added Sarif models and parsing for sarif results generated by detekt

3c43fd99 · Jan-Niclas Strüwer · 0545af65 · 3c43fd99 · 3c43fd99 · 3c43fd99
Verified Commit 3c43fd99 authored 1 year ago by Jan-Niclas Strüwer
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -5,6 +5,7 @@ plugins {
 	id("io.spring.dependency-management") version "1.1.0"
 	kotlin("jvm") version "1.7.22"
 	kotlin("plugin.spring") version "1.7.22"
+    kotlin("plugin.serialization") version "1.8.21"
 }

 group = "de.fraunhofer.iem"
@@ -31,7 +32,8 @@ dependencies {
 	implementation("org.jetbrains.kotlinx:kotlinx-coroutines-reactive")
 	implementation("org.jetbrains.kotlinx:kotlinx-coroutines-reactor")
 	implementation("org.gitlab4j:gitlab4j-api:6.0.0-rc.1")
-	implementation("org.eclipse.jgit:org.eclipse.jgit:6.5.0.202303070854-r")
+    implementation("org.eclipse.jgit:org.eclipse.jgit:6.5.0.202303070854-r")
+    implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:1.5.0")
 	// for deployment replace with io.r2dbc:r2dbc-postgresql
 	implementation("io.r2dbc:r2dbc-h2")
 	developmentOnly("org.springframework.boot:spring-boot-devtools")

--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/SarifReader.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/SarifReader.kt
+package de.fraunhofer.iem.dataprovider.sarif
+
+import de.fraunhofer.iem.dataprovider.sarif.model.Sarif
+import kotlinx.serialization.decodeFromString
+import kotlinx.serialization.json.Json
+import java.io.IOException
+import java.nio.file.Path
+
+fun getSarifFromPath(resultPath: Path): Sarif {
+    val resFile = resultPath.toFile()
+    if (resFile.exists()) {
+        val resString = resFile.readText()
+        val json = Json { ignoreUnknownKeys = true }
+        return json.decodeFromString<Sarif>(resString)
+    }
+
+    throw IOException("File not found / Path is no file.")
+}
\ No newline at end of file
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/ArtifactLocation.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/ArtifactLocation.kt
+package de.fraunhofer.iem.dataprovider.sarif.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class ArtifactLocation(
+    @SerialName("uri")
+    val uri: String
+)
\ No newline at end of file
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Driver.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Driver.kt
+package de.fraunhofer.iem.dataprovider.sarif.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class Driver(
+    @SerialName("downloadUri")
+    val downloadUri: String,
+    @SerialName("fullName")
+    val fullName: String,
+    @SerialName("guid")
+    val guid: String,
+    @SerialName("informationUri")
+    val informationUri: String,
+    @SerialName("language")
+    val language: String,
+    @SerialName("name")
+    val name: String,
+    @SerialName("organization")
+    val organization: String,
+    @SerialName("rules")
+    val rules: List<Rule>,
+    @SerialName("semanticVersion")
+    val semanticVersion: String,
+    @SerialName("version")
+    val version: String
+)
\ No newline at end of file
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Location.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Location.kt
+package de.fraunhofer.iem.dataprovider.sarif.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class Location(
+    @SerialName("physicalLocation")
+    val physicalLocation: PhysicalLocation
+)
\ No newline at end of file
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Message.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Message.kt
+package de.fraunhofer.iem.dataprovider.sarif.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class Message(
+    @SerialName("text")
+    val text: String
+)
\ No newline at end of file
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/PhysicalLocation.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/PhysicalLocation.kt
+package de.fraunhofer.iem.dataprovider.sarif.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class PhysicalLocation(
+    @SerialName("artifactLocation")
+    val artifactLocation: ArtifactLocation,
+    @SerialName("region")
+    val region: Region
+)
\ No newline at end of file
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Region.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Region.kt
+package de.fraunhofer.iem.dataprovider.sarif.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class Region(
+    @SerialName("endColumn")
+    val endColumn: Int,
+    @SerialName("endLine")
+    val endLine: Int,
+    @SerialName("startColumn")
+    val startColumn: Int,
+    @SerialName("startLine")
+    val startLine: Int
+)
\ No newline at end of file
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Result.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Result.kt
+package de.fraunhofer.iem.dataprovider.sarif.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class Result(
+    @SerialName("level")
+    val level: String,
+    @SerialName("locations")
+    val locations: List<Location>,
+    @SerialName("message")
+    val message: Message,
+    @SerialName("ruleId")
+    val ruleId: String
+)
\ No newline at end of file
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Rule.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Rule.kt
+package de.fraunhofer.iem.dataprovider.sarif.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class Rule(
+    @SerialName("helpUri")
+    val helpUri: String,
+    @SerialName("id")
+    val id: String,
+    @SerialName("name")
+    val name: String,
+    @SerialName("shortDescription")
+    val shortDescription: ShortDescription
+)
\ No newline at end of file
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Run.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Run.kt
+package de.fraunhofer.iem.dataprovider.sarif.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class Run(
+    @SerialName("results")
+    val results: List<Result>,
+    @SerialName("tool")
+    val tool: Tool
+)
\ No newline at end of file
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Sarif.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Sarif.kt
+package de.fraunhofer.iem.dataprovider.sarif.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class Sarif(
+    @SerialName("runs")
+    val runs: List<Run>
+)
\ No newline at end of file
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/ShortDescription.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/ShortDescription.kt
+package de.fraunhofer.iem.dataprovider.sarif.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class ShortDescription(
+    @SerialName("text")
+    val text: String
+)
\ No newline at end of file
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Tool.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/sarif/model/Tool.kt
+package de.fraunhofer.iem.dataprovider.sarif.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class Tool(
+    @SerialName("driver")
+    val driver: Driver
+)
\ No newline at end of file
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/DetektTask.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/DetektTask.kt
 package de.fraunhofer.iem.dataprovider.taskManager.tasks

