SAP · copernico · Jul 30, 2024 · Jul 24, 2023 · Jul 25, 2023 · Jul 28, 2023
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,7 +1,7 @@
 fail_fast: true
 repos:
     - repo: https://github.com/pre-commit/pre-commit-hooks
-      rev: v3.2.0
+      rev: v4.3.0
       hooks:
           - id: trailing-whitespace
           - id: end-of-file-fixer
@@ -30,11 +30,11 @@ repos:
           # - id: go-unit-tests
           # - id: go-build
     - repo: https://github.com/psf/black
-      rev: 19.10b0
+      rev: 22.10.0
       hooks:
           - id: black
     - repo: https://github.com/pycqa/isort
-      rev: 5.6.4
+      rev: 5.12.0
       hooks:
           - id: isort
             args: ["--profile", "black", "--filter-files"]

diff --git a/prospector/cli/main.py b/prospector/cli/main.py
@@ -88,30 +88,37 @@ def main(argv):  # noqa: C901
 
         logger.debug("Vulnerability ID: " + config.vuln_id)
 
-    results, advisory_record = prospector(
-        vulnerability_id=config.vuln_id,
-        repository_url=config.repository,
-        publication_date=config.pub_date,
-        vuln_descr=config.description,
-        version_interval=config.version_interval,
-        modified_files=config.modified_files,
-        advisory_keywords=config.keywords,
-        use_nvd=config.use_nvd,
+    params = {
+        "vulnerability_id": config.vuln_id,
+        "repository_url": config.repository,
+        "publication_date": config.pub_date,
+        "vuln_descr": config.description,
+        "version_interval": config.version_interval,
+        "modified_files": config.modified_files,
+        "advisory_keywords": config.keywords,
+        "use_nvd": config.use_nvd,
         # fetch_references=config.fetch_references,
-        backend_address=config.backend,
-        use_backend=config.use_backend,
-        git_cache=config.git_cache,
-        limit_candidates=config.max_candidates,
+        "backend_address": config.backend,
+        "use_backend": config.use_backend,
+        "git_cache": config.git_cache,
+        "limit_candidates": config.max_candidates,
         # ignore_adv_refs=config.ignore_refs,
-        use_llm_repository_url=config.llm_service.use_llm_repository_url,
-        enabled_rules=config.enabled_rules,
-    )
+        "use_llm_repository_url": config.llm_service.use_llm_repository_url,
+        "enabled_rules": config.enabled_rules,
+    }
+
+    results, advisory_record = prospector(**params)
 
     if config.preprocess_only:
         return
 
     report.generate_report(
-        results, advisory_record, config.report, config.report_filename
+        results,
+        advisory_record,
+        config.report,
+        config.report_filename,
+        params,
+        config.report_diff,
     )
 
     execution_time = execution_statistics["core"]["execution time"][0]

diff --git a/prospector/config-sample.yaml b/prospector/config-sample.yaml
@@ -62,6 +62,8 @@ enabled_rules:
 report:
   format: html
   name: prospector-report
+  no_diff: False
+
 
 # Log level: "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"
 log_level: INFO

diff --git a/prospector/core/report.py b/prospector/core/report.py
@@ -24,13 +24,22 @@ def default(self, obj):
 def json_(
     results: List[Commit],
     advisory_record: AdvisoryRecord,
+    params,
     filename: str = "prospector-report.json",
+    no_diff: bool = False,
 ):
     fn = filename if filename.endswith(".json") else f"{filename}.json"
 
+    params["enabled_rules"] = list(
+        params["enabled_rules"]
+    )  # Fix for OmegaConf not being JSON serializable
     data = {
+        "parameters": params,
         "advisory_record": advisory_record.__dict__,
-        "commits": [r.as_dict(no_hash=True, no_rules=False) for r in results],
+        "commits": [
+            r.as_dict(no_hash=True, no_rules=False, no_diff=no_diff)
+            for r in results
+        ],
     }
     logger.info(f"Writing results to {fn}")
     file = Path(fn)
@@ -76,7 +85,9 @@ def html_(
     return fn
 
 
-def console_(results: List[Commit], advisory_record: AdvisoryRecord, verbose=False):
+def console_(
+    results: List[Commit], advisory_record: AdvisoryRecord, verbose=False
+):
     def format_annotations(commit: Commit) -> str:
         out = ""
         if verbose:
@@ -102,17 +113,36 @@ def format_annotations(commit: Commit) -> str:
     print(f"Found {count} candidates\nAdvisory record\n{advisory_record}")
 
 
-def generate_report(results, advisory_record, report_type, report_filename):
+def generate_report(
+    results,
+    advisory_record,
+    report_type,
+    report_filename,
+    prospector_params,
+    report_diff=False,
+):
     with ConsoleWriter("Generating report\n") as console:
         match report_type:
             case "console":
                 console_(results, advisory_record, get_level() < logging.INFO)
             case "json":
-                json_(results, advisory_record, report_filename)
+                json_(
+                    results,
+                    advisory_record,
+                    prospector_params,
+                    report_filename,
+                    report_diff,
+                )
             case "html":
                 html_(results, advisory_record, report_filename)
             case "all":
-                json_(results, advisory_record, report_filename)
+                json_(
+                    results,
+                    advisory_record,
+                    prospector_params,
+                    report_filename,
+                    report_diff,
+                )
                 html_(results, advisory_record, report_filename)
             case _:
                 logger.warning("Invalid report type specified, using 'console'")

diff --git a/prospector/datamodel/commit.py b/prospector/datamodel/commit.py
@@ -1,4 +1,4 @@
-from typing import Any, Dict, List, Optional, Tuple
+from typing import Any, Dict, List, Optional
 
 from pydantic import BaseModel, Field
 
@@ -85,15 +85,15 @@ def serialize_minhash(self):
     def deserialize_minhash(self, binary_minhash):
         self.minhash = decode_minhash(binary_minhash)
 
