All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.metaeffekt.artifact.enrichment.validation.reason.ReasonIdentifier Maven / Gradle / Ivy

/*
 * Copyright 2021-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.metaeffekt.artifact.enrichment.validation.reason;

import com.metaeffekt.artifact.analysis.vulnerability.enrichment.InventoryAttribute;

public enum ReasonIdentifier {
    ADDITIONAL_CPE_NOT_EFFECTIVE("'" + InventoryAttribute.ADDITIONAL_CPE.getKey() + "' is not effective", "The artifact has at least one '" + InventoryAttribute.ADDITIONAL_CPE.getKey() + "' that does not appear in the effective CPE URIs.\nThis is most likely an error in a correlation file, where an '" + InventoryAttribute.INAPPLICABLE_CPE.getKey() + "' is specified on the same artifact that removes the CPE."),
    VULNERABILITY_HAS_MULTIPLE_ARTIFACT_VERSIONS("Vulnerability has multiple artifact versions", "The vulnerability has multiple artifact versions. In many cases, this is fine. Check manually however, if this is a problem."),
    ARTIFACT_AND_CPE_VERSIONS_DIFFER_GREATLY("Artifact and CPE versions differ greatly", "Possible version mismatch: Please ensure that the artifact versions are correct and compatible with the version range specified in the associated CPEs.\nIf there is a discrepancy, consider adjusting the artifact version or removing an incompatible CPE entry.\nKeep in mind that the CPE data from NVD may not always be up-to-date, which can sometimes lead to compatibility issues. This is therefore one of the validators that produces the most output."),
    VULNERABILITY_CONTAINS_ILLEGAL_CHARACTER("Vulnerability contains illegal character", "The vulnerability name contains an illegal character.\nFind the vulnerability identifier and trace it back to the source.\nCheck your status-, correlation- and custom vulnerability-files or even vulnerability providers.");

    private final String shortDescription;
    private final String longDescription;

    ReasonIdentifier(String shortDescription, String longDescription) {
        this.shortDescription = shortDescription;
        this.longDescription = longDescription;
    }

    public String getShortDescription() {
        return shortDescription;
    }

    public String getLongDescription() {
        return longDescription;
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy