Merge branch 'master' into feature/test-suite-validation

.github/workflows/build_and_test.yml

@@ -40,7 +40,7 @@ jobs:
         with:
           path: ~/.konan
           key: ${{ runner.os }}-gradle-konan-${{ env.KOTLIN_VERSION }}
-      - name: Build all (excluding tests for save-orchestrator-common)
+      - name: Build all (excluding save-orchestrator-common, save-orchestrator and save-sandbox)
         uses: gradle/gradle-build-action@v2
         with:
           gradle-version: wrapper
@@ -50,19 +50,23 @@ jobs:
             -x detekt
             -x spotlessCheck
             -x :save-agent:linkDebugExecutableLinuxX64
-            -x :save-orchestrator-common:check
+            -x :save-orchestrator-common:build
+            -x :save-orchestrator:build
+            -x :save-sandbox:build
             -Pdetekt.multiplatform.disabled=true
             -PgprUser=${{ github.actor }}
             -PgprKey=${{ secrets.GITHUB_TOKEN }}
             --scan
             --build-cache
-      - name: Check save-orchestrator-common
+      - name: Build save-orchestrator-common, save-orchestrator and save-sandbox
         uses: gradle/gradle-build-action@v2
         with:
           gradle-version: wrapper
           gradle-home-cache-cleanup: true
           arguments: |
-            :save-orchestrator-common:check
+            :save-orchestrator-common:build
+            :save-orchestrator:build
+            :save-sandbox:build
             -x detekt
             -x spotlessCheck
             -x :save-agent:linkDebugExecutableLinuxX64

build.gradle.kts

@@ -3,6 +3,7 @@ import com.saveourtool.save.buildutils.*
 @Suppress("DSL_SCOPE_VIOLATION", "RUN_IN_SCRIPT")  // https://github.com/gradle/gradle/issues/22797
 plugins {
     id("com.saveourtool.save.buildutils.versioning-configuration")
+    id("com.saveourtool.save.buildutils.save-cli-download-configuration")
     id("com.saveourtool.save.buildutils.code-quality-convention")
     id("com.saveourtool.save.buildutils.publishing-configuration")
     alias(libs.plugins.talaiot.base)

db/test-data/db.changelog-insert.xml

@@ -30,6 +30,9 @@
     <include file="file-insert.xml" relativeToChangelogFile="true"/>
     <include file="lnk-execution-file-insert.xml" relativeToChangelogFile="true"/>
     <include file="tests-source-version-insert.xml" relativeToChangelogFile="true"/>
+    <include file="vulnerability-insert.xml" relativeToChangelogFile="true"/>
+    <include file="vulnerability-description-insert.xml" relativeToChangelogFile="true"/>
+    <include file="vulnerability-project-insert.xml" relativeToChangelogFile="true"/>
 
     <changeSet id="add-tests-data" author="nulls">
         <tagDatabase tag="test-data-insert"/>

db/test-data/sqlRequests/vulnerability-description.csv

@@ -0,0 +1,2 @@
+id;description;vulnerability_id
+1;"In Spring Security versions 5.5.6 and 5.6.3 and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass";1

db/test-data/sqlRequests/vulnerability-project.csv

@@ -0,0 +1,4 @@
+id;name;url;is_open_source;vulnerability_id
+1;"spring-projects/spring-security";"https://github.com/spring-projects/spring-security";1;1
+2;"org.springframework.security:spring-security-web";"https://mvnrepository.com/artifact/org.springframework.security/spring-security-web";0;1
+3;"org.springframework.security:spring-security-core";"https://mvnrepository.com/artifact/org.springframework.security/spring-security-core";0;1

db/test-data/vulnerability-description-insert.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+                      http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.8.xsd">
+
+    <changeSet id="vulnerability-description-insert" author="frolov" context="dev">
+        <loadData tableName="vulnerability_description" encoding="UTF-8" separator=";" quotchar="&quot;" file="db/test-data/sqlRequests/vulnerability-description.csv">
+            <column header="id" name="id" type="bigint"/>
+            <column header="vulnerability_id" name="vulnerability_id" type="bigint"/>
+            <column header="description" name="description" type="TEXT"/>
+        </loadData>
+    </changeSet>
+
+</databaseChangeLog>

