Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

29 dependency tree #32

Merged
merged 3 commits into from
Jan 29, 2024
Merged

29 dependency tree #32

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4df46d9
Create NodePackage.cs
Kretchen001 Jan 26, 2024
8e184cc
new Controller to extract the tree for nodejs and return it
Kretchen001 Jan 26, 2024
50484a0
empty standard values of property fixed
Kretchen001 Jan 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
78 changes: 78 additions & 0 deletions code/AmIVulnerable/AmIVulnerable/Controllers/DependeciesController.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
using Microsoft.AspNetCore.Mvc;
using Modells;
using Modells.Packages;
using Newtonsoft.Json;
using System.Diagnostics;
using System.Text.Json;

using F = System.IO.File;

namespace AmIVulnerable.Controllers {

[Route("api/[controller]")]
[ApiController]
public class DependeciesController : ControllerBase {

[HttpGet]
public IActionResult ExtractDependencies([FromHeader] ProjectType projectType) {
switch (projectType) {
case ProjectType.NodeJs: {
ExecuteCommand("npm", "install");
ExecuteCommand("npm", "list --all --json >> tree.json");
List<NodePackage> resTree = ExtractTree(AppDomain.CurrentDomain.BaseDirectory + "rawAnalyze/tree.json");
F.WriteAllText(AppDomain.CurrentDomain.BaseDirectory + "rawAnalyze/depTree.json", JsonConvert.SerializeObject(resTree));
return Ok(JsonConvert.SerializeObject(resTree));
}
default: {
return BadRequest();
}
}
}

private void ExecuteCommand(string prog, string command) {
ProcessStartInfo process = new ProcessStartInfo {
FileName = "cmd",
RedirectStandardInput = true,
WorkingDirectory = AppDomain.CurrentDomain.BaseDirectory + "rawAnalyze",
};
Process runProcess = Process.Start(process)!;
runProcess.StandardInput.WriteLine($"{prog} {command}");
runProcess.StandardInput.WriteLine($"exit");
runProcess.WaitForExit();
}

private List<NodePackage> ExtractTree(string filePath) {
List<NodePackage> packages = [];
using (JsonDocument jsonDocument = JsonDocument.Parse(F.ReadAllText(filePath))) {
if (jsonDocument.RootElement.TryGetProperty("dependencies", out JsonElement dependenciesElement) &&
dependenciesElement.ValueKind == JsonValueKind.Object) {
foreach (JsonProperty dependency in dependenciesElement.EnumerateObject()) {
NodePackage nodePackage = ExtractDependencyInfo(dependency);

packages.Add(nodePackage);
}
}
}
return packages;
}

private NodePackage ExtractDependencyInfo(JsonProperty dependency) {
NodePackage nodePackage = new NodePackage {
Name = dependency.Name
};
if (dependency.Value.TryGetProperty("version", out JsonElement versionElement) &&
versionElement.ValueKind == JsonValueKind.String) {
nodePackage.Version = versionElement.GetString() ?? "";
}
if (dependency.Value.TryGetProperty("dependencies", out JsonElement subDependenciesElement) &&
subDependenciesElement.ValueKind == JsonValueKind.Object) {
foreach (JsonProperty subDependency in subDependenciesElement.EnumerateObject()) {
NodePackage subNodePackage = ExtractDependencyInfo(subDependency);
nodePackage.Dependencies.Add(subNodePackage);
}
}

return nodePackage;
}
}
}
216 changes: 108 additions & 108 deletions code/AmIVulnerable/Modells/CVEcomp.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,192 +3,192 @@
/// <summary>Root class for the CVE Data</summary>
public class CVEcomp {
/// <summary></summary>
public string dataType { get; set; }
public string dataType { get; set; } = "";
/// <summary></summary>
public string dataVersion { get; set; }
public string dataVersion { get; set; } = "";
/// <summary></summary>
public CveMetadata cveMetadata { get; set; }
public CveMetadata cveMetadata { get; set; } = new CveMetadata();
/// <summary></summary>
public Containers containers { get; set; }
public Containers containers { get; set; } = new Containers();
}

public class Affected {
public string vendor { get; set; }
public string product { get; set; }
public List<string> platforms { get; set; }
public string collectionURL { get; set; }
public string packageName { get; set; }
public string repo { get; set; }
public List<string> modules { get; set; }
public List<string> programFiles { get; set; }
public List<ProgramRoutine> programRoutines { get; set; }
public List<Version> versions { get; set; }
public string defaultStatus { get; set; }
public string vendor { get; set; } = "";
public string product { get; set; } = "";
public List<string> platforms { get; set; } = [];
public string collectionURL { get; set; } = "";
public string packageName { get; set; } = "";
public string repo { get; set; } = "";
public List<string> modules { get; set; } = [];
public List<string> programFiles { get; set; } = [];
public List<ProgramRoutine> programRoutines { get; set; } = [];
public List<Version> versions { get; set; } = [];
public string defaultStatus { get; set; } = "";
}

public class Change {
public string at { get; set; }
public string status { get; set; }
public string at { get; set; } = "";
public string status { get; set; } = "";
}

public class Cna {
public ProviderMetadata providerMetadata { get; set; }

Check warning on line 35 in code/AmIVulnerable/Modells/CVEcomp.cs

View workflow job for this annotation

GitHub Actions / build-and-test-ubuntu-latest 

Non-nullable property 'providerMetadata' must contain a non-null value when exiting constructor. Consider declaring the property as nullable.

