From 54f2f012d28cc38e01b3ee3915e229eb946e79b5 Mon Sep 17 00:00:00 2001
From: Martin Lowe <martin.lowe@eclipse-foundation.org>
Date: Fri, 24 Jan 2025 14:47:49 -0500
Subject: [PATCH] update: upgrade to Quarkus 3.15 LTS and latest commons lib
---
pom.xml | 23 ++-
.../eclipsefoundation/cve/model/CveData.java | 97 +--------
.../cve/model/CveProjectData.java | 187 ++----------------
.../cve/model/GithubAdvisoriesData.java | 60 +-----
.../InternalAdvisoriesPrecacheProvider.java | 37 ++--
.../cve/resources/CveResource.java | 18 +-
.../cve/service/CveService.java | 6 +-
.../cve/service/impl/DefaultCveService.java | 12 +-
.../cve/test/api/MockGithubCveAPI.java | 156 ++++++++-------
.../cve/test/api/MockGitlabCveAPI.java | 60 +++---
10 files changed, 200 insertions(+), 456 deletions(-)
diff --git a/pom.xml b/pom.xml
index d72e387..ade4298 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,18 +5,18 @@
<artifactId>eclipsefdn-cve-api</artifactId>
<version>1.0.0-SNAPSHOT</version>
<properties>
- <compiler-plugin.version>3.8.1</compiler-plugin.version>
+ <compiler-plugin.version>3.13.0</compiler-plugin.version>
<maven.compiler.source>17</maven.compiler.source>
<maven.compiler.target>17</maven.compiler.target>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<quarkus.platform.artifact-id>quarkus-bom</quarkus.platform.artifact-id>
<quarkus.platform.group-id>io.quarkus.platform</quarkus.platform.group-id>
- <quarkus.platform.version>3.8.6</quarkus.platform.version>
- <surefire-plugin.version>3.1.2</surefire-plugin.version>
+ <quarkus.platform.version>3.15.3</quarkus.platform.version>
+ <surefire-plugin.version>3.3.1</surefire-plugin.version>
<maven.compiler.parameters>true</maven.compiler.parameters>
- <eclipse-api-version>1.1.7</eclipse-api-version>
- <auto-value.version>1.10.4</auto-value.version>
+ <eclipse-api-version>1.2.0</eclipse-api-version>
+ <recordbuilder.version>42</recordbuilder.version>
<org.mapstruct.version>1.5.5.Final</org.mapstruct.version>
<sonar.sources>src/main</sonar.sources>
<sonar.tests>src/test</sonar.tests>
@@ -81,6 +81,13 @@
<artifactId>quarkus-rest-client-reactive-jackson</artifactId>
</dependency>
+ <!-- Annotation preprocessors - reduce all of the boiler plate -->
+ <dependency>
+ <groupId>io.soabase.record-builder</groupId>
+ <artifactId>record-builder-processor</artifactId>
+ <version>${recordbuilder.version}</version>
+ <scope>provided</scope>
+ </dependency>
<!-- Testing dependencies only -->
<dependency>
<groupId>org.apache.camel.quarkus</groupId>
@@ -132,9 +139,9 @@
<configuration>
<annotationProcessorPaths>
<path>
- <groupId>com.google.auto.value</groupId>
- <artifactId>auto-value</artifactId>
- <version>${auto-value.version}</version>
+ <groupId>io.soabase.record-builder</groupId>
+ <artifactId>record-builder-processor</artifactId>
+ <version>${recordbuilder.version}</version>
</path>
<path>
<groupId>org.mapstruct</groupId>
diff --git a/src/main/java/org/eclipsefoundation/cve/model/CveData.java b/src/main/java/org/eclipsefoundation/cve/model/CveData.java
index 821b269..5d05bbd 100644
--- a/src/main/java/org/eclipsefoundation/cve/model/CveData.java
+++ b/src/main/java/org/eclipsefoundation/cve/model/CveData.java
@@ -14,103 +14,26 @@ package org.eclipsefoundation.cve.model;
import java.net.URI;
import java.time.LocalDate;
-import jakarta.annotation.Nullable;
-
import org.apache.commons.lang3.StringUtils;
import com.fasterxml.jackson.annotation.JsonAlias;
import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
-import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
-import com.google.auto.value.AutoValue;
-import com.google.auto.value.extension.memoized.Memoized;
+
+import io.soabase.recordbuilder.core.RecordBuilder;
/**
* JSON model class for CVE data.
