Merge branch 'zacharysabourin/main/27' into 'main'

fix: Fix issue deserializing GH CVE object

Closes #27

See merge request !27

src/main/java/org/eclipsefoundation/cve/model/CveProjectData.java

@@ -66,7 +66,7 @@ public abstract class CveProjectData {
     @AutoValue
     @JsonDeserialize(builder = AutoValue_CveProjectData_Impact.Builder.class)
     public abstract static class Impact {
-        public abstract ImpactScore getCvss();
+        public abstract List<Cvss> getCvss();
 
         public static Builder builder() {
             return new AutoValue_CveProjectData_Impact.Builder();
@@ -75,14 +75,14 @@ public abstract class CveProjectData {
         @AutoValue.Builder
         @JsonPOJOBuilder(withPrefix = "set")
         public abstract static class Builder {
-            public abstract Builder setCvss(ImpactScore cvss);
+            public abstract Builder setCvss(List<Cvss> cvss);
             public abstract Impact build();
         }
     }
 
     @AutoValue
-    @JsonDeserialize(builder = AutoValue_CveProjectData_ImpactScore.Builder.class)
-    public abstract static class ImpactScore {
+    @JsonDeserialize(builder = AutoValue_CveProjectData_Cvss.Builder.class)
+    public abstract static class Cvss {
         @Nullable
         public abstract Double getBaseScore();
         @Nullable
@@ -90,16 +90,18 @@ public abstract class CveProjectData {
         public abstract String getVersion();
 
         public static Builder builder() {
-            return new AutoValue_CveProjectData_ImpactScore.Builder();
+            return new AutoValue_CveProjectData_Cvss.Builder();
         }
     
         @AutoValue.Builder
         @JsonPOJOBuilder(withPrefix = "set")
         public abstract static class Builder {
+            @JsonProperty("baseScore")
             public abstract Builder setBaseScore(@Nullable Double baseScore);
+            @JsonProperty("vectorString")
             public abstract Builder setVectorString(@Nullable String vectorString);
             public abstract Builder setVersion(String version);
-            public abstract ImpactScore build();
+            public abstract Cvss build();
         }
     }
 

src/main/java/org/eclipsefoundation/cve/service/CveService.java

@@ -115,8 +115,8 @@ public interface CveService extends StartupProxy {
                                 .findFirst()
                                 .orElse(LocalizedValue.builder().setLang("en").setValue("").build())
                                 .getValue())
-                        .setCvss(cveDetails.getImpact().isPresent()
-                                ? cveDetails.getImpact().get().getCvss().getBaseScore()
+                        .setCvss(cveDetails.getImpact().isPresent() && !cveDetails.getImpact().get().getCvss().isEmpty()
+                                ? cveDetails.getImpact().get().getCvss().get(0).getBaseScore()
                                 : null)
                         .build();
             }

src/main/java/org/eclipsefoundation/cve/service/impl/StubbedCveService.java

@@ -19,9 +19,9 @@ import java.util.Optional;
 
 import org.eclipsefoundation.cve.model.CveData;
 import org.eclipsefoundation.cve.model.CveProjectData;
+import org.eclipsefoundation.cve.model.CveProjectData.Cvss;
 import org.eclipsefoundation.cve.model.CveProjectData.Description;
 import org.eclipsefoundation.cve.model.CveProjectData.Impact;
-import org.eclipsefoundation.cve.model.CveProjectData.ImpactScore;
 import org.eclipsefoundation.cve.model.CveProjectData.LocalizedValue;
 import org.eclipsefoundation.cve.model.CveProjectData.MetaData;
 import org.eclipsefoundation.cve.service.CveService;
@@ -72,10 +72,10 @@ public class StubbedCveService implements CveService {
                                 .setid("CVE-2020-27225")
                                 .build())
                         .setImpact(Optional.of(Impact.builder()
-                                .setCvss(ImpactScore.builder()
+                                .setCvss(Arrays.asList(Cvss.builder()
                                         .setVersion("someVersion")
                                         .setBaseScore(4.2)
-                                        .build())
+                                        .build()))
                                 .build()))
                         .setDescription(Description.builder()
                                 .setDescriptionData(Arrays.asList(
@@ -90,10 +90,10 @@ public class StubbedCveService implements CveService {
                                 .setid("CVE-2022-0103")
                                 .build())
                         .setImpact(Optional.of(Impact.builder()
-                                .setCvss(ImpactScore.builder()
+                                .setCvss(Arrays.asList(Cvss.builder()
                                         .setVersion("someVersion")
                                         .setBaseScore(9.0)
-                                        .build())
+                                        .build()))
                                 .build()))
                         .setDescription(Description.builder()
                                 .setDescriptionData(Arrays.asList(

src/test/java/org/eclipsefoundation/cve/test/api/impl/StubbedGithubCveAPI.java

@@ -23,9 +23,9 @@ import org.eclipse.microprofile.rest.client.inject.RestClient;
 import org.eclipsefoundation.cve.api.GithubCveAPI;
 import org.eclipsefoundation.cve.api.models.GithubRequestParams;
 import org.eclipsefoundation.cve.model.CveProjectData;
+import org.eclipsefoundation.cve.model.CveProjectData.Cvss;
 import org.eclipsefoundation.cve.model.CveProjectData.Description;
 import org.eclipsefoundation.cve.model.CveProjectData.Impact;
-import org.eclipsefoundation.cve.model.CveProjectData.ImpactScore;
 import org.eclipsefoundation.cve.model.CveProjectData.LocalizedValue;
 import org.eclipsefoundation.cve.model.CveProjectData.MetaData;
 
@@ -49,10 +49,10 @@ public class StubbedGithubCveAPI implements GithubCveAPI {
                                 .setid("CVE-2020-27225")
                                 .build())
                         .setImpact(Optional.of(Impact.builder()
-                                .setCvss(ImpactScore.builder()
+                                .setCvss(Arrays.asList(Cvss.builder()
                                         .setVersion("someVersion")
                                         .setBaseScore(4.2)
-                                        .build())
+                                        .build()))
                                 .build()))
                         .setDescription(Description.builder()
                                 .setDescriptionData(Arrays.asList(
@@ -67,10 +67,10 @@ public class StubbedGithubCveAPI implements GithubCveAPI {
                                 .setid("CVE-2022-0103")
                                 .build())
                         .setImpact(Optional.of(Impact.builder()
-                                .setCvss(ImpactScore.builder()
+                                .setCvss(Arrays.asList(Cvss.builder()
                                         .setVersion("someVersion")
                                         .setBaseScore(9.0)
-                                        .build())
+                                        .build()))
                                 .build()))
                         .setDescription(Description.builder()
                                 .setDescriptionData(Arrays.asList(
@@ -86,7 +86,8 @@ public class StubbedGithubCveAPI implements GithubCveAPI {
     public String getCveDetails(GithubRequestParams params) {
         try {
             return om.writeValueAsString(
-                    internal.stream().filter(cve -> cve.getMetaData().getId().equalsIgnoreCase(params.getCveId())).findFirst());
+                    internal.stream().filter(cve -> cve.getMetaData().getId().equalsIgnoreCase(params.getCveId()))
+                            .findFirst());
         } catch (JsonProcessingException e) {
             throw new RuntimeException("Could not fetch test GH CVE data", e);
         }