Initial support for virtual dependencies.

Well, they will probably not work anyway, because they don't have hashes. But at this point, at least the parser does not crash at isVirtual="false"
2026-01-16 00:34:18 +01:00 · 2017-12-08 11:20:57 +01:00
parent 39ba123efc
commit 9343619ca9
3 changed files with 20 additions and 6 deletions
--- a/app/com/ysoft/odc/OdcParser.scala
+++ b/app/com/ysoft/odc/OdcParser.scala
@@ -5,9 +5,18 @@ import com.ysoft.memory.ObjectPool
 import com.ysoft.odc.Confidence.Confidence
 import controllers.ReportInfo
 import models.{LibraryType, PlainLibraryIdentifier}
+import RichNode.toRichNode

 import scala.xml._

+final case class RichNode (node: Node) extends AnyVal {
+  def boolAttribute(name: String): Option[Boolean] = node.attribute(name).map(_.text).map(Map("true"->true, "false"->false))
+}
+object RichNode{
+
+  implicit def toRichNode(node: Node) = RichNode(node)
+
+}

 final case class SerializableXml private (xmlString: String) extends Serializable{
  def xml = SecureXml.loadString(xmlString) // TODO: cache
@@ -72,7 +81,8 @@ final case class Dependency(
  license: String,
  vulnerabilities: Seq[Vulnerability],
  suppressedVulnerabilities: Seq[Vulnerability],
-  relatedDependencies: Seq[RelatedDependency]
+  relatedDependencies: Seq[RelatedDependency],
+  isVirtual: Boolean
 ) extends AbstractDependency {

  def hashes = Hashes(sha1 = sha1, md5 = md5)
@@ -258,7 +268,7 @@ object OdcParser {
    }
    vulnerableSoftwarePool(VulnerableSoftware(
      name = node.text,
-      allPreviousVersion = node.attribute("allPreviousVersion").map(_.text).map(Map("true"->true, "false"->false)).getOrElse(false)
+      allPreviousVersion = node.boolAttribute("allPreviousVersion").getOrElse(false)
    ))
  }

@@ -333,7 +343,7 @@ object OdcParser {

  def parseDependency(node: Node): Dependency = {
    checkElements(node, Set("fileName", "filePath", "md5", "sha1", "description", "evidenceCollected", "identifiers", "license", "vulnerabilities", "relatedDependencies"))
-    checkParams(node, Set())
+    checkParams(node, Set("isVirtual"))
    val (vulnerabilities: Seq[Node], suppressedVulnerabilities: Seq[Node]) = (node \ "vulnerabilities").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "vulnerability")
    val (identifiers, suppressedIdentifiers) = (node \ "identifiers").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "identifier")
    dependencyPool(Dependency(
@@ -348,7 +358,8 @@ object OdcParser {
      license = (node \ "license").text,
      vulnerabilities = vulnerabilities.map(parseVulnerability(_)),
      suppressedVulnerabilities = suppressedVulnerabilities.map(parseVulnerability(_, "suppressedVulnerability")),
-      relatedDependencies = (node \ "relatedDependencies" \ "relatedDependency").map(parseRelatedDependency)
+      relatedDependencies = (node \ "relatedDependencies" \ "relatedDependency").map(parseRelatedDependency),
+      isVirtual = node.boolAttribute("isVirtual").getOrElse(false)
    ))
  }

--- a/app/controllers/Statistics.scala
+++ b/app/controllers/Statistics.scala
@@ -401,13 +401,15 @@ class Statistics @Inject()(
    val (lastRefreshTime, resultsFuture) = projectReportsProvider.resultsForVersions(versions)
    resultsFuture flatMap { allResults =>
      select(allResults, Some("project:"+req.body.plan)).fold(Future.successful(NotFound(Json.obj("error"->"not found")))) { selection =>
+        if(selection.result.failedProjects.nonEmpty){
+          throw new RuntimeException("Cannot compare, because the previous analysis has failed")
+        }
        reportMapFuture.map {reportMap =>
          def extractVulnerabilities(r: Result) = {
            r.vulnerableDependencies.flatMap(_.vulnerabilities.map(_.name)).toSet
          }
          val adHocReports = DependencyCheckReportsParser.forAdHocScans(reportMap)
          def compare[T](f: Result => Set[T]) = new SetDiff(f(selection.result), f(adHocReports))
-          //adHocReports.dep
          Ok(Json.obj(
            "vulnerabilities"->showDiff(compare(extractVulnerabilities)),
            "dependencies"->showDiff(compare(_.groupedDependencies.map(GroupedDependencyIdentifier.fromGroupedDependency).toSet))
--- a/test/factories/ReportsFactory.scala
+++ b/test/factories/ReportsFactory.scala
@@ -38,7 +38,8 @@ object ReportsFactory{
      license = "something",
      vulnerabilities = Seq(),
      suppressedVulnerabilities = Seq(),
-      relatedDependencies = Seq()
+      relatedDependencies = Seq(),
+      isVirtual = false
    )
  }