github-mirrors/odc-analyzer
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-analyzer.git synced 2026-04-25 18:08:52 +02:00
Code Issues 2 Packages Projects Releases Wiki Activity

Adapted for current ODC output format

Browse Source
This commit is contained in:
Šesták Vít
2018-02-14 09:21:42 +01:00
parent 8095deae70
commit e766abf38c
1 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/com/ysoft/odc/OdcParser.scala
View File

@@ -106,7 +106,8 @@ final case class RelatedDependency(
suppressedIdentifiers: Seq[Identifier], suppressedIdentifiers: Seq[Identifier],
license: String, license: String,
vulnerabilities: Seq[Vulnerability], vulnerabilities: Seq[Vulnerability],
suppressedVulnerabilities: Seq[Vulnerability] suppressedVulnerabilities: Seq[Vulnerability],
isVirtual: Boolean
) extends AbstractDependency ) extends AbstractDependency
/** /**
@@ -286,7 +287,8 @@ object OdcParser {
} }
def parseVulnerability(node: Node, expectedLabel: String = "vulnerability"): Vulnerability = { def parseVulnerability(node: Node, expectedLabel: String = "vulnerability"): Vulnerability = {
checkElements(node, Set("name", "severity", "cwe", "cvssScore", "description", "references", "vulnerableSoftware", "cvssAuthenticationr", "cvssAvailabilityImpact", "cvssAccessVector", "cvssIntegrityImpact", "cvssAccessComplexity", "cvssConfidentialImpact")) checkElements(node, Set("name", "severity", "cwe", "cvssScore", "description", "references", "vulnerableSoftware", "cvssAuthenticationr", "cvssAvailabilityImpact", "cvssAccessVector", "cvssIntegrityImpact", "cvssAccessComplexity", "cvssConfidentialImpact", "notes"))
// TODO: notes element is currently ignored
if(node.label != expectedLabel){ if(node.label != expectedLabel){
sys.error(s"Unexpected element for vuln: ${node.label}") sys.error(s"Unexpected element for vuln: ${node.label}")
} }
@@ -328,12 +330,14 @@ object OdcParser {
if(node.label != expectedLabel){ if(node.label != expectedLabel){
sys.error("Unexpected label for identifier: "+node.label) sys.error("Unexpected label for identifier: "+node.label)
} }
checkElements(node, Set("name", "url")) checkElements(node, Set("name", "url", "notes"))
// TODO: process currently ignored element “notes”
checkParams(node, Set("type", "confidence")) checkParams(node, Set("type", "confidence"))
val ExtractPattern = """\((.*)\)""".r val ExtractPattern = """\((.*)\)""".r
identifierPool(Identifier( identifierPool(Identifier(
name = (node \ "name").text match { name = (node \ "name").text match {
case ExtractPattern(text) => text case ExtractPattern(text) => text // used in old ODC
case text => text // used in new ODC
}, },
url = (node \ "url").text, url = (node \ "url").text,
identifierType = node.attribute("type").get.text, identifierType = node.attribute("type").get.text,
@@ -365,7 +369,7 @@ object OdcParser {
def parseRelatedDependency(node: Node): RelatedDependency = { def parseRelatedDependency(node: Node): RelatedDependency = {
checkElements(node, Set("fileName", "filePath", "md5", "sha1", "description", "evidenceCollected", "identifier", "license", "vulnerabilities", "relatedDependencies")) checkElements(node, Set("fileName", "filePath", "md5", "sha1", "description", "evidenceCollected", "identifier", "license", "vulnerabilities", "relatedDependencies"))
checkParams(node, Set()) checkParams(node, Set("isVirtual"))
val (vulnerabilities: Seq[Node], suppressedVulnerabilities: Seq[Node]) = (node \ "vulnerabilities").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "vulnerability") val (vulnerabilities: Seq[Node], suppressedVulnerabilities: Seq[Node]) = (node \ "vulnerabilities").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "vulnerability")
relatedDependencyPool(RelatedDependency( relatedDependencyPool(RelatedDependency(
fileName = (node \ "fileName").text, fileName = (node \ "fileName").text,
@@ -377,7 +381,8 @@ object OdcParser {
suppressedIdentifiers = (node \ "suppressedIdentifier").map(parseIdentifier(_, "suppressedIdentifier", parseConfidence = false)), suppressedIdentifiers = (node \ "suppressedIdentifier").map(parseIdentifier(_, "suppressedIdentifier", parseConfidence = false)),
license = (node \ "license").text, license = (node \ "license").text,
vulnerabilities = vulnerabilities.map(parseVulnerability(_)), vulnerabilities = vulnerabilities.map(parseVulnerability(_)),
suppressedVulnerabilities = suppressedVulnerabilities.map(parseVulnerability(_, "suppressedVulnerability")) suppressedVulnerabilities = suppressedVulnerabilities.map(parseVulnerability(_, "suppressedVulnerability")),
isVirtual = node.boolAttribute("isVirtual").getOrElse(false)
)) ))
} }