*/
-@AutoValue
-@JsonDeserialize(builder = $AutoValue_CveData.Builder.class)
-public abstract class CveData {
-
- public abstract String getId();
-
- @Nullable
- public abstract LocalDate getDatePublished();
-
- public abstract String getProject();
-
- public abstract String getRequestLink();
-
- public abstract String getCvePullRequest();
-
- @Memoized
- public String getLiveLink() {
- return StringUtils.isBlank(getId()) ? "--" : "https://cve.mitre.org/cgi-bin/cvename.cgi?name=".concat(getId());
- }
-
- public abstract String getStatus();
-
- @Nullable
- public abstract Summary getSummary();
-
- @Nullable
- public abstract Double getCvss();
-
- public abstract Builder toBuilder();
-
- public static Builder builder() {
- return new AutoValue_CveData.Builder();
- }
+@RecordBuilder
+public record CveData(String id, LocalDate datePublished, String project, @JsonProperty("request_link") String requestLink,
+ @JsonAlias("cve_pr") @JsonProperty("cve_pull_request") String cvePullRequest, String status, Summary summary, Double cvss) {
- @AutoValue.Builder
- @JsonPOJOBuilder(withPrefix = "set")
- public abstract static class Builder {
- public abstract Builder setId(String id);
-
- public abstract Builder setDatePublished(@Nullable LocalDate date);
-
- public abstract Builder setProject(String project);
-
- @JsonProperty("request_link")
- public abstract Builder setRequestLink(String requestLink);
-
- @JsonProperty("cve_pr")
- @JsonAlias("cve_pull_request")
- public abstract Builder setCvePullRequest(String cvePullRequest);
-
- public abstract Builder setStatus(String status);
-
- public abstract Builder setSummary(@Nullable Summary summary);
-
- public abstract Builder setCvss(@Nullable Double cvss);
-
- public abstract CveData build();
+ @JsonProperty("live_link")
+ public String liveLink() {
+ return StringUtils.isBlank(id()) ? "--" : "https://cve.mitre.org/cgi-bin/cvename.cgi?name=".concat(id());
}
- @AutoValue
- @JsonDeserialize(builder = AutoValue_CveData_Summary.Builder.class)
- public abstract static class Summary {
-
- @Nullable
- public abstract String getContent();
-
- @Nullable
- public abstract URI getSource();
-
- public abstract Builder toBuilder();
-
- public static Builder builder() {
- return new AutoValue_CveData_Summary.Builder();
- }
-
- @AutoValue.Builder
- @JsonPOJOBuilder(withPrefix = "set")
- public abstract static class Builder {
- public abstract Builder setContent(@Nullable String content);
-
- public abstract Builder setSource(@Nullable URI source);
-
- public abstract Summary build();
- }
+ @RecordBuilder
+ public static record Summary(String content, URI source) {
}
}
diff --git a/src/main/java/org/eclipsefoundation/cve/model/CveProjectData.java b/src/main/java/org/eclipsefoundation/cve/model/CveProjectData.java
index d79e4ae..eeacf65 100644
--- a/src/main/java/org/eclipsefoundation/cve/model/CveProjectData.java
+++ b/src/main/java/org/eclipsefoundation/cve/model/CveProjectData.java
@@ -14,195 +14,44 @@ package org.eclipsefoundation.cve.model;
import java.util.List;
import java.util.Optional;
-import jakarta.annotation.Nullable;
-
import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
-import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
-import com.google.auto.value.AutoValue;
+
+import io.soabase.recordbuilder.core.RecordBuilder;
/**
* Return from GH repo CVEProject/CveList5. Used to augment internal CVE data.
