github-mirrors/odc-analyzer
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-analyzer.git synced 2026-03-23 01:30:25 +01:00
Code Issues 2 Packages Projects Releases Wiki Activity

Added more fail safety for vulnerability export.

Browse Source 
This should affect all exports when a vulnerability disappears.
This commit is contained in:
Šesták Vít
2017-10-11 16:54:25 +02:00
parent cdb31dcc4e
commit 2a95b07b54
6 changed files with 72 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
app/models/vulnerabilityOverviews.scala Normal file
View File

@@ -0,0 +1,49 @@
package models
import com.ysoft.odc.CWE
import controllers.Vulnerability
/**
* Provides some overview about vulnerability. It might be either covered by fully-detailed vulnerability or represent a vulnerability we know little or nothing about.
*/
abstract sealed class VulnerabilityOverview {
def name: String
def descriptionAttempt: String
def isSureAboutDescription: Boolean
def cvssScore: Option[Double]
def cweOption: Option[CWE]
}
object VulnerabilityOverview{
def apply(name: String, v: Option[Vulnerability]): VulnerabilityOverview = v.fold(UnknownVulnerabilityOverview(name))(new StandardVulnerabilityOverview(_))
}
final class StandardVulnerabilityOverview(vulnerability: Vulnerability) extends VulnerabilityOverview {
override def name: String = vulnerability.name
override def descriptionAttempt: String = vulnerability.description
override def isSureAboutDescription = true
override def cvssScore: Option[Double] = vulnerability.cvssScore
override def cweOption = vulnerability.cweOption
}
private final class UnknownVulnerabilityOverview(override val name: String, link: String) extends VulnerabilityOverview {
override def descriptionAttempt: String = s"Unknown vulnerability. Try looking at the following address for more details: $link"
override def cvssScore: Option[Double] = None
override def isSureAboutDescription = false
override def cweOption = None
}
private final class TotallyUnknownVulnerabilityOverview(override val name: String) extends VulnerabilityOverview {
override def descriptionAttempt: String = s"Unknown vulnerability. Not even sure where to look for other details. Maybe Googling the identifier will help."
override def cvssScore: Option[Double] = None
override def isSureAboutDescription = false
override def cweOption = None
}
private object UnknownVulnerabilityOverview {
def apply(name: String): VulnerabilityOverview = name match {
case cveId if name startsWith "CVE-" => new UnknownVulnerabilityOverview(name, s"https://nvd.nist.gov/vuln/detail/$cveId")
case ossIndexId if name startsWith "OSSINDEX-" => new UnknownVulnerabilityOverview(name, s"https://ossindex.net/resource/vulnerability/$ossIndexId")
case other => new TotallyUnknownVulnerabilityOverview(other)
}
}