github-mirrors/odc-analyzer
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-analyzer.git synced 2026-03-20 16:24:32 +01:00
Code Issues 2 Packages Projects Releases Wiki Activity

Initial support for virtual dependencies.

Browse Source 
Well, they will probably not work anyway, because they don't have hashes. But at this point, at least the parser does not crash at isVirtual="false"
This commit is contained in:
Šesták Vít
2017-12-08 11:20:57 +01:00
parent 39ba123efc
commit 9343619ca9
3 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
app/com/ysoft/odc/OdcParser.scala
View File

@@ -5,9 +5,18 @@ import com.ysoft.memory.ObjectPool
import com.ysoft.odc.Confidence.Confidence
import controllers.ReportInfo
import models.{LibraryType, PlainLibraryIdentifier}
import RichNode.toRichNode
import scala.xml._
final case class RichNode (node: Node) extends AnyVal {
def boolAttribute(name: String): Option[Boolean] = node.attribute(name).map(_.text).map(Map("true"->true, "false"->false))
}
object RichNode{
implicit def toRichNode(node: Node) = RichNode(node)
}
final case class SerializableXml private (xmlString: String) extends Serializable{
def xml = SecureXml.loadString(xmlString) // TODO: cache
@@ -72,7 +81,8 @@ final case class Dependency(
license: String,
vulnerabilities: Seq[Vulnerability],
suppressedVulnerabilities: Seq[Vulnerability],
relatedDependencies: Seq[RelatedDependency]
relatedDependencies: Seq[RelatedDependency],
isVirtual: Boolean
) extends AbstractDependency {
def hashes = Hashes(sha1 = sha1, md5 = md5)
@@ -258,7 +268,7 @@ object OdcParser {
}
vulnerableSoftwarePool(VulnerableSoftware(
name = node.text,
allPreviousVersion = node.attribute("allPreviousVersion").map(_.text).map(Map("true"->true, "false"->false)).getOrElse(false)
allPreviousVersion = node.boolAttribute("allPreviousVersion").getOrElse(false)
))
}
@@ -333,7 +343,7 @@ object OdcParser {
def parseDependency(node: Node): Dependency = {
checkElements(node, Set("fileName", "filePath", "md5", "sha1", "description", "evidenceCollected", "identifiers", "license", "vulnerabilities", "relatedDependencies"))
checkParams(node, Set())
checkParams(node, Set("isVirtual"))
val (vulnerabilities: Seq[Node], suppressedVulnerabilities: Seq[Node]) = (node \ "vulnerabilities").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "vulnerability")
val (identifiers, suppressedIdentifiers) = (node \ "identifiers").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "identifier")
dependencyPool(Dependency(
@@ -348,7 +358,8 @@ object OdcParser {
license = (node \ "license").text,
vulnerabilities = vulnerabilities.map(parseVulnerability(_)),
suppressedVulnerabilities = suppressedVulnerabilities.map(parseVulnerability(_, "suppressedVulnerability")),
relatedDependencies = (node \ "relatedDependencies" \ "relatedDependency").map(parseRelatedDependency)
relatedDependencies = (node \ "relatedDependencies" \ "relatedDependency").map(parseRelatedDependency),
isVirtual = node.boolAttribute("isVirtual").getOrElse(false)
))
}