public decimal GetScoreByReportId(int id)
{
var totalCvssScore = 0m;
foreach (var reportLine in _reportLinesRepository.SelectListByReportId(id))
{
var ossIndexId = _ossIndexRepository
.Select(reportLine.OssIndexId)
.Id;
totalCvssScore += GetScoreByOssIndexId(ossIndexId);
}
return(totalCvssScore);
}
// GET: Report/ReportLines/5
public IActionResult ReportLines(int id)
{
var report = _reportRepository.Select(id);
var project = _projectRepository.Select(report.ProjectId);
var reportLineViewModel = new ReportLineViewModel
{
ProjectName = project.ProjectName,
OssIndexs = new List <OssIndexViewModel>()
};
foreach (var reportLine in _reportLinesRepository.SelectListByReportId(report.Id))
{
var ossIndex = _ossIndexRepository.Select(reportLine.OssIndexId);
var component = _componentRepository.Select(ossIndex.ComponentId);
var score = _scoreService.GetScoreByOssIndexId(reportLine.OssIndexId);
Enum.TryParse(ossIndex.HttpStatus.ToString(), out HttpStatusCode httpStatusCode);
reportLineViewModel.OssIndexs.Add(new OssIndexViewModel()
{
Id = reportLine.OssIndexId,
ComponentName = component.Name,
Score = score,
ScoreFieldClass = _scoreClassService.SetScoreFieldClass(score),
Status = httpStatusCode.ToString()
});
}
HttpContext.Session.SetString(SessionConstants.ProjectName, project.ProjectName);
HttpContext.Session.SetInt32(SessionConstants.ProjectId, project.Id);
HttpContext.Session.SetInt32(SessionConstants.ReportId, id);
SetTopNavSelected();
ViewData["Breadcrumbs"] = _breadcrumbService.GetReportLines(project.ProjectName, project.Id);
return(View(reportLineViewModel));
}
private List <int> GetHttpStatusListByProjectId(int id)
{
var httpStatusList = new List <int>();
var lastReportId = _reportRepository
.SelectByProjectId(id)
.OrderByDescending(x => x.InsertDate)
.First()
.Id;
foreach (var reportLine in _reportLinesRepository.SelectListByReportId(id))
{
var ossIndex = _ossIndexRepository
.Select(reportLine.OssIndexId);
if (!httpStatusList.Contains(ossIndex.HttpStatus))
{
httpStatusList.Add(ossIndex.HttpStatus);
}
}
return(httpStatusList);
}
public void CreateInitialReportShell(int reportId, CoordinatePartsModel coordinatePart)
{
// check dbo.component.name on coordinatePart.Name
// if it exists, return the id
// else create, return the id
var component = _componentRepository.SelectByName(coordinatePart.Name.Trim());
var componentId = component.Id;
if (componentId == 0)
{
componentId = _componentRepository.Insert(new ComponentModel()
{
Name = coordinatePart.Name.Trim()
});
}
// check dbo.oss_index.component_id
// if it exists, check `expire_date`
// - if older than 30 days, call remote api
// - insert results if any to dbo.oss_index_vulnerabilities
// - update `expire_date` = NOW
// else
// - create with `expire_date` = NOW
// - call remote api
// - insert results if any to dbo.oss_index_vulnerabilities
var ossIndex = _ossIndexRepository.SelectByComponentId(componentId);
var ossIndexId = ossIndex.Id;
if (ossIndexId == 0)
{
ossIndex = new OssIndexModel()
{
ComponentId = componentId,
ExpireDate = DateTime.Now.AddMonths(1),
HttpStatus = (int)HttpStatusCode.Processing,
HttpStatusDate = DateTime.Now
};
ossIndexId = _ossIndexRepository.Insert(ossIndex);
ossIndex = _ossIndexRepository.Select(ossIndexId);
}
/* TODO
*
* 1. this is always zero as we cannot pass things like `1.4.0` as a decimal, consider deprecating `[vulnuscloud].[dbo].[oss_index].[version]` as this data is already in `[vulnuscloud].[dbo].[oss_index].[coordinates]`
* 2. [vulnuscloud].[dbo].[oss_index].[coordinates] should be normalized:
* `pkg:Nuget/[email protected]`
* > pkg: is known, comes from `_coordinatesService`
* > Nuget/ should rather be stored as `[vulnuscloud].[dbo].[oss_index].[package_type_id]` - then this links to PackageTypeRepository
* > BeITMemcached@ can be read from [vulnuscloud].[dbo].[component].[id] = [vulnuscloud].[dbo].[oss_index].[component_id]
* > 1.4.0 could then be stored as [vulnuscloud].[dbo].[oss_index].[version]
*
* [vulnuscloud].[dbo].[oss_index].[coordinates] could then be generated when needed.
*/
if (decimal.TryParse(coordinatePart.Version, out decimal coordinatePartVersion))
{
ossIndex.Version = coordinatePartVersion;
}
ossIndex.Coordinates = _coordinatesService.GetCoordinates(coordinatePart);
_ossIndexRepository.Update(ossIndex);
_reportLinesRepository.Insert(new ReportLinesModel()
{
OssIndexId = ossIndexId,
ReportId = reportId
});
}