def scan(db, project_type, pkg_list, suggest_mode):
"""
Method to search packages in our vulnerability database
:param db: Reference to db
:param project_type: Project Type
:param pkg_list: List of packages
:param suggest_mode: True if package fix version should be normalized across findings
"""
if not pkg_list:
LOG.debug("Empty package search attempted!")
else:
LOG.info("Scanning {} oss dependencies for issues".format(
len(pkg_list)))
results, pkg_aliases = utils.search_pkgs(db, project_type, pkg_list)
# pkg_aliases is a dict that can be used to find the original vendor and package name
# This way we consistently use the same names used by the caller irrespective of how
# the result was obtained
sug_version_dict = {}
if suggest_mode:
# From the results identify optimal max version
sug_version_dict = suggest_version(results, pkg_aliases)
if sug_version_dict:
LOG.debug(
"Adjusting fix version based on the initial suggestion {}".
format(sug_version_dict))
# Recheck packages
sug_pkg_list = []
for k, v in sug_version_dict.items():
if not v:
continue
vendor = ""
name = None
version = v
tmpA = k.split(":")
if len(tmpA) == 2:
vendor = tmpA[0]
name = tmpA[1]
else:
name = tmpA[0]
# De-alias the vendor and package name
full_pkg = "{}:{}".format(vendor, name)
full_pkg = pkg_aliases.get(full_pkg, full_pkg)
vendor, name = full_pkg.split(":")
sug_pkg_list.append({
"vendor": vendor,
"name": name,
"version": version
})
LOG.debug(
"Re-checking our suggestion to ensure there are no further vulnerabilities"
)
override_results, _ = utils.search_pkgs(db, project_type,
sug_pkg_list)
if override_results:
new_sug_dict = suggest_version(override_results)
LOG.debug("Received override results: {}".format(new_sug_dict))
for nk, nv in new_sug_dict.items():
sug_version_dict[nk] = nv
return results, pkg_aliases, sug_version_dict
def test_search_webgoat_json(test_db):
test_bom = os.path.join(os.path.dirname(os.path.realpath(__file__)),
"data", "bom.json")
pkg_list = get_pkg_list(test_bom)
assert len(pkg_list) == 157
search_res, pkg_aliases = search_pkgs(test_db, pkg_list)
assert not len(search_res)
def test_search():
test_bom = os.path.join(
os.path.dirname(os.path.realpath(__file__)), "data", "bom.xml"
)
pkg_list = get_pkg_list(test_bom)
db = dbLib.get()
search_res = search_pkgs(db, pkg_list)
assert len(search_res)
def scan(db, pkg_list, report_file):
"""
Method to search packages in our vulnerability database
:param pkg_list: List of packages
"""
results = utils.search_pkgs(db, pkg_list)
jsonl_report(results, report_file)
print_results(results)
summary = analyse(results)
return summary
def test_go_search(test_db):
test_bom = os.path.join(os.path.dirname(os.path.realpath(__file__)),
"data", "bom-go.xml")
pkg_list = get_pkg_list(test_bom)
search_res, pkg_aliases = search_pkgs(test_db, pkg_list)
assert not len(search_res)