feat(rest) : Endpoint for export SBOM at project detail page

Farooq-Fateh-Aftab · Farooq-Fateh-Aftab · commit a6543bfc3ef3 · 2025-03-20T12:34:19.000+05:30
diff --git a/libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/common/SW360Constants.java b/libraries/datahandler/src/main/java/org/eclipse/sw360/datahandler/common/SW360Constants.java
@@ -138,6 +138,8 @@ public class SW360Constants {
     public static final String ADD_LIST_EMAIL = "listEmail";
     public static final String DEPARTMENT_KEY = "departmentKey";
     public static final String DELETE_LIST_EMAIL = "deleteEmail";
+    public static final String SBOM = "sbom";
+
 
     /**
      * Hashmap containing the name field for each type.
@@ -162,6 +164,8 @@ public class SW360Constants {
             AttachmentType.COMPONENT_LICENSE_INFO_COMBINED, AttachmentType.INITIAL_SCAN_REPORT);
     public static final Collection<AttachmentType> SOURCE_CODE_ATTACHMENT_TYPES = Arrays.asList(AttachmentType.SOURCE, AttachmentType.SOURCE_SELF);
     public static final String CONTENT_TYPE_OPENXML_SPREADSHEET = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet";
+    public static final String CONTENT_TYPE_XML = "application/xml";
+    public static final String CONTENT_TYPE_JSON = "application/json";
 
     public static final String NOTIFICATION_CLASS_RELEASE = "release";
     public static final String NOTIFICATION_CLASS_MODERATION_REQUEST = "moderation";
diff --git a/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/report/SW360ReportController.java b/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/report/SW360ReportController.java
@@ -7,6 +7,7 @@
 
 import static com.google.common.base.Strings.isNullOrEmpty;
 import static org.eclipse.sw360.datahandler.common.SW360Constants.CONTENT_TYPE_OPENXML_SPREADSHEET;
+import static org.eclipse.sw360.datahandler.common.SW360Constants.XML_FILE_EXTENSION;
 import static org.springframework.hateoas.server.mvc.WebMvcLinkBuilder.linkTo;
 
 import java.io.IOException;
@@ -35,6 +36,7 @@
 import org.springframework.data.rest.webmvc.RepositoryLinksResource;
 import org.springframework.hateoas.server.RepresentationModelProcessor;
 import org.springframework.http.converter.HttpMessageNotReadableException;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.util.FileCopyUtils;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -84,7 +86,7 @@ public void getProjectReport(
             @Parameter(description = "Module name.", schema = @Schema(allowableValues = {
                     SW360Constants.PROJECTS, SW360Constants.COMPONENTS, SW360Constants.LICENSES,
                     LICENSE_INFO, LICENSES_RESOURCE_BUNDLE, SW360Constants.PROJECT_RELEASE_SPREADSHEET_WITH_ECCINFO,
-                    EXPORT_CREATE_PROJ_CLEARING_REPORT
+                    EXPORT_CREATE_PROJ_CLEARING_REPORT,SW360Constants.SBOM
             }))
             @RequestParam(value = "module", required = true) String module,
             @Parameter(description = "Exclude release version from the license info file")
@@ -101,6 +103,8 @@ public void getProjectReport(
             @RequestParam(value = "externalIds", required = false, defaultValue = "") String externalIds,
             @Parameter(description = "Generate report for only current project or with Sub projects. Can be supplied with modules [" + LICENSE_INFO + ", " + EXPORT_CREATE_PROJ_CLEARING_REPORT + "]")
             @RequestParam(value = "withSubProject", required = false, defaultValue = "false") boolean withSubProject,
+            @Parameter(description = "Type of SBOM file extention")
+            @RequestParam(value = "bomType", required = false) String bomType,
             HttpServletRequest request,
             HttpServletResponse response
     ) throws TException {
@@ -139,10 +143,18 @@ public void getProjectReport(
                     exportProjectCreateClearingRequest(response, sw360User, module, projectId, excludeReleaseVersion,
                             generatorClassName, variant, template, externalIds);
                     break;
+                case SW360Constants.SBOM:
+                    exportSBOM(response, sw360User, module, projectId,generatorClassName,
+                            bomType,withSubProject);
+                    break;
                 default:
                     break;
             }
-        } catch (Exception e) {
+        }
+        catch (AccessDeniedException e) {
+            throw  e;
+        }
+        catch (Exception e) {
             throw new TException(e.getMessage());
         }
     }
@@ -371,4 +383,32 @@ private String getBaseUrl(HttpServletRequest request) {
         String ctx = request.getContextPath();
         return url.substring(0, url.length() - uri.length() + ctx.length()) + "/";
     }
+    
+
+    private void exportSBOM(
+            HttpServletResponse response, User sw360User, String module, String projectId,
+            String generatorClassName, String bomType, boolean withSubProject
+    ) throws TException {
+        try {
+            String buff = sw360ReportService.getProjectSBOMBuffer(sw360User, projectId, bomType, withSubProject);
+            response.setContentType(SW360Constants.CONTENT_TYPE_JSON);
+            String fileName = sw360ReportService.getSBOMFileName(sw360User, projectId, module, bomType);
+            if (null == buff) {
+                throw new TException("No data available for the user " + sw360User.getEmail());
+            }
+            if (SW360Constants.XML_FILE_EXTENSION.equalsIgnoreCase(bomType)) {
+                response.setContentType(SW360Constants.CONTENT_TYPE_XML);
+            }
+            response.setHeader("Content-Disposition", String.format("attachment; filename=\"%s\"", fileName));
+            copyDataStreamToResponse(response, ByteBuffer.wrap(buff.getBytes()));
+        }
+        catch (AccessDeniedException e) {
+            log.error(e);
+            throw e;
+        }
+        catch (Exception e) {
+            log.error(e);
+            throw new TException(e.getMessage());
+        }
+    }
 }
diff --git a/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/report/SW360ReportService.java b/rest/resource-server/src/main/java/org/eclipse/sw360/rest/resourceserver/report/SW360ReportService.java
@@ -34,7 +34,11 @@
 import org.eclipse.sw360.datahandler.thrift.users.User;
 import org.eclipse.sw360.exporter.ReleaseExporter;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.stereotype.Service;
+import org.eclipse.sw360.datahandler.thrift.RequestSummary;
+import org.eclipse.sw360.datahandler.thrift.RequestStatus;
+import org.eclipse.sw360.datahandler.thrift.SW360Exception;
 