db/test-data/vulnerability-project-insert.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+                      http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.8.xsd">
+
+    <changeSet id="vulnerability-project-insert" author="frolov" context="dev">
+        <loadData tableName="vulnerability_project" encoding="UTF-8" separator=";" quotchar="&quot;" file="db/test-data/sqlRequests/vulnerability-project.csv">
+            <column header="id" name="id" type="bigint"/>
+            <column header="name" name="name" type="varchar(250)"/>
+            <column header="url" name="url" type="varchar(250)"/>
+            <column header="is_open_source" name="is_open_source" type="BOOLEAN"/>
+            <column header="vulnerability_id" name="vulnerability_id" type="bigint"/>
+        </loadData>
+    </changeSet>
+
+</databaseChangeLog>

db/v-2/tables/db.changelog-tables.xml

@@ -35,6 +35,9 @@
     <include file="lnk-execution-file.xml" relativeToChangelogFile="true"/>
     <include file="tests-source-snapshot.xml" relativeToChangelogFile="true"/>
     <include file="tests-source-version.xml" relativeToChangelogFile="true"/>
+    <include file="vulnerability.xml" relativeToChangelogFile="true"/>
+    <include file="vulnerability-description.xml" relativeToChangelogFile="true"/>
+    <include file="vulnerability-project.xml" relativeToChangelogFile="true"/>
 
     <changeSet id="02-tables" author="frolov">
         <tagDatabase tag="v2.0-tables"/>

db/v-2/tables/vulnerability-description.xml

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+                      http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.8.xsd">
+
+    <changeSet id="vulnerability-description-1" author="frolov" context="dev or prod">
+        <createTable tableName="vulnerability_description">
+            <column name="id" type="bigint" autoIncrement="true">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="vulnerability_id" type="bigint">
+                <constraints foreignKeyName="fk_vulnerability_description_vulnerability" references="vulnerability(id)" nullable="false" deleteCascade="true"/>
+            </column>
+            <column name="description" type="TEXT">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+    </changeSet>
+
+</databaseChangeLog>

db/v-2/tables/vulnerability-project.xml

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog
+                      http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.8.xsd">
+
+    <changeSet id="vulnerability-project-1" author="frolov" context="dev or prod">
+        <createTable tableName="vulnerability_project">
+            <column name="id" type="bigint" autoIncrement="true">
+                <constraints primaryKey="true" nullable="false"/>
+            </column>
+            <column name="name" type="varchar(250)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="url" type="varchar(250)"/>
+            <column name="is_open_source" type="BOOLEAN" defaultValue="0"/>
+            <column name="vulnerability_id" type="bigint">
+                <constraints foreignKeyName="fk_vulnerability_project_vulnerability" references="vulnerability(id)" nullable="false" deleteCascade="true"/>
+            </column>
+        </createTable>
+    </changeSet>
+
+</databaseChangeLog>

gradle/plugins/src/main/kotlin/com/saveourtool/save/buildutils/VersioningConfiguration.kt

@@ -9,7 +9,9 @@ import org.ajoberstar.grgit.gradle.GrgitServicePlugin
 import org.ajoberstar.reckon.gradle.ReckonExtension
 import org.ajoberstar.reckon.gradle.ReckonPlugin
 import org.gradle.api.Project
+import org.gradle.api.provider.Provider
 import org.gradle.kotlin.dsl.*
+import java.util.*
 
 /**
  * @return path to the file with save-cli version for current build
@@ -50,6 +52,16 @@ fun Project.configureVersioning() {
     }
 }
 
+/**
+ * @return save-cli version for current build
+ */
+@Suppress("CUSTOM_GETTERS_SETTERS")
+internal fun Project.readSaveCliVersion(): Provider<String> = rootProject.tasks.named("getSaveCliVersion")
+    .map { getSaveCliVersionTask ->
+        val file = file(getSaveCliVersionTask.outputs.files.singleFile)
+        Properties().apply { load(file.reader()) }["version"] as String
+    }
+
 /**
  * @return true if this string denotes a snapshot version
  */

gradle/plugins/src/main/kotlin/com/saveourtool/save/buildutils/save-cli-configuration.gradle.kts

@@ -5,77 +5,63 @@
 package com.saveourtool.save.buildutils
 
 import de.undercouch.gradle.tasks.download.Download
-import org.gradle.api.tasks.TaskProvider
 import org.gradle.kotlin.dsl.*
 import java.io.File
-import java.util.*
 
 plugins {
     kotlin("jvm")
     id("de.undercouch.download")
 }
 
-/**
- * @return version of save-cli from properties file
- */
-fun Project.readSaveCliVersion(): String {
-    val file = file(pathToSaveCliVersion)
-    return Properties().apply { load(file.reader()) }["version"] as String
-}
-
-/**
- * @return save-cli file path to copy
- */
-fun Project.getSaveCliPath(): String {
-    val saveCliVersion = readSaveCliVersion()
-    val saveCliPath = findProperty("saveCliPath")?.takeIf { saveCliVersion.isSnapshot() } as String?
-        ?: "https://github.com/saveourtool/save-cli/releases/download/v$saveCliVersion"
-    return "$saveCliPath/save-$saveCliVersion-linuxX64.kexe"
-}
-
 @Suppress("GENERIC_VARIABLE_WRONG_DECLARATION")
-val downloadSaveCliTaskProvider: TaskProvider<Download> = tasks.register<Download>("downloadSaveCli") {
-    dependsOn(":getSaveCliVersion")
-
-    src { getSaveCliPath() }
-    dest { "$buildDir/download/${File(getSaveCliPath()).name}" }
+val copySaveCliTaskProvider = tasks.register<Copy>("copySaveCli") {
+    val saveCliFile = rootProject.tasks.named<Download>("downloadSaveCli")
+        .map { downloadTask ->
+            downloadTask.dest
+        }
+    val outputDir = "$buildDir/download"
+    inputs.file(saveCliFile)
+    outputs.dir(outputDir)
 
-    overwrite(false)
+    from(saveCliFile.map { it.parentFile })
+    into(outputDir)
 }
 
 dependencies {
     add("runtimeOnly",
-        files(layout.buildDirectory.dir("$buildDir/download")).apply {
-            builtBy(downloadSaveCliTaskProvider)
-        }
+        files(layout.buildDirectory.dir(
+            copySaveCliTaskProvider.map { task ->
+                task.outputs.files.singleFile.absolutePath
+            }
+        ))
     )
 }
 
-val generateVersionFileTaskProvider = tasks.register("generateVersionFile") {
-    val versionsFile = File("$buildDir/generated/src/generated/Versions.kt")
+val generateSaveCliVersionFileTaskProvider = tasks.register("generateSaveCliVersionFile") {
+    val saveCliVersion = readSaveCliVersion()
+    val outputDir = File("$buildDir/generated/src")
+    val versionFile = outputDir.resolve("generated/SaveCliVersion.kt")
 
-    dependsOn(rootProject.tasks.named("getSaveCliVersion"))
-    inputs.file(pathToSaveCliVersion)
-    outputs.file(versionsFile)
+    inputs.property("save-cli version", saveCliVersion)
+    outputs.dir(outputDir)
 
     doFirst {
-        val saveCliVersion = readSaveCliVersion()
-        versionsFile.parentFile.mkdirs()
-        versionsFile.writeText(
+        versionFile.parentFile.mkdirs()
+        versionFile.writeText(
             """
             package generated
 
-            internal const val SAVE_CORE_VERSION = "$saveCliVersion"
+            internal const val SAVE_CORE_VERSION = "${saveCliVersion.get()}"
 
             """.trimIndent()
         )
     }
 }
 
 kotlin.sourceSets.getByName("main") {
-    kotlin.srcDir("$buildDir/generated/src")
-}
-
-tasks.withType<org.jetbrains.kotlin.gradle.tasks.KotlinCompile>().forEach {
-    it.dependsOn(generateVersionFileTaskProvider)
+    kotlin.srcDir(
+        generateSaveCliVersionFileTaskProvider.map {
+            it.outputs.files.singleFile
+        }
+    )
 }

gradle/plugins/src/main/kotlin/com/saveourtool/save/buildutils/save-cli-download-configuration.gradle.kts

@@ -0,0 +1,25 @@
+/**
+ * Configuration task to download save-cli once per a project
+ */
+
+package com.saveourtool.save.buildutils
+
+import de.undercouch.gradle.tasks.download.Download
+import org.gradle.kotlin.dsl.*
+
+plugins {
+    id("de.undercouch.download")
+}
+
+tasks.register<Download>("downloadSaveCli") {
+    val saveCliVersion = readSaveCliVersion()
+    val saveCliFileName = saveCliVersion.map { "save-$it-linuxX64.kexe" }
+    val saveCliPath = saveCliVersion.zip(saveCliFileName) { version, fileName ->
+        findProperty("saveCliPath")?.takeIf { version.isSnapshot() } as String?
+            ?: "https://github.com/saveourtool/save-cli/releases/download/v$version/$fileName"
+    }
+    src { saveCliPath }
+    dest { saveCliFileName.map { fileName -> "$buildDir/download/$fileName" } }
+
+    overwrite(false)
+}

gradle/plugins/src/main/kotlin/com/saveourtool/save/buildutils/save-cloud-version-file-configuration.gradle.kts

@@ -8,13 +8,13 @@ import java.io.File
 
 tasks.register("generateSaveCloudVersionFile") {
     val outputDir = File("$buildDir/generated/src")
-    val versionsFile = outputDir.resolve("generated/SaveCloudVersion.kt")
+    val versionFile = outputDir.resolve("generated/SaveCloudVersion.kt")
     inputs.property("project version", version.toString())
-    outputs.dir("$buildDir/generated/src")
+    outputs.dir(outputDir)
 
     doFirst {
-        versionsFile.parentFile.mkdirs()
-        versionsFile.writeText(
+        versionFile.parentFile.mkdirs()
+        versionFile.writeText(
             """
             package generated
 

save-cloud-charts/save-cloud/templates/backend-configmap.yaml

@@ -6,6 +6,7 @@ data:
   application.properties: |
     backend.preprocessor-url=http://preprocessor
     backend.orchestrator-url=http://orchestrator
+    backend.demo-url=http://demo
     backend.loki.url=http://loki:3100
     backend.loki.labels.agent-container-name=pod
     backend.loki.labels.application-name=app

save-cloud-common/src/commonMain/kotlin/com/saveourtool/save/entities/vulnerability/VulnerabilityDto.kt

@@ -0,0 +1,17 @@
+package com.saveourtool.save.entities.vulnerability
+
+import kotlinx.serialization.Serializable
+
+/**
+ * @property name name of vulnerability
+ * @property progress vulnerability criticality percentage
+ * @property projects links to projects with this vulnerability
+ * @property description description of vulnerability
+ */
+@Serializable
+data class VulnerabilityDto(
+    val name: String,
+    val progress: Int,
+    val description: String?,
+    val projects: List<VulnerabilityProjectDto>,
+)

save-cloud-common/src/commonMain/kotlin/com/saveourtool/save/entities/vulnerability/VulnerabilityProjectDto.kt

@@ -0,0 +1,15 @@
+package com.saveourtool.save.entities.vulnerability
+
+import kotlinx.serialization.Serializable
+
+/**
+ * @property name name of project
+ * @property url url of project
+ * @property isOpenSource is project open-source
+ */
+@Serializable
+data class VulnerabilityProjectDto(
+    val name: String,
+    val url: String,
+    val isOpenSource: Boolean,
+)