private static void OutputScaScanSummary(ScanDescriptor sd, Transformer inst, Dictionary <string, int> licenseCount)
{
var flat = new SortedDictionary <String, Object>();
inst.AddPrimaryKeyElements(sd, flat);
AddPolicyViolationProperties(sd, flat);
flat.Add(PropertyKeys.KEY_SCANID, sd.ScanId);
flat.Add(PropertyKeys.KEY_SCANSTART, inst.ScaScanCache[sd.ScanId].StartTime);
flat.Add(PropertyKeys.KEY_SCANFINISH, inst.ScaScanCache[sd.ScanId].FinishTime);
foreach (var k in licenseCount.Keys)
{
flat.Add($"Legal{k}", licenseCount[k]);
}
try
{
var summary = CxOsaSummaryReport.GetReport(inst.RestContext, inst.CancelToken, sd.ScanId);
flat.Add("HighVulnerabilityLibraries", summary.HighVulnerabilityLibraries);
flat.Add("LowVulnerabilityLibraries", summary.LowVulnerabilityLibraries);
flat.Add("MediumVulnerabilityLibraries", summary.MediumVulnerabilityLibraries);
flat.Add("NonVulnerableLibraries", summary.NonVulnerableLibraries);
flat.Add("TotalHighVulnerabilities", summary.TotalHighVulnerabilities);
flat.Add("TotalLibraries", summary.TotalLibraries);
flat.Add("TotalLowVulnerabilities", summary.TotalLowVulnerabilities);
flat.Add("TotalMediumVulnerabilities", summary.TotalMediumVulnerabilities);
flat.Add("VulnerabilityScore", summary.VulnerabilityScore);
flat.Add("VulnerableAndOutdated", summary.VulnerableAndOutdated);
flat.Add("VulnerableAndUpdated", summary.VulnerableAndUpdated);
}
catch (Exception ex)
{
_log.Warn($"Error obtaining summary report for SCA scan {sd.ScanId} " +
$"in project {sd.Project.ProjectName}", ex);
}
inst.ScaScanSummaryOut.write(flat);
}
private static void OutputScaScanDetails(ScanDescriptor sd, Transformer inst,
Dictionary <string, CxOsaLicenses.License> licenseIndex,
Dictionary <string, CxOsaLibraries.Library> libraryIndex)
{
try
{
var vulns = CxOsaVulnerabilities.GetVulnerabilities(inst.RestContext,
inst.CancelToken, sd.ScanId);
var header = new SortedDictionary <String, Object>();
inst.AddPrimaryKeyElements(sd, header);
header.Add(PropertyKeys.KEY_SCANFINISH, sd.FinishedStamp);
foreach (var vuln in vulns)
{
var flat = new SortedDictionary <String, Object>(header);
flat.Add(PropertyKeys.KEY_SCANID, sd.ScanId);
flat.Add("VulnerabilityId", vuln.VulerabilityId);
flat.Add(PropertyKeys.KEY_SIMILARITYID, vuln.SimilarityId);
flat.Add("CVEName", vuln.CVEName);
flat.Add("CVEDescription", vuln.CVEDescription);
flat.Add("CVEUrl", vuln.CVEUrl);
flat.Add("CVEPubDate", vuln.CVEPublishDate);
flat.Add("CVEScore", vuln.CVEScore);
flat.Add("Recommendation", vuln.Recommendations);
flat.Add(PropertyKeys.KEY_SCANRISKSEV, vuln.Severity.Name);
flat.Add("State", vuln.State.StateName);
flat.Add("LibraryId", vuln.LibraryId);
var lib = libraryIndex[vuln.LibraryId];
if (lib != null)
{
flat.Add("LibraryName", lib.LibraryName);
flat.Add("LibraryVersion", lib.LibraryVersion);
flat.Add("LibraryReleaseDate", lib.ReleaseDate);
flat.Add("LibraryLatestVersion", lib.LatestVersion);
flat.Add("LibraryLatestReleaseDate", lib.LatestVersionReleased);
}
StringBuilder licenseStr = new StringBuilder();
foreach (var license in lib.Licenses)
{
if (licenseStr.Length > 0)
{
licenseStr.Append(";");
}
licenseStr.Append(licenseIndex[license].LicenseName);
flat.Add($"LibraryLegalRisk_{licenseIndex[license].LicenseName.Replace(" ", "")}",
licenseIndex[license].RiskLevel);
}
flat.Add("LibraryLicenses", licenseStr.ToString());
inst.ScaScanDetailOut.write(flat);
}
}
catch (Exception ex)
{
_log.Warn($"Could not obtain vulnerability data for scan {sd.ScanId} in project " +
$"{sd.Project.ProjectId}: {sd.Project.ProjectName}. Vulnerability data will not be" +
$" available.", ex);
}
}