*/
-@AutoValue
-@JsonDeserialize(builder = AutoValue_CveProjectData.Builder.class)
-public abstract class CveProjectData {
-
- public abstract Containers getContainers();
+@RecordBuilder
+public record CveProjectData(Containers containers, @JsonProperty("cveMetadata") Metadata cveMetadata) {
- @JsonProperty("cveMetadata")
- public abstract Metadata getCveMetadata();
-
- public static Builder builder() {
- return new AutoValue_CveProjectData.Builder();
+ @RecordBuilder
+ public static record Containers(Cna cna) {
}
- @AutoValue.Builder
- @JsonPOJOBuilder(withPrefix = "set")
- public abstract static class Builder {
-
- public abstract Builder setContainers(Containers containers);
-
- @JsonProperty("cveMetadata")
- public abstract Builder setCveMetadata(Metadata metadata);
+ @RecordBuilder
+ public static record Cna(Optional<List<Description>> descriptions, Optional<List<Metric>> metrics) {
- public abstract CveProjectData build();
}
- @AutoValue
- @JsonDeserialize(builder = AutoValue_CveProjectData_Containers.Builder.class)
- public abstract static class Containers {
+ @RecordBuilder
+ public static record Description(String lang, String value) {
- public abstract Cna getCna();
-
- public static Builder builder() {
- return new AutoValue_CveProjectData_Containers.Builder();
- }
-
- @AutoValue.Builder
- @JsonPOJOBuilder(withPrefix = "set")
- public abstract static class Builder {
-
- public abstract Builder setCna(Cna cna);
-
- public abstract Containers build();
- }
}
- @AutoValue
- @JsonDeserialize(builder = AutoValue_CveProjectData_Cna.Builder.class)
- public abstract static class Cna {
-
- public abstract Optional<List<Description>> getDescriptions();
-
- public abstract Optional<List<Metric>> getMetrics();
+ @RecordBuilder
+ public static record Metric(@JsonProperty("cvssV3_1") Optional<CvssData> cvssV31, @JsonProperty("cvssV3_0") Optional<CvssData> cvssV30,
+ @JsonProperty("cvssV2_0") Optional<CvssData> cvssV2) {
- public static Builder builder() {
- return new AutoValue_CveProjectData_Cna.Builder();
- }
-
- @AutoValue.Builder
- @JsonPOJOBuilder(withPrefix = "set")
- public abstract static class Builder {
-
- public abstract Builder setDescriptions(Optional<List<Description>> desc);
-
- public abstract Builder setMetrics(Optional<List<Metric>> metrics);
-
- public abstract Cna build();
- }
}
- @AutoValue
- @JsonDeserialize(builder = AutoValue_CveProjectData_Description.Builder.class)
- public abstract static class Description {
-
- public abstract String getLang();
-
- @Nullable
- public abstract String getValue();
+ @RecordBuilder
+ public static record CvssData(String version, @JsonProperty("baseScore") Double baseScore,
+ @JsonProperty("vectorString") String vectorString) {
- public static Builder builder() {
- return new AutoValue_CveProjectData_Description.Builder().setLang("en").setValue(null);
- }
-
- @AutoValue.Builder
- @JsonPOJOBuilder(withPrefix = "set")
- public abstract static class Builder {
-
- public abstract Builder setLang(String lang);
-
- public abstract Builder setValue(@Nullable String value);
-
- public abstract Description build();
- }
}
- @AutoValue
- @JsonDeserialize(builder = AutoValue_CveProjectData_Metric.Builder.class)
- public abstract static class Metric {
-
- public abstract Optional<CvssData> getCvssV31();
-
- public abstract Optional<CvssData> getCvssV30();
-
- public abstract Optional<CvssData> getCvssV2();
-
- public static Builder builder() {
- return new AutoValue_CveProjectData_Metric.Builder();
- }
-
- @AutoValue.Builder
- @JsonPOJOBuilder(withPrefix = "set")
- public abstract static class Builder {
-
- @JsonProperty("cvssV3_1")
- public abstract Builder setCvssV31(Optional<CvssData> cvss);
-
- @JsonProperty("cvssV3_0")
- public abstract Builder setCvssV30(Optional<CvssData> cvss);
-
- @JsonProperty("cvssV2_0")
- public abstract Builder setCvssV2(Optional<CvssData> cvss);
-
- public abstract Metric build();
- }
- }
-
-
- @AutoValue
- @JsonDeserialize(builder = AutoValue_CveProjectData_CvssData.Builder.class)
- public abstract static class CvssData {
- @Nullable
- public abstract String getVersion();
-
- @Nullable
- @JsonProperty("baseScore")
- public abstract Double getBaseScore();
-
- @Nullable
- @JsonProperty("vectorString")
- public abstract String getVectorString();
-
- public static Builder builder() {
- return new AutoValue_CveProjectData_CvssData.Builder();
- }
-
- @AutoValue.Builder
- @JsonPOJOBuilder(withPrefix = "set")
- public abstract static class Builder {
-
- public abstract Builder setVersion(@Nullable String version);
-
- @JsonProperty("baseScore")
- public abstract Builder setBaseScore(@Nullable Double score);
-
- @JsonProperty("vectorString")
- public abstract Builder setVectorString(@Nullable String vectorString);
-
- public abstract CvssData build();
- }
- }
-
- @AutoValue
- @JsonDeserialize(builder = AutoValue_CveProjectData_Metadata.Builder.class)
- public abstract static class Metadata {
-
- @JsonProperty("cveId")
- public abstract String getCveId();
-
- public static Builder builder() {
- return new AutoValue_CveProjectData_Metadata.Builder();
- }
-
- @AutoValue.Builder
- @JsonPOJOBuilder(withPrefix = "set")
- public abstract static class Builder {
-
- @JsonProperty("cveId")
- public abstract Builder setCveId(String id);
+ @RecordBuilder
+ public static record Metadata(@JsonProperty("cveId") String cveId) {
- public abstract Metadata build();
- }
}
}
diff --git a/src/main/java/org/eclipsefoundation/cve/model/GithubAdvisoriesData.java b/src/main/java/org/eclipsefoundation/cve/model/GithubAdvisoriesData.java
index 38417dd..8583780 100644
--- a/src/main/java/org/eclipsefoundation/cve/model/GithubAdvisoriesData.java
+++ b/src/main/java/org/eclipsefoundation/cve/model/GithubAdvisoriesData.java
@@ -12,66 +12,16 @@
*/
package org.eclipsefoundation.cve.model;
-import jakarta.annotation.Nullable;
-
-import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
-import com.fasterxml.jackson.databind.annotation.JsonPOJOBuilder;
-import com.google.auto.value.AutoValue;
+import io.soabase.recordbuilder.core.RecordBuilder;
/**
* Return from GH advisories endpoint. Used to augment internal CVE data.
*/
-@AutoValue
-@JsonDeserialize(builder = AutoValue_GithubAdvisoriesData.Builder.class)
-public abstract class GithubAdvisoriesData {
-
- public abstract String getCveId();
-
- @Nullable
- public abstract String getSummary();
-
- public abstract Cvss getCvss();
-
- public static Builder builder() {
- return new AutoValue_GithubAdvisoriesData.Builder();
- }
-
- @AutoValue.Builder
- @JsonPOJOBuilder(withPrefix = "set")
- public abstract static class Builder {
-
- public abstract Builder setCveId(String id);
-
