Merge branch 'master' of https://github.com/XmirrorSecurity/OpenSCA-cli

.github/README.md

@@ -260,7 +260,7 @@ For v1.0.10 and below, if the time is abnormally long and error information abou
 After setting, save `config.json` to the same folder of opensca-cli.exe and execute the command. Eg:
 
 ```shell
-opensca-cli -url https://opensca.xmirror.cn -token {token} -path {path} -out output.html -config config.json
+opensca-cli -token {token} -path {path} -out output.html -config config.json
 ```
 
 Users of v1.0.5 and below may have to modify the source code. We recommend an upgrade to higher versions.

.github/workflows/publish_docker_images.yml

@@ -51,8 +51,8 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Convert to lowercase
         run: |
-          echo "ghcr.io/${{ github.repository }}/opensca-cli:latest" | tr '[:upper:]' '[:lower:]' >> ${GITHUB_ENV}
-          echo "ghcr.io/${{ github.repository }}/opensca-cli:${{ env.VERSION }}" | tr '[:upper:]' '[:lower:]' >> ${GITHUB_ENV}
+          echo "LATEST_TAG=ghcr.io/${{ github.repository }}/opensca-cli:latest" | tr '[:upper:]' '[:lower:]' >> ${GITHUB_ENV}
+          echo "VERSION_TAG=ghcr.io/${{ github.repository }}/opensca-cli:${{ env.VERSION }}" | tr '[:upper:]' '[:lower:]' >> ${GITHUB_ENV}
       - name: Build and push to GitHub Packages
         uses: docker/build-push-action@v5
         with:
@@ -62,4 +62,4 @@ jobs:
           push: true
           build-args: |
             VERSION=${{ env.VERSION }}
-          tags: ghcr.io/${{ github.repository }}/opensca-cli:latest, ghcr.io/${{ github.repository }}/opensca-cli:${{ env.VERSION }}
+          tags: ${{ env.LATEST_TAG }}, ${{ env.VERSION_TAG }}

.github/workflows/update_package_managers.yml

@@ -0,0 +1,21 @@
+name: Update Package Managers
+
+on:
+  push:
+    tags:
+      - v*.*.*
+  workflow_dispatch:
+    inputs:
+      tag-name:
+        description: 'The version to upgrade'
+        required: true
+
+jobs:
+  homebrew:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: mislav/bump-homebrew-formula-action@v3
+        with:
+          formula-name: opensca-cli
+        env:
+          COMMITTER_TOKEN: ${{ secrets.COMMITTER_TOKEN }}

README.md

@@ -96,6 +96,7 @@
 | `out`    | `string` | 根据后缀生成报告 | `-out out.json,out.html` |
 | `log`    | `string` | 指定日志文件路径 | `-log my_log.txt`        |
 | `token`  | `string` | 云端服务`token`  | `-token xxx`             |
+| `proj`   | `string` | saas项目`token`  | `-proj xxx`              |
 
 完整的检测参数需在配置文件中配置
 （*v3.0.0开始url参数不再通过命令行指定，默认为OpenSCA云漏洞库服务`https://opensca.xmirror.cn/`，也可通过配置文件指定其他数据格式相符的云漏洞库；使用过往版本可在命令行或配置文件指定url参数。）
@@ -148,12 +149,12 @@ docker run -ti --rm -v ${PWD}:/src opensca/opensca-cli -token ${put_your_token_h
 
 如需在`docker`容器中使用配置文件，将`config.json`放到`src`挂载目录即可。也可以使用`-config`指定其他容器内路径。
 不同终端挂载当前目录的写法不同，常见的几种终端写法如下：
-|terminal|pwd|
-|-|-|
-|`bash`|`$(pwd)`|
-|`zsh`|`${PWD}`|
-|`cmd`|`%cd%`|
-|`powershell`|`(Get-Location).Path`|
+| terminal     | pwd                   |
+| ------------ | --------------------- |
+| `bash`       | `$(pwd)`              |
+| `zsh`        | `${PWD}`              |
+| `cmd`        | `%cd%`                |
+| `powershell` | `(Get-Location).Path` |
 
 更多信息请参考 [Docker Hub 主页](https://hub.docker.com/r/opensca/opensca-cli)
 
