From d16fc25833b63197e909b478e4b3af10c9de68f2 Mon Sep 17 00:00:00 2001 From: cx-sarah-chen <173361628+cx-sarah-chen@users.noreply.github.com> Date: Tue, 20 May 2025 14:24:57 +0300 Subject: [PATCH 1/3] Refactors OSS scan parsing and renames method --- src/main/oss/CxOss.ts | 39 ++++++++++++++++++----------------- src/main/wrapper/CxWrapper.ts | 2 +- 2 files changed, 21 insertions(+), 20 deletions(-) diff --git a/src/main/oss/CxOss.ts b/src/main/oss/CxOss.ts index 3dbfe7e2..77710557 100644 --- a/src/main/oss/CxOss.ts +++ b/src/main/oss/CxOss.ts @@ -13,32 +13,33 @@ export default class CxOssResult { static parseResult(resultObject: any): CxOssResult[] { + let packages = resultObject.Packages; let ossResults: CxOssResult[] = []; - if (resultObject instanceof Array) { - ossResults = resultObject.map((member: any) => { + if (packages instanceof Array) { + ossResults = packages.map((member: any) => { const ossResult = new CxOssResult(); ossResult.packageManager = member.PackageManager; - ossResult.packageName = member.PackageName; - ossResult.version = member.Version; - ossResult.filepath = member.Filepath; - ossResult.lineStart = member.LineStart; - ossResult.lineEnd = member.LineEnd; - ossResult.startIndex = member.StartIndex; - ossResult.endIndex = member.EndIndex; - ossResult.status = member.Status as CxManifestStatus; + ossResult.packageName = member.PackageName; + ossResult.version = member.PackageVersion; + ossResult.filepath = member.FilePath; + ossResult.lineStart = member.LineStart; + ossResult.lineEnd = member.LineEnd; + ossResult.startIndex = member.StartIndex; + ossResult.endIndex = member.EndIndex; + ossResult.status = member.Status as CxManifestStatus; return ossResult; }); } else { const ossResult = new CxOssResult(); - ossResult.packageManager = resultObject.PackageManager; - ossResult.packageName = resultObject.PackageName; - ossResult.version = resultObject.Version; - ossResult.filepath = resultObject.FilePath; - ossResult.lineStart = resultObject.LineStart; - ossResult.lineEnd = resultObject.LineEnd; - ossResult.startIndex = resultObject.StartIndex; - ossResult.endIndex = resultObject.EndIndex; - ossResult.status = resultObject.Status as CxManifestStatus; + ossResult.packageManager = packages.PackageManager; + ossResult.packageName = packages.PackageName; + ossResult.version = packages.PackageVersion; + ossResult.filepath = packages.FilePath; + ossResult.lineStart = packages.LineStart; + ossResult.lineEnd = packages.LineEnd; + ossResult.startIndex = packages.StartIndex; + ossResult.endIndex = packages.EndIndex; + ossResult.status = packages.Status as CxManifestStatus; ossResults.push(ossResult); } return ossResults; diff --git a/src/main/wrapper/CxWrapper.ts b/src/main/wrapper/CxWrapper.ts index 23807e8a..18028455 100644 --- a/src/main/wrapper/CxWrapper.ts +++ b/src/main/wrapper/CxWrapper.ts @@ -147,7 +147,7 @@ export class CxWrapper { return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_ASCA); } - async scanOss(sourceFile: string): Promise { + async ossScanResults(sourceFile: string): Promise { const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_OSS, CxConstants.SOURCE, sourceFile]; commands.push(...this.initializeCommands(false)); const exec = new ExecutionService(); From b93668d68a50b9d571712a33c7e6a79f59b7c7ac Mon Sep 17 00:00:00 2001 From: cx-sarah-chen <173361628+cx-sarah-chen@users.noreply.github.com> Date: Tue, 20 May 2025 14:54:51 +0300 Subject: [PATCH 2/3] Refactors variable declarations and updates method call --- src/main/oss/CxOss.ts | 2 +- src/tests/ScanTest.test.ts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/oss/CxOss.ts b/src/main/oss/CxOss.ts index 77710557..23c54d96 100644 --- a/src/main/oss/CxOss.ts +++ b/src/main/oss/CxOss.ts @@ -13,7 +13,7 @@ export default class CxOssResult { static parseResult(resultObject: any): CxOssResult[] { - let packages = resultObject.Packages; + const packages = resultObject.Packages; let ossResults: CxOssResult[] = []; if (packages instanceof Array) { ossResults = packages.map((member: any) => { diff --git a/src/tests/ScanTest.test.ts b/src/tests/ScanTest.test.ts index 34ad480f..646d0eb9 100644 --- a/src/tests/ScanTest.test.ts +++ b/src/tests/ScanTest.test.ts @@ -169,7 +169,7 @@ describe("ScanCreate cases", () => { it.skip('ScanOss Successful case', async () => { const wrapper = new CxWrapper(cxScanConfig); - const cxCommandOutput: CxCommandOutput = await