From bbe9777e90582a10638a0ba3073f41da1e5858e2 Mon Sep 17 00:00:00 2001 From: mathuriga Date: Tue, 4 Jun 2019 17:01:59 +0530 Subject: [PATCH 01/10] Update updatemitigationinfo.py Add case insensitive String comparison for 'False Positive' --- .../update-mitigation-info/scripts/updatemitigationinfo.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/internal/veracode-api-wrapper/update-mitigation-info/scripts/updatemitigationinfo.py b/internal/veracode-api-wrapper/update-mitigation-info/scripts/updatemitigationinfo.py index 682ca9ef..40cbb8b5 100644 --- a/internal/veracode-api-wrapper/update-mitigation-info/scripts/updatemitigationinfo.py +++ b/internal/veracode-api-wrapper/update-mitigation-info/scripts/updatemitigationinfo.py @@ -1,3 +1,5 @@ +#!/usr/bin/env python2 + # # Copyright (c) 2019, WSO2 Inc., WSO2 Inc. (http://www.wso2.org) All Rights Reserved. # @@ -102,7 +104,7 @@ def updateComment(flowId, comment, action): for row in reader: flowId = dict(row).get("issue_id") print PREFIX, "- Updating mitigation info for flow ID " + flowId - if (dict(row).get("WSO2_resolution") == 'False Positive'): + if (dict(row).get("WSO2_resolution").lower() == 'False Positive'.lower()): action = ACTION_FALSEPOSITIVE else: action = ACTION_APPDESIGN From 882f6cc7592ef0b49e745bc62b2fe846f076840b Mon Sep 17 00:00:00 2001 From: mathuriga Date: Thu, 6 Jun 2019 15:31:30 +0530 Subject: [PATCH 02/10] Add Dependency Track Setup.sh and Config file --- .../config/application.properties | 222 ++++++++++++++++++ internal/dependency-track/setup.sh | 157 +++++++++++++ 2 files changed, 379 insertions(+) create mode 100644 internal/dependency-track/config/application.properties create mode 100644 internal/dependency-track/setup.sh diff --git a/internal/dependency-track/config/application.properties b/internal/dependency-track/config/application.properties new file mode 100644 index 00000000..b82b2b3d --- /dev/null +++ b/internal/dependency-track/config/application.properties @@ -0,0 +1,222 @@ +# Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +################ Alpine Configuration for Dependency Track ################ + +# Required +# Defines the number of worker threads that the event subsystem will consume. +# Events occur asynchronously and are processed by the Event subsystem. This +# value should be large enough to handle most production situations without +# introducing much delay, yet small enough not to pose additional load on an +# already resource-constrained server. +# A value of 0 will instruct Alpine to allocate 1 thread per CPU core. This +# can further be tweaked using the alpine.worker.thread.multiplier property. +# Default value is 0. +alpine.worker.threads=0 + +# Required +# Defines a multiplier that is used to calculate the number of threads used +# by the event subsystem. This property is only used when alpine.worker.threads +# is set to 0. A machine with 4 cores and a multiplier of 4, will use (at most) +# 16 worker threads. Default value is 4. +alpine.worker.thread.multiplier=4 + +# Required +# Defines the path to the data directory. This directory will hold logs, +# keys, and any database or index files along with application-specific +# files or directories. +alpine.data.directory=~/.dependency-track + +# Required +# Defines the interval (in seconds) to log general heath information. +# If value equals 0, watchdog logging will be disabled. +alpine.watchdog.logging.interval=0 + +# Required +# Defines the database mode of operation. Valid choices are: +# 'server', 'embedded', and 'external'. +# In server mode, the database will listen for connections from remote +# hosts. In embedded mode, the system will be more secure and slightly +# faster. External mode should be used when utilizing an external +# database server (i.e. mysql, postgresql, etc). +alpine.database.mode=external + +# Optional +# Defines the TCP port to use when the database.mode is set to 'server'. +alpine.database.port=9092 + +# Required +# Specifies the JDBC URL to use when connecting to the database. +alpine.database.url= + +# Required +# Specifies