From 494a609bf710712a04e0bd8db1f00df66efc40ff Mon Sep 17 00:00:00 2001 From: core software devel Date: Thu, 22 Aug 2024 12:35:49 +0000 Subject: [PATCH] replace MD5_LEN by key_ln --- inc/util.h | 5 ----- src/attributions.c | 16 ++++++++-------- src/binary_scan.c | 20 ++++++++++---------- src/component.c | 12 ++++++------ src/debug.c | 4 ++-- src/dependency.c | 12 ++++++------ src/file.c | 8 ++++---- src/hpsm.c | 6 +++--- src/license.c | 2 +- src/match.c | 18 +++++++++--------- src/match_list.c | 4 ++-- src/mz.c | 6 +++--- src/query.c | 4 ++-- src/report.c | 11 +++++------ src/scan.c | 19 +++++++------------ src/snippets.c | 10 +++++----- src/url.c | 6 +++--- src/util.c | 21 ++++++--------------- src/versions.c | 2 +- 19 files changed, 83 insertions(+), 103 deletions(-) diff --git a/inc/util.h b/inc/util.h index d803139..a603b8d 100644 --- a/inc/util.h +++ b/inc/util.h @@ -26,11 +26,6 @@ char *datestamp(void); /* Prints a "created" JSON element with the current datestamp */ void print_datestamp(void); -//void file_md5(char *filepath, uint8_t *md5_result); - -/* Returns a string with a hex representation of md5 */ -char *md5_hex(uint8_t *md5); - /* Removes chr from str */ void remove_char(char *str, char chr); diff --git a/src/attributions.c b/src/attributions.c index e9a85b4..ac67673 100644 --- a/src/attributions.c +++ b/src/attributions.c @@ -54,10 +54,10 @@ bool notices_handler(uint8_t *key, uint8_t *subkey, int subkey_ln, \ uint8_t *data, uint32_t datalen, int iteration, void *ptr) { - if (datalen != 2 * MD5_LEN) return false; - char hexkey[MD5_LEN * 2 + 1]; - memcpy(hexkey, data, MD5_LEN * 2); - hexkey[MD5_LEN * 2] = 0; + if (datalen != 2 * oss_attribution.key_ln) return false; + char hexkey[oss_attribution.key_ln * 2 + 1]; + memcpy(hexkey, data, oss_attribution.key_ln * 2); + hexkey[oss_attribution.key_ln * 2] = 0; /* Print attribution notice header */ char *component = (char *) ptr; @@ -86,11 +86,11 @@ uint8_t *data, uint32_t datalen, int iteration, void *ptr) { bool *valid = (bool *) ptr; - if (datalen != MD5_LEN) return false; + if (datalen != oss_attribution.key_ln) return false; /* Convert key */ uint8_t attr_id[16]; - ldb_hex_to_bin((char *) data, MD5_LEN * 2, attr_id); + ldb_hex_to_bin((char *) data, oss_attribution.key_ln * 2, attr_id); /* Define mz_job values */ struct mz_job job; @@ -100,7 +100,7 @@ uint8_t *data, uint32_t datalen, int iteration, void *ptr) job.mz_ln = 0; job.id = NULL; job.ln = 0; - job.md5[MD5_LEN] = 0; + job.md5[oss_attribution.key_ln] = 0; job.key = NULL; /* If file does not exist, exit with valid = false */ @@ -288,7 +288,7 @@ int attribution_notices(char * components) char * licenses_json = notices_load_file(); /* Validate SBOM */ declared_components = get_components(components); - if (check_purl_attributions(oss_attribution, licenses_json) && !debug_on) + if (check_purl_attributions(oss_attribution, licenses_json)) /* Print attribution notices */ print_purl_attribution_notices(oss_attribution, licenses_json); diff --git a/src/binary_scan.c b/src/binary_scan.c index bda72e6..5305889 100644 --- a/src/binary_scan.c +++ b/src/binary_scan.c @@ -68,7 +68,7 @@ static bool add_purl_from_urlid(uint8_t *key, uint8_t *subkey, int subkey_ln, ui if (iteration > MAX_URLS) return true; /* Ignore path lengths over the limit */ - if (!datalen || datalen >= (MD5_LEN + MAX_FILE_PATH)) return false; + if (!datalen || datalen >= (oss_file.key_ln + MAX_FILE_PATH)) return false; /* Decrypt data */ char * decrypted = decrypt_data(raw_data, datalen, oss_file, key, subkey); @@ -77,8 +77,8 @@ static bool add_purl_from_urlid(uint8_t *key, uint8_t *subkey, int subkey_ln, ui component_list_t * component_list = (component_list_t*) ptr; /* Copy data to memory */ - uint8_t url_id[MD5_LEN]; - memcpy(url_id, raw_data, MD5_LEN); + uint8_t url_id[oss_url.key_ln]; + memcpy(url_id, raw_data, oss_url.key_ln); char path[MAX_FILE_PATH+1]; strncpy(path, decrypted, MAX_FILE_PATH); @@ -138,7 +138,7 @@ static bool get_all_file_ids(uint8_t *key, uint8_t *subkey, int subkey_ln, uint8 { if (iteration < max_files_to_process * 2) { - memcpy(files[iteration].url_id, data, MD5_LEN); + memcpy(files[iteration].url_id, data, oss_url.key_ln); return false; } return true; @@ -255,16 +255,16 @@ extern bool first_file; int binary_scan(char * input) { /* Get file MD5 */ - char * hexmd5 = strndup(input, MD5_LEN * 2); + char * hexmd5 = strndup(input, oss_file.key_ln * 2); scanlog("Bin File md5 to be scanned: %s\n", hexmd5); - uint8_t bin_md5[MD5_LEN]; - ldb_hex_to_bin(hexmd5, MD5_LEN * 2, bin_md5); + uint8_t bin_md5[oss_file.key_ln]; + ldb_hex_to_bin(hexmd5, oss_file.key_ln * 2, bin_md5); free(hexmd5); - uint8_t zero_md5[MD5_LEN] = {0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e}; //empty string md5 + /*uint8_t zero_md5[oss_file.key_ln] = {0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e}; //empty string md5 if (!memcmp(zero_md5,bin_md5, MD5_LEN)) //the md5 key of an empty string must be skipped. - return -1; + return -1;*/ if (ldb_key_exists(oss_file, bin_md5)) { @@ -274,7 +274,7 @@ int binary_scan(char * input) char * target = strndup(file_name, target_len); scan_data_t * scan = scan_data_init(target, 1, 1); free(target); - memcpy(scan->md5, bin_md5, MD5_LEN); + memcpy(scan->md5, bin_md5, oss_file.key_ln); scan->match_type = MATCH_FILE; compile_matches(scan); diff --git a/src/component.c b/src/component.c index e5a133a..6d754e3 100644 --- a/src/component.c +++ b/src/component.c @@ -92,7 +92,7 @@ component_data_t *component_data_copy(component_data_t *in) out->latest_version = strdup(in->latest_version); out->license = strdup(in->license); out->url_match = in->url_match; - memcpy(out->url_md5, in->url_md5, MD5_LEN); + memcpy(out->url_md5, in->url_md5, oss_url.key_ln); if (in->main_url) out->main_url = strdup(in->main_url); out->url = strdup(in->url); @@ -106,8 +106,8 @@ component_data_t *component_data_copy(component_data_t *in) if (in->purls_md5[i]) { - out->purls_md5[i] = malloc(MD5_LEN); - memcpy(out->purls_md5[i], in->purls_md5[i], MD5_LEN); + out->purls_md5[i] = malloc(oss_purl.key_ln); + memcpy(out->purls_md5[i], in->purls_md5[i], oss_purl.key_ln); } } @@ -226,7 +226,7 @@ bool fill_component(component_data_t *component, uint8_t *url_key, char *file_pa /* Extract fields from file record */ if (url_key) { - memcpy(component->url_md5, url_key, MD5_LEN); + memcpy(component->url_md5, url_key, oss_url.key_ln); if (file_path) { component->file = strdup(look_for_version(file_path)); @@ -291,14 +291,14 @@ bool component_date_comparation(component_data_t *a, component_data_t *b) if (!a->purls_md5[0] && a->purls[0]) { - a->purls_md5[0] = malloc(MD5_LEN); + a->purls_md5[0] = malloc(oss_url.key_ln); MD5((uint8_t *)a->purls[0], strlen(a->purls[0]), a->purls_md5[0]); a->age = get_component_age(a->purls_md5[0]); } if (!b->purls_md5[0] && b->purls[0]) { - b->purls_md5[0] = malloc(MD5_LEN); + b->purls_md5[0] = malloc(oss_purl.key_ln); MD5((uint8_t *)b->purls[0], strlen(b->purls[0]), b->purls_md5[0]); b->age = get_component_age(b->purls_md5[0]); } diff --git a/src/debug.c b/src/debug.c index c6ffea5..a76ad05 100644 --- a/src/debug.c +++ b/src/debug.c @@ -162,7 +162,7 @@ void map_dump(scan_data_t *scan) /* Print matching MD5 */ uint8_t *md5 = scan->matchmap[i].md5; - for (int j = 0; j < MD5_LEN; j++) fprintf(map, "%02x", md5[j]); + for (int j = 0; j < oss_file.key_ln; j++) fprintf(map, "%02x", md5[j]); /* Print hits */ fprintf(map, " %04x ", scan->matchmap[i].hits); @@ -198,7 +198,7 @@ void scan_benchmark() { scan_data_t * scan = scan_data_init("pseudo_file", 0, 0); scan->preload = true; - memcpy(scan->md5, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", MD5_LEN); + memset(scan->md5, 0, oss_file.key_ln); strcpy(scan->file_size, "1024"); progress ("Scanning: ", f + 1, total_files, false); diff --git a/src/dependency.c b/src/dependency.c index 266a77f..3a545ae 100644 --- a/src/dependency.c +++ b/src/dependency.c @@ -125,10 +125,10 @@ int print_dependencies(component_data_t * comp) if (!records) for (int i = 0; i < MAX_PURLS && comp->purls[i]; i++) { - uint8_t md5[MD5_LEN]; - purl_version_md5(md5, comp->purls[i], comp->version); + uint8_t hash[oss_purl.key_ln]; + purl_version_md5(hash, comp->purls[i], comp->version); - records = ldb_fetch_recordset(NULL, oss_dependency, md5, false, print_dependencies_item, comp); + records = ldb_fetch_recordset(NULL, oss_dependency, hash, false, print_dependencies_item, comp); if (records) { scanlog("Dependency matches (%d) reported for %s@%s\n", records, comp->purls[i],comp->version); @@ -141,10 +141,10 @@ int print_dependencies(component_data_t * comp) if (!records) for (int i = 0; i < MAX_PURLS && comp->purls[i]; i++) { - uint8_t md5[MD5_LEN]; - purl_version_md5(md5, comp->purls[i], comp->latest_version); + uint8_t hash[oss_purl.key_ln]; + purl_version_md5(hash, comp->purls[i], comp->latest_version); - records = ldb_fetch_recordset(NULL, oss_dependency, md5, false, print_dependencies_item, comp); + records = ldb_fetch_recordset(NULL, oss_dependency, hash, false, print_dependencies_item, comp); if (records) { scanlog("Dependency matches (%d) reported for %s@%s\n", records, comp->purls[i],comp->latest_version); diff --git a/src/file.c b/src/file.c index 5f2a3f1..6652796 100644 --- a/src/file.c +++ b/src/file.c @@ -196,7 +196,7 @@ bool collect_all_files(uint8_t *key, uint8_t *subkey, int subkey_ln, uint8_t *ra if (iteration >= FETCH_MAX_FILES) return true; /* Ignore path lengths over the limit */ - if (!datalen || datalen >= (MD5_LEN + MAX_FILE_PATH)) return false; + if (!datalen || datalen >= (oss_file.key_ln + MAX_FILE_PATH)) return false; /* Decrypt data */ char * decrypted = decrypt_data(raw_data, datalen, oss_file, key, subkey); @@ -205,7 +205,7 @@ bool collect_all_files(uint8_t *key, uint8_t *subkey, int subkey_ln, uint8_t *ra /* Copy data to memory */ file_recordset *files = ptr; - memcpy(files[iteration].url_id, raw_data, MD5_LEN); + memcpy(files[iteration].url_id, raw_data, oss_url.key_ln); strncpy(files[iteration].path, decrypted, MAX_FILE_PATH); free(decrypted); @@ -229,7 +229,7 @@ bool collect_all_files(uint8_t *key, uint8_t *subkey, int subkey_ln, uint8_t *ra bool count_all_files(uint8_t *key, uint8_t *subkey, int subkey_ln, uint8_t *raw_data, uint32_t datalen, int iteration, void *ptr) { /* Ignore path lengths over the limit */ - if (!datalen || datalen >= (MD5_LEN + MAX_FILE_PATH)) return false; + if (!datalen || datalen >= (oss_file.key_ln + MAX_FILE_PATH)) return false; int * count = ptr; *count = iteration; @@ -275,7 +275,7 @@ bool get_first_file(uint8_t *key, uint8_t *subkey, int subkey_ln, uint8_t *data, return false; *(char *)ptr = 0; - char *ext = file_extension((char *)file_data + MD5_LEN); + char *ext = file_extension((char *)file_data + oss_file.key_ln); if (ext) strcpy((char *) ptr, ext); diff --git a/src/hpsm.c b/src/hpsm.c index c116774..aef202e 100644 --- a/src/hpsm.c +++ b/src/hpsm.c @@ -105,9 +105,9 @@ struct ranges hpsm_calc(uint8_t *file_md5) return r; } scanlog("Running HPSM\n"); - char *file = md5_hex(file_md5); - struct ranges result = hpsm(hpsm_crc_lines, file); - free(file); + char file_hex[oss_file.key_ln * 2 + 1]; + ldb_bin_to_hex(file_md5, oss_file.key_ln, file_hex); + struct ranges result = hpsm(hpsm_crc_lines, file_hex); return result; } diff --git a/src/license.c b/src/license.c index 3281ce6..e203cbf 100644 --- a/src/license.c +++ b/src/license.c @@ -372,7 +372,7 @@ void print_licenses(component_data_t *comp) for (int i = 0; i < MAX_PURLS && comp->purls[i]; i++) { /* Calculate purl@version md5 */ - uint8_t purlversion_md5[MD5_LEN]; + uint8_t purlversion_md5[oss_purl.key_ln]; purl_version_md5(purlversion_md5, comp->purls[i], comp->version); records = ldb_fetch_recordset(NULL, oss_license, purlversion_md5, false, print_licenses_item, comp); diff --git a/src/match.c b/src/match.c index 333795a..5d29cc9 100644 --- a/src/match.c +++ b/src/match.c @@ -84,7 +84,7 @@ void match_data_free(match_data_t *data) match_data_t * match_data_copy(match_data_t * in) { match_data_t * out = calloc(1, sizeof(*out)); - memcpy(out->file_md5,in->file_md5,MD5_LEN); + memcpy(out->file_md5,in->file_md5,oss_file.key_ln); out->hits = in->hits; out->type = in->type; out->line_ranges = strdup(in->line_ranges); @@ -319,14 +319,14 @@ static bool component_hint_date_comparation(component_data_t *a, component_data_ { if (!a->purls_md5[0] && a->purls[0]) { - a->purls_md5[0] = malloc(MD5_LEN); + a->purls_md5[0] = malloc(oss_purl.key_ln); MD5((uint8_t *)a->purls[0], strlen(a->purls[0]), a->purls_md5[0]); a->age = get_component_age(a->purls_md5[0]); } if (!b->purls_md5[0] && b->purls[0]) { - b->purls_md5[0] = malloc(MD5_LEN); + b->purls_md5[0] = malloc(oss_purl.key_ln); MD5((uint8_t *)b->purls[0], strlen(b->purls[0]), b->purls_md5[0]); b->age = get_component_age(b->purls_md5[0]); } @@ -427,14 +427,14 @@ bool component_from_file(uint8_t *key, uint8_t *subkey, int subkey_ln, uint8_t * /* Leave if FETCH_MAX_FILES is reached */ if (iteration < iteration_max && files) { - memcpy(files[iteration].url_id, raw_data, MD5_LEN); + memcpy(files[iteration].url_id, raw_data, oss_url.key_ln); } /*Return we high accuracy it is not enabled*/ if (iteration > iteration_max * 2 && !(engine_flags & ENABLE_HIGH_ACCURACY)) return true; /* Ignore path lengths over the limit */ - if (!datalen || datalen >= (MD5_LEN + MAX_FILE_PATH)) return false; + if (!datalen || datalen >= (oss_file.key_ln + MAX_FILE_PATH)) return false; /* Decrypt data */ char * decrypted = decrypt_data(raw_data, datalen, oss_file, key, subkey); @@ -444,12 +444,12 @@ bool component_from_file(uint8_t *key, uint8_t *subkey, int subkey_ln, uint8_t * component_list_t * component_list = (component_list_t*) ptr; /* Copy data to memory */ - uint8_t url_id[MD5_LEN] = {0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e}; //empty string md5 + uint8_t url_id[oss_url.key_ln]; /*= {0xd4,0x1d,0x8c,0xd9,0x8f,0x00,0xb2,0x04,0xe9,0x80,0x09,0x98,0xec,0xf8,0x42,0x7e}; //empty string md5 if (!memcmp(raw_data,url_id, MD5_LEN)) //the md5 key of an empty string must be skipped. - return false; + return false;*/ - memcpy(url_id, raw_data, MD5_LEN); + memcpy(url_id, raw_data, oss_url.key_ln); char path[MAX_FILE_PATH+1]; strncpy(path, decrypted, MAX_FILE_PATH); //check the ignore list only if the match type is MATCH_SNIPPET. TODO: remove this after remine everything. @@ -814,7 +814,7 @@ void compile_matches(scan_data_t *scan) match_data_t *match_new = calloc(1, sizeof(match_data_t)); match_new->type = scan->match_type; strcpy(match_new->source_md5, scan->source_md5); - memcpy(match_new->file_md5, scan->match_ptr, MD5_LEN); + memcpy(match_new->file_md5, scan->match_ptr, oss_file.key_ln); match_new->scan_ower = scan; if (!match_list_add(scan->matches_list_array[0], match_new, NULL, false)) { diff --git a/src/match_list.c b/src/match_list.c index 7fb8bd5..713fb2a 100644 --- a/src/match_list.c +++ b/src/match_list.c @@ -360,8 +360,8 @@ void match_list_debug(match_list_t *list) scanlog("Print list\n"); for (struct entry *np = list->headp.lh_first; np != NULL; np = np->entries.le_next) { - char md5_hex[MD5_LEN * 2 + 1]; - ldb_bin_to_hex(np->match->matchmap_reg->md5, MD5_LEN, md5_hex); + char md5_hex[oss_file.key_ln * 2 + 1]; + ldb_bin_to_hex(np->match->matchmap_reg->md5, oss_file.key_ln, md5_hex); // printf("Item: %d - hits: %d - md5: %s - file: %s - release_date: %s - ranges: %s - purl:%s\n", // i, np->match->hits, md5_hex, np->match->file, np->match->release_date, np->match->line_ranges, np->match->purls[0]); printf("\nItem: %d - hits: %d - md5: %s - release: %s \n", i, np->match->hits, md5_hex, np->match->component_list.headp.lh_first->component->release_date); diff --git a/src/mz.c b/src/mz.c index c3ab15a..b9969d2 100644 --- a/src/mz.c +++ b/src/mz.c @@ -47,7 +47,7 @@ void mz_get_key(struct ldb_table kb, char *key) { /* Calculate mz file path */ - char mz_path[LDB_MAX_PATH + MD5_LEN] = "\0"; + char mz_path[LDB_MAX_PATH + kb.key_ln]; char mz_file_id[5] = "\0\0\0\0\0"; struct mz_job job; memcpy(mz_file_id, key, 4); @@ -66,8 +66,8 @@ void mz_get_key(struct ldb_table kb, char *key) scanlog("MZ path: %s \n", mz_path); /* Save path and key on job */ - job.key = calloc(MD5_LEN, 1); - ldb_hex_to_bin(key, MD5_LEN * 2, job.key); + job.key = calloc(kb.key_ln, 1); + ldb_hex_to_bin(key, kb.key_ln * 2, job.key); /* Read source mz file into memory */ job.mz = file_read(mz_path, &job.mz_ln); diff --git a/src/query.c b/src/query.c index b85809b..84f048a 100644 --- a/src/query.c +++ b/src/query.c @@ -47,8 +47,8 @@ char *get_filename(char *md5) { /* Convert md5 to bin */ - uint8_t md5bin[MD5_LEN]; - ldb_hex_to_bin(md5, MD5_LEN * 2, md5bin); + uint8_t md5bin[oss_file.key_ln]; + ldb_hex_to_bin(md5, oss_file.key_ln * 2, md5bin); /* Init record */ uint8_t *record = calloc(LDB_MAX_REC_LN + 1, 1); diff --git a/src/report.c b/src/report.c index e4b9064..0b0f8a8 100644 --- a/src/report.c +++ b/src/report.c @@ -203,7 +203,7 @@ bool print_json_component(component_data_t * component) { if (component->purls[i] && !component->purls_md5[i]) { - component->purls_md5[i] = malloc(MD5_LEN); + component->purls_md5[i] = malloc(oss_purl.key_ln); MD5((uint8_t *)component->purls[i], strlen(component->purls[i]), component->purls_md5[i]); } } @@ -245,9 +245,9 @@ bool print_json_component(component_data_t * component) if (engine_flags & ENABLE_PATH_HINT) printf("\"path_rank\": %d,", component->path_rank); - char *url_id = md5_hex(component->url_md5); + char url_id[oss_url.key_ln * 2 + 1]; + ldb_bin_to_hex(component->url_md5, oss_url.key_ln, url_id); printf("\"url_hash\": \"%s\"", url_id); - free(url_id); //report url stats. An empty object is reported if there are not availables printf(",\"url_stats\":{"); if (component->url_stats[0] > 0) @@ -313,7 +313,8 @@ bool print_json_match(struct match_data_t * match) scanlog("Match with no components ignored: %s", match->source_md5); return false; } - char *file_id = md5_hex(match->file_md5); + char file_id[oss_file.key_ln * 2 +1]; + ldb_bin_to_hex(match->file_md5, oss_file.key_ln, file_id); if (engine_flags & DISABLE_BEST_MATCH) printf("{"); @@ -343,8 +344,6 @@ bool print_json_match(struct match_data_t * match) else printf(",\"file_url\": \"%s\"", match->component_list.headp.lh_first->component->url); } - - free(file_id); if (!