From f8674231283d69cda773b6848b71207549d5a286 Mon Sep 17 00:00:00 2001
From: Jan-Niclas Struewer <j.n.struewer@gmail.com>
Date: Tue, 6 Jun 2023 18:54:11 +0200
Subject: [PATCH] parsing ort result
---
.../taskManager/tasks/ort/OrtTask.kt | 40 ++++++
.../taskManager/tasks/ort/model/Advisor.kt | 11 ++
.../tasks/ort/model/AdvisorInResult.kt | 13 ++
.../tasks/ort/model/AdvisorResult.kt | 20 +++
.../taskManager/tasks/ort/model/Issue.kt | 17 +++
.../taskManager/tasks/ort/model/Ort.kt | 11 ++
.../taskManager/tasks/ort/model/Reference.kt | 15 ++
.../taskManager/tasks/ort/model/Results.kt | 12 ++
.../taskManager/tasks/ort/model/Summary.kt | 15 ++
.../tasks/ort/model/Vulnerability.kt | 13 ++
.../iem/dataprovider/ParseOrtAdvisorResult.kt | 20 +++
.../ort-advisor-example-results.json | 130 ++++++++++++++++++
12 files changed, 317 insertions(+)
create mode 100644 src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/OrtTask.kt
create mode 100644 src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Advisor.kt
create mode 100644 src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/AdvisorInResult.kt
create mode 100644 src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/AdvisorResult.kt
create mode 100644 src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Issue.kt
create mode 100644 src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Ort.kt
create mode 100644 src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Reference.kt
create mode 100644 src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Results.kt
create mode 100644 src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Summary.kt
create mode 100644 src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Vulnerability.kt
create mode 100644 src/test/kotlin/de/fraunhofer/iem/dataprovider/ParseOrtAdvisorResult.kt
create mode 100644 src/test/kotlin/de/fraunhofer/iem/dataprovider/ort-advisor-example-results.json
diff --git a/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/OrtTask.kt b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/OrtTask.kt
new file mode 100644
index 00000000..23e23d7a
--- /dev/null
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/OrtTask.kt
@@ -0,0 +1,40 @@
+package de.fraunhofer.iem.dataprovider.taskManager.tasks.ort
+
+import de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.model.AdvisorResult
+import de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.model.Ort
+import kotlinx.serialization.decodeFromString
+import kotlinx.serialization.json.*
+import java.io.IOException
+import java.nio.file.Path
+
+fun getOrtResultsFromFile(resultPath: Path): Array<AdvisorResult> {
+ val resFile = resultPath.toFile()
+
+ if (resFile.exists()) {
+ val results = mutableListOf<AdvisorResult>()
+ val resString = resFile.readText()
+ val json = Json { ignoreUnknownKeys = true }
+ val rawJson = json.decodeFromString<Ort>(resString)
+ rawJson.advisor?.results?.advisorResults?.forEach { (key, value) ->
+ if (value is JsonArray) {
+ value.forEach { res ->
+ if (res is JsonObject) {
+
+ val flat = buildJsonObject {
+ res.entries.forEach { (eKey, eValue) ->
+ put(eKey, eValue)
+ }
+ put("identifier", key)
+ }
+ val advisorResult = json.decodeFromJsonElement<AdvisorResult>(flat)
+ println(advisorResult)
+ results.add(advisorResult)
+ }
+ }
+ }
+ }
+ return results.toTypedArray()
+ }
+
+ throw IOException("File not found / Path is no file.")
+}
\ No newline at end of file
diff --git a/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Advisor.kt b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Advisor.kt
new file mode 100644
index 00000000..3cf2637f
--- /dev/null
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Advisor.kt
@@ -0,0 +1,11 @@
+package de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class Advisor(
+ @SerialName("results")
+ val results: Results?
+)
\ No newline at end of file
diff --git a/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/AdvisorInResult.kt b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/AdvisorInResult.kt
new file mode 100644
index 00000000..6f9339f4
--- /dev/null
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/AdvisorInResult.kt
@@ -0,0 +1,13 @@
+package de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class AdvisorInResult(
+ @SerialName("capabilities")
+ val capabilities: List<String?>?,
+ @SerialName("name")
+ val name: String?
