// default = text
/// <summary>
/// Build a SARIF Result.Location object for the purl package
/// </summary>
/// <param name="purl">The <see cref="PackageURL"/> to build the location for.</param>
/// <returns>Location list with single location object</returns>
public static List <Location> BuildPurlLocation(PackageURL purl)
{
BaseProjectManager?projectManager = ProjectManagerFactory.ConstructPackageManager(purl, null);
if (projectManager == null)
{
Logger.Debug("Cannot determine the package type");
return(new List <Location>());
}
return(new List <Location>()
{
new Location()
{
PhysicalLocation = new PhysicalLocation()
{
Address = new Address()
{
FullyQualifiedName = projectManager.GetPackageAbsoluteUri(purl)?.AbsoluteUri,
AbsoluteAddress = PHYSICAL_ADDRESS_FLAG, // Sarif format needs non negative integer
Name = purl.ToString()
}
}
}
});
}
/// <summary>
/// try to resolve the source code for an npm package through different means
/// 1) Look at the metadata
/// 2) Try searching github
/// 3) Try calculating metrics for same name repos
/// </summary>
/// <param name="package_name"> </param>
/// <returns> </returns>
public async Task <Dictionary <PackageURL, double> > ResolvePackageLibraryAsync(PackageURL purl)
{
Logger.Trace("ResolvePackageLibraryAsync({0})", purl);
var repoMappings = new Dictionary <PackageURL, double>();
if (purl == null)
{
return(repoMappings);
}
var purlNoVersion = new PackageURL(purl.Type, purl.Namespace, purl.Name,
null, purl.Qualifiers, purl.Subpath);
Logger.Debug("Searching for source code for: {0}", purlNoVersion.ToString());
// Use reflection to find the correct downloader class
var projectManager = ProjectManagerFactory.CreateProjectManager(purl, null);
if (projectManager != null)
{
repoMappings = await projectManager.IdentifySourceRepository(purl);
if (repoMappings == null || !repoMappings.Any())
{
repoMappings = new Dictionary <PackageURL, double>();
Logger.Info("No repositories were found after searching metadata.");
}
}
else
{
throw new ArgumentException("Invalid Package URL type: {0}", purlNoVersion.Type);
}
return(repoMappings);
}
/// <summary>
/// Initializes a new instance of the <see cref="RepoSearch"/> class.
/// </summary>
/// <param name="projectManagerFactory">The <see cref="ProjectManagerFactory"/> to generate the project managers with.</param>
public RepoSearch(ProjectManagerFactory projectManagerFactory)
{
_projectManagerFactory = projectManagerFactory;
}