the JDBC driver class to use. +alpine.database.driver= + +# Optional +# Specifies the path (including filename) to where the JDBC driver is located. +alpine.database.driver.path= + +# Optional +# Specifies the username to use when authenticating to the database. +alpine.database.username= + +# Optional +# Specifies the password to use when authenticating to the database. +alpine.database.password= + +# Optional +# When authentication is enforced, API keys are required for automation, +# and the user interface will prevent anonymous access by prompting for login +# credentials. +alpine.enforce.authentication=true + +# Optional +# When authorization is enforced, team membership for both API keys and +# user accounts are restricted to what the team itself has access to. +# To enforce authorization, the enforce.authentication property (above) +# must be true. +alpine.enforce.authorization=true + +# Required +# Specifies the number of bcrypt rounds to use when hashing a users password. +# The higher the number the more secure the password, at the expense of +# hardware resources and additional time to generate the hash. +alpine.bcrypt.rounds=14 + +# Required +# Defines if LDAP will be used for user authentication. If enabled, +# alpine.ldap.* properties should be set accordingly. +alpine.ldap.enabled=false + +# Optional +# Specifies the LDAP server URL +# Example (Microsoft Active Directory): +# alpine.ldap.server.url=ldap://ldap.example.com:3268 +# alpine.ldap.server.url=ldaps://ldap.example.com:3269 +# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc): +# alpine.ldap.server.url=ldap://ldap.example.com:389 +# alpine.ldap.server.url=ldaps://ldap.example.com:636 +alpine.ldap.server.url=ldap://ldap.example.com:389 + +# Optional +# Specifies the base DN that all queries should search from +alpine.ldap.basedn=dc=example,dc=com + +# Optional +# Specifies the LDAP security authentication level to use. Its value is one of +# the following strings: "none", "simple", "strong". If this property is empty +# or unspecified, the behaviour is determined by the service provider. +alpine.ldap.security.auth=simple + +# Optional +# If anonymous access is not permitted, specify a username with limited access +# to the directory, just enough to perform searches. This should be the fully +# qualified DN of the user. +#alpine.ldap.bind.username= + +# Optional +# If anonymous access is not permitted, specify a password for the username +# used to bind. +#alpine.ldap.bind.password= + +# Optional +# Specifies if the username entered during login needs to be formatted prior +# to asserting credentials against the directory. For Active Directory, the +# userPrincipal attribute typically ends with the domain, whereas the +# samAccountName attribute and other directory server implementations do not. +# The %s variable will be substitued with the username asserted during login. +# Example (Microsoft Active Directory): +# alpine.ldap.auth.username.format=%s@example.com +# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc): +# alpine.ldap.auth.username.format=%s +alpine.ldap.auth.username.format=%s@example.com + +# Optional +# Specifies the Attribute that identifies a users ID +# Example (Microsoft Active Directory): +# alpine.ldap.attribute.name=userPrincipalName +# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc): +# alpine.ldap.attribute.name=uid +alpine.ldap.attribute.name=userPrincipalName + +# Optional +# Specifies the LDAP attribute used to store a users email address +alpine.ldap.attribute.mail=mail + +# Optional +# Specifies the LDAP search filter used to retrieve all groups from the +# directory. +# Example (Microsoft Active Directory): +# alpine.ldap.groups.filter=(&(objectClass=group)(objectCategory=Group)) +# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc): +# alpine.ldap.groups.filter=(&(objectClass=groupOfUniqueNames)) +alpine.ldap.groups.filter=(&(objectClass=group)(objectCategory=Group)) + +# Optional +# Specifies the LDAP search filter to use to query a user and retrieve a list +# of groups the user