Added support for paging for Project Inventory and Inventory summary

bumped version to v0.0.4

Author: zkarpinski

codeinsight_sdk/client.py

@@ -11,21 +11,27 @@ class CodeInsightClient:
     def __init__(self,
                  base_url: str,
                  api_token: str,
-                 page_size: int = 100
                  ):
         self.base_url = base_url
         self.api_url = f"{base_url}/codeinsight/api"
-        self.api_token = api_token
-        self.page_size = page_size
-        self.api_headers = {
+        self.__api_token = api_token
+        self.__api_headers = {
             'Content-Type': 'application/json',
-            "Authorization": "Bearer %s" % self.api_token,
+            "Authorization": "Bearer %s" % self.__api_token,
             "User-Agent": "codeinsight_sdk_python",
         }
 
     def request(self, method, url_part: str, params: dict = None):
         url = f"{self.api_url}/{url_part}"
-        response = requests.request(method, url, headers=self.api_headers, params=params)
+
+        # Iterate over params and remove any that are None (Empty)
+        if(params):
+            for k, v in list(params.items()):
+                if v is None:
+                    del params[k]
+
+        response = requests.request(method, url,
+                                     headers=self.__api_headers, params=params)
 
         if not response.ok:
             logger.error(f"Error: {response.status_code} - {response.reason}")

codeinsight_sdk/handlers.py

@@ -75,22 +75,47 @@ def get_id(self, project_name:str) -> int:
                 raise CodeInsightError(resp)
             return project_id
 
-    def get_inventory_summary(self, project_id:int) -> List[ProjectInventoryItem]:
+    def get_inventory_summary(self, project_id:int,
+                                  vulnerabilitySummary : bool = False,
+                                  cvssVersion: str = 'ANY',
+                                  published: str = 'ALL',
+                                  offset:int = 1,
+                                  limit:int = 25) -> List[ProjectInventoryItem]:
             """
             Retrieves the inventory summary for a specific project.
 
             Args:
                 project_id (int): The ID of the project.
+                vulnerabilitySummary (bool, optional): Flag to include vulnerability summary. Defaults to False.
+                cvssVersion (str, optional): The CVSS version to filter vulnerabilities. Defaults to 'ANY'.
+                published (str, optional): The publication status. Defaults to 'ALL'.
+                offset (int, optional): The offset for pagination. Defaults to 1.
+                limit (int, optional): The maximum number of items to return. Defaults to 25.
 
             Returns:
                 List[ProjectInventoryItem]: A list of ProjectInventoryItem objects representing the inventory summary.
             """
-            
             path = f"projects/{project_id}/inventorySummary"
-            resp = self.client.request("GET", url_part=path)
+            params = {"vulnerabilitySummary": vulnerabilitySummary,
+                    "cvssVersion": cvssVersion,
+                    "published": published,
+                    "offset": offset,
+                    "limit": limit         
+            }
+            resp = self.client.request("GET", url_part=path, params=params)
+            current_page = int(resp.headers['current-page'])
+            number_of_pages = int(resp.headers['number-of-pages'])
+            total_records = int(resp.headers['total-records'])
             inventory = []
             for inv_item in resp.json()['data']:
                 inventory.append(ProjectInventoryItem.from_dict(inv_item))
+            
+            # Iterate through all the pages
+            if number_of_pages > offset:
+                params.update({"offset": offset+1})
+                chunk = self.get_inventory_summary(project_id, **params)
+                # Only append the inventory records
+                inventory.extend(chunk)
             return inventory
 
     def get_inventory(self,project_id:int,
@@ -105,12 +130,27 @@ def get_inventory(self,project_id:int,
                       include_files: bool = True
                       ) -> ProjectInventory:
         path = f"project/inventory/{project_id}"
-        #TODO: Add support for all parameters
-        params = {"skipVulnerabilities": skip_vulnerabilities}
+        params = {"skipVulnerabilities": skip_vulnerabilities,
+                    "published": published,
+                    "vendor": vendor,
+                    "product": product,
+                    "page": page,
+                    "pageSize": page_size,
+                    "reviewStatus": review_status,
+                    "alerts": alerts,
+                    "includeFiles": include_files}
+
         resp = self.client.request("GET", url_part=path, params=params)
         project_inventory = resp.json()
-        project_cls = ProjectInventory.from_dict(project_inventory)
-        return project_cls
+        project = ProjectInventory.from_dict(project_inventory)
+
+        # Iterate through all the pages
+        if int(resp.headers['number-of-pages']) > page:
+            chunk = self.get_inventory(project_id, page=page+1)
+            # Only append the inventory records
+            project.inventoryItems.extend(chunk.inventoryItems)
+
+        return project
 
 
 class ReportHandler(Handler):

codeinsight_sdk/models.py

@@ -36,6 +36,8 @@ class ProjectInventoryItem(DataClassJsonMixin):
     createdOn: str
     updatedOn: str
     url: Optional[str] = None
+    componentUrl: Optional[str] = None
+    componentDescription: Optional[str] = None
     vulnerabilites: Optional[List[Vulnerability]] = None
     vulnerabilitySummary: Optional[Dict[str, Dict]] = None
     filePaths: Optional[List[str]] = None

pyproject.toml

@@ -1,12 +1,15 @@
 [tool.poetry]
 name = "codeinsight_sdk"
-version = "0.0.3"
+version = "0.0.4"
 description = "A Python client for the Revenera Code Insight"
 authors = ["Zachary Karpinski <1206496+zkarpinski@users.noreply.github.com>"]
 readme = "README.md"
 license = "Apache-2.0"
 repository = "https://github.com/zkarpinski/codeinsight-sdk-python"
 keywords = ["revenera", "api", "flexera", "code insight","sdk"]
+include = [
+    { path = "tests", format = "sdist" }
+]
 
