safedep/vet
1
0
Fork 0
mirror of https://github.com/safedep/vet.git synced 2025-12-10 00:22:08 -06:00
Code Issues Packages Projects Releases 68 Wiki Activity

Merge pull request #296 from safedep/fix/rubygems-project-json-report

Browse Source 
fix: RubyGems JSON report project URL handling
This commit is contained in:
Abhisek Datta 2024-12-05 17:55:27 +05:30 committed by GitHub
commit 5ef16388de
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
pkg/reporter/json_report.go
View File

@ -3,6 +3,7 @@ package reporter
import (
"os"
"slices"
"strings"
"time"
"github.com/safedep/dry/utils"
@ -271,6 +272,28 @@ func (j *jsonReportGenerator) buildJsonPackageReportFromPackage(p *models.Packag
})
}
// Re-usable function to get project name and url from scorecard
// when projects are not available in insights
getProjectFromScorecard := func() (string, string) {
scorecard := utils.SafelyGetValue(insights.Scorecard)
content := utils.SafelyGetValue(scorecard.Content)
repository := utils.SafelyGetValue(content.Repository)
projectUrl := utils.SafelyGetValue(repository.Name)
projectName := ""
parts := strings.SplitN(projectUrl, "/", 2)
if len(parts) == 2 {
projectName = parts[1]
}
if projectUrl != "" && !strings.HasPrefix(projectUrl, "http") {
projectUrl = "https://" + projectUrl
}
return projectName, projectUrl
}
for _, project := range projects {
stars := utils.SafelyGetValue(project.Stars)
projectUrl := utils.SafelyGetValue(project.Link)
@ -282,6 +305,19 @@ func (j *jsonReportGenerator) buildJsonPackageReportFromPackage(p *models.Packag
})
}
// Project Url can be empty because we use custom data source
// for RubyGems. We should copy from scorecard
if len(projects) == 0 {
projectName, projectUrl := getProjectFromScorecard()
if projectUrl != "" {
pkg.Projects = append(pkg.Projects, &modelspec.InsightProjectInfo{
Name: projectName,
Url: projectUrl,
})
}
}
if len(pkg.Vulnerabilities) > 0 {
pkg.Advices = append(pkg.Advices, &schema.RemediationAdvice{
Type: schema.RemediationAdviceType_UpgradePackage,

1
test/scenarios/all.sh
View File

@ -15,3 +15,4 @@ bash $E2E_THIS_DIR/scenario-3-filter-fail-fast.sh
bash $E2E_THIS_DIR/scenario-4-lfp-fail-fast.sh
bash $E2E_THIS_DIR/scenario-5-gradle-depgraph-build.sh
bash $E2E_THIS_DIR/scenario-6-manifest-flag.sh
bash $E2E_THIS_DIR/scenario-7-rubygems-project-url.sh

10
test/scenarios/scenario-7-rubygems-project-url.sh Normal file
View File

@ -0,0 +1,10 @@
#!/bin/bash
set -ex
$E2E_VET_SCAN_CMD \
scan --github https://github.com/abhisek/swachalit \
--report-json /tmp/swachalit.json \
--filter-suite ./samples/filter-suites/fs-generic.yml
grep "https://github.com/rails/ruby-coffee-script" /tmp/swachalit.json