blintdb command (#132)

* Adds blint db sub-command

Signed-off-by: Prabhu Subramanian <[email protected]>

* Include export id matches as properties

Signed-off-by: Prabhu Subramanian <[email protected]>

* Include export id matches as properties

Signed-off-by: Prabhu Subramanian <[email protected]>

* Readme update

Signed-off-by: Prabhu Subramanian <[email protected]>

---------

Signed-off-by: Prabhu Subramanian <[email protected]>

Author: prabhu

Dockerfile

@@ -4,7 +4,7 @@ LABEL maintainer="appthreat" \
       org.opencontainers.image.authors="Team AppThreat <[email protected]>" \
       org.opencontainers.image.source="https://github.com/owasp-dep-scan/blint" \
       org.opencontainers.image.url="https://github.com/owasp-dep-scan/blint" \
-      org.opencontainers.image.version="2.3.x" \
+      org.opencontainers.image.version="2.4.x" \
       org.opencontainers.image.vendor="OWASP" \
       org.opencontainers.image.licenses="MIT" \
       org.opencontainers.image.title="blint" \

README.md

@@ -63,6 +63,7 @@ sub-commands:
 
   {sbom}
     sbom                Command to generate SBOM for supported binaries.
+    db                  Command to manage the pre-compiled database.
 ```
 
 ### SBOM sub-command
@@ -85,6 +86,18 @@ options:
                         Directories containing pre-build and build BOMs. Use to improve the precision.
 ```
 
+### DB sub-command
+
+```shell
+usage: blint db [-h] [--download] [--image-url IMAGE_URL]
+
+options:
+  -h, --help            show this help message and exit
+  --download            Download the pre-compiled database to the /Volumes/Work/blintdb/ directory. Use the environment variable `BLINTDB_HOME` to override.
+  --image-url IMAGE_URL
+                        Blintdb image url. Defaults to ghcr.io/appthreat/blintdb-vcpkg-arm64:v1. The environment variable `BLINTDB_IMAGE_URL` is an alternative way to set this value.
+```
+
 To test any binary, including default commands
 
 ```bash
@@ -119,12 +132,20 @@ To parse all files, including `.dex` files, pass `--deep` argument.
 blint sbom -i /path/to/apk -o bom.json --deep
 ```
 
+Component identification for C/C++ binaries could be improved with [blintdb](https://github.com/AppThreat/blint-db). To download the pre-compiled database (SQLite format), first run the `db` command followed by the `sbom` command.
+
+```shell
+blint db
+blint sbom -i /path/to/binary -o bom.json --deep
+```
+
 The following binaries are supported:
 
