expliot.core.bom.cdx

Support for CycloneDX BOM.

Submodules

Attributes

json14schema

XPROP_PATH

XPROP_MODE

XPROP_SIZE

VER14

VERSIONS

Classes

DirEnumerator

Enumerate a directory and get info on all the files and dirs recursively.

JKeywords

Namespace for JSON keywords defined in CycloneDX JSON BOM format.

CycloneDXBOM

CycloneDX BOM Object.

Component

Class that represents a CycloneDX component.

Package Contents

class expliot.core.bom.cdx.DirEnumerator

Enumerate a directory and get info on all the files and dirs recursively.

enumerate(directory, callback)

Enumerate a ditrctory.

  1. Enumerate the specified root dir recursively

  2. Get metadata of each file

  3. Call the callback method for each file and pass the metadata

Args:

directory (str): The directory to enumerate callback (method): The callback method to be called for each file.

The format is callback(rootdir, currentdir, filedata)
  • rootdir(str): Root directory path being enumerated

  • currentdir(str): The current directory i.e. parent of the file

  • filedata (dict): File metadata

    name = File name(str) abspath = Absolute path of the file (str) relpath = Relative path of the file (from the root directory) mode = File mode (str) size = File size in bytes symlink = Yes - True, No - False (bool) mime = Mime-Type (str), descr = Description from libmagic (str), sha1 = SHA1 Hash (str), sha256 = SHA256 Hash (str)

Returns:

Nothing

Raises:

ValueError - if the dir argument is not a valid directory i.e. doesn’t exist

expliot.core.bom.cdx.json14schema
expliot.core.bom.cdx.XPROP_PATH = 'expliot:file:path'
expliot.core.bom.cdx.XPROP_MODE = 'expliot:file:mode'
expliot.core.bom.cdx.XPROP_SIZE = 'expliot:file:size'
expliot.core.bom.cdx.VER14 = '1.4'
expliot.core.bom.cdx.VERSIONS
class expliot.core.bom.cdx.JKeywords

Namespace for JSON keywords defined in CycloneDX JSON BOM format.

BOMFMT = 'bomFormat'
SPECVERSION = 'specVersion'
SERIALNUM = 'serialNumber'
VERSION = 'version'
METADATA = 'metadata'
TIMESTAMP = 'timestamp'
TOOLS = 'tools'
EXPLIOT_VENDOR = 'EXPLIoT'
EXPLIOT_TOOL = 'EXPLIoT Framework'
COMPONENTS = 'components'
ADVISORIES = 'advisories'
AFFECTS = 'affects'
AGGREGATE = 'aggregate'
ALIASES = 'aliases'
ALG = 'alg'
ALGORITHM = 'algorithm'
ANALYSIS = 'analysis'
ANCESTORS = 'ancestors'
ASSEMBLIES = 'assemblies'
AUTHENTICATED = 'authenticated'
AUTHOR = 'author'
AUTHORS = 'authors'
BOMREF = 'bom-ref'
CERTIFICATEPATH = 'certificatePath'
CHAIN = 'chain'
CLASSIFICATION = 'classification'
COMMENT = 'comment'
COMMITTER = 'committer'
COMMITS = 'commits'
COMPONENT = 'component'
COMPONENTS = 'components'
COMPOSITIONS = 'compositions'
CONTACT = 'contact'
CONTENT = 'content'
CONTENTTYPE = 'contentType'
COPYRIGHT = 'copyright'
CPE = 'cpe'
CREATED = 'created'
CREDITS = 'credits'
CRV = 'crv'
CWES = 'cwes'
DATA = 'data'
DEPENDENCIES = 'dependencies'
DEPENDSON = 'dependsOn'
DESCENDANTS = 'descendants'
DESCRIPTION = 'description'
DETAIL = 'detail'
DIFF = 'diff'
E = 'e'
EMAIL = 'email'
ENCODING = 'encoding'
ENDPOINTS = 'endpoints'
EVIDENCE = 'evidence'
EXCLUDES = 'excludes'
EXPRESSION = 'expression'
EXTERNALREFS = 'externalReferences'
FEATUREDIMAGE = 'featuredImage'
FLOW = 'flow'
GROUP = 'group'
HASHES = 'hashes'
ID = 'id'
INDIVIDUALS = 'individuals'
JUSTIFICATION = 'justification'
KEYID = 'keyId'
KTY = 'kty'
LICENSE = 'license'
LICENSES = 'licenses'
MANUFACTURE = 'manufacture'
MESSAGE = 'message'
METHOD = 'method'
MIME_TYPE = 'mime-type'
N = 'n'
NAME = 'name'
NOTES = 'notes'
ORGANIZATIONS = 'organizations'
PATCH = 'patch'
PATCHES = 'patches'
PEDIGREE = 'pedigree'
PHONE = 'phone'
PROPERTIES = 'properties'
PROVIDER = 'provider'
PUBLICKEY = 'publicKey'
PUBLISHED = 'published'
PUBLISHER = 'publisher'
PURL = 'purl'
RATINGS = 'ratings'
RANGE = 'range'
RECOMMENDATION = 'recommendation'
REF = 'ref'
REFERENCES = 'references'
RELEASENOTES = 'releaseNotes'
RESOLVES = 'resolves'
RESPONSE = 'response'
SCOPE = 'scope'
SCORE = 'score'
SERVICES = 'services'
SEVERITY = 'severity'
SIGNATURE = 'signature'
SIGNERS = 'signers'
SOCIALIMAGE = 'socialImage'
SOURCE = 'source'
STATE = 'state'
STATUS = 'status'
SUPPLIER = 'supplier'
SWID = 'swid'
TAGID = 'tagId'
TAGS = 'tags'
TAGVERSION = 'tagVersion'
TEXT = 'text'
TIMESTAMP = 'timestamp'
TITLE = 'title'
TOOLS = 'tools'
TYPE = 'type'
UID = 'uid'
UPDATED = 'updated'
URL = 'url'
VALUE = 'value'
VARIANTS = 'variants'
VECTOR = 'vector'
VENDOR = 'vendor'
VERSION = 'version'
VERSIONS = 'versions'
VULNERABILITIES = 'vulnerabilities'
X = 'x'
XTRUSTBOUNDARY = 'x-trust-boundary'
Y = 'y'
ALGO_MD5 = 'MD5'
ALGO_SHA1 = 'SHA-1'
ALGO_SHA256 = 'SHA-256'
ALGO_SHA384 = 'SHA-384'
ALGO_SHA512 = 'SHA-512'
ALGO_SHA3_256 = 'SHA3-256'
ALGO_SHA3_384 = 'SHA3-384'
ALGO_SHA3_512 = 'SHA3-512'
ALGO_BLAKE2B_256 = 'BLAKE2b-256'
ALGO_BLAKE2B_384 = 'BLAKE2b-384'
ALGO_BLAKE2B_512 = 'BLAKE2b-512'
ALGO_BLAKE3 = 'BLAKE3'
APPLICATION = 'application'
FRAMEWORK = 'framework'
LIBRARY = 'library'
CONTAINER = 'container'
OS = 'operating-system'
DEVICE = 'device'
FIRMWARE = 'firmware'
FILE = 'file'
class expliot.core.bom.cdx.CycloneDXBOM

