Implemented create and read functionalities for vulnerability models

Author: MFrikken

README.md

@@ -1,2 +1,4 @@
 # SAGE-Java
 This is the official Java fork of the originally Rust-based SAGE CLI
+
+Run with `mvn javafx:run`

src/main/java/com/sage/Main.java

@@ -1,20 +1,24 @@
 package com.sage;
 
-import java.io.File;
-
+import com.sage.controller.MainController;
+import com.sage.controller.VulnerabilityController;
 import com.sage.controller.WeaknessController;
-import com.sage.model.weakness.WeaknessDto;
-
+import com.sage.utility.FileReaderUtility;
+import javafx.application.Application;
 import javafx.scene.Scene;
 import javafx.scene.image.Image;
 import javafx.scene.layout.StackPane;
 import javafx.scene.web.WebEngine;
 import javafx.scene.web.WebView;
-import javafx.application.Application;
 import javafx.stage.Stage;
 import netscape.javascript.JSObject;
 
-public class Main extends Application{
+import java.io.File;
+import java.util.logging.Logger;
+
+public class Main extends Application {
+    static final Logger LOGGER = Logger.getLogger(Main.class.getName());
+
     public static void main(String[] args) {
         launch(args);
     }
@@ -27,24 +31,22 @@ public void start(Stage stage) throws Exception {
         File htmlFile = new File(getClass().getResource("/html/index.html").getFile());
         webEngine.load(htmlFile.toURI().toString());
 
-        JSObject window = (JSObject) webEngine.executeScript("window");
-        window.setMember("javaApp", new JavaBridge());
+        // Wait until WebView is fully loaded before injecting WeaknessController
+        webEngine.getLoadWorker().stateProperty().addListener((obs, oldState, newState) -> {
+            if (newState == javafx.concurrent.Worker.State.SUCCEEDED) {
+                JSObject window = (JSObject) webEngine.executeScript("window");
+                window.setMember("mainController", MainController.getInstance());
+                window.setMember("weaknessController", WeaknessController.getInstance());
+                window.setMember("vulnerabilityController", VulnerabilityController.getInstance());
+                window.setMember("fileReader", FileReaderUtility.getInstance());
+            }
+        });
 
         StackPane root = new StackPane(webView);
         Scene scene = new Scene(root, 1500, 900);
         stage.setScene(scene);
         stage.setTitle("Sage UI");
         stage.getIcons().add(new Image(getClass().getResourceAsStream("/icons/sage-icon.png")));
         stage.show();
-
-        WeaknessDto weakness = new WeaknessDto("semgrep_id", "eslint.detect-eval-with-expression", "eslint.detect-eval-with-expression", "https://semgrep.dev/r/gitlab.eslint.detect-eval-with-expression");
-        if (WeaknessController.getInstance().save(weakness))
-            System.out.println("Fetching...\nFetched" + WeaknessController.getInstance().fetchById("0").toString());
-    }
-
-    class JavaBridge {
-        public void showMessage(String message) {
-            System.out.println("Message from JS: " + message);
-        }
     }
 }

src/main/java/com/sage/controller/Controller.java

@@ -0,0 +1,40 @@
+package com.sage.controller;
+
+import java.util.HashMap;
+import java.util.logging.Logger;
+import java.util.List;
+
+import com.sage.service.FileService;
+import com.sage.service.VulnerabilityService;
+
+public class MainController {
+    private static final Logger LOGGER = Logger.getLogger(MainController.class.getName());
+
+    private static MainController instance;
+    private static FileService fileService;
+    private static VulnerabilityService vulnerabilityService;
+
+    private MainController() {
+
+        fileService = new FileService();
+        vulnerabilityService = new VulnerabilityService();
+    }
+
+    public static MainController getInstance() {
+        if (instance == null)
+            instance = new MainController();
+        return instance;
+    }
+
+    public HashMap<String, Integer> process(String filePath) {
+        System.out.println("Processing file: " + filePath);
+        if (fileService.processFile(filePath))
+            return vulnerabilityService.getStatistics();
+        LOGGER.severe(String.format("[MainController] Failed to process SAST-Report-File: %s", filePath));
+        throw new InternalError("File: " + filePath + " could not be processed\n");
+    }
+
+    public void fetchAllVulnerabilities() {
+        vulnerabilityService.getAll();
+    }
+}

src/main/java/com/sage/controller/MainController.java

@@ -1,5 +1,18 @@
 package com.sage.controller;
 
+import com.sage.service.VulnerabilityService;
+
 public class VulnerabilityController {
-    
+    private static VulnerabilityController instance; 
+    private static VulnerabilityService vulnerabilityService;
+
+    private VulnerabilityController() {
+        vulnerabilityService = new VulnerabilityService();
+    }
+
+    public static VulnerabilityController getInstance() {
+        if (instance == null)
+            instance = new VulnerabilityController();
+        return instance;
+    }
 }

src/main/java/com/sage/controller/VulnerabilityController.java

@@ -3,7 +3,6 @@
 import java.util.logging.Logger;
 
 import com.sage.utility.JPAManager;
-
 import jakarta.persistence.EntityManager;
 import jakarta.persistence.EntityTransaction;
 
@@ -20,7 +19,7 @@ protected Dao() {
 
     abstract boolean create(T entity);
 
-    abstract T receive(K key);
+    abstract T read(K key);
 
     abstract T update(K key, T newEntity);
 

src/main/java/com/sage/dao/Dao.java

@@ -1,16 +1,19 @@
 package com.sage.dao;
 
