Exemplo n.º 1
0
        // default = text
        /// <summary>
        /// Build a SARIF Result.Location object for the purl package
        /// </summary>
        /// <param name="purl">The <see cref="PackageURL"/> to build the location for.</param>
        /// <returns>Location list with single location object</returns>
        public static List <Location> BuildPurlLocation(PackageURL purl)
        {
            BaseProjectManager?projectManager = ProjectManagerFactory.ConstructPackageManager(purl, null);

            if (projectManager == null)
            {
                Logger.Debug("Cannot determine the package type");
                return(new List <Location>());
            }

            return(new List <Location>()
            {
                new Location()
                {
                    PhysicalLocation = new PhysicalLocation()
                    {
                        Address = new Address()
                        {
                            FullyQualifiedName = projectManager.GetPackageAbsoluteUri(purl)?.AbsoluteUri,
                            AbsoluteAddress = PHYSICAL_ADDRESS_FLAG, // Sarif format needs non negative integer
                            Name = purl.ToString()
                        }
                    }
                }
            });
        }
Exemplo n.º 2
0
        /// <summary>
        ///     try to resolve the source code for an npm package through different means
        ///     1) Look at the metadata
        ///     2) Try searching github
        ///     3) Try calculating metrics for same name repos
        /// </summary>
        /// <param name="package_name"> </param>
        /// <returns> </returns>
        public async Task <Dictionary <PackageURL, double> > ResolvePackageLibraryAsync(PackageURL purl)
        {
            Logger.Trace("ResolvePackageLibraryAsync({0})", purl);

            var repoMappings = new Dictionary <PackageURL, double>();

            if (purl == null)
            {
                return(repoMappings);
            }

            var purlNoVersion = new PackageURL(purl.Type, purl.Namespace, purl.Name,
                                               null, purl.Qualifiers, purl.Subpath);

            Logger.Debug("Searching for source code for: {0}", purlNoVersion.ToString());

            // Use reflection to find the correct downloader class
            var projectManager = ProjectManagerFactory.CreateProjectManager(purl, null);

            if (projectManager != null)
            {
                repoMappings = await projectManager.IdentifySourceRepository(purl);

                if (repoMappings == null || !repoMappings.Any())
                {
                    repoMappings = new Dictionary <PackageURL, double>();
                    Logger.Info("No repositories were found after searching metadata.");
                }
            }
            else
            {
                throw new ArgumentException("Invalid Package URL type: {0}", purlNoVersion.Type);
            }
            return(repoMappings);
        }
Exemplo n.º 3
0
 /// <summary>
 /// Initializes a new instance of the <see cref="RepoSearch"/> class.
 /// </summary>
 /// <param name="projectManagerFactory">The <see cref="ProjectManagerFactory"/> to generate the project managers with.</param>
 public RepoSearch(ProjectManagerFactory projectManagerFactory)
 {
     _projectManagerFactory = projectManagerFactory;
 }