feat: update to use new Delphi issue schema

Author: AlexTMjugador

apps/labrinth/migrations/20250810155316_delphi-reports.sql

@@ -1,4 +1,4 @@
-CREATE TYPE delphi_report_severity AS ENUM ('low', 'medium', 'high', 'severe');
+CREATE TYPE delphi_severity AS ENUM ('low', 'medium', 'high', 'severe');
 
 CREATE TYPE delphi_report_issue_status AS ENUM ('pending', 'approved', 'rejected');
 
@@ -11,7 +11,7 @@ CREATE TABLE delphi_reports (
 	delphi_version INTEGER NOT NULL,
 	artifact_url VARCHAR(2048) NOT NULL,
 	created TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP NOT NULL,
-	severity DELPHI_REPORT_SEVERITY NOT NULL,
+	severity DELPHI_SEVERITY NOT NULL,
 	UNIQUE (file_id, delphi_version)
 );
 CREATE INDEX delphi_version ON delphi_reports (delphi_version);
@@ -29,16 +29,18 @@ CREATE TABLE delphi_report_issues (
 );
 CREATE INDEX delphi_report_issue_by_status_and_type ON delphi_report_issues (status, issue_type);
 
--- A Java class affected by a Delphi report issue. Every affected
--- Java class belongs to a specific issue, and an issue can have zero,
--- one, or more affected classes. (Some issues may be artifact-wide,
+-- The details of a Delphi report issue, which contain data about a
+-- Java class affected by it. Every Delphi report issue details object
+-- belongs to a specific issue, and an issue can have zero, one, or
+-- more details attached to it. (Some issues may be artifact-wide,
 -- or otherwise not really specific to any particular class.)
-CREATE TABLE delphi_report_issue_java_classes (
+CREATE TABLE delphi_report_issue_details (
 	id BIGINT PRIMARY KEY GENERATED ALWAYS AS IDENTITY,
 	issue_id BIGINT NOT NULL REFERENCES delphi_report_issues (id)
 		ON DELETE CASCADE
 		ON UPDATE CASCADE,
 	internal_class_name TEXT NOT NULL,
 	decompiled_source TEXT,
-	UNIQUE (issue_id, internal_class_name)
+	data JSONB NOT NULL,
+	severity DELPHI_SEVERITY NOT NULL
 );

apps/labrinth/src/database/models/delphi_report_item.rs

@@ -1,14 +1,16 @@
 use std::{
+    collections::HashMap,
     fmt::{self, Display, Formatter},
     ops::Deref,
 };
 
 use chrono::{DateTime, Utc};
 use serde::{Deserialize, Serialize};
+use sqlx::types::Json;
 
 use crate::database::models::{
-    DBFileId, DBProjectId, DatabaseError, DelphiReportId, DelphiReportIssueId,
-    DelphiReportIssueJavaClassId,
+    DBFileId, DBProjectId, DatabaseError, DelphiReportId,
+    DelphiReportIssueDetailsId, DelphiReportIssueId,
 };
 
 /// A Delphi malware analysis report for a project version file.
@@ -25,7 +27,7 @@ pub struct DBDelphiReport {
     pub delphi_version: i32,
     pub artifact_url: String,
     pub created: DateTime<Utc>,
-    pub severity: DelphiReportSeverity,
+    pub severity: DelphiSeverity,
 }
 
 impl DBDelphiReport {
@@ -44,20 +46,20 @@ impl DBDelphiReport {
             self.file_id as Option<DBFileId>,
             self.delphi_version,
             self.artifact_url,
-            self.severity as DelphiReportSeverity,
+            self.severity as DelphiSeverity,
         )
         .fetch_one(&mut **transaction)
         .await?))
     }
 }
 
-/// A severity level for a Delphi report.
+/// A severity level reported by Delphi.
 #[derive(
     Deserialize, Serialize, Debug, Clone, Copy, PartialEq, Eq, Hash, sqlx::Type,
 )]
 #[serde(rename_all = "UPPERCASE")]
-#[sqlx(type_name = "delphi_report_severity", rename_all = "snake_case")]
-pub enum DelphiReportSeverity {
+#[sqlx(type_name = "delphi_severity", rename_all = "snake_case")]
+pub enum DelphiSeverity {
     Low,
     Medium,
     High,
@@ -122,7 +124,7 @@ impl Display for DelphiReportListOrder {
 pub struct DelphiReportIssueResult {
     pub issue: DBDelphiReportIssue,
     pub report: DBDelphiReport,
-    pub java_classes: Vec<DBDelphiReportIssueJavaClass>,
+    pub details: Vec<DBDelphiReportIssueDetails>,
     pub project_id: Option<DBProjectId>,
     pub project_published: Option<DateTime<Utc>>,
 }
@@ -164,11 +166,11 @@ impl DBDelphiReportIssue {
                 issue_type,
                 delphi_report_issues.status AS "status: DelphiReportIssueStatus",
 
-                file_id, delphi_version, artifact_url, created, severity AS "severity: DelphiReportSeverity",
-                json_array(SELECT to_jsonb(delphi_report_issue_java_classes)
-                    FROM delphi_report_issue_java_classes
+                file_id, delphi_version, artifact_url, created, severity AS "severity: DelphiSeverity",
+                json_array(SELECT to_jsonb(delphi_report_issue_details)
+                    FROM delphi_report_issue_details
                     WHERE issue_id = delphi_report_issues.id
-                ) AS "classes: sqlx::types::Json<Vec<DBDelphiReportIssueJavaClass>>",
+                ) AS "details: sqlx::types::Json<Vec<DBDelphiReportIssueDetails>>",
                 versions.mod_id AS "project_id?", mods.published AS "project_published?"
             FROM delphi_report_issues
             INNER JOIN delphi_reports ON delphi_reports.id = report_id
@@ -182,8 +184,8 @@ impl DBDelphiReportIssue {
                 CASE WHEN $3 = 'created_asc' THEN delphi_reports.created ELSE TO_TIMESTAMP(0) END ASC,
                 CASE WHEN $3 = 'created_desc' THEN delphi_reports.created ELSE TO_TIMESTAMP(0) END DESC,
                 CASE WHEN $3 = 'pending_status_first' THEN delphi_report_issues.status ELSE 'pending'::delphi_report_issue_status END ASC,
-                CASE WHEN $3 = 'severity_asc' THEN delphi_reports.severity ELSE 'low'::delphi_report_severity END ASC,
-                CASE WHEN $3 = 'severity_desc' THEN delphi_reports.severity ELSE 'low'::delphi_report_severity END DESC
+                CASE WHEN $3 = 'severity_asc' THEN delphi_reports.severity ELSE 'low'::delphi_severity END ASC,
+                CASE WHEN $3 = 'severity_desc' THEN delphi_reports.severity ELSE 'low'::delphi_severity END DESC
             OFFSET $5
             LIMIT $4
             "#,
@@ -208,10 +210,10 @@ impl DBDelphiReportIssue {
                 created: row.created,
                 severity: row.severity,
             },
-            java_classes: row
-                .classes
+            details: row
+                .details
                 .into_iter()
-                .flat_map(|class_list| class_list.0)
+                .flat_map(|details_list| details_list.0)
                 .collect(),
             project_id: row.project_id.map(DBProjectId),
             project_published: row.project_published,
@@ -221,37 +223,54 @@ impl DBDelphiReportIssue {
     }
 }
 
-/// A Java class affected by a Delphi report issue. Every affected
-/// Java class belongs to a specific issue, and an issue can have zero,
-/// one, or more affected classes. (Some issues may be artifact-wide,
+/// The details of a Delphi report issue, which contain data about a
+/// Java class affected by it. Every Delphi report issue details object
+/// belongs to a specific issue, and an issue can have zero, one, or
+/// more details attached to it. (Some issues may be artifact-wide,
 /// or otherwise not really specific to any particular class.)
 #[derive(Debug, Deserialize, Serialize)]
-pub struct DBDelphiReportIssueJavaClass {
-    pub id: DelphiReportIssueJavaClassId,
+pub struct DBDelphiReportIssueDetails {
+    pub id: DelphiReportIssueDetailsId,
     pub issue_id: DelphiReportIssueId,
     pub internal_class_name: InternalJavaClassName,
     pub decompiled_source: Option<DecompiledJavaClassSource>,
+    pub data: Json<HashMap<String, serde_json::Value>>,
+    pub severity: DelphiSeverity,
 }
 
-impl DBDelphiReportIssueJavaClass {
-    pub async fn upsert(
+impl DBDelphiReportIssueDetails {
+    pub async fn insert(
         &self,
         transaction: &mut sqlx::Transaction<'_, sqlx::Postgres>,
-    ) -> Result<DelphiReportIssueJavaClassId, DatabaseError> {
-        Ok(DelphiReportIssueJavaClassId(sqlx::query_scalar!(
+    ) -> Result<DelphiReportIssueDetailsId, DatabaseError> {
+        Ok(DelphiReportIssueDetailsId(sqlx::query_scalar!(
             "
-            INSERT INTO delphi_report_issue_java_classes (issue_id, internal_class_name, decompiled_source)
-            VALUES ($1, $2, $3)
-            ON CONFLICT (issue_id, internal_class_name) DO UPDATE SET decompiled_source = $3
+            INSERT INTO delphi_report_issue_details (issue_id, internal_class_name, decompiled_source, data, severity)
+            VALUES ($1, $2, $3, $4, $5)
             RETURNING id
             ",
             self.issue_id as DelphiReportIssueId,
             self.internal_class_name.0,
             self.decompiled_source.as_ref().map(|decompiled_source| &decompiled_source.0),
+            &self.data as &Json<HashMap<String, serde_json::Value>>,
+            self.severity as DelphiSeverity,
         )
         .fetch_one(&mut **transaction)
         .await?))
     }
+
+    pub async fn remove_all_by_issue_id(
+        issue_id: DelphiReportIssueId,
+        transaction: &mut sqlx::Transaction<'_, sqlx::Postgres>,
+    ) -> Result<u64, DatabaseError> {
+        Ok(sqlx::query!(
+            "DELETE FROM delphi_report_issue_details WHERE issue_id = $1",
+            issue_id as DelphiReportIssueId,
+        )
+        .execute(&mut **transaction)
+        .await?
+        .rows_affected())
+    }
 }
 
