• Home
• com.metaeffekt.artifact.analysis
• ae-artifact-analysis
• 0.132.0
• source code
• KevEnrichment.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.metaeffekt.artifact.enrichment.other.KevEnrichment Maven / Gradle / Ivy

package com.metaeffekt.artifact.enrichment.other;

import com.metaeffekt.artifact.analysis.utils.LazySupplier;
import com.metaeffekt.artifact.enrichment.InventoryEnricher;
import com.metaeffekt.artifact.enrichment.configurations.KevEnrichmentConfiguration;
import com.metaeffekt.mirror.contents.base.VulnerabilityContextInventory;
import com.metaeffekt.mirror.contents.vulnerability.Vulnerability;
import com.metaeffekt.mirror.download.documentation.EnricherMetadata;
import com.metaeffekt.mirror.download.documentation.InventoryEnrichmentPhase;
import com.metaeffekt.mirror.query.KevIndexQuery;
import lombok.Setter;
import lombok.extern.slf4j.Slf4j;
import org.metaeffekt.core.inventory.processor.model.Inventory;

import java.io.File;
import java.util.LinkedHashSet;
import java.util.Set;

@Slf4j
@EnricherMetadata(
        name = "KEV Enrichment", phase = InventoryEnrichmentPhase.VULNERABILITY_PRIORITIZATION,
        intermediateFileSuffix = "kev", mavenPropertyName = "kevEnrichment"
)
public class KevEnrichment extends InventoryEnricher {

    private final LazySupplier kevIndexQueryLazySupplier;

    @Setter
    private KevEnrichmentConfiguration configuration = new KevEnrichmentConfiguration();

    public KevEnrichment(File baseMirrorDirectory) {
        kevIndexQueryLazySupplier = new LazySupplier<>(() -> new KevIndexQuery(baseMirrorDirectory));
    }

    @Override
    public KevEnrichmentConfiguration getConfiguration() {
        return configuration;
    }

    @Override
    protected void performEnrichment(Inventory inventory) {
        final VulnerabilityContextInventory vInventory = VulnerabilityContextInventory.fromInventory(inventory);
        final KevIndexQuery kevIndexQuery = kevIndexQueryLazySupplier.get();

        final Set foundKevFromVulnerabilities = new LinkedHashSet<>();
        for (final Vulnerability vulnerability : vInventory.getVulnerabilities()) {
            kevIndexQuery.findKevDataForVulnerability(vulnerability.getId())
                    .ifPresent(kevData -> {
                        vulnerability.setKevData(kevData);
                        foundKevFromVulnerabilities.add(vulnerability.getId());
                    });
        }

        log.info("Found KEV information for [{}] vulnerabilities", foundKevFromVulnerabilities.size());
        log.debug("Found KEV information for the following vulnerabilities: {}", foundKevFromVulnerabilities);

        vInventory.writeBack();
    }
}