- public abstract Builder setSummary(@Nullable String summary);
-
- public abstract Builder setCvss(Cvss cvss);
-
- public abstract GithubAdvisoriesData build();
- }
-
- @AutoValue
- @JsonDeserialize(builder = AutoValue_GithubAdvisoriesData_Cvss.Builder.class)
- public abstract static class Cvss {
-
- @Nullable
- public abstract String getVectorString();
-
- @Nullable
- public abstract Double getScore();
-
- public static Builder builder() {
- return new AutoValue_GithubAdvisoriesData_Cvss.Builder();
- }
-
- @AutoValue.Builder
- @JsonPOJOBuilder(withPrefix = "set")
- public abstract static class Builder {
-
- public abstract Builder setVectorString(@Nullable String vector);
+@RecordBuilder
+public record GithubAdvisoriesData(String cveId, String summary, Cvss cvss) {
- public abstract Builder setScore(@Nullable Double score);
+ @RecordBuilder
+ public static record Cvss(String vectorString, Double score) {
- public abstract Cvss build();
- }
}
}
diff --git a/src/main/java/org/eclipsefoundation/cve/precaches/InternalAdvisoriesPrecacheProvider.java b/src/main/java/org/eclipsefoundation/cve/precaches/InternalAdvisoriesPrecacheProvider.java
index d6c8a02..cde3a58 100644
--- a/src/main/java/org/eclipsefoundation/cve/precaches/InternalAdvisoriesPrecacheProvider.java
+++ b/src/main/java/org/eclipsefoundation/cve/precaches/InternalAdvisoriesPrecacheProvider.java
@@ -33,10 +33,13 @@ import org.eclipsefoundation.cve.helpers.CveIdMatcherHelper;
import org.eclipsefoundation.cve.helpers.SummarySourceURIBuilder;
import org.eclipsefoundation.cve.model.CveData;
import org.eclipsefoundation.cve.model.CveData.Summary;
+import org.eclipsefoundation.cve.model.CveDataBuilder;
+import org.eclipsefoundation.cve.model.CveDataSummaryBuilder;
import org.eclipsefoundation.cve.model.CveProjectData;
import org.eclipsefoundation.cve.model.CveProjectData.CvssData;
import org.eclipsefoundation.cve.model.CveProjectData.Description;
import org.eclipsefoundation.cve.model.CveProjectData.Metric;
+import org.eclipsefoundation.cve.model.CveProjectDataDescriptionBuilder;
import org.eclipsefoundation.cve.model.GithubAdvisoriesData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -165,15 +168,15 @@ public class InternalAdvisoriesPrecacheProvider implements LoadingCacheProvider<
*/
private CveData augmentCveData(CveData orig) {
try {
- if (StringUtils.isNotBlank(orig.getId())) {
+ if (StringUtils.isNotBlank(orig.id())) {
// Fetch data from each source for augmenting
- Optional<CveProjectData> projectData = fetchCveProjectDetails(orig.getId());
- Optional<GithubAdvisoriesData> ghAdvisory = fetchGhAdvisoriesDetails(orig.getId());
+ Optional<CveProjectData> projectData = fetchCveProjectDetails(orig.id());
+ Optional<GithubAdvisoriesData> ghAdvisory = fetchGhAdvisoriesDetails(orig.id());
- return orig
- .toBuilder()
- .setSummary(getCveSummary(projectData, ghAdvisory, orig.getId()))
- .setCvss(getImpactScore(projectData, ghAdvisory))
+ return CveDataBuilder
+ .builder(orig)
+ .summary(getCveSummary(projectData, ghAdvisory, orig.id()))
+ .cvss(getImpactScore(projectData, ghAdvisory))
.build();
}
} catch (Exception e) {
@@ -199,16 +202,16 @@ public class InternalAdvisoriesPrecacheProvider implements LoadingCacheProvider<
// Use CveProject data as primary summary source
if (!projectData.isEmpty()) {
// Pull descriptions from CveProject data.