@@ -262,7 +263,7 @@ v1.0.10及更低版本使用时如遇检测速度异常慢、日志文件中有m
 设置完毕后，确保配置文件和opensca-cli在同一目录下，执行opensca-cli检测命令加上-config congif.json即可，示例：
 
 ```shell
-opensca-cli -url https://opensca.xmirror.cn -token {token} -path {path} -out output.html -config config.json
+opensca-cli -token {token} -path {path} -out output.html -config config.json
 ```
 
 v1.0.5及更低版本需要自行修改源码配置镜像库地址，建议升级到更高版本。

cmd/config/config.go

@@ -6,8 +6,8 @@ import (
 	"path/filepath"
 
 	"github.com/titanous/json5"
-	"github.com/xmirrorsecurity/opensca-cli/opensca/common"
-	"github.com/xmirrorsecurity/opensca-cli/opensca/logs"
+	"github.com/xmirrorsecurity/opensca-cli/v3/opensca/common"
+	"github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs"
 )
 
 type Config struct {
@@ -26,7 +26,7 @@ type BaseConfig struct {
 type OriginConfig struct {
 	Url    string    `json:"url"`
 	Token  string    `json:"token"`
-	Uid    string    `json:"uid"`
+	Proj   *string   `json:"proj"`
 	Json   string    `json:"json"`
 	Mysql  SqlOrigin `json:"mysql"`
 	Sqlite SqlOrigin `json:"sqlite"`
@@ -66,8 +66,8 @@ func WriteConfig(write func(config *Config)) {
 	}
 }
 
-// loadDefaultConfig 加载默认配置
-func loadDefaultConfig() bool {
+// loadDefaultConfig 加载默认配置 返回使用的配置文件
+func loadDefaultConfig() string {
 
 	defaultConfigPaths := []string{}
 
@@ -91,21 +91,20 @@ func loadDefaultConfig() bool {
 			err := json5.Unmarshal(data, &_config)
 			if err == nil {
 				logs.Debugf("load config %s", config)
-				return true
+				return config
 			}
 		}
 	}
 
-	return false
+	return ""
 }
 
-// LoadConfig 加载配置文件
-func LoadConfig(filepath string) {
+// LoadConfig 加载配置文件 返回使用的配置文件
+func LoadConfig(filepath string) string {
 
 	if filepath == "" {
 		logs.Debug("use default config")
-		loadDefaultConfig()
-		return
+		return loadDefaultConfig()
 	}
 
 	if _, err := os.Stat(filepath); err != nil {
@@ -122,6 +121,8 @@ func LoadConfig(filepath string) {
 	if err != nil {
 		logs.Warnf("unmarshal file %s error: %v", filepath, err)
 	}
+
+	return filepath
 }
 
 var defalutConfigJson []byte

cmd/detail/client.go

@@ -16,8 +16,8 @@ import (
 	"path/filepath"
 	"regexp"
 
-	"github.com/xmirrorsecurity/opensca-cli/cmd/config"
-	"github.com/xmirrorsecurity/opensca-cli/opensca/logs"
+	"github.com/xmirrorsecurity/opensca-cli/v3/cmd/config"
+	"github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs"
 
 	"github.com/pkg/errors"
 )

cmd/detail/detail.go

@@ -8,9 +8,9 @@ import (
 	"time"
 
 	"github.com/pkg/errors"
-	"github.com/xmirrorsecurity/opensca-cli/cmd/config"
-	"github.com/xmirrorsecurity/opensca-cli/opensca/logs"
-	"github.com/xmirrorsecurity/opensca-cli/opensca/model"
+	"github.com/xmirrorsecurity/opensca-cli/v3/cmd/config"
+	"github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs"
+	"github.com/xmirrorsecurity/opensca-cli/v3/opensca/model"
 )
 
 type DepDetailGraph struct {

cmd/detail/login.go

@@ -2,31 +2,72 @@ package detail
 
 import (
 	"bufio"
+	"bytes"
+	"crypto/md5"
+	"encoding/hex"
+	"encoding/json"
+	"errors"
 	"fmt"
-	"golang.org/x/term"
+	"io"
+	"net/http"
 	"os"
+	"strings"
+
+	"github.com/xmirrorsecurity/opensca-cli/v3/cmd/config"
+	"github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs"
+	"golang.org/x/term"
 )
 
