some fixes and updates

add sbom to admin
e-m-b-a · Nov 8, 2024 · 2ce6c15 · 2ce6c15
1 parent bce522c
commit 2ce6c15
Show file tree

Hide file tree

Showing 11 changed files with 63 additions and 27 deletions.
diff --git a/embark/dashboard/admin.py b/embark/dashboard/admin.py
@@ -4,8 +4,9 @@
 
 from django.contrib import admin
 
-from dashboard.models import Result, Vulnerability, SoftwareInfo
+from dashboard.models import Result, Vulnerability, SoftwareInfo, SoftwareBillOfMaterial
 
 admin.site.register(Result)
 admin.site.register(Vulnerability)
 admin.site.register(SoftwareInfo)
+admin.site.register(SoftwareBillOfMaterial)
diff --git a/embark/dashboard/models.py b/embark/dashboard/models.py
@@ -5,6 +5,7 @@
 import uuid
 from django.db import models
 from django.core.validators import MinLengthValidator
+from django.utils import timezone
 
 from uploader.models import FirmwareAnalysis
 
@@ -51,6 +52,7 @@ class Result(models.Model):
     firmware_analysis = models.OneToOneField(FirmwareAnalysis, on_delete=models.CASCADE, primary_key=True)
     emba_command = models.CharField(blank=True, null=True, max_length=(FirmwareAnalysis.MAX_LENGTH * 6), help_text='')
     restricted = models.BooleanField(default=False, help_text='')
+    date = models.DateTimeField(default=timezone.now, blank=True)
 
     # base identifier
     os_verified = models.CharField(blank=True, null=True, max_length=256, help_text='')

diff --git a/embark/porter/importer.py b/embark/porter/importer.py
@@ -214,15 +214,10 @@ def f15_json(_file_path, _analysis_id):
     logger.debug("starting f15 json import")
     with open(_file_path, 'r', encoding='utf-8') as f15_json_file:
         f15_data = json.load(f15_json_file)
-        sbom_obj, add_sbom = SoftwareBillOfMaterial.objects.get_or_create(
-            id=f15_data['serialNumber'] #TODO grep uuid from this: "urn:uuid:f601dc24-7ba9-4821-b398-a30c59f7775e"
-        )
-        if add_sbom:
-            res, _ = Result.objects.get_or_create(
-                firmware_analysis=FirmwareAnalysis.objects.get(id=_analysis_id),
-                sbom=add_sbom
-            )
-        else:
+        sbom_uuid = f15_data['serialNumber'].split(":")[2]
+        logger.debug("Reading sbom uuid=%s", sbom_uuid)
+        sbom_obj, add_sbom = SoftwareBillOfMaterial.objects.get_or_create(id=sbom_uuid)
+        if not add_sbom:
             for component_ in f15_data['components']:
                 logger.debug("Component is %s", component_)
                 try:
@@ -240,16 +235,13 @@ def f15_json(_file_path, _analysis_id):
                     )
                     logger.debug("Was new? %s", add_sitem)
                     logger.debug("Adding SBOM item: %s to sbom %s", new_sitem, sbom_obj)
-                    if add_sitem:
-                        sbom_obj.add(add_sitem)
-                    else:
-                        sbom_obj.add(new_sitem)
+                    sbom_obj.component.add(new_sitem)
                 except builtins.Exception as error_:
                     logger.error("Error in f15 readin: %s", error_)
-            res, _ = Result.objects.get_or_create(
-                firmware_analysis=FirmwareAnalysis.objects.get(id=_analysis_id),
-                sbom=sbom_obj
-            )
+        res, _ = Result.objects.get_or_create(
+            firmware_analysis=FirmwareAnalysis.objects.get(id=_analysis_id),
+            sbom=sbom_obj
+        )
     logger.debug("read f15 json done")
     return res
 

diff --git a/embark/templates/tracker/device.html b/embark/templates/tracker/device.html
@@ -35,6 +35,7 @@
 
 </div>
 {% block sbom %}{% include "tracker/results.html" %}{% endblock sbom%}
+
 <div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center mx-auto border-bottom">
     <h1 class="h2">Device tracker</h1>
     <div class="btn-toolbar mx-auto">
@@ -48,7 +49,6 @@ <h1 class="h2">Device tracker</h1>
         </div>  
     </div>
 </div>
-
 <div class="mx-auto border-bottom">
   <canvas id="trackerChart" width="900" height="380"></canvas>
   <script>

diff --git a/embark/templates/tracker/results.html b/embark/templates/tracker/results.html
@@ -1,5 +1,5 @@
 <!--
-This renders a interactive SBOM table for the device -->
+This renders a interactive result table for the device -->
 <div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-3 pb-2 mb-3 border-top">
     <div class="justify-content-between flex-wrap flex-md-nowrap align-items-center mx-auto">
         <h2>Results</h2>

