Merge branch 'master' into feature/save-cosv-divide

.github/workflows/build_and_test.yml

@@ -35,7 +35,6 @@ jobs:
       save-orchestrator: ${{ steps.calculate-dependencies.outputs.save-orchestrator }}
       save-orchestrator-common: ${{ steps.calculate-dependencies.outputs.save-orchestrator-common }}
       save-preprocessor: ${{ steps.calculate-dependencies.outputs.save-preprocessor }}
-      save-sandbox: ${{ steps.calculate-dependencies.outputs.save-sandbox }}
       test-analysis-core: ${{ steps.calculate-dependencies.outputs.test-analysis-core }}
       test-utils: ${{ steps.calculate-dependencies.outputs.test-utils }}
     steps:
@@ -87,8 +86,6 @@ jobs:
               - save-orchestrator-common/**
             save-preprocessor:
               - save-preprocessor/**
-            save-sandbox:
-              - save-sandbox/**
             test-analysis-core:
               - test-analysis-core/**
             test-utils:
@@ -118,7 +115,6 @@ jobs:
           save_frontend=$(( $save_cloud_common + $save_frontend_common + ${{ steps.git-changed-files.outputs.save-frontend_all_changed_files_count }} ))
           save_orchestrator=$(( $save_cloud_common + $save_orchestrator_common + $test_utils + ${{ steps.git-changed-files.outputs.save-orchestrator_all_changed_files_count }} ))
           save_preprocessor=$(( $save_cloud_common + $test_utils + ${{ steps.git-changed-files.outputs.save-preprocessor_all_changed_files_count }} ))
-          save_sandbox=$(( $save_cloud_common + $authentication_service + $test_utils + ${{ steps.git-changed-files.outputs.save-sandbox_all_changed_files_count }} ))
 
           echo "api-gateway=$api_gateway" >> "$GITHUB_OUTPUT"
           echo "authentication-service=$authentication_service" >> "$GITHUB_OUTPUT"
@@ -137,7 +133,6 @@ jobs:
           echo "save-orchestrator=$save_orchestrator" >> "$GITHUB_OUTPUT"
           echo "save-orchestrator-common=$save_orchestrator_common" >> "$GITHUB_OUTPUT"
           echo "save-preprocessor=$save_preprocessor" >> "$GITHUB_OUTPUT"
-          echo "save-sandbox=$save_sandbox" >> "$GITHUB_OUTPUT"
           echo "test-analysis-core=$test_analysis_core" >> "$GITHUB_OUTPUT"
           echo "test-utils=$test_utils" >> "$GITHUB_OUTPUT"
   build_save-cloud-common:
@@ -185,7 +180,6 @@ jobs:
           'save-frontend',
           'save-orchestrator',
           'save-preprocessor',
-          'save-sandbox',
           'test-analysis-core',
           'test-utils'
         ]
@@ -220,8 +214,6 @@ jobs:
             do-build: ${{ github.event_name == 'push' || needs.calculate_build_flags.outputs.save-orchestrator > 0 }}
           - module: save-preprocessor
             do-build: ${{ github.event_name == 'push' || needs.calculate_build_flags.outputs.save-preprocessor > 0 }}
-          - module: save-sandbox
-            do-build: ${{ github.event_name == 'push' || needs.calculate_build_flags.outputs.save-sandbox > 0 }}
           - module: test-analysis-core
             do-build: ${{ github.event_name == 'push' || needs.calculate_build_flags.outputs.test-analysis-core > 0 }}
           - module: test-utils

