Skip to content

Commit

Permalink
Merge pull request #32 from Kretchen001/29-dependency-tree
Browse files Browse the repository at this point in the history 
29 dependency tree
  • Loading branch information
@KnYL3R
KnYL3R authored Jan 29, 2024
2 parents f27ba31 + 50484a0 commit ac21183
Show file tree
Hide file tree
Showing 6 changed files with 211 additions and 110 deletions.
78 changes: 78 additions & 0 deletions code/AmIVulnerable/AmIVulnerable/Controllers/DependeciesController.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
using Microsoft.AspNetCore.Mvc;
using Modells;
using Modells.Packages;
using Newtonsoft.Json;
using System.Diagnostics;
using System.Text.Json;

using F = System.IO.File;

namespace AmIVulnerable.Controllers {

[Route("api/[controller]")]
[ApiController]
public class DependeciesController : ControllerBase {

[HttpGet]
public IActionResult ExtractDependencies([FromHeader] ProjectType projectType) {
switch (projectType) {
case ProjectType.NodeJs: {
ExecuteCommand("npm", "install");
ExecuteCommand("npm", "list --all --json >> tree.json");
List<NodePackage> resTree = ExtractTree(AppDomain.CurrentDomain.BaseDirectory + "rawAnalyze/tree.json");
F.WriteAllText(AppDomain.CurrentDomain.BaseDirectory + "rawAnalyze/depTree.json", JsonConvert.SerializeObject(resTree));
return Ok(JsonConvert.SerializeObject(resTree));
}
default: {
return BadRequest();
}
}
}

private void ExecuteCommand(string prog, string command) {
ProcessStartInfo process = new ProcessStartInfo {
FileName = "cmd",
RedirectStandardInput = true,
WorkingDirectory = AppDomain.CurrentDomain.BaseDirectory + "rawAnalyze",
};
Process runProcess = Process.Start(process)!;
runProcess.StandardInput.WriteLine($"{prog} {command}");
runProcess.StandardInput.WriteLine($"exit");
runProcess.WaitForExit();
}

private List<NodePackage> ExtractTree(string filePath) {
List<NodePackage> packages = [];
using (JsonDocument jsonDocument = JsonDocument.Parse(F.ReadAllText(filePath))) {
if (jsonDocument.RootElement.TryGetProperty("dependencies", out JsonElement dependenciesElement) &&
dependenciesElement.ValueKind == JsonValueKind.Object) {
foreach (JsonProperty dependency in dependenciesElement.EnumerateObject()) {
NodePackage nodePackage = ExtractDependencyInfo(dependency);

packages.Add(nodePackage);
}
}
}
return packages;
}

private NodePackage ExtractDependencyInfo(JsonProperty dependency) {
NodePackage nodePackage = new NodePackage {
Name = dependency.Name
};
if (dependency.Value.TryGetProperty("version", out JsonElement versionElement) &&
versionElement.ValueKind == JsonValueKind.String) {
nodePackage.Version = versionElement.GetString() ?? "";
}
if (dependency.Value.TryGetProperty("dependencies", out JsonElement subDependenciesElement) &&
subDependenciesElement.ValueKind == JsonValueKind.Object) {
foreach (JsonProperty subDependency in subDependenciesElement.EnumerateObject()) {
NodePackage subNodePackage = ExtractDependencyInfo(subDependency);
nodePackage.Dependencies.Add(subNodePackage);
}
}

return nodePackage;
}
}
}
216 changes: 108 additions & 108 deletions code/AmIVulnerable/Modells/CVEcomp.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,192 +3,192 @@
/// <summary>Root class for the CVE Data</summary>
public class CVEcomp {
/// <summary></summary>
public string dataType { get; set; }
public string dataType { get; set; } = "";
/// <summary></summary>
public string dataVersion { get; set; }
public string dataVersion { get; set; } = "";
/// <summary></summary>
public CveMetadata cveMetadata { get; set; }
public CveMetadata cveMetadata { get; set; } = new CveMetadata();
/// <summary></summary>
public Containers containers { get; set; }
public Containers containers { get; set; } = new Containers();
}

public class Affected {
public string vendor { get; set; }
public string product { get; set; }
public List<string> platforms { get; set; }
public string collectionURL { get; set; }
public string packageName { get; set; }
public string repo { get; set; }
public List<string> modules { get; set; }
public List<string> programFiles { get; set; }
public List<ProgramRoutine> programRoutines { get; set; }
public List<Version> versions { get; set; }
public string defaultStatus { get; set; }
public string vendor { get; set; } = "";
public string product { get; set; } = "";
public List<string> platforms { get; set; } = [];
public string collectionURL { get; set; } = "";
public string packageName { get; set; } = "";
public string repo { get; set; } = "";
public List<string> modules { get; set; } = [];
public List<string> programFiles { get; set; } = [];
public List<ProgramRoutine> programRoutines { get; set; } = [];
public List<Version> versions { get; set; } = [];
public string defaultStatus { get; set; } = "";
}

public class Change {
public string at { get; set; }
public string status { get; set; }
public string at { get; set; } = "";
public string status { get; set; } = "";
}

public class Cna {
public ProviderMetadata providerMetadata { get; set; }

Check warning on line 35 in code/AmIVulnerable/Modells/CVEcomp.cs

View workflow job for this annotation

GitHub Actions / build-and-test-ubuntu-latest 

Non-nullable property 'providerMetadata' must contain a non-null value when exiting constructor. Consider declaring the property as nullable.

Check warning on line 35 in code/AmIVulnerable/Modells/CVEcomp.cs

View workflow job for this annotation

GitHub Actions / build-and-test-ubuntu-latest 

Non-nullable property 'providerMetadata' must contain a non-null value when exiting constructor. Consider declaring the property as nullable.

Check warning on line 35 in code/AmIVulnerable/Modells/CVEcomp.cs

View workflow job for this annotation

GitHub Actions / build-and-test-windows-latest 

Non-nullable property 'providerMetadata' must contain a non-null value when exiting constructor. Consider declaring the property as nullable.

Check warning on line 35 in code/AmIVulnerable/Modells/CVEcomp.cs

View workflow job for this annotation

GitHub Actions / build-and-test-windows-latest 

Non-nullable property 'providerMetadata' must contain a non-null value when exiting constructor. Consider declaring the property as nullable.

Check warning on line 35 in code/AmIVulnerable/Modells/CVEcomp.cs

View workflow job for this annotation

GitHub Actions / build-and-test-macOS-latest 

Non-nullable property 'providerMetadata' must contain a non-null value when exiting constructor. Consider declaring the property as nullable.

Check warning on line 35 in code/AmIVulnerable/Modells/CVEcomp.cs

View workflow job for this annotation

GitHub Actions / build-and-test-macOS-latest 

Non-nullable property 'providerMetadata' must contain a non-null value when exiting constructor. Consider declaring the property as nullable.
public string title { get; set; }
public DateTime datePublic { get; set; }
public List<ProblemType> problemTypes { get; set; }
public List<Impact> impacts { get; set; }
public List<Affected> affected { get; set; }
public List<Description> descriptions { get; set; }
public List<Metric> metrics { get; set; }
public List<Solution> solutions { get; set; }
public List<Workaround> workarounds { get; set; }
public List<Configuration> configurations { get; set; }
public List<Exploit> exploits { get; set; }
public List<Timeline> timeline { get; set; }
public List<Credit> credits { get; set; }
public List<Reference> references { get; set; }
public Source source { get; set; }
public List<TaxonomyMapping> taxonomyMappings { get; set; }
public string title { get; set; } = "";
public DateTime datePublic { get; set; } = new DateTime();
public List<ProblemType> problemTypes { get; set; } = [];
public List<Impact> impacts { get; set; } = [];
public List<Affected> affected { get; set; } = [];
public List<Description> descriptions { get; set; } = [];
public List<Metric> metrics { get; set; } = [];
public List<Solution> solutions { get; set; } = [];
public List<Workaround> workarounds { get; set; } = [];
public List<Configuration> configurations { get; set; } = [];
public List<Exploit> exploits { get; set; } = [];
public List<Timeline> timeline { get; set; } = [];
public List<Credit> credits { get; set; } = [];
public List<Reference> references { get; set; } = [];
public Source source { get; set; } = new Source();
public List<TaxonomyMapping> taxonomyMappings { get; set; } = [];
}

public class Configuration {
public string lang { get; set; }
public string value { get; set; }
public List<SupportingMedium> supportingMedia { get; set; }
public string lang { get; set; } = "";
public string value { get; set; } = "";
public List<SupportingMedium> supportingMedia { get; set; } = [];
}

public class Containers {
public Cna cna { get; set; }
public Cna cna { get; set; } = new Cna();
}

public class Credit {
public string lang { get; set; }
public string value { get; set; }
public string type { get; set; }
public string lang { get; set; } = "";
public string value { get; set; } = "";
public string type { get; set; } = "";
}

public class CveMetadata {
public string cveId { get; set; }
public string assignerOrgId { get; set; }
public string assignerShortName { get; set; }
public string requesterUserId { get; set; }
public int serial { get; set; }
public string state { get; set; }
public string cveId { get; set; } = "";
public string assignerOrgId { get; set; } = "";
public string assignerShortName { get; set; } = "";
public string requesterUserId { get; set; } = "";
public int serial { get; set; } = -1;
public string state { get; set; } = "";
}

public class CvssV31 {
public string version { get; set; }
public string attackVector { get; set; }
public string attackComplexity { get; set; }
public string privilegesRequired { get; set; }
public string userInteraction { get; set; }
public string scope { get; set; }
public string confidentialityImpact { get; set; }
public string integrityImpact { get; set; }
public string availabilityImpact { get; set; }
public double baseScore { get; set; }
public string baseSeverity { get; set; }
public string vectorString { get; set; }
public string version { get; set; } = "";
public string attackVector { get; set; } = "";
public string attackComplexity { get; set; } = "";
public string privilegesRequired { get; set; } = "";
public string userInteraction { get; set; } = "";
public string scope { get; set; } = "";
public string confidentialityImpact { get; set; } = "";
public string integrityImpact { get; set; } = "";
public string availabilityImpact { get; set; } = "";
public double baseScore { get; set; } = double.MinValue;
public string baseSeverity { get; set; } = "";
public string vectorString { get; set; } = "";
}

