All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.metaeffekt.artifact.analysis.vulnerability.enrichment.vulnerabilitystatus.validation.VulnerabilityStatusValidation Maven / Gradle / Ivy

There is a newer version: 0.132.0
Show newest version
/*
 * Copyright 2021-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.metaeffekt.artifact.analysis.vulnerability.enrichment.vulnerabilitystatus.validation;

import com.metaeffekt.artifact.enrichment.InventoryEnricher;
import lombok.Getter;
import org.metaeffekt.core.inventory.processor.model.AbstractModelBase;
import org.metaeffekt.core.inventory.processor.model.Artifact;
import org.metaeffekt.core.inventory.processor.model.Inventory;
import org.metaeffekt.core.inventory.processor.model.VulnerabilityMetaData;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;

@Getter
public class VulnerabilityStatusValidation {

    private final List anyArtifactExists = new ArrayList<>();
    private final List matchingArtifactExists = new ArrayList<>();
    private final List anyVulnerabilityExists = new ArrayList<>();
    private final List matchingVulnerabilityExists = new ArrayList<>();

    private final List anyArtifactNotExists = new ArrayList<>();
    private final List matchingArtifactNotExists = new ArrayList<>();
    private final List anyVulnerabilityNotExists = new ArrayList<>();
    private final List matchingVulnerabilityNotExists = new ArrayList<>();

    public void validateInventory(Inventory inventory, String onVulnerability) throws VulnerabilityStatusValidationException {
        if (inventory == null) {
            throw new VulnerabilityStatusValidationException("Inventory must not be null.");
        } else if (onVulnerability == null) {
            throw new VulnerabilityStatusValidationException("Vulnerability must not be null.");
        }

        if (!anyArtifactExists.isEmpty()) {
            boolean matches = false;
            for (Artifact artifact : inventory.getArtifacts()) {
                if (matchesAny(anyArtifactExists, artifact)) {
                    matches = true;
                    break;
                }
            }
            if (!matches) throw new VulnerabilityStatusValidationException("Validation failed on [any artifact exists]");
        }

        if (!matchingArtifactExists.isEmpty()) {
            boolean matches = false;
            for (Artifact artifact : inventory.getArtifacts()) {
                if (InventoryEnricher.splitVulnerabilitiesCsv(artifact.getVulnerability()).contains(onVulnerability)) {
                    if (matchesAny(matchingArtifactExists, artifact)) {
                        matches = true;
                        break;
                    }
                }
            }
            if (!matches) throw new VulnerabilityStatusValidationException("Validation failed on [matching artifact exists]");
        }

        if (!anyVulnerabilityExists.isEmpty()) {
            boolean matches = false;
            for (VulnerabilityMetaData vulnerabilityMetaData : inventory.getVulnerabilityMetaData()) {
                if (matchesAny(anyVulnerabilityExists, vulnerabilityMetaData)) {
                    matches = true;
                    break;
                }
            }
            if (!matches) throw new VulnerabilityStatusValidationException("Validation failed on [any vulnerability exists]");
        }

        if (!matchingVulnerabilityExists.isEmpty()) {
            boolean matches = false;
            for (VulnerabilityMetaData vulnerabilityMetaData : inventory.getVulnerabilityMetaData()) {
                if (onVulnerability.equals(vulnerabilityMetaData.get(VulnerabilityMetaData.Attribute.NAME))) {
                    if (matchesAny(matchingVulnerabilityExists, vulnerabilityMetaData)) {
                        matches = true;
                        break;
                    }
                }
            }
            if (!matches) {
                throw new VulnerabilityStatusValidationException("Validation failed on [matching vulnerability exists]");
            }
        }

        if (!anyArtifactNotExists.isEmpty()) {
            boolean matches = false;
            for (Artifact artifact : inventory.getArtifacts()) {
                if (matchesAny(anyArtifactNotExists, artifact)) {
                    matches = true;
                    break;
                }
            }
            if (matches) throw new VulnerabilityStatusValidationException("Validation failed on [any artifact not exists]");
        }

