From f0028267e50f177cb3a625c55a5e6c60a0817918 Mon Sep 17 00:00:00 2001 From: Christopher Langton Date: Wed, 2 Oct 2024 21:53:08 +1000 Subject: [PATCH] feat: store more BOM artifacts --- functions/cdx/upload.js | 18 ++++++++++++++++-- functions/spdx/upload.js | 23 ++++++++++++++++++++--- src/pages/CycloneDXManager.vue | 2 +- 3 files changed, 37 insertions(+), 6 deletions(-) diff --git a/functions/cdx/upload.js b/functions/cdx/upload.js index f88e26e..c986dd1 100644 --- a/functions/cdx/upload.js +++ b/functions/cdx/upload.js @@ -1,4 +1,4 @@ -import { AuthResult, ensureStrReqBody, hex, isCDX, OSV, Server } from "@/utils"; +import { AuthResult, ensureStrReqBody, hex, isCDX, OSV, saveArtifact, Server } from "@/utils"; import { PrismaD1 } from '@prisma/adapter-d1'; import { PrismaClient } from '@prisma/client'; @@ -34,11 +34,25 @@ export async function onRequestPost(context) { if (!isCDX(cdx)) { return Response.json({ ok: false, error: { message: 'CDX is missing necessary fields.' } }) } - // const cdxStr = JSON.stringify(cdx) //TODO: Add to TEA const componentsJSON = JSON.stringify(cdx.components) const cdxId = await hex(cdx.metadata?.component?.name + componentsJSON) + + const originalCdx = await prisma.CycloneDXInfo.findFirst({ + where: { + cdxId, + orgId: verificationResult.session.orgId, + } + }) + let artifact; + const artifactUuid = originalCdx?.artifactUuid || cdx.serialNumber.startsWith('urn:uuid:') ? cdx.serialNumber.substring(9) : crypto.randomUUID() + if (!originalCdx) { + const cdxStr = JSON.stringify(cdx) + artifact = await saveArtifact(prisma, env.r2artifacts, cdxStr, artifactUuid, `cyclonedx`) + } + const cdxData = { cdxId, + artifactUuid, source: 'upload', orgId: verificationResult.session.orgId, memberEmail: verificationResult.session.memberEmail, diff --git a/functions/spdx/upload.js b/functions/spdx/upload.js index c1afd90..6c66771 100644 --- a/functions/spdx/upload.js +++ b/functions/spdx/upload.js @@ -1,4 +1,4 @@ -import { AuthResult, OSV, Server, ensureStrReqBody, hex, isSPDX } from "@/utils"; +import { AuthResult, OSV, Server, ensureStrReqBody, hex, isSPDX, saveArtifact } from "@/utils"; import { PrismaD1 } from '@prisma/adapter-d1'; import { PrismaClient } from '@prisma/client'; @@ -33,10 +33,22 @@ export async function onRequestPost(context) { if (!isSPDX(spdx)) { return Response.json({ ok: false, error: { message: 'SPDX is missing necessary fields.' } }) } - const spdxStr = JSON.stringify(spdx) - const spdxId = await hex(spdxStr) + const spdxId = await makeId(spdx) + const originalSpdx = await prisma.SPDXInfo.findFirst({ + where: { + spdxId, + orgId: verificationResult.session.orgId, + } + }) + let artifact; + if (!originalSpdx) { + const spdxStr = JSON.stringify(spdx) + artifact = await saveArtifact(prisma, env.r2artifacts, spdxStr, crypto.randomUUID(), `spdx`) + } + const artifactUuid = originalSpdx?.artifactUuid || artifact?.uuid const spdxData = { spdxId, + artifactUuid, source: 'upload', orgId: verificationResult.session.orgId, memberEmail: verificationResult.session.memberEmail, @@ -168,3 +180,8 @@ export async function onRequestPost(context) { return Response.json({ ok: true, files, error: { message: errors } }) } + +const makeId = async spdx => { + const packages = JSON.stringify(spdx.packages) + return hex(spdx.name + packages) +} diff --git a/src/pages/CycloneDXManager.vue b/src/pages/CycloneDXManager.vue index bc49192..56e0e65 100644 --- a/src/pages/CycloneDXManager.vue +++ b/src/pages/CycloneDXManager.vue @@ -61,7 +61,7 @@ class Controller { } break } - if (data.spdx.length < pageSize) { + if (data.cdx.length < pageSize) { hasMore = false if (initial !== true) { state.info = "Refreshed CycloneDX"