- Optional<List<Description>> descriptions = projectData.get().getContainers().getCna().getDescriptions();
+ Optional<List<Description>> descriptions = projectData.get().containers().cna().descriptions();
if (descriptions.isPresent()) {
summary = descriptions
.get()
.stream()
- .filter(dd -> dd.getLang().equalsIgnoreCase("en"))
+ .filter(dd -> dd.lang().equalsIgnoreCase("en"))
.findFirst()
- .orElse(Description.builder().build())
- .getValue();
+ .orElse(CveProjectDataDescriptionBuilder.builder().build())
+ .value();
}
source = SummarySourceURIBuilder.buildCveProjectURI(cveId);
@@ -216,12 +219,12 @@ public class InternalAdvisoriesPrecacheProvider implements LoadingCacheProvider<
// Use advisories data as fallback if present
if (StringUtils.isBlank(summary) && !ghAdvisory.isEmpty()) {
- summary = ghAdvisory.get().getSummary();
+ summary = ghAdvisory.get().summary();
source = SummarySourceURIBuilder.buildGhAdvisoriesURI(cveId);
}
// Return null if there is still no valid summary
- return StringUtils.isNotBlank(summary) && source.isPresent() ? Summary.builder().setContent(summary).setSource(source.get()).build()
+ return StringUtils.isNotBlank(summary) && source.isPresent() ? CveDataSummaryBuilder.builder().content(summary).source(source.get()).build()
: null;
}
@@ -239,18 +242,18 @@ public class InternalAdvisoriesPrecacheProvider implements LoadingCacheProvider<
if (!projectData.isEmpty()) {
// Pull metrics from CveProject data.
- Optional<List<Metric>> metrics = projectData.get().getContainers().getCna().getMetrics();
+ Optional<List<Metric>> metrics = projectData.get().containers().cna().metrics();
if (metrics.isPresent()) {
// Get latest metric and pull the score
Metric mostRecent = metrics.get().get(0);
- CvssData cvss = mostRecent.getCvssV31().orElse(mostRecent.getCvssV30().orElse(mostRecent.getCvssV2().orElse(null)));
+ CvssData cvss = mostRecent.cvssV31().orElse(mostRecent.cvssV30().orElse(mostRecent.cvssV2().orElse(null)));
if (cvss != null) {
- impactScore = cvss.getBaseScore();
+ impactScore = cvss.baseScore();
}
}
}
// Use GH advisories as fallback if the impact score is still null
- return impactScore == null && !ghAdvisory.isEmpty() ? ghAdvisory.get().getCvss().getScore() : impactScore;
+ return impactScore == null && !ghAdvisory.isEmpty() ? ghAdvisory.get().cvss().score() : impactScore;
}
}
diff --git a/src/main/java/org/eclipsefoundation/cve/resources/CveResource.java b/src/main/java/org/eclipsefoundation/cve/resources/CveResource.java
index 2e5006e..0ca16aa 100644
--- a/src/main/java/org/eclipsefoundation/cve/resources/CveResource.java
+++ b/src/main/java/org/eclipsefoundation/cve/resources/CveResource.java
@@ -102,14 +102,14 @@ public class CveResource {
// convert the CVE data to XML entries
feed.setEntries(out.stream().map(cve -> {
SyndEntry e = new SyndEntryImpl();
- e.setTitle(cve.getId());
- e.setLink(cve.getLiveLink());
- e.setUri(cve.getLiveLink());
- e.setPublishedDate(Date.valueOf(cve.getDatePublished()));
+ e.setTitle(cve.id());
+ e.setLink(cve.liveLink());
+ e.setUri(cve.liveLink());
+ e.setPublishedDate(Date.valueOf(cve.datePublished()));
// only set description if we have a summary
- if (cve.getSummary() != null) {
+ if (cve.summary() != null) {
SyndContent desc = new SyndContentImpl();
- desc.setValue(cve.getSummary().getContent());
+ desc.setValue(cve.summary().content());
e.setDescription(desc);
}
return e;
@@ -122,8 +122,8 @@ public class CveResource {
}
});
// check that we properly got data before attempting return
- Optional<String> data = cachedFeed.getData();
- if (cachedFeed.getErrorType().isPresent() || data.isEmpty()) {
+ Optional<String> data = cachedFeed.data();
+ if (cachedFeed.errorType().isPresent() || data.isEmpty()) {
throw new WebApplicationException("Could not generate RSS for CVE entries");
}
return Response.ok(data.get()).build();
@@ -136,7 +136,7 @@ public class CveResource {
Optional<CveData> cve = cveSource.getCve(id);
// Returns 404 if status isn't "public"
- if (cve.isEmpty() || !cve.get().getStatus().equalsIgnoreCase("public")) {
+ if (cve.isEmpty() || !cve.get().status().equalsIgnoreCase("public")) {
throw new NotFoundException(String.format("Unable to find public CVE with id: %s", id));
}
diff --git a/src/main/java/org/eclipsefoundation/cve/service/CveService.java b/src/main/java/org/eclipsefoundation/cve/service/CveService.java
index ac0a33f..1aece37 100644
--- a/src/main/java/org/eclipsefoundation/cve/service/CveService.java
+++ b/src/main/java/org/eclipsefoundation/cve/service/CveService.java
@@ -57,7 +57,7 @@ public interface CveService {
*/
default List<CveData> getForProject(String projectName, boolean includeInternal) {
return getCves(includeInternal)
- .filter(cve -> cve.getProject().equalsIgnoreCase(projectName))
+ .filter(cve -> cve.project().equalsIgnoreCase(projectName))
.toList();
}
@@ -68,7 +68,7 @@ public interface CveService {
* @return CveData object or null.
