Refactors OSS scan parsing and renames method (AST-95414) (#834)

cx-sarah-chen · web-flow · commit 24a4e195dadb · 2025-05-22T15:24:09.000+03:00
* Refactors OSS scan parsing and renames method

* Refactors variable declarations and updates method call

* Adds SCA vulnerability details and severity levels to CxOss
diff --git a/src/main/oss/CxManifestStatus.ts b/src/main/oss/CxManifestStatus.ts
@@ -1,5 +1,9 @@
 export enum CxManifestStatus {
     malicious = "Malicious",
     ok = "OK",
-    unknown = "Unknown"
+    unknown = "Unknown",
+    critical = "Critical",
+    high = "High",
+    medium = "Medium",
+    low = "Low"
 }
diff --git a/src/main/oss/CxOss.ts b/src/main/oss/CxOss.ts
@@ -1,45 +1,60 @@
-import  {CxManifestStatus}  from './CxManifestStatus';
+import { CxManifestStatus } from './CxManifestStatus';
 
 export default class CxOssResult {
-    packageManager : string;
-    packageName : string;
-    version : string;
-    filepath : string;
-    lineStart : number;
-    lineEnd : number;
-    startIndex : number;
-    endIndex : number;
-    status :CxManifestStatus;
-
+  packageManager: string;
+  packageName: string;
+  version: string;
+  filepath: string;
+  lineStart: number;
+  lineEnd: number;
+  startIndex: number;
+  endIndex: number;
+  status: CxManifestStatus;
+  vulnerabilities: { cve: string, description: string, severity: string }[];
 
   static parseResult(resultObject: any): CxOssResult[] {
+    const packages = resultObject.Packages;
     let ossResults: CxOssResult[] = [];
-    if (resultObject instanceof Array) {
-        ossResults = resultObject.map((member: any) => {
+    if (packages instanceof Array) {
+      ossResults = packages.map((member: any) => {
         const ossResult = new CxOssResult();
         ossResult.packageManager = member.PackageManager;
         ossResult.packageName = member.PackageName;
-        ossResult.version = member.Version;
-        ossResult.filepath = member.Filepath;
+        ossResult.version = member.PackageVersion;
+        ossResult.filepath = member.FilePath;
         ossResult.lineStart = member.LineStart;
         ossResult.lineEnd = member.LineEnd;
         ossResult.startIndex = member.StartIndex;
         ossResult.endIndex = member.EndIndex;
         ossResult.status = member.Status as CxManifestStatus;
+        ossResult.vulnerabilities = Array.isArray(member.Vulnerabilities)
+          ? member.Vulnerabilities.map((vul: any) => ({
+            cve: vul.CVE,
+            description: vul.Description,
+            severity: vul.Severity
+          }))
+          : [];
         return ossResult;
       });
     } else {
-        const ossResult = new CxOssResult();
-        ossResult.packageManager = resultObject.PackageManager;
-        ossResult.packageName = resultObject.PackageName;
-        ossResult.version = resultObject.Version;
-        ossResult.filepath = resultObject.FilePath;
-        ossResult.lineStart = resultObject.LineStart;
-        ossResult.lineEnd = resultObject.LineEnd;
-        ossResult.startIndex = resultObject.StartIndex;
-        ossResult.endIndex = resultObject.EndIndex; 
-        ossResult.status = resultObject.Status as CxManifestStatus;
-        ossResults.push(ossResult);
+      const ossResult = new CxOssResult();
+      ossResult.packageManager = packages.PackageManager;
+      ossResult.packageName = packages.PackageName;
+      ossResult.version = packages.PackageVersion;
+      ossResult.filepath = packages.FilePath;
+      ossResult.lineStart = packages.LineStart;
+      ossResult.lineEnd = packages.LineEnd;
+      ossResult.startIndex = packages.StartIndex;
+      ossResult.endIndex = packages.EndIndex;
+      ossResult.status = packages.Status as CxManifestStatus;
+      ossResult.vulnerabilities = Array.isArray(packages.Vulnerabilities)
+    ? packages.Vulnerabilities.map((vul: any) => ({
+        cve: vul.CVE,
+        description: vul.Description,
+        severity: vul.Severity
+      }))
+    : [];
+      ossResults.push(ossResult);
     }
     return ossResults;
   }
diff --git a/src/main/wrapper/CxWrapper.ts b/src/main/wrapper/CxWrapper.ts
@@ -147,7 +147,7 @@ export class CxWrapper {
         return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_ASCA);
     }
 
-    async scanOss(sourceFile: string): Promise<CxCommandOutput> {
+    async ossScanResults(sourceFile: string): Promise<CxCommandOutput> {
         const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_OSS, CxConstants.SOURCE, sourceFile];
         commands.push(...this.initializeCommands(false));
         const exec = new ExecutionService();
diff --git a/src/tests/ScanTest.test.ts b/src/tests/ScanTest.test.ts
@@ -169,7 +169,7 @@ describe("ScanCreate cases", () => {
     
     it.skip('ScanOss Successful case', async () => {
         const wrapper = new CxWrapper(cxScanConfig);
-        const cxCommandOutput: CxCommandOutput = await wrapper.scanOss("tsc/tests/data/package.json");
+        const cxCommandOutput: CxCommandOutput = await wrapper.ossScanResults("tsc/tests/data/package.json");
         console.log("Json object from scanOSS successful case: " + JSON.stringify(cxCommandOutput));
         expect(cxCommandOutput.payload).toBeDefined();
         expect(cxCommandOutput.exitCode).toBe(0);

Original file line number	Diff line number	Diff line change
`@@ -147,7 +147,7 @@ export class CxWrapper {`
`147`	`147`	`return await exec.executeCommands(this.config.pathToExecutable, commands, CxConstants.SCAN_ASCA);`
`148`	`148`	`}`
`149`	`149`
`150`		`- async scanOss(sourceFile: string): Promise<CxCommandOutput> {`
	`150`	`+ async ossScanResults(sourceFile: string): Promise<CxCommandOutput> {`
`151`	`151`	`const commands: string[] = [CxConstants.CMD_SCAN, CxConstants.CMD_OSS, CxConstants.SOURCE, sourceFile];`
`152`	`152`	`commands.push(...this.initializeCommands(false));`
`153`	`153`	`const exec = new ExecutionService();`