@@ -1220,64 +1220,85 @@ osv_scan(_) ->
12201220 application :ensure_all_started ([ssl , inets ]),
12211221 URI = " https://api.osv.dev/v1/querybatch"
12221222 Format = " application/x-www-form-urlencoded"
1223+ File = " osv-scanner.json"
12231224
12241225 VendorSrcFiles = find_vendor_src_files (" ."
12251226 Packages = generate_vendor_info_package (VendorSrcFiles ),
12261227
1227- OSVQuery = generate_osv_query (Packages ),
1228- io :format (" [OSV] Information sent~n~s~n " json :format (OSVQuery )]),
1229- OSV = json :encode (OSVQuery ),
1230-
1231- Content = {URI , [], Format , OSV },
1232- Result = httpc :request (post , Content , [], []),
1233- case Result of
1234- {ok ,{{_ , 200 ,_ }, _Headers , Body }} ->
1235- #{~ " results" = OSVResults } = json :decode (erlang :list_to_binary (Body )),
1236- Vulnerabilities = lists :filter (fun (#{~ " vulns" = _Ids }) -> true ; (_ ) -> false end , OSVResults ),
1237- case Vulnerabilities of
1238- [] ->
1239- io :format (" [OSV] No vulnerabilities found.~n "
1240- _ ->
1241- FormatVulns = format_vulnerabilities (OSVQuery , OSVResults ),
1242- fail (" [OSV] There are existing vulnerabilities:~n~s " FormatVulns ])
1243- end ;
1244- {error , Error } ->
1245- fail (" [OSV] POST request to ~p errors: ~p " URI , Error ])
1246- end .
1247-
1248- format_vulnerabilities (OSVQuery , OSVResults ) ->
1249- NameVulnerabilities = lists :zip (osv_names (OSVQuery ), OSVResults ),
1250- ExistingVulnerabilities = lists :filtermap (fun ({Name , #{~ " vulns" = Ids }}) ->
1251- {true , {Name , [Id || #{~ " id" = Id } <- Ids ]}};
1252- (_ ) ->
1253- false
1254- end , NameVulnerabilities ),
1255- lists :map (fun ({N , Ids }) ->
1256- io_lib :format (" - ~s : ~s~n " N , lists :join (" ," Ids )])
1257- end , ExistingVulnerabilities ).
1258-
1259- osv_names (#{~ " queries" = Packages }) ->
1260- lists :map (fun osv_names /1 , Packages );
1261- osv_names (#{~ " package" = #{~ " name" = Name }}) ->
1262- Name .
1263-
1264- generate_osv_query (Packages ) ->
1265- #{~ " queries" => lists :foldl (fun generate_osv_query /2 , [], Packages )}.
1266- generate_osv_query (#{~ " versionInfo" = Vsn , ~ " ecosystem" = Ecosystem , ~ " name" = Name }, Acc ) ->
1267- Package = #{~ " package" => #{~ " name" => Name , ~ " ecosystem" => Ecosystem }, ~ " version" => Vsn },
1228+ % % Test if this works in a Github Workflow
1229+ OSVQueryResults = generate_osv_results (Packages ),
1230+ file :write_file (File , json :format (OSVQueryResults )).
1231+
1232+ % % OSVQuery = generate_osv_query(Packages),
1233+ % % io:format("[OSV] Information sent~n~s~n", [json:format(OSVQuery)]),
1234+ % % OSV = json:encode(OSVQuery),
1235+
1236+ % % Content = {URI, [], Format, OSV},
1237+ % % Result = httpc:request(post, Content, [], []),
1238+ % % case Result of
1239+ % % {ok,{{_, 200,_}, _Headers, Body}} ->
1240+ % % #{~"results" := OSVResults} = json:decode(erlang:list_to_binary(Body)),
1241+ % % Vulnerabilities = lists:filter(fun (#{~"vulns" := _Ids}) -> true; (_) -> false end, OSVResults),
1242+ % % case Vulnerabilities of
1243+ % % [] ->
1244+ % % io:format("[OSV] No vulnerabilities found.~n");
1245+ % % _ ->
1246+ % % FormatVulns = format_vulnerabilities(OSVQuery, OSVResults),
1247+ % % fail("[OSV] There are existing vulnerabilities:~n~s", [FormatVulns])
1248+ % % end;
1249+ % % {error, Error} ->
1250+ % % fail("[OSV] POST request to ~p errors: ~p", [URI, Error])
1251+ % % end.