.github/workflows/deploy_images.yml

@@ -33,11 +33,6 @@ on:
         default: true
         description: Build new image of save-orchestrator
         required: false
-      sandbox:
-        type: boolean
-        default: true
-        description: Build new image of save-sandbox
-        required: false
       preprocessor:
         type: boolean
         default: true
@@ -64,7 +59,7 @@ jobs:
     uses: ./.github/workflows/build_save-agent_reusable.yml
     with:
       branch: ${{ inputs.branch }}
-      build-save-agent: ${{ github.event_name != 'workflow_dispatch' || inputs.backend || inputs.sandbox }}
+      build-save-agent: ${{ github.event_name != 'workflow_dispatch' || inputs.backend }}
       build-save-demo-agent: ${{ github.event_name != 'workflow_dispatch' || inputs.demo }}
 
   deploy_backend:
@@ -77,18 +72,6 @@ jobs:
       do-build: ${{ github.event_name != 'workflow_dispatch' || inputs.backend }}
       override-docker-tag: ${{ github.event_name == 'workflow_dispatch' }}
       save-cli-version: ${{ needs.build_cli.outputs.version }}
-
-  deploy_sandbox:
-    name: save-sandbox
-    uses: ./.github/workflows/deploy_images_reusable.yml
-    needs: [ build_cli, build_agents ]
-    with:
-      module: save-sandbox
-      branch: ${{ inputs.branch }}
-      do-build: ${{ github.event_name != 'workflow_dispatch' || inputs.sandbox }}
-      override-docker-tag: ${{ github.event_name == 'workflow_dispatch' }}
-      save-cli-version: ${{ needs.build_cli.outputs.version }}
-
   deploy_demo:
     name: save-demo
     uses: ./.github/workflows/deploy_images_reusable.yml
@@ -101,7 +84,7 @@ jobs:
       save-cli-version: stub
 
   deploy_all:
-    name: all excluding save-backend, save-sandbox and save-demo
+    name: all excluding save-backend and save-demo
     strategy:
       fail-fast: false
       matrix:

.github/workflows/deploy_images_reusable.yml

@@ -75,13 +75,13 @@ jobs:
           echo SAVE_CLI_GRADLE_OPTS=-PsaveCliVersion=${{ inputs.save-cli-version }} -PsaveCliPath=${{ github.workspace }}/save-cli >> $GITHUB_ENV
 
       - name: Download save-agent
-        if: inputs.module == 'save-backend' || inputs.module == 'save-sandbox'
+        if: inputs.module == 'save-backend'
         uses: actions/download-artifact@v3
         with:
           name: save-agent
           path: ${{ github.workspace }}/save-agent
       - name: Set saveAgentPath in Gradle
-        if: inputs.module == 'save-backend' || inputs.module == 'save-sandbox'
+        if: inputs.module == 'save-backend'
         run: |
           echo SAVE_AGENT_GRADLE_OPTS=-PsaveAgentPath=${{ github.workspace }}/save-agent >> $GITHUB_ENV
 

CONTRIBUTING.md

@@ -20,11 +20,11 @@ You can enable hot reload by passing `--continuous` flag.
 ## Spring Intellij Idea Ultimate plugin
 In order to make Spring Intellij Idea Ultimate plugin work properly, you need to set these active profiles in service's configuration:  
 
-|         | SaveApplication  | SaveGateway |   SaveOrchestrator   | SavePreprocessor |         SaveSandbox         |
-|:-------:|:----------------:|:-----------:|:--------------------:|:----------------:|:---------------------------:|
-|   Mac   | `mac,dev,secure` |  `mac,dev`  | `dev,mac,docker-tcp` |    `dev,mac`     | `dev,mac,docker-tcp,secure` | 
-| Windows |   `dev,secure`   |    `dev`    | `dev,win,docker-tcp` |      `dev`       | `dev,win,docker-tcp,secure` |
-|  Linux  |   `dev,secure`   |    `dev`    |   `dev,docker-tcp`   |      `dev`       |   `dev,docker-tcp,secure`   |
+|         | SaveApplication  | SaveGateway |   SaveOrchestrator   | SavePreprocessor |
+|:-------:|:----------------:|:-----------:|:--------------------:|:----------------:|
+|   Mac   | `mac,dev,secure` |  `mac,dev`  | `dev,mac,docker-tcp` |    `dev,mac`     |
+| Windows |   `dev,secure`   |    `dev`    | `dev,win,docker-tcp` |      `dev`       |
+|  Linux  |   `dev,secure`   |    `dev`    |   `dev,docker-tcp`   |      `dev`       |
 
 ### Mac M1 contributors
 In order to run `save-orchestrator` on Mac with M1 in order to make it run executions, in addition to `save-deploy/README.md` you need to 

README.md

@@ -13,24 +13,28 @@ Our key focus is to make life of developers who analyze code easier.
     - Use SAVE to create an **online demo for your analyzer** and set it up for your community's use;
     - Benchmarks Archive with the **list of popular benchmarks** (with a reference to [awesome-benchmarks](https://github.com/saveourtool/awesome-benchmarks)).
 
