From 8903d0732517253dd409712c3b3d66cca93130c1 Mon Sep 17 00:00:00 2001 From: anthonyharrison Date: Thu, 20 Oct 2022 13:02:14 +0100 Subject: [PATCH] refactor: Code formatting --- sbom4python/cli.py | 6 +++-- sbom4python/cyclonedxgenerator.py | 37 ++++++++++++++++++++----------- sbom4python/dotgenerator.py | 2 +- sbom4python/generator.py | 14 +++++++++--- sbom4python/license.py | 12 +++++++--- sbom4python/spdxgenerator.py | 30 ++++++++++++++++++++----- 6 files changed, 73 insertions(+), 28 deletions(-) diff --git a/sbom4python/cli.py b/sbom4python/cli.py index 9a8b6af..1dca084 100644 --- a/sbom4python/cli.py +++ b/sbom4python/cli.py @@ -12,7 +12,6 @@ from sbom4python.scanner import SBOMScanner from sbom4python.version import VERSION - # CLI processing @@ -143,7 +142,9 @@ def main(argv=None): sbom_scan.analyze(sbom_scan.get("Name"), sbom_scan.get("Requires")) # Generate SBOM file - sbom_gen = SBOMGenerator(args["exclude_license"], args["sbom"], bom_format, app_name, VERSION, "pypi") + sbom_gen = SBOMGenerator( + args["exclude_license"], args["sbom"], bom_format, app_name, VERSION, "pypi" + ) sbom_out = SBOMOutput(args["output_file"], bom_format) if args["sbom"] == "spdx": @@ -161,5 +162,6 @@ def main(argv=None): return 0 + if __name__ == "__main__": sys.exit(main()) diff --git a/sbom4python/cyclonedxgenerator.py b/sbom4python/cyclonedxgenerator.py index 792e79e..3a16aed 100644 --- a/sbom4python/cyclonedxgenerator.py +++ b/sbom4python/cyclonedxgenerator.py @@ -6,6 +6,7 @@ from sbom4python.license import LicenseScanner + class CycloneDXGenerator: """ Generate CycloneDX SBOM. @@ -19,7 +20,13 @@ class CycloneDXGenerator: PACKAGE_PREAMBLE = "SPDXRef-Package-" LICENSE_PREAMBLE = "LicenseRef-" - def __init__(self, include_license: False, cyclonedx_format="json", application="sbom4python", version="0.1"): + def __init__( + self, + include_license: False, + cyclonedx_format="json", + application="sbom4python", + version="0.1", + ): self.doc = [] self.package_id = 0 self.include_license = include_license @@ -50,7 +57,7 @@ def getBOM(self): # Now process dependencies self.store("") for element in self.relationship: - item=element["ref"] + item = element["ref"] self.store(f'') for depends in element["dependsOn"]: self.store(f'') @@ -102,7 +109,7 @@ def generateJSONDocumentHeader(self, project_name): "version": self.application_version, } ], - } + }, } def generateXMLDocumentHeader(self, project_name): @@ -111,13 +118,13 @@ def generateXMLDocumentHeader(self, project_name): self.store("') - self.store('') - self.store(f'{self.generateTime()}') - self.store('') - self.store(f'{self.application}') - self.store(f'{self.application_version}') - self.store('') - self.store('') + self.store("") + self.store(f"{self.generateTime()}") + self.store("") + self.store(f"{self.application}") + self.store(f"{self.application_version}") + self.store("") + self.store("") self.store("") def generateRelationship(self, parent_id, package_id): @@ -142,7 +149,9 @@ def generateComponent(self, id, type, name, supplier, version, licence): else: self.generateJSONComponent(id, type, name, supplier, version, licence) - def generateJSONComponent(self, id, type, name, supplier, version, identified_licence): + def generateJSONComponent( + self, id, type, name, supplier, version, identified_licence + ): component = dict() component["type"] = type component["bom-ref"] = id @@ -161,12 +170,14 @@ def generateJSONComponent(self, id, type, name, supplier, version, identified_li license["url"] = license_url item = dict() item["license"] = license - component["licenses"] = [ item ] + component["licenses"] = [item] if self.include_purl: component["purl"] = f"pkg:{self.package_manager}/{name}@{version}" self.component.append(component) - def generateXMLComponent(self, id, type, name, supplier, version, identified_licence): + def generateXMLComponent( + self, id, type, name, supplier, version, identified_licence + ): self.store(f'') self.store(f"{name}") self.store(f"{version}") diff --git a/sbom4python/dotgenerator.py b/sbom4python/dotgenerator.py index 5161279..5204c1c 100644 --- a/sbom4python/dotgenerator.py +++ b/sbom4python/dotgenerator.py @@ -24,7 +24,7 @@ def get_package(self, package_id): return package_id[package_id[startpos:].find("-") + startpos + 1 :] elif "-" in package_id: # Format is n- - return package_id[package_id.find("-") + 1:] + return package_id[package_id.find("-") + 1 :] return package_id def set_colour(self, colour): diff --git a/sbom4python/generator.py b/sbom4python/generator.py index 7fc7e23..b0e2ecf 100644 --- a/sbom4python/generator.py +++ b/sbom4python/generator.py @@ -10,7 +10,15 @@ class SBOMGenerator: Simple SBOM Generator. """ - def __init__(self, include_license: False, sbom_type="spdx", format="tag", application="sbom4python", version="0.1", package_manager = "pypi"): + def __init__( + self, + include_license: False, + sbom_type="spdx", + format="tag", + application="sbom4python", + version="0.1", + package_manager="pypi", + ): if sbom_type == "spdx": self.bom = SPDXGenerator(include_license, format, application, version) self.bom.set_purl(package_manager) @@ -105,5 +113,5 @@ def generate_cyclonedx(self, project_name, packages): else: if parent != "-": self.bom.generateRelationship( - package_set[parent], package_set[product] - ) + package_set[parent], package_set[product] + ) diff --git a/sbom4python/license.py b/sbom4python/license.py index d882119..03b3b67 100644 --- a/sbom4python/license.py +++ b/sbom4python/license.py @@ -8,7 +8,12 @@ class LicenseScanner: - APACHE_SYNOYMNS = ["Apache Software License", "Apache License, Version 2.0", "Apache 2.0", "Apache 2"] + APACHE_SYNOYMNS = [ + "Apache Software License", + "Apache License, Version 2.0", + "Apache 2.0", + "Apache 2", + ] DEFAULT_LICENSE = "UNKNOWN" SPDX_LICENSE_VERSION = "3.18" @@ -41,7 +46,8 @@ def get_license_url(self, license_id): # Assume that license_id is a valid SPDX id if license_id != self.DEFAULT_LICENSE: for lic in self.licenses["licenses"]: - # License URL is in the seeAlso field. If multiple entries, just return first one + # License URL is in the seeAlso field. + # If multiple entries, just return first one if lic["licenseId"] == license_id: return lic["seeAlso"][0] - return None # License not found + return None # License not found diff --git a/sbom4python/spdxgenerator.py b/sbom4python/spdxgenerator.py index 5634bf2..fa09fa2 100644 --- a/sbom4python/spdxgenerator.py +++ b/sbom4python/spdxgenerator.py @@ -6,6 +6,7 @@ from sbom4python.license import LicenseScanner + class SPDXGenerator: """ Generate SPDX Tag/Value SBOM. @@ -19,7 +20,13 @@ class SPDXGenerator: PACKAGE_PREAMBLE = "SPDXRef-Package-" LICENSE_PREAMBLE = "LicenseRef-" - def __init__(self, include_license: False, spdx_format="tag", application="sbom4python", version="0.1"): + def __init__( + self, + include_license: False, + spdx_format="tag", + application="sbom4python", + version="0.1", + ): self.package_id = 0 self.include_license = include_license @@ -78,7 +85,9 @@ def generateTagDocumentHeader(self, project_name): + str(uuid.uuid4()), ) self.generateTag("LicenseListVersion", self.license.get_license_version()) - self.generateTag("Creator: Tool", self.application + "-" + self.application_version) + self.generateTag( + "Creator: Tool", self.application + "-" + self.application_version + ) self.generateTag("Created", self.generateTime()) self.generateTag( "CreatorComment", @@ -92,7 +101,9 @@ def generateJSONDocumentHeader(self, project_name): self.doc["spdxVersion"] = self.SPDX_VERSION creation_info = dict() creation_info["comment"] = "This document has been automatically generated." - creation_info["creators"] = ["Tool: " + self.application + "-" + self.application_version] + creation_info["creators"] = [ + "Tool: " + self.application + "-" + self.application_version + ] creation_info["created"] = self.generateTime() creation_info["licenseListVersion"] = self.license.get_license_version() self.doc["creationInfo"] = creation_info @@ -138,7 +149,9 @@ def generateTagPackageDetails( # Attempt to detect an organization if len(supplier.split()) > 2: # Supplier name mustn't have spaces in. Covert spaces to '_' - self.generateTag("PackageSupplier: Organization", supplier.replace(" ", "_")) + self.generateTag( + "PackageSupplier: Organization", supplier.replace(" ", "_") + ) else: # Supplier name mustn't have spaces in. Covert spaces to '_' self.generateTag("PackageSupplier: Person", supplier.replace(" ", "_")) @@ -150,7 +163,10 @@ def generateTagPackageDetails( self.generateTag("PackageLicenseDeclared", self.license_ident(license)) self.generateTag("PackageCopyrightText", "NOASSERTION") if self.include_purl: - self.generateTag("ExternalRef", f"PACKAGE-MANAGER pkg:{self.package_manager}/{package}@{version}") + self.generateTag( + "ExternalRef", + f"PACKAGE-MANAGER pkg:{self.package_manager}/{package}@{version}", + ) self.generateRelationship( self.package_ident(parent_id), package_id, relationship ) @@ -178,7 +194,9 @@ def generateJSONPackageDetails( if self.include_purl: purl_data = dict() purl_data["referenceCategory"] = "PACKAGE-MANAGER" - purl_data["referenceLocator"] = f"pkg:{self.package_manager}/{package}@{version}" + purl_data[ + "referenceLocator" + ] = f"pkg:{self.package_manager}/{package}@{version}" purl_data["referenceType"] = "purl" component["externalRefs"] = [purl_data] self.component.append(component)