Skip to content
Snippets Groups Projects
Commit 630f8487 authored by Martin Lowe's avatar Martin Lowe :flag_ca:
Browse files

Merge branch 'zacharysabourin/main/23' into 'main'

feat: Create CveServiceProducer with proxy startup service

Closes #23

See merge request !21
parents 655249da 3bc1a65d
No related branches found
No related tags found
1 merge request!21feat: Create CveServiceProducer with proxy startup service
/*********************************************************************
* Copyright (c) 2022 Eclipse Foundation.
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* Author: Zachary Sabourin <zachary.sabourin@eclipse-foundation.org>
*
* SPDX-License-Identifier: EPL-2.0
**********************************************************************/
package org.eclipsefoundation.cve.config;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.context.Dependent;
import javax.enterprise.inject.Produces;
import javax.inject.Inject;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.context.ManagedExecutor;
import org.eclipse.microprofile.rest.client.inject.RestClient;
import org.eclipsefoundation.cve.api.GithubCveAPI;
import org.eclipsefoundation.cve.api.GitlabCveAPI;
import org.eclipsefoundation.cve.service.CveService;
import org.eclipsefoundation.cve.service.impl.DefaultCveService;
import org.eclipsefoundation.cve.service.impl.StubbedCveService;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.quarkus.arc.DefaultBean;
import io.quarkus.arc.properties.IfBuildProperty;
/**
* Allows Quarkus to inject the appropriate bean at runtime. Uses the stubbed
* service if running in dev profile.
*/
@Dependent
public class CveServiceProvider {
@ConfigProperty(name = "eclipse.github.cve-project.token")
String ghToken;
@Inject
@RestClient
GitlabCveAPI gitlabApi;
@Inject
@RestClient
GithubCveAPI githubApi;
@Produces
@ApplicationScoped
@DefaultBean
public CveService defaultCveService(ManagedExecutor executor, ObjectMapper om,
GitlabCveLoaderConfig glCveLoaderConfig) {
return new DefaultCveService(gitlabApi, githubApi, executor, glCveLoaderConfig, ghToken, om);
}
@Produces
@ApplicationScoped
@IfBuildProperty(name = "eclipse.cve.stubbed", stringValue = "true", enableIfMissing = true)
public CveService stubbedCveService() {
return new StubbedCveService();
}
}
......@@ -14,6 +14,7 @@ import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.eclipsefoundation.core.service.StartupProxy;
import org.eclipsefoundation.cve.model.CveData;
import org.eclipsefoundation.cve.model.CveProjectData;
import org.eclipsefoundation.cve.model.CveProjectData.LocalizedValue;
......@@ -27,7 +28,7 @@ import org.slf4j.LoggerFactory;
* @author Martin Lowe, Zachary Sabourin
*
*/
public interface CveService {
public interface CveService extends StartupProxy {
public static final Logger LOGGER = LoggerFactory.getLogger(CveService.class);
/**
......@@ -114,7 +115,8 @@ public interface CveService {
.findFirst()
.orElse(LocalizedValue.builder().setLang("en").setValue("").build())
.getValue())
.setCvss(cveDetails.getImpact().isPresent() ? cveDetails.getImpact().get().getCvss().getBaseScore()
.setCvss(cveDetails.getImpact().isPresent()
? cveDetails.getImpact().get().getCvss().getBaseScore()
: null)
.build();
}
......
......@@ -19,14 +19,8 @@ import java.util.concurrent.ExecutionException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.apache.commons.lang3.StringUtils;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.context.ManagedExecutor;
import org.eclipse.microprofile.rest.client.inject.RestClient;
import org.eclipsefoundation.cve.api.GithubCveAPI;
import org.eclipsefoundation.cve.api.GitlabCveAPI;
import org.eclipsefoundation.cve.api.models.GithubRequestParams;
......@@ -42,8 +36,6 @@ import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.benmanes.caffeine.cache.AsyncLoadingCache;
import com.github.benmanes.caffeine.cache.Caffeine;
import io.quarkus.runtime.Startup;
/**
* Default implementation of the CVE Service. Uses loading caches to reduce
* delays from slower fetching and processing of raw data from public APIs.
......@@ -51,48 +43,42 @@ import io.quarkus.runtime.Startup;
* @author Martin Lowe, Zachary Sabourin
*
*/
@Startup
@ApplicationScoped
public class DefaultCveService implements CveService {
public static final Logger LOGGER = LoggerFactory.getLogger(DefaultCveService.class);
public static final Pattern CVE_ID_PARTS = Pattern.compile("^CVE-(\\d{4})-(\\d+?)\\d{3}$");
@Inject
GitlabCveLoaderConfig glCveLoaderConfig;
@ConfigProperty(name = "eclipse.github.cve-project.token")
String ghToken;
private final GitlabCveLoaderConfig glCveLoaderConfig;
private final String ghToken;
@Inject
@RestClient
GitlabCveAPI gitlabApi;
@Inject
@RestClient
GithubCveAPI githubApi;
private final GitlabCveAPI gitlabApi;
