bitvex 0.3.1

Automate CRA compliance: generate OpenVEX reports from Yocto SBOMs by filtering CVEs with kernel config and device tree analysis
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

//! Configuration parser for bitvex-watch.toml.

use std::path::PathBuf;

use anyhow::{Context, Result};
use serde::Deserialize;
use tracing::info;

/// Top-level watch configuration.
#[derive(Debug, Deserialize)]
pub struct WatchConfig {
    /// Debounce interval in seconds.
    pub debounce_secs: Option<u64>,
    /// Directory for generated reports.
    pub output_dir: Option<PathBuf>,
    /// Path to SQLite database.
    pub db_path: Option<PathBuf>,
    /// Projects to monitor.
    pub projects: Vec<ProjectConfig>,
}

/// Configuration for a single project.
#[derive(Debug, Deserialize, Clone)]
pub struct ProjectConfig {
    /// Human-readable project name.
    pub name: String,
    /// Path to the SBOM (SPDX JSON).
    pub sbom: PathBuf,
    /// Kernel/U-Boot config files.
    #[serde(default)]
    pub configs: Vec<ConfigEntry>,
    /// Device tree files.
    #[serde(default)]
    pub device_trees: Vec<DtsEntry>,
    /// Optional rules file.
    pub rules: Option<PathBuf>,
    /// Optional author override.
    pub author: Option<String>,
}

/// A config file entry (kernel or U-Boot).
#[derive(Debug, Deserialize, Clone)]
pub struct ConfigEntry {
    /// Config type: "kernel" or "uboot".
    #[serde(rename = "type")]
    pub config_type: String,
    /// Path to the config file.
    pub path: PathBuf,
}

/// A device tree entry.
#[derive(Debug, Deserialize, Clone)]
pub struct DtsEntry {
    /// Path to the .dts or .dtb file.
    pub path: PathBuf,
}

impl ProjectConfig {
    /// Collect all file paths that should be watched for this project.
    pub fn watched_paths(&self) -> Vec<PathBuf> {
        let mut paths = vec![self.sbom.clone()];
        for cfg in &self.configs {
            paths.push(cfg.path.clone());
        }
        for dts in &self.device_trees {
            paths.push(dts.path.clone());
        }
        if let Some(ref rules) = self.rules {
            paths.push(rules.clone());
        }
        paths
    }
}

/// Load watch configuration from a TOML file.
pub fn load_watch_config(path: &PathBuf) -> Result<WatchConfig> {
    let content = std::fs::read_to_string(path)
        .with_context(|| format!("Failed to read watch config: {}", path.display()))?;

    let config: WatchConfig = toml::from_str(&content)
        .with_context(|| format!("Failed to parse watch config: {}", path.display()))?;

    info!(
        "Loaded {} projects from {}",
        config.projects.len(),
        path.display()
    );

    for project in &config.projects {
        info!(
            "  Project '{}': {} configs, {} device trees",
            project.name,
            project.configs.len(),
            project.device_trees.len()
        );
    }

    Ok(config)
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::io::Write;

    #[test]
    fn test_parse_watch_config() {
        let mut file = tempfile::NamedTempFile::new().unwrap();
        writeln!(
            file,
            r#"
debounce_secs = 10
output_dir = "./reports"
db_path = "/tmp/test.db"

[[projects]]
name = "Test Project"
sbom = "build/spdx.json"

[[projects.configs]]
type = "kernel"
path = "build/.config"

[[projects.configs]]
type = "uboot"
path = "build/u-boot/.config"

[[projects.device_trees]]
path = "build/board.dts"

[[projects]]
name = "Second Project"
sbom = "build/spdx2.json"

[[projects.configs]]
type = "kernel"
path = "build/.config2"
"#
        )
        .unwrap();

        let config = load_watch_config(&file.path().to_path_buf()).unwrap();
        assert_eq!(config.debounce_secs, Some(10));
        assert_eq!(config.projects.len(), 2);
        assert_eq!(config.projects[0].name, "Test Project");
        assert_eq!(config.projects[0].configs.len(), 2);
        assert_eq!(config.projects[0].device_trees.len(), 1);
        assert_eq!(config.projects[1].name, "Second Project");
    }

    #[test]
    fn test_watched_paths() {
        let project = ProjectConfig {
            name: "test".into(),
            sbom: "sbom.json".into(),
            configs: vec![
                ConfigEntry {
                    config_type: "kernel".into(),
                    path: ".config".into(),
                },
                ConfigEntry {
                    config_type: "uboot".into(),
                    path: "uboot.config".into(),
                },
            ],
            device_trees: vec![DtsEntry {
                path: "board.dts".into(),
            }],
            rules: Some("bitvex.toml".into()),
            author: None,
        };

        let paths = project.watched_paths();
        assert_eq!(paths.len(), 5); // sbom + 2 configs + dts + rules
    }
}