 /// A [Java class name] with dots replaced by forward slashes (/).

apps/labrinth/src/database/models/ids.rs

@@ -281,4 +281,4 @@ id_type!(ReportTypeId as i32);
 id_type!(StatusId as i32);
 id_type!(DelphiReportId as i64);
 id_type!(DelphiReportIssueId as i64);
-id_type!(DelphiReportIssueJavaClassId as i64);
+id_type!(DelphiReportIssueDetailsId as i64);

apps/labrinth/src/routes/internal/delphi.rs

@@ -12,13 +12,13 @@ use crate::{
     auth::check_is_moderator_from_headers,
     database::{
         models::{
-            DBFileId, DelphiReportId, DelphiReportIssueId,
-            DelphiReportIssueJavaClassId,
+            DBFileId, DelphiReportId, DelphiReportIssueDetailsId,
+            DelphiReportIssueId,
             delphi_report_item::{
                 DBDelphiReport, DBDelphiReportIssue,
-                DBDelphiReportIssueJavaClass, DecompiledJavaClassSource,
-                DelphiReportIssueStatus, DelphiReportListOrder,
-                DelphiReportSeverity, InternalJavaClassName,
+                DBDelphiReportIssueDetails, DecompiledJavaClassSource,
+                DelphiReportIssueStatus, DelphiReportListOrder, DelphiSeverity,
+                InternalJavaClassName,
             },
         },
         redis::RedisPool,
@@ -59,6 +59,14 @@ static DELPHI_CLIENT: LazyLock<reqwest::Client> = LazyLock::new(|| {
         .unwrap()
 });
 
+#[derive(Deserialize)]
+struct DelphiReportIssueDetails {
+    pub internal_class_name: InternalJavaClassName,
+    pub decompiled_source: Option<DecompiledJavaClassSource>,
+    pub data: HashMap<String, serde_json::Value>,
+    pub severity: DelphiSeverity,
+}
+
 #[derive(Deserialize)]
 struct DelphiReport {
     pub url: String,
@@ -69,11 +77,8 @@ struct DelphiReport {
     /// A sequential, monotonically increasing version number for the
     /// Delphi version that generated this report.
     pub delphi_version: i32,
-    pub issues: HashMap<
-        String,
-        HashMap<InternalJavaClassName, Option<DecompiledJavaClassSource>>,
-    >,
-    pub severity: DelphiReportSeverity,
+    pub issues: HashMap<String, Vec<DelphiReportIssueDetails>>,
+    pub severity: DelphiSeverity,
 }
 
 impl DelphiReport {
@@ -88,12 +93,19 @@ impl DelphiReport {
             format!("⚠️ Suspicious traces found at {}", self.url);
 
         for (issue, trace) in &self.issues {
-            for (class, code) in trace {
-                let code = code.as_deref().map(|code| &**code);
+            for DelphiReportIssueDetails {
+                internal_class_name,
+                decompiled_source,
+                ..
+            } in trace
+            {
                 write!(
                     &mut message_header,
-                    "\n issue {issue} found at class `{class}`:\n```\n{}\n```",
-                    code.unwrap_or("No decompiled source available")
+                    "\n issue {issue} found at class `{internal_class_name}`:\n```\n{}\n```",
+                    decompiled_source.as_ref().map_or(
+                        "No decompiled source available",
+                        |decompiled_source| &**decompiled_source
+                    )
                 )
                 .ok();
             }
@@ -141,7 +153,7 @@ async fn ingest_report(
     .upsert(&mut transaction)
     .await?;
 
-    for (issue_type, issue_java_classes) in report.issues {
+    for (issue_type, issue_details) in report.issues {
         let issue_id = DBDelphiReportIssue {
             id: DelphiReportIssueId(0), // This will be set by the database
             report_id,
@@ -151,14 +163,23 @@ async fn ingest_report(
         .upsert(&mut transaction)
         .await?;
 
-        for (internal_class_name, decompiled_source) in issue_java_classes {
-            DBDelphiReportIssueJavaClass {
-                id: DelphiReportIssueJavaClassId(0), // This will be set by the database
+        // This is required to handle the case where the same Delphi version is re-run on the same file
+        DBDelphiReportIssueDetails::remove_all_by_issue_id(
+            issue_id,
+            &mut transaction,
+        )
+        .await?;
+
+        for issue_detail in issue_details {
+            DBDelphiReportIssueDetails {
+                id: DelphiReportIssueDetailsId(0), // This will be set by the database
                 issue_id,
-                internal_class_name,
-                decompiled_source,
+                internal_class_name: issue_detail.internal_class_name,
+                decompiled_source: issue_detail.decompiled_source,
+                data: issue_detail.data.into(),
+                severity: issue_detail.severity,
             }
-            .upsert(&mut transaction)
+            .insert(&mut transaction)
             .await?;
         }
     }