diff --git a/README.md b/README.md index 213cbd3..310d133 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * Java 8 * PostgreSQL -* MySQL (updated ODC vulnerability database) +* Updated ODC vulnerability database in PostgreSQL * Bamboo server (read-only access to reports) Bamboo server runs OWASP Dependency Check scans and provides reports. These reports are needed to be configured separately (this tool does not configure it). @@ -63,7 +63,7 @@ I decided to use PostgreSQL, because: ### Vulnerability Database -The application also needs read-only access to vulnerability database maintained by OWASP Dependency Check. ODC currently supports H2 and MySQL. However, there are multiple issues with H2 for this usage. The first one issue is concurrent access. The concurrent access probably could have been somehow configured, but ODC uses different case for MySQL and H2 table names and column names. This makes it hard to support both at the same time. +The application also needs read-only access to vulnerability database maintained by OWASP Dependency Check. ODC currently supports multiple databases, including H2, MySQL and PostgreSQL. However, there are multiple issues with H2 for this usage. The first one issue is concurrent access. The concurrent access probably could have been somehow configured, but ODC uses various case for table names and column names. This makes it hard to support multiple databases at the same time. ## Running multiple instances behind load-balancer diff --git a/app/models/odc/CpeEntry.scala b/app/models/odc/CpeEntry.scala index 3fee69f..25bc0dc 100644 --- a/app/models/odc/CpeEntry.scala +++ b/app/models/odc/CpeEntry.scala @@ -5,7 +5,7 @@ import slick.lifted.Tag final case class CpeEntry(cpe: String, vendor: String, product: String) -class CpeEntries(tag: Tag) extends Table[(Int, CpeEntry)](tag, "cpeEntry") { +class CpeEntries(tag: Tag) extends Table[(Int, CpeEntry)](tag, "cpeentry") { def id = column[Int]("id", O.PrimaryKey) diff --git a/app/models/odc/SoftwareVulnerability.scala b/app/models/odc/SoftwareVulnerability.scala index 94cb14b..f168c0f 100644 --- a/app/models/odc/SoftwareVulnerability.scala +++ b/app/models/odc/SoftwareVulnerability.scala @@ -32,9 +32,9 @@ final case class SoftwareVulnerability (vulnerabilityId: Int, cpeEntryId: Int, i class SoftwareVulnerabilities(tag: Tag) extends Table[SoftwareVulnerability](tag, "software") { def vulnerabilityId = column[Int]("cveid") - def cpeEntryId = column[Int]("cpeEntryId") + def cpeEntryId = column[Int]("cpeentryid") //private val bt = new OdcBooleanType()(jdbcTypeFor(implicitly[BaseColumnType[String]].optionType).asInstanceOf[JdbcType[Option[String]]]) //MappedJdbcType.base[Boolean, Option[String]](???, ???)(implicitly[ClassTag[Boolean]], ) - def includesAllPreviousVersionsRaw = column[String]("previousVersion").? + def includesAllPreviousVersionsRaw = column[String]("previousversion").? def * = (vulnerabilityId, cpeEntryId, includesAllPreviousVersionsRaw) <> (SoftwareVulnerability.tupled, SoftwareVulnerability.unapply) } \ No newline at end of file diff --git a/app/models/odc/Vulnerability.scala b/app/models/odc/Vulnerability.scala index 9e0b480..4735ffe 100644 --- a/app/models/odc/Vulnerability.scala +++ b/app/models/odc/Vulnerability.scala @@ -10,13 +10,13 @@ class Vulnerabilities(tag: Tag) extends Table[(Int, Vulnerability)](tag, "vulner def cve = column[String]("cve") def description = column[String]("description") def cweOption = column[String]("cwe").? - def cvssScore = column[Double]("cvssScore").? - def authentication = column[String]("cvssAuthentication").? - def availabilityImpact = column[String]("cvssAvailabilityImpact").? - def accessVector = column[String]("cvssAccessVector").? - def integrityImpact = column[String]("cvssIntegrityImpact").? - def cvssAccessComplexity = column[String]("cvssAccessComplexity").? - def cvssConfidentialityImpact = column[String]("cvssConfidentialityImpact").? + def cvssScore = column[Double]("cvssscore").? + def authentication = column[String]("cvssauthentication").? + def availabilityImpact = column[String]("cvssavailabilityimpact").? + def accessVector = column[String]("cvssaccessvector").? + def integrityImpact = column[String]("cvssintegrityimpact").? + def cvssAccessComplexity = column[String]("cvssaccesscomplexity").? + def cvssConfidentialityImpact = column[String]("cvssconfidentialityimpact").? def cvssRating = (cvssScore, authentication, availabilityImpact, accessVector, integrityImpact, cvssAccessComplexity, cvssConfidentialityImpact) <> (CvssRating.tupled, CvssRating.unapply) def cweOptionMapped = cweOption <> ((_: Option[String]).map(CWE.forIdentifierWithDescription), (_: Option[CWE]).map(CWE.unapply)) diff --git a/app/models/odc/package.scala b/app/models/odc/package.scala index c02f90e..add5a16 100644 --- a/app/models/odc/package.scala +++ b/app/models/odc/package.scala @@ -4,7 +4,7 @@ import slick.lifted.TableQuery package object odc { - val profile = slick.driver.MySQLDriver + val profile = slick.driver.PostgresDriver object tables { val cpeEntries = TableQuery[CpeEntries] diff --git a/app/modules/OdcModule.scala b/app/modules/OdcModule.scala index f9ac171..5a0c4df 100644 --- a/app/modules/OdcModule.scala +++ b/app/modules/OdcModule.scala @@ -11,7 +11,8 @@ class OdcModule extends AbstractModule with ScalaModule{ override def configure(): Unit = {} private val Drivers = Map( - "slick.driver.MySQLDriver$" -> "org.mariadb.jdbc.Driver" + "slick.driver.MySQLDriver$" -> "org.mariadb.jdbc.Driver", + "slick.driver.PostgresDriver$" -> "org.postgresql.Driver" ) @Provides diff --git a/build.sbt b/build.sbt index 1f5d99d..186ef49 100644 --- a/build.sbt +++ b/build.sbt @@ -40,12 +40,8 @@ libraryDependencies += "com.github.tototoshi" %% "slick-joda-mapper" % "2.0.0" libraryDependencies += "com.github.nscala-time" %% "nscala-time" % "2.0.0" -// libraryDependencies += "org.mariadb.jdbc" % "mariadb-java-client" % "1.1.9" - libraryDependencies += "org.postgresql" % "postgresql" % "9.4-1201-jdbc41" -libraryDependencies += "org.mariadb.jdbc" % "mariadb-java-client" % "1.3.3" - libraryDependencies += "org.webjars" % "bootstrap" % "3.3.5" libraryDependencies += "org.webjars" % "jquery" % "2.1.4"