This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new 64e70de Use async web functions in the SBOM tool
64e70de is described below
commit 64e70de8e77f0f5e54d64499aaf736129baadec2
Author: Sean B. Palmer <[email protected]>
AuthorDate: Fri Oct 17 18:33:22 2025 +0100
Use async web functions in the SBOM tool
---
atr/sbom/cli.py | 7 ++++---
atr/sbom/conformance.py | 25 +++++++++++++++++--------
atr/sbom/utilities.py | 6 ++++--
atr/tasks/sbom.py | 2 +-
4 files changed, 26 insertions(+), 14 deletions(-)
diff --git a/atr/sbom/cli.py b/atr/sbom/cli.py
index 0fdc138..e6e0ce9 100644
--- a/atr/sbom/cli.py
+++ b/atr/sbom/cli.py
@@ -17,6 +17,7 @@
from __future__ import annotations
+import asyncio
import pathlib
import sys
@@ -55,7 +56,7 @@ def command_license(bundle: models.bundle.Bundle) -> None:
def command_merge(bundle: models.bundle.Bundle) -> None:
- patch_ops = bundle_to_patch(bundle)
+ patch_ops = asyncio.run(bundle_to_patch(bundle))
if patch_ops:
patch_data = patch_to_data(patch_ops)
merged = bundle.doc.patch(yyjson.Document(patch_data))
@@ -79,7 +80,7 @@ def command_outdated(bundle: models.bundle.Bundle) -> None:
def command_patch(bundle: models.bundle.Bundle) -> None:
- patch_ops = bundle_to_patch(bundle)
+ patch_ops = asyncio.run(bundle_to_patch(bundle))
if patch_ops:
patch_data = patch_to_data(patch_ops)
print(yyjson.Document(patch_data).dumps())
@@ -88,7 +89,7 @@ def command_patch(bundle: models.bundle.Bundle) -> None:
def command_scores(bundle: models.bundle.Bundle) -> None:
- patch_ops = bundle_to_patch(bundle)
+ patch_ops = asyncio.run(bundle_to_patch(bundle))
if patch_ops:
patch_data = patch_to_data(patch_ops)
merged = bundle.doc.patch(yyjson.Document(patch_data))
diff --git a/atr/sbom/conformance.py b/atr/sbom/conformance.py
index 52f0afc..6ba05bb 100644
--- a/atr/sbom/conformance.py
+++ b/atr/sbom/conformance.py
@@ -18,10 +18,9 @@
from __future__ import annotations
import datetime
-import urllib.error
import urllib.parse
-import urllib.request
+import aiohttp
import yyjson
from . import constants, models
@@ -39,7 +38,12 @@ def assemble_component_name(doc: yyjson.Document, patch_ops:
models.patch.Patch,
pass
-def assemble_component_supplier(doc: yyjson.Document, patch_ops:
models.patch.Patch, index: int) -> None:
+async def assemble_component_supplier(
+ session: aiohttp.ClientSession,
+ doc: yyjson.Document,
+ patch_ops: models.patch.Patch,
+ index: int,
+) -> None:
# We need to detect whether this is an ASF component
# If it is, we can trivially fix it
# If not, this is much more difficult
@@ -124,9 +128,10 @@ def assemble_component_supplier(doc: yyjson.Document,
patch_ops: models.patch.Pa
url =
f"https://api.deps.dev/v3/systems/MAVEN/packages/{package}/versions/{version}";
try:
- with urllib.request.urlopen(url) as response:
- data = yyjson.Document(response.read())
- except urllib.error.HTTPError:
+ async with session.get(url) as response:
+ response.raise_for_status()
+ data = yyjson.Document(await response.read())
+ except aiohttp.ClientResponseError:
cache[key] = None
cache_write(cache)
return
@@ -341,7 +346,11 @@ def ntia_2021_issues(
return warnings, errors
-def ntia_2021_patch(doc: yyjson.Document, errors:
list[models.conformance.Missing]) -> models.patch.Patch:
+async def ntia_2021_patch(
+ session: aiohttp.ClientSession,
+ doc: yyjson.Document,
+ errors: list[models.conformance.Missing],
+) -> models.patch.Patch:
patch_ops: models.patch.Patch = []
# TODO: Add tool metadata
for error in errors:
@@ -363,7 +372,7 @@ def ntia_2021_patch(doc: yyjson.Document, errors:
list[models.conformance.Missin
case
models.conformance.MissingComponentProperty(property=property_value,
index=index):
match property_value:
case models.conformance.ComponentProperty.SUPPLIER if
index is not None:
- assemble_component_supplier(doc, patch_ops, index)
+ await assemble_component_supplier(session, doc,
patch_ops, index)
case models.conformance.ComponentProperty.NAME if index is
not None:
assemble_component_name(doc, patch_ops, index)
case models.conformance.ComponentProperty.VERSION if index
is not None:
diff --git a/atr/sbom/utilities.py b/atr/sbom/utilities.py
index 543c135..496deb2 100644
--- a/atr/sbom/utilities.py
+++ b/atr/sbom/utilities.py
@@ -22,16 +22,18 @@ from typing import TYPE_CHECKING, Any
if TYPE_CHECKING:
import pathlib
+import aiohttp
import yyjson
from . import models
-def bundle_to_patch(bundle_value: models.bundle.Bundle) -> models.patch.Patch:
+async def bundle_to_patch(bundle_value: models.bundle.Bundle) ->
models.patch.Patch:
from .conformance import ntia_2021_issues, ntia_2021_patch
_warnings, errors = ntia_2021_issues(bundle_value.bom)
- patch_ops = ntia_2021_patch(bundle_value.doc, errors)
+ async with aiohttp.ClientSession() as session:
+ patch_ops = await ntia_2021_patch(session, bundle_value.doc, errors)
return patch_ops
diff --git a/atr/tasks/sbom.py b/atr/tasks/sbom.py
index e091505..f239534 100644
--- a/atr/tasks/sbom.py
+++ b/atr/tasks/sbom.py
@@ -80,7 +80,7 @@ async def augment(args: FileArgs) -> results.Results | None:
raise SBOMScoringError("SBOM file does not exist", {"file_path":
args.file_path})
# Read from the old revision
bundle = sbom.utilities.path_to_bundle(pathlib.Path(full_path))
- patch_ops = sbom.utilities.bundle_to_patch(bundle)
+ patch_ops = await sbom.utilities.bundle_to_patch(bundle)
new_full_path: str | None = None
if patch_ops:
patch_data = sbom.utilities.patch_to_data(patch_ops)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