(engine_flags & DISABLE_QUALITY)) { diff --git a/src/scan.c b/src/scan.c index 2dad032..b36bdf0 100644 --- a/src/scan.c +++ b/src/scan.c @@ -19,7 +19,6 @@ * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ - #include "debug.h" #include "file.h" #include "ignorelist.h" @@ -196,7 +195,7 @@ int hash_scan(char *path, int scan_max_snippets, int scan_max_components) scan->preload = true; /* Get file MD5 */ - ldb_hex_to_bin(scan->file_path, MD5_LEN * 2, scan->md5); + ldb_hex_to_bin(scan->file_path, oss_file.key_ln * 2, scan->md5); /* Fake file length */ strcpy(scan->file_size, "999"); @@ -237,7 +236,6 @@ int wfp_scan(char * path, int scan_max_snippets, int scan_max_components) /* Get wfp MD5 hash */ uint8_t tmp_md5[16]; get_file_md5(path, tmp_md5); - char *tmp_md5_hex = md5_hex(tmp_md5); /* Read line by line */ while ((lineln = getline(&line, &len, fp)) != -1) @@ -269,25 +267,25 @@ int wfp_scan(char * path, int scan_max_snippets, int scan_max_components) const int tagln = 5; // len of 'file=' /* Get file MD5 */ - char * hexmd5 = strndup(line + tagln, MD5_LEN * 2); - if (strlen(hexmd5) < MD5_LEN * 2) + char * hexmd5 = strndup(line + tagln, oss_file.key_ln * 2); + if (strlen(hexmd5) < oss_file.key_ln * 2) { scanlog("Incorrect md5 len in line %s. Skipping\n", line); free(hexmd5); continue; } - rec = (uint8_t*) strdup(line + tagln + (MD5_LEN * 2) + 1); + rec = (uint8_t*) strdup(line + tagln + (oss_file.key_ln * 2) + 1); char * target = field_n(2, (char *)rec); /*Init a new scan object for the next file to be scanned */ scan = scan_data_init(target, scan_max_snippets, scan_max_components); - strcpy(scan->source_md5, tmp_md5_hex); + ldb_bin_to_hex(tmp_md5, oss_file.key_ln, scan->source_md5); extract_csv(scan->file_size, (char *)rec, 1, LDB_MAX_REC_LN); scan->preload = true; free(rec); scanlog("File md5 to be scanned: %s\n", hexmd5); - ldb_hex_to_bin(hexmd5, MD5_LEN * 2, scan->md5); + ldb_hex_to_bin(hexmd5, oss_file.key_ln * 2, scan->md5); free(hexmd5); } @@ -332,7 +330,6 @@ int wfp_scan(char * path, int scan_max_snippets, int scan_max_components) fclose(fp); if (line) free(line); - free(tmp_md5_hex); return EXIT_SUCCESS; } @@ -446,9 +443,7 @@ void ldb_scan(scan_data_t *scan) get_file_md5(scan->file_path, scan->md5); /* Scan full file */ - char *tmp_md5_hex = md5_hex(scan->md5); - strcpy(scan->source_md5, tmp_md5_hex); - free(tmp_md5_hex); + ldb_bin_to_hex(scan->md5, oss_file.key_ln, scan->source_md5); /* Look for full file match or url match in ldb */ scan->match_type = ldb_scan_file(scan); diff --git a/src/snippets.c b/src/snippets.c index 5d65152..d8b7990 100644 --- a/src/snippets.c +++ b/src/snippets.c @@ -129,7 +129,7 @@ void biggest_snippet(scan_data_t *scan) if (scan->matchmap[j].hits >= min_match_hits) /* Only consider file with more than min_match_hits */ { match_data_t *match_new = calloc(1, sizeof(match_data_t)); /* Create a match object */ - memcpy(match_new->file_md5, scan->matchmap[j].md5, MD5_LEN); + memcpy(match_new->file_md5, scan->matchmap[j].md5, oss_file.key_ln); match_new->hits = scan->matchmap[j].hits; match_new->matchmap_reg = &scan->matchmap[j]; match_new->type = scan->match_type; @@ -189,8 +189,8 @@ void biggest_snippet(scan_data_t *scan) struct entry *item = NULL; LIST_FOREACH(item, &scan->matches_list_array[i]->headp, entries) { - char md5_hex[MD5_LEN * 2 + 1]; - ldb_bin_to_hex(item->match->file_md5, MD5_LEN, md5_hex); + char md5_hex[oss_file.key_ln * 2 + 1]; + ldb_bin_to_hex(item->match->file_md5, oss_file.key_ln, md5_hex); scanlog("%s - %d\n", md5_hex, item->match->hits); } } @@ -648,14 +648,14 @@ int