github-mirrors/odc-analyzer
1
0
Fork 0
mirror of https://github.com/ysoftdevs/odc-analyzer.git synced 2026-03-28 12:02:00 +01:00
Code Issues 2 Packages Projects Releases Wiki Activity

Update for support of ODC 3.3.2

Browse Source
This commit is contained in:
Šesták Vít
2018-09-26 15:26:39 +02:00
parent 181a4c596c
commit ef5d7e911d
2 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/com/ysoft/odc/OdcParser.scala
View File

@@ -38,6 +38,7 @@ object SerializableXml{
final case class Analysis(scanInfo: SerializableXml, name: String, reportDate: DateTime, dependencies: Seq[Dependency]) final case class Analysis(scanInfo: SerializableXml, name: String, reportDate: DateTime, dependencies: Seq[Dependency])
final case class Hashes(sha1: String, md5: String){ final case class Hashes(sha1: String, md5: String){
// TODO: consider adding SHA256 without breaking backward compatibility
override def toString: String = s"Hashes(sha1=$sha1, md5=$md5)" override def toString: String = s"Hashes(sha1=$sha1, md5=$md5)"
def hashTuples: Seq[(String, String)] = Seq("sha1" -> sha1, "md5" -> md5) def hashTuples: Seq[(String, String)] = Seq("sha1" -> sha1, "md5" -> md5)
def serialized = s"$sha1-$md5" def serialized = s"$sha1-$md5"
@@ -61,6 +62,7 @@ abstract sealed class AbstractDependency{
def filePath: String def filePath: String
def md5: String def md5: String
def sha1: String def sha1: String
def sha256: String
def description: String def description: String
def identifiers: Seq[Identifier] def identifiers: Seq[Identifier]
def suppressedIdentifiers: Seq[Identifier] def suppressedIdentifiers: Seq[Identifier]
@@ -75,6 +77,7 @@ final case class Dependency(
filePath: String, filePath: String,
md5: String, md5: String,
sha1: String, sha1: String,
sha256: String,
description: String, description: String,
evidenceCollected: Set[Evidence], evidenceCollected: Set[Evidence],
identifiers: Seq[Identifier], identifiers: Seq[Identifier],
@@ -104,6 +107,7 @@ final case class RelatedDependency(
filePath: String, filePath: String,
md5: String, md5: String,
sha1: String, sha1: String,
sha256: String,
description: String, description: String,
identifiers: Seq[Identifier], identifiers: Seq[Identifier],
suppressedIdentifiers: Seq[Identifier], suppressedIdentifiers: Seq[Identifier],
@@ -172,8 +176,9 @@ object Confidence extends Enumeration {
final case class Reference(source: String, url: String, name: String) final case class Reference(source: String, url: String, name: String)
final case class VulnerableSoftware(allPreviousVersion: Boolean, name: String){ final case class VulnerableSoftware(allPreviousVersion: Boolean, name: String){
def containsVersion = name.count(_==':') >= 4 def containsVersion: Boolean = name.count(_==':') >= 4
def isVersionless = !containsVersion def isCpe: Boolean = name.startsWith("cpe:")
def isVersionless: Boolean = isCpe && !containsVersion
} }
final case class CvssRating(score: Option[Double], authenticationr: Option[String], availabilityImpact: Option[String], accessVector: Option[String], integrityImpact: Option[String], accessComplexity: Option[String], confidentialImpact: Option[String]) final case class CvssRating(score: Option[Double], authenticationr: Option[String], availabilityImpact: Option[String], accessVector: Option[String], integrityImpact: Option[String], accessComplexity: Option[String], confidentialImpact: Option[String])
@@ -351,7 +356,8 @@ object OdcParser {
} }
def parseDependency(node: Node): Dependency = { def parseDependency(node: Node): Dependency = {
checkElements(node, Set("fileName", "filePath", "md5", "sha1", "description", "evidenceCollected", "identifiers", "license", "vulnerabilities", "relatedDependencies")) checkElements(node, Set("fileName", "filePath", "md5", "sha1", "sha256", "description", "evidenceCollected", "identifiers", "license", "vulnerabilities", "relatedDependencies", "projectReferences"))
