58 fixchange extractandanalyse endpoint

code/AmIVulnerable/AmIVulnerable/Controllers/DependeciesController.cs

@@ -79,8 +79,8 @@
                             ExecuteCommand("npm", "install", projectGuid.ToString());
                             ExecuteCommand("rm", "tree.json", projectGuid.ToString());
                             ExecuteCommand("npm", "list --all --json >> tree.json", projectGuid.ToString());
-                            List<NodePackage> depTree = ExtractTree(projectGuid.ToString() + "/tree.json");
+                            List<NodePackage> depTree = ExtractTree(AppDomain.CurrentDomain.BaseDirectory + projectGuid.ToString() + "/tree.json");
                             List<NodePackageResult> resTree = await AnalyzeTreeAsync(depTree) ?? [];
                             if (resTree.Count != 0) {
                                 JsonLdObject resultAsJsonLd = new JsonLdObject() {
                                     Context = "https://localhost:7203/views/nodePackageResult",
@@ -106,9 +106,9 @@
         /// <param name="command">Command used for programm</param>
         private void ExecuteCommand(string prog, string command, string dir) {
             ProcessStartInfo process = new ProcessStartInfo {
-                FileName = "bash",
+                FileName = "cmd",
                 RedirectStandardInput = true,
-                WorkingDirectory = dir,
+                WorkingDirectory = AppDomain.CurrentDomain.BaseDirectory + dir,
             };
             Process runProcess = Process.Start(process)!;
             runProcess.StandardInput.WriteLine($"{prog} {command}");
@@ -165,7 +165,7 @@
         /// </summary>
         /// <param name="depTree">List of all top level node packages.</param>
         /// <returns>List of NodePackageResult.</returns>
         private async Task<List<NodePackageResult?>> AnalyzeTreeAsync(List<NodePackage> depTree) {
             List<Tuple<string, string>> nodePackages = [];
             // preperation list
             foreach (NodePackage x in depTree) {
@@ -206,7 +206,7 @@
 
             // find the critical points
             if (cveResults.Count == 0) {
                 return null;
             }
             List<NodePackageResult?> resulstList = [];
             foreach (NodePackage x in depTree) {
@@ -216,29 +216,6 @@
                 }
             }
             return resulstList;
-            #region oldcode
-            //SearchDbController searchDbController = new SearchDbController();
-            //List<string> designation = [];
-            //foreach (Tuple<string, string> x in nodePackages) {
-            //    designation.Add(x.Item1);
-            //}
-
-            //List<CveResult> results = await searchDbController.SearchPackagesAsList(designation);
-            ////List<CveResult> results = searchDbController.SearchPackagesAsListMono(designation);
-
-            //// find the critical points
-            //if (results.Count == 0) {
-            //    return null;
-            //}
-            //List<NodePackageResult?> resulstListOld = [];
-            //foreach (NodePackage x in depTree) {
-            //    NodePackageResult? temp = checkVulnerabilities(x, results);
-            //    if (temp is not null) {
-            //        resulstList.Add(temp);
-            //    }
-            //}
-            //return resulstList;
-            #endregion
         }
 
         /// <summary>
@@ -275,6 +252,8 @@
             foreach (CveResult x in cveData) { // check
                 if (x.Designation.Equals(package.Name)) {
                     r.isCveTracked = true;
+                    r.CvssV31 = x.CvssV31;
+                    r.Description = x.Description;
                 }
             }
             if (r.isCveTracked == false && !DepCheck(r)) {

code/AmIVulnerable/docker-compose.yml

@@ -21,6 +21,8 @@ services:
     ports:
       - 3306:3306
     command: --default-authentication-plugin=mysql_native_password
+    cap_add:
+      - SYS_NICE  # CAP_SYS_NICE
 
   amivulnerable:
     container_name: ApiAmIVulnerable