Merge pull request #60 from WSE-research/58-fixchange-extractandanaly…

…se-endpoint 58 fixchange extractandanalyse endpoint
WSE-research · May 26, 2024 · 8dcd0c1 · 8dcd0c1
2 parents 9614f31 + 4437e07
commit 8dcd0c1
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 26 deletions.
diff --git a/code/AmIVulnerable/AmIVulnerable/Controllers/DependeciesController.cs b/code/AmIVulnerable/AmIVulnerable/Controllers/DependeciesController.cs
@@ -79,7 +79,7 @@ public async Task<IActionResult> ExtractAndAnalyzeTreeAsync([FromQuery] ProjectT
                             ExecuteCommand("npm", "install", projectGuid.ToString());
                             ExecuteCommand("rm", "tree.json", projectGuid.ToString());
                             ExecuteCommand("npm", "list --all --json >> tree.json", projectGuid.ToString());
-                            List<NodePackage> depTree = ExtractTree(projectGuid.ToString() + "/tree.json");
+                            List<NodePackage> depTree = ExtractTree(AppDomain.CurrentDomain.BaseDirectory + projectGuid.ToString() + "/tree.json");
                             List<NodePackageResult> resTree = await AnalyzeTreeAsync(depTree) ?? [];
                             if (resTree.Count != 0) {
                                 JsonLdObject resultAsJsonLd = new JsonLdObject() {
@@ -106,9 +106,9 @@ public async Task<IActionResult> ExtractAndAnalyzeTreeAsync([FromQuery] ProjectT
         /// <param name="command">Command used for programm</param>
         private void ExecuteCommand(string prog, string command, string dir) {
             ProcessStartInfo process = new ProcessStartInfo {
-                FileName = "bash",
+                FileName = "cmd",
                 RedirectStandardInput = true,
-                WorkingDirectory = dir,
+                WorkingDirectory = AppDomain.CurrentDomain.BaseDirectory + dir,
             };
             Process runProcess = Process.Start(process)!;
             runProcess.StandardInput.WriteLine($"{prog} {command}");
@@ -216,29 +216,6 @@ private NodePackage ExtractDependencyInfo(JsonProperty dependency) {
                 }
             }
             return resulstList;
-            #region oldcode
-            //SearchDbController searchDbController = new SearchDbController();
-            //List<string> designation = [];
-            //foreach (Tuple<string, string> x in nodePackages) {
-            //    designation.Add(x.Item1);
-            //}
-
-            //List<CveResult> results = await searchDbController.SearchPackagesAsList(designation);
-            ////List<CveResult> results = searchDbController.SearchPackagesAsListMono(designation);
-
-            //// find the critical points
-            //if (results.Count == 0) {
-            //    return null;
-            //}
-            //List<NodePackageResult?> resulstListOld = [];
-            //foreach (NodePackage x in depTree) {
-            //    NodePackageResult? temp = checkVulnerabilities(x, results);
-            //    if (temp is not null) {
-            //        resulstList.Add(temp);
-            //    }
-            //}
-            //return resulstList;
-            #endregion
         }
 
         /// <summary>
@@ -275,6 +252,8 @@ private List<NodePackage> AnalyzeSubtree(NodePackage nodePackage) {
             foreach (CveResult x in cveData) { // check
                 if (x.Designation.Equals(package.Name)) {
                     r.isCveTracked = true;
+                    r.CvssV31 = x.CvssV31;
+                    r.Description = x.Description;
                 }
             }
             if (r.isCveTracked == false && !DepCheck(r)) {

diff --git a/code/AmIVulnerable/docker-compose.yml b/code/AmIVulnerable/docker-compose.yml
@@ -21,6 +21,8 @@ services:
     ports:
       - 3306:3306
     command: --default-authentication-plugin=mysql_native_password
+    cap_add:
+      - SYS_NICE  # CAP_SYS_NICE
 
   amivulnerable:
     container_name: ApiAmIVulnerable