 import lombok.RequiredArgsConstructor;
 
@@ -437,4 +441,45 @@ public ByteBuffer getProjectReleaseSpreadSheetWithEcc(User user, String projectI
         }
         return ByteBuffer.wrap(IOUtils.toByteArray(exporter.makeExcelExport(releases)));
     }
+
+    public String getProjectSBOMBuffer(User user, String projectId, String bomType, boolean withSubProject) throws TException {
+        String bomString = "";
+            if (CommonUtils.isNotNullEmptyOrWhitespace(projectId)) {
+                if (CommonUtils.isNullEmptyOrWhitespace(bomType)) {
+                    throw new SW360Exception("Bom type cannot be empty");
+                }
+                RequestSummary summary = projectclient.exportCycloneDxSbom(projectId, bomType, withSubProject, user);
+                RequestStatus status = summary.getRequestStatus();
+                if (RequestStatus.FAILED_SANITY_CHECK.equals(status)) {
+                    bomString = status.name();
+                    throw new SW360Exception(bomString);
+                } else if (RequestStatus.ACCESS_DENIED.equals(status)) {
+                    bomString = status.name() + ", only user with role " + SW360Constants.SBOM_IMPORT_EXPORT_ACCESS_USER_ROLE + " can access.";
+                    throw new AccessDeniedException(bomString);
+                } else if (RequestStatus.FAILURE.equals(status)) {
+                    bomString = status.name() + "-" + summary.getMessage() ;
+                    throw new SW360Exception(bomString);
+                } else {
+                    bomString = summary.getMessage();
+                }
+            }
+            else{
+                throw new SW360Exception("Project Id cannot be empty");
+            }
+        return bomString;
+    }
+
+    public String getSBOMFileName(User user, String projectId, String module, String bomType) throws TException {
+        String documentName = "";
+        if(projectId != null && !projectId.equalsIgnoreCase("null")) {
+            Project project = projectclient.getProjectById(projectId, user);
+            documentName = String.format("project_%s(%s)_%s.xml", project.getName(), project.getVersion(),
+                    SW360Utils.getCreatedOnTime(), "_SBOM");
+            if(SW360Constants.JSON_FILE_EXTENSION.equalsIgnoreCase(bomType)){
+                documentName = String.format("project_%s(%s)_%s.json", project.getName(), project.getVersion(),
+                        SW360Utils.getCreatedOnTime(), "_SBOM");
+            }
+        }
+        return documentName;
+    }
 }