+import de.fraunhofer.iem.dataprovider.sarif.getSarifFromPath
 import de.fraunhofer.iem.dataprovider.taskManager.Event
 import de.fraunhofer.iem.dataprovider.taskManager.ProcessTaskDone
 import org.springframework.core.io.ClassPathResource
 import org.springframework.core.io.Resource
+import java.nio.file.Paths
+

 class DetektTask(projectPath: String, outputPath: String, override val responseChannel: suspend (task: Event) -> Unit) :
    ProcessTask() {
@@ -13,11 +16,22 @@ class DetektTask(projectPath: String, outputPath: String, override val responseC

    override val execPath: String = "/bin/sh"

+    private val resultPath = Paths.get(outputPath, "detekt", "report.sarif")
    override suspend fun handleProcessReturn(p: Process) {
        logger.info(resource.toString())
+
        val returnMessage = "Odc finished with exit code ${p.exitValue()}"
-        val output = String(p.inputStream.readAllBytes())
-        logger.info("Process output $output")
+//        val output = String(p.inputStream.readAllBytes())
+//        logger.info("Process output $output")
+
+        val sarifResult = getSarifFromPath(resultPath)
+
+        sarifResult.runs.forEach {
+            it.results.forEach {
+                logger.info("run in sarif result message: ${it.message}")
+            }
+        }
+
        responseChannel(ProcessTaskDone(taskID, returnMessage))
    }
 }
\ No newline at end of file
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/OdcTask.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/OdcTask.kt
@@ -5,7 +5,8 @@ import de.fraunhofer.iem.dataprovider.taskManager.ProcessTaskDone
 import org.springframework.core.io.ClassPathResource
 import org.springframework.core.io.Resource

-
+// TODO: extend the existing odc setup to have an external db with cve lists.
+//  Else every docker run will load all indixes for a couple of minutes..
 class OdcTask(projectPath: String, outputPath: String, override val responseChannel: suspend (task: Event) -> Unit) :
    ProcessTask() {