is a member of. The {USER_DN} variable will be substituted +# with the actual value of the users DN at runtime. +# Example (Microsoft Active Directory): +# alpine.ldap.user.groups.filter=(&(objectClass=group)(objectCategory=Group)(member={USER_DN})) +# Example (Microsoft Active Directory - with nested group support): +# alpine.ldap.user.groups.filter=(member:1.2.840.113556.1.4.1941:={USER_DN}) +# Example (ApacheDS, Fedora 389 Directory, NetIQ/Novell eDirectory, etc): +# alpine.ldap.user.groups.filter=(&(objectClass=groupOfUniqueNames)(uniqueMember={USER_DN})) +alpine.ldap.user.groups.filter=(member:1.2.840.113556.1.4.1941:={USER_DN}) + +# Optional +# Specifies if mapped LDAP accounts are automatically created upon successful +# authentication. When a user logs in with valid credentials but an account has +# not been previously provisioned, an authentication failure will be returned. +# This allows admins to control specifically which ldap users can access the +# system and which users cannot. When this value is set to true, a local ldap +# user will be created and mapped to the ldap account automatically. This +# automatic provisioning only affects authentication, not authorization. +alpine.ldap.user.provisioning=false + +# Optional +# This option will ensure that team memberships for LDAP users are dynamic and +# synchronized with membership of LDAP groups. When a team is mapped to an LDAP +# group, all local LDAP users will automatically be assigned to the team if +# they are a member of the group the team is mapped to. If the user is later +# removed from the LDAP group, they will also be removed from the team. This +# option provides the ability to dynamically control user permissions via an +# external directory. +alpine.ldap.team.synchronization=false + +# Optional +# HTTP proxy. If the address is set, then the port must be set too. +# alpine.http.proxy.address=proxy.example.com +# alpine.http.proxy.port=8888 +# alpine.http.proxy.username= +# alpine.http.proxy.password= + +####################### Dependency-Track Configuration ###################### + +# Optional +# Specifies if VulnDB access is enabled or not. VulnDB is a commercial source +# of vulnerability data that requires a subscription. Enabling VulnDB provides +# vulnerability data that may not be published in public repositories and may +# enhance public vulnerability data with additional content. +# Refer to https://vulndb.cyberriskanalytics.com/ for information. +# datasource.vulndb.enabled=false + +# Optional +# Specified the OAuth consumer key. Required only if vulndb is enabled. +# datasource.vulndb.key= + +# Optional +# Specified the OAuth consumer secret. Required only if vulndb is enabled. +# datasource.vulndb.secret= diff --git a/internal/dependency-track/setup.sh b/internal/dependency-track/setup.sh new file mode 100644 index 00000000..d99497d9 --- /dev/null +++ b/internal/dependency-track/setup.sh @@ -0,0 +1,157 @@ +#!/bin/bash + +# Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +###################################################################### +## This script will set up the environment for Dependency Track ## +###################################################################### + +# --------------- +# Update Packages +# --------------- + +sudo apt update -y +sudo apt upgrade -y + +# ------------- +# Install MySQL +# ------------- + +sudo apt install -y mysql + +read -p "Enter Password for MySQL user 'dependency-track': " dependency_track_password +sudo mysql <> /home/dependency-track/.bashrc +export SDKMAN_DIR="/usr/local/sdkman" +[[ -s "/usr/local/sdkman/bin/sdkman-init.sh" ]] && source "/usr/local/sdkman/bin/sdkman-init.sh" +END + +sdk install java 8.0.212-amzn +sdk install maven 3.6.1 + +# ----------------------------- +# Change SQL Mode +# ----------------------------- + +sudo cat <> /home/dependency-track/etc/mysql/my.cnf +[mysqld] +sql_mode="ANSI_QUOTES,STRICT_TRANS_TABLES,ONLY_FULL_GROUP_BY,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION" +END + +sudo service mysql restart + +# ----------------------------- +# Get