:py:mod:`expliot.core.bom.cdx` ============================== .. py:module:: expliot.core.bom.cdx .. autoapi-nested-parse:: Support for CycloneDX BOM Submodules ---------- .. toctree:: :titlesonly: :maxdepth: 1 json14schema/index.rst Package Contents ---------------- Classes ~~~~~~~ .. autoapisummary:: expliot.core.bom.cdx.DirEnumerator expliot.core.bom.cdx.JKeywords expliot.core.bom.cdx.CycloneDXBOM expliot.core.bom.cdx.Component Attributes ~~~~~~~~~~ .. autoapisummary:: expliot.core.bom.cdx.json14schema expliot.core.bom.cdx.XPROP_PATH expliot.core.bom.cdx.XPROP_MODE expliot.core.bom.cdx.XPROP_SIZE expliot.core.bom.cdx.VER14 expliot.core.bom.cdx.VERSIONS .. py:data:: json14schema .. py:class:: DirEnumerator Enumerate a directory and get info on all the files and dirs recursively. .. py:method:: enumerate(directory, callback) Directory enumerator 1. Enumerate the specified root dir recursively 2. Get metadata of each file 3. Call the callback method for each file and pass the metadata Args: directory (str): The directory to enumerate callback (method): The callback method to be called for each file. The format is callback(rootdir, currentdir, filedata) - rootdir(str): Root directory path being enumerated - currentdir(str): The current directory i.e. parent of the file - filedata (dict): File metadata name = File name(str) abspath = Absolute path of the file (str) relpath = Relative path of the file (from the root directory) mode = File mode (str) size = File size in bytes symlink = Yes - True, No - False (bool) mime = Mime-Type (str), descr = Description from libmagic (str), sha1 = SHA1 Hash (str), sha256 = SHA256 Hash (str) Returns: Nothing Raises: ValueError - if the dir argument is not a valid directory i.e. doesn't exist .. py:data:: XPROP_PATH :annotation: = expliot:file:path .. py:data:: XPROP_MODE :annotation: = expliot:file:mode .. py:data:: XPROP_SIZE :annotation: = expliot:file:size .. py:data:: VER14 :annotation: = 1.4 .. py:data:: VERSIONS .. py:class:: JKeywords Namespace for JSON keywords defined in CycloneDX JSON BOM format .. py:attribute:: BOMFMT :annotation: = bomFormat .. py:attribute:: SPECVERSION :annotation: = specVersion .. py:attribute:: SERIALNUM :annotation: = serialNumber .. py:attribute:: VERSION :annotation: = version .. py:attribute:: METADATA :annotation: = metadata .. py:attribute:: TIMESTAMP :annotation: = timestamp .. py:attribute:: TOOLS :annotation: = tools .. py:attribute:: EXPLIOT_VENDOR :annotation: = EXPLIoT .. py:attribute:: EXPLIOT_TOOL :annotation: = EXPLIoT Framework .. py:attribute:: COMPONENTS :annotation: = components .. py:attribute:: ADVISORIES :annotation: = advisories .. py:attribute:: AFFECTS :annotation: = affects .. py:attribute:: AGGREGATE :annotation: = aggregate .. py:attribute:: ALIASES :annotation: = aliases .. py:attribute:: ALG :annotation: = alg .. py:attribute:: ALGORITHM :annotation: = algorithm .. py:attribute:: ANALYSIS :annotation: = analysis .. py:attribute:: ANCESTORS :annotation: = ancestors .. py:attribute:: ASSEMBLIES :annotation: = assemblies .. py:attribute:: AUTHENTICATED :annotation: = authenticated .. py:attribute:: AUTHOR :annotation: = author .. py:attribute:: AUTHORS :annotation: = authors .. py:attribute:: BOMREF :annotation: = bom-ref .. py:attribute:: CERTIFICATEPATH :annotation: = certificatePath .. py:attribute:: CHAIN :annotation: = chain .. py:attribute:: CLASSIFICATION :annotation: = classification .. py:attribute:: COMMENT :annotation: = comment .. py:attribute:: COMMITTER :annotation: = committer .. py:attribute:: COMMITS :annotation: = commits .. py:attribute:: COMPONENT :annotation: = component .. py:attribute:: COMPONENTS :annotation: = components .. py:attribute:: COMPOSITIONS :annotation: = compositions .. py:attribute:: CONTACT :annotation: = contact .. py:attribute:: CONTENT :annotation: = content .. py:attribute:: CONTENTTYPE :annotation: = contentType .. py:attribute:: COPYRIGHT :annotation: = copyright .. py:attribute:: CPE :annotation: = cpe .. py:attribute:: CREATED :annotation: = created .. py:attribute:: CREDITS :annotation: = credits .. py:attribute:: CRV :annotation: = crv .. py:attribute:: CWES :annotation: = cwes .. py:attribute:: DATA :annotation: = data .. py:attribute:: DEPENDENCIES :annotation: = dependencies .. py:attribute:: DEPENDSON :annotation: = dependsOn .. py:attribute:: DESCENDANTS :annotation: = descendants .. py:attribute:: DESCRIPTION :annotation: = description .. py:attribute:: DETAIL :annotation: = detail .. py:attribute:: DIFF :annotation: = diff .. py:attribute:: E :annotation: = e .. py:attribute:: EMAIL :annotation: = email .. py:attribute:: ENCODING :annotation: = encoding .. py:attribute:: ENDPOINTS :annotation: = endpoints .. py:attribute:: EVIDENCE :annotation: = evidence .. py:attribute:: EXCLUDES :annotation: = excludes .. py:attribute:: EXPRESSION :annotation: = expression .. py:attribute:: EXTERNALREFS :annotation: = externalReferences .. py:attribute:: FEATUREDIMAGE :annotation: = featuredImage .. py:attribute:: FLOW :annotation: = flow .. py:attribute:: GROUP :annotation: = group .. py:attribute:: HASHES :annotation: = hashes .. py:attribute:: ID :annotation: = id .. py:attribute:: INDIVIDUALS :annotation: = individuals .. py:attribute:: JUSTIFICATION :annotation: = justification .. py:attribute:: KEYID :annotation: = keyId .. py:attribute:: KTY :annotation: = kty .. py:attribute:: LICENSE :annotation: = license .. py:attribute:: LICENSES :annotation: = licenses .. py:attribute:: MANUFACTURE :annotation: = manufacture .. py:attribute:: MESSAGE :annotation: = message .. py:attribute:: METHOD :annotation: = method .. py:attribute:: MIME_TYPE :annotation: = mime-type .. py:attribute:: N :annotation: = n .. py:attribute:: NAME :annotation: = name .. py:attribute:: NOTES :annotation: = notes .. py:attribute:: ORGANIZATIONS :annotation: = organizations .. py:attribute:: PATCH :annotation: = patch .. py:attribute:: PATCHES :annotation: = patches .. py:attribute:: PEDIGREE :annotation: = pedigree .. py:attribute:: PHONE :annotation: = phone .. py:attribute:: PROPERTIES :annotation: = properties .. py:attribute:: PROVIDER :annotation: = provider .. py:attribute:: PUBLICKEY :annotation: = publicKey .. py:attribute:: PUBLISHED :annotation: = published .. py:attribute:: PUBLISHER :annotation: = publisher .. py:attribute:: PURL :annotation: = purl .. py:attribute:: RATINGS :annotation: = ratings .. py:attribute:: RANGE :annotation: = range .. py:attribute:: RECOMMENDATION :annotation: = recommendation .. py:attribute:: REF :annotation: = ref .. py:attribute:: REFERENCES :annotation: = references .. py:attribute:: RELEASENOTES :annotation: = releaseNotes .. py:attribute:: RESOLVES :annotation: = resolves .. py:attribute:: RESPONSE :annotation: = response .. py:attribute:: SCOPE :annotation: = scope .. py:attribute:: SCORE :annotation: = score .. py:attribute:: SERVICES :annotation: = services .. py:attribute:: SEVERITY :annotation: = severity .. py:attribute:: SIGNATURE :annotation: = signature .. py:attribute:: SIGNERS :annotation: = signers .. py:attribute:: SOCIALIMAGE :annotation: = socialImage .. py:attribute:: SOURCE :annotation: = source .. py:attribute:: STATE :annotation: = state .. py:attribute:: STATUS :annotation: = status .. py:attribute:: SUPPLIER :annotation: = supplier .. py:attribute:: SWID :annotation: = swid .. py:attribute:: TAGID :annotation: = tagId .. py:attribute:: TAGS :annotation: = tags .. py:attribute:: TAGVERSION :annotation: = tagVersion .. py:attribute:: TEXT :annotation: = text .. py:attribute:: TIMESTAMP :annotation: = timestamp .. py:attribute:: TITLE :annotation: = title .. py:attribute:: TOOLS :annotation: = tools .. py:attribute:: TYPE :annotation: = type .. py:attribute:: UID :annotation: = uid .. py:attribute:: UPDATED :annotation: = updated .. py:attribute:: URL :annotation: = url .. py:attribute:: VALUE :annotation: = value .. py:attribute:: VARIANTS :annotation: = variants .. py:attribute:: VECTOR :annotation: = vector .. py:attribute:: VENDOR :annotation: = vendor .. py:attribute:: VERSION :annotation: = version .. py:attribute:: VERSIONS :annotation: = versions .. py:attribute:: VULNERABILITIES :annotation: = vulnerabilities .. py:attribute:: X :annotation: = x .. py:attribute:: XTRUSTBOUNDARY :annotation: = x-trust-boundary .. py:attribute:: Y :annotation: = y .. py:attribute:: ALGO_MD5 :annotation: = MD5 .. py:attribute:: ALGO_SHA1 :annotation: = SHA-1 .. py:attribute:: ALGO_SHA256 :annotation: = SHA-256 .. py:attribute:: ALGO_SHA384 :annotation: = SHA-384 .. py:attribute:: ALGO_SHA512 :annotation: = SHA-512 .. py:attribute:: ALGO_SHA3_256 :annotation: = SHA3-256 .. py:attribute:: ALGO_SHA3_384 :annotation: = SHA3-384 .. py:attribute:: ALGO_SHA3_512 :annotation: = SHA3-512 .. py:attribute:: ALGO_BLAKE2B_256 :annotation: = BLAKE2b-256 .. py:attribute:: ALGO_BLAKE2B_384 :annotation: = BLAKE2b-384 .. py:attribute:: ALGO_BLAKE2B_512 :annotation: = BLAKE2b-512 .. py:attribute:: ALGO_BLAKE3 :annotation: = BLAKE3 .. py:attribute:: APPLICATION :annotation: = application .. py:attribute:: FRAMEWORK :annotation: = framework .. py:attribute:: LIBRARY :annotation: = library .. py:attribute:: CONTAINER :annotation: = container .. py:attribute:: OS :annotation: = operating-system .. py:attribute:: DEVICE :annotation: = device .. py:attribute:: FIRMWARE :annotation: = firmware .. py:attribute:: FILE :annotation: = file .. py:class:: CycloneDXBOM CycloneDX BOM Object It implements a callback for DirEnumerator for creating the SBOM **EXPLIoT CycloneDX Property Taxonomy** +-------------------+--------------------------------------------------------------+ | Property | Description | +===================+==============================================================+ | expliot:file:path | The path of the file in the paxkage (software, firmware etc) | +-------------------+--------------------------------------------------------------+ | expliot:file:mode | The file mode string as on a Linux system (rwx) | +-------------------+--------------------------------------------------------------+ | expliot:file:size | The size of the file in bytes | +-------------------+--------------------------------------------------------------+ .. py:method:: initbom(specversion, rootdir=None) Create a new BOM Object and fill it with all file data if rootdir is specified. Args: specversion (str): The CycloneDX Specification Version Returns: Nothing Raises: ValueError - if specversion is not supported .. py:method:: enumcb(rootdir, currentdir, filedata) Callback for DirEnumerator.enumerate() Return the component data about the file .. py:method:: generate_from_dir(rootdir) Generate CycloneDX BOM from the contents of a directory Args: rootdir (str): The root directory to start enumerating and generating the BOM data Returns: Nothing .. py:method:: validate() Validate the format with the json schema of the initialized spec version Args: Returns: Nothing Raises: ValidationError (https://python-jsonschema.readthedocs.io/en/stable/validate/) .. py:method:: getbom(validate=True, jsonfmt=False) Returns the CycloneDX BOM in Dict or JSON format Args: validate(bool): Validate the format with the schema. Default is True jsonfmt(bool): Return BOM in JSON format or Dict object. Default is False Returns: BOM in JSON string .. py:method:: writebom(file, validate=True, indent=4) Write BOM in JSON format to a file Args: file(str): File path to write the JSON to validate(bool): Validate the format with the schema. Default is True indent(int): Indentation limit to improve readability. Default is 4 Returns: Nothing .. py:method:: total_files() Returns the total number of files in the root dir Args: Nothing returns (int) Total number of files or -1 if BOM not generated .. py:method:: total_dirs() Returns the total number of dirs in the root dir Args: Nothing returns (int) Total number of dirs or -1 if BOM not generated .. py:method:: total_hiddenfiles() Returns the total number of hidden files in the root dir Args: Nothing returns (int) Total number of hidden files or -1 if BOM not generated .. py:method:: total_hiddendirs() Returns the total number of hidden dirs in the root dir Args: Nothing returns (int) Total number of hidden dirs or -1 if BOM not generated .. py:method:: total_symlinks() Returns the total number of symlinks in the dir Args: Nothing returns (int) Total number of symlinks or -1 if BOM not generated .. py:class:: Component(comptype, **kwargs) Class that represents a CycloneDX component .. py:method:: create_file(**kwargs) Create a file component from the passed arguments Args: kwargs: file component specific attributes as per the spec Returns: bool - True if component was created successfully, False otherwise .. py:method:: getdict() Returns the dict member self.data. Returns: dict - the dict member self.data