
 # Mac files
-.DS_Store
+.DS_Store
+
+# dev enviroment files
+/.dev-env/

README.md

@@ -2,7 +2,7 @@
 > The SBOM Visualization and Integration Platform (**SVIP**) is a unified platform to promote the 
 > production, consumption, and utilization of Software Bills of Materials.
 
-### Latest Release: [[v7.1.2-alpha] - (7/28/2023)](doc/changelog.md)
+### Latest Release: [[v8.0.5-alpha] - (10/17/2023)](doc/changelog.md)
 
 ## System Requirements
 - Java 17.X.X
@@ -55,10 +55,13 @@ Currently, SVIP Supports the following SBOM Types
 - [Kevin Laporte](mailto:kjl8898@rit.edu)
 - [Matt London](mailto:mrl2534@rit.edu)
 - [Dylan Mulligan](mailto:dtm5568@rit.edu)
+- [Amanda Nitta](mailto:nittaak@hawaii.edu)
 
 **Developer Team**
+- [Brian Baumann](mailto:bmb5957@rit.edu)
 - [Asa Horn](mailto:aoh9470@rit.edu)
 - [Henry Keena](mailto:htk4363@rit.edu)
+- [Hubert Liang](mailto:hubertl@hawaii.edu)
 - [Ping Liu](mailto:htk4363@rit.edu)
 - [Henry Lu](mailto:hyl2415@rit.edu)
 - [Matthew Morrison](mailto:msm8275@rit.edu)
@@ -68,3 +71,4 @@ Currently, SVIP Supports the following SBOM Types
 - [Max Stein](mailto:mhs8558@rit.edu)
 - [Tom Roman](mailto:tfr8811@rit.edu)
 - [Liam Wilkins](mailto:ljw1484@rit.edu)
+- [Jordan Wong](mailto:jordanw4@hawaii.edu)

api/build.gradle

@@ -27,6 +27,7 @@ dependencies {
     implementation 'org.junit.jupiter:junit-jupiter-api:5.9.2'
     implementation 'org.mockito:mockito-core:5.2.0'
     implementation 'org.mockito:mockito-junit-jupiter:5.2.0'
+    implementation 'org.springframework.boot:spring-boot-starter-test:3.1.2'
     testImplementation ('org.springframework.boot:spring-boot-starter-web:3.0.2')
     implementation('org.springframework:spring-web:6.0.7')
     implementation('org.springframework.boot:spring-boot-autoconfigure:3.0.4')

api/src/main/java/org/svip/api/SVIPApplication.java

@@ -2,7 +2,10 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
+import org.springframework.boot.web.server.WebServerFactoryCustomizer;
 import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+import org.springframework.context.annotation.Bean;
 
 /**
  * This class contains the main function which runs both APIs as spring boot applications
@@ -14,4 +17,5 @@ public class SVIPApplication extends SpringBootServletInitializer {
     public static void main(String[] args) {
         SpringApplication.run(SVIPApplication.class, args);
     }
+
 }

api/src/main/java/org/svip/api/controller/DiffController.java

@@ -0,0 +1,62 @@
+package org.svip.api.controller;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+import org.svip.api.services.DiffService;
+import org.svip.api.services.SBOMFileService;
+
+/**
+ * File: DiffController.java
+ * REST API Controller for generating Diff Reports
+ *
+ * @author Derek Garcia
+ **/
+@RestController
+@RequestMapping("/svip")
+public class DiffController {
+
+    /**
+     * Spring-configured logger
+     */
+    private static final Logger LOGGER = LoggerFactory.getLogger(DiffController.class);
+
+    private final SBOMFileService sbomFileService;
+    private final DiffService diffService;
+
+    /**
+     * Create new Controller with services
+     *
+     * @param sbomService Service for handling SBOM queries
+     * @param diffService Service for handling QA queries
+     */
+    public DiffController(SBOMFileService sbomService, DiffService diffService){
+        this.sbomFileService = sbomService;
+        this.diffService = diffService;
+    }
+
+
+    /**
+     * USAGE. Compares two or more given SBOMs (split into filename and contents), with the first one used as the baseline, and returns a comparison report.
+     *
+     * @param targetIndex the index of the target SBOM
+     * @param ids         the ids of the SBOM files
+     * @return generated diff report
+     * @throws JsonProcessingException Error processing the report
+     */
+    @PostMapping("/sboms/compare")
+    public ResponseEntity<String> compare(@RequestParam("targetIndex") int targetIndex, @RequestBody Long[] ids) throws JsonProcessingException {
+
+        try{
+
+            String diffReport = this.diffService.generateDiffReportAsJSON(this.sbomFileService, ids[targetIndex], ids);
+            return new ResponseEntity<>(diffReport, HttpStatus.OK);      // track status?
+
+        } catch (Exception e){
+            return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
+        }
+    }
+}

