From 0d8327d3a25b51e8324b9bf4c0fe80dea373feca Mon Sep 17 00:00:00 2001 From: Shibly Meeran Date: Fri, 19 Jul 2019 02:51:42 +0530 Subject: [PATCH] fixing an issue in parsing retirejs scan result --- .../scanner/js/retirejs/RetirejsData.java | 142 ++++++++++++++++ .../scanner/js/retirejs/RetirejsResult.java | 157 ------------------ .../scanner/js/retirejs/RetirejsScanner.java | 10 +- .../bugaudit/scanner/js/retirejs/Test.java | 11 +- 4 files changed, 153 insertions(+), 167 deletions(-) create mode 100644 src/main/java/me/shib/bugaudit/scanner/js/retirejs/RetirejsData.java delete mode 100644 src/main/java/me/shib/bugaudit/scanner/js/retirejs/RetirejsResult.java diff --git a/src/main/java/me/shib/bugaudit/scanner/js/retirejs/RetirejsData.java b/src/main/java/me/shib/bugaudit/scanner/js/retirejs/RetirejsData.java new file mode 100644 index 0000000..d81c547 --- /dev/null +++ b/src/main/java/me/shib/bugaudit/scanner/js/retirejs/RetirejsData.java @@ -0,0 +1,142 @@ +package me.shib.bugaudit.scanner.js.retirejs; + +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; +import com.google.gson.reflect.TypeToken; + +import java.io.BufferedReader; +import java.io.File; +import java.io.FileReader; +import java.io.IOException; +import java.lang.reflect.Type; +import java.util.List; + +final class RetirejsData { + + + private static final transient String currentPath = System.getProperty("user.dir") + "/"; + + private static final Gson gson = new GsonBuilder().create(); + private String file; + private List results; + + private static String replaceLast(String content, String toReplace, String replacement) { + int start = content.lastIndexOf(toReplace); + return content.substring(0, start) + + replacement + + content.substring(start + toReplace.length()); + } + + private static void cleanUpFilePath(RetirejsData data) { + data.setFile(data.getFile().replaceFirst(currentPath, "")); + if (data.getFile().endsWith(".min.js")) { + data.setFile(replaceLast(data.getFile(), ".min.js", ".js")); + } + } + + static synchronized List getDataList(File jsonFile) throws IOException { + StringBuilder jsonContent = new StringBuilder(); + BufferedReader br = new BufferedReader(new FileReader(jsonFile)); + String line; + while ((line = br.readLine()) != null) { + jsonContent.append(line).append("\n"); + } + br.close(); + Type type = new TypeToken>() { + }.getType(); + List dataList = gson.fromJson(jsonContent.toString(), type); + for (RetirejsData data : dataList) { + cleanUpFilePath(data); + } + return dataList; + } + + String getFile() { + return file; + } + + void setFile(String file) { + this.file = file; + } + + List getResults() { + return results; + } + + final class Result { + private String version; + private String component; + private String detection; + private List vulnerabilities; + + String getVersion() { + return version; + } + + String getComponent() { + return component; + } + + String getDetection() { + return detection; + } + + List getVulnerabilities() { + return vulnerabilities; + } + + final class Vulnerability { + + private List info; + private String below; + private String atOrAbove; + private String severity; + private Result.Vulnerability.Identifiers identifiers; + + List getInfo() { + return info; + } + + String getBelow() { + return below; + } + + public String getAtOrAbove() { + return atOrAbove; + } + + String getSeverity() { + return severity; + } + + Result.Vulnerability.Identifiers getIdentifiers() { + return identifiers; + } + + final class Identifiers { + + private String issue; + private String bug; + private String summary; + private List CVE; + + String getIssue() { + return issue; + } + + String getBug() { + return bug; + } + + String getSummary() { + return summary; + } + + List getCVE() { + return CVE; + } + } + } + } + +} diff --git a/src/main/java/me/shib/bugaudit/scanner/js/retirejs/RetirejsResult.java b/src/main/java/me/shib/bugaudit/scanner/js/retirejs/RetirejsResult.java deleted file mode 100644 index 5a7ab69..0000000 --- a/src/main/java/me/shib/bugaudit/scanner/js/retirejs/RetirejsResult.java +++ /dev/null @@ -1,157 +0,0 @@ -package me.shib.bugaudit.scanner.js.retirejs; - -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; - -import java.io.BufferedReader; -import java.io.File; -import java.io.FileReader; -import java.io.IOException; -import java.util.List; - -final class RetirejsResult { - - - private static final transient String currentPath = System.getProperty("user.dir") + "/"; - - private static final Gson gson = new GsonBuilder().create(); - private String version; - private String start; - private List data; - - private static String replaceLast(String content, String toReplace, String replacement) { - int start = content.lastIndexOf(toReplace); - return content.substring(0, start) + - replacement + - content.substring(start + toReplace.length()); - } - - private static void cleanUpFilePath(RetirejsResult.Data data) { - data.setFile(data.getFile().replaceFirst(currentPath, "")); - if (data.getFile().endsWith(".min.js")) { - data.setFile(replaceLast(data.getFile(), ".min.js", ".js")); - } - } - - static synchronized RetirejsResult getResult(File jsonFile) throws IOException { - StringBuilder jsonContent = new StringBuilder(); - BufferedReader br = new BufferedReader(new FileReader(jsonFile)); - String line; - while ((line = br.readLine()) != null) { - jsonContent.append(line).append("\n"); - } - br.close(); - RetirejsResult result = gson.fromJson(jsonContent.toString(), RetirejsResult.class); - for (Data data : result.getData()) { - cleanUpFilePath(data); - } - return result; - } - - String getVersion() { - return version; - } - - String getStart() { - return start; - } - - List getData() { - return data; - } - - final class Data { - - private String file; - private List results; - - String getFile() { - return file; - } - - void setFile(String file) { - this.file = file; - } - - List getResults() { - return results; - } - - final class Result { - private String version; - private String component; - private String detection; - private List vulnerabilities; - - String getVersion() { - return version; - } - - String getComponent() { - return component; - } - - String getDetection() { - return detection; - } - - List getVulnerabilities() { - return vulnerabilities; - } - - final class Vulnerability { - - private List info; - private String below; - private String atOrAbove; - private String severity; - private Identifiers identifiers; - - List getInfo() { - return info; - } - - String getBelow() { - return below; - } - - public String getAtOrAbove() { - return atOrAbove; - } - - String getSeverity() { - return severity; - } - - Identifiers getIdentifiers() { - return identifiers; - } - - final class Identifiers { - - private String issue; - private String bug; - private String summary; - private List CVE; - - String getIssue() { - return issue; - } - - String getBug() { - return bug; - } - - String getSummary() { - return summary; - } - - List getCVE() { - return CVE; - } - } - } - } - } - -} diff --git a/src/main/java/me/shib/bugaudit/scanner/js/retirejs/RetirejsScanner.java b/src/main/java/me/shib/bugaudit/scanner/js/retirejs/RetirejsScanner.java index 0814435..e736c2d 100644 --- a/src/main/java/me/shib/bugaudit/scanner/js/retirejs/RetirejsScanner.java +++ b/src/main/java/me/shib/bugaudit/scanner/js/retirejs/RetirejsScanner.java @@ -65,13 +65,13 @@ private void runRetireJS() throws BugAuditException, IOException, InterruptedExc } private void parseResultData(File file) throws IOException, BugAuditException { - RetirejsResult retirejsResult = RetirejsResult.getResult(file); - if (retirejsResult.getData() != null) { - for (RetirejsResult.Data data : retirejsResult.getData()) { + List dataList = RetirejsData.getDataList(file); + if (dataList != null) { + for (RetirejsData data : dataList) { if (data.getResults() != null) { - for (RetirejsResult.Data.Result result : data.getResults()) { + for (RetirejsData.Result result : data.getResults()) { if (result.getVulnerabilities() != null) { - for (RetirejsResult.Data.Result.Vulnerability vulnerability : result.getVulnerabilities()) { + for (RetirejsData.Result.Vulnerability vulnerability : result.getVulnerabilities()) { StringBuilder title = new StringBuilder(); if (vulnerability.getBelow() != null) { title.append("Vulnerability found in ").append(result.getComponent()) diff --git a/src/test/java/me/shib/bugaudit/scanner/js/retirejs/Test.java b/src/test/java/me/shib/bugaudit/scanner/js/retirejs/Test.java index e2fbdde..c77b023 100644 --- a/src/test/java/me/shib/bugaudit/scanner/js/retirejs/Test.java +++ b/src/test/java/me/shib/bugaudit/scanner/js/retirejs/Test.java @@ -2,23 +2,24 @@ import java.io.File; import java.io.IOException; +import java.util.List; public final class Test { private static final String currentPath = System.getProperty("user.dir") + "/"; - private static void cleanUpFilePath(RetirejsResult.Data data) { + private static void cleanUpFilePath(RetirejsData data) { data.setFile(data.getFile().replaceFirst(currentPath, "")); } public static void main(String[] args) throws IOException { System.out.println(currentPath); int count = 0; - RetirejsResult retirejsResult = RetirejsResult.getResult(new File("test.json")); - for (RetirejsResult.Data data : retirejsResult.getData()) { + List dataList = RetirejsData.getDataList(new File("bugaudit-retirejs-result.json")); + for (RetirejsData data : dataList) { cleanUpFilePath(data); - for (RetirejsResult.Data.Result result : data.getResults()) { - for (RetirejsResult.Data.Result.Vulnerability vulnerability : result.getVulnerabilities()) { + for (RetirejsData.Result result : data.getResults()) { + for (RetirejsData.Result.Vulnerability vulnerability : result.getVulnerabilities()) { if (vulnerability.getIdentifiers().getIssue() != null) { System.out.print(vulnerability.getIdentifiers().getIssue() + ": "); for (String info : vulnerability.getInfo()) {