de.fraunhofer.iem.spha.model.adapter.osv.OsvScannerDto.kt Maven / Gradle / Ivy

Go to download
/*
 * Copyright (c) 2024 Fraunhofer IEM. All rights reserved.
 *
 * Licensed under the MIT license. See LICENSE file in the project root for details.
 *
 * SPDX-License-Identifier: MIT
 * License-Filename: LICENSE
 */

package de.fraunhofer.iem.spha.model.adapter.osv

import kotlinx.serialization.SerialName
import kotlinx.serialization.Serializable
import kotlinx.serialization.json.JsonArray

@Serializable
data class OsvScannerDto(@SerialName("results") val results: List)

@Serializable
data class OsvScannerResultDto(
    @SerialName("source") val packageSource: PackageSource,
    @SerialName("packages") val packages: List,
)

@Serializable
data class PackageSource(
    @SerialName("path") val path: String,
    @SerialName("type") val type: String,
)

@Serializable
data class OsvPackageWrapperDto(
    @SerialName("package") val osvPackage: OsvPackageDto,
    // vulnerabilities are of type OsvVulnerabilityDto and follow the official osv vulnerability
    // standard. However, currently we don't use the information provided in OsvVulnerabilityDto,
    // thus we parse vulnerabilities to a JsonArray and provide OsvVulnerabilityDto for further
    // parsing. This makes our implementation more robust against changes in the vulnerability
    // format, as we only directly depend on the format of the osv scanner.
    @SerialName("vulnerabilities") val vulnerabilities: JsonArray,
    @SerialName("groups") val groups: List,
)

@Serializable
data class GroupDto(
    @SerialName("ids") val ids: List,
    @SerialName("aliases") val aliases: List,
    @SerialName("max_severity") val maxSeverity: String,
)

@Serializable
data class OsvPackageDto(
    @SerialName("name") val name: String,
    @SerialName("version") val version: String,
    @SerialName("ecosystem") val ecosystem: String,
)