generic binary SBOM (#56)

* mac sbom

Signed-off-by: Prabhu Subramanian <[email protected]>

* windows sbom

Signed-off-by: Prabhu Subramanian <[email protected]>

* Reformat file based on PR comments

Signed-off-by: Prabhu Subramanian <[email protected]>

* Move config items to config.py, extract duplicate code into functions. (#58)

Signed-off-by: Caroline Russell <[email protected]>

---------

Signed-off-by: Prabhu Subramanian <[email protected]>
Signed-off-by: Caroline Russell <[email protected]>
Co-authored-by: Caroline Russell <[email protected]>

Author: prabhu

blint/analysis.py

@@ -11,14 +11,12 @@
 from pathlib import Path
 
 import yaml
-from rich import box
 from rich.progress import Progress
-from rich.table import Table
 from rich.terminal_theme import MONOKAI
 
 from blint.binary import parse
 from blint.logger import LOG, console
-from blint.utils import (is_fuzzable_name, print_findings_table, )
+from blint.utils import (create_findings_table, is_fuzzable_name, print_findings_table, )
 from blint.checks import (check_nx, check_pie,  # noqa, pylint: disable=unused-import
                           check_relro, check_canary, check_rpath,
                           check_virtual_size, check_authenticode,
@@ -279,15 +277,7 @@ def print_reviews_table(reviews, files):
         files: A list of file names associated with the reviews.
 
     """
-    table = Table(
-        title="BLint Capability Review",
-        box=box.DOUBLE_EDGE,
-        header_style="bold magenta",
-        show_lines=True,
-    )
-    table.add_column("ID")
-    if len(files) > 1:
-        table.add_column("Binary")
+    table = create_findings_table(files, "BLint Capability Review")
     table.add_column("Capabilities")
     table.add_column("Evidence (Top 5)", overflow="fold")
     for r in reviews:
@@ -545,7 +535,7 @@ def _review_symbols_exe(self, metadata):
         symbols_list = [f.get("name", "") for f in
                         metadata.get("dynamic_symbols", [])]
         symbols_list += [f.get("name", "") for f in
-                         metadata.get("static_symbols", [])]
+                         metadata.get("symtab_symbols", [])]
         LOG.debug(f"Reviewing {len(symbols_list)} symbols")
         if self.review_symbols_list:
             self.run_review_methods_symbols(
@@ -565,11 +555,11 @@ def _methods_or_exe(self, metadata):
                           metadata.get("functions", [])]
         if metadata.get("magic", "").startswith("PE"):
             functions_list += [f.get("name", "") for f in
-                               metadata.get("static_symbols", [])]
+                               metadata.get("symtab_symbols", [])]
         # If there are no function but static symbols use that instead
-        if not functions_list and metadata.get("static_symbols"):
+        if not functions_list and metadata.get("symtab_symbols"):
             functions_list = [f.get("name", "") for f in
-                              metadata.get("static_symbols", [])]
+                              metadata.get("symtab_symbols", [])]
         LOG.debug(f"Reviewing {len(functions_list)} functions")
         if self.review_methods_list:
             self.run_review_methods_symbols(

blint/android.py

@@ -7,27 +7,24 @@
 from blint.binary import parse, parse_dex
 from blint.cyclonedx.spec import (
     Component,
-    ComponentEvidence,
-    FieldModel,
-    Identity,
-    Method,
     Property,
     RefType,
     Scope,
-    Technique,
     Type,
 )
 from blint.logger import LOG
-from blint.utils import check_command, find_files, unzip_unsafe
+from blint.utils import check_command, create_component_evidence, find_files, unzip_unsafe
 
 ANDROID_HOME = os.getenv("ANDROID_HOME")
 APKANALYZER_CMD = os.getenv("APKANALYZER_CMD")
-if not APKANALYZER_CMD and ANDROID_HOME and (
+if (
+        not APKANALYZER_CMD
+        and ANDROID_HOME
+        and (
         os.path.exists(os.path.join(ANDROID_HOME, "cmdline-tools", "latest", "bin", "apkanalyzer"))
+)
 ):
-    APKANALYZER_CMD = os.path.join(
-        ANDROID_HOME, "cmdline-tools", "latest", "bin", "apkanalyzer"
-    )
+    APKANALYZER_CMD = os.path.join(ANDROID_HOME, "cmdline-tools", "latest", "bin", "apkanalyzer")
 elif check_command("apkanalyzer"):
     APKANALYZER_CMD = "apkanalyzer"
 
@@ -50,7 +47,8 @@ def exec_tool(args, cwd=None, stdout=subprocess.PIPE):
             env=os.environ.copy(),
             shell=sys.platform == "win32",
             encoding="utf-8",
-            check=False, )
+            check=False,
+        )
     except subprocess.SubprocessError as e:
         LOG.exception(e)
         return None
@@ -145,9 +143,7 @@ def collect_version_files_metadata(app_file, app_temp_dir):
         with open(vf, encoding="utf-8") as fp:
             version_data = fp.read().strip()
         if name and version_data:
-            component = create_version_component(
-                app_file, group, name, rel_path, version_data
-            )
+            component = create_version_component(app_file, group, name, rel_path, version_data)
             file_components.append(component)
     return file_components
 
