diff --git a/src/main/java/org/eclipsefoundation/cve/model/CveProjectData.java b/src/main/java/org/eclipsefoundation/cve/model/CveProjectData.java index d3a7e996f52cc994c555cb82707bfc9556ad1f8e..0fad9d44a54b2d18e8e400c71ace50bc8f87a515 100644 --- a/src/main/java/org/eclipsefoundation/cve/model/CveProjectData.java +++ b/src/main/java/org/eclipsefoundation/cve/model/CveProjectData.java @@ -66,7 +66,7 @@ public abstract class CveProjectData { @AutoValue @JsonDeserialize(builder = AutoValue_CveProjectData_Impact.Builder.class) public abstract static class Impact { - public abstract ImpactScore getCvss(); + public abstract List<Cvss> getCvss(); public static Builder builder() { return new AutoValue_CveProjectData_Impact.Builder(); @@ -75,14 +75,14 @@ public abstract class CveProjectData { @AutoValue.Builder @JsonPOJOBuilder(withPrefix = "set") public abstract static class Builder { - public abstract Builder setCvss(ImpactScore cvss); + public abstract Builder setCvss(List<Cvss> cvss); public abstract Impact build(); } } @AutoValue - @JsonDeserialize(builder = AutoValue_CveProjectData_ImpactScore.Builder.class) - public abstract static class ImpactScore { + @JsonDeserialize(builder = AutoValue_CveProjectData_Cvss.Builder.class) + public abstract static class Cvss { @Nullable public abstract Double getBaseScore(); @Nullable @@ -90,16 +90,18 @@ public abstract class CveProjectData { public abstract String getVersion(); public static Builder builder() { - return new AutoValue_CveProjectData_ImpactScore.Builder(); + return new AutoValue_CveProjectData_Cvss.Builder(); } @AutoValue.Builder @JsonPOJOBuilder(withPrefix = "set") public abstract static class Builder { + @JsonProperty("baseScore") public abstract Builder setBaseScore(@Nullable Double baseScore); + @JsonProperty("vectorString") public abstract Builder setVectorString(@Nullable String vectorString); public abstract Builder setVersion(String version); - public abstract ImpactScore build(); + public abstract Cvss build(); } } diff --git a/src/main/java/org/eclipsefoundation/cve/service/CveService.java b/src/main/java/org/eclipsefoundation/cve/service/CveService.java index 38f7e38f8f2dca132b50c13ba30ed50eb67f49a1..26c92a79c885cf70592cf363deb13f95663a3eab 100644 --- a/src/main/java/org/eclipsefoundation/cve/service/CveService.java +++ b/src/main/java/org/eclipsefoundation/cve/service/CveService.java @@ -115,8 +115,8 @@ public interface CveService extends StartupProxy { .findFirst() .orElse(LocalizedValue.builder().setLang("en").setValue("").build()) .getValue()) - .setCvss(cveDetails.getImpact().isPresent() - ? cveDetails.getImpact().get().getCvss().getBaseScore() + .setCvss(cveDetails.getImpact().isPresent() && !cveDetails.getImpact().get().getCvss().isEmpty() + ? cveDetails.getImpact().get().getCvss().get(0).getBaseScore() : null) .build(); } diff --git a/src/main/java/org/eclipsefoundation/cve/service/impl/StubbedCveService.java b/src/main/java/org/eclipsefoundation/cve/service/impl/StubbedCveService.java index 8adf160f765823e9b969c1ae1d28c3df14fcf236..e5322f42858637e99e1c00015c44949f582f58c7 100644 --- a/src/main/java/org/eclipsefoundation/cve/service/impl/StubbedCveService.java +++ b/src/main/java/org/eclipsefoundation/cve/service/impl/StubbedCveService.java @@ -19,9 +19,9 @@ import java.util.Optional; import org.eclipsefoundation.cve.model.CveData; import org.eclipsefoundation.cve.model.CveProjectData; +import org.eclipsefoundation.cve.model.CveProjectData.Cvss; import