com.metaeffekt.artifact.enrichment.details.DetailsFillingEnrichmentCertSei Maven / Gradle / Ivy
The newest version!
/*
* Copyright 2021-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.metaeffekt.artifact.enrichment.details;
import com.metaeffekt.artifact.analysis.utils.LazySupplier;
import com.metaeffekt.artifact.analysis.utils.StringUtils;
import com.metaeffekt.artifact.enrichment.configurations.details.DetailsFillingAdvisorCertSeiInventoryEnrichmentConfiguration;
import com.metaeffekt.mirror.contents.advisory.AdvisoryEntry;
import com.metaeffekt.mirror.contents.advisory.CertSeiAdvisorEntry;
import com.metaeffekt.mirror.contents.base.DataSourceIndicator;
import com.metaeffekt.mirror.contents.base.VulnerabilityContextInventory;
import com.metaeffekt.mirror.contents.store.AdvisoryTypeStore;
import com.metaeffekt.mirror.contents.vulnerability.Vulnerability;
import com.metaeffekt.mirror.download.documentation.EnricherMetadata;
import com.metaeffekt.mirror.download.documentation.InventoryEnrichmentPhase;
import com.metaeffekt.mirror.query.CertSeiAdvisorIndexQuery;
import org.metaeffekt.core.inventory.processor.model.Inventory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.File;
import java.util.List;
@EnricherMetadata(
name = "CERT-SEI Advisor Details", phase = InventoryEnrichmentPhase.SECURITY_ADVISORY_MATCHING,
intermediateFileSuffix = "details-advisor-cert-sei", mavenPropertyName = "certSeiAdvisorEnrichment",
explicitConfiguration = DetailsFillingAdvisorCertSeiInventoryEnrichmentConfiguration.class
)
public class DetailsFillingEnrichmentCertSei extends DetailsFillingEnrichment {
private static final Logger LOG = LoggerFactory.getLogger(DetailsFillingEnrichmentCertSei.class);
private final LazySupplier certSeiAdvisorQuery;
public DetailsFillingEnrichmentCertSei(File baseMirrorDirectory) {
certSeiAdvisorQuery = new LazySupplier<>(() -> new CertSeiAdvisorIndexQuery(baseMirrorDirectory));
setConfiguration(new DetailsFillingAdvisorCertSeiInventoryEnrichmentConfiguration());
}
@Override
protected boolean isApplicable(Vulnerability vulnerability) {
return !vulnerability.getRelatedAdvisorsTypes().contains(AdvisoryTypeStore.CERT_SEI);
}
@Override
protected boolean isApplicable(AdvisoryEntry advisory) {
return advisory.getSourceIdentifier() == AdvisoryTypeStore.CERT_SEI && StringUtils.isEmpty(advisory.getSummary()) && advisory.getDescription().isEmpty();
}
@Override
protected void fillDetailsOnVulnerability(Inventory inventory, VulnerabilityContextInventory vInventory, Vulnerability queryVulnerability) {
final List advisorEntries = certSeiAdvisorQuery.get().findByReferencedId(queryVulnerability.getId());
if (advisorEntries.isEmpty()) {
return;
}
for (CertSeiAdvisorEntry advisoryEntry : advisorEntries) {
final AdvisoryEntry constructedAdvisory = vInventory.findOrCreateAdvisoryEntryByName(advisoryEntry.getId(), CertSeiAdvisorEntry::new);
constructedAdvisory.addMatchingSource(DataSourceIndicator.vulnerability(queryVulnerability));
queryVulnerability.addSecurityAdvisory(constructedAdvisory);
}
}
@Override
protected void fillDetailsOnAdvisory(Inventory inventory, VulnerabilityContextInventory vInventory, AdvisoryEntry queryAdvisory) {
final CertSeiAdvisorEntry foundAdvisory = certSeiAdvisorQuery.get().findById(queryAdvisory.getId());
if (foundAdvisory != null) {
queryAdvisory.appendFromDataClass(foundAdvisory);
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy