Пример #1
0
        public async Task Check_Sarif(string purl, string targetResult)
        {
            // for initialization
            FindSourceTool tool = new FindSourceTool();

            RepoSearch searchTool = new RepoSearch();
            var        results    = await searchTool.ResolvePackageLibraryAsync(new PackageURL(purl));

            List <Result> sarifResults = new List <Result>();

            foreach (var result in results)
            {
                var confidence = result.Value * 100.0;

                Result sarifResult = new Result()
                {
                    Message = new Message()
                    {
                        Text = $"https://github.com/{result.Key.Namespace}/{result.Key.Name}"
                    },
                    Kind      = ResultKind.Informational,
                    Level     = FailureLevel.None,
                    Rank      = confidence,
                    Locations = SarifOutputBuilder.BuildPurlLocation(new PackageURL(purl))
                };

                sarifResults.Add(sarifResult);
            }

            IOutputBuilder outputBuilder = OutputBuilderFactory.CreateOutputBuilder("sarifv2");

            outputBuilder.AppendOutput(sarifResults);
            string   sarifJSON = outputBuilder.GetOutput();
            SarifLog sarif     = JsonConvert.DeserializeObject <SarifLog>(sarifJSON);

            Assert.IsNotNull(sarif);

            var sarifRun = sarif.Runs.FirstOrDefault();

            Assert.IsNotNull(sarifRun?.Tool.Driver.Name);

            // make sure atleast one of the result repos match the actual one
            bool found = false;

            if (sarifRun != null)
            {
                foreach (var result in sarifRun.Results)
                {
                    if (result.Message.Text == targetResult)
                    {
                        found = true;
                    }
                }
            }
            Assert.IsTrue(found);
        }
Пример #2
0
        public async Task FindSource_NonExistentPackage(string purl, string targetResult)
        {
            // for initialization
            FindSourceTool tool = new FindSourceTool();

            RepoSearch searchTool = new RepoSearch();
            var        results    = await searchTool.ResolvePackageLibraryAsync(new PackageURL(purl));

            Assert.IsTrue(results.Count() == 0, $"Result {results} obtained from non-existent {purl}");
        }
Пример #3
0
        public async Task <IEnumerable <Repo> > GetLatestRepos(RepoSearch key, int count = 10)
        {
            var output = await PlutoContext.Repos
                         .Include(repo => repo.Owner)
                         .Where(repo => repo.Name.Contains(key.Name) && repo.Uuid == key.Uuid)
                         .OrderBy(repo => repo.Created)
                         .ThenBy(repo => repo.UpdatedAt)
                         .Take(count)
                         .ToListAsync();

            return(output);
        }
Пример #4
0
        public async Task FindSource_Success(string purl, string targetResult)
        {
            // for initialization
            FindSourceTool tool = new FindSourceTool();

            RepoSearch searchTool = new RepoSearch();
            var        results    = await searchTool.ResolvePackageLibraryAsync(new PackageURL(purl));

            var targetPurl = new PackageURL(targetResult);
            var success    = false;

            foreach (var resultEntry in results)
            {
                if (resultEntry.Key.Equals(targetPurl))
                {
                    success = true;
                }
            }
            Assert.IsTrue(success, $"Result {targetResult} not found from {purl}");
        }
Пример #5
0
        public async Task <IActionResult> Search(RepoSearch key)
        {
            IEnumerable <Repo> repos = await _unitOfWork.Repos.GetLatestRepos(key);

            return(new JsonResult(repos));
        }