// TODO: process projectReferences
checkParams(node, Set("isVirtual")) checkParams(node, Set("isVirtual"))
val (vulnerabilities: Seq[Node], suppressedVulnerabilities: Seq[Node]) = (node \ "vulnerabilities").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "vulnerability") val (vulnerabilities: Seq[Node], suppressedVulnerabilities: Seq[Node]) = (node \ "vulnerabilities").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "vulnerability")
val (identifiers, suppressedIdentifiers) = (node \ "identifiers").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "identifier") val (identifiers, suppressedIdentifiers) = (node \ "identifiers").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "identifier")
@@ -360,6 +366,7 @@ object OdcParser {
filePath = (node \ "filePath").text, filePath = (node \ "filePath").text,
md5 = (node \ "md5").text, md5 = (node \ "md5").text,
sha1 = (node \ "sha1").text, sha1 = (node \ "sha1").text,
sha256 = (node \ "sha256").text,
description = (node \ "description").text, description = (node \ "description").text,
evidenceCollected = filterWhitespace((node \ "evidenceCollected").head).map(parseEvidence).toSet, evidenceCollected = filterWhitespace((node \ "evidenceCollected").head).map(parseEvidence).toSet,
identifiers = identifiers.map(parseIdentifier(_, "identifier")), identifiers = identifiers.map(parseIdentifier(_, "identifier")),
@@ -373,7 +380,7 @@ object OdcParser {
} }
def parseRelatedDependency(node: Node): RelatedDependency = { def parseRelatedDependency(node: Node): RelatedDependency = {
checkElements(node, Set("fileName", "filePath", "md5", "sha1", "description", "evidenceCollected", "identifier", "license", "vulnerabilities", "relatedDependencies")) checkElements(node, Set("fileName", "filePath", "md5", "sha1", "sha256", "description", "evidenceCollected", "identifier", "license", "vulnerabilities", "relatedDependencies"))
checkParams(node, Set("isVirtual")) checkParams(node, Set("isVirtual"))
val (vulnerabilities: Seq[Node], suppressedVulnerabilities: Seq[Node]) = (node \ "vulnerabilities").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "vulnerability") val (vulnerabilities: Seq[Node], suppressedVulnerabilities: Seq[Node]) = (node \ "vulnerabilities").headOption.map(filterWhitespace).getOrElse(Seq()).partition(_.label == "vulnerability")
relatedDependencyPool(RelatedDependency( relatedDependencyPool(RelatedDependency(
@@ -381,6 +388,7 @@ object OdcParser {
filePath = (node \ "filePath").text, filePath = (node \ "filePath").text,
md5 = (node \ "md5").text, md5 = (node \ "md5").text,
sha1 = (node \ "sha1").text, sha1 = (node \ "sha1").text,
sha256 = (node \ "sha256").text,
description = (node \ "description").text, description = (node \ "description").text,
identifiers = (node \ "identifier").map(parseIdentifier(_, "identifier", parseConfidence = false)), identifiers = (node \ "identifier").map(parseIdentifier(_, "identifier", parseConfidence = false)),
suppressedIdentifiers = (node \ "suppressedIdentifier").map(parseIdentifier(_, "suppressedIdentifier", parseConfidence = false)), suppressedIdentifiers = (node \ "suppressedIdentifier").map(parseIdentifier(_, "suppressedIdentifier", parseConfidence = false)),

1
test/factories/ReportsFactory.scala
View File

@@ -31,6 +31,7 @@ object ReportsFactory{
filePath = s"dep-for-$projectId", filePath = s"dep-for-$projectId",
md5 = DigestUtils.md5Hex(fakeFileContent), md5 = DigestUtils.md5Hex(fakeFileContent),
sha1 = DigestUtils.sha1Hex(fakeFileContent), sha1 = DigestUtils.sha1Hex(fakeFileContent),
sha256 = DigestUtils.sha256Hex(fakeFileContent),
description = s"Some fake dependency for project $projectId", description = s"Some fake dependency for project $projectId",
evidenceCollected = Set(), evidenceCollected = Set(),
identifiers = Seq(buildFakeIdentifier(projectId)), identifiers = Seq(buildFakeIdentifier(projectId)),