• Home
• com.exasol
• project-keeper-core
• 4.5.0
• source code
• VulnerabilityInfoProvider.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.exasol.projectkeeper.dependencyupdate.VulnerabilityInfoProvider Maven / Gradle / Ivy

package com.exasol.projectkeeper.dependencyupdate;

import java.util.*;
import java.util.function.Predicate;

import com.exasol.errorreporting.ExaError;

import jakarta.json.bind.*;

/**
 * This class provides access to information about vulnerabilities in dependencies that are potentially fixed by
 * updating dependency versions.
 * 

 * The information is expected in system property {@code project-keeper:vulnerabilities} in JSONL format.
 */
// [impl->dsn~dependency-updater.read-vulnerability-info~1]
class VulnerabilityInfoProvider {

    static final String SYSTEM_PROPERTY_NAME = "project-keeper:vulnerabilities";
    private final Jsonb jsonb;

    VulnerabilityInfoProvider() {
        this.jsonb = JsonbBuilder.newBuilder().build();
    }

    List getVulnerabilities() {
        return readSystemProperty() //
                .map(this::parseVulnerabilities) //
                .orElseGet(Collections::emptyList);
    }

    private Optional readSystemProperty() {
        return Optional.ofNullable(System.getProperty(SYSTEM_PROPERTY_NAME));
    }

    private List parseVulnerabilities(final String jsonl) {
        return Arrays.stream(jsonl.split("\n")) //
                .map(String::trim) //
                .filter(Predicate.not(String::isEmpty)) //
                .map(this::parseSingleVulnerability) //
                .toList();
    }

    private Vulnerability parseSingleVulnerability(final String json) {
        try {
            return jsonb.fromJson(json, Vulnerability.class);
        } catch (final JsonbException exception) {
            throw new IllegalArgumentException(ExaError.messageBuilder("E-PK-CORE-180").message(
                    "Error parsing vulnerability info {{json}} as JSON from system property {{system property name}}: {{cause error message|uq}}",
                    json, SYSTEM_PROPERTY_NAME, exception.getMessage()).toString(), exception);
        }
    }
}