Check warning on line 35 in code/AmIVulnerable/Modells/CVEcomp.cs

View workflow job for this annotation

GitHub Actions / build-and-test-ubuntu-latest 

Non-nullable property 'providerMetadata' must contain a non-null value when exiting constructor. Consider declaring the property as nullable.

Check warning on line 35 in code/AmIVulnerable/Modells/CVEcomp.cs

View workflow job for this annotation

GitHub Actions / build-and-test-windows-latest 

Non-nullable property 'providerMetadata' must contain a non-null value when exiting constructor. Consider declaring the property as nullable.

Check warning on line 35 in code/AmIVulnerable/Modells/CVEcomp.cs

View workflow job for this annotation

GitHub Actions / build-and-test-windows-latest 

Non-nullable property 'providerMetadata' must contain a non-null value when exiting constructor. Consider declaring the property as nullable.

Check warning on line 35 in code/AmIVulnerable/Modells/CVEcomp.cs

View workflow job for this annotation

GitHub Actions / build-and-test-macOS-latest 

Non-nullable property 'providerMetadata' must contain a non-null value when exiting constructor. Consider declaring the property as nullable.

Check warning on line 35 in code/AmIVulnerable/Modells/CVEcomp.cs

View workflow job for this annotation

GitHub Actions / build-and-test-macOS-latest 

Non-nullable property 'providerMetadata' must contain a non-null value when exiting constructor. Consider declaring the property as nullable.
public string title { get; set; }
public DateTime datePublic { get; set; }
public List<ProblemType> problemTypes { get; set; }
public List<Impact> impacts { get; set; }
public List<Affected> affected { get; set; }
public List<Description> descriptions { get; set; }
public List<Metric> metrics { get; set; }
public List<Solution> solutions { get; set; }
public List<Workaround> workarounds { get; set; }
public List<Configuration> configurations { get; set; }
public List<Exploit> exploits { get; set; }
public List<Timeline> timeline { get; set; }
public List<Credit> credits { get; set; }
public List<Reference> references { get; set; }
public Source source { get; set; }
public List<TaxonomyMapping> taxonomyMappings { get; set; }
public string title { get; set; } = "";
public DateTime datePublic { get; set; } = new DateTime();
public List<ProblemType> problemTypes { get; set; } = [];
public List<Impact> impacts { get; set; } = [];
public List<Affected> affected { get; set; } = [];
public List<Description> descriptions { get; set; } = [];
public List<Metric> metrics { get; set; } = [];
public List<Solution> solutions { get; set; } = [];
public List<Workaround> workarounds { get; set; } = [];
public List<Configuration> configurations { get; set; } = [];
public List<Exploit> exploits { get; set; } = [];
public List<Timeline> timeline { get; set; } = [];
public List<Credit> credits { get; set; } = [];
public List<Reference> references { get; set; } = [];
public Source source { get; set; } = new Source();
public List<TaxonomyMapping> taxonomyMappings { get; set; } = [];
}

public class Configuration {
public string lang { get; set; }
public string value { get; set; }
public List<SupportingMedium> supportingMedia { get; set; }
public string lang { get; set; } = "";
public string value { get; set; } = "";
public List<SupportingMedium> supportingMedia { get; set; } = [];
}

public class Containers {
public Cna cna { get; set; }
public Cna cna { get; set; } = new Cna();
}

public class Credit {
public string lang { get; set; }
public string value { get; set; }
public string type { get; set; }
public string lang { get; set; } = "";
public string value { get; set; } = "";
public string type { get; set; } = "";
}

public class CveMetadata {
public string cveId { get; set; }
public string assignerOrgId { get; set; }
public string assignerShortName { get; set; }
public string requesterUserId { get; set; }
public int serial { get; set; }
public string state { get; set; }
public string cveId { get; set; } = "";
public string assignerOrgId { get; set; } = "";
public string assignerShortName { get; set; } = "";
public string requesterUserId { get; set; } = "";
public int serial { get; set; } = -1;
public string state { get; set; } = "";
}

public class CvssV31 {
public string version { get; set; }
public string attackVector { get; set; }
public string attackComplexity { get; set; }
public string privilegesRequired { get; set; }
public string userInteraction { get; set; }
public string scope { get; set; }
public string confidentialityImpact { get; set; }
public string integrityImpact { get; set; }
public string availabilityImpact { get; set; }
public double baseScore { get; set; }
public string baseSeverity { get; set; }
public string vectorString { get; set; }
public string version { get; set; } = "";
public string attackVector { get; set; } = "";
public string attackComplexity { get; set; } = "";
public string privilegesRequired { get; set; } = "";
public string userInteraction { get; set; } = "";
public string scope { get; set; } = "";
public string confidentialityImpact { get; set; } = "";
public string integrityImpact { get; set; } = "";
public string availabilityImpact { get; set; } = "";
public double baseScore { get; set; } = double.MinValue;
public string baseSeverity { get; set; } = "";
public string vectorString { get; set; } = "";
}