+)
\ No newline at end of file
diff --git a/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/AdvisorResult.kt b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/AdvisorResult.kt
new file mode 100644
index 00000000..cf683711
--- /dev/null
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/AdvisorResult.kt
@@ -0,0 +1,20 @@
+package de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.model
+
+
+import kotlinx.serialization.Contextual
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class AdvisorResult(
+ @SerialName("identifier")
+ val identifier: String,
+ @SerialName("advisor")
+ val advisor: AdvisorInResult?,
+ @SerialName("defects")
+ val defects: List<@Contextual Any>?,
+ @SerialName("summary")
+ val summary: Summary?,
+ @SerialName("vulnerabilities")
+ val vulnerabilities: List<Vulnerability>?
+)
\ No newline at end of file
diff --git a/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Issue.kt b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Issue.kt
new file mode 100644
index 00000000..83a685ce
--- /dev/null
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Issue.kt
@@ -0,0 +1,17 @@
+package de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class Issue(
+ @SerialName("message")
+ val message: String?,
+ @SerialName("severity")
+ val severity: String?,
+ @SerialName("source")
+ val source: String?,
+ @SerialName("timestamp")
+ val timestamp: String?
+)
\ No newline at end of file
diff --git a/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Ort.kt b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Ort.kt
new file mode 100644
index 00000000..e6c1b91b
--- /dev/null
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Ort.kt
@@ -0,0 +1,11 @@
+package de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class Ort(
+ @SerialName("advisor")
+ val advisor: Advisor?
+)
\ No newline at end of file
diff --git a/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Reference.kt b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Reference.kt
new file mode 100644
index 00000000..0215e23c
--- /dev/null
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Reference.kt
@@ -0,0 +1,15 @@
+package de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class Reference(
+ @SerialName("scoring_system")
+ val scoringSystem: String?,
+ @SerialName("severity")
+ val severity: String?,
+ @SerialName("url")
+ val url: String?
+)
\ No newline at end of file
diff --git a/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Results.kt b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Results.kt
new file mode 100644
index 00000000..041e119f
--- /dev/null
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Results.kt
@@ -0,0 +1,12 @@
+package de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+import kotlinx.serialization.json.JsonObject
+
+@Serializable
+data class Results(
+ @SerialName("advisor_results")
+ val advisorResults: JsonObject
+)
\ No newline at end of file
diff --git a/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Summary.kt b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Summary.kt
new file mode 100644
index 00000000..8e5e6654
--- /dev/null
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Summary.kt
@@ -0,0 +1,15 @@
+package de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class Summary(
+ @SerialName("end_time")
+ val endTime: String?,
+ @SerialName("issues")
+ val issues: List<Issue?>?,
+ @SerialName("start_time")
+ val startTime: String?
+)
\ No newline at end of file
diff --git a/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Vulnerability.kt b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Vulnerability.kt
new file mode 100644
index 00000000..622a27db
--- /dev/null
+++ b/src/main/kotlin/de/fraunhofer/iem/dataprovider/taskManager/tasks/ort/model/Vulnerability.kt
@@ -0,0 +1,13 @@
+package de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.model
+
+
+import kotlinx.serialization.SerialName
+import kotlinx.serialization.Serializable
+
+@Serializable
+data class Vulnerability(
+ @SerialName("id")
+ val id: String?,
+ @SerialName("references")
+ val references: List<Reference?>?
+)
\ No newline at end of file
diff --git a/src/test/kotlin/de/fraunhofer/iem/dataprovider/ParseOrtAdvisorResult.kt b/src/test/kotlin/de/fraunhofer/iem/dataprovider/ParseOrtAdvisorResult.kt
new file mode 100644
index 00000000..c0d1caeb
--- /dev/null
+++ b/src/test/kotlin/de/fraunhofer/iem/dataprovider/ParseOrtAdvisorResult.kt
@@ -0,0 +1,20 @@
+package de.fraunhofer.iem.dataprovider
+
+import de.fraunhofer.iem.dataprovider.taskManager.tasks.ort.getOrtResultsFromFile