api/src/main/java/org/svip/api/controller/OSIController.java

@@ -0,0 +1,228 @@
+package org.svip.api.controller;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.web.multipart.MultipartFile;
+import org.svip.api.entities.SBOM;
+import org.svip.api.requests.UploadSBOMFileInput;
+import org.svip.api.services.SBOMFileService;
+import org.svip.conversion.ConversionException;
+import org.svip.generation.osi.OSI;
+import org.svip.generation.osi.OSIClient;
+import org.svip.generation.osi.exceptions.DockerNotAvailableException;
+import org.svip.sbom.builder.SBOMBuilderException;
+import org.svip.serializers.SerializerFactory;
+import org.svip.serializers.exceptions.DeserializerException;
+import org.svip.serializers.exceptions.SerializerException;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * REST API Controller for generating SBOMs with OSI
+ *
+ * @author Derek Garcia
+ **/
+@RestController
+@RequestMapping("/svip/generators/osi")
+public class OSIController {
+    /**
+     * Spring-configured logger
+     */
+    private static final Logger LOGGER = LoggerFactory.getLogger(OSIController.class);
+
+    private final SBOMFileService sbomService;
+    private final OSI container;
+
+    /**
+     * Create new Controller with services
+     *
+     * @param sbomService Service for handling SBOM queries
+     */
+    public OSIController(SBOMFileService sbomService){
+        this.sbomService = sbomService;
+
+        OSI container = null; // Disabled state
+        String error = "OSI ENDPOINT DISABLED -- ";
+
+        try {
+            container = new OSI();
+            LOGGER.info("OSI ENDPOINT ENABLED");
+        } catch (Exception e) {
+            // If we can't construct the OSI container for any reason, log and disable OSI.
+            LOGGER.warn(error + "Unable to setup OSI container.");
+            LOGGER.error("OSI Docker API response: " + e.getMessage());
+        }
+
+        this.container = container;
+    }
+
+    /**
+     * Public method to check if OSI is enabled on this instance of the controller.
+     *
+     * @return True if OSI is enabled, false otherwise.
+     */
+    public static boolean isOSIEnabled() {
+        try {
+            return OSIClient.isOSIContainerAvailable();
+        } catch(DockerNotAvailableException e) {
+            return false;
+        }
+    }
+
+    ///
+    /// GET
+    ///
+
+    /**
+     * USAGE. Send GET request to /generators/osi/getTools to get a list of valid tool names that can be used to
+     * generate an SBOM from source file(s).
+     *
+     * @return A list of string tool names.
+     */
+    @GetMapping("/tools")
+    public ResponseEntity<?> getOSITools() {
+        if (!isOSIEnabled())
+            return new ResponseEntity<>("OSI has been disabled for this instance.", HttpStatus.NOT_FOUND);
+
+        String urlMsg = "POST /svip/generators/osi";
+
+        List<String> tools = container.getAllTools();
+        if (tools == null) {
+            LOGGER.error(urlMsg + ": " + "Error getting tool list from Docker container.");
+            return new ResponseEntity<>("Error getting tool list from Docker container.", HttpStatus.NOT_FOUND);
+        }
+
+        return new ResponseEntity<>(tools.toArray(new String[0]), HttpStatus.OK);
+    }
+
+    ///
+    /// POST
+    ///
+
+    /**
+     * USAGE. Send POST request to /generators/osi to generate an SBOM from source file(s).
+     *
+     * @param zipFile The zip file of source files to generate an SBOM from.
+     * @param projectName The name of the project.
+     * @param schema The schema of the desired SBOM.
+     * @param format The file format of the desired SBOM.
+     * @param toolNames An optional list of tool names to use when running OSI. If not provided or empty, all
+     *                  possible tools will be used.
+     * @return The ID of the uploaded SBOM.
+     */
+    @PostMapping(value = "", consumes = { MediaType.MULTIPART_FORM_DATA_VALUE })
+    public ResponseEntity<?> generateOSI(@RequestPart("zipFile") MultipartFile zipFile,
+                                         @RequestParam("projectName") String projectName,
+                                         @RequestParam("schema") SerializerFactory.Schema schema,
+                                         @RequestParam("format") SerializerFactory.Format format,
+                                         @RequestParam(value = "toolNames", required = false) String[] toolNames) {
+        if (!isOSIEnabled())
+            return new ResponseEntity<>("OSI has been disabled for this instance.", HttpStatus.NOT_FOUND);
