From 82aadd8eb0727fcf92f9a8f92372402ab4dc77ab Mon Sep 17 00:00:00 2001 From: Michael Lieberman Date: Fri, 23 Feb 2024 06:35:17 +0000 Subject: [PATCH] Add get output functionality This adds functionality to get outputs from Skootrs managed projects. This currently only supports SBOMs. --- Cargo.lock | 920 ++++++------------------------- README.md | 7 +- shell.nix | 2 + skootrs-bin/Cargo.toml | 3 + skootrs-bin/src/helpers.rs | 110 +++- skootrs-bin/src/main.rs | 25 +- skootrs-lib/Cargo.toml | 2 +- skootrs-lib/src/service/facet.rs | 61 +- skootrs-model/Cargo.toml | 1 - 9 files changed, 334 insertions(+), 797 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 341c657..d03d111 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -40,7 +40,7 @@ dependencies = [ "flate2", "futures-core", "h2", - "http 0.2.11", + "http", "httparse", "httpdate", "itoa", @@ -75,7 +75,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d22475596539443685426b6bdadb926ad0ecaefdfc5fb05e5e3441f15463c511" dependencies = [ "bytestring", - "http 0.2.11", + "http", "regex", "serde", "tracing", @@ -148,7 +148,7 @@ dependencies = [ "bytes", "bytestring", "cfg-if", - "cookie 0.16.2", + "cookie", "derive_more", "encoding_rs", "futures-core", @@ -328,12 +328,6 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ea50b14b7a4b9343f8c627a7a53c52076482bd4bdad0a24fd3ec533ed616cc2c" -[[package]] -name = "anyhow" -version = "1.0.79" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "080e9890a082662b09c1ad45f567faeeb47f22b5fb23895fbe1e651e718e25ca" - [[package]] name = "approx" version = "0.5.1" @@ -510,34 +504,6 @@ dependencies = [ "critical-section", ] -[[package]] -name = "attribute-derive" -version = "0.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c94f43ede6f25dab1dea046bff84d85dea61bd49aba7a9011ad66c0d449077b" -dependencies = [ - "attribute-derive-macro", - "proc-macro2", - "quote", - "syn 2.0.48", -] - -[[package]] -name = "attribute-derive-macro" -version = "0.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b409e2b2d2dc206d2c0ad3575a93f001ae21a1593e2d0c69b69c308e63f3b422" -dependencies = [ - "collection_literals", - "interpolator", - "manyhow", - "proc-macro-utils", - "proc-macro2", - "quote", - "quote-use", - "syn 2.0.48", -] - [[package]] name = "autocfg" version = "1.1.0" @@ -561,9 +527,9 @@ dependencies = [ [[package]] name = "base64" -version = "0.21.5" +version = "0.21.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35636a1494ede3b646cc98f74f8e62c773a38a659ebc777a2cf26b9b74171df9" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "base64ct" @@ -750,7 +716,6 @@ dependencies = [ "bytecheck_derive", "ptr_meta", "simdutf8", - "uuid", ] [[package]] @@ -802,12 +767,6 @@ dependencies = [ "pkg-config", ] -[[package]] -name = "camino" -version = "1.1.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c59e92b5a388f549b863a7bea62612c09f24c8393560709a54558a9abdfb3b9c" - [[package]] name = "cc" version = "1.0.83" @@ -911,33 +870,6 @@ dependencies = [ "windows-targets 0.48.5", ] -[[package]] -name = "ciborium" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42e69ffd6f0917f5c029256a24d0161db17cea3997d185db0d35926308770f0e" -dependencies = [ - "ciborium-io", - "ciborium-ll", - "serde", -] - -[[package]] -name = "ciborium-io" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05afea1e0a06c9be33d539b876f1ce3692f4afea2cb41f740e7743225ed1c757" - -[[package]] -name = "ciborium-ll" -version = "0.2.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "57663b653d948a338bfb3eeba9bb2fd5fcfaecb9e199e87e1eda4d9e8b240fd9" -dependencies = [ - "ciborium-io", - "half", -] - [[package]] name = "cipher" version = "0.4.4" @@ -999,12 +931,6 @@ version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "702fc72eb24e5a1e48ce58027a675bc24edd52096d5397d4aea7c6dd9eca0bd1" -[[package]] -name = "collection_literals" -version = "1.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "186dce98367766de751c42c4f03970fc60fc012296e706ccbb9d5df9b6c1e271" - [[package]] name = "colorchoice" version = "1.0.0" @@ -1020,61 +946,18 @@ dependencies = [ "crossbeam-utils", ] -[[package]] -name = "config" -version = "0.13.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23738e11972c7643e4ec947840fc463b6a571afcd3e735bdfce7d03c7a784aca" -dependencies = [ - "async-trait", - "lazy_static", - "nom", - "pathdiff", - "serde", - "toml", -] - [[package]] name = "const-oid" version = "0.9.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" -[[package]] -name = "const_format" -version = "0.2.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e3a214c7af3d04997541b18d432afaff4c455e79e2029079647e72fc2bd27673" -dependencies = [ - "const_format_proc_macros", -] - -[[package]] -name = "const_format_proc_macros" -version = "0.2.32" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c7f6ff08fd20f4f299298a28e2dfa8a8ba1036e6cd2460ac1de7b425d76f2500" -dependencies = [ - "proc-macro2", - "quote", - "unicode-xid", -] - [[package]] name = "convert_case" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e" -[[package]] -name = "convert_case" -version = "0.6.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec182b0ca2f35d8fc196cf3404988fd8b8c739a4d270ff118a398feb0cbec1ca" -dependencies = [ - "unicode-segmentation", -] - [[package]] name = "cookie" version = "0.16.2" @@ -1086,17 +969,6 @@ dependencies = [ "version_check", ] -[[package]] -name = "cookie" -version = "0.18.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3cd91cf61412820176e137621345ee43b3f4423e589e7ae4e50d601d93e35ef8" -dependencies = [ - "percent-encoding", - "time", - "version_check", -] - [[package]] name = "core-foundation" version = "0.9.4" @@ -1231,37 +1103,12 @@ dependencies = [ "syn 2.0.48", ] -[[package]] -name = "dashmap" -version = "5.5.