com.danielsomerfield.cvecheck.gradle.handlers.buildRules.CVSSOverallThresholdBuildRule.groovy Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of gradle-cve-dependency-check Show documentation

CVE Checking for Gradle

There is a newer version: 0.6.2-100

Show newest version

package com.danielsomerfield.cvecheck.gradle.handlers.buildRules

import com.danielsomerfield.cvecheck.ScanResult
import com.danielsomerfield.cvecheck.Vulnerability

import static com.danielsomerfield.cvecheck.gradle.handlers.buildRules.RuleOutcome.Failed
import static com.danielsomerfield.cvecheck.gradle.handlers.buildRules.RuleOutcome.Passed

class CVSSOverallThresholdBuildRule implements BuildRule {

  private float threshold;

  CVSSOverallThresholdBuildRule(BuildRuleConfiguration configuration) {
    //TODO: replace with default mechanism
    this.threshold = configuration.threshold.value
  }

  @Override
  RuleOutcome execute(final ScanResult result) {
    float cvss = result.vulnerabilities.inject(0f) { float sum, Vulnerability vuln -> new Float(sum + vuln.cvssScore()) }
    cvss > threshold ? Failed : Passed
  }

  @Override
  String getName() {
    "CVSS Overall Threshold"
  }
}