• Home
• com.metaeffekt.artifact.analysis
• ae-artifact-analysis
• 0.132.0
• source code
• InventoryWarnings.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.metaeffekt.artifact.analysis.vulnerability.enrichment.warnings.InventoryWarnings Maven / Gradle / Ivy

/*
 * Copyright 2021-2024 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.metaeffekt.artifact.analysis.vulnerability.enrichment.warnings;

import com.metaeffekt.artifact.analysis.utils.StringUtils;
import org.json.JSONArray;
import org.json.JSONObject;
import org.metaeffekt.core.inventory.processor.model.Artifact;
import org.metaeffekt.core.inventory.processor.model.Inventory;
import org.metaeffekt.core.inventory.processor.model.InventoryInfo;
import org.metaeffekt.core.inventory.processor.model.VulnerabilityMetaData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.WeakHashMap;

public class InventoryWarnings {

    private final static Logger LOG = LoggerFactory.getLogger(InventoryWarnings.class);

    public final static String CORRELATION_WARNINGS_INVENTORY_INFO_ROW_KEY = "correlation-warnings";
    public final static String CORRELATION_WARNINGS_INVENTORY_INFO_COL_WARNINGS_KEY = "Warnings";

    private final Inventory inventory;
    private final InventoryInfo inventoryInfo;

    private final List sourcelessWarnings = new ArrayList<>();
    private final List> artifactWarnings = new ArrayList<>();
    private final List> vulnerabilityWarnings = new ArrayList<>();

    private final static Map CACHE = new WeakHashMap<>();

    public static InventoryWarnings fromInventory(Inventory inventory) {
        if (CACHE.containsKey(inventory)) {
            return CACHE.get(inventory);
        }
        final InventoryWarnings warnings = new InventoryWarnings(inventory);
        CACHE.put(inventory, warnings);
        return warnings;
    }

    public InventoryWarnings(Inventory inventory) {
        if (CACHE.containsKey(inventory)) {
            LOG.warn("InventoryWarnings already initialized on inventory [{}]. Consider using fromInventory(Inventory) instead.", inventory);
        }
        this.inventory = inventory;
        this.inventoryInfo = inventory.findOrCreateInventoryInfo(CORRELATION_WARNINGS_INVENTORY_INFO_ROW_KEY);

        parse();
        applyChanges();
    }

    public boolean hasData() {
        return !artifactWarnings.isEmpty() || !vulnerabilityWarnings.isEmpty() || !sourcelessWarnings.isEmpty();
    }

    private void parse() {
        if (StringUtils.isEmpty(inventoryInfo.get(CORRELATION_WARNINGS_INVENTORY_INFO_COL_WARNINGS_KEY))) {
            applyChanges();
            return;
        }

        try {
            final JSONObject json = new JSONObject(inventoryInfo.get(CORRELATION_WARNINGS_INVENTORY_INFO_COL_WARNINGS_KEY));

            if (json.optJSONArray("artifactWarnings") != null) {
                final JSONArray artifactWarnings = json.getJSONArray("artifactWarnings");
                for (int i = 0; i < artifactWarnings.length(); i++) {
                    final JSONObject artifactWarning = artifactWarnings.getJSONObject(i);

                    final InventoryWarningEntry entry = InventoryWarningEntry.fromToJson(artifactWarning, inventory, InventoryWarningEntry.ARTIFACT_FINDABLE);
                    this.artifactWarnings.add(entry);
                }
            } else if (json.optJSONObject("artifactWarnings") != null) {
                LOG.warn("Artifact warnings are not an array. You cannot parse the legacy format. Please re-run enrichment pipeline for this inventory.");
            }

            if (json.optJSONArray("vulnerabilityWarnings") != null) {
                final JSONArray vulnerabilityWarnings = json.optJSONArray("vulnerabilityWarnings");
                for (int i = 0; i < vulnerabilityWarnings.length(); i++) {
                    final JSONObject vulnerabilityWarning = vulnerabilityWarnings.getJSONObject(i);

                    final InventoryWarningEntry entry = InventoryWarningEntry.fromToJson(vulnerabilityWarning, inventory, InventoryWarningEntry.VULNERABILITY_META_DATA_FINDABLE);
                    this.vulnerabilityWarnings.add(entry);
                }
            } else if (json.optJSONObject("vulnerabilityWarnings") != null) {
                LOG.warn("Vulnerability warnings are not an array. You cannot parse the legacy format. Please re-run enrichment pipeline for this inventory.");
            }

            if (json.optJSONArray("sourcelessWarnings") != null) {
                final JSONArray sourcelessWarnings = json.getJSONArray("sourcelessWarnings");
                for (int i = 0; i < sourcelessWarnings.length(); i++) {
                    final String warning = sourcelessWarnings.getString(i);
                    this.sourcelessWarnings.add(warning);
                }
            }

        } catch (Exception e) {
            LOG.error("Failed to parse correlation warnings.", e);
            throw new RuntimeException("Failed to parse correlation warnings from inventory: " + e.getMessage() + "\n" + inventoryInfo.get(CORRELATION_WARNINGS_INVENTORY_INFO_COL_WARNINGS_KEY), e);
        }
    }

    private void applyChanges() {
        if (!hasData()) {
            inventory.getInventoryInfo().remove(inventoryInfo);
            inventory.getInventoryInfo().removeIf(i -> i.get(InventoryInfo.Attribute.ID).equals(CORRELATION_WARNINGS_INVENTORY_INFO_ROW_KEY));
            return;
        } else if (!inventory.getInventoryInfo().contains(inventoryInfo)) {
            inventory.getInventoryInfo().add(inventoryInfo);
        }

        final JSONObject json = new JSONObject();

        final JSONArray artifactWarnings = new JSONArray();
        for (final InventoryWarningEntry entry : this.artifactWarnings) {
            artifactWarnings.put(entry.toJson());
        }
        json.put("artifactWarnings", artifactWarnings);

        final JSONArray vulnerabilityWarnings = new JSONArray();
        for (final InventoryWarningEntry entry : this.vulnerabilityWarnings) {
            vulnerabilityWarnings.put(entry.toJson());
        }
        json.put("vulnerabilityWarnings", vulnerabilityWarnings);

        json.put("sourcelessWarnings", sourcelessWarnings);

        inventoryInfo.set(CORRELATION_WARNINGS_INVENTORY_INFO_COL_WARNINGS_KEY, json.toString());
    }

    public void addSourcelessWarning(String warning) {
        sourcelessWarnings.add(warning);
        applyChanges();
    }

    public void addArtifactWarning(InventoryWarningEntry warning) {
        this.artifactWarnings.add(warning);
        applyChanges();
    }

    public void addVulnerabilityWarning(InventoryWarningEntry warning) {
        this.vulnerabilityWarnings.add(warning);
        applyChanges();
    }

    public List> getArtifactWarnings() {
        return artifactWarnings;
    }

    public List> getVulnerabilityWarnings() {
        return vulnerabilityWarnings;
    }

    public List getSourcelessWarnings() {
        return sourcelessWarnings;
    }
}