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "978747c1d849a7d2ee5e8adc0159961c48fb7e5db2f06af6723b80123bb53856" -dependencies = [ - "cfg-if", - "hashbrown 0.14.3", - "lock_api", - "once_cell", - "parking_lot_core", -] - [[package]] name = "data-encoding" version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7e962a19be5cfc3f3bf6dd8f61eb50107f356ad6270fbb3ed41476571db78be5" -[[package]] -name = "default-struct-builder" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f8fa90da96b8fd491f5754d1f7a731f73921e3b7aa0ce333c821a0e43666ac14" -dependencies = [ - "darling", - "proc-macro2", - "quote", - "syn 2.0.48", -] - [[package]] name = "der" version = "0.7.8" @@ -1283,24 +1130,13 @@ dependencies = [ "serde", ] -[[package]] -name = "derive-where" -version = "1.2.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62d671cc41a825ebabc75757b62d3d168c577f9149b2d49ece1dad1f72119d25" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.48", -] - [[package]] name = "derive_more" version = "0.99.17" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4fb810d30a7c1953f91334de7244731fc3f3c10d7fe163338a35b9f640960321" dependencies = [ - "convert_case 0.4.0", + "convert_case", "proc-macro2", "quote", "rustc_version", @@ -1388,12 +1224,6 @@ version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10" -[[package]] -name = "drain_filter_polyfill" -version = "0.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "669a445ee724c5c69b1b06fe0b63e70a1c84bc9bb7d9696cd4f4e3ec45050408" - [[package]] name = "dyn-clone" version = "1.0.16" @@ -1529,6 +1359,21 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" +[[package]] +name = "foreign-types" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1" +dependencies = [ + "foreign-types-shared", +] + +[[package]] +name = "foreign-types-shared" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b" + [[package]] name = "form_urlencoded" version = "1.2.1" @@ -1781,52 +1626,6 @@ version = "0.3.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" -[[package]] -name = "gloo-net" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43aaa242d1239a8822c15c645f02166398da4f8b5c4bae795c1f5b44e9eee173" -dependencies = [ - "futures-channel", - "futures-core", - "futures-sink", - "gloo-utils", - "http 0.2.11", - "js-sys", - "pin-project", - "serde", - "serde_json", - "thiserror", - "wasm-bindgen", - "wasm-bindgen-futures", - "web-sys", -] - -[[package]] -name = "gloo-timers" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bbb143cf96099802033e0d4f4963b19fd2e0b728bcf076cd9cf7f6634f092994" -dependencies = [ - "futures-channel", - "futures-core", - "js-sys", - "wasm-bindgen", -] - -[[package]] -name = "gloo-utils" -version = "0.2.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0b5555354113b18c547c1d3a98fbf7fb32a9ff4f6fa112ce823a21641a0ba3aa" -dependencies = [ - "js-sys", - "serde", - "serde_json", - "wasm-bindgen", - "web-sys", -] - [[package]] name = "h2" version = "0.3.22" @@ -1838,24 +1637,14 @@ dependencies = [ "futures-core", "futures-sink", "futures-util", - "http 0.2.11", - "indexmap 2.1.0", + "http", + "indexmap 2.2.3", "slab", "tokio", "tokio-util", "tracing", ] -[[package]] -name = "half" -version = "2.3.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc52e53916c08643f1b56ec082790d1e86a32e58dc5268f897f313fbae7b4872" -dependencies = [ - "cfg-if", - "crunchy", -] - [[package]] name = "hash32" version = "0.2.1" @@ -1933,15 +1722,6 @@ dependencies = [ "digest", ] -[[package]] -name = "html-escape" -version = "0.2.13" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6d1ad449764d627e22bfd7cd5e8868264fc9236e07c752972b4080cd351cb476" -dependencies = [ - "utf8-width", -] - [[package]] name = "http" version = "0.2.11" @@ -1953,17 +1733,6 @@ dependencies = [ "itoa", ] -[[package]] -name = "http" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b32afd38673a8016f7c9ae69e5af41a58f81b1d31689040f2f1959594ce194ea" -dependencies = [ - "bytes", - "fnv", - "itoa", -] - [[package]] name = "http-body" version = "0.4.5" @@ -1971,7 +1740,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d5f38f16d184e36f2408a55281cd658ecbd3ca05cce6d6510a176eca393e26d1" dependencies = [ "bytes", - "http 0.2.11", + "http", "pin-project-lite", ] @@ -2019,7 +1788,7 @@ dependencies = [ "futures-core", "futures-util", "h2", - "http 0.2.11", + "http", "http-body", "httparse", "httpdate", @@ -2039,7 +1808,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590" dependencies = [ "futures-util", - "http 0.2.11", + "http", "hyper", "log", "rustls", @@ -2060,6 +1829,19 @@ dependencies = [ "tokio-io-timeout", ] +[[package]] +name = "hyper-tls" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d6183ddfa99b85da61a140bea0efc93fdf56ceaa041b37d553518030827f9905" +dependencies = [ + "bytes", + "hyper", + "native-tls", + "tokio", + "tokio-native-tls", +] + [[package]] name = "iana-time-zone" version = "0.1.58" @@ -2112,9 +1894,9 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.1.0" +version = "2.2.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d530e1a18b1cb4c484e6e34556a0d948706958449fca0cab753d649f2bce3d1f" +checksum = "233cf39063f058ea2caae4091bf4a3ef70a653afbc026f5c4a4135d114e3c177" dependencies = [ "equivalent", "hashbrown 0.14.3", @@ -2152,18 +1934,6 @@ version = "3.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8bb03732005da905c88227371639bf1ad885cc712789c011c31c5fb3ab3ccf02" -[[package]] -name = "interpolator" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "71dd52191aae121e8611f1e8dc3e324dd0dd1dee1e6dd91d10ee07a3cfb4d9d8" - -[[package]] -name = "inventory" -version = "0.3.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f958d3d68f4167080a18141e10381e7634563984a537f2a49a30fd8e53ac5767" - [[package]] name = "ipnet" version = "2.9.0" @@ -2209,15 +1979,6 @@ dependencies = [ "either", ] -[[package]] -name = "itertools" -version = "0.12.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ba291022dbbd398a455acf126c1e341954079855bc60dfdda641363bd6922569" -dependencies = [ - "either", -] - [[package]] name = "itoa" version = "1.0.9" @@ -2293,221 +2054,23 @@ dependencies = [ name = "language-tags" version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d4345964bb142484797b161f473a503a434de77149dd8c7427788c6e13379388" - -[[package]] -name = "lazy_static" -version = "1.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" -dependencies = [ - "spin 0.5.2", -] - -[[package]] -name = "lazycell" -version = "1.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" - -[[package]] -name = "leptos" -version = "0.6.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c115de7c6fca2164133e18328777d02c371434ace38049ac02886b5cffd22dc" -dependencies = [ - "cfg-if", - "leptos_config", - "leptos_dom", - "leptos_macro", - "leptos_reactive", - "leptos_server", - "server_fn", - "tracing", - "typed-builder", - "typed-builder-macro", - "web-sys", -] - -[[package]] -name = "leptos-struct-table" -version = "0.7.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "693906b6ed91978d359233466a361eb5548242101233283ca360bac16d27c568" -dependencies = [ - "async-trait", - "chrono", - "leptos", - "leptos-struct-table-macro", - "leptos-use", - "paste", - "serde", - "thiserror", - "uuid", - "wasm-bindgen", - "web-sys", -] - -[[package]] -name = "leptos-struct-table-macro" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7a7b4657689f2ee349fd96c2991957fa278be4b1ba895b2ed9a5c93c9bdb58c" -dependencies = [ - "darling", - "heck", - "proc-macro2", - "quote", - "syn 2.0.48", -] - -[[package]] -name = "leptos-use" -version = "0.10.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "885ab55e844f9dda9f1394bce011b5ff5332e0a1782c165c78d53f3138cbbd38" -dependencies = [ - "async-trait", - "cfg-if", - "cookie 0.18.0", - "default-struct-builder", - "futures-util", - "gloo-timers", - "gloo-utils", - "js-sys", - "lazy_static", - "leptos", - "paste", - "thiserror", - "wasm-bindgen", - "wasm-bindgen-futures", - "web-sys", -] - -[[package]] -name = "leptos_config" -version = "0.6.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "055262ff3660e95ec95cadd8a05a02070d624354e08e30b99c14a81023feb2dc" -dependencies = [ - "config", - "regex", - "serde", - "thiserror", - "typed-builder", -] - -[[package]] -name = "leptos_dom" -version = "0.6.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "adfea7feb9c488448db466ca0673b691ec2a05efb0b2bc6626b7248ee04bb39c" -dependencies = [ - "async-recursion", - "cfg-if", - "drain_filter_polyfill", - "futures", - "getrandom", - "html-escape", - "indexmap 2.1.0", - "itertools 0.12.1", - "js-sys", - "leptos_reactive", - "once_cell", - "pad-adapter", - "paste", - "rustc-hash", - "serde", - "serde_json", - "server_fn", - "smallvec", - "tracing", - "wasm-bindgen", - "wasm-bindgen-futures", - "web-sys", -] - -[[package]] -name = "leptos_hot_reload" -version = "0.6.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3ba8f68f7c3135975eb34ed19210272ebef2d6f422d138ff87a726b8793fe105" -dependencies = [ - "anyhow", - "camino", - "indexmap 2.1.0", - "parking_lot", - "proc-macro2", - "quote", - "rstml", - "serde", - "syn 2.0.48", - "walkdir", -] - -[[package]] -name = "leptos_macro" -version = "0.6.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "039c510dafb7d9997e4b8accfcced5675fabc65720caf544592df32432d6d65a" -dependencies = [ - "attribute-derive", - "cfg-if", - "convert_case 0.6.0", - "html-escape", - "itertools 0.12.1", - "leptos_hot_reload", - "prettyplease", - "proc-macro-error", - "proc-macro2", - "quote", - "rstml", - "server_fn_macro", - "syn 2.0.48", - "tracing", - "uuid", -] - -[[package]] -name = "leptos_reactive" -version = "0.6.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b30c5bc7f3496d6ba399578171cf133c50d2172f9791fe292db4da2fd0d8cec4" -dependencies = [ - "base64", - "cfg-if", - "futures", - "indexmap 2.1.0", - "paste", - "pin-project", - "rkyv", - "rustc-hash", - "self_cell", - "serde", - "serde-wasm-bindgen", - "serde_json", - "slotmap", - "thiserror", - "tracing", - "wasm-bindgen-futures", -] +checksum = "d4345964bb142484797b161f473a503a434de77149dd8c7427788c6e13379388" [[package]] -name = "leptos_server" -version = "0.6.5" +name = "lazy_static" +version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f06b9b860479385991fad54cbee372382aee3c1e75ca78b5da6f8bda90c153e1" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" dependencies = [ - "inventory", - "lazy_static", - "leptos_macro", - "leptos_reactive", - "serde", - "server_fn", - "thiserror", - "tracing", + "spin 0.5.2", ] +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + [[package]] name = "lexicmp" version = "0.1.0" @@ -2635,29 +2198,6 @@ dependencies = [ "libc", ] -[[package]] -name = "manyhow" -version = "0.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "516b76546495d933baa165075b95c0a15e8f7ef75e53f56b19b7144d80fd52bd" -dependencies = [ - "manyhow-macros", - "proc-macro2", - "quote", - "syn 2.0.48", -] - -[[package]] -name = "manyhow-macros" -version = "0.8.