MySQL connector +# ----------------------------- + +mkdir libs +cd libs +wget https://repo1.maven.org/maven2/mysql/mysql-connector-java/8.0.16/mysql-connector-java-8.0.16.jar +cd - + +# -------------------------------------------------------- +# Get latest release of Dependency Track embedded war file +# -------------------------------------------------------- + +mkdir artifact +cd artifact +asset_type=dependency-track-embedded.war +# Download only embedded war asset +downloadUrl = $(curl -s https://api.github.com/repos/DependencyTrack/dependency-track/releases/latest | jq -r ".assets[] | select(.name | test(\"${asset_type}\")) | .browser_download_url") +wget $downloadUrl +cd - + +# --------------------------------------------------- +# Get application.propertiesfile +# --------------------------------------------------- + +mkdir config +cd config +wget https://raw.githubusercontent.com/wso2/security-tools/master/internal/dependency-track/config/application.properties +cd - + +# --------------------------------------------------- +# Configure Dependency Track database as MySQL +# --------------------------------------------------- + +urlData='jdbc:mysql:\/\/localhost:3306\/dependency_track?autoReconnect=true\&useSSL=false' +driver='com.mysql.cj.jdbc.Driver' +driver_path='\/home\/dependency-track\/libs\/mysql-connector-java-8.0.16.jar' +username='dependency-track' + +sed -i "s/alpine.database.url=/alpine.database.url=$urlData/" /home/dependency-track/config/application.properties +sed -i "s/alpine.database.driver=/alpine.database.driver=$driver/" /home/dependency-track/config/application.properties +sed -i "s/alpine.database.driver.path=/alpine.database.driver.path=$driver_path/" /home/dependency-track/config/application.properties +sed -i "s/alpine.database.username=/alpine.database.username=$username/" /home/dependency-track/config/application.properties +sed -i "s/alpine.database.password=/alpine.database.password=$dependency_track_password/" /home/dependency-track/config/application.properties + +# --------------------------------------------------- +# Start Dependency Track server in nohub mode +# --------------------------------------------------- + +cd artifact +nohub java -Dalpine.application.properties=/home/dependency-track/config/application.properties -Xmx4G -jar dependency-track-embedded.war + +# --------------------------------------------------- +# Alter privileges to Dependency Track Database +# --------------------------------------------------- + +sudo mysql -u dependency-track -p +REVOKE ALL PRIVILEGES ON dependency_track.* TO 'dependency-track'@'localhost'; +GRANT DELETE,UPDATE,SELECT,INSERT ON dependency_track.* TO 'dependency-track'@'localhost'; +FLUSH PRIVILEGES; + +exit From 8f8db55251dc09e608e6605c8c837b4c2ed5f9b4 Mon Sep 17 00:00:00 2001 From: mathuriga Date: Fri, 7 Jun 2019 12:40:42 +0530 Subject: [PATCH 03/10] Resolve PR comments --- .../config/application.properties | 5 +++++ internal/dependency-track/setup.sh | 21 ++++++++++++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/internal/dependency-track/config/application.properties b/internal/dependency-track/config/application.properties index b82b2b3d..206621a0 100644 --- a/internal/dependency-track/config/application.properties +++ b/internal/dependency-track/config/application.properties @@ -56,6 +56,11 @@ alpine.database.mode=external # Defines the TCP port to use when the database.mode is set to 'server'. alpine.database.port=9092 +# WSO2 : Since Dependency Track uses H2 database by default and it's not +# recommended for production environment, MySQL is configured as Database. +# Following five properties are used to configure MySQL database with +# relevant values. + # Required # Specifies the JDBC URL to use when connecting to the database. alpine.database.url= diff --git a/internal/dependency-track/setup.sh b/internal/dependency-track/setup.sh index d99497d9..f2c93cd2 100644 --- a/internal/dependency-track/setup.sh +++ b/internal/dependency-track/setup.sh @@ -93,6 +93,10 @@ END sudo service mysql restart +# Switch user to dependency-track. +su dependency-track +cd /home/dependency-track + # ----------------------------- # Get MySQL connector # ----------------------------- @@ -109,13 +113,13 @@ cd - mkdir artifact cd artifact asset_type=dependency-track-embedded.war -# Download only embedded war asset +# Download only embedded war asset. downloadUrl = $(curl -s https://api.github.com/repos/DependencyTrack/dependency-track/releases/latest | jq -r ".assets[] | select(.name | test(\"${asset_type}\")) | .browser_download_url") wget $downloadUrl cd - # --------------------------------------------------- -# Get application.propertiesfile +# Get application.properties file # --------------------------------------------------- mkdir config @@ -143,7 +147,18 @@ sed -i "s/alpine.database.password=/alpine.database.password=$dependency_track_p # --------------------------------------------------- cd artifact -nohub java -Dalpine.application.properties=/home/dependency-track/config/application.properties -Xmx4G -jar dependency-track-embedded.war +nohub java -Dalpine.application.properties=/home/dependency-track/config/application.properties -Xmx4G -jar dependency-track-embedded.war >/dev/null 2>&1 & + +echo "Deploying Dependency Track..." + +# ------------------------------------------------------------- +# Wait until Dependency Track run Database creation scripts +# ------------------------------------------------------------- + +echo "Waiting for some seconds until Dependency Check runs Database creation script." +sleep 60 + +read -n 1 -r -s -p "If Database creation is successfully completed, Press any key to continue..." # --------------------------------------------------- # Alter privileges to Dependency Track Database From 246394acf55ec9b399d2e3b7ffd524c03d6e1a5d Mon Sep 17 00:00:00 2001 From: mathuriga Date: Fri, 7 Jun 2019 19:38:03 +0530 Subject: [PATCH 04/10] Fix minor bugs in script --- internal/dependency-track/setup.sh | 10 ++++++---- internal/scan-manager/setup.sh | 4 +++- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/internal/dependency-track/setup.sh b/internal/dependency-track/setup.sh index f2c93cd2..a3a15402 100644 --- a/internal/dependency-track/setup.sh +++ b/internal/dependency-track/setup.sh @@ -30,14 +30,14 @@ sudo apt upgrade -y # Install MySQL # ------------- -sudo apt install -y mysql +sudo apt install -y mysql-server read -p "Enter Password for MySQL user 'dependency-track': " dependency_track_password sudo mysql </dev/null 2>&1 & +nohup java -Dalpine.application.properties=/home/dependency-track/config/application.properties -Xmx4G -jar dependency-track-embedded.war >/dev/null 2>&1 & echo "Deploying Dependency Track..." diff --git a/internal/scan-manager/setup.sh b/internal/scan-manager/setup.sh index fbbe7ff2..f62ee637 100644 --- a/internal/scan-manager/setup.sh +++ b/internal/scan-manager/setup.sh @@ -25,7 +25,7 @@ sudo apt upgrade -y # Install MySQL # ------------- -sudo apt install -y mysql +sudo apt install -y mysql-server read -p "Enter Password for MySQL user 'scan-manager-core': " scan_manager_core_password sudo mysql < Date: Sun, 9 Jun 2019 13:17:16 +0530 Subject: [PATCH 05/10] Add script to generate BOM File --- internal/dependency-track/GenerateBOMFile.sh | 60 ++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100755 internal/dependency-track/GenerateBOMFile.sh diff --git a/internal/dependency-track/GenerateBOMFile.sh b/internal/dependency-track/GenerateBOMFile.sh new file mode 100755 index 00000000..d89be005 --- /dev/null +++ b/internal/dependency-track/GenerateBOMFile.sh @@ -0,0 +1,60 @@ +#!