From 9343619ca97ab7af0e8735d675243d01a8d49296 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=A0est=C3=A1k=20V=C3=ADt?= <Vit.Sestak@ysoft.com>
Date: Fri, 8 Dec 2017 11:20:57 +0100
Subject: [PATCH] Initial support for virtual dependencies.

Well, they will probably not work anyway, because they don't have hashes. But at this point, at least the parser does not crash at isVirtual="false"
---
 app/com/ysoft/odc/OdcParser.scala   | 19 +++++++++++++++----
 app/controllers/Statistics.scala    |  4 +++-
 test/factories/ReportsFactory.scala |  3 ++-
 3 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/app/com/ysoft/odc/OdcParser.scala b/app/com/ysoft/odc/OdcParser.scala
index abae7e1..6e192fe 100644
--- a/app/com/ysoft/odc/OdcParser.scala
+++ b/app/com/ysoft/odc/OdcParser.scala
@@ -5,9 +5,18 @@ import com.ysoft.memory.ObjectPool
 import com.ysoft.odc.Confidence.Confidence
 import controllers.ReportInfo
 import models.{LibraryType, PlainLibraryIdentifier}
+import RichNode.toRichNode
 
 import scala.xml._
 
+final case class RichNode (node: Node) extends AnyVal {
+  def boolAttribute(name: String): Option[Boolean] = node.attribute(name).map(_.text).map(Map("true"->true, "false"->false))
+}
+object RichNode{
+
+  implicit def toRichNode(node: Node) = RichNode(node)
+
+}
 
 final case class SerializableXml private (xmlString: String) extends Serializable{
   def xml = SecureXml.loadString(xmlString) // TODO: cache
@@ -72,7 +81,8 @@ final case class Dependency(
   license: String,
   vulnerabilities: Seq[Vulnerability],
   suppressedVulnerabilities: Seq[Vulnerability],
-  relatedDependencies: Seq[RelatedDependency]
+  relatedDependencies: Seq[RelatedDependency],
+  isVirtual: Boolean
 ) extends AbstractDependency {
 
   def hashes = Hashes(sha1 = sha1, md5 = md5)
@@ -258,7 +268,7 @@ object OdcParser {
     }
     vulnerableSoftwarePool(VulnerableSoftware(
       name = node.text,
-      allPreviousVersion = node.attribute("allPreviousVersion").map(_.text).map(Map("true"->true, "false"->false)).getOrElse(false)
+      allPreviousVersion = node.boolAttribute("allPreviousVersion").getOrElse(false)
     ))
   }
 
@@ -333,7 +343,7 @@ object OdcParser {
 
   def parseDependency(node: Node): Dependency = {
     checkElements(node, Set("fileName", "filePath", "md5", "sha1", "description", "evidenceCollected", "identifiers", "license", "vulnerabilities", "relatedDependencies"))
-    checkParams(node, Set())
+    checkParams(node, Set("isVirtual"))
     val (vulnerabilities: Seq[Node], suppressedVulnerabilities: Seq[Node]) = (node \ "vulnerabilities").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "vulnerability")
     val (identifiers, suppressedIdentifiers) = (node \ "identifiers").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "identifier")
     dependencyPool(Dependency(
@@ -348,7 +358,8 @@ object OdcParser {
       license = (node \ "license").text,
       vulnerabilities = vulnerabilities.map(parseVulnerability(_)),
       suppressedVulnerabilities = suppressedVulnerabilities.map(parseVulnerability(_, "suppressedVulnerability")),
-      relatedDependencies = (node \ "relatedDependencies" \ "relatedDependency").map(parseRelatedDependency)
+      relatedDependencies = (node \ "relatedDependencies" \ "relatedDependency").map(parseRelatedDependency),
+      isVirtual = node.boolAttribute("isVirtual").getOrElse(false)
     ))
   }
 
diff --git a/app/controllers/Statistics.scala b/app/controllers/Statistics.scala
index 4eca436..66b19c2 100644
--- a/app/controllers/Statistics.scala
+++ b/app/controllers/Statistics.scala
@@ -401,13 +401,15 @@ class Statistics @Inject()(
     val (lastRefreshTime, resultsFuture) = projectReportsProvider.resultsForVersions(versions)
     resultsFuture flatMap { allResults =>
       select(allResults, Some("project:"+req.body.plan)).fold(Future.successful(NotFound(Json.obj("error"->"not found")))) { selection =>
+        if(selection.result.failedProjects.nonEmpty){
+          throw new RuntimeException("Cannot compare, because the previous analysis has failed")
+        }
         reportMapFuture.map {reportMap =>
           def extractVulnerabilities(r: Result) = {
             r.vulnerableDependencies.flatMap(_.vulnerabilities.map(_.name)).toSet
           }
           val adHocReports = DependencyCheckReportsParser.forAdHocScans(reportMap)
           def compare[T](f: Result => Set[T]) = new SetDiff(f(selection.result), f(adHocReports))
-          //adHocReports.dep
           Ok(Json.obj(
             "vulnerabilities"->showDiff(compare(extractVulnerabilities)),
             "dependencies"->showDiff(compare(_.groupedDependencies.map(GroupedDependencyIdentifier.fromGroupedDependency).toSet))
diff --git a/test/factories/ReportsFactory.scala b/test/factories/ReportsFactory.scala
index ea14a32..31ca33a 100644
--- a/test/factories/ReportsFactory.scala
+++ b/test/factories/ReportsFactory.scala
@@ -38,7 +38,8 @@ object ReportsFactory{
       license = "something",
       vulnerabilities = Seq(),
       suppressedVulnerabilities = Seq(),
-      relatedDependencies = Seq()
+      relatedDependencies = Seq(),
+      isVirtual = false
     )
   }