*/
default Optional<CveData> getCve(String id) {
- return getCves(false).filter(cve -> cve.getId().equalsIgnoreCase(id)).findFirst();
+ return getCves(false).filter(cve -> cve.id().equalsIgnoreCase(id)).findFirst();
}
/**
@@ -79,6 +79,6 @@ public interface CveService {
* @return stream of CVEs filtered on the status.
*/
default Stream<CveData> getCves(boolean includeInternal) {
- return getAllCves().stream().filter(cve -> cve.getStatus().equalsIgnoreCase("public") || includeInternal);
+ return getAllCves().stream().filter(cve -> cve.status().equalsIgnoreCase("public") || includeInternal);
}
}
diff --git a/src/main/java/org/eclipsefoundation/cve/service/impl/DefaultCveService.java b/src/main/java/org/eclipsefoundation/cve/service/impl/DefaultCveService.java
index 6aa4e96..238c2b0 100644
--- a/src/main/java/org/eclipsefoundation/cve/service/impl/DefaultCveService.java
+++ b/src/main/java/org/eclipsefoundation/cve/service/impl/DefaultCveService.java
@@ -14,7 +14,7 @@ package org.eclipsefoundation.cve.service.impl;
import java.util.List;
-import org.eclipsefoundation.caching.model.ParameterizedCacheKey;
+import org.eclipsefoundation.caching.model.ParameterizedCacheKeyBuilder;
import org.eclipsefoundation.caching.service.LoadingCacheManager;
import org.eclipsefoundation.cve.model.CveData;
import org.eclipsefoundation.cve.service.CveService;
@@ -26,8 +26,8 @@ import jakarta.inject.Inject;
import jakarta.ws.rs.core.MultivaluedHashMap;
/**
- * Default implementation of the CVE Service. Uses loading caches to reduce
- * delays from slower fetching and processing of raw data from public APIs.
+ * Default implementation of the CVE Service. Uses loading caches to reduce delays from slower fetching and processing of raw data from
+ * public APIs.
