DT-1077 Keeps cryptography data updated over the identification process

Author: agustingroh

package-lock.json

@@ -141,7 +141,9 @@
     "react-syntax-highlighter": "^15.4.3",
     "react-virtualized": "^9.22.3",
     "react-virtualized-tree": "^3.4.1",
+    "reflect-metadata": "^0.1.13",
     "regenerator-runtime": "^0.13.5",
+    "scanoss": "^0.9.3",
     "sort-paths": "^1.1.1",
     "source-map-support": "^0.5.19",
     "translation-check": "^1.0.2",

package.json

@@ -11,16 +11,18 @@ import { QueryBuilderCreator } from '../model/queryBuilder/QueryBuilderCreator';
 import { workspace } from '../workspace/Workspace';
 import { modelProvider } from './ModelProvider';
 import { ComponentAdapter } from '../adapters/ComponentAdapter';
-import { AddVulnerabilityTask } from '../task/vulnerability/AddVulnerabilityTask';
 import {
   ComponentSource,
   ComponentVersion,
 } from '../model/entity/ComponentVersion';
+import { AddCrypto } from './utils/cryptography';
+import { AddVulnerability } from './utils/vulnerability';
+import { After } from './utils/hookAfter';
 
 class ComponentService {
   public async getComponentFiles(
     data: Partial<Component>,
-    params: IWorkbenchFilterParams
+    params: IWorkbenchFilterParams,
   ): Promise<any> {
     try {
       const filter = workspace.getOpenedProjects()[0].getFilter(params);
@@ -45,7 +47,7 @@ class ComponentService {
         if (files[i].inventoryid) {
           files[i].inventory = index[files[i].inventoryid];
           files[i].component = components.find(
-            (component: any) => files[i].inventory.cvid === component.compid
+            (component: any) => files[i].inventory.cvid === component.compid,
           );
         }
       }
@@ -66,7 +68,7 @@ class ComponentService {
       }); // Keep summary independent of summary
       let comp = await modelProvider.model.component.getAll(queryBuilder);
       const summary = await modelProvider.model.component.summary(
-        queryBuilderSummary
+        queryBuilderSummary,
       );
       comp = componentHelper.addSummary(comp, summary);
       const compPurl: any = this.groupComponentsByPurl(comp);
@@ -81,7 +83,7 @@ class ComponentService {
 
   public async get(
     component: Partial<ComponentGroup>,
-    params: IWorkbenchFilterParams
+    params: IWorkbenchFilterParams,
   ) {
     try {
       const p = workspace.getOpenedProjects()[0];
@@ -130,15 +132,14 @@ class ComponentService {
           aux.summary.ignored += iterator.summary.ignored;
           aux.summary.pending += iterator.summary.pending;
           aux.summary.identified += iterator.summary.identified;
-          aux.totalFiles +=
-            iterator.summary.ignored +
-            iterator.summary.pending +
-            iterator.summary.identified;
+          aux.totalFiles
+            += iterator.summary.ignored
+            + iterator.summary.pending
+            + iterator.summary.identified;
           version.summary = iterator.summary;
-          version.files =
-            iterator.summary.ignored +
-            iterator.summary?.pending +
-            iterator.summary.identified;
+          version.files = iterator.summary.ignored
+            + iterator.summary?.pending
+            + iterator.summary.identified;
         }
         version.version = iterator.version;
         version.licenses = [];
@@ -150,27 +151,23 @@ class ComponentService {
       result.push(aux);
     }
     result.sort((a, b) => a.name.localeCompare(b.name));
-    result.forEach((comp) =>
-      comp.versions.sort((a, b) => b.version.localeCompare(a.version))
-    );
+    result.forEach((comp) => comp.versions.sort((a, b) => b.version.localeCompare(a.version)));
     return result;
   }
 
   public async importComponents() {
     try {
       const components: Array<Partial<Component>> = await modelProvider.model.component.getUniqueComponentsFromResults();
       await modelProvider.model.component.import(components);
-      const data =
-        await modelProvider.model.component.getLicensesAttachedToComponentsFromResults();
+      const data = await modelProvider.model.component.getLicensesAttachedToComponentsFromResults();
       const componentLicenses = new ComponentAdapter().componentLicenses(data);
       await modelProvider.model.license.bulkAttachComponentLicense(
-        componentLicenses
+        componentLicenses,
       );
       // Add most reliable license to each component
-      const componentReliableLicense =
-        await modelProvider.model.component.getMostReliableLicensePerComponent();
+      const componentReliableLicense = await modelProvider.model.component.getMostReliableLicensePerComponent();
       await modelProvider.model.component.updateMostReliableLicense(
-        componentReliableLicense
+        componentReliableLicense,
       );
       return true;
     } catch (error: any) {
@@ -180,8 +177,7 @@ class ComponentService {
 
   private async getOverrideComponents() {
     try {
-      const overrideComponents =
-        await modelProvider.model.component.getOverrideComponents();
+      const overrideComponents = await modelProvider.model.component.getOverrideComponents();
       let result: any = {};
       if (overrideComponents.length > 0) {
         result = overrideComponents.reduce((acc, curr) => {
@@ -200,8 +196,10 @@ class ComponentService {
     }
   }
 
+  @After(AddCrypto)
+  @After(AddVulnerability)
   public async create(
-    newComp: NewComponentDTO
+    newComp: NewComponentDTO,
   ): Promise<Partial<ComponentGroup>> {
     const promises = newComp.versions.map((v) => {
       const component = new ComponentVersion();
@@ -213,29 +211,19 @@ class ComponentService {
     });
     const results = await Promise.all(promises.map((p) => p.catch((e) => e)));
     const validComponents = results.filter(
-      (result) => !(result instanceof Error)
+      (result) => !(result instanceof Error),
     );
-    if (results.length - validComponents.length === newComp.versions.length)
+    if (results.length - validComponents.length === newComp.versions.length) {
       throw new Error('Component already exists');
+    }
     const component = await modelProvider.model.component.getAll(
-      QueryBuilderCreator.create({ purl: newComp.purl })
+      QueryBuilderCreator.create({ purl: newComp.purl }),
     );
     const compPurl: any = this.groupComponentsByPurl(component);
     const response = await this.mergeComponentByPurl(compPurl);
 
-    // TODO: Uncomment code when gRPC service is integrated
-    // Adds component's vulnerabilities
-    const addVulnerability = new AddVulnerabilityTask();
-    await addVulnerability.run(this.adaptToVulnerabilityTask(newComp));
     return response[0];
   }
-
-  private adaptToVulnerabilityTask(component: NewComponentDTO): Array<string> {
-    const response = component.versions.map(
-      (v) => `${component.purl}@${v.version}`
-    );
-    return response;
-  }
 }
 
 export const componentService = new ComponentService();

src/main/services/ComponentService.ts

@@ -0,0 +1,12 @@
+import log from 'electron-log';
+import { AddCryptographyTask } from '../../task/cryptography/AddCryptographyTask';
+import { workspace } from '../../workspace/Workspace';
+
+export async function AddCrypto(data: any) {
+  const p = workspace.getOpenProject();
+  if (p.getGlobalApiKey()) {
+    log.info('%c[ Crypto ]: Importing cryptography into database', 'color: green');
+    const cryptoTask = new AddCryptographyTask();
+    await cryptoTask.run({ components: [`${data.purl}@${data.versions[0].version}`], token: p.getGlobalApiKey() });
+  }
+}

src/main/services/utils/cryptography.ts

@@ -0,0 +1,16 @@
+export function After(callback: (data: any)=> Promise<void>) {
+  return function (target: any, propertyKey: string, descriptor: PropertyDescriptor) {
+    const next = descriptor.value;
+
+    // Your logic before the function call
+    descriptor.value = async function (...args: any[]) {
+      try {
+        const result = await next.apply(this, args);
+        await callback(args[0]);
+        return result;
+      } catch (e: any) {
+        throw new Error(e);
+      }
+    };
+  };
+}

src/main/services/utils/hookAfter.ts

@@ -8,7 +8,7 @@ import { Inventory } from '../../../api/types';
 export function getInventoriesGroupedByUsage(inventory: Partial<Inventory>, results: any): Array<Partial<Inventory>> {
   const inventories = new Map<string, Partial<Inventory>>();
   results.forEach((r) => {
-    if(!inventories.has(r.type)) { // create a new inventory and set usage
+    if (!inventories.has(r.type)) { // create a new inventory and set usage
       const inv = {...inventory, usage:r.type , files: [r.id] };
       inventories.set(r.type, inv);
     } else inventories.get(r.type).files.push(r.id);

src/main/services/utils/inventoryServiceUtil.ts

@@ -0,0 +1,23 @@
+import { NewComponentDTO } from '@api/types';
+import log from 'electron-log';
+import { AddVulnerabilityTask } from '../../task/vulnerability/AddVulnerabilityTask';
+
+export async function AddVulnerability(data: NewComponentDTO) {
+  try {
+    // If everything goes right
+
+    log.info('%c[ Vulnerability ]: Importing vulnerability into database', 'color: green');
+    // Adds component's vulnerabilities
+    const addVulnerability = new AddVulnerabilityTask();
+    await addVulnerability.run(adaptToVulnerabilityTask(data));
+  } catch (e: any) {
+    throw new Error(e);
+  }
+}
+
+function adaptToVulnerabilityTask(component: NewComponentDTO): Array<string> {
+  const response = component.versions.map(
+    (v) => `${component.purl}@${v.version}`,
+  );
+  return response;
+}

src/main/services/utils/vulnerability.ts

@@ -1,5 +1,6 @@
 {
   "compilerOptions": {
+      "experimentalDecorators": true,
     "incremental": true,
     "target": "es2021",
     "module": "commonjs",