• Home
• com.metaeffekt.artifact.analysis
• ae-artifact-analysis
• 0.132.0
• source code
• InventoryWarningEntry.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.metaeffekt.artifact.analysis.vulnerability.enrichment.warnings.InventoryWarningEntry Maven / Gradle / Ivy

/*
 * Copyright 2021-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.metaeffekt.artifact.analysis.vulnerability.enrichment.warnings;

import com.metaeffekt.artifact.analysis.vulnerability.enrichment.InventoryAttribute;
import org.json.JSONObject;
import org.metaeffekt.core.inventory.processor.model.AbstractModelBase;
import org.metaeffekt.core.inventory.processor.model.Artifact;
import org.metaeffekt.core.inventory.processor.model.Inventory;
import org.metaeffekt.core.inventory.processor.model.VulnerabilityMetaData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Collectors;

public class InventoryWarningEntry {

    private final static Logger LOG = LoggerFactory.getLogger(InventoryWarningEntry.class);

    public T source;
    public String warning;
    public String creator;

    public InventoryWarningEntry(T source, String warning, String creator) {
        if (source == null) {
            throw new IllegalArgumentException("Source must not be null");
        }
        this.source = source;
        this.warning = warning;
        this.creator = creator;
    }

    public T getSource() {
        return source;
    }

    public String getWarning() {
        return warning;
    }

    public String getCreator() {
        return creator;
    }

    public JSONObject toJson() {
        final String sourceName;

        if (source instanceof Artifact) {
            sourceName = ((Artifact) source).getId();
        } else if (source instanceof VulnerabilityMetaData) {
            sourceName = ((VulnerabilityMetaData) source).get(VulnerabilityMetaData.Attribute.NAME);
        } else {
            throw new IllegalStateException("Unknown source type: " + source.getClass() + ", add handling in " + InventoryWarningEntry.class + ".toJson()");
        }

        return new JSONObject()
                .put("source", sourceName)
                .put("warning", warning)
                .put("creator", creator);
    }

    public static  Map>> groupBySource(List> entries) {
        return entries.stream().collect(Collectors.groupingBy(InventoryWarningEntry::getSource));
    }

    public static  InventoryWarningEntry fromToJson(JSONObject json, Inventory inventory, InventoryFindable finder) {
        final String sourceString = json.getString("source");
        final T instance = finder.find(sourceString, inventory);
        final T effectiveInstance;

        if (instance == null) {
            LOG.warn("Could not find object with id " + sourceString + " when parsing inventory warnings, creating virtual object.");
            effectiveInstance = finder.create(sourceString);
        } else {
            effectiveInstance = instance;
        }

        return new InventoryWarningEntry<>(effectiveInstance,
                json.getString("warning"),
                json.getString("creator")
        );
    }

    private interface InventoryFindable {
        T find(String sourceString, Inventory inventory);

        T create(String sourceString);
    }

    public final static ArtifactFindable ARTIFACT_FINDABLE = new ArtifactFindable();
    public final static VulnerabilityMetaDataFindable VULNERABILITY_META_DATA_FINDABLE = new VulnerabilityMetaDataFindable();

    public static class ArtifactFindable implements InventoryFindable {
        @Override
        public Artifact find(String sourceString, Inventory inventory) {
            return inventory.findArtifact(sourceString);
        }

        @Override
        public Artifact create(String sourceString) {
            Artifact virtualArtifact = new Artifact();
            virtualArtifact.setId(sourceString);
            virtualArtifact.set(InventoryAttribute.DESCRIPTION.getKey(), "Virtual artifact created by the inventory warnings.");
            return virtualArtifact;
        }
    }

    public static class VulnerabilityMetaDataFindable implements InventoryFindable {
        @Override
        public VulnerabilityMetaData find(String sourceString, Inventory inventory) {
            return inventory.getVulnerabilityMetaData().stream()
                    .filter(v -> Objects.equals(v.get(VulnerabilityMetaData.Attribute.NAME), sourceString))
                    .findFirst()
                    .orElse(null);
        }

        @Override
        public VulnerabilityMetaData create(String sourceString) {
            VulnerabilityMetaData virtualVulnerability = new VulnerabilityMetaData();
            virtualVulnerability.set(VulnerabilityMetaData.Attribute.NAME, sourceString);
            virtualVulnerability.set(InventoryAttribute.DESCRIPTION.getKey(), "Virtual vulnerability created by the inventory warnings.");
            return virtualVulnerability;
        }
    }
}