All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.metaeffekt.artifact.enrichment.vulnerability.VulnerabilityStatusPostProcessingEnrichment Maven / Gradle / Ivy

/*
 * Copyright 2021-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.metaeffekt.artifact.enrichment.vulnerability;

import com.metaeffekt.artifact.analysis.utils.LazySupplier;
import com.metaeffekt.artifact.analysis.vulnerability.enrichment.vulnerabilitystatus.VulnerabilityStatus;
import com.metaeffekt.artifact.analysis.vulnerability.enrichment.vulnerabilitystatus.VulnerabilityStatusHistoryEntry;
import com.metaeffekt.artifact.enrichment.InventoryEnricher;
import com.metaeffekt.artifact.enrichment.configurations.VulnerabilityStatusPostProcessingEnrichmentConfiguration;
import com.metaeffekt.mirror.contents.base.VulnerabilityContextInventory;
import com.metaeffekt.mirror.contents.vulnerability.Vulnerability;
import com.metaeffekt.mirror.download.documentation.EnricherMetadata;
import com.metaeffekt.mirror.download.documentation.InventoryEnrichmentPhase;
import com.metaeffekt.mirror.query.GhsaAdvisorIndexQuery;
import com.metaeffekt.mirror.query.MsrcProductIndexQuery;
import lombok.Setter;
import lombok.extern.slf4j.Slf4j;
import org.metaeffekt.core.inventory.processor.model.Inventory;

import java.io.File;

@Setter
@Slf4j
@EnricherMetadata(
        name = "Vulnerability Status Post Processing", phase = InventoryEnrichmentPhase.INVENTORY_POST_PROCESSING,
        intermediateFileSuffix = "status-post-processed", mavenPropertyName = "vulnerabilityStatusPostProcessingEnrichment"
)
public class VulnerabilityStatusPostProcessingEnrichment extends InventoryEnricher {

    private VulnerabilityStatusPostProcessingEnrichmentConfiguration configuration = new VulnerabilityStatusPostProcessingEnrichmentConfiguration();

    private final LazySupplier msrcProductIndexQuery;
    private final LazySupplier ghsaAdvisorIndexQuery;

    public VulnerabilityStatusPostProcessingEnrichment(File baseMirrorDirectory) {
        this.msrcProductIndexQuery = new LazySupplier<>(() -> new MsrcProductIndexQuery(baseMirrorDirectory));
        this.ghsaAdvisorIndexQuery = new LazySupplier<>(() -> new GhsaAdvisorIndexQuery(baseMirrorDirectory));
    }

    @Override
    public VulnerabilityStatusPostProcessingEnrichmentConfiguration getConfiguration() {
        return configuration;
    }

    @Override
    protected void performEnrichment(Inventory inventory) {
        final VulnerabilityContextInventory vInventory = VulnerabilityContextInventory.fromInventory(inventory);

        final VulnerabilityStatusPostProcessor processor = new VulnerabilityStatusPostProcessor();
        processor.setMsrcProductIndexQuery(this.msrcProductIndexQuery);
        processor.setGhsaAdvisorIndexQuery(this.ghsaAdvisorIndexQuery);

        for (Vulnerability vulnerability : vInventory.getVulnerabilities()) {
            final VulnerabilityStatus assessmentStatus = vulnerability.getVulnerabilityStatus();
            if (assessmentStatus == null) {
                continue;
            }

            for (VulnerabilityStatusHistoryEntry historyEntry : assessmentStatus.getStatusHistory()) {
                processor.resolveVariablesHandler(vInventory, vulnerability, historyEntry.getMeasures(), historyEntry::setMeasures);
                processor.resolveVariablesHandler(vInventory, vulnerability, historyEntry.getRisk(), historyEntry::setRisk);
                processor.resolveVariablesHandler(vInventory, vulnerability, historyEntry.getRationale(), historyEntry::setRationale);
                processor.resolveVariablesHandler(vInventory, vulnerability, historyEntry.getAuthor(), historyEntry::setAuthor);
            }

            processor.resolveVariablesHandler(vInventory, vulnerability, assessmentStatus.getReportedDate(), assessmentStatus::setReportedDate);
        }

        vInventory.writeBack(true);
    }
}




© 2015 - 2025 Weber Informatics LLC | Privacy Policy