-func Login() {
+func Login() error {
 	fmt.Println("Log in with your username to access cloud-based software supply-chain risk data from OpenSCA SaaS.")
 	fmt.Println("If you don't have an account, please register at https://opensca.xmirror.cn/")
 
-	fmt.Print("Enter username: ")
+	fmt.Print("Enter username or email: ")
 	username, err := bufio.NewReader(os.Stdin).ReadString('\n')
+	username = strings.TrimSpace(username)
 	if err != nil {
-		fmt.Println(err)
-		return
+		return err
 	}
+
 	fmt.Print("Enter password: ")
 	password, err := term.ReadPassword(int(os.Stdin.Fd()))
+	password = bytes.TrimSpace(password)
+	if err != nil {
+		return err
+	}
+
+	m := md5.New()
+	m.Write(password)
+	pswdmd5 := hex.EncodeToString(m.Sum(nil))
+
+	fmt.Printf("\n%s login ...\n", username)
+
+	url := config.Conf().Origin.Url + "/oss-saas/api-v1/open-sca-client/token"
+	url += fmt.Sprintf("?usernameOrEmail=%s&password=%s", username, pswdmd5)
+
+	resp, err := http.DefaultClient.Get(url)
 	if err != nil {
-		fmt.Println(err)
-		return
+		return err
 	}
+	defer resp.Body.Close()
 
-	// TODO：登录逻辑
-	fmt.Println()
-	fmt.Println("username: ", username, "password: ", string(password))
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+	logs.Debugf("login response: %s", string(data))
+
+	loginResp := struct {
+		Code    int    `json:"code"`
+		Message string `json:"message"`
+		Data    string `json:"data"`
+	}{}
+	json.Unmarshal(data, &loginResp)
+	if loginResp.Code == 0 && loginResp.Message == "success" {
+		config.Conf().Origin.Token = loginResp.Data
+	} else {
+		return errors.New(loginResp.Message)
+	}
 
-	os.Exit(0)
+	return nil
 }

cmd/detail/origin.go

@@ -9,8 +9,8 @@ import (
 	"sync"
 	"time"
 
-	"github.com/xmirrorsecurity/opensca-cli/cmd/config"
-	"github.com/xmirrorsecurity/opensca-cli/opensca/logs"
+	"github.com/xmirrorsecurity/opensca-cli/v3/cmd/config"
+	"github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs"
 	"gorm.io/driver/mysql"
 	"gorm.io/driver/sqlite"
 	"gorm.io/gorm"

cmd/format/csv.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/xmirrorsecurity/opensca-cli/cmd/detail"
+	"github.com/xmirrorsecurity/opensca-cli/v3/cmd/detail"
 )
 
 func Csv(report Report, out string) {

cmd/format/cyclonedx.go

@@ -5,7 +5,7 @@ import (
 	"strings"
 
 	"github.com/CycloneDX/cyclonedx-go"
-	"github.com/xmirrorsecurity/opensca-cli/cmd/detail"
+	"github.com/xmirrorsecurity/opensca-cli/v3/cmd/detail"
 )
 
 func cyclonedxbom(dep *detail.DepDetailGraph) *cyclonedx.BOM {

cmd/format/dsdx.go

@@ -5,9 +5,9 @@ import (
 	"encoding/xml"
 	"io"
 
-	"github.com/xmirrorsecurity/opensca-cli/cmd/detail"
-	"github.com/xmirrorsecurity/opensca-cli/opensca/logs"
-	"github.com/xmirrorsecurity/opensca-cli/opensca/model"
+	"github.com/xmirrorsecurity/opensca-cli/v3/cmd/detail"
+	"github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs"
+	"github.com/xmirrorsecurity/opensca-cli/v3/opensca/model"
 )
 
 func Dsdx(report Report, out string) {

cmd/format/html.go

@@ -6,8 +6,8 @@ import (
 	"encoding/json"
 	"io"
 
-	"github.com/xmirrorsecurity/opensca-cli/cmd/detail"
-	"github.com/xmirrorsecurity/opensca-cli/opensca/logs"
+	"github.com/xmirrorsecurity/opensca-cli/v3/cmd/detail"
+	"github.com/xmirrorsecurity/opensca-cli/v3/opensca/logs"
 )
 
 //go:embed html_tpl