expliot.core.bom.cdx¶
Support for CycloneDX BOM.
Submodules¶
Attributes¶
Classes¶
Enumerate a directory and get info on all the files and dirs recursively. |
|
Namespace for JSON keywords defined in CycloneDX JSON BOM format. |
|
CycloneDX BOM Object. |
|
Class that represents a CycloneDX component. |
Package Contents¶
- class expliot.core.bom.cdx.DirEnumerator¶
Enumerate a directory and get info on all the files and dirs recursively.
- root = ''¶
- files¶
- count¶
- enumerate(directory, callback)¶
Enumerate a ditrctory.
Enumerate the specified root dir recursively
Get metadata of each file
Call the callback method for each file and pass the metadata
- Args:
directory (str): The directory to enumerate callback (method): The callback method to be called for each file.
- The format is callback(rootdir, currentdir, filedata)
rootdir(str): Root directory path being enumerated
currentdir(str): The current directory i.e. parent of the file
- filedata (dict): File metadata
name = File name(str) abspath = Absolute path of the file (str) relpath = Relative path of the file (from the root directory) mode = File mode (str) size = File size in bytes symlink = Yes - True, No - False (bool) mime = Mime-Type (str), descr = Description from libmagic (str), sha1 = SHA1 Hash (str), sha256 = SHA256 Hash (str)
- Returns:
Nothing
- Raises:
ValueError - if the dir argument is not a valid directory i.e. doesn’t exist
- expliot.core.bom.cdx.json14schema¶
- expliot.core.bom.cdx.XPROP_PATH = 'expliot:file:path'¶
- expliot.core.bom.cdx.XPROP_MODE = 'expliot:file:mode'¶
- expliot.core.bom.cdx.XPROP_SIZE = 'expliot:file:size'¶
- expliot.core.bom.cdx.VER14 = '1.4'¶
- expliot.core.bom.cdx.VERSIONS¶
- class expliot.core.bom.cdx.JKeywords¶
Namespace for JSON keywords defined in CycloneDX JSON BOM format.
- BOMFMT = 'bomFormat'¶
- SPECVERSION = 'specVersion'¶
- SERIALNUM = 'serialNumber'¶
- VERSION = 'version'¶
- METADATA = 'metadata'¶
- TIMESTAMP = 'timestamp'¶
- TOOLS = 'tools'¶
- EXPLIOT_VENDOR = 'EXPLIoT'¶
- EXPLIOT_TOOL = 'EXPLIoT Framework'¶
- COMPONENTS = 'components'¶
- ADVISORIES = 'advisories'¶
- AFFECTS = 'affects'¶
- AGGREGATE = 'aggregate'¶
- ALIASES = 'aliases'¶
- ALG = 'alg'¶
- ALGORITHM = 'algorithm'¶
- ANALYSIS = 'analysis'¶
- ANCESTORS = 'ancestors'¶
- ASSEMBLIES = 'assemblies'¶
- AUTHENTICATED = 'authenticated'¶
- AUTHOR = 'author'¶
- AUTHORS = 'authors'¶
- BOMREF = 'bom-ref'¶
- CERTIFICATEPATH = 'certificatePath'¶
- CHAIN = 'chain'¶
- CLASSIFICATION = 'classification'¶
- COMMENT = 'comment'¶
- COMMITTER = 'committer'¶
- COMMITS = 'commits'¶
- COMPONENT = 'component'¶
- COMPOSITIONS = 'compositions'¶
- CONTACT = 'contact'¶
- CONTENT = 'content'¶
- CONTENTTYPE = 'contentType'¶
- COPYRIGHT = 'copyright'¶
- CPE = 'cpe'¶
- CREATED = 'created'¶
- CREDITS = 'credits'¶
- CRV = 'crv'¶
- CWES = 'cwes'¶
- DATA = 'data'¶
- DEPENDENCIES = 'dependencies'¶
- DEPENDSON = 'dependsOn'¶
- DESCENDANTS = 'descendants'¶
- DESCRIPTION = 'description'¶
- DETAIL = 'detail'¶
- DIFF = 'diff'¶
- E = 'e'¶
- EMAIL = 'email'¶
- ENCODING = 'encoding'¶
- ENDPOINTS = 'endpoints'¶
- EVIDENCE = 'evidence'¶
- EXCLUDES = 'excludes'¶
- EXPRESSION = 'expression'¶
- EXTERNALREFS = 'externalReferences'¶
- FEATUREDIMAGE = 'featuredImage'¶
- FLOW = 'flow'¶
- GROUP = 'group'¶
- HASHES = 'hashes'¶
- ID = 'id'¶
- INDIVIDUALS = 'individuals'¶
- JUSTIFICATION = 'justification'¶
- KEYID = 'keyId'¶
- KTY = 'kty'¶
- LICENSE = 'license'¶
- LICENSES = 'licenses'¶
- MANUFACTURE = 'manufacture'¶
- MESSAGE = 'message'¶
- METHOD = 'method'¶
- MIME_TYPE = 'mime-type'¶
- N = 'n'¶
- NAME = 'name'¶
- NOTES = 'notes'¶
- ORGANIZATIONS = 'organizations'¶
- PATCH = 'patch'¶
- PATCHES = 'patches'¶
- PEDIGREE = 'pedigree'¶
- PHONE = 'phone'¶
- PROPERTIES = 'properties'¶
- PROVIDER = 'provider'¶
- PUBLICKEY = 'publicKey'¶
- PUBLISHED = 'published'¶
- PUBLISHER = 'publisher'¶
- PURL = 'purl'¶
- RATINGS = 'ratings'¶
- RANGE = 'range'¶
- RECOMMENDATION = 'recommendation'¶
- REF = 'ref'¶
- REFERENCES = 'references'¶
- RELEASENOTES = 'releaseNotes'¶
- RESOLVES = 'resolves'¶
- RESPONSE = 'response'¶
- SCOPE = 'scope'¶