wrapper.scanOss("tsc/tests/data/package.json"); + const cxCommandOutput: CxCommandOutput = await wrapper.ossScanResults("tsc/tests/data/package.json"); console.log("Json object from scanOSS successful case: " + JSON.stringify(cxCommandOutput)); expect(cxCommandOutput.payload).toBeDefined(); expect(cxCommandOutput.exitCode).toBe(0); From 5a8d67ab6e96b2de6823c78136cb725efac1a41f Mon Sep 17 00:00:00 2001 From: cx-sarah-chen <173361628+cx-sarah-chen@users.noreply.github.com> Date: Thu, 22 May 2025 15:16:40 +0300 Subject: [PATCH 3/3] Adds SCA vulnerability details and severity levels to CxOss --- src/main/oss/CxManifestStatus.ts | 6 ++- src/main/oss/CxOss.ts | 76 +++++++++++++++++++------------- 2 files changed, 50 insertions(+), 32 deletions(-) diff --git a/src/main/oss/CxManifestStatus.ts b/src/main/oss/CxManifestStatus.ts index b0e5c354..9947cf3d 100644 --- a/src/main/oss/CxManifestStatus.ts +++ b/src/main/oss/CxManifestStatus.ts @@ -1,5 +1,9 @@ export enum CxManifestStatus { malicious = "Malicious", ok = "OK", - unknown = "Unknown" + unknown = "Unknown", + critical = "Critical", + high = "High", + medium = "Medium", + low = "Low" } diff --git a/src/main/oss/CxOss.ts b/src/main/oss/CxOss.ts index 23c54d96..6b49bde1 100644 --- a/src/main/oss/CxOss.ts +++ b/src/main/oss/CxOss.ts @@ -1,46 +1,60 @@ -import {CxManifestStatus} from './CxManifestStatus'; +import { CxManifestStatus } from './CxManifestStatus'; export default class CxOssResult { - packageManager : string; - packageName : string; - version : string; - filepath : string; - lineStart : number; - lineEnd : number; - startIndex : number; - endIndex : number; - status :CxManifestStatus; - + packageManager: string; + packageName: string; + version: string; + filepath: string; + lineStart: number; + lineEnd: number; + startIndex: number; + endIndex: number; + status: CxManifestStatus; + vulnerabilities: { cve: string, description: string, severity: string }[]; static parseResult(resultObject: any): CxOssResult[] { const packages = resultObject.Packages; let ossResults: CxOssResult[] = []; if (packages instanceof Array) { - ossResults = packages.map((member: any) => { + ossResults = packages.map((member: any) => { const ossResult = new CxOssResult(); ossResult.packageManager = member.PackageManager; - ossResult.packageName = member.PackageName; - ossResult.version = member.PackageVersion; - ossResult.filepath = member.FilePath; - ossResult.lineStart = member.LineStart; - ossResult.lineEnd = member.LineEnd; - ossResult.startIndex = member.StartIndex; - ossResult.endIndex = member.EndIndex; - ossResult.status = member.Status as CxManifestStatus; + ossResult.packageName = member.PackageName; + ossResult.version = member.PackageVersion; + ossResult.filepath = member.FilePath; + ossResult.lineStart = member.LineStart; + ossResult.lineEnd = member.LineEnd; + ossResult.startIndex = member.StartIndex; + ossResult.endIndex = member.EndIndex; + ossResult.status = member.Status as CxManifestStatus; + ossResult.vulnerabilities = Array.isArray(member.Vulnerabilities) + ? member.Vulnerabilities.map((vul: any) => ({ + cve: vul.CVE, + description: vul.Description, + severity: vul.Severity + })) + : []; return ossResult; }); } else { - const ossResult = new CxOssResult(); - ossResult.packageManager = packages.PackageManager; - ossResult.packageName = packages.PackageName; - ossResult.version = packages.PackageVersion; - ossResult.filepath = packages.FilePath; - ossResult.lineStart = packages.LineStart; - ossResult.lineEnd = packages.LineEnd; - ossResult.startIndex = packages.StartIndex; - ossResult.endIndex = packages.EndIndex; - ossResult.status = packages.Status as CxManifestStatus; - ossResults.push(ossResult); + const ossResult = new CxOssResult(); + ossResult.packageManager = packages.PackageManager; + ossResult.packageName = packages.PackageName; + ossResult.version = packages.PackageVersion; + ossResult.filepath = packages.FilePath; + ossResult.lineStart = packages.LineStart; + ossResult.lineEnd = packages.LineEnd; + ossResult.startIndex = packages.StartIndex; + ossResult.endIndex = packages.EndIndex; + ossResult.status = packages.Status as CxManifestStatus; + ossResult.vulnerabilities = Array.isArray(packages.Vulnerabilities) + ? packages.Vulnerabilities.map((vul: any) => ({ + cve: vul.CVE, + description: vul.Description, + severity: vul.Severity + })) + : []; + ossResults.push(ossResult); } return ossResults; }