diff --git a/embark/templates/tracker/sbom.html b/embark/templates/tracker/sbom.html
@@ -0,0 +1,25 @@
+{% load static %}
+{% load django_bootstrap5 %}
+
+{% block style %}<link rel="stylesheet" type="text/css" href="{% static 'content/css/tracker.css' %}"/>{% endblock style %}
+
+{% block title %}EMBArk tracker sbom{% endblock title %}
+{% block navigation %}{% include "navigation.html" %}{% endblock navigation %}
+{% block sidebar %}{% include "tracker/sidebar.html" %}{% endblock sidebar %}
+
+{% bootstrap_messages %}
+
+{% block maincontent %}
+<div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center mx-auto border-bottom">
+  {% for label in device.label.all %}
+    <span class="badge rounded-pill bg-primary">{{ label|safe }}</span>
+  {% endfor %}
+
+</div><div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-3 pb-2 mb-3 border-top">
+    <div class="justify-content-between flex-wrap flex-md-nowrap align-items-center mx-auto">
+        <h2>SBOM</h2>
+        {% load django_tables2 %}
+        {% render_table sbom_table %}
+    </div>
+</div>
+{% endblock %}
diff --git a/embark/tracker/forms.py b/embark/tracker/forms.py
@@ -6,6 +6,7 @@
 
 from django import forms
 
+from dashboard.models import Result
 from uploader.models import Device
 
 

diff --git a/embark/tracker/tables.py b/embark/tracker/tables.py
@@ -7,7 +7,7 @@
 from django.utils.html import format_html
 from django.urls import reverse
 
-from dashboard.models import Result, SoftwareInfo
+from dashboard.models import Result, SoftwareBillOfMaterial
 from uploader.models import Device
 
 
@@ -24,7 +24,7 @@ def render_id(self, value):
 class SimpleSBOMTable(tables.Table):
 
     class Meta:
-        model = SoftwareInfo
+        model = SoftwareBillOfMaterial
         orderable = True
 
     #  def render_id(self, value):
@@ -36,3 +36,7 @@ class SimpleResultTable(tables.Table):
     class Meta:
         model = Result
         orderable = True
+
+    def render_sbom(self, value):
+       return format_html(f"<a href=\"{reverse(viewname='embark-tracker-sbom', args=[value])}\">{value}</a>")
+
diff --git a/embark/tracker/urls.py b/embark/tracker/urls.py
@@ -12,7 +12,7 @@
     path('tracker/', views.tracker, name='embark-tracker'),
     # path('tracker/<time_delta:time>/', views.tracker, name='embark-tracker-time'),
     path('tracker/device/<int:device_id>/', views.get_report_for_device, name='embark-tracker-device'),
-    path('tracker/device/<int:device_id>/sbom/<int:result_id>', views.get_sbom_for_device, name='embark-tracker-sbom'),
+    path('tracker/sbom/<uuid:sbom_id>', views.get_sbom, name='embark-tracker-sbom'),
     path('tracker/device/<int:device_id>/toggle', views.toggle_device_visible, name='embark-tracker-device-visible'),
     # path('tracker/vendor/<str:vendor_name>/', views.get_report_for_vendor, name='embark-tracker-vendor'),
     path('tracker/associate/<uuid:analysis_id>', views.set_associate_device_to, name='embark-tracker-ass')

diff --git a/embark/tracker/views.py b/embark/tracker/views.py
@@ -12,16 +12,18 @@
 from django.shortcuts import redirect
 from django.contrib import messages
 from django.utils import timezone
+from django.core.exceptions import MultipleObjectsReturned
 
 from django_tables2 import RequestConfig
 
-from dashboard.models import Result
+from dashboard.models import Result, SoftwareBillOfMaterial
 from embark.helper import rnd_rgb_color, rnd_rgb_full
 from uploader.models import FirmwareAnalysis, Device, Vendor
 from tracker.tables import SimpleDeviceTable, SimpleResultTable, SimpleSBOMTable
 from tracker.forms import AssociateForm, TimeForm
 
 logger = logging.getLogger(__name__)
+req_logger = logging.getLogger("requests")
 
 
 @require_http_methods(["GET", "POST"])
@@ -132,8 +134,17 @@ def get_report_for_device(request, device_id):
 
 @require_http_methods(["GET"])
 @login_required(login_url='/' + settings.LOGIN_URL)
-def get_sbom_for_device(request, device_id, result_id):
-    pass    # TODO 
+def get_sbom(request, sbom_id):
+    req_logger.info("REquest from %s : %s", request.user, request)
+    try:
+        sbom_obj = SoftwareBillOfMaterial.objects.filter(id=sbom_id)
+        sbom_table = SimpleSBOMTable(data=sbom_obj, template_name="django_tables2/bootstrap-responsive.html")
+        RequestConfig(request).configure(sbom_table)
+    except MultipleObjectsReturned as multi_error:
+        messages.error(request, "wrong number of result objects %s ", multi_error)
+        sbom_table = None
+    logger.debug("Rendering sbom.html")
+    return render(request, "tracker/sbom.html", {'sbom_table': sbom_table})
 
 
 @require_http_methods(["GET"])

diff --git a/embark/uploader/models.py b/embark/uploader/models.py
@@ -361,7 +361,7 @@ def get_flags(self):
 
         command = ""
         if self.version:
-            command = command + r" -X " + "\"" + re.sub(r"[^a-zA-Z0-9\.\-\_\ \+]+", "", str(self.version)) + "\""
+            command = command + r" -X " + "\"" + re.sub(r"[^a-zA-Z0-9\.\-\_\+]+", "", str(self.version)) + "\""
         if self.device:
             devices = self.device.all()
             logger.debug("get_flags - device - to dict query returns %s", devices)