 - Android (apk/aab)
 - Dotnet executable binaries
 - Go binaries
 - Rust binaries
+- c/c++ binaries (WIP)
 
 ```shell
 blint sbom -i /path/to/go-binaries -o bom.json --deep

blint/cli.py

@@ -5,7 +5,7 @@
 import os
 
 from blint.lib.runners import run_default_mode, run_sbom_mode
-from blint.config import BlintOptions
+from blint.config import BlintOptions, BLINTDB_HOME, BLINTDB_IMAGE_URL, BLINTDB_LOC
 from blint.lib.utils import blintdb_setup
 
 BLINT_LOGO = """
@@ -37,7 +37,8 @@ def build_parser():
         stdout_mode=False,
         exports_prefix=[],
         src_dir_boms=[],
-        sbom_mode=False
+        sbom_mode=False,
+        db_mode=False,
     )
     parser.add_argument(
         "-i",
@@ -86,9 +87,9 @@ def build_parser():
     parser.add_argument(
         "--use-blintdb",
         action="store_true",
-        default=False,
+        default=os.path.exists(BLINTDB_LOC),
         dest="use_blintdb",
-        help="Use blintdb for symbol resolution. Use environment variables: BLINTDB_IMAGE_URL, BLINTDB_HOME, and BLINTDB_REFRESH for customization.",
+        help=f"Use blintdb for symbol resolution. Defaults to true if the file exists at {BLINTDB_LOC}. Use environment variables: BLINTDB_IMAGE_URL, BLINTDB_HOME, and BLINTDB_REFRESH for customization.",
     )
     # sbom commmand
     subparsers = parser.add_subparsers(
@@ -144,7 +145,24 @@ def build_parser():
         nargs="+",
         help="Directories containing pre-build and build BOMs. Use to improve the precision.",
     )
-    
+    db_parser = subparsers.add_parser(
+        "db", help="Command to manage the pre-compiled database."
+    )
+    db_parser.set_defaults(db_mode=True)
+    db_parser.add_argument(
+        "--download",
+        action="store_true",
+        default=True,
+        dest="download_mode",
+        help=f"Download the pre-compiled database to the {BLINTDB_HOME} directory. Use the environment variable `BLINTDB_HOME` to override.",
+    )
+    db_parser.add_argument(
+        "--image-url",
+        dest="image_url",
+        choices=["ghcr.io/appthreat/blintdb-vcpkg-darwin-arm64:v1", "ghcr.io/appthreat/blintdb-meson-darwin-arm64:v1"],
+        default=BLINTDB_IMAGE_URL,
+        help=f"Blintdb image url. Defaults to {BLINTDB_IMAGE_URL}. The environment variable `BLINTDB_IMAGE_URL` is an alternative way to set this value.",
+    )
     return parser
 
 
@@ -187,6 +205,8 @@ def handle_args():
         no_reviews=args.no_reviews,
         reports_dir=args.reports_dir,
         sbom_mode=args.sbom_mode,
+        db_mode=args.db_mode,
+        image_url=args.image_url if args.db_mode else None,
         sbom_output=args.sbom_output,
         src_dir_boms=args.src_dir_boms,
         src_dir_image=args.src_dir_image,
@@ -205,6 +225,8 @@ def main():
     # SBOM command
     if blint_options.sbom_mode:
         run_sbom_mode(blint_options)
+    elif blint_options.db_mode:
+        return
     # Default case
     else:
         run_default_mode(blint_options)

blint/config.py

@@ -2,10 +2,13 @@
 import sys
 from dataclasses import dataclass, field
 import os
+import platform
 import re
 from typing import List
 from appdirs import user_data_dir
 
+ARCH = platform.machine()
+SYSTEM = platform.system().lower()
 
 # Default ignore list
 ignore_directories = [
@@ -1285,7 +1288,9 @@ class BlintOptions:
         no_error (bool): Flag indicating whether to suppress error messages.
         no_reviews (bool): Flag indicating whether to perform symbol reviews.
         reports_dir (str): The path to the reports directory.
-        sbom_mode (bool): Flag indicating whether to perform SBOM analysis.
+        sbom_mode (bool): Flag for the sbom sub-command.
+        db_mode (bool): Flag for the db sub-command.
+        image_url (str): blintdb download url. Must be OCI compatible.
         src_dir_image (list): A list of source directories.
         sbom_output (str): The path to the output file.
         deep_mode (bool): Flag indicating whether to perform deep analysis.
@@ -1299,13 +1304,15 @@ class BlintOptions:
     no_reviews: bool = False
     reports_dir: str = ""
     sbom_mode: bool = False
+    db_mode: bool = False
+    image_url: str = ""
     sbom_output: str = ""
     sbom_output_dir: str = ""
     src_dir_boms: List = field(default_factory=list)
     src_dir_image: List = field(default_factory=list)
     stdout_mode: bool = False
     use_blintdb: bool = False
-    
+
     def __post_init__(self):
         if not self.src_dir_image and not (self.sbom_mode and self.src_dir_boms):
             self.sources = [os.getcwd()]
@@ -1322,7 +1329,7 @@ def __post_init__(self):
                 self.sbom_output = os.path.join(self.sbom_output, "bom-post-build.cdx.json")
             else:
                 self.sbom_output_dir = os.path.dirname(self.sbom_output)
-        
+
 
 # PII related symbols
 PII_WORDS = (
@@ -1399,7 +1406,11 @@ def __post_init__(self):
 BLINTDB_HOME = os.getenv("BLINTDB_HOME", user_data_dir("blintdb"))
 BLINTDB_LOC = os.path.join(BLINTDB_HOME, "blint.db")
 
-BLINTDB_IMAGE_URL = os.getenv("BLINTDB_IMAGE_URL", "ghcr.io/appthreat/blintdb-meson-arm64:v1")
+BLINTDB_IMAGE_URL = os.getenv("BLINTDB_IMAGE_URL",
+                              "ghcr.io/appthreat/blintdb-vcpkg-darwin-arm64:v1" if SYSTEM == "darwin" else "ghcr.io/appthreat/blintdb-vcpkg:v1")
 BLINTDB_REFRESH = os.getenv("BLINTDB_REFRESH", False)
 if BLINTDB_REFRESH in ["true", "True", "1"]:
     BLINTDB_REFRESH = True
+
+SYMBOLS_LOOKUP_BATCH_LEN = get_int_from_env("SYMBOLS_LOOKUP_BATCH_LEN", 32000)
+MIN_MATCH_SCORE = get_int_from_env("MIN_MATCH_SCORE", 10)