Skip to content
Snippets Groups Projects
Commit 58849aa1 authored by Martin Lowe's avatar Martin Lowe :flag_ca:
Browse files

Update feed about and link to point at the production URI 

To make routing easier and reduce overall complexity, we will instead
point the alternate form of the known vul'n page to this RSS feed rather
than doing backend proxy passing to show this content within the
Eclipse.org site.
parent a144310b
No related branches found
No related tags found
1 merge request!55Update feed about and link to point at the production URI
Pipeline #52845 passed with stage
in 0 seconds
Hide whitespace changes
Inline Side-by-side
src/main/java/org/eclipsefoundation/cve/resources/CveResource.java
+ 51
40
View file @ 58849aa1
......@@ -12,13 +12,14 @@
*/
package org.eclipsefoundation.cve.resources;
import java.io.IOException;
import java.io.StringWriter;
import java.sql.Date;
import java.util.List;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.eclipsefoundation.caching.model.CacheWrapper;
import org.eclipsefoundation.caching.service.CachingService;
import org.eclipsefoundation.cve.model.CveData;
import org.eclipsefoundation.cve.namespace.CveUrlParameterNames;
import org.eclipsefoundation.cve.service.CveService;
......@@ -29,7 +30,6 @@ import com.rometools.rome.feed.synd.SyndEntry;
import com.rometools.rome.feed.synd.SyndEntryImpl;
import com.rometools.rome.feed.synd.SyndFeed;
import com.rometools.rome.feed.synd.SyndFeedImpl;
import com.rometools.rome.io.FeedException;
import com.rometools.rome.io.SyndFeedOutput;
import jakarta.inject.Inject;
......@@ -40,6 +40,7 @@ import jakarta.ws.rs.Path;
import jakarta.ws.rs.PathParam;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.QueryParam;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
......@@ -56,6 +57,9 @@ public class CveResource {
@Inject
CveService cveSource;
@Inject
CachingService cache;
@GET
public Response get(@QueryParam(CveUrlParameterNames.PROJECT_NAME_PARAM_NAME) String projectName) {
List<CveData> out;
......@@ -71,47 +75,54 @@ public class CveResource {
@GET
@Path("rss.xml")
@Produces(MediaType.APPLICATION_XML)
public Response getCveRSSFeed(@QueryParam(CveUrlParameterNames.PROJECT_NAME_PARAM_NAME) String projectName) throws IOException, FeedException {
SyndFeed feed = new SyndFeedImpl();
feed.setFeedType("rss_1.0");
feed.setTitle("Eclipse Foundation Project CVE database");
feed.setLink("https://eclipse.org/security/known/rss.xml");
feed.setAuthor("Eclipse Foundation WebDev");
feed.setLanguage("en-gb");
feed.setPublishedDate(new Date(System.currentTimeMillis()));
feed.setDescription("Disclosed CVE records pertaining to Eclipse Foundation projects.");
feed.setEncoding("utf-8");
feed.setWebMaster("webdev@eclipse-foundation.org");
// retrieve the CVE data for the current request
List<CveData> out;
if (StringUtils.isNotBlank(projectName)) {
out = cveSource.getForProject(projectName, false);
} else {
out = cveSource.getPublicCves();
}
// convert the CVE data to XML entries
feed.setEntries(out.stream().map(cve -> {
SyndEntry e = new SyndEntryImpl();
e.setTitle(cve.getId());
e.setLink(cve.getLiveLink());
e.setUri(cve.getLiveLink());
e.setPublishedDate(Date.valueOf(cve.getDatePublished()));
// only set description if we have a summary
if (cve.getSummary() != null) {
SyndContent desc = new SyndContentImpl();
desc.setValue(cve.getSummary().getContent());
e.setDescription(desc);
public Response getCveRSSFeed(@QueryParam(CveUrlParameterNames.PROJECT_NAME_PARAM_NAME) String projectName) {
CacheWrapper<String> cachedFeed = cache.get("all", null, String.class, () -> {
SyndFeed feed = new SyndFeedImpl();
feed.setFeedType("rss_1.0");
feed.setTitle("Eclipse Foundation Project CVE database");
feed.setLink("https://api.eclipse.org/cve/rss.xml");
feed.setAuthor("Eclipse Foundation WebDev");
feed.setLanguage("en-gb");
feed.setPublishedDate(new Date(System.currentTimeMillis()));
feed.setDescription("Disclosed CVE records pertaining to Eclipse Foundation projects.");
feed.setEncoding("utf-8");
feed.setWebMaster("webdev@eclipse-foundation.org");
// retrieve the CVE data for the current request
List<CveData> out;
if (StringUtils.isNotBlank(projectName)) {
out = cveSource.getForProject(projectName, false);
} else {
out = cveSource.getPublicCves();
}
return e;
}).toList());
// write the XML out and return it
try (StringWriter sw = new StringWriter()) {
SyndFeedOutput syndFeedOutput = new SyndFeedOutput();
syndFeedOutput.output(feed, sw);
return Response.ok(sw.toString()).build();
// convert the CVE data to XML entries
feed.setEntries(out.stream().map(cve -> {
SyndEntry e = new SyndEntryImpl();
e.setTitle(cve.getId());
e.setLink(cve.getLiveLink());
e.setUri(cve.getLiveLink());
e.setPublishedDate(Date.valueOf(cve.getDatePublished()));
// only set description if we have a summary
if (cve.getSummary() != null) {
SyndContent desc = new SyndContentImpl();
desc.setValue(cve.getSummary().getContent());
e.setDescription(desc);
}
return e;
}).toList());
// write the XML out and return it
try (StringWriter sw = new StringWriter()) {
SyndFeedOutput syndFeedOutput = new SyndFeedOutput();
syndFeedOutput.output(feed, sw);
return sw.toString();
}
});
// check that we properly got data before attempting return
Optional<String> data = cachedFeed.getData();
if (cachedFeed.getErrorType().isPresent() || data.isEmpty()) {
throw new WebApplicationException("Could not generate RSS for CVE entries");
}
return Response.ok(data.get()).build();
}
@GET
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent