wasmshield_cli/commands/
sbom.rs

1use std::path::Path;
2use rustsec::Report;
3
4use anyhow::{bail, Result};
5
6
7/// Audit a component from a given path (will extract each component of a composition)
8pub fn audit(path: &Path) -> Result<Vec<(String, Report)>> {
9    let file_contents = match std::fs::read(path) {
10        Ok(contents) => { contents },
11        Err(_) => {
12            bail!("Couldn't read file contents")
13        }
14    };
15
16    let components = wasmshield::decompose::decompose(&file_contents);
17    let mut reports = Vec::new();
18    // Given the way decomposition is implemented, the first component in the list is always the entire
19    // component. This is useful for checking signatures but in this case, we don't want to show the
20    // same dependency report twice. We can therefore always skip the first component as it
21    // is the same dependency info as the second component.
22    let skip = 0;
23    let mut counter = 0;
24    for component in components {
25        let name = if counter == 0 {"composition".to_string()} else {wasmshield::decompose::get_name(&component)};
26        // Skip the skipth component in the component list to avoid redundant reports
27        if skip != counter {
28            match wasmshield::sbom::sbom_audit(&component, true, None) {
29                Ok(report) => {
30                    reports.push((name, report));
31                },
32                Err(err) => {
33                    bail!("Something went wrong during the verification of one of the components: {}", err)
34                }
35            }
36        }
37        counter += 1;
38    }
39    Ok(reports)
40}
41
wasmshield_cli/commands/sbom.rs

wasmshield_cli/commands/
sbom.rs
