public async Task Check_Sarif(string purl, string targetResult)
{
// for initialization
FindSourceTool tool = new FindSourceTool();
RepoSearch searchTool = new RepoSearch();
var results = await searchTool.ResolvePackageLibraryAsync(new PackageURL(purl));
List <Result> sarifResults = new List <Result>();
foreach (var result in results)
{
var confidence = result.Value * 100.0;
Result sarifResult = new Result()
{
Message = new Message()
{
Text = $"https://github.com/{result.Key.Namespace}/{result.Key.Name}"
},
Kind = ResultKind.Informational,
Level = FailureLevel.None,
Rank = confidence,
Locations = SarifOutputBuilder.BuildPurlLocation(new PackageURL(purl))
};
sarifResults.Add(sarifResult);
}
IOutputBuilder outputBuilder = OutputBuilderFactory.CreateOutputBuilder("sarifv2");
outputBuilder.AppendOutput(sarifResults);
string sarifJSON = outputBuilder.GetOutput();
SarifLog sarif = JsonConvert.DeserializeObject <SarifLog>(sarifJSON);
Assert.IsNotNull(sarif);
var sarifRun = sarif.Runs.FirstOrDefault();
Assert.IsNotNull(sarifRun?.Tool.Driver.Name);
// make sure atleast one of the result repos match the actual one
bool found = false;
if (sarifRun != null)
{
foreach (var result in sarifRun.Results)
{
if (result.Message.Text == targetResult)
{
found = true;
}
}
}
Assert.IsTrue(found);
}
public async Task FindSource_NonExistentPackage(string purl, string targetResult)
{
// for initialization
FindSourceTool tool = new FindSourceTool();
RepoSearch searchTool = new RepoSearch();
var results = await searchTool.ResolvePackageLibraryAsync(new PackageURL(purl));
Assert.IsTrue(results.Count() == 0, $"Result {results} obtained from non-existent {purl}");
}
public async Task <IEnumerable <Repo> > GetLatestRepos(RepoSearch key, int count = 10)
{
var output = await PlutoContext.Repos
.Include(repo => repo.Owner)
.Where(repo => repo.Name.Contains(key.Name) && repo.Uuid == key.Uuid)
.OrderBy(repo => repo.Created)
.ThenBy(repo => repo.UpdatedAt)
.Take(count)
.ToListAsync();
return(output);
}
public async Task FindSource_Success(string purl, string targetResult)
{
// for initialization
FindSourceTool tool = new FindSourceTool();
RepoSearch searchTool = new RepoSearch();
var results = await searchTool.ResolvePackageLibraryAsync(new PackageURL(purl));
var targetPurl = new PackageURL(targetResult);
var success = false;
foreach (var resultEntry in results)
{
if (resultEntry.Key.Equals(targetPurl))
{
success = true;
}
}
Assert.IsTrue(success, $"Result {targetResult} not found from {purl}");
}
public async Task <IActionResult> Search(RepoSearch key)
{
IEnumerable <Repo> repos = await _unitOfWork.Repos.GetLatestRepos(key);
return(new JsonResult(repos));
}