Added new ODC scans for Java libraries. Those can scan even transitive dependencies and can be run before adding a new library to a project.

2026-03-14 06:06:41 +01:00 · 2017-07-31 12:09:23 +02:00
parent bb0089cd97
commit 2049759430
31 changed files with 824 additions and 200 deletions
--- a/app/modules/ConfigModule.scala
+++ b/app/modules/ConfigModule.scala
@@ -6,7 +6,7 @@ import java.nio.file.{Files, Path, Paths}
 import java.util.concurrent.Executors

 import akka.util.ClassLoaderObjectInputStream
-import com.typesafe.config.{Config, ConfigObject, ConfigValue}
+import com.typesafe.config.{Config, ConfigObject}
 import com.ysoft.odc._
 import controllers.api._
 import controllers.{MissingGavExclusions, Projects, TeamId, WarningSeverity}
@@ -15,9 +15,7 @@ import net.ceedubs.ficus.readers.ArbitraryTypeReader._
 import play.api.cache.CacheApi
 import play.api.inject.{Binding, Module}
 import play.api.{Configuration, Environment, Logger}
-import services.IssueTrackerService

-import scala.collection.mutable
 import scala.concurrent.ExecutionContext
 import scala.concurrent.duration.Duration
 import scala.reflect.ClassTag
@@ -86,7 +84,7 @@ class FileCacheApi(path: Path) extends CacheApi{

 }

-case class TemplateCustomization(brandHtml: Option[String])
+case class TemplateCustomization(brandHtml: Option[String], vulnerableLibraryAdvice: Option[String])

 class ConfigModule extends Module {

@@ -158,7 +156,7 @@ class ConfigModule extends Module {
    bind[LogSmellChecks].qualifiedWith("log-smells").toInstance(LogSmellChecks(configuration.underlying.getAs[Map[String, LogSmell]]("yssdc.logSmells").getOrElse(Map()))),
    bind[Projects].to(parseProjects(configuration)),
    bind[ApiConfig].to(parseApiConfig(configuration)),
-    bind[TemplateCustomization].to(TemplateCustomization(configuration.underlying.getAs[String]("app.brand")))
+    bind[TemplateCustomization].to(TemplateCustomization(configuration.underlying.getAs[String]("app.brand"), configuration.underlying.getAs[String]("app.vulnerableLibraryAdvice")))
  ) ++
    configuration.underlying.getAs[Absolutizer]("app").map(a => bind[Absolutizer].toInstance(a)) ++
    configuration.getString("play.cache.path").map(cachePath => bind[CacheApi].toInstance(new FileCacheApi(Paths.get(cachePath)))) ++
--- a/app/modules/EmailExportModule.scala
+++ b/app/modules/EmailExportModule.scala
@@ -8,7 +8,7 @@ import net.ceedubs.ficus.Ficus._
 import net.codingwell.scalaguice.ScalaModule
 import play.api.Configuration
 import play.api.libs.mailer.MailerClient
-import services.{OdcService, EmailExportService, EmailExportType, VulnerabilityNotificationService}
+import services.{OdcDbService, EmailExportService, EmailExportType, VulnerabilityNotificationService}
 import net.ceedubs.ficus.readers.EnumerationReader._
 import scala.concurrent.ExecutionContext

@@ -22,7 +22,7 @@ class EmailExportModule extends AbstractModule with ScalaModule{
                                 mailerClient: MailerClient,
                                 notificationService: VulnerabilityNotificationService,
                                 absolutizer: Absolutizer,
-                                 odcService: OdcService,
+                                 odcService: OdcDbService,
                                 @Named("email-sending") emailSendingExecutionContext: ExecutionContext
                               )(implicit executionContext: ExecutionContext): Option[EmailExportService] = {
    println(s"emailSendingExecutionContext = $emailSendingExecutionContext")
--- a/app/modules/OdcModule.scala
+++ b/app/modules/OdcModule.scala
@@ -0,0 +1,33 @@
+package modules
+
+import com.google.inject.{AbstractModule, Provides}
+import net.ceedubs.ficus.Ficus._
+import net.ceedubs.ficus.readers.ArbitraryTypeReader._
+import net.codingwell.scalaguice.ScalaModule
+import play.api.{Application, Configuration}
+import services.{OdcConfig, OdcDbConnectionConfig, OdcService}
+
+class OdcModule extends AbstractModule with ScalaModule{
+  override def configure(): Unit = {}
+
+  private val Drivers = Map(
+    "slick.driver.MySQLDriver$" -> "org.mariadb.jdbc.Driver"
+  )
+
+  @Provides
+  def provideOdcServiceOption(conf: Configuration, application: Application): Option[OdcService] = {
+    lazy val dbConfig = {
+      val driverClass = Drivers(conf.getString("slick.dbs.odc.driver").get)
+      val driverJar = Class.forName(driverClass).getProtectionDomain.getCodeSource.getLocation.getPath
+      OdcDbConnectionConfig(
+        driverClass = driverClass,
+        driverJar = driverJar,
+        url = conf.getString("slick.dbs.odc.db.url").get,
+        user = conf.getString("slick.dbs.odc.db.user").get,
+        password = conf.getString("slick.dbs.odc.db.password").get
+      )
+    }
+    conf.underlying.getAs[OdcConfig]("odc").map(config => new OdcService(config, dbConfig)(application))
+  }
+
+}