Bringing master updates into work branch

Merge branch 'master' into mkumykov-multi-image

Author: snps-kumykov

blackduck/__version__.py

@@ -1,3 +1,3 @@
-VERSION = (1, 1, 0)
+VERSION = (1, 1, 3)
 
 __version__ = '.'.join(map(str, VERSION))

examples/client/get_project_data.py

@@ -0,0 +1,111 @@
+#!/usr/bin/env python3
+'''
+Created: Apr 2, 2024
+Author: @kumykov
+
+Copyright (c) 2024, Synopsys, Inc.
+http://www.synopsys.com/
+
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+
+usage: get_project_data.py [-h] -u BASE_URL -t TOKEN_FILE [-nv] -p SOURCE_PROJECT -v SOURCE_VERSION
+
+options:
+  -h, --help            show this help message and exit
+  -u BASE_URL, --base-url BASE_URL
+                        Hub server URL e.g. https://your.blackduck.url
+  -t TOKEN_FILE, --token-file TOKEN_FILE
+                        File containing access token
+  -nv, --no-verify      Disable TLS certificate verification
+  -p SOURCE_PROJECT, --project SOURCE_PROJECT
+                        Project Name
+  -v SOURCE_VERSION, --version SOURCE_VERSION
+                        Project Version Name
+
+Black Duck examples collection
+
+
+'''
+import argparse
+import io
+import json
+import sys
+import logging
+import time
+
+from blackduck import Client
+from pprint import pprint
+
+logging.basicConfig(format='%(asctime)s:%(levelname)s:%(message)s', stream=sys.stderr, level=logging.DEBUG)
+logging.getLogger("requests").setLevel(logging.WARNING)
+logging.getLogger("urllib3").setLevel(logging.WARNING)
+logging.getLogger("blackduck").setLevel(logging.WARNING)
+
+
+def find_project_by_name(bd, project_name):
+    params = {
+        'q': [f"name:{project_name}"]
+    }
+    projects = [p for p in bd.get_resource('projects', params=params) if p['name'].casefold() == project_name.casefold()]
+    if len(projects) == 1:
+        return projects[0]
+    else:
+        return None
+
+def find_project_version_by_name(bd, project, version_name):
+    params = {
+        'q': [f"versionName:{version_name}"]
+    }
+    versions = [v for v in bd.get_resource('versions', project, params=params) if v['versionName'] == version_name]
+    if len(versions) == 1:
+        return versions[0]
+    else:
+        return None
+
+def get_project_data(bd, args):
+    project  = find_project_by_name(bd, args.project)
+    version = find_project_version_by_name(bd, project, args.version)
+    if not version:
+        logging.error(f"Source project {args.project} : {args.version} not found. Exiting.")
+        sys.exit(1)
+    logging.info(f"Located source project {args.project} : {args.version}")
+    return bd.get_resource('components', version)
+
+
+def parse_command_args():
+    parser = argparse.ArgumentParser(prog = "get_project_data.py", description="Generate and download SBOM and upload to the target project version", epilog="Blackduck examples collection")
+    parser.add_argument("-u", "--base-url", required=True, help="Hub server URL e.g. https://your.blackduck.url")
+    parser.add_argument("-t", "--token-file", required=True, help="File containing access token")
+    parser.add_argument("-nv", "--no-verify", action='store_false', help="Disable TLS certificate verification")
+    parser.add_argument("-p", "--project", required=True, help="Project Name")
+    parser.add_argument("-v", "--version", required=True, help="Project Version Name")
+    
+    return parser.parse_args()
+
+def main():
+    args = parse_command_args()
+    with open(args.token_file, 'r') as tf:
+       access_token = tf.readline().strip()
+    bd = Client(base_url=args.base_url, token=access_token, verify=args.no_verify, timeout=60.0, retries=4)
+    components = get_project_data(bd, args)
+    for component in components:
+        # pprint (component)
+        print (f"{component['componentName']} {component['componentVersionName']} {component['licenses'][0]['licenseDisplay']}")
+
+if __name__ == "__main__":
+        sys.exit(main())

examples/client/match_snippet.py

@@ -0,0 +1,104 @@
+#!/usr/bin/env python
+
+'''
+Copyright (C) 2024 Synopsys, Inc.
+http://www.blackducksoftware.com/
+
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+
+usage: match_snippets.py [-h] --base-url BASE_URL --token-file TOKEN_FILE [--no-verify] [--input INPUT]
+
+options:
+  -h, --help            show this help message and exit
+  --base-url BASE_URL   Hub server URL e.g. https://your.blackduck.url
+  --token-file TOKEN_FILE
+                        containing access token
+  --no-verify           disable TLS certificate verification
+  --input INPUT         File containing code snippet or stdin
+
+Match a snippet of a code.
+This functionality requires 'Generative AI Compliance' option licenses
+
+
+Examples:
+
+Curl file content from github and match it against Black Duck KB
+and format the output using jq utility
+    curl https://raw.githubusercontent.com/apache/kafka/trunk/shell/src/main/java/org/apache/kafka/shell/state/MetadataShellState.java | \
+    python3 examples/client/match_snippet.py --base-url=$BD_URL --token-file=<(echo $API_TOKEN) --no-verify | \
+    jq .
+
+This will produce something like:
+{
+  "snippetMatches": {
+    "PERMISSIVE": [
+      {
+        "projectName": "Apache Kafka",
+        "releaseVersion": "3.5.0",
+        "licenseDefinition": {
+          "name": "Apache License 2.0",
+          "spdxId": "Apache-2.0",
+          "ownership": "OPEN_SOURCE",
+          "licenseDisplayName": "Apache License 2.0"
+. . .
+    
+'''
+import argparse
+import json
+import logging
+import sys
+
+from blackduck import Client
+
+parser = argparse.ArgumentParser('match_snippets.py')
+parser.add_argument("--base-url", required=True, help="Hub server URL e.g. https://your.blackduck.url")
+parser.add_argument("--token-file", dest='token_file', required=True, help="containing access token")
+parser.add_argument("--no-verify", dest='verify', action='store_false', help="disable TLS certificate verification")
+parser.add_argument("--input", required=False, help="File containing code snippet or stdin")
+args = parser.parse_args()
+
+
+logging.basicConfig(format='%(asctime)s:%(levelname)s:%(message)s', stream=sys.stderr, level=logging.DEBUG)
+logging.getLogger("requests").setLevel(logging.WARNING)
+logging.getLogger("urllib3").setLevel(logging.WARNING)
+logging.getLogger("blackduck").setLevel(logging.WARNING)
+
+with open(args.token_file, 'r') as tf:
+    access_token = tf.readline().strip()
+
+bd = Client(
+    base_url=args.base_url,
+    token=access_token,
+    verify=args.verify
+)
+
+if args.input:
+    with open(args.input, 'r') as content_file:
+        content = content_file.read()
+else:
+    with sys.stdin as content_file:
+        content = content_file.read()
+
+endpoint='/api/snippet-matching'
+headers = {"Content-Type": "text/plain"}
+
+response = bd.session.post(url=endpoint, headers=headers, data=content)
+if response.ok:
+    data = response.json()
+    import json
+    print(json.dumps(data))