Merge pull request #1522 from Bidaya0/fix/scan-utils-typing-check

fix: scan utils typing check.
HXSecurity · Jun 14, 2023 · eeed694 · eeed694
2 parents b2103dd + 8e97e53
commit eeed694
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 12 deletions.
diff --git a/.gitignore b/.gitignore
@@ -32,3 +32,4 @@ celerybeat.pid
 *.mo
 *.o
 *.c
+*.prof
diff --git a/dongtai_web/dongtai_sca/common/dataclass.py b/dongtai_web/dongtai_sca/common/dataclass.py
@@ -1,12 +1,12 @@
 from typing import Tuple
 from typing import Any
-from typing import Optional
+from typing import Optional, Union
 from dataclasses import dataclass, field
 from dataclasses_json import dataclass_json, config
 from datetime import datetime
 from dateutil.parser import parse
 
-# those Tuple[str] = () is not working
+# those Union[Tuple[str], Tuple[()]] = () is not working
 # Since https://github.com/lidatong/dataclasses-json/pull/409
 # Be careful with potentially nullable types when using them temporarily.
 
@@ -21,16 +21,16 @@ class Reference:
 @dataclass_json
 @dataclass
 class VulCodes:
-    CVE: Tuple[str] = ()
-    GHSA: Tuple[str] = ()
+    CVE: Union[Tuple[str], Tuple[()]] = ()
+    GHSA: Union[Tuple[str], Tuple[()]] = ()
 
 
 @dataclass_json
 @dataclass
 class VulInfo:
     vul_id: str = ""
     cvss_v3: str = ""
-    cwe: Tuple[str] = ()
+    cwe: Union[Tuple[str], Tuple[()]] = ()
     title: str = ""
     description: str = ""
     references: Tuple[Reference] = ()
@@ -56,16 +56,16 @@ class VulInfo:
 class Vul:
     vul_info: VulInfo
     vul_codes: VulCodes
-    affected_versions: Tuple[str] = ()
-    unaffected_versions: Tuple[str] = ()
+    affected_versions: Union[Tuple[str], Tuple[()]] = ()
+    unaffected_versions: Union[Tuple[str], Tuple[()]] = ()
 
 
 @dataclass_json
 @dataclass
 class PackageVulData:
     vuls: Tuple[Vul] = ()
-    affected_versions: Tuple[str] = ()
-    unaffected_versions: Tuple[str] = ()
+    affected_versions: Union[Tuple[str], Tuple[()]] = ()
+    unaffected_versions: Union[Tuple[str], Tuple[()]] = ()
 
 
 @dataclass_json
@@ -77,7 +77,7 @@ class PackageInfo:
     version: str
     hash: str
     version_publish_time: str = ""
-    license: Tuple[str] = ()
+    license: Union[Tuple[str], Tuple[()]] = ()
 
 
 @dataclass_json

diff --git a/dongtai_web/dongtai_sca/scan/utils.py b/dongtai_web/dongtai_sca/scan/utils.py
@@ -1070,6 +1070,11 @@ def new_update_one_sca(agent_id,
     )
     from dongtai_common.models.assetv2 import AssetV2, AssetV2Global, IastAssetLicense, IastPackageGAInfo
     agent = IastAgent.objects.filter(id=agent_id).first()
+    if not agent:
+        logger.info(
+            f'SCA检测找不到对应Agent [{agent_id} {package_path} {package_signature} {package_name} {package_algorithm} {package_version}]'
+        )
+        return
     if not package_signature:
         package_signature = sha_1(package_signature)
     if agent.language == "JAVA":
@@ -1094,7 +1099,7 @@ def new_update_one_sca(agent_id,
             aql=aql,
             defaults={
                 "signature_algorithm": "SHA-1",
-                "language_id": get_language_id(agent.language),
+                "language_id": get_language_id(agent.language if agent.language else 'JAVA'),
                 "package_fullname": obj,
                 "package_name": package.name,
                 "signature_value": package.hash,
@@ -1279,7 +1284,7 @@ def stat_severity_v2(vul_infos: List[VulInfo]) -> dict:
     for key in ("critical", "high", "medium", "low", "info"):
         if key not in res:
             res[key] = 0
-    return dict(level=get_asset_level(res),
+    return dict(level=get_asset_level(dict(res)),
                 vul_count=sum(res.values()),
                 **{f"vul_{k}_count": v
                    for k, v in res.items()})