From b73f4bd2ed331055f1616e69733c382f8aefc69f Mon Sep 17 00:00:00 2001 From: Eyal Kapon Date: Sun, 8 Sep 2024 09:22:25 +0300 Subject: [PATCH] added config to update verify plugin to be more efficient --- build.gradle | 18 +++ .../sourceCode/not_applic_output.sarif | 133 ------------------ 2 files changed, 18 insertions(+), 133 deletions(-) delete mode 100644 src/test/resources/sourceCode/not_applic_output.sarif diff --git a/build.gradle b/build.gradle index 082ab1c1..35d15ae3 100644 --- a/build.gradle +++ b/build.gradle @@ -37,6 +37,24 @@ patchPluginXml { untilBuild = "" } +listProductsReleases { + doLast { + // At the end of the build, write the first and last versions of the products to the output file. + // This will be used by the runPluginVerifier task to validate the compatibility of the plugin against the + // first and last versions of IntelliJ IDEA. + def outputFileObj = outputFile.get().asFile + if (outputFileObj.exists()) { + def lines = outputFileObj.readLines() + if (!lines.isEmpty()) { + def firstVersion = lines.first() + def lastVersion = lines.last() + outputFileObj.write("$firstVersion\n$lastVersion") + } + } + } +} + + repositories { mavenLocal() mavenCentral() diff --git a/src/test/resources/sourceCode/not_applic_output.sarif b/src/test/resources/sourceCode/not_applic_output.sarif deleted file mode 100644 index 38792e4d..00000000 --- a/src/test/resources/sourceCode/not_applic_output.sarif +++ /dev/null @@ -1,133 +0,0 @@ -{ - "runs": [ - { - "tool": { - "driver": { - "name": "JFrog Applicability Scanner", - "rules": [ - - { - "id": "applic_CVE-2022-25878", - "fullDescription": { - "text": "The scanner checks whether the vulnerable function `pem.Decode` is called.", - "markdown": "The scanner checks whether the vulnerable function `pem.Decode` is called." - }, - "shortDescription": { - "text": "Scanner for CVE-2020-28502" - } - }, - { - "id": "CVE-2022-25978", - "fullDescription": { - "text": "The scanner checks whether the vulnerable function `org.apache.xmlbeans.XmlObject.Factory.parse` is called or an interface that extends `org.apache.xmlbeans.XmlObject` is used.", - "markdown": "The scanner checks whether the vulnerable function `org.apache.xmlbeans.XmlObject.Factory.parse` is called or an interface that extends `org.apache.xmlbeans.XmlObject` is used." - }, - "shortDescription": { - "text": "Scanner for CVE-2020-5310" - } - }, - { - "id": "applic_CVE-2021-25878", - "fullDescription": { - "text": "The scanner checks whether the vulnerable function `pem.Decode` is called.", - "markdown": "The scanner checks whether the vulnerable function `pem.Decode` is called." - }, - "shortDescription": { - "text": "Scanner for CVE-2020-28502" - } - }, - { - "id": "applic_CVE-2022-29019", - "fullDescription": { - "text": "The scanner checks whether the vulnerable function `org.apache.xmlbeans.XmlObject.Factory.parse` is called or an interface that extends `org.apache.xmlbeans.XmlObject` is used.", - "markdown": "The scanner checks whether the vulnerable function `org.apache.xmlbeans.XmlObject.Factory.parse` is called or an interface that extends `org.apache.xmlbeans.XmlObject` is used." - }, - "shortDescription": { - "text": "Scanner for CVE-2020-5310" - } - } - - ], - "version": "APPLIC_SCANNERv0.2.0" - } - }, - "invocations": [ - { - "executionSuccessful": true, - "arguments": [ - "scan" - ], - "workingDirectory": { - "uri": "" - } - } - ], - "results": [ - { - "message": { - "text": "The vulnerable function protobufjs.load is called" - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "file:///examples/applic-demo/index.js" - }, - "region": { - "endColumn": 17, - "endLine": 20, - "snippet": { - "text": "protobuf.parse(p)" - }, - "startColumn": 0, - "startLine": 20 - } - } - } - ], - "ruleId": "applic_CVE-2022-25878" - }, - { - "message": { - "text": "The vulnerable function protobufjs.parse is called." - }, - "locations": [ - { - "physicalLocation": { - "artifactLocation": { - "uri": "file:///examples/applic-demo/index.js" - }, - "region": { - "endColumn": 73, - "endLine": 22, - "snippet": { - "text": "protobuf.load(\"/path/to/untrusted.proto\", function(err, root) { return })" - }, - "startColumn": 0, - "startLine": 18 - } - } - } - ], - "ruleId": "CVE-2022-25978" - }, - { - "message": { - "text": "The scanner checks whether the vulnerable function `ansi-regex` is called." - }, - "kind": "pass", - "ruleId": "applic_CVE-2021-25878" - }, - { - "message": { - "text": "The scanner checks whether the vulnerable function `ansi-regex` is called." - }, - "kind": "pass", - "ruleId": "applic_CVE-2022-29019" - } - ] - } - ], - "version": "2.1.0", - "$schema": "https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/schemas/sarif-schema-2.1.0.json" -} \ No newline at end of file