expliot.core.bom.cdx
¶
Support for CycloneDX BOM
Submodules¶
Package Contents¶
Classes¶
Enumerate a directory and get info on all the |
|
Namespace for JSON keywords defined in CycloneDX JSON BOM format |
|
CycloneDX BOM Object |
|
Class that represents a CycloneDX component |
Attributes¶
CycloneDX BOM V1.4 JSON schema |
|
- expliot.core.bom.cdx.json14schema¶
- class expliot.core.bom.cdx.DirEnumerator¶
Enumerate a directory and get info on all the files and dirs recursively.
- enumerate(directory, callback)¶
Directory enumerator 1. Enumerate the specified root dir recursively 2. Get metadata of each file 3. Call the callback method for each file and pass the metadata
- Args:
directory (str): The directory to enumerate callback (method): The callback method to be called for each file.
- The format is callback(rootdir, currentdir, filedata)
rootdir(str): Root directory path being enumerated
currentdir(str): The current directory i.e. parent of the file
- filedata (dict): File metadata
name = File name(str) abspath = Absolute path of the file (str) relpath = Relative path of the file (from the root directory) mode = File mode (str) size = File size in bytes symlink = Yes - True, No - False (bool) mime = Mime-Type (str), descr = Description from libmagic (str), sha1 = SHA1 Hash (str), sha256 = SHA256 Hash (str)
- Returns:
Nothing
- Raises:
ValueError - if the dir argument is not a valid directory i.e. doesn’t exist
- expliot.core.bom.cdx.XPROP_PATH = expliot:file:path¶
- expliot.core.bom.cdx.XPROP_MODE = expliot:file:mode¶
- expliot.core.bom.cdx.XPROP_SIZE = expliot:file:size¶
- expliot.core.bom.cdx.VER14 = 1.4¶
- expliot.core.bom.cdx.VERSIONS¶
- class expliot.core.bom.cdx.JKeywords¶
Namespace for JSON keywords defined in CycloneDX JSON BOM format
- BOMFMT = bomFormat¶
- SPECVERSION = specVersion¶
- SERIALNUM = serialNumber¶
- VERSION = version¶
- METADATA = metadata¶
- TIMESTAMP = timestamp¶
- TOOLS = tools¶
- EXPLIOT_VENDOR = EXPLIoT¶
- EXPLIOT_TOOL = EXPLIoT Framework¶
- COMPONENTS = components¶
- ADVISORIES = advisories¶
- AFFECTS = affects¶
- AGGREGATE = aggregate¶
- ALIASES = aliases¶
- ALG = alg¶
- ALGORITHM = algorithm¶
- ANALYSIS = analysis¶
- ANCESTORS = ancestors¶
- ASSEMBLIES = assemblies¶
- AUTHENTICATED = authenticated¶
- AUTHOR = author¶
- AUTHORS = authors¶
- BOMREF = bom-ref¶
- CERTIFICATEPATH = certificatePath¶
- CHAIN = chain¶
- CLASSIFICATION = classification¶
- COMMENT = comment¶
- COMMITTER = committer¶
- COMMITS = commits¶
- COMPONENT = component¶
- COMPONENTS = components¶
- COMPOSITIONS = compositions¶
- CONTACT = contact¶
- CONTENT = content¶
- CONTENTTYPE = contentType¶
- COPYRIGHT = copyright¶
- CPE = cpe¶
- CREATED = created¶
- CREDITS = credits¶
- CRV = crv¶
- CWES = cwes¶
- DATA = data¶
- DEPENDENCIES = dependencies¶
- DEPENDSON = dependsOn¶
- DESCENDANTS = descendants¶
- DESCRIPTION = description¶
- DETAIL = detail¶
- DIFF = diff¶
- E = e¶
- EMAIL = email¶
- ENCODING = encoding¶
- ENDPOINTS = endpoints¶
- EVIDENCE = evidence¶
- EXCLUDES = excludes¶
- EXPRESSION = expression¶
- EXTERNALREFS = externalReferences¶
- FEATUREDIMAGE = featuredImage¶
- FLOW = flow¶
- GROUP = group¶
- HASHES = hashes¶
- ID = id¶
- INDIVIDUALS = individuals¶
- JUSTIFICATION = justification¶
- KEYID = keyId¶
- KTY = kty¶
- LICENSE = license¶
- LICENSES = licenses¶
- MANUFACTURE = manufacture¶
- MESSAGE = message¶
- METHOD = method¶
- MIME_TYPE = mime-type¶
- N = n¶
- NAME = name¶
- NOTES = notes¶
- ORGANIZATIONS = organizations¶
- PATCH = patch¶
- PATCHES = patches¶
- PEDIGREE = pedigree¶
- PHONE = phone¶
- PROPERTIES = properties¶
- PROVIDER = provider¶
- PUBLICKEY = publicKey¶
- PUBLISHED = published¶
- PUBLISHER = publisher¶
- PURL = purl¶
- RATINGS = ratings¶
- RANGE = range¶
- RECOMMENDATION = recommendation¶
- REF = ref¶
- REFERENCES = references¶
- RELEASENOTES = releaseNotes¶
- RESOLVES = resolves¶
- RESPONSE = response¶
- SCOPE = scope¶
- SCORE = score¶
- SERVICES = services¶