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ba072c0eadade3160232e70893311f1f8903974488096e2eb8e48caba2f0cf1" -dependencies = [ - "proc-macro-utils", - "proc-macro2", - "quote", -] - [[package]] name = "matchers" version = "0.1.0" @@ -2773,6 +2313,24 @@ dependencies = [ "getrandom", ] +[[package]] +name = "native-tls" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "07226173c32f2926027b63cce4bcd8076c3552846cbe7925f3aaffeac0a3b92e" +dependencies = [ + "lazy_static", + "libc", + "log", + "openssl", + "openssl-probe", + "openssl-sys", + "schannel", + "security-framework", + "security-framework-sys", + "tempfile", +] + [[package]] name = "new_debug_unreachable" version = "1.0.4" @@ -2931,7 +2489,7 @@ dependencies = [ "either", "futures", "futures-util", - "http 0.2.11", + "http", "http-body", "hyper", "hyper-rustls", @@ -2968,7 +2526,7 @@ dependencies = [ "either", "futures", "futures-util", - "http 0.2.11", + "http", "http-body", "hyper", "hyper-rustls", @@ -2996,12 +2554,50 @@ version = "1.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dd8b5dd2ae5ed71462c540258bedcb51965123ad7e7ccf4b9a8cafaa4a63576d" +[[package]] +name = "openssl" +version = "0.10.64" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "95a0481286a310808298130d22dd1fef0fa571e05a8f44ec801801e84b216b1f" +dependencies = [ + "bitflags 2.4.1", + "cfg-if", + "foreign-types", + "libc", + "once_cell", + "openssl-macros", + "openssl-sys", +] + +[[package]] +name = "openssl-macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.48", +] + [[package]] name = "openssl-probe" version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" +[[package]] +name = "openssl-sys" +version = "0.9.101" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dda2b0f344e78efc2facf7d195d098df0dd72151b26ab98da807afc26c198dff" +dependencies = [ + "cc", + "libc", + "pkg-config", + "vcpkg", +] + [[package]] name = "opentelemetry" version = "0.21.0" @@ -3010,7 +2606,7 @@ checksum = "1e32339a5dc40459130b3bd269e9892439f55b33e772d2a9d402a789baaf4e8a" dependencies = [ "futures-core", "futures-sink", - "indexmap 2.1.0", + "indexmap 2.2.3", "js-sys", "once_cell", "pin-project-lite", @@ -3095,12 +2691,6 @@ version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b15813163c1d831bf4a13c3610c05c0d03b39feb07f7e09fa234dac9b15aaf39" -[[package]] -name = "pad-adapter" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "56d80efc4b6721e8be2a10a5df21a30fa0b470f1539e53d8b4e6e75faf938b63" - [[package]] name = "parking" version = "2.2.0" @@ -3153,12 +2743,6 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "17359afc20d7ab31fdb42bb844c8b3bb1dabd7dcf7e68428492da7f16966fcef" -[[package]] -name = "pathdiff" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8835116a5c179084a830efb3adc117ab007512b535bc1a21c991d3b32a6b44dd" - [[package]] name = "pbkdf2" version = "0.12.2" @@ -3219,7 +2803,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e1d3afd2628e69da2be385eb6f2fd57c8ac7977ceeff6dc166ff1657b0e386a9" dependencies = [ "fixedbitset", - "indexmap 2.1.0", + "indexmap 2.2.3", ] [[package]] @@ -3367,17 +2951,6 @@ dependencies = [ "version_check", ] -[[package]] -name = "proc-macro-utils" -version = "0.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3f59e109e2f795a5070e69578c4dc101068139f74616778025ae1011d4cd41a8" -dependencies = [ - "proc-macro2", - "quote", - "smallvec", -] - [[package]] name = "proc-macro2" version = "1.0.78" @@ -3387,19 +2960,6 @@ dependencies = [ "unicode-ident", ] -[[package]] -name = "proc-macro2-diagnostics" -version = "0.10.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af066a9c399a26e020ada66a034357a868728e72cd426f3adcd35f80d88d88c8" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.48", - "version_check", - "yansi", -] - [[package]] name = "psl-types" version = "2.0.11" @@ -3444,29 +3004,6 @@ dependencies = [ "proc-macro2", ] -[[package]] -name = "quote-use" -version = "0.7.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7b5abe3fe82fdeeb93f44d66a7b444dedf2e4827defb0a8e69c437b2de2ef94" -dependencies = [ - "quote", - "quote-use-macros", - "syn 2.0.48", -] - -[[package]] -name = "quote-use-macros" -version = "0.7.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97ea44c7e20f16017a76a245bb42188517e13d16dcb1aa18044bc406cdc3f4af" -dependencies = [ - "derive-where", - "proc-macro2", - "quote", - "syn 2.0.48", -] - [[package]] name = "radium" version = "0.7.0" @@ -3671,9 +3208,9 @@ dependencies = [ [[package]] name = "reqwest" -version = "0.11.23" +version = "0.11.24" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "37b1ae8d9ac08420c66222fb9096fc5de435c3c48542bc5336c51892cffafb41" +checksum = "c6920094eb85afde5e4a138be3f2de8bbdf28000f0029e72c45025a56b042251" dependencies = [ "base64", "bytes", @@ -3681,15 +3218,17 @@ dependencies = [ "futures-core", "futures-util", "h2", - "http 0.2.11", + "http", "http-body", "hyper", "hyper-rustls", + "hyper-tls", "ipnet", "js-sys", "log", "mime", "mime_guess", + "native-tls", "once_cell", "percent-encoding", "pin-project-lite", @@ -3698,15 +3237,17 @@ dependencies = [ "serde", "serde_json", "serde_urlencoded", + "sync_wrapper", "system-configuration", "tokio", + "tokio-native-tls", "tokio-rustls", "tokio-util", "tower-service", "url", "wasm-bindgen", "wasm-bindgen-futures", - "wasm-streams 0.3.0", + "wasm-streams", "web-sys", "webpki-roots", "winreg", @@ -3866,20 +3407,6 @@ dependencies = [ "smallvec", ] -[[package]] -name = "rstml" -version = "0.11.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fe542870b8f59dd45ad11d382e5339c9a1047cde059be136a7016095bbdefa77" -dependencies = [ - "proc-macro2", - "proc-macro2-diagnostics", - "quote", - "syn 2.0.48", - "syn_derive", - "thiserror", -] - [[package]] name = "rust-embed" version = "8.1.0" @@ -4158,12 +3685,6 @@ dependencies = [ "libc", ] -[[package]] -name = "self_cell" -version = "1.0.