1252+
1253+ % % format_vulnerabilities(OSVQuery, OSVResults) ->
1254+ % % NameVulnerabilities = lists:zip(osv_names(OSVQuery), OSVResults),
1255+ % % ExistingVulnerabilities = lists:filtermap(fun ({Name, #{~"vulns" := Ids}}) ->
1256+ % % {true, {Name, [Id || #{~"id" := Id} <- Ids]}};
1257+ % % (_) ->
1258+ % % false
1259+ % % end, NameVulnerabilities),
1260+ % % lists:map(fun ({N, Ids}) ->
1261+ % % io_lib:format("- ~s: ~s~n", [N, lists:join(",", Ids)])
1262+ % % end, ExistingVulnerabilities).
1263+
1264+ % % osv_names(#{~"queries" := Packages}) ->
1265+ % % lists:map(fun osv_names/1, Packages);
1266+ % % osv_names(#{~"package" := #{~"name" := Name }}) ->
1267+ % % Name.
1268+
1269+ % % generate_osv_query(Packages) ->
1270+ % % #{~"queries" => lists:foldl(fun generate_osv_query/2, [], Packages)}.
1271+ % % generate_osv_query(#{~"versionInfo" := Vsn, ~"ecosystem" := Ecosystem, ~"name" := Name}, Acc) ->
1272+ % % Package = #{~"package" => #{~"name" => Name, ~"ecosystem" => Ecosystem}, ~"version" => Vsn},
1273+ % % [Package | Acc];
1274+ % % generate_osv_query(#{~"sha" := SHA, ~"downloadLocation" := Location}, Acc) ->
1275+ % % case string:prefix(Location, ~"https://") of
1276+ % % nomatch ->
1277+ % % Acc;
1278+ % % URI ->
1279+ % % Package = #{~"package" => #{~"name" => URI}, ~"commit" => SHA},
1280+ % % [Package | Acc]
1281+ % % end;
1282+ % % generate_osv_query(_, Acc) ->
1283+ % % Acc.
1284+
1285+
1286+ generate_osv_results (Packages ) ->
1287+ #{~ " results" => [#{~ " packages" => lists :foldl (fun generate_osv_results /2 , [], Packages )}]}.
1288+ generate_osv_results (#{~ " versionInfo" = Vsn , ~ " ecosystem" = Ecosystem , ~ " name" = Name }, Acc ) ->
1289+ Package = #{~ " package" => #{~ " name" => Name , ~ " ecosystem" => Ecosystem , ~ " version" => Vsn }},
12681290 [Package | Acc ];
1269- generate_osv_query (#{~ " sha" = SHA , ~ " downloadLocation" = Location }, Acc ) ->
1291+ generate_osv_results (#{~ " sha" = SHA , ~ " downloadLocation" = Location }, Acc ) ->
12701292 case string :prefix (Location , ~ " https://" of
12711293 nomatch ->
12721294 Acc ;
12731295 URI ->
1274- Package = #{~ " package" => #{~ " name" => URI } , ~ " commit" => SHA },
1296+ Package = #{~ " package" => #{~ " name" => URI , ~ " commit" => SHA } },
12751297 [Package | Acc ]
12761298 end ;
1277- generate_osv_query (_ , Acc ) ->
1299+ generate_osv_results (_ , Acc ) ->
12781300 Acc .
12791301
1280-
12811302cleanup_path (<<" ./" Path /binary >>) when is_binary (Path ) -> Path ;
12821303cleanup_path (Path ) when is_binary (Path ) -> Path .
12831304
0 commit comments