added owas dependency checker as first tool

build.gradle.kts

@@ -38,6 +38,7 @@ dependencies {
 	runtimeOnly("com.h2database:h2")
 	testImplementation("org.springframework.boot:spring-boot-starter-test")
 	testImplementation("org.springframework.security:spring-security-test")
+	testImplementation("org.jetbrains.kotlinx:kotlinx-coroutines-test:1.6.4")
 }
 
 tasks.withType<KotlinCompile> {

src/main/kotlin/de/fraunhofer/iem/dataprovider/gitlab/GitlabController.kt

 package de.fraunhofer.iem.dataprovider.gitlab
 
 import de.fraunhofer.iem.dataprovider.logger.getLogger
-import de.fraunhofer.iem.dataprovider.taskManager.TaskManager
 import org.springframework.web.bind.annotation.*
 
 enum class Platform {
@@ -9,10 +8,10 @@ enum class Platform {
     GITHUB,
 }
 data class RepositoryChangedDto(val repoId: Long, val platform: Platform)
-data class RepositoryChangedPathDto(val path: String, val platform: Platform)
+
 @RestController
 @RequestMapping("/gitlab")
-class GitlabController(private val gitlabService: GitlabService, private val taskManager: TaskManager) {
+class GitlabController(private val gitlabService: GitlabService) {
 
     private val logger = getLogger(javaClass)
 
@@ -30,21 +29,4 @@ class GitlabController(private val gitlabService: GitlabService, private val tas
         }
     }
 
-    // TODO: improve duplicate code from repoChanged
-    @PostMapping("/repoChangedPath")
-    suspend fun repoChangedPath(@RequestBody repositoryChangedDto: RepositoryChangedPathDto) {
-        logger.info("Repo changed POST request for path ${repositoryChangedDto.path} on platform ${repositoryChangedDto.platform} received.")
-        when (repositoryChangedDto.platform) {
-            Platform.OPEN_CODE -> gitlabService.queryOpenCodeProject(repositoryChangedDto.path)
-            else -> {
-                logger.info("Platform currently not supported.")
-                // TODO: send fitting http response
-            }
-        }
-    }
-
-    @GetMapping("/test")
-    suspend fun test() {
-//        taskManager.addTask(JavaTask(TaskType.REPO_CHANGED, "-version", responseChannel = taskManager::addTask ))
-    }
 }
\ No newline at end of file

src/main/kotlin/de/fraunhofer/iem/dataprovider/gitlab/GitlabService.kt

@@ -13,13 +13,7 @@ class GitlabService(private val openCodeGitlabConfiguration: OpenCodeGitlabConfi
     private val logger = getLogger(javaClass)
 
     suspend fun queryOpenCodeProject(repoId: Long) {
-//        taskManager.addTask(GetGitlabProjectIdTask(repoId = repoId, gitlabConfiguration = openCodeGitlabConfiguration, responseChannel = taskManager::addTask))
         taskManager.addEvent(RepoChangedEvent(repoId = repoId, gitConfiguration = openCodeGitlabConfiguration))
     }
 
-    suspend fun queryOpenCodeProject(repoId: String) {
-//        taskManager.addTask(GetGitlabProjectPathTask(repoId = repoId, gitlabConfiguration = openCodeGitlabConfiguration, responseChannel = taskManager::addTask))
-//        taskManager.addEvent(RepoChanged(repoId = repoId, gitConfiguration = openCodeGitlabConfiguration,))
-    }
-
 }
\ No newline at end of file

src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/Config.kt

+package de.fraunhofer.iem.dataprovider.taskManager
+
+import org.springframework.beans.factory.annotation.Value
+import org.springframework.stereotype.Component
+
+// TODO: validate the correctness of env variables
+@Component
+class Config {
+    @Value("\${GIT_PROJECT_PATH}")
+    lateinit var gitProjectPath: String
+}
\ No newline at end of file

src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/TaskManager.kt

@@ -3,7 +3,7 @@ package de.fraunhofer.iem.dataprovider.taskManager
 import de.fraunhofer.iem.dataprovider.gitlab.GitConfiguration
 import de.fraunhofer.iem.dataprovider.logger.getLogger
 import de.fraunhofer.iem.dataprovider.taskManager.tasks.CloneGitTask
-import de.fraunhofer.iem.dataprovider.taskManager.tasks.GetGitlabProjectIdTask
+import de.fraunhofer.iem.dataprovider.taskManager.tasks.GetGitlabProjectTask
 import de.fraunhofer.iem.dataprovider.taskManager.tasks.GitProject
 import de.fraunhofer.iem.dataprovider.taskManager.tasks.OdcTask
 import jakarta.annotation.PreDestroy
@@ -33,7 +33,7 @@ class ProcessTaskDone(override val taskId: UUID, val message: String) : TaskDone
  * to manage incoming tasks.
  */
 @Component
-class TaskManager {
+class TaskManager(private val config: Config) {
 
