change: handling tar files in default conf file (#46)

sumeetpatil · web-flow · commit c3fe384c08d1 · 2020-11-06T16:29:41.000+01:00
* change: handling tar files in default conf file
* fix: creation of commit directory
* change: added timestamp to commit metadata
* fix: check for the VulnerabilityId while generating the steady script
diff --git a/kaybee/internal/tasks/data/default_config.yaml b/kaybee/internal/tasks/data/default_config.yaml
@@ -104,14 +104,27 @@ export:
         commit_id=$2
         branch=$3
         vulnerability_id=$4
+        source_path=$5
+
+        [ -d $vulnerability_id/$commit_id ] || mkdir -p $vulnerability_id/$commit_id
+        if [ -f $source_path/changed-source-code.tar.gz ]
+        then
+          timestamp=`cat $vulnerability_id/$commit_id/timestamp`
+          echo "{" > $vulnerability_id/$commit_id/metadata.json
+          echo "  \"repository\" : \"$repo_url\"," >> $vulnerability_id/$commit_id/metadata.json
+          echo "  \"branch\" : \"$branch\"," >> $vulnerability_id/$commit_id/metadata.json
+          echo "  \"timestamp\" : \"$timestamp\"," >> $vulnerability_id/$commit_id/metadata.json
+          echo "  \"commit_id\" : \"$commit_id\"" >> $vulnerability_id/$commit_id/metadata.json
+          echo "}" >> $vulnerability_id/$commit_id/metadata.json
+          rm $vulnerability_id/$commit_id/timestamp
+          return
+        fi
 
         clone_once $repo_url
         repo_dir=$(folder_for_repo $repo_url)
 
         timestamp=$(git -C $repo_dir show --no-patch --no-notes --pretty='%at' $commit_id)
 
-        [ -d $vulnerability_id/$commit_id ] || mkdir -p $vulnerability_id/$commit_id
-
         echo "{" > $vulnerability_id/$commit_id/metadata.json
         echo "  \"repository\" : \"$repo_url\"," >> $vulnerability_id/$commit_id/metadata.json
         echo "  \"branch\" : \"$branch\"," >> $vulnerability_id/$commit_id/metadata.json
@@ -149,21 +162,26 @@ export:
       # -----------------------------------------------
       #  Analyzing vulnerability {{ .VulnerabilityID}}
       # -----------------------------------------------
+      {{ if .VulnerabilityID }}
       [ -d ./{{ .VulnerabilityID }} ] || mkdir ./{{ .VulnerabilityID }}
+      {{ $source_path := .Metadata.LocalPath }}
+      [ -f {{ $source_path }}/changed-source-code.tar.gz ] && tar -xf {{ $source_path }}/changed-source-code.tar.gz -C ./{{ .VulnerabilityID }}
+
       cat << EOM > ./{{ .VulnerabilityID }}/metadata.json
       {{ .ToJSON }}
       EOM
       {{ if .Fixes}}{{ $description :=  or ((index .Notes 0).Text) "" }}
       #make_vuln_metadata {{ .VulnerabilityID }} '{{ JoinNotes . }}' {{ LinksAsCSV . }}
       {{ $vuln := .VulnerabilityID}}{{ $repo := (index (index .Fixes 0).Commits 0).RepositoryURL }}
-      {{ range $f := .Fixes  }}{{ range .Commits }}checkout_commit {{$repo}} {{.ID}} {{$f.ID}} {{ $vuln }}
+      {{ range $f := .Fixes  }}{{ range .Commits }}checkout_commit {{$repo}} {{.ID}} {{$f.ID}} {{ $vuln }} {{ $source_path }}
       {{end}}{{end}}
-      $ANALYZER_CMD -d ./{{ .VulnerabilityID }}
       {{else}}
       # This vulnerability has no fix-commits
       {{end}}
+      {{end}}
 
     post: |-
+      $ANALYZER_CMD -d .
       # ------------------------------------------------
       # This script was generated with KayBee
       # ------------------------------------------------
