Scan from purl (#87)

* Scan from purl

Signed-off-by: san-zrl <[email protected]>

* Removed ResolvedScanRequest

Signed-off-by: san-zrl <[email protected]>

* frontend: add https:// to gitUrl if missing

Signed-off-by: san-zrl <[email protected]>

* update frontend: add scanUrl to model, rename gitBranch to revision, rename gitSubfolder to subfolder, rename gitPurls to purls, add projectIdentifier to model; backend: rename gitUrl to scanUrl in presentation/ScanRequest

Signed-off-by: Nicklas Körtge <[email protected]>

* add packageURL to 'stored' Aggregate and to reconstruction; add scanUrl to 'stored' Aggregate called Scan

Signed-off-by: Nicklas Körtge <[email protected]>

* add packageURL to 'stored' Aggregate and to reconstruction; add scanUrl to 'stored' Aggregate called Scan

Signed-off-by: Nicklas Körtge <[email protected]>

* rename command to event source command name, handle nullable git url or purl, rename to DepsDevService, some small refactoring

Signed-off-by: Nicklas Körtge <[email protected]>

* fix hhtpclient dependency

Signed-off-by: Nicklas Körtge <[email protected]>

---------

Signed-off-by: san-zrl <[email protected]>
Signed-off-by: Nicklas Körtge <[email protected]>
Co-authored-by: Nicklas Körtge <[email protected]>

frontend/src/components/home/ListTable.vue

@@ -11,7 +11,7 @@
         <cv-data-table-row v-for="scan in model.lastCboms" :key="scan.id">
           <cv-data-table-cell>
             <div class="container">
-              {{ scan.gitUrl }}
+              {{ scan.projectIdentifier }}
               <cv-icon-button
                 @click="openGitRepo(scan.gitUrl)"
                 kind="ghost"

frontend/src/components/home/SearchBar.vue

@@ -4,15 +4,15 @@
       <cv-search
         :light="true"
         class="search-bar"
-        placeholder="Enter the Git URL to scan"
-        v-model="model.codeOrigin.gitLink"
+        placeholder="Enter Git URL or Package URL to scan"
+        v-model="model.codeOrigin.scanUrl"
         @keyup.enter="connectAndScan(advancedOptions()[0], advancedOptions()[1], advancedOptions()[2])"
       />
       <cv-button
         class="search-button"
         :icon="ArrowRight24"
         @click="connectAndScan(advancedOptions()[0], advancedOptions()[1], advancedOptions()[2])"
-        :disabled="!model.codeOrigin.gitLink"
+        :disabled="!model.codeOrigin.scanUrl"
         >Scan</cv-button
       >
     </div>

frontend/src/components/results/ResultTitle.vue

@@ -7,11 +7,12 @@
             {{ dataTableTitle }}
           </h3>
           <h4 style="padding-bottom: 8px" v-html="dataTableSubtitle"></h4>
+          <cv-tag v-if="showLink" :label="linkLabel" />
           <cv-tag v-if="showBranch" :label="branchLabel" />
           <cv-tag v-if="showCommitID" :label="commitIDLabel" />
           <cv-tag v-if="showSubfolder" :label="subfolderLabel" />
           <cv-tag
-            v-for="purl in model.codeOrigin.gitPurls"
+            v-for="purl in model.codeOrigin.purls"
             :key="purl"
             :label="purl"
           ></cv-tag>
@@ -44,13 +45,16 @@ export default {
   },
   computed: {
     showLink() {
-      return model.codeOrigin.gitLink != null;
+      return model.codeOrigin.gitUrl != null;
+    },
+    linkLabel() {
+      return "gitUrl: " + model.codeOrigin.gitUrl;
     },
     showBranch() {
-      return model.codeOrigin.gitBranch != null;
+      return model.codeOrigin.revision != null;
     },
     branchLabel() {
-      return "branch: " + model.codeOrigin.gitBranch;
+      return "revision: " + model.codeOrigin.revision;
     },
     showCommitID() {
       return model.codeOrigin.commitID != null;
@@ -59,18 +63,20 @@ export default {
       return "commit: " + model.codeOrigin.commitID.slice(0, 7) + "...";
     },
     showSubfolder() {
-      return model.codeOrigin.gitSubfolder != null;
+      return model.codeOrigin.subfolder != null;
     },
     subfolderLabel() {
-      return "subfolder: " + model.codeOrigin.gitSubfolder;
+      return "subfolder: " + model.codeOrigin.subfolder;
     },
     dataTableTitle() {
       var title = "Unknown CBOM";
       if (model.codeOrigin.uploadedFileName != null) {
         title = model.codeOrigin.uploadedFileName + " (uploaded)";
       }
-      if (model.codeOrigin.gitLink != null) {
-        title = model.codeOrigin.gitLink.replace("https://", "");
+      if (model.codeOrigin.projectIdentifier != null) {
+        title = model.codeOrigin.projectIdentifier;
+      } else {
+        title = model.codeOrigin.scanUrl.replace("https://", "");
       }
       return title;
     },