+
+        try {
+            schema.getSerializer(format);
+        } catch (IllegalArgumentException e) {
+            LOGGER.error("POST /svip/generators/osi - " + e.getMessage());
+            return new ResponseEntity<>(e.getMessage(), HttpStatus.BAD_REQUEST);
+        }
+
+        Map<String, String> unZipped;
+        try {
+            unZipped = SBOMFileService.unZip(zipFile);
+        } catch (IOException e) {
+            LOGGER.error("POST /svip/generators/osi - " + e.getMessage());
+            return new ResponseEntity<>("Make sure attachment is a zip file (.zip): " + e.getMessage(), HttpStatus.BAD_REQUEST);
+        }
+
+        // Validate & add files
+        for (Map.Entry<String, String> file : unZipped.entrySet())
+            try {
+                // Remove any directories, causes issues with OSI paths (unless we take in a root directory?)
+                String fileName = file.getKey();
+                fileName = fileName.substring(fileName.lastIndexOf("/") + 1);
+                container.addSourceFile(fileName, file.getValue());
+            } catch (IOException e) {
+                LOGGER.error("POST /svip/generators/osi - Error adding source file");
+                return new ResponseEntity<>("Error adding source file", HttpStatus.NOT_FOUND);
+            }
+
+        // Generate SBOMs
+        Map<String, String> generatedSBOMFiles;
+        try {
+            List<String> tools = null;
+            if (toolNames != null && toolNames.length > 0) {
+                tools = List.of(toolNames);
+                LOGGER.info("POST /svip/generators/osi - Running with tool names: " + tools);
+            } else LOGGER.info("POST /svip/generators/osi - Running with default tools");
+
+            generatedSBOMFiles = container.generateSBOMs(tools);
+        } catch (Exception e) {
+            LOGGER.warn("POST /svip/generators/osi - Exception occurred while running OSI container: " + e.getMessage());
+            return new ResponseEntity<>("Exception occurred while running OSI container.", HttpStatus.NOT_FOUND);
+        }
+
+        // Upload SBOMs
+        List<Long> uploaded = new ArrayList<>();
+        for (Map.Entry<String, String> sbomFile : generatedSBOMFiles.entrySet()) {
+            UploadSBOMFileInput input = new UploadSBOMFileInput(sbomFile.getKey(), sbomFile.getValue());
+            try {
+                SBOM sbom = input.toSBOMFile();
+                sbom.toSBOMObject();
+                this.sbomService.upload(sbom);
+                uploaded.add(sbom.getId());
+
+                // Log
+                LOGGER.info("POST /svip/generators/osi - Generated SBOM with ID " + sbom.getId() + ": " + sbom.getName());
+            } catch (IllegalArgumentException ignored) {
+                // TODO ignore any illegal files until XML deserialization exists
+            } catch (Exception e) {
+                // Problem with uploading/parsing
+                LOGGER.error("POST /svip/generators/osi - " + e.getMessage());
+                return new ResponseEntity<>(HttpStatus.INTERNAL_SERVER_ERROR);
+            }
+        }
+
+        if (uploaded.size() < 1) {
+            LOGGER.warn("POST /svip/generators/osi - No SBOMs generated by OSI container.");
+            return new ResponseEntity<>("No SBOMs generated for these files.", HttpStatus.NO_CONTENT);
+        }
+
+        // todo poor hotfix, need a better solution
+        Long merged;
+        // Only merge if 2 or more
+        if(uploaded.size() >= 2){
+            // Merge SBOMs into one SBOM
+            try {
+                merged = this.sbomService.merge(uploaded.toArray(new Long[0]));
+            } catch (Exception e) {
+                LOGGER.error("POST /svip/generators/osi - Unable to merge, no content: " + e.getMessage());
+                return new ResponseEntity<>("Unable to merge, no content: " + e.getMessage(), HttpStatus.NO_CONTENT);
+            }
+        } else {
+            merged = uploaded.get(0);
+        }
+
+
+        // Convert
+        Long converted;
+        try {
+            converted = this.sbomService.convert(merged, schema, format, true);
+        } catch (DeserializerException | JsonProcessingException | SerializerException | SBOMBuilderException |
+                 ConversionException e) {
+            return new ResponseEntity<>(e.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR);
+        }
+
+        // todo how to set file name using projectName
+
+        // Save and return
+        return new ResponseEntity<>(converted, HttpStatus.OK);
+    }
+}