@@ -177,14 +173,11 @@ def create_version_component(app_file, group, name, rel_path, version_data):
         version=version_data,
         purl=purl,
         scope=Scope.required,
-        evidence=ComponentEvidence(
-            identity=Identity(
-                field=FieldModel.purl, confidence=1, methods=[Method(
-                    technique=Technique.manifest_analysis, value=rel_path, confidence=1, )], )
-        ),
+        evidence=create_component_evidence(rel_path, 1.0),
         properties=[
             Property(name="internal:srcFile", value=rel_path),
-            Property(name="internal:appFile", value=app_file), ],
+            Property(name="internal:appFile", value=app_file),
+        ],
     )
     component.bom_ref = RefType(purl)
     return component
@@ -260,7 +253,8 @@ def parse_so_file(app_file, app_temp_dir, sof):
     # Retrieve the version number from notes
     version = get_so_version(so_metadata.get("notes", []))
     functions = [
-        f.get("name") for f in so_metadata.get("functions", [])
+        f.get("name")
+        for f in so_metadata.get("functions", [])
         if f.get("name") and not f.get("name").startswith("_")
     ]
     purl = f"pkg:generic/{name}@{version}"
@@ -273,19 +267,11 @@ def parse_so_file(app_file, app_temp_dir, sof):
         version=version,
         purl=purl,
         scope=Scope.required,
-        evidence=ComponentEvidence(
-            identity=Identity(
-                field=FieldModel.purl,
-                confidence=0.5,
-                methods=[
-                    Method(technique=Technique.binary_analysis, value=rel_path, confidence=0.5, )
-                ],
-            )
-        ),
+        evidence=create_component_evidence(str(rel_path), 0.5),
         properties=[
             Property(name="internal:srcFile", value=rel_path),
             Property(name="internal:appFile", value=app_file),
-            Property(name="internal:functions", value=", ".join(set(functions)), ),
+            Property(name="internal:functions", value=", ".join(set(functions))),
         ],
     )
     component.bom_ref = RefType(purl)
@@ -331,13 +317,11 @@ def collect_dex_files_metadata(app_file, parent_component, app_temp_dir):
         dex_metadata = parse_dex(adex)
         name = os.path.basename(adex).removesuffix(".dex")
         rel_path = os.path.relpath(adex, app_temp_dir)
-        group = (parent_component.group if parent_component and parent_component.group else "")
+        group = parent_component.group if parent_component and parent_component.group else ""
         version = (
-            parent_component.version if parent_component and parent_component.version else
-            "latest")
-        component = create_dex_component(
-            app_file, dex_metadata, group, name, rel_path, version
+            parent_component.version if parent_component and parent_component.version else "latest"
         )
+        component = create_dex_component(app_file, dex_metadata, group, name, rel_path, version)
         file_components.append(component)
     return file_components
 
@@ -365,19 +349,7 @@ def create_dex_component(app_file, dex_metadata, group, name, rel_path, version)
         version=version,
         purl=purl,
         scope=Scope.required,
-        evidence=ComponentEvidence(
-            identity=Identity(
-                field=FieldModel.purl,
-                confidence=0.2,
-                methods=[
-                    Method(
-                        technique=Technique.binary_analysis,
-                        value=rel_path,
-                        confidence=0.2,
-                    )
-                ],
-            )
-        ),
+        evidence=create_component_evidence(rel_path, 0.2),
         properties=[
             Property(name="internal:srcFile", value=rel_path),
             Property(name="internal:appFile", value=app_file),
@@ -393,11 +365,7 @@ def create_dex_component(app_file, dex_metadata, group, name, rel_path, version)
             Property(
                 name="internal:classes",
                 value=", ".join(
-                    set(
-                        sorted(
-                            [_clean_type(c.fullname) for c in dex_metadata.get("classes")]
-                        )
-                    )
+                    set(sorted([_clean_type(c.fullname) for c in dex_metadata.get("classes")]))
                 ),
             ),
         ],
@@ -430,9 +398,7 @@ def collect_files_metadata(app_file, parent_component, deep_mode):
     file_components += collect_version_files_metadata(app_file, app_temp_dir)
     file_components += collect_so_files_metadata(app_file, app_temp_dir)
     if deep_mode:
-        file_components += collect_dex_files_metadata(
-            app_file, parent_component, app_temp_dir
-        )
+        file_components += collect_dex_files_metadata(app_file, parent_component, app_temp_dir)
     shutil.rmtree(app_temp_dir, ignore_errors=True)
     return file_components
 
@@ -445,9 +411,7 @@ def parse_apk_summary(data):
         name = parts[0]
         version = parts[-1]
         purl = f"pkg:apk/{name}@{version}"
-        component = Component(
-            type=Type.application, name=name, version=version, purl=purl
-        )
+        component = Component(type=Type.application, name=name, version=version, purl=purl)
         component.bom_ref = RefType(purl)
         return component
     return None