frontend/src/components/results/modal/CryptoAssetDetails.vue

@@ -218,7 +218,7 @@ export default {
       return this.propertyPaths.filter(property => this.getPropertyValues(property.path));
     },
     getBomRef() {
-      if (this.asset == undefined || this.asset === null) {
+      if (this.asset === undefined || this.asset === null) {
         return
       }
       let values = this.getPropertyValues("bom-ref");

frontend/src/components/results/modal/GitInfoPrompt.vue

@@ -67,21 +67,21 @@ export default {
   methods: {
     confirm: function () {
       if (this.gitLink && (this.gitBranch || this.commitID)) {
-        model.codeOrigin.gitLink = this.gitLink;
+        model.codeOrigin.gitUrl = this.gitLink;
         if (this.selectedOption === "branch") {
-          model.codeOrigin.gitBranch = this.gitBranch;
+          model.codeOrigin.revision = this.gitBranch;
           model.codeOrigin.commitID = null; // remove the commit ID
         }
         if (this.selectedOption === "commitID") {
           model.codeOrigin.commitID = this.commitID;
-          model.codeOrigin.gitBranch = null; // remove the branch
+          model.codeOrigin.revision = null; // remove the branch
         }
         this.$emit("confirm-prompt");
       }
     },
     resetModal: function () {
-      this.gitLink = model.codeOrigin.gitLink;
-      this.gitBranch = model.codeOrigin.gitBranch;
+      this.gitLink = model.codeOrigin.scanUrl;
+      this.gitBranch = model.codeOrigin.revision;
       this.commitID = model.codeOrigin.commitID;
 
       // If the CBOM contains a branch but not a commit ID, show the branch by default

frontend/src/helpers/cbom.js

@@ -262,21 +262,21 @@ export function setCbom(cbom) {
 
   if (Object.hasOwn(cbom, "metadata")) {
     if (Object.hasOwn(cbom.metadata, "properties") && Array.isArray(cbom.metadata.properties)) {
-      model.codeOrigin.gitPurls = []
+      model.codeOrigin.purls = []
       cbom.metadata.properties.forEach(function (prop) {
         if (Object.hasOwn(prop, "name") && Object.hasOwn(prop, "value")) {
           switch (prop.name) {
-            case "git-url":
-              model.codeOrigin.gitLink = prop.value;
+            case "gitUrl":
+              model.codeOrigin.gitUrl = prop.value;
               break;
-            case "git-branch":
-              model.codeOrigin.gitBranch = prop.value;
+            case "revision":
+              model.codeOrigin.revision = prop.value;
               break;
-            case "git-subfolder":
-              model.codeOrigin.gitSubfolder = prop.value
+            case "subfolder":
+              model.codeOrigin.subfolder = prop.value
               break;
             case "purl":
-              model.codeOrigin.gitPurls.push(prop.value)
+              model.codeOrigin.purls.push(prop.value)
               break;
             case "commit":
               model.codeOrigin.commitID = prop.value
@@ -291,8 +291,9 @@ export function showResultFromApi(cbomApi) {
   let cbom = getCbomFromScan(cbomApi);
   setCbom(cbom);
   setDependenciesMap(cbom)
-  model.codeOrigin.gitLink = cbomApi.gitUrl;
-  model.codeOrigin.gitBranch = cbomApi.branch;
+  model.codeOrigin.projectIdentifier = cbomApi.projectIdentifier
+  model.codeOrigin.gitUrl = cbomApi.gitUrl;
+  model.codeOrigin.revision = cbomApi.branch;
   model.showResults = true;
 }
 
@@ -303,7 +304,7 @@ export function showResultFromUpload(cbom, name) {
   model.showResults = true;
 }
 
-// Takes a Scab object as returned by the API and returns the CBOM as an Object.
+// Takes a Scan object as returned by the API and returns the CBOM as an Object.
 export function getCbomFromScan(scan) {
   if (scan && scan.bom) {
     return scan.bom

frontend/src/helpers/general.js

@@ -51,8 +51,8 @@ export function openGitRepo(gitUrl) {
 }
 
 export function canOpenOnline() {
-  let gitUrl = model.codeOrigin.gitLink;
-  let branch = model.codeOrigin.gitBranch;
+  let gitUrl = model.codeOrigin.scanUrl;
+  let branch = model.codeOrigin.revision;
   let commitID = model.codeOrigin.commitID;
 
   if (gitUrl === undefined || gitUrl === null) {
@@ -75,8 +75,8 @@ export function getCodeLink(component, numberOfLinesBeforeAfter = 0) {
     return;
   }
 
-  let gitUrl = model.codeOrigin.gitLink;
-  let branch = model.codeOrigin.gitBranch;
+  let gitUrl = model.codeOrigin.gitUrl;
+  let branch = model.codeOrigin.revision;
   let commitID = model.codeOrigin.commitID;
 
   const occurrences = component.evidence.occurrences;

frontend/src/helpers/scan.js

@@ -81,19 +81,19 @@ function scan() {
   if (!model.scanning.socket) {
     model.addError(ErrorStatus.NoConnection);
     console.log("No socket in model");
-  } else if (!model.codeOrigin.gitLink) {
+  } else if (!model.codeOrigin.scanUrl) {
     model.addError(ErrorStatus.InvalidRepo);
-    console.log("Git URL not valid");
+    console.log("Not valid Git URL or Package URL");
   } else {
     // build scan request
     const scanRequest = {};
     // set scan options
-    scanRequest["gitUrl"] = model.codeOrigin.gitLink;
-    if (model.codeOrigin.gitBranch) {
-      scanRequest["branch"] = model.codeOrigin.gitBranch;
+    scanRequest["scanUrl"] = model.codeOrigin.scanUrl;
+    if (model.codeOrigin.revision) {
+      scanRequest["branch"] = model.codeOrigin.revision;
     }
-    if (model.codeOrigin.gitSubfolder) {
-      scanRequest["subfolder"] = model.codeOrigin.gitSubfolder;
+    if (model.codeOrigin.subfolder) {
+      scanRequest["subfolder"] = model.codeOrigin.subfolder;
     }
     // set credentials
     if (model.credentials.pat) {
@@ -137,9 +137,6 @@ function handleMessage(messageJson) {
     model.scanning.isScanning = false;
     // log
     console.error("Error from backend:", model.scanning.scanningStatusMessage);
-  } else if (obj["type"] === "PURL") {
-    model.codeOrigin.gitPurls = obj["purls"];
-    // This is not strictly necessary anymore now that I read PURLs from the CBOM, but it arrives before the CBOM so I leave it
   } else if (obj["type"] === "DETECTION") {
     let cryptoAssetJson = obj["message"];
     const cryptoAsset = JSON.parse(cryptoAssetJson);
@@ -150,7 +147,7 @@ function handleMessage(messageJson) {
     setCbom(JSON.parse(cbomString));
     console.log("Received CBOM from scanning:", model.cbom);
   } else if (obj["type"] === "BRANCH") {
-    model.codeOrigin.gitBranch = obj["message"];
+    model.codeOrigin.revision = obj["message"];
   } else if (obj["type"] === "SCANNED_FILE_COUNT") {
     model.scanning.numberOfFiles = obj["message"];
   } else if (obj["type"] === "SCANNED_NUMBER_OF_LINES") {
@@ -165,14 +162,22 @@ function handleMessage(messageJson) {
 }
 
