This is an automated email from the ASF dual-hosted git repository.
arm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/main by this push:
new bc4db0a Fix issue with SBOM OSV scan models, and allow scan of jar
files.
bc4db0a is described below
commit bc4db0a681cc42a54d6f6ef873e8f30d4e4f7d23
Author: Alastair McFarlane <[email protected]>
AuthorDate: Mon Jan 26 16:25:42 2026 +0000
Fix issue with SBOM OSV scan models, and allow scan of jar files.
---
atr/models/results.py | 1 +
atr/post/draft.py | 9 +++++++--
atr/sbom/models/osv.py | 1 +
atr/tasks/sbom.py | 6 ++++--
atr/templates/draft-tools.html | 6 ++++--
5 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/atr/models/results.py b/atr/models/results.py
index 891f4be..1ecb4d9 100644
--- a/atr/models/results.py
+++ b/atr/models/results.py
@@ -70,6 +70,7 @@ class VulnerabilityDetails(schema.Lax):
severity: list[dict[str, Any]] | None = None
published: str | None = None
modified: str
+ affected: list[dict[str, Any]] | None = None
database_specific: dict[str, Any] = schema.Field(default={})
diff --git a/atr/post/draft.py b/atr/post/draft.py
index 952f498..c7fd259 100644
--- a/atr/post/draft.py
+++ b/atr/post/draft.py
@@ -158,9 +158,14 @@ async def sbomgen(session: web.Committer, project_name:
str, version_name: str,
return await session.redirect(get.compose.selected,
project_name=project_name, version_name=version_name)
# Check that the file is a .tar.gz archive before creating a revision
- if not (file_path.endswith(".tar.gz") or file_path.endswith(".tgz") or
file_path.endswith(".zip")):
+ if not (
+ file_path.endswith(".tar.gz")
+ or file_path.endswith(".tgz")
+ or file_path.endswith(".zip")
+ or file_path.endswith(".jar")
+ ):
raise base.ASFQuartException(
- f"SBOM generation requires .tar.gz or .tgz files. Received:
{file_path}", errorcode=400
+ f"SBOM generation requires .tar.gz, .tgz, .zip or .jar files.
Received: {file_path}", errorcode=400
)
try:
diff --git a/atr/sbom/models/osv.py b/atr/sbom/models/osv.py
index ab5c6e3..f2136d9 100644
--- a/atr/sbom/models/osv.py
+++ b/atr/sbom/models/osv.py
@@ -42,6 +42,7 @@ class VulnerabilityDetails(Lax):
severity: list[dict[str, Any]] | None = None
published: str | None = None
modified: str
+ affected: list[dict[str, Any]] | None = None
database_specific: dict[str, Any] = pydantic.Field(default={})
diff --git a/atr/tasks/sbom.py b/atr/tasks/sbom.py
index 066fbec..a9544a5 100644
--- a/atr/tasks/sbom.py
+++ b/atr/tasks/sbom.py
@@ -150,7 +150,9 @@ async def osv_scan(args: FileArgs) -> results.Results |
None:
components.append(
results.OSVComponent(
purl=v.ref,
-
vulnerabilities=[results.VulnerabilityDetails.model_validate(vuln) for vuln in
v.vulnerabilities],
+ vulnerabilities=[
+
results.VulnerabilityDetails.model_validate(vuln.model_dump()) for vuln in
v.vulnerabilities
+ ],
)
)
@@ -394,7 +396,7 @@ def _extracted_dir(temp_dir: str) -> str | None:
if extract_dir is None:
extract_dir = dir_path
else:
- raise ValueError(f"Multiple root directories found:
{extract_dir}, {dir_path}")
+ return temp_dir
if extract_dir is None:
extract_dir = temp_dir
return extract_dir
diff --git a/atr/templates/draft-tools.html b/atr/templates/draft-tools.html
index 519e89f..718f8f0 100644
--- a/atr/templates/draft-tools.html
+++ b/atr/templates/draft-tools.html
@@ -28,9 +28,11 @@
{{ sha512_form|safe }}
</div>
- {% if (file_path.endswith(".tar.gz") or file_path.endswith(".zip") or
file_path.endswith(".tgz")) and is_viewing_as_admin_fn(current_user.uid) %}
+ {% if (file_path.endswith(".tar.gz") or file_path.endswith(".zip") or
file_path.endswith(".jar") or file_path.endswith(".tgz")) and
is_viewing_as_admin_fn(current_user.uid) %}
<h3>Generate SBOM</h3>
- <p>NOTE: This functionality is currently not available.</p>
+ <div class="alert-info">
+ <p>NOTE: This functionality is in early release.</p>
+ </div>
<p>Generate a CycloneDX Software Bill of Materials (SBOM) file for this
artifact.</p>
{{ sbom_form|safe }}
{% endif %}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
