report_data.py

'''
Copyright 2022 Flexera Software LLC
See LICENSE.TXT for full license text
SPDX-License-Identifier: MIT

Author : sgeary  
Created On : Wed Sep 28 2022
File : report_data.py
'''

import logging
logger = logging.getLogger(__name__)

import CodeInsight_RESTAPIs.project.get_child_projects
import CodeInsight_RESTAPIs.project.get_project_inventory
from collections import OrderedDict


#-------------------------------------------------------------------#
def gather_data_for_report(baseURL, projectID, authToken, reportName, reportOptions):
    logger.info("Entering gather_data_for_report")

    # Parse report options
    includeChildProjects = reportOptions["includeChildProjects"]  # True/False

    projectList = [] # List to hold parent/child details for report
    inventoryData = {}  # Create a dictionary containing the inventory data using inventoryID as keys

    # Get the list of parent/child projects start at the base project
    projectHierarchy = CodeInsight_RESTAPIs.project.get_child_projects.get_child_projects_recursively(baseURL, projectID, authToken)

    # Create a list of project data sorted by the project name at each level for report display  
    # Add details for the parent node
    nodeDetails = {}
    nodeDetails["parent"] = "#"  # The root node
    nodeDetails["projectName"] = projectHierarchy["name"]
    nodeDetails["projectID"] = projectHierarchy["id"]
    nodeDetails["projectLink"] = baseURL + "/codeinsight/FNCI#myprojectdetails/?id=" + str(projectHierarchy["id"]) + "&tab=projectInventory"

    projectList.append(nodeDetails)

    if includeChildProjects:
        projectList = create_project_hierarchy(projectHierarchy, projectHierarchy["id"], projectList, baseURL)
    else:
        logger.debug("Child hierarchy disabled")


    #  Gather the details for each project and summerize the data
    for project in projectList:

        projectID = project["projectID"]
        projectName = project["projectName"]
        projectLink = project["projectLink"]

        projectInventory = CodeInsight_RESTAPIs.project.get_project_inventory.get_project_inventory_details_without_vulnerabilities(baseURL, projectID, authToken)
        numInventoryItems = len(projectInventory["inventoryItems"])

        if numInventoryItems == 0:
            logger.warning("    Project %s contains no inventory items" %projectName)
            print("Project %s contains no inventory items." %projectName)
    
        currentItem=0
        for inventoryItem in projectInventory["inventoryItems"]:
  
            currentItem +=1
            inventoryID = inventoryItem["id"]
            inventoryItemName = inventoryItem["name"]
            componentName = inventoryItem["componentName"]
            componentVersionName = inventoryItem["componentVersionName"]
            inventoryItemLink = baseURL + '''/codeinsight/FNCI#myprojectdetails/?id=''' + str(projectID) + '''&tab=projectInventory&pinv=''' + str(inventoryID)

            logger.debug("Processing inventory items %s of %s" %(currentItem, numInventoryItems))
            logger.debug("    Project:  %s   Inventory Name: %s  Inventory ID: %s" %(projectName, inventoryItemName, inventoryID))

            # This field was added in 2021R4 so if earlier release add the list
            try:
                customFields = inventoryItem["customFields"]
            except:
                customFields = [] 

            vulnerabilityExclusions = {}

            # Create a list of the vulnerabilities to be ignored
            for customField in customFields:
                if customField["fieldLabel"] == "Vulnerability Ignore List":
                    excludedCVEs = customField["value"]
                    if excludedCVEs:
                        # Create a list from the string response and remove white space
                        for excludedCVE in excludedCVEs.split('\n'):
                            excludedCVEDetails = excludedCVE.split('|')

                            cve = excludedCVEDetails[0].strip()

                            if len(excludedCVEDetails) == 2:
                                exclusionReason = excludedCVEDetails[1].strip()
                            else:
                                exclusionReason = ""
                            
                            vulnerabilityExclusions[cve] = exclusionReason


            sortedVulnerabilityExclusions = OrderedDict(sorted(vulnerabilityExclusions.items()))

            inventoryData[inventoryID] = {}
            inventoryData[inventoryID]["projectName"] = projectName
            inventoryData[inventoryID]["componentName"] = componentName
            inventoryData[inventoryID]["componentVersionName"] = componentVersionName
            inventoryData[inventoryID]["projectLink"] = projectLink
            inventoryData[inventoryID]["inventoryItemLink"] = inventoryItemLink
            inventoryData[inventoryID]["vulnerabilityExclusions"] = sortedVulnerabilityExclusions


    # Sort the inventory data by Component Name and Version Name
    sortedInventoryData = OrderedDict(sorted(inventoryData.items(), key=lambda x: (x[1]['componentName'], x[1]['componentVersionName'] ) ))

    reportData = {}
    reportData["reportName"] = reportName
    reportData["projectID"] = projectID
    reportData["projectName"] = projectHierarchy["name"]
    reportData["projectList"] = projectList
    reportData["inventoryData"] = sortedInventoryData

    return reportData

#----------------------------------------------#
def create_project_hierarchy(project, parentID, projectList, baseURL):
    logger.debug("Entering create_project_hierarchy with parentID : %s" %parentID)

    # Are there more child projects for this project?
    if len(project["childProject"]):

        # Sort by project name of child projects
        for childProject in sorted(project["childProject"], key = lambda i: i['name'] ) :
            
            uniqueProjectID = str(parentID) + "-" + str(childProject["id"])
            nodeDetails = {}
            nodeDetails["projectID"] = childProject["id"]
            nodeDetails["parent"] = parentID
            nodeDetails["uniqueID"] = uniqueProjectID
            nodeDetails["projectName"] = childProject["name"]
            nodeDetails["projectLink"] = baseURL + "/codeinsight/FNCI#myprojectdetails/?id=" + str(childProject["id"]) + "&tab=projectInventory"

            projectList.append( nodeDetails )

            create_project_hierarchy(childProject, uniqueProjectID, projectList, baseURL)

    return projectList