org.eclipsefoundation.cve.model.CveProjectData.Description; import org.eclipsefoundation.cve.model.CveProjectData.Impact; -import org.eclipsefoundation.cve.model.CveProjectData.ImpactScore; import org.eclipsefoundation.cve.model.CveProjectData.LocalizedValue; import org.eclipsefoundation.cve.model.CveProjectData.MetaData; import org.eclipsefoundation.cve.service.CveService; @@ -72,10 +72,10 @@ public class StubbedCveService implements CveService { .setid("CVE-2020-27225") .build()) .setImpact(Optional.of(Impact.builder() - .setCvss(ImpactScore.builder() + .setCvss(Arrays.asList(Cvss.builder() .setVersion("someVersion") .setBaseScore(4.2) - .build()) + .build())) .build())) .setDescription(Description.builder() .setDescriptionData(Arrays.asList( @@ -90,10 +90,10 @@ public class StubbedCveService implements CveService { .setid("CVE-2022-0103") .build()) .setImpact(Optional.of(Impact.builder() - .setCvss(ImpactScore.builder() + .setCvss(Arrays.asList(Cvss.builder() .setVersion("someVersion") .setBaseScore(9.0) - .build()) + .build())) .build())) .setDescription(Description.builder() .setDescriptionData(Arrays.asList( diff --git a/src/test/java/org/eclipsefoundation/cve/test/api/impl/StubbedGithubCveAPI.java b/src/test/java/org/eclipsefoundation/cve/test/api/impl/StubbedGithubCveAPI.java index b6ab7bfc091791d97315a1643a0aedfe3feb6cac..4ae71d328edecee5331731c572818b69d3b2952c 100644 --- a/src/test/java/org/eclipsefoundation/cve/test/api/impl/StubbedGithubCveAPI.java +++ b/src/test/java/org/eclipsefoundation/cve/test/api/impl/StubbedGithubCveAPI.java @@ -23,9 +23,9 @@ import org.eclipse.microprofile.rest.client.inject.RestClient; import org.eclipsefoundation.cve.api.GithubCveAPI; import org.eclipsefoundation.cve.api.models.GithubRequestParams; import org.eclipsefoundation.cve.model.CveProjectData; +import org.eclipsefoundation.cve.model.CveProjectData.Cvss; import org.eclipsefoundation.cve.model.CveProjectData.Description; import org.eclipsefoundation.cve.model.CveProjectData.Impact; -import org.eclipsefoundation.cve.model.CveProjectData.ImpactScore; import org.eclipsefoundation.cve.model.CveProjectData.LocalizedValue; import org.eclipsefoundation.cve.model.CveProjectData.MetaData; @@ -49,10 +49,10 @@ public class StubbedGithubCveAPI implements GithubCveAPI { .setid("CVE-2020-27225") .build()) .setImpact(Optional.of(Impact.builder() - .setCvss(ImpactScore.builder() + .setCvss(Arrays.asList(Cvss.builder() .setVersion("someVersion") .setBaseScore(4.2) - .build()) + .build())) .build())) .setDescription(Description.builder() .setDescriptionData(Arrays.asList( @@ -67,10 +67,10 @@ public class StubbedGithubCveAPI implements GithubCveAPI { .setid("CVE-2022-0103") .build()) .setImpact(Optional.of(Impact.builder() - .setCvss(ImpactScore.builder() + .setCvss(Arrays.asList(Cvss.builder() .setVersion("someVersion") .setBaseScore(9.0) - .build()) + .build())) .build())) .setDescription(Description.builder() .setDescriptionData(Arrays.asList( @@ -86,7 +86,8 @@ public class StubbedGithubCveAPI implements GithubCveAPI { public String getCveDetails(GithubRequestParams params) { try { return om.writeValueAsString( - internal.stream().filter(cve -> cve.getMetaData().getId().equalsIgnoreCase(params.getCveId())).findFirst()); + internal.stream().filter(cve -> cve.getMetaData().getId().equalsIgnoreCase(params.getCveId())) + .findFirst()); } catch (JsonProcessingException e) { throw new RuntimeException("Could not fetch test GH CVE data", e); }