public class Description {
public string lang { get; set; }
public string cweId { get; set; }
public string description { get; set; }
public string type { get; set; }
public string value { get; set; }
public List<SupportingMedium> supportingMedia { get; set; }
public string lang { get; set; } = "";
public string cweId { get; set; } = "";
public string description { get; set; } = "";
public string type { get; set; } = "";
public string value { get; set; } = "";
public List<SupportingMedium> supportingMedia { get; set; } = [];
}

public class Exploit {
public string lang { get; set; }
public string value { get; set; }
public List<SupportingMedium> supportingMedia { get; set; }
public string lang { get; set; } = "";
public string value { get; set; } = "";
public List<SupportingMedium> supportingMedia { get; set; } = [];
}

public class Impact {
public string capecId { get; set; }
public List<Description> descriptions { get; set; }
public string capecId { get; set; } = "";
public List<Description> descriptions { get; set; } = [];
}

public class Metric {
public string format { get; set; }
public List<Scenario> scenarios { get; set; }
public CvssV31 cvssV3_1 { get; set; }
public string format { get; set; } = "";
public List<Scenario> scenarios { get; set; } = [];
public CvssV31 cvssV3_1 { get; set; } = new CvssV31();
}

public class ProblemType {
public List<Description> descriptions { get; set; }
public List<Description> descriptions { get; set; } = [];
}

public class ProgramRoutine {
public string name { get; set; }
public string name { get; set; } = "";
}

public class ProviderMetadata {
public string orgId { get; set; }
public string shortName { get; set; }
public DateTime dateUpdated { get; set; }
public string orgId { get; set; } = "";
public string shortName { get; set; } = "";
public DateTime dateUpdated { get; set; } = new DateTime();
}

public class Reference {
public string url { get; set; }
public string name { get; set; }
public List<string> tags { get; set; }
public string url { get; set; } = "";
public string name { get; set; } = "";
public List<string> tags { get; set; } = [];
}

public class Scenario {
public string lang { get; set; }
public string value { get; set; }
public string lang { get; set; } = "";
public string value { get; set; } = "";
}

public class Solution {
public string lang { get; set; }
public string value { get; set; }
public List<SupportingMedium> supportingMedia { get; set; }
public string lang { get; set; } = "";
public string value { get; set; } = "";
public List<SupportingMedium> supportingMedia { get; set; } = [];
}

public class Source {
public List<string> defects { get; set; }
public string advisory { get; set; }
public string discovery { get; set; }
public List<string> defects { get; set; } = [];
public string advisory { get; set; } = "";
public string discovery { get; set; } = "";
}

public class SupportingMedium {
public string type { get; set; }
public bool base64 { get; set; }
public string value { get; set; }
public string type { get; set; } = "";
public bool? base64 { get; set; } = null;
public string value { get; set; } = "";
}

public class TaxonomyMapping {
public string taxonomyName { get; set; }
public string taxonomyVersion { get; set; }
public List<TaxonomyRelation> taxonomyRelations { get; set; }
public string taxonomyName { get; set; } = "";
public string taxonomyVersion { get; set; } = "";
public List<TaxonomyRelation> taxonomyRelations { get; set; } = [];
}

public class TaxonomyRelation {
public string taxonomyId { get; set; }
public string relationshipName { get; set; }
public string relationshipValue { get; set; }
public string taxonomyId { get; set; } = "";
public string relationshipName { get; set; } = "";
public string relationshipValue { get; set; } = "";
}

public class Timeline {
public DateTime time { get; set; }
public string lang { get; set; }
public string value { get; set; }
public DateTime time { get; set; } = new DateTime();
public string lang { get; set; } = "";
public string value { get; set; } = "";
}

public class Version {
public string version { get; set; }
public string status { get; set; }
public string lessThan { get; set; }
public string versionType { get; set; }
public List<Change> changes { get; set; }
public string version { get; set; } = "";
public string status { get; set; } = "";
public string lessThan { get; set; } = "";
public string versionType { get; set; } = "";
public List<Change> changes { get; set; } = [];
}

public class Workaround {
public string lang { get; set; }
public string value { get; set; }
public List<SupportingMedium> supportingMedia { get; set; }
public string lang { get; set; } = "";
public string value { get; set; } = "";
public List<SupportingMedium> supportingMedia { get; set; } = [];
}
}
1 change: 1 addition & 0 deletions code/AmIVulnerable/Modells/CveResult.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ public class CveResult {
public string CveNumber { get; set; } = "";
public string Version { get; set; } = "";

/// <summary>Empty ctor</summary>
public CveResult() {
}
}
Expand Down
Loading

0 comments on commit ac21183

Please sign in to comment.