     // The used default dispatcher is ok for CPU-bound workloads. However,
     // if they block for a long time it's better to use a custom thread
@@ -85,7 +85,7 @@ class TaskManager {
 
             when (event) {
                 is RepoChangedEvent -> {
-                    ioWorker.addTask(GetGitlabProjectIdTask(event.repoId, event.gitConfiguration, ::addEvent))
+                    ioWorker.addTask(GetGitlabProjectTask(event.repoId, event.gitConfiguration, ::addEvent))
                 }
 
                 is GetGitlabProjectDone -> {
@@ -93,9 +93,9 @@ class TaskManager {
                         CloneGitTask(
                             event.gitProject,
                             ::addEvent,
-                            "/tmp/opencode"
+                            config.gitProjectPath
                         )
-                    ) //TODO: remove hardcoded variable
+                    )
                 }
 
                 is GitCloneDone -> {

src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/GitlabTask.kt

@@ -6,10 +6,11 @@ import de.fraunhofer.iem.dataprovider.taskManager.GetGitlabProjectDone
 import org.gitlab4j.api.GitLabApi
 
 
-sealed class GetGitlabProjectTask : Task() {
+class GetGitlabProjectTask(
+    private val repoId: Long, private val gitlabConfiguration: GitConfiguration,
+    override val responseChannel: suspend (task: Event) -> Unit
+) : Task() {
 
-    protected abstract val repoId: Any
-    protected abstract val gitlabConfiguration: GitConfiguration
 
     private val gitlabApi: GitLabApi = GitLabApi(gitlabConfiguration.host, gitlabConfiguration.accessToken)
 
@@ -19,22 +20,10 @@ sealed class GetGitlabProjectTask : Task() {
         val project = gitlabApi.projectApi.getProject(repoId)
         logger.info(project.toString())
         val projectUri = project.httpUrlToRepo
-        val gitProject = GitProject(project.name, projectUri)
+        val gitProject = GitProject(project.path, projectUri)
 
         responseChannel(GetGitlabProjectDone(taskID, gitProject))
 
         logger.info("Retrieved project ${project.path} and url $projectUri")
     }
 }
-
-class GetGitlabProjectPathTask(
-    override val repoId: String,
-    override val gitlabConfiguration: GitConfiguration,
-    override val responseChannel: suspend (task: Event) -> Unit,
-) : GetGitlabProjectTask()
-
-class GetGitlabProjectIdTask(
-    override val repoId: Long,
-    override val gitlabConfiguration: GitConfiguration,
-    override val responseChannel: suspend (task: Event) -> Unit
-) : GetGitlabProjectTask()

src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/OdcTask.kt

@@ -9,10 +9,10 @@ import org.springframework.core.io.Resource
 class OdcTask(projectPath: String, outputPath: String, override val responseChannel: suspend (task: Event) -> Unit) :
     ProcessTask() {
 
-    override val flags: Array<String> = arrayOf(outputPath, projectPath)
     private val resource: Resource = ClassPathResource("scripts/odc.sh")
+    override val flags: Array<String> = arrayOf(resource.file.absolutePath, outputPath, projectPath)
 
-    override val execPath: String = resource.toString()
+    override val execPath: String = "/bin/sh"
 
     override suspend fun handleProcessReturn(p: Process) {
         logger.info(resource.toString())

src/main/resources/scripts/odc.sh

@@ -21,7 +21,7 @@ docker pull owasp/dependency-check:$DC_VERSION
 docker run --rm \
     -e user="$USER" \
     -u $(id -u ${USER}):$(id -g ${USER}) \
-    --volume ${2}:/src:z \
+    --volume "${2}":/src:z \
     --volume "$DATA_DIRECTORY":/usr/share/dependency-check/data:z \
     --volume "$DC_DIRECTORY"/odc-reports:/report:z \
     owasp/dependency-check:$DC_VERSION \

src/test/kotlin/de/fraunhofer/iem/dataprovider/OdcTaskTest.kt

+package de.fraunhofer.iem.dataprovider
+
+import de.fraunhofer.iem.dataprovider.taskManager.Event
+import de.fraunhofer.iem.dataprovider.taskManager.tasks.OdcTask
+import kotlinx.coroutines.ExperimentalCoroutinesApi
+import kotlinx.coroutines.test.runTest
+import org.junit.jupiter.api.Test
+
+@OptIn(ExperimentalCoroutinesApi::class)
+class OdcTaskTest {
+    suspend fun callback(event: Event) {}
+
+    @Test
+    fun initTest() = runTest {
+        OdcTask("/this/is/no/real/path", "/neither/is/this", ::callback)
+    }
+}
\ No newline at end of file