feat: convert SBOM into scan results

snyk-tim · snyk-tim · commit fc9321eaf4d2 · 2025-03-11T10:25:58.000Z
diff --git a/internal/snykclient/errors.go b/internal/snykclient/errors.go
@@ -0,0 +1,7 @@
+package snykclient
+
+import "fmt"
+
+func newStatusCodeError(statusCode int) error {
+	return fmt.Errorf("unexpected status code: %d", statusCode)
+}
diff --git a/internal/snykclient/monitordeps.go b/internal/snykclient/monitordeps.go
@@ -52,7 +52,7 @@ func (t *SnykClient) MonitorDeps(
 	defer resp.Body.Close()
 
 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		return nil, fmt.Errorf("unexpected status code: %d", resp.StatusCode)
+		return nil, newStatusCodeError(resp.StatusCode)
 	}
 
 	bodyBytes, err := io.ReadAll(resp.Body)
diff --git a/internal/snykclient/sbomconvert.go b/internal/snykclient/sbomconvert.go
@@ -0,0 +1,79 @@
+package snykclient
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"path"
+
+	"github.com/snyk/cli-extension-sbom/internal/errors"
+)
+
+const (
+	sbomConvertAPIVersion = "2025-03-06~beta"
+	MIMETypeOctetStream   = "application/octet-stream"
+)
+
+func (t *SnykClient) SBOMConvert(
+	ctx context.Context,
+	errFactory *errors.ErrorFactory,
+	sbom io.Reader,
+) ([]ScanResult, error) {
+	u, err := buildAPIURL(t.apiBaseURL, sbomConvertAPIVersion, t.orgID)
+	if err != nil {
+		return nil, fmt.Errorf("sbom convert api url invalid: %w", err)
+	}
+
+	req, err := http.NewRequestWithContext(
+		ctx,
+		http.MethodPost,
+		u,
+		sbom,
+	)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create request: %w", err)
+	}
+
+	req.Header.Set(ContentTypeHeader, MIMETypeOctetStream)
+
+	resp, err := t.client.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("failed to send request: %w", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
+		return nil, newStatusCodeError(resp.StatusCode)
+	}
+
+	bodyBytes, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read response: %w", err)
+	}
+
+	var convertResp SBOMConvertResponse
+	err = json.Unmarshal(bodyBytes, &convertResp)
+	if err != nil {
+		return nil, fmt.Errorf("failed to unmarshal JSON response: %w", err)
+	}
+
+	return convertResp.ScanResults, nil
+}
+
+func buildAPIURL(apiBaseURL, apiVersion, orgID string) (string, error) {
+	base, err := url.Parse(apiBaseURL)
+	if err != nil {
+		return "", err
+	}
+
+	base.Path = path.Join(base.Path, "hidden/orgs", orgID, "sboms/convert")
+
+	query := url.Values{}
+	query.Set("version", apiVersion)
+	base.RawQuery = query.Encode()
+
+	return base.String(), nil
+}
diff --git a/internal/snykclient/sbomconvert_test.go b/internal/snykclient/sbomconvert_test.go
@@ -0,0 +1,112 @@
+package snykclient_test
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/snyk/cli-extension-sbom/internal/mocks"
+	"github.com/snyk/cli-extension-sbom/internal/snykclient"
+)
+
+func Test_SBOMConvert(t *testing.T) {
+	response := mocks.NewMockResponse(
+		"application/json; charset=utf-8",
+		[]byte(`{"scanResults":[{"name":"Scan 1"},{"name":"Scan 2"}]}`),
+		http.StatusOK,
+	)
+
+	sbomContent := `{"foo":"bar"}`
+
+	mockHTTPClient := mocks.NewMockSBOMService(response, func(r *http.Request) {
+		assert.Equal(t, http.MethodPost, r.Method)
+		assert.Equal(t, "/hidden/orgs/org1/sboms/convert?version=2025-03-06~beta", r.RequestURI)
+		assert.Equal(t, "application/octet-stream", r.Header.Get("Content-Type"))
+	})
+
+	client := snykclient.NewSnykClient(mockHTTPClient.Client(), mockHTTPClient.URL, "org1")
+	depsResp, err := client.SBOMConvert(
+		context.Background(),
+		errFactory,
+		bytes.NewBuffer([]byte(sbomContent)),
+	)
+
+	assert.NoError(t, err)
+	assert.Equal(t, 2, len(depsResp))
+	assert.Equal(t, "Scan 1", depsResp[0].Name)
+	assert.Equal(t, "Scan 2", depsResp[1].Name)
+}
+
+func Test_SBOMConvert_InvalidJSONReturned(t *testing.T) {
+	response := mocks.NewMockResponse(
+		"application/json; charset=utf-8",
+		[]byte(`{"scanResults":[{"name":"Scan 1"`),
+		http.StatusOK,
+	)
+
+	sbomContent := `{"foo":"bar"}`
+
+	mockHTTPClient := mocks.NewMockSBOMService(response)
+
+	client := snykclient.NewSnykClient(mockHTTPClient.Client(), mockHTTPClient.URL, "org1")
+	_, err := client.SBOMConvert(
+		context.Background(),
+		errFactory,
+		bytes.NewBuffer([]byte(sbomContent)),
+	)
+
+	assert.ErrorContains(t, err, "failed to unmarshal JSON response")
+}
+
+func Test_SBOMConvert_ServerErrors(t *testing.T) {
+	testCases := []struct {
+		name         string
+		statusCode   int
+		responseBody string
+	}{
+		{
+			name:         "Forbidden (403) - Feature not available",
+			statusCode:   http.StatusForbidden,
+			responseBody: `{"message":"This functionality is not available on your plan."}`,
+		},
+		{
+			name:         "Bad Request (400) - Malformed Request",
+			statusCode:   http.StatusBadRequest,
+			responseBody: "",
+		},
+		{
+			name:         "Internal Server Error (500) - Server Issue",
+			statusCode:   http.StatusInternalServerError,
+			responseBody: `{"message":"Internal server error."}`,
+		},
+	}
+
+	sbomContent := `{"foo":"bar"}`
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			response := mocks.NewMockResponse(
+				"application/json; charset=utf-8",
+				[]byte(tc.responseBody),
+				tc.statusCode,
+			)
+
+			mockHTTPClient := mocks.NewMockSBOMService(response)
+
+			client := snykclient.NewSnykClient(mockHTTPClient.Client(), mockHTTPClient.URL, "org1")
+			_, err := client.SBOMConvert(context.Background(), errFactory, bytes.NewBufferString(sbomContent))
+
+			assert.ErrorContainsf(
+				t,
+				err,
+				fmt.Sprintf("%d", tc.statusCode),
+				"Expected error to contain status code %d",
+				tc.statusCode,
+			)
+		})
+	}
+}
diff --git a/internal/snykclient/sbomtest.go b/internal/snykclient/sbomtest.go
@@ -120,7 +120,7 @@ func (t *SBOMTest) GetStatus(ctx context.Context, errFactory *errors.ErrorFactor
 	}
 
