merge: sync with origin/main, take upstream on conflicts

# Conflicts: # admin-compliance/lib/sdk/types.ts # admin-compliance/lib/sdk/vendor-compliance/types.ts
2026-04-16 16:26:48 +02:00
parent e04816cfe5 712fa8cb74
commit c43d9da6d0
352 changed files with 181673 additions and 2188 deletions
--- a/backend-compliance/compliance/api/screening_routes.py
+++ b/backend-compliance/compliance/api/screening_routes.py
@@ -22,7 +22,9 @@ import uuid
 from datetime import datetime, timezone
 from typing import Any

-from fastapi import APIRouter, File, Form, HTTPException, UploadFile
+import httpx
+from fastapi import APIRouter, File, Form, UploadFile, HTTPException
+from pydantic import BaseModel
 from sqlalchemy import text

 from database import SessionLocal  # re-exported below for legacy test patches
@@ -96,15 +98,13 @@ async def scan_dependencies(
    db = SessionLocal()
    try:
        db.execute(
-            text(
-                "INSERT INTO compliance_screenings "
-                "(id, tenant_id, status, sbom_format, sbom_version, "
-                "total_components, total_issues, critical_issues, high_issues, "
-                "medium_issues, low_issues, sbom_data, started_at, completed_at) "
-                "VALUES (:id, :tenant_id, 'completed', 'CycloneDX', '1.5', "
-                ":total_components, :total_issues, :critical, :high, :medium, :low, "
-                ":sbom_data::jsonb, :started_at, :completed_at)"
-            ),
+            text("""INSERT INTO compliance_screenings
+               (id, tenant_id, status, sbom_format, sbom_version,
+                total_components, total_issues, critical_issues, high_issues, medium_issues, low_issues,
+                sbom_data, started_at, completed_at)
+               VALUES (:id, :tenant_id, 'completed', 'CycloneDX', '1.5',
+                       :total_components, :total_issues, :critical, :high, :medium, :low,
+                       :sbom_data::jsonb, :started_at, :completed_at)"""),
            {
                "id": screening_id,
                "tenant_id": tenant_id,
@@ -121,13 +121,11 @@ async def scan_dependencies(
        )
        for issue in issues:
            db.execute(
-                text(
-                    "INSERT INTO compliance_security_issues "
-                    "(id, screening_id, severity, title, description, cve, cvss, "
-                    "affected_component, affected_version, fixed_in, remediation, status) "
-                    "VALUES (:id, :screening_id, :severity, :title, :description, :cve, :cvss, "
-                    ":component, :version, :fixed_in, :remediation, :status)"
-                ),
+                text("""INSERT INTO compliance_security_issues
+                   (id, screening_id, severity, title, description, cve, cvss,
+                    affected_component, affected_version, fixed_in, remediation, status)
+                   VALUES (:id, :screening_id, :severity, :title, :description, :cve, :cvss,
+                           :component, :version, :fixed_in, :remediation, :status)"""),
                {
                    "id": issue["id"],
                    "screening_id": screening_id,
@@ -214,8 +212,77 @@ async def get_screening(screening_id: str) -> ScreeningResponse:
    """Get a screening result by ID."""
    db = SessionLocal()
    try:
-        with translate_domain_errors():
-            return ScreeningService(db).get_screening(screening_id)
+        result = db.execute(
+            text("""SELECT id, status, sbom_format, sbom_version,
+                      total_components, total_issues, critical_issues, high_issues,
+                      medium_issues, low_issues, sbom_data, started_at, completed_at
+               FROM compliance_screenings WHERE id = :id"""),
+            {"id": screening_id},
+        )
+        row = result.fetchone()
+        if not row:
+            raise HTTPException(status_code=404, detail="Screening not found")
+
+        # Fetch issues
+        issues_result = db.execute(
+            text("""SELECT id, severity, title, description, cve, cvss,
+                      affected_component, affected_version, fixed_in, remediation, status
+               FROM compliance_security_issues WHERE screening_id = :id"""),
+            {"id": screening_id},
+        )
+        issues_rows = issues_result.fetchall()
+
+        issues = [
+            SecurityIssueResponse(
+                id=str(r[0]), severity=r[1], title=r[2], description=r[3],
+                cve=r[4], cvss=r[5], affected_component=r[6],
+                affected_version=r[7], fixed_in=r[8], remediation=r[9], status=r[10],
+            )
+            for r in issues_rows
+        ]
+
+        # Reconstruct components from SBOM data
+        sbom_data = row[10] or {}
+        components = []
+        comp_vulns: dict[str, list[dict]] = {}
+        for issue in issues:
+            if issue.affected_component not in comp_vulns:
+                comp_vulns[issue.affected_component] = []
+            comp_vulns[issue.affected_component].append({
+                "id": issue.cve or issue.id,
+                "cve": issue.cve,
+                "severity": issue.severity,
+                "title": issue.title,
+                "cvss": issue.cvss,
+                "fixedIn": issue.fixed_in,
+            })
+
+        for sc in sbom_data.get("components", []):
+            components.append(SBOMComponentResponse(
+                name=sc["name"],
+                version=sc["version"],
+                type=sc.get("type", "library"),
+                purl=sc.get("purl", ""),
+                licenses=sc.get("licenses", []),
+                vulnerabilities=comp_vulns.get(sc["name"], []),
+            ))
+
+        return ScreeningResponse(
+            id=str(row[0]),
+            status=row[1],
+            sbom_format=row[2] or "CycloneDX",
+            sbom_version=row[3] or "1.5",
+            total_components=row[4] or 0,
+            total_issues=row[5] or 0,
+            critical_issues=row[6] or 0,
+            high_issues=row[7] or 0,
+            medium_issues=row[8] or 0,
+            low_issues=row[9] or 0,
+            components=components,
+            issues=issues,
+            started_at=str(row[11]) if row[11] else None,
+            completed_at=str(row[12]) if row[12] else None,
+        )
    finally:
        db.close()

@@ -225,8 +292,33 @@ async def list_screenings(tenant_id: str = "default") -> ScreeningListResponse:
    """List all screenings for a tenant."""
    db = SessionLocal()
    try:
-        with translate_domain_errors():
-            return ScreeningService(db).list_screenings(tenant_id)
+        result = db.execute(
+            text("""SELECT id, status, total_components, total_issues,
+                      critical_issues, high_issues, medium_issues, low_issues,
+                      started_at, completed_at, created_at
+               FROM compliance_screenings
+               WHERE tenant_id = :tenant_id
+               ORDER BY created_at DESC"""),
+            {"tenant_id": tenant_id},
+        )
+        rows = result.fetchall()
+        screenings = [
+            {
+                "id": str(r[0]),
+                "status": r[1],
+                "total_components": r[2],
+                "total_issues": r[3],
+                "critical_issues": r[4],
+                "high_issues": r[5],
+                "medium_issues": r[6],
+                "low_issues": r[7],
+                "started_at": str(r[8]) if r[8] else None,
+                "completed_at": str(r[9]) if r[9] else None,
+                "created_at": str(r[10]),
+            }
+            for r in rows
+        ]
+        return ScreeningListResponse(screenings=screenings, total=len(screenings))
    finally:
        db.close()