From 946251456b1b10f90889f689efa531a7a54dc1bd Mon Sep 17 00:00:00 2001 From: iliaskaloup <39555236+iliaskaloup@users.noreply.github.com> Date: Mon, 27 Mar 2023 14:58:02 +0300 Subject: [PATCH] Fix potential cors issue. (#50) * Fix potential cors issue. * Update SmartCLIDEController.java --------- Co-authored-by: philipreimer <5737222+philipreimer@users.noreply.github.com> --- VulnerabilityAssessmentModels/vp_service.py | 4 +- .../controller/SmartCLIDEController.java | 114 ++---------------- 2 files changed, 10 insertions(+), 108 deletions(-) diff --git a/VulnerabilityAssessmentModels/vp_service.py b/VulnerabilityAssessmentModels/vp_service.py index 93acf66..6f3488b 100755 --- a/VulnerabilityAssessmentModels/vp_service.py +++ b/VulnerabilityAssessmentModels/vp_service.py @@ -7,7 +7,6 @@ from flask import Flask, jsonify, request import time -from flask_cors import CORS from waitress import serve #import json import os @@ -25,8 +24,7 @@ # Create the Flask app app = Flask(__name__) -# Enable CORS -CORS(app) + if len(sys.argv) != 3: sys.exit("Specify IP and PORT for the mongo database.") diff --git a/src/main/java/com/theia/controller/SmartCLIDEController.java b/src/main/java/com/theia/controller/SmartCLIDEController.java index a9c1e31..3166958 100755 --- a/src/main/java/com/theia/controller/SmartCLIDEController.java +++ b/src/main/java/com/theia/controller/SmartCLIDEController.java @@ -31,15 +31,14 @@ @RestController @RequestMapping("/smartclide") -@CrossOrigin("*") public class SmartCLIDEController { - @Value("${sonar.user}") + @Value("${sonar.user}") private String sonar_user; - @Value("${sonar.password}") - private String sonar_password; + @Value("${sonar.password}") + private String sonar_password; @Autowired private TheiaService theiaService; @@ -62,18 +61,13 @@ public class SmartCLIDEController { consumes = {MediaType.MULTIPART_FORM_DATA_VALUE}, produces = {MediaType.APPLICATION_JSON_VALUE} ) public ResponseEntity githubRetrieve(@RequestParam MultipartFile zip,@RequestPart LinkedHashMap>> sonarProperties) throws IOException, InterruptedException, ParserConfigurationException, SAXException, ParseException { - - - String filename = zip.getOriginalFilename(); String StringDir = this.fileUtilService.saveFolder(zip, filename); String name =filename.substring(0, filename.lastIndexOf('.')); File dir = new File(StringDir); - //Get CK amd metricKey values from the request - sonarProperties.get("CK").put("loc", new ArrayList<>()); HashMap> sonarAnalysis = new HashMap<>(); Set sonarMetrics = Set.copyOf(sonarProperties.get("metricKeys").keySet()); @@ -81,26 +75,21 @@ public ResponseEntity githubRetrieve(@RequestParam MultipartFile zip LinkedHashMap> analysis = new LinkedHashMap<>(); //Analyzing project with CK tool, alongside with the default values chosed for the CK tool - ArrayList stone = new ArrayList<>(sonarProperties.get("CK").keySet()); Files.setPosixFilePermissions(Paths.get(StringDir), PosixFilePermissions.fromString("rwxr-x---")); - HashMap ckValues = this.ckService.generateCustomCKValues(dir, new ArrayList<>(sonarProperties.get("CK").keySet())); analysis.put("CK", ckValues); //Analyzing with PMD tool, alongside with default values chosed for the PMD tool. PMDvalues valuesPMD = new PMDvalues(); - - //HashMap pmdValues = this.pmdService.generateCustomPMDValues(ckValues.get("loc"), StringDir.toString(), new ArrayList<>(sonarProperties.get("PMD").keySet())); - + valuesPMD = this.pmdService.generateCustomPMDValues(false,ckValues.get("loc"), StringDir.toString(), new ArrayList<>(sonarProperties.get("PMD").keySet())); HashMap pmdValues = valuesPMD.measurePMDProperties; analysis.put("PMD", pmdValues); //SONARQUBE checking if already analyzed and analyze - if (!sonarqubeService.projectExists(name, sonar_user,sonar_password)) { this.sonarqubeService.sonarMavenAnalysis(name, name, sonar_user,sonar_password,"zip"); //TimeUnit.SECONDS.sleep(0); @@ -110,19 +99,16 @@ public ResponseEntity githubRetrieve(@RequestParam MultipartFile zip //Analyze Sonarqube Metrics Hardcoded. Double linesOfCode = this.sonarqubeService.linesOfCode(sonar_user,sonar_password, name); - //Analyze //Sonarqube Vulnerabilities Hardcoded. sonarAnalysis.put("Sonarqube", this.sonarqubeService.sonarqubeCustomVulnerabilities(sonar_user,sonar_password, sonarProperties.get("Sonarqube").keySet(), name, linesOfCode)); - analysis.put("Sonarqube", sonarAnalysis.get("Sonarqube")); HashMap propertyScores = MeasureService.measureCustomPropertiesScore(analysis, sonarProperties); analysis.put("metrics", this.sonarqubeService.sonarqubeCustomMetrics(sonar_user,sonar_password, sonarMetrics, name)); analysis.put("Property_Scores", propertyScores); - //Calculating characteristic res for the characteristics the user chose. HashMap characteristicScores = MeasureService.measureCustomCharacteristicsScore(propertyScores, sonarProperties); analysis.put("Characteristic_Scores", characteristicScores); @@ -137,7 +123,6 @@ public ResponseEntity githubRetrieve(@RequestParam MultipartFile zip Set catg = new HashSet<>(sonarAnalysis.get("Sonarqube").keySet()); //Get hotspots from Sonarqube - HashMap hashHot = new HashMap<>(); hashHot = this.sonarqubeService.hotspotSearch(catg, sonar_user, sonar_password, name); @@ -152,34 +137,26 @@ public ResponseEntity githubRetrieve(@RequestParam MultipartFile zip JsonObject jsonObjectHash = new Gson().fromJson(jsonHash, JsonObject.class); JsonObject jsonObjectRecords= new Gson().fromJson(jsonRecords, JsonObject.class); - jsonObject.add("Hotspots", jsonObjectHash); jsonObject.add("PMD_issues", jsonObjectRecords); return new ResponseEntity(jsonObject, HttpStatus.OK); - } //Vulnerability Assessment API @RequestMapping(method = RequestMethod.GET, value = "/VulnerabilityAssessment") public ResponseEntity vulnerabilityPrediction(@RequestParam("project") String url, @RequestParam("lang")String language, @RequestParam("user_name") Optional user_name) throws IOException, InterruptedException, ParserConfigurationException, SAXException, ParseException { - String analysis = this.vpService.vulnerabilityPrediction(url, language, user_name); JsonObject jsonObject = new Gson().fromJson(analysis, JsonObject.class); return new ResponseEntity<>(jsonObject, HttpStatus.CREATED); - } - - - @RequestMapping(method = RequestMethod.POST, value = "/analyze", params = {"url", "language"}) //public ResponseEntity>> githubRetrieve(@RequestParam("url") String url, @RequestParam("language")String language, @RequestBody LinkedHashMap>> sonarProperties) throws IOException, InterruptedException, ParserConfigurationException, SAXException, ParseException { public ResponseEntity githubRetrieve(@RequestParam("url") String url, @RequestParam("language")String language, @RequestBody LinkedHashMap>> sonarProperties) throws IOException, InterruptedException, ParserConfigurationException, SAXException, ParseException, JDOMException, XPathExpressionException { UUID id = UUID.randomUUID(); - Pattern pattern = Pattern.compile("(\\/)(?!.*\\1)(.