Initial commit

2026-03-25 02:21:52 +01:00 · 2016-01-10 17:31:07 +01:00
commit 4b87ced31f
104 changed files with 4870 additions and 0 deletions
--- a/app/views/statistics/vulnerableLibraries.scala.html
+++ b/app/views/statistics/vulnerableLibraries.scala.html
@@ -0,0 +1,64 @@
+@(
+    projectsWithSelection: ProjectsWithSelection,
+    vulnerableDependencies: Seq[GroupedDependency],
+    allDependenciesCount: Int
+)(implicit header: DefaultRequest)
+
+@main(
+    title = s"Vulnerable libraries for ${projectsWithSelection.projectNameText} (${vulnerableDependencies.size} deps, ${vulnerableDependencies.flatMap(_.cpeIdentifiers.map(_.toCpeIdentifierOption.get)).toSet.size} CPEs)",
+    projectsOption = Some((projectsWithSelection, routes.Statistics.vulnerableLibraries(_)))
+){
+    <script type="text/javascript" src="@routes.Assets.versioned("lib/jqplot/jquery.jqplot.min.js")"></script>
+    <script type="text/javascript" src="@routes.Assets.versioned("lib/jqplot/plugins/jqplot.pieRenderer.min.js")"></script>
+    <h2>Plot</h2>
+    <div id="vulnerable-dependencies-chart"></div>
+<script type="text/javascript">
+$(document).ready(function(){
+    var data = [
+        ['Vulnerable', (@(vulnerableDependencies.size))], ['No known vulnerability', (@(allDependenciesCount - vulnerableDependencies.size))]
+    ];
+    var plot1 = jQuery.jqplot ('vulnerable-dependencies-chart', [data], {
+        seriesDefaults: {
+            // Make this a pie chart.
+            renderer: jQuery.jqplot.PieRenderer,
+            rendererOptions: {
+                // Put data labels on the pie slices.
+                // By default, labels show the percentage of the slice.
+                showDataLabels: true,
+                dataLabels: 'value',
+                startAngle: -90,
+                seriesColors: ['red', 'green'],
+                legendOptions: {
+                    textColor: 'white'
+                }
+            }
+        },
+        legend: { show:true, location: 'e' }
+    });
+});
+</script>
+    <h2>List</h2>
+    <div class="help">
+        <p>Libraries are sorted:</p>
+        <ol>
+            <li>by total score (max vulnerability score × number of affected dependencies) if vulnerability score is defined for at least one vulnerability</li>
+            <li>by affected dependency count if the score above is not defined</li>
+            <li>by number of vulnerabilities</li>
+            <li>by affected project count</li>
+        </ol>
+        <p>Note that the number of affected projects is calculated from the current view, not from all projects (unless all projects are selected).</p>
+    </div>
+    @dependencyList(
+        "vulnerable",
+        vulnerableDependencies.sortBy(d => (
+                d.ysdssScore.map(-_),                                                           // total score is the king
+                if(d.ysdssScore.isEmpty) Some(-d.dependencies.size) else None,                  // more affected dependencies if no vulnerability has defined severity
+                -d.vulnerabilities.size,                                                        // more vulnerabilities
+                -d.projects.size,                                                               // more affected projects
+                d.cpeIdentifiers.map(_.toCpeIdentifierOption.get).toSeq.sorted.mkString(" "))   // at least make the order deterministic
+        ),
+        selectorOption = projectsWithSelection.selectorString,
+        expandByDefault = false,
+        addButtons = false
+    )
+}