From 99493aacd6af674385f1bc27b9df85888fc070f8 Mon Sep 17 00:00:00 2001
From: Jan-Niclas Struewer <j.n.struewer@gmail.com>
Date: Tue, 6 Jun 2023 19:11:53 +0200
Subject: [PATCH] added calculation for highest vulnerability score
---
.../taskManager/tasks/ort/OrtTask.kt | 26 ++++++++++++++++++-
.../iem/dataprovider/ParseOrtAdvisorResult.kt | 3 +++
.../ort-advisor-example-results.json | 2 +-
3 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/OrtTask.kt b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/OrtTask.kt
index 23e23d7a..7e82e99c 100644
--- a/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/OrtTask.kt
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/OrtTask.kt
@@ -7,6 +7,29 @@ import kotlinx.serialization.json.*
import java.io.IOException
import java.nio.file.Path
+class OrtTask {
+
+}
+
+fun getHighestScore(results: Array<AdvisorResult>): Double {
+ var highestScore = 0.0
+ results.forEach { res ->
+ res.vulnerabilities?.forEach { vul ->
+ vul.references?.forEach { ref ->
+ if (ref != null) {
+ if (ref.scoringSystem?.contains("cvss") == true) {
+ val score = ref.severity?.toDouble() ?: 0.0
+ if (highestScore < score) {
+ highestScore = score
+ }
+ }
+ }
+ }
+ }
+ }
+ return highestScore
+}
+
fun getOrtResultsFromFile(resultPath: Path): Array<AdvisorResult> {
val resFile = resultPath.toFile()
@@ -14,6 +37,7 @@ fun getOrtResultsFromFile(resultPath: Path): Array<AdvisorResult> {
val results = mutableListOf<AdvisorResult>()
val resString = resFile.readText()
val json = Json { ignoreUnknownKeys = true }
+
val rawJson = json.decodeFromString<Ort>(resString)
rawJson.advisor?.results?.advisorResults?.forEach { (key, value) ->
if (value is JsonArray) {
@@ -26,8 +50,8 @@ fun getOrtResultsFromFile(resultPath: Path): Array<AdvisorResult> {
}
put("identifier", key)
}
+
val advisorResult = json.decodeFromJsonElement<AdvisorResult>(flat)
- println(advisorResult)
results.add(advisorResult)
}
}
diff --git a/src/test/kotlin/de/fraunhofer/iem/dataprovider/ParseOrtAdvisorResult.kt b/src/test/kotlin/de/fraunhofer/iem/dataprovider/ParseOrtAdvisorResult.kt
index c0d1caeb..a651c786 100644
--- a/src/test/kotlin/de/fraunhofer/iem/dataprovider/ParseOrtAdvisorResult.kt
+++ b/src/test/kotlin/de/fraunhofer/iem/dataprovider/ParseOrtAdvisorResult.kt
@@ -1,5 +1,6 @@
package de.fraunhofer.iem.dataprovider
+import de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.getHighestScore
import de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.getOrtResultsFromFile
import org.junit.jupiter.api.Test
import java.nio.file.Paths
@@ -14,6 +15,8 @@ class ParseOrtAdvisorResult {
assert(res[0].identifier == "first" && res[1].identifier == "second")
assert(res[0].vulnerabilities?.get(0)?.id == "CVE-2021-45105")
assert(res[0].vulnerabilities?.get(0)?.references?.get(0)?.severity == "6.6")
+
+ assert(getHighestScore(res) == 8.6)
}
diff --git a/src/test/kotlin/de/fraunhofer/iem/dataprovider/ort-advisor-example-results.json b/src/test/kotlin/de/fraunhofer/iem/dataprovider/ort-advisor-example-results.json
index a33f4b33..2b1d087e 100644
--- a/src/test/kotlin/de/fraunhofer/iem/dataprovider/ort-advisor-example-results.json
+++ b/src/test/kotlin/de/fraunhofer/iem/dataprovider/ort-advisor-example-results.json
@@ -112,7 +112,7 @@
{
"url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44832.json",
"scoring_system": "cvssv3",
- "severity": "6.6"
+ "severity": "8.6"
},
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf",
--
GitLab