add_file_to_matchmap(scan_data_t *scan, matchmap_entry_t *item, uint8_t *md5 found = scan->matchmap_size; /* Write MD5 */ - memcpy(scan->matchmap[found].md5, md5, MD5_LEN); + memcpy(scan->matchmap[found].md5, md5, oss_file.key_ln); scan->matchmap[found].ranges_number = 0; } /* Search for the right range */ uint32_t from = 0; - uint16_t oss_line = uint16_read(md5 + MD5_LEN); + uint16_t oss_line = uint16_read(md5 + oss_file.key_ln); bool range_found = false; for (uint32_t t = 0; t < scan->matchmap[found].ranges_number; t++) diff --git a/src/url.c b/src/url.c index 4642858..9697c59 100644 --- a/src/url.c +++ b/src/url.c @@ -213,7 +213,7 @@ bool handle_purl_record(uint8_t *key, uint8_t *subkey, int subkey_ln, uint8_t *d { scanlog("Related PURL: %s\n", purl); component->purls[i] = purl; - component->purls_md5[i] = malloc(MD5_LEN); + component->purls_md5[i] = malloc(oss_purl.key_ln); MD5((uint8_t *)purl, strlen(purl), component->purls_md5[i]); return false; } @@ -246,7 +246,7 @@ void fetch_related_purls(component_data_t *component) /* add main purl md5 if it is not ready */ if (!component->purls_md5[0] && component->purls[0]) { - component->purls_md5[0] = malloc(MD5_LEN); + component->purls_md5[0] = malloc(oss_purl.key_ln); MD5((uint8_t *)component->purls[0], strlen(component->purls[0]), component->purls_md5[0]); } @@ -308,7 +308,7 @@ void purl_release_date(char *purl, char *date) if (!ldb_table_exists(oss_purl.db, oss_purl.table)) //skip purl if the table is not present return; - uint8_t purl_md5[MD5_LEN]; + uint8_t purl_md5[oss_purl.key_ln]; MD5((uint8_t *)purl, strlen(purl), purl_md5); ldb_fetch_recordset(NULL, oss_purl, purl_md5, false, get_purl_first_release, (void *) date); diff --git a/src/util.c b/src/util.c index 7ed721a..6e01e08 100644 --- a/src/util.c +++ b/src/util.c @@ -143,9 +143,12 @@ void vendor_component_md5(char *component, char *vendor, uint8_t *out) MD5((uint8_t *)pair, strlen(pair), out); /* Log pair_md5 */ - char hex[MD5_LEN * 2 + 1] = "\0"; - ldb_bin_to_hex(out, MD5_LEN, hex); - scanlog("vendor/component: %s = %s\n", pair, hex); + if (debug_on) + { + char hex[oss_purl.key_ln * 2 + 1]; + ldb_bin_to_hex(out, oss_purl.key_ln, hex); + scanlog("vendor/component: %s = %s\n", pair, hex); + } } /** @@ -227,18 +230,6 @@ void print_datestamp() free(stamp); } -/** - * @brief Returns a string with a hex representation of md5 - * @param md5 input md5 - * @return pointer to string - */ -char *md5_hex(uint8_t *md5) -{ - char *out = calloc(2 * MD5_LEN + 1, 1); - for (int i = 0; i < MD5_LEN; i++) sprintf(out + strlen(out), "%02x", md5[i]); - return out; -} - /** * @brief Returns the CRC32C for a string * @param str input string diff --git a/src/versions.c b/src/versions.c index d2c8b8b..cc8c8f7 100644 --- a/src/versions.c +++ b/src/versions.c @@ -171,7 +171,7 @@ void update_version_range(component_data_t *component, release_version *release) component->version = strdup(release->version); free(component->release_date); component->release_date = strdup(release->date); - memcpy(component->url_md5, release->url_id, MD5_LEN); + memcpy(component->url_md5, release->url_id, oss_url.key_ln); }