 	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		return SBOMTestStatusIndeterminate, fmt.Errorf("unexpected status code: %d", resp.StatusCode)
+		return SBOMTestStatusIndeterminate, newStatusCodeError(resp.StatusCode)
 	}
 
 	var statusDoc SBOMTestStatusResourceDocument
diff --git a/internal/snykclient/types.go b/internal/snykclient/types.go
@@ -376,6 +376,10 @@ type ScanResultRequest struct {
 	ScanResult ScanResult `json:"scanResult"`
 }
 
+type SBOMConvertResponse struct {
+	ScanResults []ScanResult `json:"scanResults"`
+}
+
 type MonitorDepsResponse struct {
 	OK             bool        `json:"ok"`
 	Org            string      `json:"org"`

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ func (t *SnykClient) MonitorDeps(`
`52`	`52`	`defer resp.Body.Close()`
`53`	`53`
`54`	`54`	`if resp.StatusCode < 200 \|\| resp.StatusCode >= 300 {`
`55`		`- return nil, fmt.Errorf("unexpected status code: %d", resp.StatusCode)`
	`55`	`+ return nil, newStatusCodeError(resp.StatusCode)`
`56`	`56`	`}`
`57`	`57`
`58`	`58`	`bodyBytes, err := io.ReadAll(resp.Body)`
Original file line number	Diff line number	Diff line change
`@@ -120,7 +120,7 @@ func (t SBOMTest) GetStatus(ctx context.Context, errFactory errors.ErrorFactor`
`120`	`120`	`}`
`121`	`121`
`122`	`122`	`if resp.StatusCode < 200 \|\| resp.StatusCode >= 300 {`
`123`		`- return SBOMTestStatusIndeterminate, fmt.Errorf("unexpected status code: %d", resp.StatusCode)`
	`123`	`+ return SBOMTestStatusIndeterminate, newStatusCodeError(resp.StatusCode)`
`124`	`124`	`}`
`125`	`125`
`126`	`126`	`var statusDoc SBOMTestStatusResourceDocument`