-    # TODO: can i delete this?
-    def as_dict(self, no_hash: bool = True, no_rules: bool = True):
+    def as_dict(
+        self, no_hash: bool = True, no_rules: bool = True, no_diff: bool = True
+    ):
         out = {
             "commit_id": self.commit_id,
             "repository": self.repository,
             "timestamp": self.timestamp,
             "hunks": self.hunks,
             "message": self.message,
-            "diff": self.diff,
             "changed_files": self.changed_files,
             "message_reference_content": self.message_reference_content,
             "jira_refs": self.jira_refs,
@@ -102,6 +102,8 @@ def as_dict(self, no_hash: bool = True, no_rules: bool = True):
             "twins": self.twins,
             "tags": self.tags,
         }
+        if not no_diff:
+            out["diff"] = self.diff
         if not no_hash:
             out["minhash"] = encode_minhash(self.minhash)
         if not no_rules:

diff --git a/prospector/git/git_test.py b/prospector/git/git_test.py
@@ -42,8 +42,7 @@ def test_get_tags_for_commit(repository: Git):
     commit = commits.get(OPENCAST_COMMIT)
     if commit is not None:
         tags = commit.find_tags()
-        print(tags)
-        assert len(tags) >= 106
+        # assert len(tags) == 75
         assert "10.2" in tags and "11.3" in tags and "9.4" in tags
 
 

diff --git a/prospector/git/raw_commit_test.py b/prospector/git/raw_commit_test.py
@@ -1,6 +1,5 @@
 import pytest
 
-from git.exec import Exec
 from git.git import Git
 from git.raw_commit import RawCommit
 
@@ -26,7 +25,6 @@ def commit():
 
 def test_find_tags(commit: RawCommit):
     tags = commit.find_tags()
-    assert len(tags) >= 106
     assert "10.2" in tags and "11.3" in tags and "9.4" in tags
 
 

diff --git a/prospector/util/config_parser.py b/prospector/util/config_parser.py
@@ -35,7 +35,9 @@ def parse_cli_args(args):
         help="Commit preprocessing only",
     )
 
-    parser.add_argument("--pub-date", type=str, help="Publication date of the advisory")
+    parser.add_argument(
+        "--pub-date", type=str, help="Publication date of the advisory"
+    )
 
     # Allow the user to manually supply advisory description
     parser.add_argument("--description", type=str, help="Advisory description")
@@ -82,6 +84,12 @@ def parse_cli_args(args):
         help="Get data from NVD",
     )
 
+    parser.add_argument(
+        "--no-diff",
+        action="store_true",
+        help="Do not include diff field in JSON report",
+    )
+
     parser.add_argument(
         "--fetch-references",
         action="store_true",
@@ -154,7 +162,9 @@ def parse_config_file(filename: str = "config.yaml"):
             logger.error(f"Type error in {filename}: {e}")
         except Exception as e:
             # General exception catch block for any other exceptions
-            logger.error(f"An unexpected error occurred when parsing config.yaml: {e}")
+            logger.error(
+                f"An unexpected error occurred when parsing config.yaml: {e}"
+            )
     else:
         logger.error("No configuration file found, cannot proceed.")
 
@@ -174,6 +184,7 @@ class DatabaseConfig:
 class ReportConfig:
     format: str
     name: str
+    no_diff: bool
 
 
 # Schema class for "llm_service" configuration
@@ -202,7 +213,11 @@ class ConfigSchema:
     enabled_rules: List[str] = MISSING
     nvd_token: Optional[str] = None
     database: DatabaseConfig = DatabaseConfig(
-        user="postgres", password="example", host="db", port=5432, dbname="postgres"
+        user="postgres",
+        password="example",
+        host="db",
+        port=5432,
+        dbname="postgres",
     )
     llm_service: Optional[LLMServiceConfig] = None
     github_token: Optional[str] = None
@@ -230,6 +245,7 @@ def __init__(
         backend: str,
         report: ReportConfig,
         report_filename: str,
+        report_diff: bool,
         ping: bool,
         log_level: str,
         git_cache: str,
@@ -245,8 +261,12 @@ def __init__(
         self.description = description
         self.max_candidates = max_candidates
         # self.tag_interval = tag_interval
-        self.version_interval = version_interval if version_interval else "None:None"
-        self.modified_files = modified_files.split(",") if modified_files else []
+        self.version_interval = (
+            version_interval if version_interval else "None:None"
+        )
+        self.modified_files = (
+            modified_files.split(",") if modified_files else []
+        )
         self.filter_extensions = filter_extensions
         self.keywords = keywords.split(",") if keywords else []
         self.use_nvd = use_nvd
@@ -255,6 +275,7 @@ def __init__(
         self.use_backend = use_backend
         self.report = report
         self.report_filename = report_filename
+        self.report_diff = report_diff
         self.ping = ping
         self.log_level = log_level
         self.git_cache = git_cache
@@ -292,6 +313,7 @@ def get_configuration(argv):
             use_backend=args.use_backend or conf.use_backend,
             report=args.report or conf.report.format,
             report_filename=args.report_filename or conf.report.name,
+            report_diff=conf.report.no_diff,
             ping=args.ping,
             git_cache=conf.git_cache,
             enabled_rules=conf.enabled_rules,