-2. **VULN** - A platform designed for the **reporting**, aggregation, and deduplication of one-day **vulnerabilities**.
+2. **COSV** - A platform designed for the **reporting**, aggregation, and deduplication of one-day **vulnerabilities**.
 
-Additionally, on our platform we host **contests** in the field of code analysis. 
+Additionally, on our platform we host **contests** in the field of code analysis.
 This provides an opportunity for you to submit your automated solutions for bug detection, and compete with other innovative projects.
 
 ## Links
 - Collection of Code Analyzers Demo: [Demo](https://saveourtool.com/demo)
 - Benchmarks Archive: [Benchmarks](https://saveourtool.com/awesome-benchmarks)
 - CI projects: [CI Projects](https://saveourtool.com/projects)
-- Vulnerabilities Collection: [1-day Vulnerabilities](https://saveourtool.com/vuln/list)
+- Vulnerabilities Collection: [1-day Vulnerabilities](https://cosv.gitlink.org.cn)
 
 ## Motivation
 - [Motivation of **SAVE** and more details](info/SaveMotivation.md)
 - Motivation of **VULN** and more details: TBD
 
 ## High-level perspective
+#### SAVE
 ![SAVE processing](https://user-images.githubusercontent.com/58667063/146387903-24ba9c91-a2a3-45e7-a07a-cb7bc388e4aa.jpg)
 
+#### COSV
+<img width="1306" alt="image" src="https://github.com/saveourtool/save-cloud/assets/58667063/008b0976-98c2-4195-bdf5-570a70b07827">
+
 ## Build and deploy
 To build the project and run all tests, execute `./gradlew build`. 
 

api-gateway/README.md

@@ -25,7 +25,6 @@ and performs some necessary filtering and header manipulation to ensure proper c
 The routes are defined based on specific URI paths:
  - `/sec/**` is not forwarded anywhere but `api-gateway`'s `SecurityInfoController`,
     which is responsible for `/sec/oauth-providers` endpoint
- - `/api/sandbox` is forwarded to `save-sandbox`
  - `/api/demo` is forwarded to `save-demo`
  - `/api/cpg` is forwarded to `save-cpg-demo`
  - `/api/**` is forwarded to `save-backend`

api-gateway/src/main/resources/application-dev.yml

@@ -9,8 +9,6 @@ gateway:
   frontend-cosv:
     # In the "dev" environment, the frontend-cosv uses TCP port 8081 when run using `webpack-dev-server` (i.e. `browserDevelopmentRun` or `run` Gradle task).
     url: http://localhost:8081
-  sandbox:
-    url: http://localhost:5400
   demo:
     url: http://localhost:5421
   demo-cpg:

api-gateway/src/main/resources/application.yml

@@ -11,8 +11,6 @@ gateway:
     url: http://frontend:5810
   frontend-cosv:
     url: http://frontend-cosv:5820
-  sandbox:
-    url: http://sandbox:5400
   demo:
     url: http://demo:5421
   demo-cpg:
@@ -31,14 +29,6 @@ spring:
   cloud:
     gateway:
       routes:
-        - id: sandbox-api_route
-          uri: ${gateway.sandbox.url}
-          predicates:
-            - Path=/api/sandbox/**
-          filters:
-            # If SESSION cookie is passed to downstream, it is then removed, because downstream discards it
-            - RemoveRequestHeader=Cookie
-            - AuthorizationHeaders=
         - id: demo-api_route
           uri: ${gateway.demo.url}
           predicates:

api-gateway/src/test/resources/application-dev.yml

@@ -4,8 +4,6 @@ gateway:
   frontend:
     # In the "dev" environment, the front-end uses TCP port 8080 when run using `webpack-dev-server` (i.e. `browserDevelopmentRun` or `run` Gradle task).
     url: http://localhost:8080
-  sandbox:
-    url: http://localhost:5400
   demo:
     url: http://localhost:5421
   demo-cpg:

authentication-service/src/main/kotlin/com/saveourtool/save/authservice/config/WebSecurityConfig.kt