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "58bf37232d3bb9a2c4e641ca2a11d83b5062066f88df7fed36c28772046d65ba" - [[package]] name = "semver" version = "1.0.20" @@ -4178,9 +3699,6 @@ name = "send_wrapper" version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cd0b0ec5f1c1ca621c432a25813d8d60c88abe6d3e08a3eb9cf37d97a0fe3d73" -dependencies = [ - "futures-core", -] [[package]] name = "serde" @@ -4191,17 +3709,6 @@ dependencies = [ "serde_derive", ] -[[package]] -name = "serde-wasm-bindgen" -version = "0.6.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b9b713f70513ae1f8d92665bbbbda5c295c2cf1da5542881ae5eefe20c9af132" -dependencies = [ - "js-sys", - "serde", - "wasm-bindgen", -] - [[package]] name = "serde_derive" version = "1.0.196" @@ -4230,7 +3737,7 @@ version = "1.0.112" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4d1bd37ce2324cf3bf85e5a25f96eb4baf0d5aa6eba43e7ae8958870c4ec48ed" dependencies = [ - "indexmap 2.1.0", + "indexmap 2.2.3", "itoa", "ryu", "serde", @@ -4246,17 +3753,6 @@ dependencies = [ "serde", ] -[[package]] -name = "serde_qs" -version = "0.12.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0431a35568651e363364210c91983c1da5eb29404d9f0928b67d4ebcfa7d330c" -dependencies = [ - "percent-encoding", - "serde", - "thiserror", -] - [[package]] name = "serde_urlencoded" version = "0.7.1" @@ -4279,7 +3775,7 @@ dependencies = [ "chrono", "hex", "indexmap 1.9.3", - "indexmap 2.1.0", + "indexmap 2.2.3", "serde", "serde_json", "serde_with_macros", @@ -4300,70 +3796,17 @@ dependencies = [ [[package]] name = "serde_yaml" -version = "0.9.30" +version = "0.9.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b1bf28c79a99f70ee1f1d83d10c875d2e70618417fda01ad1785e027579d9d38" +checksum = "8fd075d994154d4a774f95b51fb96bdc2832b0ea48425c92546073816cda1f2f" dependencies = [ - "indexmap 2.1.0", + "indexmap 2.2.3", "itoa", "ryu", "serde", "unsafe-libyaml", ] -[[package]] -name = "server_fn" -version = "0.6.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "97fab54d9dd2d7e9eba4efccac41d2ec3e7c6e9973d14c0486d662a32662320c" -dependencies = [ - "bytes", - "ciborium", - "const_format", - "dashmap", - "futures", - "gloo-net", - "http 1.0.0", - "js-sys", - "once_cell", - "send_wrapper", - "serde", - "serde_json", - "serde_qs", - "server_fn_macro_default", - "thiserror", - "url", - "wasm-bindgen", - "wasm-bindgen-futures", - "wasm-streams 0.4.0", - "web-sys", - "xxhash-rust", -] - -[[package]] -name = "server_fn_macro" -version = "0.6.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3be6011b586a0665546b7ced372b0be690d9e005d3f8524795da2843274d7720" -dependencies = [ - "const_format", - "convert_case 0.6.0", - "proc-macro2", - "quote", - "syn 2.0.48", - "xxhash-rust", -] - -[[package]] -name = "server_fn_macro_default" -version = "0.6.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "752ed78ec49132d154b922cf5ab6485680cab039a75740c48ea2db621ad481da" -dependencies = [ - "server_fn_macro", - "syn 2.0.48", -] - [[package]] name = "sha1" version = "0.10.6" @@ -4478,13 +3921,16 @@ checksum = "38b58827f4464d87d377d175e90bf58eb00fd8716ff0a62f80356b5e61555d0d" name = "skootrs-bin" version = "0.1.0" dependencies = [ + "base64", "clap", "inquire", "octocrab 0.32.0", "opentelemetry", "opentelemetry-jaeger", "opentelemetry_sdk", + "reqwest", "serde_json", + "serde_yaml", "skootrs-lib", "skootrs-model", "skootrs-rest", @@ -4522,7 +3968,6 @@ name = "skootrs-model" version = "0.1.0" dependencies = [ "chrono", - "leptos-struct-table", "regress", "schemars", "serde", @@ -4571,16 +4016,6 @@ dependencies = [ "autocfg", ] -[[package]] -name = "slotmap" -version = "1.0.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "dbff4acf519f630b3a3ddcfaea6c06b42174d9a44bc70c620e9ed1649d58b82a" -dependencies = [ - "serde", - "version_check", -] - [[package]] name = "smallvec" version = "1.11.2" @@ -4765,7 +4200,7 @@ dependencies = [ "fuzzy-matcher", "geo 0.27.0", "hex", - "indexmap 2.1.0", + "indexmap 2.2.3", "ipnet", "lexicmp", "lru", @@ -4875,6 +4310,12 @@ dependencies = [ "syn 2.0.48", ] +[[package]] +name = "sync_wrapper" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" + [[package]] name = "system-configuration" version = "0.5.1" @@ -4912,6 +4353,19 @@ dependencies = [ "remove_dir_all", ] +[[package]] +name = "tempfile" +version = "3.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "01ce4141aa927a6d1bd34a041795abd0db1cccba5d5f24b009f694bdf3a1f3fa" +dependencies = [ + "cfg-if", + "fastrand", + "redox_syscall", + "rustix", + "windows-sys 0.52.0", +] + [[package]] name = "term" version = "0.7.0" @@ -5069,6 +4523,16 @@ dependencies = [ "syn 2.0.48", ] +[[package]] +name = "tokio-native-tls" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bbae76ab933c85776efabc971569dd6119c580d8f5d448769dec1764bf796ef2" +dependencies = [ + "native-tls", + "tokio", +] + [[package]] name = "tokio-rustls" version = "0.24.1" @@ -5119,15 +4583,6 @@ dependencies = [ "tracing", ] -[[package]] -name = "toml" -version = "0.5.11" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234" -dependencies = [ - "serde", -] - [[package]] name = "toml_datetime" version = "0.6.5" @@ -5140,7 +4595,7 @@ version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d34d383cd00a163b4a5b85053df514d45bc330f6de7737edfe0a93311d1eaa03" dependencies = [ - "indexmap 2.1.0", + "indexmap 2.2.3", "toml_datetime", "winnow", ] @@ -5172,7 +4627,7 @@ dependencies = [ "bytes", "futures-core", "futures-util", - "http 0.2.11", + "http", "http-body", "http-range-header", "iri-string", @@ -5343,7 +4798,7 @@ dependencies = [ "byteorder", "bytes", "data-encoding", - "http 0.2.11", + "http", "httparse", "log", "rand 0.8.5", @@ -5354,26 +4809,6 @@ dependencies = [ "utf-8", ] -[[package]] -name = "typed-builder" -version = "0.18.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "444d8748011b93cb168770e8092458cb0f8854f931ff82fdf6ddfbd72a9c933e" -dependencies = [ - "typed-builder-macro", -] - -[[package]] -name = "typed-builder-macro" -version = "0.18.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "563b3b88238ec95680aef36bdece66896eaa7ce3c0f1b4f39d38fb2435261352" -dependencies = [ - "proc-macro2", - "quote", - "syn 2.0.48", -] - [[package]] name = "typenum" version = "1.17.0" @@ -5496,12 +4931,6 @@ version = "0.7.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "09cc8ee72d2a9becf2f2febe0205bbed8fc6615b7cb429ad062dc7b7ddd036a9" -[[package]] -name = "utf8-width" -version = "0.1.7" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86bd8d4e895da8537e5315b8254664e6b769c4ff3db18321b297a1e7004392e3" - [[package]] name = "utf8parse" version = "0.2.1" @@ -5514,7 +4943,7 @@ version = "4.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "272ebdfbc99111033031d2f10e018836056e4d2c8e2acda76450ec7974269fa7" dependencies = [ - "indexmap 2.1.0", + "indexmap 2.2.3", "serde", "serde_json", "utoipa-gen", @@ -5694,19 +5123,6 @@ version = "0.2.90" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4d91413b1c31d7539ba5ef2451af3f0b833a005eb27a631cec32bc0635a8602b" -[[package]] -name = "wasm-streams" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b4609d447824375f43e1ffbc051b50ad8f4b3ae8219680c94452ea05eb240ac7" -dependencies = [ - "futures-util", - "js-sys", - "wasm-bindgen", - "wasm-bindgen-futures", - "web-sys", -] - [[package]] name = "wasm-streams" version = "0.4.0" @@ -5978,18 +5394,6 @@ dependencies = [ "tap", ] -[[package]] -name = "xxhash-rust" -version = "0.8.8" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "53be06678ed9e83edb1745eb72efc0bbcd7b5c3c35711a860906aed827a13d61" - -[[package]] -name = "yansi" -version = "1.0.0-rc.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1367295b8f788d371ce2dbc842c7b709c73ee1364d30351dd300ec2203b12377" - [[package]] name = "zerocopy" version = "0.7.32" diff --git a/README.md b/README.md index ba2a3e6..9fa8cc6 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,8 @@ Commands: create daemon dump - get-facet + get-facet + get help Print this message or the help of the given subcommand(s) ``` @@ -30,6 +31,8 @@ Commands: - Daemon - The command for running Skootrs as a REST API. - Dump - The command for dumping the output of Skootrs' state database to stdout. Useful for debugging. - Get-Facet - The command for dumping the file or API output for a facet for a given project. +- Get - This is a new command that will be the verb for getting items that Skootrs knows abou + - Output - This is a verb for the Get command that will fetch outputs from Skootrs project. Currently this only supports getting SBOMs To get pretty printing of the logs which are in [bunyan](https://github.com/trentm/node-bunyan) format I recommend piping the skootrs into the bunyan cli. I recommend using [bunyan-rs](https://github.com/LukeMathWalker/bunyan). For example: @@ -56,4 +59,4 @@ $ cargo run create | bunyan The initial talk given on Skootrs appears to not have been recorded but here are the locations of slides that include the reason why Skootrs is being built along with some architecture: - [OpenSSF Day Japan 2023](https://github.com/mlieberman85/talks/blob/91cf3bef51f7d277a744098863389e362920b4c8/2023-12-04-ossfday/presentation.pdf) -- [NYU Guest Talk](https://github.com/mlieberman85/talks/blob/main/2024-01-30-skootrs/presentation.pdf) \ No newline at end of file +- [NYU Guest Talk](https://github.com/mlieberman85/talks/blob/main/2024-01-30-skootrs/presentation.pdf) diff --git a/shell.nix b/shell.nix index 8f0c260..bc83eb7 100644 --- a/shell.nix +++ b/shell.nix @@ -8,6 +8,8 @@ bunyan-rs go maven + pkg-config + openssl ]; RUSTC_VERSION = pkgs.lib.readFile ./rust-toolchain; # https://github.com/rust-lang/rust-bindgen#environment-variables diff --git a/skootrs-bin/Cargo.toml b/skootrs-bin/Cargo.toml index 63d52a9..b98bd0b 100644 --- a/skootrs-bin/Cargo.toml +++ b/skootrs-bin/Cargo.toml @@ -22,3 +22,6 @@ tracing-opentelemetry = "0.22.0" tracing-bunyan-formatter = "0.3.9" opentelemetry = { version = "0.21.0" } opentelemetry_sdk = "0.21.2" +serde_yaml = "0.9.32" +reqwest = "0.11.24" +base64 = "0.21.7" diff --git a/skootrs-bin/src/helpers.rs b/skootrs-bin/src/helpers.rs index c292963..516edfd 100644 --- a/skootrs-bin/src/helpers.rs +++ b/skootrs-bin/src/helpers.rs @@ -1,7 +1,5 @@ +use base64::prelude::*; use inquire::Text; -use skootrs_model::skootrs::{ - EcosystemParams, GithubRepoParams, GithubUser, GoParams, InitializedProject, MavenParams, ProjectParams, RepoParams, SkootError, SourceParams, SUPPORTED_ECOSYSTEMS -}; use octocrab::Page; use skootrs_lib::service::{ ecosystem::LocalEcosystemService, @@ -10,6 +8,13 @@ use skootrs_lib::service::{ repo::LocalRepoService, source::{LocalSourceService, SourceService}, }; +use skootrs_model::{ + security_insights::insights10::SecurityInsightsVersion100YamlSchema, + skootrs::{ + EcosystemParams, GithubRepoParams, GithubUser, GoParams, InitializedProject, MavenParams, + ProjectParams, RepoParams, SkootError, SourceParams, SUPPORTED_ECOSYSTEMS, + }, +}; use std::collections::HashMap; use skootrs_model::skootrs::facet::InitializedFacet; @@ -121,29 +126,16 @@ pub async fn create() -> std::result::Result<(), SkootError> { } /// Returns `Ok(())` if the able to print out the content of the facet, otherwise returns an error. -/// +/// /// This function prompts the user to select a project and then a facet of that project to fetch from the state store. /// It then prints out the content of the facet. -/// +/// /// # Errors /// /// Returns an error if the state store is not able to be accessed or if the selected project or facet /// is not found. pub async fn get_facet() -> std::result::Result<(), SkootError> { - let projects = get_all().await?; - let repo_to_project: HashMap = projects - .iter() - .map(|p| (p.repo.full_url(), p)) - .collect::>(); - let selected_project = inquire::Select::new( - "Select a project", - repo_to_project.keys().collect::>(), - ) - .prompt()?; - - let project = repo_to_project - .get(selected_project) - .ok_or_else(|| SkootError::from("Failed to get selected project"))?; + let project = prompt_project().await?; let facet_to_project: HashMap = project .facets @@ -174,7 +166,7 @@ pub async fn get_facet() -> std::result::Result<(), SkootError> { .get(selected_facet) .ok_or_else(|| SkootError::from("Failed to get selected facet"))?; - let facet_content = get_facet_content(facet, project)?; + let facet_content = get_facet_content(facet, &project)?; println!("{facet_content}"); @@ -182,10 +174,10 @@ pub async fn get_facet() -> std::result::Result<(), SkootError> { } /// Returns `Ok(())` if the able to print out a dump of the statestore. -/// +/// /// This function prints out the content of the state store in a pretty printed JSON format. /// # Errors -/// +/// /// Returns an error if the state store is not able to be accessed. pub async fn dump() -> std::result::Result<(), SkootError> { let projects = get_all().await?; @@ -222,6 +214,78 @@ fn get_facet_content( // TODO: This can make it unclear which API was used let content = f.apis.iter().map(|a| format!("{a:?}")).collect::>(); Ok(content.join("\n")) - }, + } } } + +/// This function is for prompting the user to get outputs from a Skootrs project +/// +/// # Errors +/// +/// This return an error if it can't get an intended output for some reason. This +/// includes issues like unable to get or parse SECURITY-INSIGHTS.yml or unable +/// to get the intended output. +pub async fn get_output() -> std::result::Result<(), SkootError> { + let project = prompt_project().await?; + + let skootrs_model::skootrs::InitializedRepo::Github(repo) = &project.repo; + + let sec_ins_content_items = octocrab::instance() + .repos(repo.organization.get_name(), &repo.name) + .get_content() + .path("SECURITY-INSIGHTS.yml") + .r#ref("main") + .send() + .await?; + + let sec_ins = sec_ins_content_items + .items + .first() + .ok_or_else(|| SkootError::from("Failed to get security insights"))?; + + let content = sec_ins + .content + .as_ref() + .ok_or_else(|| SkootError::from("Failed to get content of security insights"))?; + let content_decoded = + base64::engine::general_purpose::STANDARD.decode(content.replace('\n', ""))?; + let content_str = std::str::from_utf8(&content_decoded)?; + let insights: SecurityInsightsVersion100YamlSchema = + serde_yaml::from_str::(content_str)?; + let sbom_vec = insights + .dependencies + .ok_or_else(|| SkootError::from("Failed to get dependencies value from security insights"))? + .sbom + .ok_or_else(|| SkootError::from("Failed to get sbom value from security insights"))?; + + let sbom_url = inquire::Select::new( + "Select an SBOM", + sbom_vec.iter().flat_map(|s| &s.sbom_file).collect(), + ) + .prompt()?; + + let sbom = reqwest::get(sbom_url).await?.text().await?; + + println!("{sbom}"); + + Ok(()) +} + +async fn prompt_project() -> Result { + let projects = get_all().await?; + let repo_to_project: HashMap = projects + .iter() + .map(|p| (p.repo.full_url(), p)) + .collect::>(); + let selected_project = inquire::Select::new( + "Select a project", + repo_to_project.keys().collect::>(), + ) + .prompt()?; + + let project = *repo_to_project + .get(selected_project) + .ok_or_else(|| SkootError::from("Failed to get selected project"))?; + + Ok(project.clone()) +} \ No newline at end of file diff --git a/skootrs-bin/src/main.rs b/skootrs-bin/src/main.rs index 3bbe26b..60ecaf3 100644 --- a/skootrs-bin/src/main.rs +++ b/skootrs-bin/src/main.rs @@ -20,10 +20,10 @@ pub mod helpers; -use clap::Parser; +use clap::{Parser, Subcommand}; use skootrs_model::skootrs::SkootError; -use helpers::{create, dump, get_facet}; +use helpers::{create, dump, get_facet, get_output}; use opentelemetry::global; use opentelemetry_sdk::propagation::TraceContextPropagator; use tracing::error; @@ -48,6 +48,18 @@ enum SkootrsCli { /// Get the data for a facet of a particular project. #[command(name = "get-facet")] GetFacet, + + #[command(name = "get")] + Get { + #[clap(subcommand)] + resource: GetCommands, + }, +} + +/// This is the enum for what nouns the `get` command can take. +#[derive(Subcommand, Debug)] +enum GetCommands { + Output } fn init_tracing() { @@ -111,6 +123,15 @@ async fn main() -> std::result::Result<(), SkootError> { error!(error = error.as_ref(), "Failed to get facet"); } } + SkootrsCli::Get { resource } => { + match resource { + GetCommands::Output => { + if let Err(ref error) = get_output().await { + error!