/usr/bin/env bash + +# Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +################################################################ +## This script will generate a BOM file for given product ## +################################################################ + +# ------------------------------------ +# Clone product source code fom github +# ------------------------------------ + +read -p "Enter product repository name (product-is / product-apim / product-sp / product-ei) to create BOM File : " product + +mkdir $HOME/workingDir +git clone https://github.com/wso2/$product.git + +# -------------------------------------- +# Select the branch to create a BOM file +# -------------------------------------- + +cd $HOME/workingDir/$product +read -p "Enter branch to create BOM File : " version +git checkout $version + +# ------------------- +# Generate BOM file +# ------------------- +mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom + +echo "BOM file is successfully generated in " $($HOME/workingDir/$product/target) +echo "Please upload the BOM file to Dependency Track." + +nautilus $HOME/workingDir/$product/target + +sleep 60 +read -n 1 -r -s -p "If you have uploaded BOM file to Dependency Track successfully, Press any key to continue..." + +# ------------------------ +# Delete Cloned Repository +# ------------------------ + +rm -rf $HOME/workingDir/ + +echo "Cloned repository is successfully deleted." + +END From 211f92b99f3c958d7a1235bbed4c9505850e82e8 Mon Sep 17 00:00:00 2001 From: mathuriga Date: Mon, 10 Jun 2019 13:13:58 +0530 Subject: [PATCH 06/10] Change the input as download url --- internal/dependency-track/GenerateBOMFile.sh | 25 ++++++++++++-------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/internal/dependency-track/GenerateBOMFile.sh b/internal/dependency-track/GenerateBOMFile.sh index d89be005..e4bee819 100755 --- a/internal/dependency-track/GenerateBOMFile.sh +++ b/internal/dependency-track/GenerateBOMFile.sh @@ -20,31 +20,36 @@ ################################################################ # ------------------------------------ -# Clone product source code fom github +# Download source code # ------------------------------------ -read -p "Enter product repository name (product-is / product-apim / product-sp / product-ei) to create BOM File : " product +read -p "Enter git source code download url to create BOM File : " download_url mkdir $HOME/workingDir -git clone https://github.com/wso2/$product.git +cd $HOME/workingDir +wget $download_url # -------------------------------------- -# Select the branch to create a BOM file +# Unzip source # -------------------------------------- -cd $HOME/workingDir/$product -read -p "Enter branch to create BOM File : " version -git checkout $version +zip_file_name=$(ls ) +mkdir sourceDir +unzip $HOME/workingDir/$zip_file_name -d $HOME/workingDir/sourceDir +rm -rf $HOME/workingDir/$zip_file_name # ------------------- # Generate BOM file # ------------------- +cd $HOME/workingDir/sourceDir +file_name=$(ls ) +cd $HOME/workingDir/sourceDir/$file_name mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -echo "BOM file is successfully generated in " $($HOME/workingDir/$product/target) +echo "BOM file is successfully generated in " $($HOME/workingDir/sourceDir/$file_name/target) echo "Please upload the BOM file to Dependency Track." -nautilus $HOME/workingDir/$product/target +nautilus $HOME/workingDir/sourceDir/$file_name/target sleep 60 read -n 1 -r -s -p "If you have uploaded BOM file to Dependency Track successfully, Press any key to continue..." @@ -57,4 +62,4 @@ rm -rf $HOME/workingDir/ echo "Cloned repository is successfully deleted." -END +exit From c8921512e387a4512877323d9cbf25de66454837 Mon Sep 17 00:00:00 2001 From: mathuriga Date: Mon, 10 Jun 2019 15:50:46 +0530 Subject: [PATCH 07/10] Reslove PR Comments --- internal/dependency-track/GenerateBOMFile.sh | 35 ++++++++++---------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/internal/dependency-track/GenerateBOMFile.sh b/internal/dependency-track/GenerateBOMFile.sh index e4bee819..7ea2d5b4 100755 --- a/internal/dependency-track/GenerateBOMFile.sh +++ b/internal/dependency-track/GenerateBOMFile.sh @@ -23,10 +23,11 @@ # Download source code # ------------------------------------ -read -p "Enter git source code download url to create BOM File : " download_url +read -p "Enter URL to download source code : " download_url +read -p "Enter output folder name : " output_dir -mkdir $HOME/workingDir -cd $HOME/workingDir +temp_dir=$(mktemp -d) +cd $temp_dir wget $download_url # -------------------------------------- @@ -34,32 +35,32 @@ wget $download_url # -------------------------------------- zip_file_name=$(ls ) -mkdir sourceDir -unzip $HOME/workingDir/$zip_file_name -d $HOME/workingDir/sourceDir -rm -rf $HOME/workingDir/$zip_file_name +mkdir src +unzip $temp_dir/$zip_file_name -d $temp_dir/src # ------------------- # Generate BOM file # ------------------- -cd $HOME/workingDir/sourceDir -file_name=$(ls ) -cd $HOME/workingDir/sourceDir/$file_name -mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom -echo "BOM file is successfully generated in " $($HOME/workingDir/sourceDir/$file_name/target) -echo "Please upload the BOM file to Dependency Track." +cd $temp_dir/src +src_file_name=$(ls ) +cd $temp_dir/src/$src_file_name +mvn org.cyclonedx:cyclonedx-maven-plugin:makeAggregateBom +echo "BOM file is successfully generate." -nautilus $HOME/workingDir/sourceDir/$file_name/target +# ------------------------------------------------- +# Move generated BOM file to given output directory +# ------------------------------------------------- -sleep 60 -read -n 1 -r -s -p "If you have uploaded BOM file to Dependency Track successfully, Press any key to continue..." +mv $temp_dir/src/$src_file_name/target/bom.xml $output_dir +echo "BOM file is moved to given output folder path : "$output_dir # ------------------------ # Delete Cloned Repository # ------------------------ -rm -rf $HOME/workingDir/ +rm -rf $temp_dir -echo "Cloned repository is successfully deleted." +echo "Downloaded assets are deleted." exit From a066b03c02645e9dbf2505decd4ea157c44f500b Mon Sep 17 00:00:00 2001 From: mathuriga Date: Mon, 10 Jun 2019 16:30:50 +0530 Subject: [PATCH 08/10] Update internal/dependency-track/GenerateBOMFile.sh Co-Authored-By: Ayoma Wijethunga --- internal/dependency-track/GenerateBOMFile.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/dependency-track/GenerateBOMFile.sh b/internal/dependency-track/GenerateBOMFile.sh index 7ea2d5b4..9c984f4a 100755 --- a/internal/dependency-track/GenerateBOMFile.sh +++ b/internal/dependency-track/GenerateBOMFile.sh @@ -23,7 +23,7 @@ # Download source code # ------------------------------------ -read -p "Enter URL to download source code : " download_url +read -p "Enter URL to download source ZIP file: " download_url read -p "Enter output folder name : " output_dir temp_dir=$(mktemp -d) From 6e264763f3af09eacbb2a753f0589b5fea4fda90 Mon Sep 17 00:00:00 2001 From: mathuriga Date: Mon, 10 Jun 2019 16:31:05 +0530 Subject: [PATCH 09/10] Update internal/dependency-track/GenerateBOMFile.sh Co-Authored-By: Ayoma Wijethunga --- internal/dependency-track/GenerateBOMFile.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/dependency-track/GenerateBOMFile.sh b/internal/dependency-track/GenerateBOMFile.sh index 9c984f4a..4e7fc47e 100755 --- a/internal/dependency-track/GenerateBOMFile.sh +++ b/internal/dependency-track/GenerateBOMFile.sh @@ -53,7 +53,7 @@ echo "BOM file is successfully generate." # ------------------------------------------------- mv $temp_dir/src/$src_file_name/target/bom.xml $output_dir -echo "BOM file is moved to given output folder path : "$output_dir +echo "BOM file created at: "$output_dir # ------------------------ # Delete Cloned Repository From 82132e1e7598ac7c812bdac093ca25aa2de7cdcb Mon Sep 17 00:00:00 2001 From: mathuriga Date: Mon, 10 Jun 2019 16:34:19 +0530 Subject: [PATCH 10/10] Update internal/dependency-track/GenerateBOMFile.sh Co-Authored-By: Ayoma Wijethunga --- internal/dependency-track/GenerateBOMFile.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/dependency-track/GenerateBOMFile.sh b/internal/dependency-track/GenerateBOMFile.sh index 4e7fc47e..16cb359b 100755 --- a/internal/dependency-track/GenerateBOMFile.sh +++ b/internal/dependency-track/GenerateBOMFile.sh @@ -24,7 +24,7 @@ # ------------------------------------ read -p "Enter URL to download source ZIP file: " download_url -read -p "Enter output folder name : " output_dir +read -p "Enter output folder name: " output_dir temp_dir=$(mktemp -d) cd $temp_dir