Skip to content

Mapping vul. url to each OSS #137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Mapping vul. url to each OSS #137

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions requirements.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,4 @@ XlsxWriter
PyYAML
fosslight_util>=2.1.6
dependency-check
Levenshtein
45 changes: 40 additions & 5 deletions src/fosslight_binary/_binary.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,20 +3,35 @@
# Copyright (c) 2020 LG Electronics Inc.
# SPDX-License-Identifier: Apache-2.0
from fosslight_util.oss_item import FileItem
import Levenshtein
Copy link
Contributor

@soimkim soimkim Dec 27, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Levenshtein.distance만 사용된다면
from distance import Levenshtein를 추천드립니다.


EXCLUDE_TRUE_VALUE = "Exclude"
TLSH_CHECKSUM_NULL = "0"


def find_most_similar_word(input_string, oss_name_list):
most_similar_word = None
min_distance = float('inf')

for oss in oss_name_list:
distance = Levenshtein.distance(input_string, oss.name)
if distance < min_distance:
min_distance = distance
most_similar_word = oss.name
return most_similar_word


class VulnerabilityItem:
file_path = ""
vul_id = ""
nvd_url = ""
oss_items = []

def __init__(self, file_path, id, url):
def __init__(self, file_path, id, url, oss_items):
self.file_path = file_path
self.vul_id = id
self.nvd_url = url
self.oss_items = oss_items


class BinaryItem(FileItem):
Expand All @@ -42,9 +57,29 @@ def set_oss_items(self, new_oss_list, exclude=False, exclude_msg=""):
# Append New input OSS
self.oss_items.extend(new_oss_list)

def get_vulnerability_items(self):
nvd_url = [vul_item.nvd_url for vul_item in self.vulnerability_items]
return ", ".join(nvd_url)
def get_vulnerability_items(self, oss_name):
nvd_url = []
nvd_urls = ""
nvd_url_dict = {}

for vul_item in self.vulnerability_items:
found_oss_name = ""

if vul_item.file_path == self.source_name_or_path:
if len(self.oss_items) > 1:
if vul_item.nvd_url:
found_oss_name = find_most_similar_word(vul_item.nvd_url, vul_item.oss_items)
if oss_name == found_oss_name:
nvd_urls = f"{nvd_urls}\n{vul_item.nvd_url}"
else:
nvd_url = nvd_url_dict.get(vul_item.file_path)
if nvd_url:
nvd_url.append(vul_item.nvd_url)
nvd_urls = "\n".join(nvd_url)
else:
nvd_url_dict[vul_item.file_path] = [vul_item.nvd_url]
nvd_urls = "\n".join(nvd_url_dict[vul_item.file_path])
return nvd_urls.strip()

def get_print_binary_only(self):
return (self.source_name_or_path + "\t" + self.checksum + "\t" + self.tlsh)
Expand All @@ -55,7 +90,7 @@ def get_print_array(self):
for oss in self.oss_items:
lic = ",".join(oss.license)
exclude = EXCLUDE_TRUE_VALUE if (self.exclude or oss.exclude) else ""
nvd_url = self.get_vulnerability_items()
nvd_url = self.get_vulnerability_items(oss.name)
items.append([self.source_name_or_path, oss.name, oss.version,
lic, oss.download_location, oss.homepage,
oss.copyright, exclude, oss.comment,
Expand Down
10 changes: 5 additions & 5 deletions src/fosslight_binary/_jar_analysis.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ def merge_binary_list(owasp_items, vulnerability_items, bin_list):
return bin_list


def get_vulnerability_info(file_with_path, vulnerability, vulnerability_items, remove_vulnerability_items):
def get_vulnerability_info(file_with_path, vulnerability, vulnerability_items, remove_vulnerability_items, owasp_items):
if vulnerability:
try:
for vul_info in vulnerability:
Expand All @@ -98,7 +98,7 @@ def get_vulnerability_info(file_with_path, vulnerability, vulnerability_items, r
elif key == 'url':
nvd_url = val

vul_item = VulnerabilityItem(file_with_path, vul_id, nvd_url)
vul_item = VulnerabilityItem(file_with_path, vul_id, nvd_url, owasp_items[file_with_path])

remove_vulnerability_items = vulnerability_items.get(file_with_path)
if remove_vulnerability_items:
Expand Down Expand Up @@ -257,9 +257,6 @@ def analyze_jar_file(path_to_find_bin, path_to_exclude):
if oss_dl_url == "":
oss_dl_url = get_oss_dl_url(vendor_info)

# Get Vulnerability Info.
vulnerability_items = get_vulnerability_info(file_with_path, vulnerability, vulnerability_items, remove_vulnerability_items)

if oss_name != "" or oss_ver != "" or oss_license != "" or oss_dl_url != "":
oss = OssItem(oss_name, oss_ver, oss_license, oss_dl_url)
oss.comment = "OWASP result"
Expand All @@ -269,6 +266,9 @@ def analyze_jar_file(path_to_find_bin, path_to_exclude):
remove_owasp_item.append(oss)
else:
owasp_items[file_with_path] = [oss]

# Get Vulnerability Info.
vulnerability_items = get_vulnerability_info(file_with_path, vulnerability, vulnerability_items, remove_vulnerability_items, owasp_items)
except Exception as ex:
logger.debug(f"Error to get depency Info in jar_contets: {ex}")
success = False
Expand Down
Loading