From b2db5b35adf4165c4f33014c2c8bb93fee6e3f42 Mon Sep 17 00:00:00 2001
From: Wolfgang Hottgenroth <wolfgang.hottgenroth@icloud.com>
Date: Tue, 15 Jul 2025 14:33:07 +0200
Subject: [PATCH] prepare second dockerfile

---
 .gitlab-ci.yml               | 40 ++++++------------------------------
 Dockerfile => Dockerfile.cli |  0
 src/sbom_dt_dd_api.py        | 25 +++++++++++++++++++---
 3 files changed, 28 insertions(+), 37 deletions(-)
 rename Dockerfile => Dockerfile.cli (100%)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 03b427b..030b935 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -68,7 +68,7 @@ generate-defectdojo-api:
         -o defectdojo-client \
         --package-name defectdojo_api 
 
-dockerize:
+.dockerize:
   stage: build
   image: devnexus.krohne.com:18079/repository/docker-krohne/krohnedockerbash:0.5
   tags:
@@ -83,44 +83,16 @@ dockerize:
                    --tag $IMAGE_NAME:latest 
                    --tag $IMAGE_NAME:$CI_COMMIT_SHA
                    --tag $IMAGE_NAME:$CI_COMMIT_TAG
+                   -f $DOCKERFILE 
                    .
     - docker login -u $NEXUS_USER -p $NEXUS_PASSWORD $REGISTRY
     - docker push $IMAGE_NAME:latest
     - docker push $IMAGE_NAME:$CI_COMMIT_SHA
     - docker push $IMAGE_NAME:$CI_COMMIT_TAG
 
-build-windows-binary:
-  stage: build
-  tags:
-    - windows
-    - pwsh
-    - python3.13
-  rules:
-    - if: '$CI_COMMIT_TAG'
-  artifacts:
-    paths:
-      - sbom-dt-dd.exe
-  script:
-    - |
-      cd src
-      mv ..\dependencytrack-client .
-      mv ..\defectdojo-client .
-      & 'C:\Program Files\Python313\python.exe' -m venv venv
-      .\venv\Scripts\pip.exe install --upgrade pip
-      .\venv\Scripts\pip.exe install -r requirements.txt
-      .\venv\Scripts\pip.exe install -r dependencytrack-client\requirements.txt
-      .\venv\Scripts\pip.exe install -r defectdojo-client\requirements.txt
-      .\venv\Scripts\pip.exe install pyinstaller
-      .\venv\Scripts\pyinstaller.exe --onefile `
-        --add-data "dependencytrack-client;dependencytrack-client" `
-        --add-data "defectdojo-client;defectdojo-client" `
-        --hidden-import pydantic `
-        --hidden-import dateutil.parser `
-        --hidden-import urllib3 `
-        --hidden-import regex `
-        --collect-data cyclonedx `
-        --collect-data license_experssion `
-        sbom-dt-dd.py
-      mv dist\sbom-dt-dd.exe ..
+dockerize-cli:
+  extends: .dockerize
+  variables:
+    DOCKERFILE: dockerize-cli
 
 
diff --git a/Dockerfile b/Dockerfile.cli
similarity index 100%
rename from Dockerfile
rename to Dockerfile.cli
diff --git a/src/sbom_dt_dd_api.py b/src/sbom_dt_dd_api.py
index 6ff12e4..4175908 100644
--- a/src/sbom_dt_dd_api.py
+++ b/src/sbom_dt_dd_api.py
@@ -1,4 +1,6 @@
 import os
+import json
+import yaml
 from loguru import logger
 from fastapi import FastAPI, UploadFile, File, Form, HTTPException
 from fastapi.responses import JSONResponse
@@ -56,17 +58,24 @@ async def uploadMinimalSBOM(
     """
     Endpoint to upload a minimal SBOM definition
     """
-    sbom = await file.read()
-
     try:
+        sbom = await file.read()
+
         logger.info("Start converting from minimal format into cyclonedx")
         (sbom, projectName, projectVersion, projectClassifier, projectDescription) = minimalSbomFormatConverter(sbom)
         logger.info("Converted")
     
         loadToDTrackAndDefectDojo(app.state.config, projectName, projectVersion, projectClassifier, projectDescription, 1, sbom, reimport)
         logger.info("Done.")
+    except yaml.scanner.ScannerError as e:
+        logger.warning(f"uploadMinimalSBOM, yaml ScannerError: {e.context=}, {e.context_mark=}, {e.problem=}, {e.problem_mark=}, {e.note=}")
+        raise HTTPException(status_code=400, detail=f"yaml ScannerError: {e.context=}, {e.context_mark=}, {e.problem=}, {e.problem_mark=}, {e.note=}")
     except ApiException as e:
+        logger.warning(f"uploadMinimalSBOM, ApiException: {e.status=}, {e.reason=}, {e.body=}")
         raise HTTPException(status_code=e.status, detail=f"{e.reason=}, {e.body=}, {e.data=}")
+    except Exception as e:
+        logger.warning(f"uploadMinimalSBOM, Exception: {type(e)=}, {str(e)=}, {e.msg=}")
+        raise HTTPException(status_code=500, detail=f"Exception: {type(e)=}, {str(e)=}, {e.msg=}")
 
     return JSONResponse(content={
         "message": "Upload successful!"
@@ -87,10 +96,20 @@ async def uploadSBOM(
     sbom = await file.read()
 
     try:
-        loadToDTrackAndDefectDojo(app.state.config, projectName, projectVersion, projectClassifier, projectDescription, 1, sbom, reimport)
+        sbomJson = json.loads(sbom)
+        sbom = json.dumps(sbomJson)
+
+        loadToDTrackAndDefectDojo(app.state.config, projectName, projectVersion, projectClassifier, projectDescription, 1, str(sbom), reimport)
         logger.info("Done.")
+    except json.decoder.JSONDecodeError as e:
+        logger.warning(f"uploadSBOM, JSONDecodeError: {e.msg=}")
+        raise HTTPException(status_code=400, detail=f"JSON decoding error: {e.msg=}, {e.doc=}, {e.pos=}, {e.lineno=}, {e.colno=}")
     except ApiException as e:
+        logger.warning(f"uploadSBOM, ApiException: {e.status=}, {e.reason=}, {e.body=}")
         raise HTTPException(status_code=e.status, detail=f"{e.reason=}, {e.body=}, {e.data=}")
+    except Exception as e:
+        logger.warning(f"uploadSBOM, Exception: {type(e)=}, {str(e)=}, {e.msg=}")
+        raise HTTPException(status_code=500, detail=f"Exception: {type(e)=}, {str(e)=}, {e.msg=}")
 
     return JSONResponse(content={
         "message": "Upload successful!"