public class Description {
public string lang { get; set; }
public string cweId { get; set; }
public string description { get; set; }
public string type { get; set; }
public string value { get; set; }
public List<SupportingMedium> supportingMedia { get; set; }
public string lang { get; set; } = "";
public string cweId { get; set; } = "";
public string description { get; set; } = "";
public string type { get; set; } = "";
public string value { get; set; } = "";
public List<SupportingMedium> supportingMedia { get; set; } = [];
}

public class Exploit {
public string lang { get; set; }
public string value { get; set; }
public List<SupportingMedium> supportingMedia { get; set; }
public string lang { get; set; } = "";
public string value { get; set; } = "";
public List<SupportingMedium> supportingMedia { get; set; } = [];
}

public class Impact {
public string capecId { get; set; }
public List<Description> descriptions { get; set; }
public string capecId { get; set; } = "";
public List<Description> descriptions { get; set; } = [];
}

public class Metric {
public string format { get; set; }
public List<Scenario> scenarios { get; set; }
public CvssV31 cvssV3_1 { get; set; }
public string format { get; set; } = "";
public List<Scenario> scenarios { get; set; } = [];
public CvssV31 cvssV3_1 { get; set; } = new CvssV31();
}

public class ProblemType {
public List<Description> descriptions { get; set; }
public List<Description> descriptions { get; set; } = [];
}

public class ProgramRoutine {
public string name { get; set; }
public string name { get; set; } = "";
}

public class ProviderMetadata {
public string orgId { get; set; }
public string shortName { get; set; }
public DateTime dateUpdated { get; set; }
public string orgId { get; set; } = "";
public string shortName { get; set; } = "";
public DateTime dateUpdated { get; set; } = new DateTime();
}

public class Reference {
public string url { get; set; }
public string name { get; set; }
public List<string> tags { get; set; }
public string url { get; set; } = "";
public string name { get; set; } = "";
public List<string> tags { get; set; } = [];
}

public class Scenario {
public string lang { get; set; }
public string value { get; set; }
public string lang { get; set; } = "";
public string value { get; set; } = "";
}

public class Solution {
public string lang { get; set; }
public string value { get; set; }
public List<SupportingMedium> supportingMedia { get; set; }
public string lang { get; set; } = "";
public string value { get; set; } = "";
public List<SupportingMedium> supportingMedia { get; set; } = [];
}

public class Source {
public List<string> defects { get; set; }
public string advisory { get; set; }
public string discovery { get; set; }
public List<string> defects { get; set; } = [];
public string advisory { get; set; } = "";
public string discovery { get; set; } = "";
}

public class SupportingMedium {
public string type { get; set; }
public bool base64 { get; set; }
public string value { get; set; }
public string type { get; set; } = "";
public bool? base64 { get; set; } = null;
public string value { get; set; } = "";
}

public class TaxonomyMapping {
public string taxonomyName { get; set; }
public string taxonomyVersion { get; set; }
public List<TaxonomyRelation> taxonomyRelations { get; set; }
public string taxonomyName { get; set; } = "";
public string taxonomyVersion { get; set; } = "";
public List<TaxonomyRelation> taxonomyRelations { get; set; } = [];
}

public class TaxonomyRelation {
public string taxonomyId { get; set; }
public string relationshipName { get; set; }
public string relationshipValue { get; set; }
public string taxonomyId { get; set; } = "";
public string relationshipName { get; set; } = "";
public string relationshipValue { get; set; } = "";
}

public class Timeline {
public DateTime time { get; set; }
public string lang { get; set; }
public string value { get; set; }
public DateTime time { get; set; } = new DateTime();
public string lang { get; set; } = "";
public string value { get; set; } = "";
}

public class Version {
public string version { get; set; }
public string status { get; set; }
public string lessThan { get; set; }
public string versionType { get; set; }
public List<Change> changes { get; set; }
public string version { get; set; } = "";
public string status { get; set; } = "";
public string lessThan { get; set; } = "";
public string versionType { get; set; } = "";
public List<Change> changes { get; set; } = [];
}

public class Workaround {
public string lang { get; set; }
public string value { get; set; }
public List<SupportingMedium> supportingMedia { get; set; }
public string lang { get; set; } = "";
public string value { get; set; } = "";
public List<SupportingMedium> supportingMedia { get; set; } = [];
}
}
1 change: 1 addition & 0 deletions code/AmIVulnerable/Modells/CveResult.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ public class CveResult {
public string CveNumber { get; set; } = "";
public string Version { get; set; } = "";

/// <summary>Empty ctor</summary>
public CveResult() {
}
}
Expand Down
Loading
Loading