@@ -97,7 +97,7 @@ class WebSecurityConfig(
             // they are not proxied from gateway.
             "/actuator/**",
             "/internal/**",
-            // Agents should communicate with sandbox without authorization
+            // Agents should communicate without authorization
             "/heartbeat",
             // `CollectionView` is a public page
             "/api/$v1/projects/by-filters",

buildSrc/src/main/kotlin/com/saveourtool/save/buildutils/DatabaseUtils.kt

@@ -23,7 +23,7 @@ data class DatabaseCredentials(
 }
 
 /**
- * @param projectName save-backend, save-sandbox or save-demo
+ * @param projectName save-backend or save-demo
  * @param profile a profile to get credentials for
  * @return an instance of [DatabaseCredentials] for [profile] in [projectName]
  */

buildSrc/src/main/kotlin/com/saveourtool/save/buildutils/DockerStackConfiguration.kt

@@ -30,11 +30,7 @@ fun Project.registerLiquibaseTask(profile: String) {
         relativeChangeLogFile = "db/db.changelog-master.xml",
         profile = profile
     )
-    val registerLiquibaseTaskSandbox = registerLiquibaseTask(
-        projectName = "save-sandbox",
-        relativeChangeLogFile = "save-sandbox/db/db.changelog-sandbox.xml",
-        profile = profile
-    )
+
     val registerLiquibaseTaskDemo = registerLiquibaseTask(
         projectName = "save-demo",
         relativeChangeLogFile = "save-demo/db/db.changelog-demo.xml",
@@ -48,7 +44,6 @@ fun Project.registerLiquibaseTask(profile: String) {
     tasks.register("liquibaseUpdate") {
         dependsOn(
             registerLiquibaseTaskBackend,
-            registerLiquibaseTaskSandbox,
             registerLiquibaseTaskDemo,
             registerLiquibaseTaskCosv,
         )
@@ -211,7 +206,6 @@ fun Project.createStackDeployTask(profile: String) {
                     FRONTEND_TAG=${defaultVersionOrProperty("frontend.dockerTag")}
                     GATEWAY_TAG=${defaultVersionOrProperty("gateway.dockerTag")}
                     ORCHESTRATOR_TAG=${defaultVersionOrProperty("orchestrator.dockerTag")}
-                    SANDBOX_TAG=${defaultVersionOrProperty("sandbox.dockerTag")}
                     PREPROCESSOR_TAG=${defaultVersionOrProperty("preprocessor.dockerTag")}
                     DEMO_TAG=${defaultVersionOrProperty("demo.dockerTag")}
                     PROFILE=$profile
@@ -248,7 +242,6 @@ fun Project.createStackDeployTask(profile: String) {
             Files.createDirectories(configsDir.resolve("backend"))
             Files.createDirectories(configsDir.resolve("gateway"))
             Files.createDirectories(configsDir.resolve("orchestrator"))
-            Files.createDirectories(configsDir.resolve("sandbox"))
             Files.createDirectories(configsDir.resolve("preprocessor"))
             Files.createDirectories(configsDir.resolve("demo"))
         }
@@ -331,7 +324,6 @@ fun Project.createStackDeployTask(profile: String) {
             "up",
             "-d",
             "orchestrator",
-            "sandbox",
             "backend",
             "frontend",
             "preprocessor",
@@ -351,7 +343,7 @@ fun Project.createStackDeployTask(profile: String) {
                     project(componentName).tasks.named<BootBuildImage>("bootBuildImage")
             dependsOn(buildTask)
             val serviceName = when (componentName) {
-                "save-backend", "save-frontend", "save-orchestrator", "save-sandbox", "save-preprocessor" -> "save_${componentName.substringAfter("save-")}"
+                "save-backend", "save-frontend", "save-orchestrator", "save-preprocessor" -> "save_${componentName.substringAfter("save-")}"
                 "api-gateway" -> "save_gateway"
                 else -> error("Wrong component name $componentName")
             }

