Initial commit

conf/application.conf.-example

@@ -0,0 +1,117 @@
+# This is the main configuration file for the application.
+# ~~~~~
+
+# Secret key
+# ~~~~~
+# The secret key is used to secure cryptographics functions.
+#
+# This must be changed for production, but we recommend not changing it in this file.
+#
+# See https://www.playframework.com/documentation/latest/ApplicationSecret for more details.
+play.crypto.secret = "changeme"
+
+# The application languages
+# ~~~~~
+play.i18n.langs = [ "en" ]
+
+play.modules.enabled += "modules.ConfigModule"
+play.modules.enabled += "modules.SilhouetteModule"
+
+yssdc{
+  bamboo{
+    url = …
+  }
+  reports {
+    provider = "bamboo"
+    bamboo{
+      user = …
+      password = …
+    }
+  }
+  projects = {jobId:humanReadableName, …}
+  teams = […]
+  exclusions{
+    missingGAV{
+      bySha1 = []
+    }
+  }
+  projectsToTeams = {
+    …
+  }
+  teamLeaders = { # all teams used here must be listed above
+    team: leader,
+    …
+  }
+}
+
+# Router
+# ~~~~~
+# Define the Router object to use for this application.
+# This router will be looked up first when the application is starting up,
+# so make sure this is the entry point.
+# Furthermore, it's assumed your route file is named properly.
+# So for an application router like `my.application.Router`,
+# you may need to define a router file `conf/my.application.routes`.
+# Default to Routes in the root package (and conf/routes)
+# play.http.router = my.application.Routes
+
+# Database configuration
+# ~~~~~
+# You can declare as many datasources as you want.
+# By convention, the default datasource is named `default`
+#
+
+slick.dbs.default {
+  # Connection to internal database. It must be PostgreSQL.
+  driver = "slick.driver.PostgresDriver$"
+  db{
+    url = "jdbc:postgresql://localhost/odca"
+    user = …
+    password = …
+  }
+}
+slick.dbs.odc {
+  # Connection to ODC database. It should be MySQL/MariaDB. H2 DB is not supported. PostgreSQL might work if you get ODC working with it, Other databases might be supported in future.
+  driver = "slick.driver.MySQLDriver$"
+  db {
+    url = "jdbc:mysql://127.0.0.1/dependencycheck"
+    # Those credentials are default in ODC (but you might have changed them):
+    user = "dcuser"
+    password = "DC-Pass1337!"
+  }
+}
+
+# Evolutions
+# ~~~~~
+# You can disable evolutions if needed
+# play.evolutions.enabled=false
+
+# You can disable evolutions for a specific datasource if necessary
+# play.evolutions.db.default.enabled=false
+
+# If you want a persistent cache for development (it should speed up reload cycles), you might want to uncomment and adjust the following lines:
+#play.modules.disabled+="play.api.cache.EhCacheModule"
+#play.cache.path = "/home/user/.cache/odc-analysis"
+
+
+silhouette {
+  # Authenticator settings
+  authenticator.cookieName = "authenticator"
+  authenticator.cookiePath = "/"
+  authenticator.secureCookie=false # is ignored; overriden in app/controllers/AuthController.scala; But it must be present!
+  authenticator.httpOnlyCookie = true
+  authenticator.useFingerprinting = true
+  authenticator.authenticatorIdleTimeout = 12 hours
+  authenticator.authenticatorExpiry = 12 hours
+
+  authenticator.rememberMe.cookieMaxAge = 30 days
+  authenticator.rememberMe.authenticatorIdleTimeout = 5 days
+  authenticator.rememberMe.authenticatorExpiry = 30 days
+
+  credentialsVerificationService{
+    type="allow-all" # accepts any credentials; allowed in dev mode only
+    #type="external" # verifies credentials at the URL specified below
+    #url="http://localhost:9050/"
+  }
+}
+

conf/evolutions/default/1.sql

@@ -0,0 +1,34 @@
+# --- !Ups
+
+
+CREATE TABLE library (
+  id SERIAL,
+  library_type VARCHAR(255) NOT NULL, -- We could use enums, but it is too much bothering in PostgreSQL. We'll enforce those constrainst on application level :)
+  identifier VARCHAR(255) NOT NULL,
+  classified BOOLEAN,
+  PRIMARY KEY (id)
+);
+
+CREATE UNIQUE INDEX library_unique ON library (library_type, identifier);
+
+CREATE TABLE library_tag (
+  id SERIAL,
+  name varchar(255) NOT NULL,
+  PRIMARY KEY (id)
+);
+
+CREATE UNIQUE INDEX library_tag_unique ON library_tag (name);
+
+CREATE TABLE library_to_library_tag (
+  library_id INTEGER NOT NULL REFERENCES library,
+  library_tag_id INTEGER NOT NULL REFERENCES library_tag,
+  context_dependent BOOLEAN
+);
+
+CREATE UNIQUE INDEX library_to_library_tag_unique ON library_to_library_tag (library_id, library_tag_id);
+
+# --- !Downs
+
+DROP TABLE library;
+DROP TABLE library_to_library_tag;
+DROP TABLE library_tag;

conf/evolutions/default/2.sql

@@ -0,0 +1,7 @@
+# --- !Ups
+
+ALTER TABLE library_tag ADD COLUMN note VARCHAR(1024) NULL DEFAULT NULL;
+
+# --- !Downs
+
+ALTER TABLE library_tag DROP COLUMN note;

