Apply to v5.0 and also to generate-all for 4.0 #1
Conversation
![sonatype-lift[bot]](https://avatars.githubusercontent.com/in/9843?s=60&v=4){kind=small}
| Converts the ASVS JSON into CycloneDX Standards format | ||
| Copyright (c) 2023 OWASP Foundation | ||
|
|
||
| Permission is hereby granted, free of charge, to any person obtaining a copy |
There was a problem hiding this comment.
E501: line too long (80 > 79 characters)
❗❗ 41 similar findings have been found in this PR
🔎 Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| 5.0/tools/cyclonedx.py | 9 |
| 5.0/tools/cyclonedx.py | 10 |
| 5.0/tools/cyclonedx.py | 15 |
| 5.0/tools/cyclonedx.py | 22 |
| 5.0/tools/cyclonedx.py | 23 |
| 5.0/tools/cyclonedx.py | 45 |
| 5.0/tools/cyclonedx.py | 50 |
| 5.0/tools/cyclonedx.py | 66 |
| 5.0/tools/cyclonedx.py | 78 |
| 5.0/tools/cyclonedx.py | 81 |
Showing 10 of 41 findings. Visit the Lift Web Console to see all.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| ''' | ||
|
|
||
| import json | ||
| from dicttoxml2 import dicttoxml |
There was a problem hiding this comment.
F401: 'dicttoxml2.dicttoxml' imported but unused
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| try: | ||
| from StringIO import StringIO | ||
| except ImportError: | ||
| from io import StringIO |
There was a problem hiding this comment.
F401: 'io.StringIO' imported but unused
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| bom['metadata']['licenses'][0]['license']['url'] = "https://creativecommons.org/licenses/by-sa/4.0/legalcode.txt" | ||
| bom['metadata']['supplier'] = {} | ||
| bom['metadata']['supplier']['name'] = "OWASP Foundation" | ||
| bom['metadata']['supplier']['url'] = [ "https://owasp.org" ] |
There was a problem hiding this comment.
E201: whitespace after '['
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| bom['metadata']['licenses'][0]['license']['url'] = "https://creativecommons.org/licenses/by-sa/4.0/legalcode.txt" | ||
| bom['metadata']['supplier'] = {} | ||
| bom['metadata']['supplier']['name'] = "OWASP Foundation" | ||
| bom['metadata']['supplier']['url'] = [ "https://owasp.org" ] |
There was a problem hiding this comment.
E202: whitespace before ']'
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
|
|
||
| def to_json(self): | ||
| ''' Returns a JSON-formatted string ''' | ||
| return json.dumps(self.bom, indent = 2, sort_keys = False, ensure_ascii=False).strip() |
There was a problem hiding this comment.
E251: unexpected spaces around keyword / parameter equals
❗❗ 3 similar findings have been found in this PR
🔎 Expand here to view all instances of this finding
| File Path | Line Number |
|---|---|
| 5.0/tools/cyclonedx.py | 142 |
| 5.0/tools/cyclonedx.py | 142 |
| 5.0/tools/cyclonedx.py | 142 |
Visit the Lift Web Console to find more details in your report.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| ''' | ||
|
|
||
| import json | ||
| from dicttoxml2 import dicttoxml |
There was a problem hiding this comment.
reportMissingImports: Import "dicttoxml2" could not be resolved
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| import datetime | ||
| import uuid | ||
| try: | ||
| from StringIO import StringIO |
There was a problem hiding this comment.
reportMissingImports: Import "StringIO" could not be resolved
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| @@ -30,9 +30,10 @@ | |||
|
|
|||
| import argparse | |||
| from asvs import ASVS | |||
| from cyclonedx import CycloneDX | |||
There was a problem hiding this comment.
reportGeneralTypeIssues: "CycloneDX" is unknown import symbol
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
| @@ -17,6 +17,7 @@ for lang in ${LANGS}; do | |||
| verslong="./docs_$lang/OWASP Application Security Verification Standard $vers-$lang" | |||
|
|
|||
| python3 tools/export.py --format json --language $lang > "$verslong.json" | |||
| python3 tools/export.py --format cdx_json --language $lang > "$verslong.cdx.json" | |||
There was a problem hiding this comment.
SC2086: Double quote to prevent globbing and word splitting.
ℹ️ Expand to see all @sonatype-lift commands
You can reply with the following commands. For example, reply with @sonatype-lift ignoreall to leave out all findings.
| Command | Usage |
|---|---|
@sonatype-lift ignore |
Leave out the above finding from this PR |
@sonatype-lift ignoreall |
Leave out all the existing findings from this PR |
@sonatype-lift exclude <file|issue|path|tool> |
Exclude specified file|issue|path|tool from Lift findings by updating your config.toml file |
Note: When talking to LiftBot, you need to refresh the page to see its response.
Click here to add LiftBot to another repo.
|
Your bot has gone a little mad but I made some minor changes to your PR @stevespringett |
|
Fantastic. Thank you. |
No description provided.