(error = error.as_ref(), "Failed to get output"); + } + } + } + } }; Ok(()) } diff --git a/skootrs-lib/Cargo.toml b/skootrs-lib/Cargo.toml index 983a538..9c2dfb2 100644 --- a/skootrs-lib/Cargo.toml +++ b/skootrs-lib/Cargo.toml @@ -8,7 +8,7 @@ edition = "2021" [dependencies] octocrab = "0.33.3" serde_json = "1.0.112" -serde_yaml = "0.9.30" +serde_yaml = "0.9.32" serde = { version = "1.0.193", features = ["derive"] } utoipa = { version = "4.1.0" } chrono = { version = "0.4.31", features = ["serde"] } diff --git a/skootrs-lib/src/service/facet.rs b/skootrs-lib/src/service/facet.rs index 84c27fd..4088b29 100644 --- a/skootrs-lib/src/service/facet.rs +++ b/skootrs-lib/src/service/facet.rs @@ -21,7 +21,7 @@ #![allow(clippy::module_name_repetitions)] #![allow(clippy::unused_self)] -use std::error::Error; +use std::{error::Error, str::FromStr}; use askama::Template; use chrono::Datelike; @@ -30,13 +30,7 @@ use tracing::info; use skootrs_model::{ security_insights::insights10::{ - SecurityInsightsVersion100YamlSchema, - SecurityInsightsVersion100YamlSchemaContributionPolicy, - SecurityInsightsVersion100YamlSchemaHeader, - SecurityInsightsVersion100YamlSchemaHeaderSchemaVersion, - SecurityInsightsVersion100YamlSchemaProjectLifecycle, - SecurityInsightsVersion100YamlSchemaProjectLifecycleStatus, - SecurityInsightsVersion100YamlSchemaVulnerabilityReporting, + SecurityInsightsVersion100YamlSchema, SecurityInsightsVersion100YamlSchemaContributionPolicy, SecurityInsightsVersion100YamlSchemaDependencies, SecurityInsightsVersion100YamlSchemaDependenciesSbomItem, SecurityInsightsVersion100YamlSchemaDependenciesSbomItemSbomCreation, SecurityInsightsVersion100YamlSchemaHeader, SecurityInsightsVersion100YamlSchemaHeaderSchemaVersion, SecurityInsightsVersion100YamlSchemaProjectLifecycle, SecurityInsightsVersion100YamlSchemaProjectLifecycleStatus, SecurityInsightsVersion100YamlSchemaVulnerabilityReporting }, skootrs::{ facet::{ @@ -457,6 +451,7 @@ impl DefaultSourceBundleContentHandler { }) } + #[allow(clippy::too_many_lines)] fn generate_security_insights_content( &self, params: &SourceBundleFacetParams, @@ -469,7 +464,51 @@ impl DefaultSourceBundleContentHandler { code_of_conduct: None, contributing_policy: None, }, - dependencies: None, + dependencies: Some(SecurityInsightsVersion100YamlSchemaDependencies{ + dependencies_lifecycle: None, + dependencies_lists: vec![ + format!("{}/blob/main/go.mod", ¶ms.common.repo.full_url()) + ], + env_dependencies_policy: None, + sbom: Some(vec![ + SecurityInsightsVersion100YamlSchemaDependenciesSbomItem { + sbom_creation: Some( + SecurityInsightsVersion100YamlSchemaDependenciesSbomItemSbomCreation::from_str("Created by goreleaser")?), + sbom_file: Some(format!("{}/releases/latest/download/main-linux-amd64.spdx.sbom.json", ¶ms.common.repo.full_url())), + sbom_format: Some("SPDX".to_string()), + sbom_url: Some("https://spdx.github.io/spdx-spec/v2.3/".to_string()), + }, + SecurityInsightsVersion100YamlSchemaDependenciesSbomItem { + sbom_creation: Some( + SecurityInsightsVersion100YamlSchemaDependenciesSbomItemSbomCreation::from_str("Created by goreleaser")?), + sbom_file: Some(format!("{}/releases/latest/download/main-linux-arm.spdx.sbom.json", ¶ms.common.repo.full_url())), + sbom_format: Some("SPDX".to_string()), + sbom_url: Some("https://spdx.github.io/spdx-spec/v2.3/".to_string()), + }, + SecurityInsightsVersion100YamlSchemaDependenciesSbomItem { + sbom_creation: Some( + SecurityInsightsVersion100YamlSchemaDependenciesSbomItemSbomCreation::from_str("Created by goreleaser")?), + sbom_file: Some(format!("{}/releases/latest/download/main-linux-arm64.spdx.sbom.json", ¶ms.common.repo.full_url())), + sbom_format: Some("SPDX".to_string()), + sbom_url: Some("https://spdx.github.io/spdx-spec/v2.3/".to_string()), + }, + SecurityInsightsVersion100YamlSchemaDependenciesSbomItem { + sbom_creation: Some( + SecurityInsightsVersion100YamlSchemaDependenciesSbomItemSbomCreation::from_str("Created by goreleaser")?), + sbom_file: Some(format!("{}/releases/latest/download/main-windows-amd64.exe.spdx.sbom.json", ¶ms.common.repo.full_url())), + sbom_format: Some("SPDX".to_string()), + sbom_url: Some("https://spdx.github.io/spdx-spec/v2.3/".to_string()), + }, + SecurityInsightsVersion100YamlSchemaDependenciesSbomItem { + sbom_creation: Some( + SecurityInsightsVersion100YamlSchemaDependenciesSbomItemSbomCreation::from_str("Created by goreleaser")?), + sbom_file: Some(format!("{}/releases/latest/download/main.spdx.sbom.json", ¶ms.common.repo.full_url())), + sbom_format: Some("SPDX".to_string()), + sbom_url: Some("https://spdx.github.io/spdx-spec/v2.3/".to_string()), + }, + ]), + third_party_packages: Some(true), + }), distribution_points: Vec::new(), documentation: None, header: SecurityInsightsVersion100YamlSchemaHeader { @@ -494,6 +533,8 @@ impl DefaultSourceBundleContentHandler { roadmap: None, status: SecurityInsightsVersion100YamlSchemaProjectLifecycleStatus::Active, }, + // TODO: Since security insights doesn't support SLSA, scorecard, etc. explicitly we might want to add it + // to security_artifacts. security_artifacts: None, security_assessments: None, security_contacts: Vec::new(), @@ -515,7 +556,7 @@ impl DefaultSourceBundleContentHandler { Ok(SourceBundleContent { source_files_content: vec![SourceFileContent { - name: "SECURITY_INSIGHTS.yml".to_string(), + name: "SECURITY-INSIGHTS.yml".to_string(), path: "./".to_string(), content, }], diff --git a/skootrs-model/Cargo.toml b/skootrs-model/Cargo.toml index b4b9892..0f9abaf 100644 --- a/skootrs-model/Cargo.toml +++ b/skootrs-model/Cargo.toml @@ -13,7 +13,6 @@ utoipa = { version = "4.1.0" } chrono = { version = "0.4.31", features = ["serde"] } schemars = { version = "0.8.16", features = ["chrono", "url"] } regress = "0.7.1" -leptos-struct-table = { version = "0.7.0", features = ["chrono", "uuid"] } [lints] workspace = true