*)(.git)"); Matcher matcher = pattern.matcher(url); String name = ""; @@ -197,28 +174,18 @@ public ResponseEntity githubRetrieve(@RequestParam("url") String url boolean exists = this.theiaService.retrieveGithubCode(url, id); - - if (language.equals("Maven")) { - - //Get CK amd metricKey values from the request - sonarProperties.get("CK").put("loc", new ArrayList<>()); HashMap> sonarAnalysis = new HashMap<>(); Set sonarMetrics = Set.copyOf(sonarProperties.get("metricKeys").keySet()); - //Download git repository if it is not downloaded already, create a folder name with SHA from latest commit - - Files.setPosixFilePermissions(Paths.get("/home/upload/" + name), PosixFilePermissions.fromString("rwxr-x---")); - LinkedHashMap> analysis = new LinkedHashMap<>(); //Analyzing project with CK tool, alongside with the default values chosed for the CK tool - ArrayList stone = new ArrayList<>(sonarProperties.get("CK").keySet()); HashMap ckValues = this.ckService.generateCustomCKValues(dir, new ArrayList<>(sonarProperties.get("CK").keySet())); @@ -228,16 +195,12 @@ public ResponseEntity githubRetrieve(@RequestParam("url") String url PMDvalues valuesPMD = new PMDvalues(); //SONARQUBE checking if already analyzed and analyze - if ((!analyzed)) { this.sonarqubeService.sonarMavenAnalysis(name, name, sonar_user, sonar_password, "git"); //TimeUnit.SECONDS.sleep(0); valuesPMD = this.pmdService.generateCustomPMDValues(exists,ckValues.get("loc"), dir.toString(), new ArrayList<>(sonarProperties.get("PMD").keySet())); - - } - else{ + } else { valuesPMD = this.pmdService.generateCustomPMDValues(exists,ckValues.get("loc"), dir.toString(), new ArrayList<>(sonarProperties.get("PMD").keySet())); - } HashMap pmdValues = valuesPMD.measurePMDProperties; @@ -247,25 +210,19 @@ public ResponseEntity githubRetrieve(@RequestParam("url") String url //Analyze Sonarqube Metrics Hardcoded. Double linesOfCode = this.sonarqubeService.linesOfCode(sonar_user, sonar_password, name); - //Analyze //Sonarqube Vulnerabilities Hardcoded. - sonarAnalysis.put("Sonarqube", this.sonarqubeService.sonarqubeCustomVulnerabilities(sonar_user, sonar_password, sonarProperties.get("Sonarqube").keySet(), name, linesOfCode)); - analysis.put("Sonarqube", sonarAnalysis.get("Sonarqube")); Set catg = new HashSet<>(sonarAnalysis.get("Sonarqube").keySet()); - -// JsonArray jsonObject = new JsonParser().parse(jsonHotspots).getAsJsonArray(); HashMap propertyScores = MeasureService.measureCustomPropertiesScore(analysis, sonarProperties); analysis.put("metrics", this.sonarqubeService.sonarqubeCustomMetrics(sonar_user, sonar_password, sonarMetrics, name)); analysis.put("Property_Scores", propertyScores); - //Calculating characteristic res for the characteristics the user chose. HashMap characteristicScores = MeasureService.measureCustomCharacteristicsScore(propertyScores, sonarProperties); analysis.put("Characteristic_Scores", characteristicScores); @@ -280,7 +237,6 @@ public ResponseEntity githubRetrieve(@RequestParam("url") String url HashMap hashHot = new HashMap<>(); hashHot = this.sonarqubeService.hotspotSearch(catg, sonar_user, sonar_password, name); - Gson gson = new Gson(); String jsonHash = gson.toJson(hashHot); String jsonRecords = gson.toJson(valuesPMD.recordCategories); @@ -296,34 +252,19 @@ public ResponseEntity githubRetrieve(@RequestParam("url") String url return new ResponseEntity(jsonObject, HttpStatus.OK); } else if ((language.equals("Javascript")) || (language.equals("Python"))) { - - // Get Metric Keys HashMap> sonarAnalysis = new HashMap<>(); Set sonarMetrics = Set.copyOf(sonarProperties.get("metricKeys").keySet()); - LinkedHashMap> analysis = new LinkedHashMap<>(); -// File dir = new File("/home/upload/" + id.toString()); -// if (dir.exists()) { -// FileUtils.deleteDirectory(dir); -// } - - - - if (!analyzed) { this.sonarqubeService.sonarScannerAnalysis( name, sonar_user,sonar_password); - //TimeUnit.SECONDS.sleep(20); - } - Double linesOfCode = this.sonarqubeService.linesOfCode(sonar_user,sonar_password, name); - sonarAnalysis.put("metrics", this.sonarqubeService.sonarqubeCustomMetrics(sonar_user,sonar_password, sonarMetrics, name)); sonarAnalysis.put("Sonarqube", this.sonarqubeService.sonarqubeCustomVulnerabilities(sonar_user,sonar_password, sonarProperties.get("Sonarqube").keySet(), name, linesOfCode)); @@ -335,12 +276,10 @@ public ResponseEntity githubRetrieve(@RequestParam("url") String url analysis.put("metrics", sonarAnalysis.get("metrics")); // Calculating characteristic scores for the characteristics the user chose. - HashMap characteristicScores = MeasureService.measureCustomCharacteristicsScore(propertyScores, sonarProperties); analysis.put("Characteristic_Scores", characteristicScores); // Calculating security index. - HashMap securityIndex = MeasureService.measureSecurityIndex(characteristicScores); analysis.put("Security_index", securityIndex); @@ -348,7 +287,6 @@ public ResponseEntity githubRetrieve(@RequestParam("url") String url Set catg =new HashSet<>(sonarAnalysis.get("Sonarqube").keySet()); - HashMap hashHot = new HashMap<>(); hashHot = this.sonarqubeService.hotspotSearch(catg, sonar_user, sonar_password, name); @@ -365,40 +303,19 @@ public ResponseEntity githubRetrieve(@RequestParam("url") String url return new ResponseEntity(jsonObject, HttpStatus.OK); } else if (language.equals("CPP")) { - - //Download git repository if it is not downloaded already, create a folder name with SHA from latest commit - //File dir = new File("/home/upload/" + id.toString()); - -// if (dir.exists()) { -// FileUtils.deleteDirectory(dir); -// } - - - - //File folderSHA = new File("/home/upload/" + name); - //dir.renameTo(folderSHA); - //Run CPP analysis if (!analyzed) { this.sonarqubeService.sonarCppAnalysis(exists,name, name, sonar_user,sonar_password); - TimeUnit.SECONDS.sleep(30); - - } - else if(exists==false){ - + } else if(exists==false){ this.sonarqubeService.runCPPcheck(name); - - } - HashMap> sonarAnalysis = new HashMap<>(); LinkedHashMap> analysis = new LinkedHashMap<>(); - Double linesOfCode = this.sonarqubeService.linesOfCode(sonar_user,sonar_password, name); sonarAnalysis.put("Sonarqube", this.sonarqubeService.sonarqubeCustomCPP(sonar_user,sonar_password, linesOfCode, name, new ArrayList<>(sonarProperties.get("Sonarqube").keySet()))); @@ -406,7 +323,6 @@ else if(exists==false){ HashMap propertyScores = MeasureService.measureCustomPropertiesScore(analysis, sonarProperties); sonarAnalysis.put("Property_Scores", propertyScores); - // Calculating characteristic scores for the characteristics the user chose. HashMap characteristicScores = MeasureService.measureCustomCharacteristicsScore(propertyScores, sonarProperties); sonarAnalysis.put("Characteristic_Scores", characteristicScores); @@ -415,28 +331,22 @@ else if(exists==false){ HashMap securityIndex = MeasureService.measureSecurityIndex(characteristicScores); sonarAnalysis.put("Security_index", securityIndex); - analysis.put("Sonarqube", sonarAnalysis.get("Sonarqube")); Gson gson = new Gson(); String jsonString = gson.toJson(sonarAnalysis); String xmlcpp = gson.toJson(this.sonarqubeService.iterateXML(name)); - JsonObject jsonObject = new Gson().fromJson(jsonString, JsonObject.class); JsonArray jsonXML= new Gson().fromJson(xmlcpp, JsonArray.class); jsonObject.add("CPP",jsonXML); return new ResponseEntity(jsonObject, HttpStatus.OK); - - - }else { - // Return the analysis map. + } else { + // Return the analysis map. return new ResponseEntity<>(null, HttpStatus.CREATED); } } - - public static void updateEnv(String name, String val) throws ReflectiveOperationException { Map env = System.getenv(); Field field = env.getClass().getDeclaredField("m"); @@ -448,19 +358,13 @@ public List toList(JsonArray array) { List list = new ArrayList(); for(int i = 0; i < array.size(); i++) { Object value = array.get(i); - list.add(value); } return list; } - - - - @GetMapping("/test") public ResponseEntity test(){ return new ResponseEntity<>("Hello", HttpStatus.OK); } - -} \ No newline at end of file +}