 [tool.poetry.dependencies]
 python = "^3.9"

tests/handlers/__init__.py

@@ -26,8 +26,12 @@ def test_endpoint_not_found(self, client):
             m.get(f"{TEST_URL}/codeinsight/api/projects", status_code=404)
             with pytest.raises(Exception):
                 client.projects.all()
-    
-    
+
+class TestProjectEndpoints:
+    @pytest.fixture
+    def client(self):
+        return CodeInsightClient(TEST_URL, TEST_API_TOKEN)
+   
     def test_get_all_projects(self, client):
         with requests_mock.Mocker() as m:
             m.get(f"{TEST_URL}/codeinsight/api/projects", text='{"data": [{"id":1, "name":"Test"}, {"id":2, "name":"Test 2"}]}')
@@ -46,9 +50,9 @@ def test_get_project_id_invalid(self,client):
         fake_response_json = """{ "Arguments: " : ["",""],
             "Key: ": " InvalidProjectNameParm",
             "Error: ": "The project name entered was not found" }
-"""
+        """
         with requests_mock.Mocker() as m:
-                # Note, the key names end with a colon and space '...: ' 
+            # Note, the key names end with a colon and space '...: ' 
             m.get(f"{TEST_URL}/codeinsight/api/project/id", text=fake_response_json, status_code=400)
             with pytest.raises(CodeInsightError):
                 client.projects.get_id(project_name)
@@ -91,24 +95,37 @@ def test_get_project(self,client):
         assert project.vulnerabilities["CvssV2"]["High"] == 2
         assert project.vulnerabilities["CvssV2"]["Unknown"] == 4
 
-    def test_get_project_inventory(self,client):
+    def test_get_project_inventory_multipage(self,client):
         project_id = 1
+        total_pages = 4
+        total_records = total_pages * 2
+        response_header = {"content-type": "application/json"}
+        response_header["current-page"] = "1"
+        response_header["number-of-pages"] = str(total_pages)
+        response_header["total-records"] = str(total_records)
+
         fake_response_json = """
-{ "projectId": 1, "inventoryItems": [
-    {"itemNumber":1, "id":1234, "name":"Example component","type":"component","priority":"low","createdBy":"Zach","createdOn":"Today","updatedOn":"Tomorrow","componentName":"snakeyaml","componentVersionName":"2.0"},
-    {"itemNumber":2, "id":1235, "name":"Example component 2","type":"component","priority":"low","createdBy":"Zach","createdOn":"Today","updatedOn":"Tomorrow","componentName":"snakeyaml","componentVersionName":"2.0"}
-    ]}
-"""
+        { "projectId": 1, "inventoryItems": [
+            {"itemNumber":1, "id":1234, "name":"Example component","type":"component","priority":"low","createdBy":"Zach","createdOn":"Today","updatedOn":"Tomorrow","componentName":"snakeyaml","componentVersionName":"2.0"},
+            {"itemNumber":2, "id":1235, "name":"Example component 2","type":"component","priority":"low","createdBy":"Zach","createdOn":"Today","updatedOn":"Tomorrow","componentName":"snakeyaml","componentVersionName":"2.0"}
+            ]}
+        """
         with requests_mock.Mocker() as m:
             m.get(f"{TEST_URL}/codeinsight/api/project/inventory/{project_id}",
-                text=fake_response_json)
-            projectInventory = client.projects.get_inventory(project_id)
-        assert projectInventory.projectId == project_id
-        assert len(projectInventory.inventoryItems) >= 2
+                text=fake_response_json, headers=response_header)
+            project_inventory = client.projects.get_inventory(project_id)
+        assert project_inventory.projectId == project_id
+        assert len(project_inventory.inventoryItems) == total_records
 
     #### FIX THIS! ####
     def test_get_project_inventory_summary(self,client):
         project_id = 1
+        total_pages = 4
+        total_records = total_pages * 2
+        response_header = {"content-type": "application/json"}
+        response_header["current-page"] = "1"
+        response_header["number-of-pages"] = str(total_pages)
+        response_header["total-records"] = str(total_records)
         fake_response_json = """ { "data": [
             {
                 "itemNumber": 1,
@@ -140,12 +157,17 @@ def test_get_project_inventory_summary(self,client):
         """
         with requests_mock.Mocker() as m:
             m.get(f"{TEST_URL}/codeinsight/api/projects/{project_id}/inventorySummary",
-                text=fake_response_json)
+                text=fake_response_json, headers=response_header)
             project_inventory_summary = client.projects.get_inventory_summary(project_id)
 
-        assert len(project_inventory_summary) == 2
+        assert len(project_inventory_summary) == 8
         assert project_inventory_summary[1].id == 12346
 
+class TestReportsEndpoints:
+    @pytest.fixture
+    def client(self):
+        return CodeInsightClient(TEST_URL, TEST_API_TOKEN)
+    
     def test_get_reports_all(self,client):
         fake_response_json = """ { "data": [
             {
@@ -203,5 +225,4 @@ def test_get_report(self,client):
                 text=fake_response_json)
             report = client.reports.get(1)
         assert report.id == 1
-        assert report.enabled == True
-
+        assert report.enabled == True