 function setCodeOrigin(gitBranch, gitSubfolder) {
-  if (model.codeOrigin.gitLink) {
-    model.codeOrigin.gitLink = model.codeOrigin.gitLink.trim();
+  if (model.codeOrigin.scanUrl) {
+    model.codeOrigin.scanUrl = model.codeOrigin.scanUrl.trim();
+    // if it's not a package url
+    if (!model.codeOrigin.scanUrl.startsWith("pkg:")) {
+      // remove http if there, to make sure the request uses https
+      model.codeOrigin.scanUrl = model.codeOrigin.scanUrl.replace("http://", "")
+      if (!model.codeOrigin.scanUrl.startsWith("https://")) {
+        model.codeOrigin.scanUrl = "https://" + model.codeOrigin.scanUrl;
+      }
+    }
   }
   if (gitBranch) {
-    model.codeOrigin.gitBranch = gitBranch.trim();
+    model.codeOrigin.revision = gitBranch.trim();
   }
   if (gitSubfolder) {
-    model.codeOrigin.gitSubfolder = gitSubfolder.trim();
+    model.codeOrigin.subfolder = gitSubfolder.trim();
   }
 }
 

frontend/src/model.js

@@ -21,11 +21,13 @@ export const model = reactive({
     totalDuration: null,
   },
   codeOrigin: {
-    gitLink: null,
-    gitBranch: null,
-    gitSubfolder: null,
+    projectIdentifier: null,
+    scanUrl: null,
+    gitUrl: null,
+    revision: null,
+    subfolder: null,
     commitID: null,
-    gitPurls: [],
+    purls: [],
     uploadedFileName: null,
   },
   credentials: {
@@ -61,10 +63,13 @@ export const model = reactive({
     model.dependencies = null;
   },
   resetCodeOriginInfo() {
-    model.codeOrigin.gitLink = null;
-    model.codeOrigin.gitBranch = null;
-    model.codeOrigin.gitSubfolder = null;
-    model.codeOrigin.gitPurls = [];
+    model.codeOrigin.projectIdentifier = null
+    model.codeOrigin.scanUrl = null;
+    model.codeOrigin.gitUrl = null;
+    model.codeOrigin.revision = null;
+    model.codeOrigin.subfolder = null;
+    model.codeOrigin.commitID = null;
+    model.codeOrigin.purls = [];
     model.codeOrigin.uploadedFileName = null;
   },
   resetCredentials() {

pom.xml

@@ -109,6 +109,11 @@
       <groupId>org.eclipse.jgit</groupId>
       <artifactId>org.eclipse.jgit</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.apache.httpcomponents.client5</groupId>
+      <artifactId>httpclient5</artifactId>
+      <version>5.4.1</version>
+    </dependency>
 
 
     <dependency>

src/main/java/com/ibm/domain/scanning/GitUrl.java

@@ -20,7 +20,7 @@
 package com.ibm.domain.scanning;
 
 import app.bootstrap.core.ddd.IValueObject;
-import com.ibm.domain.scanning.errors.InvalidGitUrl;
+import com.ibm.domain.scanning.errors.InvalidScanUrl;
 import jakarta.annotation.Nonnull;
 import java.net.MalformedURLException;
 import java.net.URI;
@@ -29,11 +29,11 @@ public record GitUrl(@Nonnull String value) implements IValueObject {
 
     @SuppressWarnings("all")
     @Override
-    public void validate() throws InvalidGitUrl {
+    public void validate() throws InvalidScanUrl {
         try {
             URI.create(value).toURL();
         } catch (MalformedURLException | IllegalArgumentException e) {
-            throw new InvalidGitUrl(value);
+            throw new InvalidScanUrl(value);
         }
     }