+import org.junit.jupiter.api.Test
+import java.nio.file.Paths
+
+class ParseOrtAdvisorResult {
+
+ @Test
+ fun parseOrt() {
+ val res =
+ getOrtResultsFromFile(Paths.get("src/test/kotlin/de/fraunhofer/iem/dataprovider/ort-advisor-example-results.json"))
+
+ assert(res[0].identifier == "first" && res[1].identifier == "second")
+ assert(res[0].vulnerabilities?.get(0)?.id == "CVE-2021-45105")
+ assert(res[0].vulnerabilities?.get(0)?.references?.get(0)?.severity == "6.6")
+ }
+
+
+}
\ No newline at end of file
diff --git a/src/test/kotlin/de/fraunhofer/iem/dataprovider/ort-advisor-example-results.json b/src/test/kotlin/de/fraunhofer/iem/dataprovider/ort-advisor-example-results.json
new file mode 100644
index 00000000..a33f4b33
--- /dev/null
+++ b/src/test/kotlin/de/fraunhofer/iem/dataprovider/ort-advisor-example-results.json
@@ -0,0 +1,130 @@
+{
+ "advisor": {
+ "results": {
+ "advisor_results": {
+ "first": [
+ {
+ "advisor": {
+ "name": "VulnerableCode",
+ "capabilities": [
+ "VULNERABILITIES"
+ ]
+ },
+ "summary": {
+ "start_time": "2023-06-05T08:54:18.739380591Z",
+ "end_time": "2023-06-05T08:54:21.192752259Z",
+ "issues": [
+ {
+ "timestamp": "2023-06-05T08:54:21.196167384Z",
+ "source": "VulnerableCode",
+ "message": "Failed to map VulnerabilityReference(url=https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:cloudcenter_suite:4.10\\(0.15\\):*:*:*:*:*:*:*, scores=[]) to ORT model due to java.net.URISyntaxException: Illegal character in query at index 122: https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:cloudcenter_suite:4.10\\(0.15\\):*:*:*:*:*:*:*.",
+ "severity": "HINT"
+ },
+ {
+ "timestamp": "2023-06-05T08:54:21.200655759Z",
+ "source": "VulnerableCode",
+ "message": "Failed to map VulnerabilityReference(url=https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:cloudcenter_suite:5.3\\(0\\):*:*:*:*:*:*:*, scores=[]) to ORT model due to java.net.URISyntaxException: Illegal character in query at index 121: https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:cloudcenter_suite:5.3\\(0\\):*:*:*:*:*:*:*.",
+ "severity": "HINT"
+ }
+ ]
+ },
+ "defects": [],
+ "vulnerabilities": [
+ {
+ "id": "CVE-2021-45105",
+ "references": [
+ {
+ "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44832.json",
+ "scoring_system": "cvssv3",
+ "severity": "6.6"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf",
+ "scoring_system": null,
+ "severity": null
+ }
+ ]
+ },
+ {
+ "id": "CVE-2021-44832",
+ "references": [
+ {
+ "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44832.json",
+ "scoring_system": "cvssv3",
+ "severity": "6.6"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf",
+ "scoring_system": null,
+ "severity": null
+ }
+ ]
+ }
+ ]
+ }
+ ],
+ "second": [
+ {
+ "advisor": {
+ "name": "VulnerableCode",
+ "capabilities": [
+ "VULNERABILITIES"
+ ]
+ },
+ "summary": {
+ "start_time": "2023-06-05T08:54:18.739380591Z",
+ "end_time": "2023-06-05T08:54:21.192752259Z",
+ "issues": [
+ {
+ "timestamp": "2023-06-05T08:54:21.196167384Z",
+ "source": "VulnerableCode",
+ "message": "Failed to map VulnerabilityReference(url=https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:cloudcenter_suite:4.10\\(0.15\\):*:*:*:*:*:*:*, scores=[]) to ORT model due to java.net.URISyntaxException: Illegal character in query at index 122: https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:cloudcenter_suite:4.10\\(0.15\\):*:*:*:*:*:*:*.",
+ "severity": "HINT"
+ },
+ {
+ "timestamp": "2023-06-05T08:54:21.200655759Z",
+ "source": "VulnerableCode",
+ "message": "Failed to map VulnerabilityReference(url=https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:cloudcenter_suite:5.3\\(0\\):*:*:*:*:*:*:*, scores=[]) to ORT model due to java.net.URISyntaxException: Illegal character in query at index 121: https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cisco:cloudcenter_suite:5.3\\(0\\):*:*:*:*:*:*:*.",
+ "severity": "HINT"
+ }
+ ]
+ },
+ "defects": [],
+ "vulnerabilities": [
+ {
+ "id": "CVE-2021-45105",
+ "references": [
+ {
+ "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44832.json",
+ "scoring_system": "cvssv3",
+ "severity": "6.6"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf",
+ "scoring_system": null,
+ "severity": null
+ }
+ ]
+ },
+ {
+ "id": "CVE-2021-44832",
+ "references": [
+ {
+ "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44832.json",
+ "scoring_system": "cvssv3",
+ "severity": "6.6"
+ },
+ {
+ "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf",
+ "scoring_system": null,
+ "severity": null
+ }
+ ]
+ }
+ ]
+ }
+ ]
+ }
+ }
+ }
+}
\ No newline at end of file
--
GitLab