conf/evolutions/default/3.sql

@@ -0,0 +1,7 @@
+# --- !Ups
+
+ALTER TABLE library_tag ADD COLUMN warning_order INT NULL DEFAULT NULL;
+
+# --- !Downs
+
+ALTER TABLE library_tag DROP COLUMN warning_order;

conf/evolutions/default/4.sql

@@ -0,0 +1,13 @@
+# --- !Ups
+
+CREATE TABLE snooze(
+  "id" SERIAL NOT NULL,
+  "until" DATE NOT NULL,
+  "snoozed_object_identifier" VARCHAR(512) NOT NULL,
+  "reason" VARCHAR(1024) NOT NULL
+);
+CREATE INDEX snooze_until ON snooze (until);
+
+# --- !Downs
+
+DROP TABLE snooze;

conf/evolutions/default/5.sql

@@ -0,0 +1,18 @@
+# --- !Ups
+
+CREATE TABLE "cookie_authenticators" (
+  "id"             VARCHAR   NOT NULL,
+  "provider_id"    VARCHAR   NOT NULL,
+  "provider_key"   VARCHAR   NOT NULL,
+  "last_used"      TIMESTAMP NOT NULL,
+  "expiration"     TIMESTAMP NOT NULL,
+  "idle_timeout"   BIGINT    NULL,
+  "cookie_max_age" BIGINT    NULL,
+  "fingerprint"    VARCHAR   NULL
+);
+
+CREATE INDEX cookie_authenticators_id ON cookie_authenticators (id);
+
+# --- !Downs
+
+DROP TABLE cookie_authenticators;

conf/logback.xml

@@ -0,0 +1,22 @@
+<configuration>
+    
+  <conversionRule conversionWord="coloredLevel" converterClass="play.api.Logger$ColoredLevel" />
+
+  <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+    <encoder>
+      <pattern>%coloredLevel - %logger - %message%n%xException</pattern>
+    </encoder>
+  </appender>
+
+  <!--
+    The logger name is typically the Java/Scala package name.
+    This configures the log level to log at for a package and its children packages.
+  -->
+  <logger name="play" level="INFO" />
+  <logger name="slick.jdbc.JdbcBackend.statement" level="DEBUG" />
+  <logger name="application" level="DEBUG" />
+  <root level="WARN">
+    <appender-ref ref="STDOUT" />
+  </root>
+
+</configuration>

conf/routes

@@ -0,0 +1,44 @@
+# Routes
+# This file defines all application routes (Higher priority routes first)
+# ~~~~
+
+# Home page
+GET         /                                 controllers.Application.index(versions: Map[String, Int] = Map())
+GET         /versions                         controllers.Application.index(versions: Map[String, Int])
+GET         /dependencies                     controllers.Application.dependencies(classified: Option[Boolean] = None,        requiredTags: Seq[Int] ?= Seq(), noTag: Boolean ?= false)
+GET         /dependencies/classified          controllers.Application.dependencies(classified: Option[Boolean] = Some(true),  requiredTags: Seq[Int] ?= Seq(), noTag: Boolean ?= false)
+GET         /dependencies/unclassified        controllers.Application.dependencies(classified: Option[Boolean] = Some(false), requiredTags: Seq[Int] ?= Seq(), noTag: Boolean ?= false)
+POST        /add-tag                          controllers.Application.addTag
+POST        /remove-tag                       controllers.Application.removeTag
+POST        /set-classified                   controllers.Application.setClassified(classified: Boolean)
+POST        /purge-cache                      controllers.Application.purgeCache(versions: Map[String, Int], next: String)
+POST        /snooze/:id                       controllers.Application.snooze(id: String, versions: Map[String, Int])
+POST        /unsnooze/:snoozeId               controllers.Application.unsnooze(snoozeId: Int, versions: Map[String, Int])
+
+GET         /https-test/with-redirect         controllers.Application.testHttps(allowRedirect: Boolean = true)
+GET         /https-test                       controllers.Application.testHttps(allowRedirect: Boolean = false)
+
+GET         /stats/basic                      controllers.Statistics.basic(selector: Option[String] = None)
+GET         /stats/basic/*selector            controllers.Statistics.basic(selector: Option[String])
+GET         /stats/details                    controllers.Statistics.vulnerabilities(selector: Option[String], tagId: Option[Int])
+GET         /stats/libraries/vulnerable       controllers.Statistics.vulnerableLibraries(selector: Option[String])
+GET         /stats/libraries/all              controllers.Statistics.allLibraries(selector: Option[String])
+GET         /stats/libraries/gavs             controllers.Statistics.allGavs(selector: Option[String])
+
+GET         /libraries/vulnerabilities        controllers.Statistics.searchVulnerableSoftware(versionlessCpes: Seq[String], versionOption: Option[String])
+
+GET         /vulnerability/:name              controllers.Statistics.vulnerability(name, selector: Option[String])
+
+GET         /tags.json                        controllers.Application.tagsExport
+
+GET         /tags/import                      controllers.Application.tagsImport
+POST        /tags/import                      controllers.Application.tagsImportAction
+
+GET         /routes.js                        controllers.Application.javascriptRoutes
+
+GET         /sign-in                          controllers.AuthController.signIn
+POST        /sign-in                          controllers.AuthController.authenticate
+POST        /sign-out                         controllers.AuthController.signOut
+
+# Map static resources from the /public folder to the /assets URL path
+GET         /assets/*file                     controllers.Assets.versioned(path="/public", file: Asset)