github-mirrors/odc-analyzer
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-analyzer.git synced 2026-03-14 14:11:52 +01:00
Code Issues 2 Packages Projects Releases Wiki Activity

Adapted for current ODC output format

Browse Source
This commit is contained in:
Šesták Vít
2018-02-14 09:21:42 +01:00
parent 8095deae70
commit e766abf38c
1 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/com/ysoft/odc/OdcParser.scala
View File

@@ -106,7 +106,8 @@ final case class RelatedDependency(
suppressedIdentifiers: Seq[Identifier],
license: String,
vulnerabilities: Seq[Vulnerability],
suppressedVulnerabilities: Seq[Vulnerability]
suppressedVulnerabilities: Seq[Vulnerability],
isVirtual: Boolean
) extends AbstractDependency
/**
@@ -286,7 +287,8 @@ object OdcParser {
}
def parseVulnerability(node: Node, expectedLabel: String = "vulnerability"): Vulnerability = {
checkElements(node, Set("name", "severity", "cwe", "cvssScore", "description", "references", "vulnerableSoftware", "cvssAuthenticationr", "cvssAvailabilityImpact", "cvssAccessVector", "cvssIntegrityImpact", "cvssAccessComplexity", "cvssConfidentialImpact"))
checkElements(node, Set("name", "severity", "cwe", "cvssScore", "description", "references", "vulnerableSoftware", "cvssAuthenticationr", "cvssAvailabilityImpact", "cvssAccessVector", "cvssIntegrityImpact", "cvssAccessComplexity", "cvssConfidentialImpact", "notes"))
// TODO: notes element is currently ignored
if(node.label != expectedLabel){
sys.error(s"Unexpected element for vuln: ${node.label}")
}
@@ -328,12 +330,14 @@ object OdcParser {
if(node.label != expectedLabel){
sys.error("Unexpected label for identifier: "+node.label)
}
checkElements(node, Set("name", "url"))
checkElements(node, Set("name", "url", "notes"))
// TODO: process currently ignored element “notes”
checkParams(node, Set("type", "confidence"))
val ExtractPattern = """\((.*)\)""".r
identifierPool(Identifier(
name = (node \ "name").text match {
case ExtractPattern(text) => text
case ExtractPattern(text) => text // used in old ODC
case text => text // used in new ODC
},
url = (node \ "url").text,
identifierType = node.attribute("type").get.text,
@@ -365,7 +369,7 @@ object OdcParser {
def parseRelatedDependency(node: Node): RelatedDependency = {
checkElements(node, Set("fileName", "filePath", "md5", "sha1", "description", "evidenceCollected", "identifier", "license", "vulnerabilities", "relatedDependencies"))
checkParams(node, Set())
checkParams(node, Set("isVirtual"))
val (vulnerabilities: Seq[Node], suppressedVulnerabilities: Seq[Node]) = (node \ "vulnerabilities").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "vulnerability")
relatedDependencyPool(RelatedDependency(
fileName = (node \ "fileName").text,
@@ -377,7 +381,8 @@ object OdcParser {
suppressedIdentifiers = (node \ "suppressedIdentifier").map(parseIdentifier(_, "suppressedIdentifier", parseConfidence = false)),
license = (node \ "license").text,
vulnerabilities = vulnerabilities.map(parseVulnerability(_)),
suppressedVulnerabilities = suppressedVulnerabilities.map(parseVulnerability(_, "suppressedVulnerability"))
suppressedVulnerabilities = suppressedVulnerabilities.map(parseVulnerability(_, "suppressedVulnerability")),
isVirtual = node.boolAttribute("isVirtual").getOrElse(false)
))
}