public T Get <T>(string endPoint)
{
var responseString = "";
var request = (HttpWebRequest)WebRequest.Create(endPoint);
request.Method = "GET";
request.ContentType = _contentType;
request.Headers.Add(_httpHeaderModel.Name, _httpHeaderModel.Value);
using (var response = (HttpWebResponse)request.GetResponse())
{
using (var dataStream = response.GetResponseStream())
{
using (var streamReader = new StreamReader(dataStream))
{
responseString = streamReader.ReadToEnd();
streamReader.Close();
}
}
}
return(_jsonConvertService.ToObject <T>(responseString));
}
public void GetVulnerability(int ossIndexId)
{
var ossIndex = _ossIndexRepository.Select(ossIndexId);
var coordinates = ossIndex.Coordinates;
var endPoint = $"https://ossindex.sonatype.org/api/v3/component-report/{coordinates}"; // TODO ~ read from config
var request = _httpWebRequestFactory.Create(endPoint);
request.Method = WebRequestMethods.Http.Get;
request.ContentType = _contentType;
try
{
using (var response = request.GetResponse())
{
using (var streamReader = new StreamReader(response.GetResponseStream()))
{
var responseString = streamReader.ReadToEnd();
var componentReport = _jsonConvertService.ToObject <ComponentReportModel>(responseString);
// TODO - consideration:
// - perhaps update `dbo.oss_index` if the data has changed
ossIndex.Description = componentReport.description;
ossIndex.Reference = componentReport.reference;
ossIndex.ExpireDate = DateTime.Now.AddMonths(1);
ossIndex.HttpStatus = (int)HttpStatusCode.OK;
_ossIndexRepository.Update(ossIndex);
foreach (var vulnerability in componentReport.vulnerabilities)
{
// TODO
// delete `[vulnuscloud].[dbo].[oss_index_vulnerabilities].[oss_index_id]`
var ossIndexVulnerabilitiesModel = new OssIndexVulnerabilitiesModel()
{
Cve = vulnerability.cve,
CvssScore = vulnerability.cvssScore,
CvssVector = vulnerability.cvssVector,
Description = vulnerability.description,
InsertDate = DateTime.Now,
OssId = vulnerability.id,
OssIndexId = ossIndex.Id,
Reference = vulnerability.reference,
Title = vulnerability.title
};
_ossIndexVulnerabilitiesRepository.Insert(ossIndexVulnerabilitiesModel);
}
}
}
}
catch (WebException ex)
{
if (ex.Response is HttpWebResponse response)
{
if (response.StatusCode == HttpStatusCode.TooManyRequests)
{
ossIndex.HttpStatus = (int)HttpStatusCode.TooManyRequests;
ossIndex.HttpStatusDate = DateTime.Now;
_ossIndexRepository.Update(ossIndex);
// TODO
// Consider
// 1. Throtteling at this point (this method is not async so the user wont know)
// 2. Halt all API calls, defer them for later
// 2 above would need an arcutectual change above
// - a. the user's file content would be uploaded to `oss_index_queue`
// - b. async process run to query for the data
// - c. include this in the reports page so the user is aware the system is still `fetching data`
}
}
}
catch (Exception ex)
{
// TODO
// 1. Consider that http_status would now be 0 for this record.
// 2. logging
}
}