        if (!matchingArtifactNotExists.isEmpty()) {
            boolean matches = false;
            for (Artifact artifact : inventory.getArtifacts()) {
                if (InventoryEnricher.splitVulnerabilitiesCsv(artifact.getVulnerability()).contains(onVulnerability)) {
                    if (matchesAny(matchingArtifactNotExists, artifact)) {
                        matches = true;
                        break;
                    }
                }
            }
            if (matches) throw new VulnerabilityStatusValidationException("Validation failed on [matching artifact not exists]");
        }

        if (!anyVulnerabilityNotExists.isEmpty()) {
            boolean matches = false;
            for (VulnerabilityMetaData vulnerabilityMetaData : inventory.getVulnerabilityMetaData()) {
                if (matchesAny(anyVulnerabilityNotExists, vulnerabilityMetaData)) {
                    matches = true;
                    break;
                }
            }
            if (matches) throw new VulnerabilityStatusValidationException("Validation failed on [any vulnerability not exists]");
        }

        if (!matchingVulnerabilityNotExists.isEmpty()) {
            boolean matches = false;
            for (VulnerabilityMetaData vulnerabilityMetaData : inventory.getVulnerabilityMetaData()) {
                if (onVulnerability.equals(vulnerabilityMetaData.get(VulnerabilityMetaData.Attribute.NAME))) {
                    if (matchesAny(matchingVulnerabilityNotExists, vulnerabilityMetaData)) {
                        matches = true;
                        break;
                    }
                }
            }
            if (matches) throw new VulnerabilityStatusValidationException("Validation failed on [matching vulnerability not exists]");
        }
    }

    public boolean matchesAny(List validationEntries, AbstractModelBase model) {
        for (VulnerabilityStatusValidationEntry validationEntry : validationEntries) {
            if (!validationEntry.validate(model)) {
                return false;
            }
        }
        return true;
    }

    public static VulnerabilityStatusValidation fromYamlMap(Map yamlMap) {
        VulnerabilityStatusValidation validation = new VulnerabilityStatusValidation();

        createValidationEntries(validation.getAnyArtifactExists(), yamlMap, "any artifact", "exists");
        createValidationEntries(validation.getMatchingArtifactExists(), yamlMap, "matching artifact", "exists");
        createValidationEntries(validation.getAnyVulnerabilityExists(), yamlMap, "any vulnerability", "exists");
        createValidationEntries(validation.getMatchingVulnerabilityExists(), yamlMap, "matching vulnerability", "exists");

        createValidationEntries(validation.getAnyArtifactNotExists(), yamlMap, "any artifact", "not exists");
        createValidationEntries(validation.getMatchingArtifactNotExists(), yamlMap, "matching artifact", "not exists");
        createValidationEntries(validation.getAnyVulnerabilityNotExists(), yamlMap, "any vulnerability", "not exists");
        createValidationEntries(validation.getMatchingVulnerabilityNotExists(), yamlMap, "matching vulnerability", "not exists");

        return validation;
    }

    private static void createValidationEntries(List validation, Map yamlMap, String type, String exists) {
        if (yamlMap.containsKey(type)) {
            if (((Map) yamlMap.get(type)).containsKey(exists)) {
                validation.addAll(
                        VulnerabilityStatusValidationEntry.fromYamlList((List) ((Map) yamlMap.get(type)).get(exists))
                );
            }
        }
    }

    @Override
    public String toString() {
        return "VulnerabilityStatusValidation{" +
                "anyArtifactExists=" + anyArtifactExists.size() +
                ", matchingArtifactExists=" + matchingArtifactExists.size() +
                ", anyVulnerabilityExists=" + anyVulnerabilityExists.size() +
                ", matchingVulnerabilityExists=" + matchingVulnerabilityExists.size() +
                ", anyArtifactNotExists=" + anyArtifactNotExists.size() +
                ", matchingArtifactNotExists=" + matchingArtifactNotExists.size() +
                ", anyVulnerabilityNotExists=" + anyVulnerabilityNotExists.size() +
                ", matchingVulnerabilityNotExists=" + matchingVulnerabilityNotExists.size() +
                '}';
    }
}