• Home
• com.fortify.ssc.parser.util
• fortify-ssc-parser-util-cyclonedx
• 2.0.0.RELEASE
• source code
• CycloneDXParserPlugin.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.fortify.ssc.parser.cyclonedx.CycloneDXParserPlugin Maven / Gradle / Ivy

package com.fortify.ssc.parser.cyclonedx;

import java.io.IOException;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.fortify.plugin.api.ScanBuilder;
import com.fortify.plugin.api.ScanData;
import com.fortify.plugin.api.ScanEntry;
import com.fortify.plugin.api.ScanParsingException;
import com.fortify.plugin.api.VulnerabilityHandler;
import com.fortify.plugin.spi.ParserPlugin;
import com.fortify.ssc.parser.cyclonedx.parser.ScanParser;
import com.fortify.ssc.parser.cyclonedx.parser.VulnerabilitiesParser;
import com.fortify.util.ssc.parser.ScanEntryHelper;

/**
 * Main {@link ParserPlugin} implementation for parsing CycloneDX results; see
 * https://cyclonedx.org/ for the CycloneDX specification. This class simply defines 
 * the various parser plugin SPI methods; actual parsing is done by the appropriate 
 * dedicated parser classes.
 * 
 * @author Ruud Senden
 *
 */
public class CycloneDXParserPlugin implements ParserPlugin {
    private static final Logger LOG = LoggerFactory.getLogger(CycloneDXParserPlugin.class);

    @Override
    public void start() throws Exception {
        LOG.info("CycloneDX parser plugin is starting");
    }

    @Override
    public void stop() throws Exception {
        LOG.info("CycloneDX parser plugin is stopping");
    }

    @Override
    public Class getVulnerabilityAttributesClass() {
        return CustomVulnAttribute.class;
    }

    @Override
    public void parseScan(final ScanData scanData, final ScanBuilder scanBuilder) throws ScanParsingException, IOException {
        new ScanParser(scanData, getScanEntry(scanData), scanBuilder).parse();
    }

	@Override
	public void parseVulnerabilities(final ScanData scanData, final VulnerabilityHandler vulnerabilityHandler) throws ScanParsingException, IOException {
		new VulnerabilitiesParser(scanData, getScanEntry(scanData), vulnerabilityHandler).parse();
	}
	
	private final ScanEntry getScanEntry(final ScanData scanData) {
        return ScanEntryHelper.getScanEntryByName(scanData, this::isMatchingScanEntryName);
    }
	
	private final boolean isMatchingScanEntryName(String name) {
	    return name.endsWith(".cdx.json") || name.endsWith(".json");
	}
	
	
}