All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.metaeffekt.artifact.enrichment.other.timeline.VulnerabilityTimelineGeneratorResult Maven / Gradle / Ivy

/*
 * Copyright 2021-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.metaeffekt.artifact.enrichment.other.timeline;

import com.metaeffekt.artifact.analysis.vulnerability.CommonEnumerationUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.tuple.Pair;
import org.metaeffekt.core.inventory.processor.model.Artifact;
import us.springett.parsers.cpe.Cpe;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;

@Slf4j
public class VulnerabilityTimelineGeneratorResult {

    private final List timelines;

    public VulnerabilityTimelineGeneratorResult(List timelines) {
        if (timelines == null) {
            log.warn("timelines is null in {}. Creating empty list.", getClass().getSimpleName());
            this.timelines = new ArrayList<>();
        } else {
            this.timelines = timelines.stream().filter(Objects::nonNull).collect(Collectors.toList());
        }
    }

    public VulnerabilityTimelineGeneratorResult() {
        this.timelines = new ArrayList<>();
    }

    public List getTimelinesForArtifact(Artifact artifact, String vulnerabilityId) {
        if (vulnerabilityId == null) {
            log.warn("vulnerabilityId is null in {}. Returning empty list for artifact {}", getClass().getSimpleName(), artifact != null ? artifact.getId() : null);
            return new ArrayList<>();
        }

        final List cpeUrisOnArtifact = CommonEnumerationUtil.parseEffectiveCpe(artifact);
        final List> vendorProductsOnArtifact = CommonEnumerationUtil.getVendorProducts(cpeUrisOnArtifact);

        final List result = new ArrayList<>();

        for (VulnerabilityTimeline timeline : timelines) {
            if (timeline == null) continue;
            if (timeline.containsVulnerability(vulnerabilityId)) {
                addTimelineToResultWhenMatching(timeline, vendorProductsOnArtifact, result);
            }
        }

        if (result.isEmpty()) {
            // return first that matches the vendor product
            for (VulnerabilityTimeline timeline : timelines) {
                if (timeline == null) continue;
                addTimelineToResultWhenMatching(timeline, vendorProductsOnArtifact, result);
            }

            // limit to 2
            if (result.size() > 2) {
                result.subList(2, result.size()).clear();
            }
        }

        return result;
    }

    private void addTimelineToResultWhenMatching(VulnerabilityTimeline timeline,
                                                 List> vendorProductsOnArtifact, List result) {
        if (timeline == null) return;

        final String vendor = timeline.getVendor();
        final String product = timeline.getProduct();
        if (vendor != null && product != null) {
            for (final Pair vp : vendorProductsOnArtifact) {
                if (vendor.equals(vp.getLeft()) && product.equals(vp.getRight())) {
                    result.add(timeline);
                    break;
                }
            }
        }
    }

    public List getTimelinesForArtifacts(Collection artifacts, String vulnerabilityId) {
        final List result = new ArrayList<>();
        for (Artifact artifact : artifacts) {
            result.addAll(getTimelinesForArtifact(artifact, vulnerabilityId));
        }
        return result.stream()
                .distinct()
                .collect(Collectors.toList());
    }

    public List getTimelines() {
        return timelines;
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy