Added suppressed vulnerabilities to statistics

2026-02-21 18:08:24 +01:00 · 2016-12-19 12:56:14 +01:00
parent 307155129c
commit 0ef9636148
4 changed files with 8 additions and 2 deletions
--- a/app/com/ysoft/odc/OdcParser.scala
+++ b/app/com/ysoft/odc/OdcParser.scala
@@ -83,6 +83,7 @@ final case class GroupedDependency(dependencies: Map[Dependency, Set[ReportInfo]
  def mavenIdentifiers = identifiers.filter(_.identifierType == "maven")
  def cpeIdentifiers = identifiers.filter(_.identifierType == "cpe")
  def vulnerabilities: Set[Vulnerability] = dependencies.keySet.flatMap(_.vulnerabilities)
+  def suppressedVulnerabilities: Set[Vulnerability] = dependencies.keySet.flatMap(_.suppressedVulnerabilities)
  def plainLibraryIdentifiers: Set[PlainLibraryIdentifier] = identifiers.flatMap(_.toLibraryIdentifierOption)
  def hasCpe: Boolean = cpeIdentifiers.nonEmpty
 }
--- a/app/controllers/DependencyCheckReportsParser.scala
+++ b/app/controllers/DependencyCheckReportsParser.scala
@@ -123,6 +123,7 @@ object DependencyCheckReportsParser{
    lazy val groupedDependenciesByPlainLibraryIdentifier: Map[PlainLibraryIdentifier, Set[GroupedDependency]] =
      groupedDependencies.toSet.flatMap((grDep: GroupedDependency) => grDep.plainLibraryIdentifiers.map(_ -> grDep)).groupBy(_._1).mapValues(_.map(_._2)).map(identity)
    lazy val vulnerableDependencies = groupedDependencies.filter(_.vulnerabilities.nonEmpty)
+    lazy val suppressedOnlyDependencies = groupedDependencies.filter(gd => gd.vulnerabilities.isEmpty && gd.suppressedIdentifiers.nonEmpty)

    private val ProjectSelectorPattern = """^project:(.*)$""".r
    private val TeamSelectorPattern = """^team:(.*)$""".r
--- a/app/controllers/Statistics.scala
+++ b/app/controllers/Statistics.scala
@@ -202,6 +202,7 @@ class Statistics @Inject() (
        Future.successful(Ok(views.html.statistics.vulnerableLibraries(
          projectsWithSelection = selection.projectsWithSelection,
          vulnerableDependencies = reports.vulnerableDependencies,
+          dependenciesWithSuppressedVulnerabilitiesOnlyCount = reports.suppressedOnlyDependencies.size,
          allDependenciesCount = reports.groupedDependencies.size,
          reports = reports
        )))
--- a/app/views/statistics/vulnerableLibraries.scala.html
+++ b/app/views/statistics/vulnerableLibraries.scala.html
@@ -2,6 +2,7 @@
    projectsWithSelection: ProjectsWithSelection,
    vulnerableDependencies: Seq[GroupedDependency],
    allDependenciesCount: Int,
+    dependenciesWithSuppressedVulnerabilitiesOnlyCount: Int,
    reports: DependencyCheckReportsParser.Result
 )(implicit header: DefaultRequest)

@@ -17,7 +18,9 @@
 <script type="text/javascript">
 $(document).ready(function(){
    var data = [
-        ['Vulnerable', (@(vulnerableDependencies.size))], ['No known vulnerability', (@(allDependenciesCount - vulnerableDependencies.size))]
+        ['Vulnerable', (@(vulnerableDependencies.size))],
+        ['Suppressed vulnerabilities only', (@(dependenciesWithSuppressedVulnerabilitiesOnlyCount))],
+        ['No known vulnerability', (@(allDependenciesCount - vulnerableDependencies.size - dependenciesWithSuppressedVulnerabilitiesOnlyCount))]
    ];
    var plot1 = jQuery.jqplot ('vulnerable-dependencies-chart', [data], {
        seriesDefaults: {
@@ -29,7 +32,7 @@ $(document).ready(function(){
                showDataLabels: true,
                dataLabels: 'value',
                startAngle: -90,
-                seriesColors: ['red', 'green'],
+                seriesColors: ['red', 'yellow', 'green'],
                legendOptions: {
                    textColor: 'white'
                }