private final GithubCveAPI githubApi;
@Inject
ObjectMapper om;
@Inject
ManagedExecutor executor;
private final ObjectMapper om;
private final ManagedExecutor executor;
private AsyncLoadingCache<String, CveProjectData> cveProjectCache;
private AsyncLoadingCache<String, List<CveData>> advisoriesCache;
/**
* Builds async caches, sets the refresh timers, and loads data.
*/
@PostConstruct
public void init() {
public DefaultCveService(GitlabCveAPI gitlabApi, GithubCveAPI githubApi, ManagedExecutor executor,
GitlabCveLoaderConfig glCveLoaderConfig, String ghToken, ObjectMapper om) {
this.gitlabApi = gitlabApi;
this.githubApi = githubApi;
this.executor = executor;
this.glCveLoaderConfig = glCveLoaderConfig;
this.ghToken = ghToken;
this.om = om;
this.advisoriesCache = Caffeine
.newBuilder()
.executor(executor)
.executor(this.executor)
.maximumSize(10)
.refreshAfterWrite(Duration.ofMinutes(60))
.buildAsync(k -> loadAdvisoriesData());
this.cveProjectCache = Caffeine
.newBuilder()
.executor(executor)
.executor(this.executor)
.maximumSize(1000)
.refreshAfterWrite(Duration.ofMinutes(60))
.buildAsync(this::loadCveProjectData);
......
/*********************************************************************
* Copyright (c) 2022 Eclipse Foundation.
*
* This program and the accompanying materials are made
* available under the terms of the Eclipse Public License 2.0
* which is available at https://www.eclipse.org/legal/epl-2.0/
*
* Author: Zachary Sabourin <zachary.sabourin@eclipse-foundation.org>
*
* SPDX-License-Identifier: EPL-2.0
**********************************************************************/
package org.eclipsefoundation.cve.service.impl;
import java.time.LocalDate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Optional;
import org.eclipsefoundation.cve.model.CveData;
import org.eclipsefoundation.cve.model.CveProjectData;
import org.eclipsefoundation.cve.model.CveProjectData.Description;
import org.eclipsefoundation.cve.model.CveProjectData.Impact;
import org.eclipsefoundation.cve.model.CveProjectData.ImpactScore;
import org.eclipsefoundation.cve.model.CveProjectData.LocalizedValue;
import org.eclipsefoundation.cve.model.CveProjectData.MetaData;
import org.eclipsefoundation.cve.service.CveService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
public class StubbedCveService implements CveService {
public static final Logger LOGGER = LoggerFactory.getLogger(StubbedCveService.class);
private List<CveData> gitlabCves;
private List<CveProjectData> githubCves;
public StubbedCveService() {
this.gitlabCves = new ArrayList<>();
this.gitlabCves.addAll(Arrays.asList(
CveData
.builder()
.setId("CVE-2020-27225")
.setDate(LocalDate.now())
.setProject("eclipse.platform")
.setRequestLink("https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855")
.setCvePullRequest("https://github.com/CVEProject/cvelist/pull/1012")
.setStatus("PUBLIC")
.build(),
CveData
.builder()
.setId("CVE-2022-0103")
.setDate(LocalDate.now())
.setProject("technology.dash")
.setRequestLink("https://bugs.eclipse.org/bugs/show_bug.cgi?id=1")
.setCvePullRequest(null)
.setStatus("PUBLIC")
.build(),
CveData
.builder()
.setId("CVE-2022-0104")
.setDate(LocalDate.now())
.setProject("technology.dash")
.setRequestLink("https://bugs.eclipse.org/bugs/show_bug.cgi?id=2")
.setCvePullRequest(null)
.setStatus("RESERVED")
.build()));
this.githubCves = new ArrayList<>();
this.githubCves.addAll(Arrays.asList(
CveProjectData.builder()
.setMetaData(MetaData.builder()
.setid("CVE-2020-27225")
.build())
.setImpact(Optional.of(Impact.builder()
.setCvss(ImpactScore.builder()
.setVersion("someVersion")
.setBaseScore(4.2)
.build())
.build()))
.setDescription(Description.builder()
.setDescriptionData(Arrays.asList(
LocalizedValue.builder()
.setLang("eng")
.setValue("asdofiweoprinfpdiuoanfgaipodusnfiopasdunfoas;dinf")
.build()))
.build())
.build(),
CveProjectData.builder()
.setMetaData(MetaData.builder()
.setid("CVE-2022-0103")
.build())
.setImpact(Optional.of(Impact.builder()
.setCvss(ImpactScore.builder()
.setVersion("someVersion")
.setBaseScore(9.0)
.build())
.build()))
.setDescription(Description.builder()
.setDescriptionData(Arrays.asList(
LocalizedValue.builder()
.setLang("eng")
.setValue("asdfh aeifaoidsfe fpoina sdfion")
.build()))
.build())
.build()));
}
@Override
public List<CveData> getAllCves() {
return gitlabCves;
}
@Override
public CveProjectData getCveDetails(String id) {
return githubCves.stream().filter(cve -> cve.getMetaData().getId().equalsIgnoreCase(id)).findFirst()
.orElse(null);
}
}
......@@ -8,3 +8,5 @@ quarkus.keycloak.devservices.enabled=false
eclipse.gitlab.cve-project.file-path=advisories
eclipse.gitlab.cve-project.ref=main
eclipse.cve.stubbed=false
%dev.eclipse.cve.stubbed=true
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment