• Home
• io.codemodder
• codemodder-plugin-appscan
• 0.98.0
• source code
• AppScanSarifLocationData.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.codemodder.providers.sarif.appscan.AppScanSarifLocationData Maven / Gradle / Ivy

package io.codemodder.providers.sarif.appscan;

import com.contrastsecurity.sarif.Artifact;
import com.contrastsecurity.sarif.ArtifactLocation;
import com.contrastsecurity.sarif.SarifSchema210;
import io.codemodder.CodeDirectory;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.nio.file.Path;
import java.util.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/** Holds the locations of the artifacts in the SARIF file. */
final class AppScanSarifLocationData {

  private final Map> artifactLocationIndices;

  AppScanSarifLocationData(final SarifSchema210 sarif, final CodeDirectory codeDirectory) {
    log.debug("Cleaning locations");
    List locations =
        sarif.getRuns().get(0).getArtifacts().stream()
            .map(Artifact::getLocation)
            .map(ArtifactLocation::getUri)
            .map(u -> u.substring(8)) // trim the file:/// of all results
            .toList();

    Map> artifactLocationIndicesMap = new HashMap<>();

    log.debug("Calculating locations in project dir");
    for (int i = 0; i < locations.size(); i++) {
      final Integer index = i;
      String path = locations.get(i);
      path = path.replace('\\', '/');
      // we have a real but partial path, now we have to find it in the repository
      Optional existingRealPath;
      try {
        existingRealPath = codeDirectory.findFilesWithTrailingPath(path);
      } catch (IOException e) {
        throw new UncheckedIOException(e);
      }
      // add to the map if we found a matching file
      existingRealPath.ifPresent(
          p -> artifactLocationIndicesMap.computeIfAbsent(p, k -> new HashSet<>()).add(index));
    }
    log.trace("Done calculating locations");
    this.artifactLocationIndices = Map.copyOf(artifactLocationIndicesMap);
  }

  Map> getArtifactLocationIndices() {
    return artifactLocationIndices;
  }

  private static final Logger log = LoggerFactory.getLogger(AppScanSarifLocationData.class);
}