docker-compose.yaml

@@ -33,26 +33,6 @@ services:
       labels:
         - "prometheus-job=save-orchestrator"
     logging: *loki-logging-jvm
-  sandbox:
-    image: ghcr.io/saveourtool/save-sandbox:${SANDBOX_TAG}
-    user: root  # to access host's docker socket
-    environment:
-      - "SPRING_PROFILES_ACTIVE=${PROFILE},secure,docker-secrets"
-    secrets:
-      - db_username
-      - db_password
-    ports:
-      - "5400:5400"
-    volumes:
-      - "/var/run/docker.sock:/var/run/docker.sock"
-      - /home/saveu/configs/sandbox:/home/cnb/config
-      - save-tmp-resources:/tmp
-    extra_hosts:
-      - "host.docker.internal:host-gateway"
-    deploy:
-      labels:
-        - "prometheus-job=save-sandbox"
-    logging: *loki-logging-jvm
   backend:
     image: ghcr.io/saveourtool/save-backend:${BACKEND_TAG}
     environment:

gradle/plugins/src/main/kotlin/com/saveourtool/save/buildutils/spring-boot-app-configuration.gradle.kts

@@ -33,7 +33,7 @@ tasks.withType<BootRun>().configureEach {
             os.isWindows -> append(",win")
             os.isMacOsX -> append(",mac")
         }
-        if (listOf("save-sandbox", "save-backend", "save-cosv").any { project.path.contains(it) }) {
+        if (listOf("save-backend", "save-cosv").any { project.path.contains(it) }) {
             append(",secure")
         }
     }

save-backend/src/main/kotlin/com/saveourtool/save/backend/controllers/vulnerability/event/VulnerabilityMetadataListener.kt

@@ -4,9 +4,10 @@ import com.saveourtool.save.backend.service.NotificationService
 import com.saveourtool.save.backend.service.UserDetailsService
 import com.saveourtool.save.domain.Role
 import com.saveourtool.save.entities.Notification
-import com.saveourtool.save.entities.cosv.VulnerabilityMetadata
-import com.saveourtool.save.entities.cosv.evententities.VulnerabilityMetadataEvent
 import com.saveourtool.save.entities.vulnerability.VulnerabilityStatus
+import com.saveourtool.save.entitiescosv.VulnerabilityMetadata
+import com.saveourtool.save.entitiescosv.evententities.VulnerabilityMetadataEvent
+
 import org.springframework.context.event.EventListener
 import org.springframework.stereotype.Component
 

save-backend/src/main/kotlin/com/saveourtool/save/backend/repository/ProjectProblemRepository.kt

@@ -1,7 +1,7 @@
 package com.saveourtool.save.backend.repository
 
 import com.saveourtool.save.entities.ProjectProblem
-import com.saveourtool.save.entities.cosv.VulnerabilityMetadata
+import com.saveourtool.save.entitiescosv.VulnerabilityMetadata
 import com.saveourtool.save.spring.repository.BaseEntityRepository
 import org.springframework.data.jpa.repository.Query
 import org.springframework.data.repository.query.Param

save-backend/src/main/kotlin/com/saveourtool/save/backend/service/ProjectProblemService.kt

@@ -55,7 +55,7 @@ class ProjectProblemService(
             name = problem.name,
             description = problem.description,
             critical = problem.critical,
-            vulnerabilityMetadata = vulnerabilityMetadata,
+            vulnerabilityMetadataId = vulnerabilityMetadata?.requiredId(),
             project = project,
             userId = user.requiredId(),
             isClosed = false,
@@ -75,7 +75,7 @@ class ProjectProblemService(
             description = projectProblemDto.description
             critical = projectProblemDto.critical
             isClosed = projectProblemDto.isClosed
-            this.vulnerabilityMetadata = vulnerabilityMetadata
+            this.vulnerabilityMetadataId = vulnerabilityMetadata?.requiredId()
         }
         projectProblemRepository.save(problem)
     }