Skip to content
Snippets Groups Projects
Verified Commit 3c43fd99 authored by Jan-Niclas Strüwer's avatar Jan-Niclas Strüwer
Browse files

added Sarif models and parsing for sarif results generated by detekt

parent 0545af65
No related branches found
No related tags found
No related merge requests found
Showing
with 211 additions and 4 deletions
......@@ -5,6 +5,7 @@ plugins {
id("io.spring.dependency-management") version "1.1.0"
kotlin("jvm") version "1.7.22"
kotlin("plugin.spring") version "1.7.22"
kotlin("plugin.serialization") version "1.8.21"
}
group = "de.fraunhofer.iem"
......@@ -31,7 +32,8 @@ dependencies {
implementation("org.jetbrains.kotlinx:kotlinx-coroutines-reactive")
implementation("org.jetbrains.kotlinx:kotlinx-coroutines-reactor")
implementation("org.gitlab4j:gitlab4j-api:6.0.0-rc.1")
implementation("org.eclipse.jgit:org.eclipse.jgit:6.5.0.202303070854-r")
implementation("org.eclipse.jgit:org.eclipse.jgit:6.5.0.202303070854-r")
implementation("org.jetbrains.kotlinx:kotlinx-serialization-json:1.5.0")
// for deployment replace with io.r2dbc:r2dbc-postgresql
implementation("io.r2dbc:r2dbc-h2")
developmentOnly("org.springframework.boot:spring-boot-devtools")
......
package de.fraunhofer.iem.dataprovider.sarif
import de.fraunhofer.iem.dataprovider.sarif.model.Sarif
import kotlinx.serialization.decodeFromString
import kotlinx.serialization.json.Json
import java.io.IOException
import java.nio.file.Path
fun getSarifFromPath(resultPath: Path): Sarif {
val resFile = resultPath.toFile()
if (resFile.exists()) {
val resString = resFile.readText()
val json = Json { ignoreUnknownKeys = true }
return json.decodeFromString<Sarif>(resString)
}
throw IOException("File not found / Path is no file.")
}
\ No newline at end of file
package de.fraunhofer.iem.dataprovider.sarif.model
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable
@Serializable
data class ArtifactLocation(
@SerialName("uri")
val uri: String
)
\ No newline at end of file
package de.fraunhofer.iem.dataprovider.sarif.model
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable
@Serializable
data class Driver(
@SerialName("downloadUri")
val downloadUri: String,
@SerialName("fullName")
val fullName: String,
@SerialName("guid")
val guid: String,
@SerialName("informationUri")
val informationUri: String,
@SerialName("language")
val language: String,
@SerialName("name")
val name: String,
@SerialName("organization")
val organization: String,
@SerialName("rules")
val rules: List<Rule>,
@SerialName("semanticVersion")
val semanticVersion: String,
@SerialName("version")
val version: String
)
\ No newline at end of file
package de.fraunhofer.iem.dataprovider.sarif.model
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable
@Serializable
data class Location(
@SerialName("physicalLocation")
val physicalLocation: PhysicalLocation
)
\ No newline at end of file
package de.fraunhofer.iem.dataprovider.sarif.model
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable
@Serializable
data class Message(
@SerialName("text")
val text: String
)
\ No newline at end of file
package de.fraunhofer.iem.dataprovider.sarif.model
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable
@Serializable
data class PhysicalLocation(
@SerialName("artifactLocation")
val artifactLocation: ArtifactLocation,
@SerialName("region")
val region: Region
)
\ No newline at end of file
package de.fraunhofer.iem.dataprovider.sarif.model
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable
@Serializable
data class Region(
@SerialName("endColumn")
val endColumn: Int,
@SerialName("endLine")
val endLine: Int,
@SerialName("startColumn")
val startColumn: Int,
@SerialName("startLine")
val startLine: Int
)
\ No newline at end of file
package de.fraunhofer.iem.dataprovider.sarif.model
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable
@Serializable
data class Result(
@SerialName("level")
val level: String,
@SerialName("locations")
val locations: List<Location>,
@SerialName("message")
val message: Message,
@SerialName("ruleId")
val ruleId: String
)
\ No newline at end of file
package de.fraunhofer.iem.dataprovider.sarif.model
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable
@Serializable
data class Rule(
@SerialName("helpUri")
val helpUri: String,
@SerialName("id")
val id: String,
@SerialName("name")
val name: String,
@SerialName("shortDescription")
val shortDescription: ShortDescription
)
\ No newline at end of file
package de.fraunhofer.iem.dataprovider.sarif.model
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable
@Serializable
data class Run(
@SerialName("results")
val results: List<Result>,
@SerialName("tool")
val tool: Tool
)
\ No newline at end of file
package de.fraunhofer.iem.dataprovider.sarif.model
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable
@Serializable
data class Sarif(
@SerialName("runs")
val runs: List<Run>
)
\ No newline at end of file
package de.fraunhofer.iem.dataprovider.sarif.model
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable
@Serializable
data class ShortDescription(
@SerialName("text")
val text: String
)
\ No newline at end of file
package de.fraunhofer.iem.dataprovider.sarif.model
import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable
@Serializable
data class Tool(
@SerialName("driver")
val driver: Driver
)
\ No newline at end of file
package de.fraunhofer.iem.dataprovider.taskManager.tasks
import de.fraunhofer.iem.dataprovider.sarif.getSarifFromPath
import de.fraunhofer.iem.dataprovider.taskManager.Event
import de.fraunhofer.iem.dataprovider.taskManager.ProcessTaskDone
import org.springframework.core.io.ClassPathResource
import org.springframework.core.io.Resource
import java.nio.file.Paths
class DetektTask(projectPath: String, outputPath: String, override val responseChannel: suspend (task: Event) -> Unit) :
ProcessTask() {
......@@ -13,11 +16,22 @@ class DetektTask(projectPath: String, outputPath: String, override val responseC
override val execPath: String = "/bin/sh"
private val resultPath = Paths.get(outputPath, "detekt", "report.sarif")
override suspend fun handleProcessReturn(p: Process) {
logger.info(resource.toString())
val returnMessage = "Odc finished with exit code ${p.exitValue()}"
val output = String(p.inputStream.readAllBytes())
logger.info("Process output $output")
// val output = String(p.inputStream.readAllBytes())
// logger.info("Process output $output")
val sarifResult = getSarifFromPath(resultPath)
sarifResult.runs.forEach {
it.results.forEach {
logger.info("run in sarif result message: ${it.message}")
}
}
responseChannel(ProcessTaskDone(taskID, returnMessage))
}
}
\ No newline at end of file
......@@ -5,7 +5,8 @@ import de.fraunhofer.iem.dataprovider.taskManager.ProcessTaskDone
import org.springframework.core.io.ClassPathResource
import org.springframework.core.io.Resource
// TODO: extend the existing odc setup to have an external db with cve lists.
// Else every docker run will load all indixes for a couple of minutes..
class OdcTask(projectPath: String, outputPath: String, override val responseChannel: suspend (task: Event) -> Unit) :
ProcessTask() {
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Consent

On this website, we use the web analytics service Matomo to analyze and review the use of our website. Through the collected statistics, we can improve our offerings and make them more appealing for you. Here, you can decide whether to allow us to process your data and set corresponding cookies for these purposes, in addition to technically necessary cookies. Further information on data protection—especially regarding "cookies" and "Matomo"—can be found in our privacy policy. You can withdraw your consent at any time.