Return error response in submitBom

marob · marob · commit f4cd7b92c586 · 2024-05-30T15:03:13.000+02:00
When an error occurs, there is no possibility for the calling code to know the details.

In my case, I'd like to be able to log error response body, in particular to be able to know which validation is KO when uploading a SBOM to DependencyTrack (that recently enabled JsonSchema validation on upload).

Signed-off-by: Maxime Robert &lt;robert.maxime@gmail.com&gt;
Signed-off-by: Maxime Robert &lt;maxime.robert@smile.fr&gt;
diff --git a/bin/cdxgen.js b/bin/cdxgen.js
@@ -676,7 +676,9 @@ const checkPermissions = (filePath) => {
   if (options.serverUrl && options.serverUrl != true && options.apiKey) {
     try {
       const dbody = await submitBom(options, bomNSData.bomJson);
-      console.log("Response from server", dbody);
+      if (!dbody?.body?.errors) {
+        console.log("Response from server", dbody);
+      }
     } catch (err) {
       console.log(err);
     }
diff --git a/index.js b/index.js
@@ -6194,6 +6194,7 @@ export async function createBom(path, options) {
  *
  * @param {Object} args CLI args
  * @param {Object} bomContents BOM Json
+ * @return {Promise<{ token: string } | { body: { errors: string[] } } | undefined>} a promise with a token (if request was successful), a body with errors (if request failed) or undefined (in case of invalid arguments)
  */
 export async function submitBom(args, bomContents) {
   const serverUrl = `${args.serverUrl.replace(/\/$/, "")}/api/v1/bom`;
@@ -6277,11 +6278,11 @@ export async function submitBom(args, bomContents) {
         console.log(
           "Unable to submit the SBOM to the Dependency-Track server using POST method",
         );
-        console.log(error);
       }
     } else {
       console.log("Unable to submit the SBOM to the Dependency-Track server");
-      console.log(error);
     }
+    console.log(error.response?.body);
+    return error.response;
   }
 }
diff --git a/server.js b/server.js
@@ -131,10 +131,12 @@ const start = (options) => {
     if (!filePath) {
       res.writeHead(500, { "Content-Type": "application/json" });
       return res.end(
-        "{'error': 'true', 'message': 'path or url is required.'}\n",
+        JSON.stringify({
+          error: true,
+          message: "path or url is required.",
+        }),
       );
     }
-    res.writeHead(200, { "Content-Type": "application/json" });
     let srcDir = filePath;
     if (filePath.startsWith("http") || filePath.startsWith("git")) {
       srcDir = gitClone(filePath, reqOptions.gitBranch);
@@ -145,6 +147,22 @@ const start = (options) => {
     if (reqOptions.requiredOnly || reqOptions["filter"] || reqOptions["only"]) {
       bomNSData = postProcess(bomNSData, reqOptions);
     }
+    if (reqOptions.serverUrl && reqOptions.apiKey) {
+      console.log("Publishing SBOM to Dependency Track");
+      const response = await submitBom(reqOptions, bomNSData.bomJson);
+      const errorMessages = response?.body?.errors;
+      if (errorMessages) {
+        res.writeHead(500, { "Content-Type": "application/json" });
+        return res.end(
+          JSON.stringify({
+            error: true,
+            message: "Unable to submit the SBOM to the Dependency-Track server",
+            detail: errorMessages,
+          }),
+        );
+      }
+    }
+    res.writeHead(200, { "Content-Type": "application/json" });
     if (bomNSData.bomJson) {
       if (
         typeof bomNSData.bomJson === "string" ||
@@ -155,10 +173,6 @@ const start = (options) => {
         res.write(JSON.stringify(bomNSData.bomJson, null, null));
       }
     }
-    if (reqOptions.serverUrl && reqOptions.apiKey) {
-      console.log("Publishing SBOM to Dependency Track");
-      submitBom(reqOptions, bomNSData.bomJson);
-    }
     res.end("\n");
     if (cleanup && srcDir && srcDir.startsWith(os.tmpdir()) && fs.rmSync) {
       console.log(`Cleaning up ${srcDir}`);
diff --git a/types/index.d.ts b/types/index.d.ts
@@ -260,6 +260,13 @@ export function createBom(path: string, options: any): any;
  *
  * @param {Object} args CLI args
  * @param {Object} bomContents BOM Json
+ * @return {Promise<{ token: string } | { body: { errors: string[] } } | undefined>} a promise with a token (if request was successful), a body with errors (if request failed) or undefined (in case of invalid arguments)
  */
-export function submitBom(args: any, bomContents: any): Promise<any>;
+export function submitBom(args: any, bomContents: any): Promise<{
+    token: string;
+} | {
+    body: {
+        errors: string[];
+    };
+} | undefined>;
 //# sourceMappingURL=index.d.ts.map
diff --git a/types/index.d.ts.map b/types/index.d.ts.map
diff --git a/types/server.d.ts.map b/types/server.d.ts.map

Original file line number	Diff line number	Diff line change
`@@ -6194,6 +6194,7 @@ export async function createBom(path, options) {`
`6194`	`6194`	`*`
`6195`	`6195`	`* @param {Object} args CLI args`
`6196`	`6196`	`* @param {Object} bomContents BOM Json`
	`6197`	`+ * @return {Promise<{ token: string } \| { body: { errors: string[] } } \| undefined>} a promise with a token (if request was successful), a body with errors (if request failed) or undefined (in case of invalid arguments)`
`6197`	`6198`	`*/`
`6198`	`6199`	`export async function submitBom(args, bomContents) {`
`6199`	`6200`	const serverUrl = `${args.serverUrl.replace(/\/$/, "")}/api/v1/bom`;
`@@ -6277,11 +6278,11 @@ export async function submitBom(args, bomContents) {`
`6277`	`6278`	`console.log(`
`6278`	`6279`	`"Unable to submit the SBOM to the Dependency-Track server using POST method",`
`6279`	`6280`	`);`
`6280`		`- console.log(error);`
`6281`	`6281`	`}`
`6282`	`6282`	`} else {`
`6283`	`6283`	`console.log("Unable to submit the SBOM to the Dependency-Track server");`
`6284`		`- console.log(error);`
`6285`	`6284`	`}`
	`6285`	`+ console.log(error.response?.body);`
	`6286`	`+ return error.response;`
`6286`	`6287`	`}`
`6287`	`6288`	`}`