我正在编写一个 python 函数,通过 API 将 SBOM 报告发送到 Dependency-Track。
使用curl手动发送SBOM成功:
curl -X "POST" "https://dtrack.example.com/api/v1/bom" \
-H 'accept: application/json' \
-H 'Content-Type: multipart/form-data' \
-H "X-Api-Key: my_token" \
-F "project=e81e5ed3-66f3-490d-8296-3b69618bad60" \
-F "projectVersion=3.18.4" \
-F "[email protected]"
将此查询重写为Python函数:
def upload_bom(file_path, project_uuid, project_version):
url = "https://dtrack.example.com/api/v1/bom"
headers = {
"Accept": "application/json",
"X-Api-Key": "my_token",
'Content-Type': 'multipart/form-data'
}
data = {
"project": project_uuid,
"projectVersion": project_version
}
file_name = Path(file_path).name
with open(file_path, "rb") as bom_file:
data['bom'] = (file_name, bom_file)
response = requests.post(url, headers=headers, data=data)
return [response.status_code, response.content]
使用类似参数调用此函数时,出现错误:
500 'Uncaught internal server error'
Dependency-Track 日志中也没有信息,这可能会有所帮助。
我尝试不在数据中传递 SBOM 文件,而是单独传递。
但没有成功。
data = {
"project": project_uuid,
"projectVersion": project_version
}
with open(file_path, 'rb') as bom_file:
files = {'bom': bom_file}
不幸的是我找不到这个问题与什么相关,也许有人已经遇到过并且知道解决方案?
您是否尝试过使用 json 库转换数据?
import json
data = json.dumps({"project": project_uuid, "projectVersion": project_version})
此外,也许可以以列表而不是集合的形式发送文件:
file_name = Path(file_path).name
with open(file_path, "rb") as bom_file:
data['bom'] = [file_name, bom_file] #changed this to a list
您需要将元数据与您尝试发布的实际文件分开。尝试在您的代码中进行以下更新:
data = {
"project": project_uuid,
"projectVersion": project_version
}
files = {'bom': open(file_path, 'rb')}
response = requests.post(url, headers=headers, data=data, files=files)