- SEVERITY = severity¶
- SIGNATURE = signature¶
- SIGNERS = signers¶
- SOCIALIMAGE = socialImage¶
- SOURCE = source¶
- STATE = state¶
- STATUS = status¶
- SUPPLIER = supplier¶
- SWID = swid¶
- TAGID = tagId¶
- TAGS = tags¶
- TAGVERSION = tagVersion¶
- TEXT = text¶
- TIMESTAMP = timestamp¶
- TITLE = title¶
- TOOLS = tools¶
- TYPE = type¶
- UID = uid¶
- UPDATED = updated¶
- URL = url¶
- VALUE = value¶
- VARIANTS = variants¶
- VECTOR = vector¶
- VENDOR = vendor¶
- VERSION = version¶
- VERSIONS = versions¶
- VULNERABILITIES = vulnerabilities¶
- X = x¶
- XTRUSTBOUNDARY = x-trust-boundary¶
- Y = y¶
- ALGO_MD5 = MD5¶
- ALGO_SHA1 = SHA-1¶
- ALGO_SHA256 = SHA-256¶
- ALGO_SHA384 = SHA-384¶
- ALGO_SHA512 = SHA-512¶
- ALGO_SHA3_256 = SHA3-256¶
- ALGO_SHA3_384 = SHA3-384¶
- ALGO_SHA3_512 = SHA3-512¶
- ALGO_BLAKE2B_256 = BLAKE2b-256¶
- ALGO_BLAKE2B_384 = BLAKE2b-384¶
- ALGO_BLAKE2B_512 = BLAKE2b-512¶
- ALGO_BLAKE3 = BLAKE3¶
- APPLICATION = application¶
- FRAMEWORK = framework¶
- LIBRARY = library¶
- CONTAINER = container¶
- OS = operating-system¶
- DEVICE = device¶
- FIRMWARE = firmware¶
- FILE = file¶
- class expliot.core.bom.cdx.CycloneDXBOM¶
CycloneDX BOM Object It implements a callback for DirEnumerator for creating the SBOM
EXPLIoT CycloneDX Property Taxonomy
Property
Description
expliot:file:path
The path of the file in the paxkage (software, firmware etc)
expliot:file:mode
The file mode string as on a Linux system (rwx)
expliot:file:size
The size of the file in bytes
- initbom(specversion, rootdir=None)¶
Create a new BOM Object and fill it with all file data if rootdir is specified.
- Args:
specversion (str): The CycloneDX Specification Version
- Returns:
Nothing
- Raises:
ValueError - if specversion is not supported
- enumcb(rootdir, currentdir, filedata)¶
Callback for DirEnumerator.enumerate() Return the component data about the file
- generate_from_dir(rootdir)¶
Generate CycloneDX BOM from the contents of a directory
- Args:
- rootdir (str): The root directory to start enumerating
and generating the BOM data
- Returns:
Nothing
- validate()¶
Validate the format with the json schema of the initialized spec version
Args:
- Returns:
Nothing
- Raises:
ValidationError (https://python-jsonschema.readthedocs.io/en/stable/validate/)
- getbom(validate=True, jsonfmt=False)¶
Returns the CycloneDX BOM in Dict or JSON format
- Args:
validate(bool): Validate the format with the schema. Default is True jsonfmt(bool): Return BOM in JSON format or Dict object. Default is False
- Returns:
BOM in JSON string
- writebom(file, validate=True, indent=4)¶
Write BOM in JSON format to a file
- Args:
file(str): File path to write the JSON to validate(bool): Validate the format with the schema. Default is True indent(int): Indentation limit to improve readability. Default is 4
- Returns:
Nothing
- total_files()¶
Returns the total number of files in the root dir
- Args:
Nothing
- returns
(int) Total number of files or -1 if BOM not generated
- total_dirs()¶
Returns the total number of dirs in the root dir
- Args:
Nothing
- returns
(int) Total number of dirs or -1 if BOM not generated
Returns the total number of hidden files in the root dir
- Args:
Nothing
- returns
(int) Total number of hidden files or -1 if BOM not generated
Returns the total number of hidden dirs in the root dir
- Args:
Nothing
- returns
(int) Total number of hidden dirs or -1 if BOM not generated
- total_symlinks()¶
Returns the total number of symlinks in the dir
- Args:
Nothing
- returns
(int) Total number of symlinks or -1 if BOM not generated
- class expliot.core.bom.cdx.Component(comptype, **kwargs)¶
Class that represents a CycloneDX component
- create_file(**kwargs)¶
Create a file component from the passed arguments
- Args:
kwargs: file component specific attributes as per the spec
- Returns:
bool - True if component was created successfully, False otherwise
- getdict()¶
Returns the dict member self.data.
- Returns:
dict - the dict member self.data