Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/ensf-619-project/package-characterization-model-for-vulnerability-prediction

This project is a Code Vulnerability Prediction System designed to predict the likelihood of vulnerabilities in Maven dependencies by analyzing their metadata, versions and related CVEs (Common Vulnerabilities and Exposures).
https://github.com/ensf-619-project/package-characterization-model-for-vulnerability-prediction

machine-learning neo4j python reactjs

Last synced: 2 days ago
JSON representation

Host: GitHub
URL: https://github.com/ensf-619-project/package-characterization-model-for-vulnerability-prediction
Owner: ENSF-619-Project
License: mit
Created: 2024-11-05T19:44:02.000Z (3 months ago)
Default Branch: main
Last Pushed: 2024-12-17T01:27:51.000Z (about 1 month ago)
Last Synced: 2025-01-24T03:48:45.099Z (2 days ago)
Topics: machine-learning, neo4j, python, reactjs
Language: Python
Homepage:
Size: 57.4 MB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Package-Characterization-Model-for-Vulnerability-Prediction

ENSF 619 - Software Engineering for ML-based Systems - Fall 2024 - UofC

**Developers:** Saviour Olowato, Francesco Rosati.

## TECHNOLOGIES USED:

- **Front-end**: ReactJS, nodeJS, Jest;
- **Back-end**: Python, Neo4J, PyTest, FastAPI, Uvicorn;

## HOW TO RUN THE CODE VULNERABILITY PREDICTOR APPLICATION:

- Into the server folder:
- `pip install -r requirements.txt`
- `uvicorn server:app --reload`
- Into the client folder:
- `npm install`
- `npm start`

## HOW TO RUN THE TESTS:

- Into the client folder:
- `npm test` -> Components tests

- Into the server folder:
- `python3 -m pytest` -> Unit Tests

## SCREENSHOTS OF THE APPLICATION:

![main-page](docs/img/main-page.png)
![assessment-page](docs/img/assessment-page.png)

## REACT CLIENT APPLICATION ROUTES:

- Route `/`: This route loads the Home component, allowing the user to interact with the vulnerability prediction system by configuring various parameters such as URL, email and configuration files (POM).
- Route `/results`: This route loads the ResultsComponent component, displaying the prediction results, including any dependencies without CVEs.
- Route `*`: This route displays an error message if a known route is not found or the current route is wrong.

## API SERVER:

### Fetch Maven POM File:

__URL:__ `/api/fetchMavenPomFile`
__Method Type:__ GET
__Description:__ Fetches the Maven POM file from a given URL (GitHub or Maven repository). The URL is processed to determine whether it's a GitHub or Maven repository and constructs the raw URL for fetching the file.
__Request body:__
```
{
"url": "string" // The URL of the GitHub or Maven repository from which the POM file will be fetched.
}
```
__Response:__ `200 Ok`
__Response body:__
```
{
"content": "string" // The content of the POM file in XML format.
}
```
__Error responses:__

- `400 Bad Request`: Invalid URL provided.
- `404 Not Found`: Unable to find the POM file at the given URL.
- `500 Internal Server Error`: Error occurred during fetching or processing the file.

### Send Report By Email:

__URL:__ `/api/sendReportByEmail`
__Method Type:__ POST
__Description:__ Sends an email report based on the provided data, including subject and message. Uses Gmail’s SMTP server to send the email.
__Request body:__
```
{
"receiver": "string", // Receiver's email address
"subject": "string", // Subject of the email
"message": "string" // The message content of the email
}
```
__Response:__ `200 Ok`
__Response body:__
```
{
"message": "Email sent successfully!" // Confirmation that the email was sent
}
```
__Error responses:__

- `400 Bad Request`: Invalid email data provided.
- `500 Internal Server Error`: Error occurred while sending the email.

### Predict Vulnerabilities:

__URL:__ `/api/predictVulnerabilities`
__Method Type:__ POST
__Description:__ Predicts the vulnerabilities for a list of dependencies by receiving their group id, artifact id and version.
__Request body:__
```
[
{
"groupId": "string", // The groupId of the dependency
"artifactId": "string", // The artifactId of the dependency
"version": "string" // The version of the dependency
}
]
```
__Response:__ `200 Ok`
__Response body:__
```
[
{
"groupId": "string",
"artifactId": "string",
"version": "string"
}
]
```
__Error responses:__

- `400 Bad Request`: Invalid dependency data provided.
- `500 Internal Server Error`: Error occurred while predicting vulnerabilities.

### Fetch Latest Dependencies Without CVEs:

__URL:__ `/api/fetchLatestDependenciesWithoutCVEs`
__Method Type:__ POST
__Description:__ Fetches the latest dependencies from the Neo4j database that do not have any associated CVEs, by querying the database for dependencies with missing CVEs.
__Request body:__
```
[
{
"groupId": "string", // The groupId of the dependency
"artifactId": "string", // The artifactId of the dependency
"version": "string" // The version of the dependency
}
]
```
__Response:__ `200 Ok`
__Response body:__
```
[
{
"dependencyId": "string", // The identifier for the dependency
"version": "string", // The version of the dependency without CVEs
"release_date": "string" // The release timestamp of the dependency
}
]
```
__Error responses:__

- `400 Bad Request`: Invalid dependency data provided.
- `500 Internal Server Error`: Error occurred while fetching dependencies from the database.