diff --git a/scripts/dependency_scanner.py b/scripts/dependency_scanner.py index f179815..cb978bf 100644 --- a/scripts/dependency_scanner.py +++ b/scripts/dependency_scanner.py @@ -208,7 +208,7 @@ def generate_csv_report(self, filename=None): os.makedirs(reports_dir, exist_ok=True) filepath = os.path.join(reports_dir, filename) - all_vulnerabilities = [] # We'll still use this, even in the simplified version + all_vulnerabilities = [] repositories = self.client.get_repositories(self.org_name, self.repo_list) if not repositories: logging.warning("No repositories found to scan.") @@ -230,31 +230,46 @@ def generate_csv_report(self, filename=None): for alert in alerts: try: - # --- EXTREME DEBUGGING: Simplify everything --- + dependency = alert.get("dependency", {}) + pkg = dependency.get("package", {}) + package_name = pkg.get("name", "N/A") + manifest_path = dependency.get("manifest_path", "N/A") + current_version = self.client.get_dependency_version(repo['owner'], repo['name'], manifest_path) + security_advisory = alert.get("security_advisory", {}) vulnerable_ranges = [] for vulnerability in security_advisory.get("vulnerabilities", []): vulnerable_range_str = vulnerability.get("vulnerable_version_range", "N/A") vulnerable_ranges.append(vulnerable_range_str) - print(f"DEBUG: Individual vulnerable_range: {vulnerable_range_str}") # Debug each one + print(f"DEBUG: Individual vulnerable_range: {vulnerable_range_str}") # KEEP THIS vulnerable_range = ", ".join(vulnerable_ranges) - print(f"DEBUG: Combined vulnerable_range: {vulnerable_range}") + print(f"DEBUG: Combined vulnerable_range: {vulnerable_range}") # KEEP THIS + + severity = security_advisory.get("severity", "N/A") + security_vulnerability = alert.get("security_vulnerability", {}) + first_patched = security_vulnerability.get("first_patched_version", {}) + update_available = first_patched.get("identifier", "N/A") if first_patched else "N/A" + + # --- NEW DEBUG PRINT --- + print(f"DEBUG: Data before append: {repo['owner']}/{repo['name']}, {package_name}, {current_version}, {vulnerable_range}, {severity}, {update_available}") - # Temporarily just append a simplified dictionary all_vulnerabilities.append({ - "Repository Name": repo['name'], # Use a simple value - "Vulnerable Versions": vulnerable_range, # ONLY this field + "Repository Name": f"{repo['owner']}/{repo['name']}", + "Package Name": package_name, + "Current Version": current_version, + "Vulnerable Versions": vulnerable_range, + "Severity": severity, + "Update Available": update_available }) - # --- END EXTREME DEBUGGING --- - + self.total_vulnerabilities += 1 except KeyError as e: logging.warning(f"Missing key in alert data for repo {repo['owner']}/{repo['name']}: {e}. Skipping.") - print(f"KeyError: {e}") + print(f"KeyError: {e}") #KEEP continue except Exception as e: logging.exception(f"Error processing alert data for repo {repo['owner']}/{repo['name']}: {e}. Skipping.") - print(f"Other Exception: {e}") + print(f"Other Exception: {e}") #KEEP continue except Exception as e: logging.exception(f"Error processing repo {repo['owner']}/{repo['name']}: {e}") @@ -263,15 +278,20 @@ def generate_csv_report(self, filename=None): logging.info("No vulnerabilities found.") return - # Simplified writing for debugging with open(filepath, "w", newline="", encoding="utf-8") as csvfile: - fieldnames = ["Repository Name", "Vulnerable Versions"] # Only these two columns + fieldnames = [ + "Repository Name", + "Package Name", + "Current Version", + "Vulnerable Versions", + "Severity", + "Update Available", + ] writer = csv.DictWriter(csvfile, fieldnames=fieldnames) writer.writeheader() writer.writerows(all_vulnerabilities) logging.info(f"CSV report generated: {filepath}") - - + def run_scan(self, filename=None): """Runs the complete scan and report generation.""" self.generate_csv_report(filename)