Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

create SimpleAnalyseNpmList Post-Endpoint #70

Closed
1 of 5 tasks
KnYL3R opened this issue Jun 4, 2024 · 0 comments · Fixed by #72
Closed
1 of 5 tasks

create SimpleAnalyseNpmList Post-Endpoint #70

KnYL3R opened this issue Jun 4, 2024 · 0 comments · Fixed by #72
Assignees
@KnYL3R
Labels
enhancement New feature or request

Comments

@KnYL3R
Copy link
Collaborator

KnYL3R commented Jun 4, 2024
edited
Loading

AC's:

  • Post Endpoint created that:
  • takes list of "ProjectUrl, [Tags]" as Json (ProjectUrl is full: https://... and Tags is a list of string of all Tags of that project that need to be analyzed)
  • Comapres dependencies with CVE-Data
  • ONLY compare CVE-Data that was accessible/published at the time of the tag!!
  • Compare Tag Timestamp with cveMetadata.datePublished
  • Return JSON or other format that is easy to interpret, if Json make it LinkedData!:
{
   ProjectUrl: ... string
   Tag: ... string
   TotalDirectDependencies: ... number
   TotalDirectAndTransitiveDependencies: ... number
   TotalDirectVulnerabilities: ... number
   TotalDirectAndTransitiveVulnerabilities: ... number
   TransitiveVulnerabilities: [
      TransitivityDegree: ... number (0: dependency of direct dependency, 1: dep of 1st degree transitive dep)
   ]
   HighestDirectSeverity: ... number
   HighestTransitiveSeverity: {
      TransitivityDegree: ... number
      Severity: ... number
   }
}

Technical info:

  • Goal is to analyse up to 1000 Maven projects at a time so there needs to be a mechanism for saving data while processing
  • there should NOT be another call to f.ex. clone endpoint needed by the user beforehand, cloning should be included in this endpoint with a subsequent checkout of the list of tags before deleting the project for space and keeping the analysed Data (doesnt need to be the tree, just the result Data)
@KnYL3R KnYL3R added the enhancement New feature or request label Jun 4, 2024
@KnYL3R KnYL3R self-assigned this Jun 4, 2024
@KnYL3R KnYL3R changed the title create AnalyseMavenList Post-Endpoint create SimpleAnalyseNpmList Post-Endpoint Jun 10, 2024
@KnYL3R KnYL3R linked a pull request Nov 6, 2024 that will close this issue
70 create analysemavenlist post endpoint #72
Merged
@KnYL3R KnYL3R closed this as completed in #72 Nov 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KnYL3R KnYL3R

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

70 create analysemavenlist post endpoint WSE-research/AmIVulnerable
1 participant
@KnYL3R