-import java.sql.Connection;
-import java.sql.DriverManager;
-import java.sql.SQLException;
-import java.sql.Statement;
+import com.sage.utility.FileReaderUtility;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.sql.*;
 import java.util.logging.Logger;
 
 abstract class DatabaseManager {
     private static final Logger LOGGER = Logger.getLogger(DatabaseManager.class.getName());
 
-    private static final String JDBC_DRIVER = "org.h2.Driver"; 
-    private static final String DB_URL = "jdbc:h2:mem:sage_java";
+    private static DatabaseManager instance;
+
+    private static final String JDBC_DRIVER = "org.h2.Driver";
+    private static final String DB_URL = "jdbc:h2:mem:sage_java;DB_CLOSE_DELAY=-1";
 
     // TODO: provide credentials in secure environment
     private static final String USER = "sage";
@@ -23,7 +26,8 @@ public static Connection establishConnection() {
             return connection;
         try {
             Class.forName(JDBC_DRIVER);
-            return DriverManager.getConnection(DB_URL, USER, PASSWORD);
+            connection = DriverManager.getConnection(DB_URL, USER, PASSWORD);
+            return connection;
         } catch (SQLException | ClassNotFoundException e) {
             LOGGER.severe("[DatabaseManager] Error while trying to connect to database: " + e.getMessage());
         }
@@ -40,15 +44,4 @@ public static boolean closeConnection() {
         }
         return true;
     }
-
-    public static boolean initializeDatabase() {
-        try (Connection connection = establishConnection()) {
-            Statement stmt = connection.createStatement();
-            stmt.execute("RUNSCRIPT FROM 'classpath:init.sql'");
-            return true;
-        } catch (SQLException e) {
-            LOGGER.severe("[DatabaseManager] Error while initializing database: " + e.getMessage());
-        }
-        return false;
-    }
 }

src/main/java/com/sage/dao/DatabaseManager.java

@@ -2,31 +2,45 @@
 
 import com.sage.model.vulnerability.VulnerabilityModel;
 
+import java.sql.Clob;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
 public class VulnerabilityDao extends Dao<VulnerabilityModel, Integer> {
 
-    private static VulnerabilityDao instance ;
-        
+    private static VulnerabilityDao instance;
+
     private VulnerabilityDao() {
         super();
     }
 
     public static VulnerabilityDao instance() {
         if (instance == null)
             instance = new VulnerabilityDao();
-            
+
         return instance;
     }
 
     @Override
-    boolean create(VulnerabilityModel entity) {
-        String query = "INSERT INTO vulnerabilities (id, category, name, description, cve, severity, location_file, location_line_start, location_line_end) VALUES " + entity.asMap() + ";";
-        return true;
+    public boolean create(VulnerabilityModel entity) {
+        try {
+            tx.begin();
+            em.persist(entity);
+            tx.commit();
+            return true;
+        } catch (Exception e) {
+            LOGGER.severe("[VulnerabilityDao] Error while inserting new vulnerability entity into database: " + e.getMessage());
+            return false;
+        }
     }
 
     @Override
-    VulnerabilityModel receive(Integer key) {
-        // TODO Auto-generated method stub
-        throw new UnsupportedOperationException("Unimplemented method 'receive'");
+    public VulnerabilityModel read(Integer key) {
+        tx.begin();
+        VulnerabilityModel vulnerabilityModel = em.find(VulnerabilityModel.class, key);
+        tx.commit();
+        return vulnerabilityModel;
     }
 
     @Override
@@ -41,6 +55,45 @@ boolean delete(Integer key) {
         throw new UnsupportedOperationException("Unimplemented method 'delete'");
     }
 
-    
-    
+    public List<VulnerabilityModel> readAll() {
+        String query = "SELECT * FROM vulnerabilities;";
+
+        List<Object[]> results = em.createNativeQuery(query).getResultList();
+        List<VulnerabilityModel> vulnerabilityModels = new ArrayList<VulnerabilityModel>();
+
+        for (Object[] row : results) {
+            for (int i = 0; i < row.length; i++) {
+                System.out.println(row[i]);
+            }
+            VulnerabilityModel vulnerabilityModel = new VulnerabilityModel(
+                    ((Number) row[0]).intValue(),
+                    (String) row[1],
+                    (String) row[2],
+                    ((Clob) row[3]).toString(),
+                    (String) row[4],
+                    (String) row[5],
+                    (String) row[6],
+                    (String) row[7]
+            );
+            vulnerabilityModels.add(vulnerabilityModel);
+        }
+
+        return vulnerabilityModels;
+    }
+
+    public HashMap<String, Integer> getSeverities() {
+        String query = "SELECT severity, COUNT(*) AS count FROM vulnerabilities GROUP BY severity";
+
+        List<Object[]> results = em.createNativeQuery(query).getResultList();
+        HashMap<String, Integer> severities = new HashMap<>();
+
+        for (Object[] row : results) {
+            String severity = (String) row[0];
+            Number count = (Number) row[1];
+            severities.put(severity, count.intValue());
+        }
+
+        return severities;
+    }
+
 }

src/main/java/com/sage/dao/VulnerabilityDao.java

@@ -28,7 +28,7 @@ public boolean create(WeaknessModel entity) {
     }
 
     @Override
-    public WeaknessModel receive(Integer key) {
+    public WeaknessModel read(Integer key) {
         try {
             return em.find(WeaknessModel.class, key);
         } catch (Exception e) {

src/main/java/com/sage/dao/WeaknessDao.java

@@ -3,6 +3,10 @@
 import java.util.List;
 import com.sage.model.weakness.WeaknessDto;
 
+/**
+ * This class represents a Vulnerability as it is in the SAST-Report file.
+ */
+
 public class Vulnerability {
     private final Integer id; // autoincremented id for identification in db
     private final Category category;