github-mirrors/odc-analyzer
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-analyzer.git synced 2026-01-11 14:30:50 +01:00
Code Issues 2 Packages Projects Releases Wiki Activity

Switch to PostgreSQL

Browse Source
This commit is contained in:
Šesták Vít
2020-01-23 10:02:05 +01:00
parent 7dfe71b8b9
commit 2db75d0617
7 changed files with 15 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -39,7 +39,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
* Java 8
* PostgreSQL
* MySQL (updated ODC vulnerability database)
* Updated ODC vulnerability database in PostgreSQL
* Bamboo server (read-only access to reports)
Bamboo server runs OWASP Dependency Check scans and provides reports. These reports are needed to be configured separately (this tool does not configure it).
@@ -63,7 +63,7 @@ I decided to use PostgreSQL, because:
### Vulnerability Database
The application also needs read-only access to vulnerability database maintained by OWASP Dependency Check. ODC currently supports H2 and MySQL. However, there are multiple issues with H2 for this usage. The first one issue is concurrent access. The concurrent access probably could have been somehow configured, but ODC uses different case for MySQL and H2 table names and column names. This makes it hard to support both at the same time.
The application also needs read-only access to vulnerability database maintained by OWASP Dependency Check. ODC currently supports multiple databases, including H2, MySQL and PostgreSQL. However, there are multiple issues with H2 for this usage. The first one issue is concurrent access. The concurrent access probably could have been somehow configured, but ODC uses various case for table names and column names. This makes it hard to support multiple databases at the same time.
## Running multiple instances behind load-balancer

2
app/models/odc/CpeEntry.scala
View File

@@ -5,7 +5,7 @@ import slick.lifted.Tag
final case class CpeEntry(cpe: String, vendor: String, product: String)
class CpeEntries(tag: Tag) extends Table[(Int, CpeEntry)](tag, "cpeEntry") {
class CpeEntries(tag: Tag) extends Table[(Int, CpeEntry)](tag, "cpeentry") {
def id = column[Int]("id", O.PrimaryKey)

4
app/models/odc/SoftwareVulnerability.scala
View File

@@ -32,9 +32,9 @@ final case class SoftwareVulnerability (vulnerabilityId: Int, cpeEntryId: Int, i
class SoftwareVulnerabilities(tag: Tag) extends Table[SoftwareVulnerability](tag, "software") {
def vulnerabilityId = column[Int]("cveid")
def cpeEntryId = column[Int]("cpeEntryId")
def cpeEntryId = column[Int]("cpeentryid")
//private val bt = new OdcBooleanType()(jdbcTypeFor(implicitly[BaseColumnType[String]].optionType).asInstanceOf[JdbcType[Option[String]]])
//MappedJdbcType.base[Boolean, Option[String]](???, ???)(implicitly[ClassTag[Boolean]], )
def includesAllPreviousVersionsRaw = column[String]("previousVersion").?
def includesAllPreviousVersionsRaw = column[String]("previousversion").?
def * = (vulnerabilityId, cpeEntryId, includesAllPreviousVersionsRaw) <> (SoftwareVulnerability.tupled, SoftwareVulnerability.unapply)
}

14
app/models/odc/Vulnerability.scala
View File

@@ -10,13 +10,13 @@ class Vulnerabilities(tag: Tag) extends Table[(Int, Vulnerability)](tag, "vulner
def cve = column[String]("cve")
def description = column[String]("description")
def cweOption = column[String]("cwe").?
def cvssScore = column[Double]("cvssScore").?
def authentication = column[String]("cvssAuthentication").?
def availabilityImpact = column[String]("cvssAvailabilityImpact").?
def accessVector = column[String]("cvssAccessVector").?
def integrityImpact = column[String]("cvssIntegrityImpact").?
def cvssAccessComplexity = column[String]("cvssAccessComplexity").?
def cvssConfidentialityImpact = column[String]("cvssConfidentialityImpact").?
def cvssScore = column[Double]("cvssscore").?
def authentication = column[String]("cvssauthentication").?
def availabilityImpact = column[String]("cvssavailabilityimpact").?
def accessVector = column[String]("cvssaccessvector").?
def integrityImpact = column[String]("cvssintegrityimpact").?
def cvssAccessComplexity = column[String]("cvssaccesscomplexity").?
def cvssConfidentialityImpact = column[String]("cvssconfidentialityimpact").?
def cvssRating = (cvssScore, authentication, availabilityImpact, accessVector, integrityImpact, cvssAccessComplexity, cvssConfidentialityImpact) <> (CvssRating.tupled, CvssRating.unapply)
def cweOptionMapped = cweOption <> ((_: Option[String]).map(CWE.forIdentifierWithDescription), (_: Option[CWE]).map(CWE.unapply))

2
app/models/odc/package.scala
View File

@@ -4,7 +4,7 @@ import slick.lifted.TableQuery
package object odc {
val profile = slick.driver.MySQLDriver
val profile = slick.driver.PostgresDriver
object tables {
val cpeEntries = TableQuery[CpeEntries]

3
app/modules/OdcModule.scala
View File

@@ -11,7 +11,8 @@ class OdcModule extends AbstractModule with ScalaModule{
override def configure(): Unit = {}
private val Drivers = Map(
"slick.driver.MySQLDriver$" -> "org.mariadb.jdbc.Driver"
"slick.driver.MySQLDriver$" -> "org.mariadb.jdbc.Driver",
"slick.driver.PostgresDriver$" -> "org.postgresql.Driver"
)
@Provides

4
build.sbt
View File

@@ -40,12 +40,8 @@ libraryDependencies += "com.github.tototoshi" %% "slick-joda-mapper" % "2.0.0"
libraryDependencies += "com.github.nscala-time" %% "nscala-time" % "2.0.0"
// libraryDependencies += "org.mariadb.jdbc" % "mariadb-java-client" % "1.1.9"
libraryDependencies += "org.postgresql" % "postgresql" % "9.4-1201-jdbc41"
libraryDependencies += "org.mariadb.jdbc" % "mariadb-java-client" % "1.3.3"
libraryDependencies += "org.webjars" % "bootstrap" % "3.3.5"
libraryDependencies += "org.webjars" % "jquery" % "2.1.4"