- SCORE = 'score'¶
- SERVICES = 'services'¶
- SEVERITY = 'severity'¶
- SIGNATURE = 'signature'¶
- SIGNERS = 'signers'¶
- SOCIALIMAGE = 'socialImage'¶
- SOURCE = 'source'¶
- STATE = 'state'¶
- STATUS = 'status'¶
- SUPPLIER = 'supplier'¶
- SWID = 'swid'¶
- TAGID = 'tagId'¶
- TAGS = 'tags'¶
- TAGVERSION = 'tagVersion'¶
- TEXT = 'text'¶
- TITLE = 'title'¶
- TYPE = 'type'¶
- UID = 'uid'¶
- UPDATED = 'updated'¶
- URL = 'url'¶
- VALUE = 'value'¶
- VARIANTS = 'variants'¶
- VECTOR = 'vector'¶
- VENDOR = 'vendor'¶
- VERSIONS = 'versions'¶
- VULNERABILITIES = 'vulnerabilities'¶
- X = 'x'¶
- XTRUSTBOUNDARY = 'x-trust-boundary'¶
- Y = 'y'¶
- ALGO_MD5 = 'MD5'¶
- ALGO_SHA1 = 'SHA-1'¶
- ALGO_SHA256 = 'SHA-256'¶
- ALGO_SHA384 = 'SHA-384'¶
- ALGO_SHA512 = 'SHA-512'¶
- ALGO_SHA3_256 = 'SHA3-256'¶
- ALGO_SHA3_384 = 'SHA3-384'¶
- ALGO_SHA3_512 = 'SHA3-512'¶
- ALGO_BLAKE2B_256 = 'BLAKE2b-256'¶
- ALGO_BLAKE2B_384 = 'BLAKE2b-384'¶
- ALGO_BLAKE2B_512 = 'BLAKE2b-512'¶
- ALGO_BLAKE3 = 'BLAKE3'¶
- APPLICATION = 'application'¶
- FRAMEWORK = 'framework'¶
- LIBRARY = 'library'¶
- CONTAINER = 'container'¶
- OS = 'operating-system'¶
- DEVICE = 'device'¶
- FIRMWARE = 'firmware'¶
- FILE = 'file'¶
- class expliot.core.bom.cdx.CycloneDXBOM¶
CycloneDX BOM Object.
It implements a callback for DirEnumerator for creating the SBOM.
EXPLIoT CycloneDX Property Taxonomy
Property
Description
expliot:file:path
The path of the file in the paxkage (software, firmware etc)
expliot:file:mode
The file mode string as on a Linux system (rwx)
expliot:file:size
The size of the file in bytes
- bom = None¶
- version = None¶
- count¶
- initbom(specversion, rootdir=None)¶
Create a new BOM Object and fill it with all file data.
Only if rootdir is specified.
- Args:
specversion (str): The CycloneDX Specification Version
- Returns:
Nothing
- Raises:
ValueError - if specversion is not supported
- enumcb(rootdir, currentdir, filedata)¶
Callback for DirEnumerator.enumerate().
Return the component data about the file
- generate_from_dir(rootdir)¶
Generate CycloneDX BOM from the contents of a directory.
- Args:
- rootdir (str): The root directory to start enumerating
and generating the BOM data
- Returns:
Nothing
- validate()¶
Validate the format with the json schema of the initialized spec version.
- Returns:
Nothing
- Raises:
ValidationError (https://python-jsonschema.readthedocs.io/en/stable/validate/)
- getbom(validate=True, jsonfmt=False)¶
Returns the CycloneDX BOM in Dict or JSON format.
- Args:
validate(bool): Validate the format with the schema. Default is True jsonfmt(bool): Return BOM in JSON format or Dict object. Default is False
- Returns:
BOM in JSON string
- writebom(file, validate=True, indent=4)¶
Write BOM in JSON format to a file.
- Args:
file(str): File path to write the JSON to validate(bool): Validate the format with the schema. Default is True indent(int): Indentation limit to improve readability. Default is 4
- Returns:
Nothing
- total_files()¶
Returns the total number of files in the root dir.
- Args:
Nothing
- Returns:
(int) Total number of files or -1 if BOM not generated
- total_dirs()¶
Returns the total number of dirs in the root dir.
- Args:
Nothing
- Returns:
(int) Total number of dirs or -1 if BOM not generated
Returns the total number of hidden files in the root dir.
- Args:
Nothing
- Returns:
(int) Total number of hidden files or -1 if BOM not generated
Returns the total number of hidden dirs in the root dir.
- Args:
Nothing
- Returns:
(int) Total number of hidden dirs or -1 if BOM not generated
- total_symlinks()¶
Returns the total number of symlinks in the dir.
- Args:
Nothing
- Returns:
(int) Total number of symlinks or -1 if BOM not generated
- class expliot.core.bom.cdx.Component(comptype, **kwargs)¶
Class that represents a CycloneDX component.
- data¶
- create_file(**kwargs)¶
Create a file component from the passed arguments.
- Args:
kwargs: file component specific attributes as per the spec
- Returns:
bool - True if component was created successfully, False otherwise
- getdict()¶
Returns the dict member self.data.
- Returns:
dict - the dict member self.data