github-mirrors/odc-analyzer
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-analyzer.git synced 2026-03-23 09:31:54 +01:00
Code Issues 2 Packages Projects Releases Wiki Activity

Initial support for virtual dependencies.

Browse Source 
Well, they will probably not work anyway, because they don't have hashes. But at this point, at least the parser does not crash at isVirtual="false"
This commit is contained in:
Šesták Vít
2017-12-08 11:20:57 +01:00
parent 39ba123efc
commit 9343619ca9
3 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
app/com/ysoft/odc/OdcParser.scala
View File

@@ -5,9 +5,18 @@ import com.ysoft.memory.ObjectPool
import com.ysoft.odc.Confidence.Confidence import com.ysoft.odc.Confidence.Confidence
import controllers.ReportInfo import controllers.ReportInfo
import models.{LibraryType, PlainLibraryIdentifier} import models.{LibraryType, PlainLibraryIdentifier}
import RichNode.toRichNode
import scala.xml._ import scala.xml._
final case class RichNode (node: Node) extends AnyVal {
def boolAttribute(name: String): Option[Boolean] = node.attribute(name).map(_.text).map(Map("true"->true, "false"->false))
}
object RichNode{
implicit def toRichNode(node: Node) = RichNode(node)
}
final case class SerializableXml private (xmlString: String) extends Serializable{ final case class SerializableXml private (xmlString: String) extends Serializable{
def xml = SecureXml.loadString(xmlString) // TODO: cache def xml = SecureXml.loadString(xmlString) // TODO: cache
@@ -72,7 +81,8 @@ final case class Dependency(
license: String, license: String,
vulnerabilities: Seq[Vulnerability], vulnerabilities: Seq[Vulnerability],
suppressedVulnerabilities: Seq[Vulnerability], suppressedVulnerabilities: Seq[Vulnerability],
relatedDependencies: Seq[RelatedDependency] relatedDependencies: Seq[RelatedDependency],
isVirtual: Boolean
) extends AbstractDependency { ) extends AbstractDependency {
def hashes = Hashes(sha1 = sha1, md5 = md5) def hashes = Hashes(sha1 = sha1, md5 = md5)
@@ -258,7 +268,7 @@ object OdcParser {
} }
vulnerableSoftwarePool(VulnerableSoftware( vulnerableSoftwarePool(VulnerableSoftware(
name = node.text, name = node.text,
allPreviousVersion = node.attribute("allPreviousVersion").map(_.text).map(Map("true"->true, "false"->false)).getOrElse(false) allPreviousVersion = node.boolAttribute("allPreviousVersion").getOrElse(false)
)) ))
} }
@@ -333,7 +343,7 @@ object OdcParser {
def parseDependency(node: Node): Dependency = { def parseDependency(node: Node): Dependency = {
checkElements(node, Set("fileName", "filePath", "md5", "sha1", "description", "evidenceCollected", "identifiers", "license", "vulnerabilities", "relatedDependencies")) checkElements(node, Set("fileName", "filePath", "md5", "sha1", "description", "evidenceCollected", "identifiers", "license", "vulnerabilities", "relatedDependencies"))
checkParams(node, Set()) checkParams(node, Set("isVirtual"))
val (vulnerabilities: Seq[Node], suppressedVulnerabilities: Seq[Node]) = (node \ "vulnerabilities").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "vulnerability") val (vulnerabilities: Seq[Node], suppressedVulnerabilities: Seq[Node]) = (node \ "vulnerabilities").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "vulnerability")
val (identifiers, suppressedIdentifiers) = (node \ "identifiers").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "identifier") val (identifiers, suppressedIdentifiers) = (node \ "identifiers").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "identifier")
dependencyPool(Dependency( dependencyPool(Dependency(
@@ -348,7 +358,8 @@ object OdcParser {
license = (node \ "license").text, license = (node \ "license").text,
vulnerabilities = vulnerabilities.map(parseVulnerability(_)), vulnerabilities = vulnerabilities.map(parseVulnerability(_)),
suppressedVulnerabilities = suppressedVulnerabilities.map(parseVulnerability(_, "suppressedVulnerability")), suppressedVulnerabilities = suppressedVulnerabilities.map(parseVulnerability(_, "suppressedVulnerability")),
relatedDependencies = (node \ "relatedDependencies" \ "relatedDependency").map(parseRelatedDependency) relatedDependencies = (node \ "relatedDependencies" \ "relatedDependency").map(parseRelatedDependency),
isVirtual = node.boolAttribute("isVirtual").getOrElse(false)
)) ))
} }

4
app/controllers/Statistics.scala
View File

@@ -401,13 +401,15 @@ class Statistics @Inject()(
val (lastRefreshTime, resultsFuture) = projectReportsProvider.resultsForVersions(versions) val (lastRefreshTime, resultsFuture) = projectReportsProvider.resultsForVersions(versions)
resultsFuture flatMap { allResults => resultsFuture flatMap { allResults =>
select(allResults, Some("project:"+req.body.plan)).fold(Future.successful(NotFound(Json.obj("error"->"not found")))) { selection => select(allResults, Some("project:"+req.body.plan)).fold(Future.successful(NotFound(Json.obj("error"->"not found")))) { selection =>
if(selection.result.failedProjects.nonEmpty){
throw new RuntimeException("Cannot compare, because the previous analysis has failed")
}
reportMapFuture.map {reportMap => reportMapFuture.map {reportMap =>
def extractVulnerabilities(r: Result) = { def extractVulnerabilities(r: Result) = {
r.vulnerableDependencies.flatMap(_.vulnerabilities.map(_.name)).toSet r.vulnerableDependencies.flatMap(_.vulnerabilities.map(_.name)).toSet
} }
val adHocReports = DependencyCheckReportsParser.forAdHocScans(reportMap) val adHocReports = DependencyCheckReportsParser.forAdHocScans(reportMap)
def compare[T](f: Result => Set[T]) = new SetDiff(f(selection.result), f(adHocReports)) def compare[T](f: Result => Set[T]) = new SetDiff(f(selection.result), f(adHocReports))
//adHocReports.dep
Ok(Json.obj( Ok(Json.obj(
"vulnerabilities"->showDiff(compare(extractVulnerabilities)), "vulnerabilities"->showDiff(compare(extractVulnerabilities)),
"dependencies"->showDiff(compare(_.groupedDependencies.map(GroupedDependencyIdentifier.fromGroupedDependency).toSet)) "dependencies"->showDiff(compare(_.groupedDependencies.map(GroupedDependencyIdentifier.fromGroupedDependency).toSet))

3
test/factories/ReportsFactory.scala
View File

@@ -38,7 +38,8 @@ object ReportsFactory{
license = "something", license = "something",
vulnerabilities = Seq(), vulnerabilities = Seq(),
suppressedVulnerabilities = Seq(), suppressedVulnerabilities = Seq(),
relatedDependencies = Seq() relatedDependencies = Seq(),
isVirtual = false
) )
} }