Added download_sbom method and updated example to show custom and bui…

…lt-in versions
FiniteStateInc · Oct 10, 2023 · 8f26b09 · 8f26b09
1 parent 6f06f01
commit 8f26b09
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 6 deletions.
diff --git a/examples/download_sboms.py b/examples/download_sboms.py
@@ -2,9 +2,10 @@
 import requests
 
 
-def download_sbom(token, organization_context, sbom_type="CYCLONEDX", sbom_subtype="SBOM_ONLY", asset_version_id=None, output_filename=None):
+def custom_download_sbom(token, organization_context, sbom_type="CYCLONEDX", sbom_subtype="SBOM_ONLY", asset_version_id=None, output_filename=None):
     """
-    Downloads an SBOM from the Finite State Platform and saves it to the specified output_filename
+    Demonstration of a method for getting a download URL. Downloads an SBOM from the Finite State Platform and saves it to the specified output_filename.
+    You could build your own method to do something else with the URL, or you can use the built-in finite_state_sdk.download_sbom() method.
     :param token: Finite State API token
     :param organization_context: Finite State API organization context
     :param sbom_type: The type of SBOM to download. Valid values are "CYCLONEDX" and "SPDX"
@@ -29,7 +30,10 @@ def download_sbom(token, organization_context, sbom_type="CYCLONEDX", sbom_subty
 
 
 def example_download_sboms(token, organization_context):
-    download_sbom(token, organization_context, sbom_type="CYCLONEDX", sbom_subtype="SBOM_ONLY", asset_version_id='123456789', output_filename='sbom.cyclonedx.sbom_only.json')
-    download_sbom(token, organization_context, sbom_type="CYCLONEDX", sbom_subtype="SBOM_WITH_VDR", asset_version_id='123456789', output_filename='sbom.cyclonedx.sbom_with_vdr.json')
-    download_sbom(token, organization_context, sbom_type="CYCLONEDX", sbom_subtype="VDR_ONLY", asset_version_id='123456789', output_filename='sbom.cyclonedx.vdr_only.json')
-    download_sbom(token, organization_context, sbom_type="SPDX", sbom_subtype="SBOM_ONLY", asset_version_id='123456789', output_filename='sbom.spdx.sbom_only.json')
+    custom_download_sbom(token, organization_context, sbom_type="CYCLONEDX", sbom_subtype="SBOM_ONLY", asset_version_id='123456789', output_filename='sbom.cyclonedx.sbom_only.json')
+    custom_download_sbom(token, organization_context, sbom_type="CYCLONEDX", sbom_subtype="SBOM_WITH_VDR", asset_version_id='123456789', output_filename='sbom.cyclonedx.sbom_with_vdr.json')
+    custom_download_sbom(token, organization_context, sbom_type="CYCLONEDX", sbom_subtype="VDR_ONLY", asset_version_id='123456789', output_filename='sbom.cyclonedx.vdr_only.json')
+    custom_download_sbom(token, organization_context, sbom_type="SPDX", sbom_subtype="SBOM_ONLY", asset_version_id='123456789', output_filename='sbom.spdx.sbom_only.json')
+
+    finite_state_sdk.download_sbom(token, organization_context, sbom_type="CYCLONEDX", sbom_subtype="SBOM_ONLY", asset_version_id='123456789', output_filename='sbom.cyclonedx.sbom_only.json', verbose=True)
+
diff --git a/finite_state_sdk/__init__.py b/finite_state_sdk/__init__.py
@@ -747,6 +747,51 @@ def create_test_as_third_party_scanner(token, organization_context, business_uni
     return create_test(token, organization_context, business_unit_id=business_unit_id, created_by_user_id=created_by_user_id, asset_id=asset_id, artifact_id=artifact_id, test_name=test_name, product_id=product_id, test_type=test_type)
 
 
+def download_sbom(token, organization_context, sbom_type="CYCLONEDX", sbom_subtype="SBOM_ONLY", asset_version_id=None, output_filename="sbom.json", verbose=False):
+    """
+    Download an SBOM for an Asset Version and save it to a local file. This is a blocking call, and can sometimes take minutes to return if the SBOM is very large.
+
+    Args:
+        token (str):
+            Auth token. This is the token returned by get_auth_token(). Just the token, do not include "Bearer" in this string, that is handled inside the method.
+        organization_context (str):
+            Organization context. This is provided by the Finite State API management. It looks like "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx".
+        sbom_type (str, required):
+            The type of SBOM to download. Valid values are "CYCLONEDX" and "SPDX". Defaults to "CYCLONEDX".
+        sbom_subtype (str, required):
+            The subtype of SBOM to download. Valid values for CycloneDX are "SBOM_ONLY", "SBOM_WITH_VDR", "VDR_ONLY. For SPDX valid values are "SBOM_ONLY". Defaults to "SBOM_ONLY".
+        asset_version_id (str, required):
+            The Asset Version ID to download the SBOM for.
+        output_filename (str, required):
+            The local filename to save the SBOM to. If not provided, the SBOM will be saved to a file named "sbom.json" in the current directory.
+        verbose (bool, optional):
+            If True, will print additional information to the console. Defaults to False.
+
+    Raises:
+        ValueError: Raised if required parameters are not provided.
+        Exception: Raised if the query fails.
+
+    Returns:
+        None
+    """
+    url = generate_sbom_download_url(token, organization_context, sbom_type=sbom_type, sbom_subtype=sbom_subtype, asset_version_id=asset_version_id, verbose=verbose)
+
+    # Send an HTTP GET request to the URL
+    response = requests.get(url)
+
+    # Check if the request was successful (status code 200)
+    if response.status_code == 200:
+        # Open a local file in binary write mode and write the content to it
+        if verbose:
+            print("File downloaded successfully.")
+        with open(output_filename, 'wb') as file:
+            file.write(response.content)
+            if verbose:
+                print(f'Wrote file to {output_filename}')
+    else:
+        raise Exception(f"Failed to download the file. Status code: {response.status_code}")
+
+
 def file_chunks(file_path, chunk_size=1024 * 1024 * 1024 * 5):
     """
     Helper method to read a file in chunks.