CycloneDX BOM Object.

It implements a callback for DirEnumerator for creating the SBOM.

EXPLIoT CycloneDX Property Taxonomy

Property

Description

expliot:file:path

The path of the file in the paxkage (software, firmware etc)

expliot:file:mode

The file mode string as on a Linux system (rwx)

expliot:file:size

The size of the file in bytes

initbom(specversion, rootdir=None)

Create a new BOM Object and fill it with all file data.

Only if rootdir is specified.

Args:

specversion (str): The CycloneDX Specification Version

Returns:

Nothing

Raises:

ValueError - if specversion is not supported

enumcb(rootdir, currentdir, filedata)

Callback for DirEnumerator.enumerate().

Return the component data about the file

generate_from_dir(rootdir)

Generate CycloneDX BOM from the contents of a directory.

Args:
rootdir (str): The root directory to start enumerating

and generating the BOM data

Returns:

Nothing

validate()

Validate the format with the json schema of the initialized spec version.

Returns:

Nothing

Raises:

ValidationError (https://python-jsonschema.readthedocs.io/en/stable/validate/)

getbom(validate=True, jsonfmt=False)

Returns the CycloneDX BOM in Dict or JSON format.

Args:

validate(bool): Validate the format with the schema. Default is True jsonfmt(bool): Return BOM in JSON format or Dict object. Default is False

Returns:

BOM in JSON string

writebom(file, validate=True, indent=4)

Write BOM in JSON format to a file.

Args:

file(str): File path to write the JSON to validate(bool): Validate the format with the schema. Default is True indent(int): Indentation limit to improve readability. Default is 4

Returns:

Nothing

total_files()

Returns the total number of files in the root dir.

Args:

Nothing

returns

(int) Total number of files or -1 if BOM not generated

total_dirs()

Returns the total number of dirs in the root dir.

Args:

Nothing

returns

(int) Total number of dirs or -1 if BOM not generated

total_hiddenfiles()

Returns the total number of hidden files in the root dir.

Args:

Nothing

returns

(int) Total number of hidden files or -1 if BOM not generated

total_hiddendirs()

Returns the total number of hidden dirs in the root dir.

Args:

Nothing

returns

(int) Total number of hidden dirs or -1 if BOM not generated

Returns the total number of symlinks in the dir.

Args:

Nothing

returns

(int) Total number of symlinks or -1 if BOM not generated

class expliot.core.bom.cdx.Component(comptype, **kwargs)

Class that represents a CycloneDX component.

create_file(**kwargs)

Create a file component from the passed arguments.

Args:

kwargs: file component specific attributes as per the spec

Returns:

bool - True if component was created successfully, False otherwise

getdict()

Returns the dict member self.data.

Returns:

dict - the dict member self.data