Skip to content

Commit

Permalink
scripts: oss scorecard pindeps: Parsing SARIF
Browse files Browse the repository at this point in the history 
Signed-off-by: John Andersen <[email protected]>
  • Loading branch information
@pdxjohnny
pdxjohnny committed Jun 22, 2024
1 parent 7661828 commit d0f56a3
Showing 1 changed file with 128 additions and 0 deletions.
128 changes: 128 additions & 0 deletions scripts/ossf_scorecard_pindeps.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
import os
import sys
import json
import copy
import shlex
from typing import List, Optional

from pydantic import BaseModel

import dffml.plugins as plugins
from dffml.util.testing.consoletest.commands import ConsoleCommand


class PipInstallCommand(ConsoleCommand):
def __init__(self, cmd: list[str]):
super().__init__(cmd)
self.directories: list[str] = []

def pin_packages(self, ctx):
"""
If a piece of the documentation says to install dffml or one of the
packages, we need to make sure that the version from the current branch
gets installed instead, since we don't want to test the released
version, we want to test the version of the codebase as it is.
"""
package_names_to_directory = copy.copy(
plugins.PACKAGE_NAMES_TO_DIRECTORY
)
package_names_to_directory["dffml"] = "."
cmd = copy.copy(self.cmd)
for i, pkg in enumerate(cmd):
if "[" in pkg and "]" in pkg:
for package_name in package_names_to_directory.keys():
if pkg.startswith(package_name + "["):
pkg, extras = pkg.split("[", maxsplit=1)
directory = package_names_to_directory[pkg]
directory = os.path.join(DFFML_ROOT, *directory)
directory = os.path.abspath(directory)
cmd[i] = directory + "[" + extras
if cmd[i - 1] != "-e":
cmd.insert(i, "-e")
self.directories.append(directory)
elif pkg in package_names_to_directory:
directory = package_names_to_directory[pkg]
directory = os.path.join(DFFML_ROOT, *directory)
directory = os.path.abspath(directory)
cmd[i] = directory
if cmd[i - 1] != "-e":
cmd.insert(i, "-e")
self.directories.append(directory)
return cmd

async def run(self, ctx):
# In case a replace command changed something
self.fix_dffml_packages(ctx)

await super().run(ctx)

async def __aexit__(self, _exc_type, _exc_value, _traceback):
return


class Snippet(BaseModel):
text: str

class Region(BaseModel):
startLine: int
endLine: int = None
snippet: Snippet = None

class ArtifactLocation(BaseModel):
uri: str
uriBaseId: str

class PhysicalLocation(BaseModel):
region: Region
artifactLocation: ArtifactLocation

class LocationMessage(BaseModel):
text: str

class Location(BaseModel):
physicalLocation: PhysicalLocation
message: LocationMessage = None

class Message(BaseModel):
text: str

class Rule(BaseModel):
ruleId: str
ruleIndex: int
message: Message
locations: List[Location]

import snoop

def pinned_dependencies():
ossf_scorecard_sarif = json.load(sys.stdin)

for run in ossf_scorecard_sarif["runs"]:
for result_dict in run["results"][::-1]:
result = Rule(**result_dict)
event_subject_object = {
"ruleId": result.ruleId,
}
# TODO event_subject = ":".join(... dict(sorted(event_subject_object.items())))
event_subject = None
# if result.ruleId == "PinnedDependenciesID":
# snoop.pp(result.locations[0])
if result.locations[0].message is not None:
# TODO Container pinning etc.
if "downloadThenRun" in result.locations[0].message.text:
pass
elif "containerImage" in result.locations[0].message.text:
pass
else:
yield event_subject, result

def main():
for event, issue in pinned_dependencies():
# snoop.pp(event, issue)
snoop.pp(
PipInstallCommand(shlex.split(issue.locations[0].physicalLocation.region.snippet.text)).pin_packages(None)
)


if __name__ == "__main__":
main()

0 comments on commit d0f56a3

Please sign in to comment.