*
* @author Martin Lowe, Zachary Sabourin
*
@@ -42,9 +42,7 @@ public class DefaultCveService implements CveService {
@Override
public List<CveData> getAllCves() {
LOGGER.debug("Fetching internal advisories data");
- return cacheManager.getList(ParameterizedCacheKey.builder()
- .setId("all")
- .setClazz(CveData.class)
- .setParams(new MultivaluedHashMap<>()).build());
+ return cacheManager
+ .getList(ParameterizedCacheKeyBuilder.builder().id("all").clazz(CveData.class).params(new MultivaluedHashMap<>()).build());
}
}
diff --git a/src/test/java/org/eclipsefoundation/cve/test/api/MockGithubCveAPI.java b/src/test/java/org/eclipsefoundation/cve/test/api/MockGithubCveAPI.java
index 3716c21..6331456 100644
--- a/src/test/java/org/eclipsefoundation/cve/test/api/MockGithubCveAPI.java
+++ b/src/test/java/org/eclipsefoundation/cve/test/api/MockGithubCveAPI.java
@@ -21,14 +21,16 @@ import org.eclipsefoundation.cve.api.GithubCveAPI;
import org.eclipsefoundation.cve.api.models.CveProjectRequestParams;
import org.eclipsefoundation.cve.api.models.GithubAdvisoriesRequestParams;
import org.eclipsefoundation.cve.model.CveProjectData;
-import org.eclipsefoundation.cve.model.CveProjectData.Cna;
-import org.eclipsefoundation.cve.model.CveProjectData.Containers;
-import org.eclipsefoundation.cve.model.CveProjectData.CvssData;
-import org.eclipsefoundation.cve.model.CveProjectData.Description;
-import org.eclipsefoundation.cve.model.CveProjectData.Metadata;
-import org.eclipsefoundation.cve.model.CveProjectData.Metric;
+import org.eclipsefoundation.cve.model.CveProjectDataBuilder;
+import org.eclipsefoundation.cve.model.CveProjectDataCnaBuilder;
+import org.eclipsefoundation.cve.model.CveProjectDataContainersBuilder;
+import org.eclipsefoundation.cve.model.CveProjectDataCvssDataBuilder;
+import org.eclipsefoundation.cve.model.CveProjectDataDescriptionBuilder;
+import org.eclipsefoundation.cve.model.CveProjectDataMetadataBuilder;
+import org.eclipsefoundation.cve.model.CveProjectDataMetricBuilder;
import org.eclipsefoundation.cve.model.GithubAdvisoriesData;
-import org.eclipsefoundation.cve.model.GithubAdvisoriesData.Cvss;
+import org.eclipsefoundation.cve.model.GithubAdvisoriesDataBuilder;
+import org.eclipsefoundation.cve.model.GithubAdvisoriesDataCvssBuilder;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -42,73 +44,85 @@ import jakarta.inject.Inject;
@ApplicationScoped
public class MockGithubCveAPI implements GithubCveAPI {
- private List<GithubAdvisoriesData> ghAdvisories;
- private List<CveProjectData> cveProjectDatas;
+ private List<GithubAdvisoriesData> ghAdvisories;
+ private List<CveProjectData> cveProjectDatas;
- @Inject
- ObjectMapper om;
+ @Inject
+ ObjectMapper om;
- public MockGithubCveAPI() {
- this.ghAdvisories = new ArrayList<>(Arrays.asList(
- GithubAdvisoriesData.builder()
- .setCveId("CVE-2020-27225")
- .setSummary("Here is a description of this CVE")
- .setCvss(Cvss.builder()
- .setVectorString("Vector")
- .setScore(4.2).build())
- .build(),
- GithubAdvisoriesData.builder()
- .setCveId("CVE-2022-0103")
- .setSummary("Here is description of this CVE")
- .setCvss(Cvss.builder()
- .setVectorString("Vector")
- .setScore(9.0).build())
- .build()));
+ public MockGithubCveAPI() {
+ this.ghAdvisories = new ArrayList<>(Arrays
+ .asList(GithubAdvisoriesDataBuilder
+ .builder()
+ .cveId("CVE-2020-27225")
+ .summary("Here is a description of this CVE")
+ .cvss(GithubAdvisoriesDataCvssBuilder.builder().vectorString("Vector").score(4.2).build())
+ .build(),
+ GithubAdvisoriesDataBuilder
+ .builder()
+ .cveId("CVE-2022-0103")
+ .summary("Here is description of this CVE")
+ .cvss(GithubAdvisoriesDataCvssBuilder.builder().vectorString("Vector").score(9.0).build())
+ .build()));
- // one entry with no desc, one with no score. Used to test advisories fallback
- this.cveProjectDatas = new ArrayList<>(Arrays.asList(
- CveProjectData.builder()
- .setCveMetadata(Metadata.builder().setCveId("CVE-2020-27225").build())
- .setContainers(Containers.builder()
- .setCna(Cna.builder()
- .setDescriptions(Optional.of(Arrays.asList(Description.builder()
- .setValue("Here is a description of this CVE")
- .build())))
- .setMetrics(Optional.empty())
- .build())
- .build())
- .build(),
- CveProjectData.builder()
- .setCveMetadata(Metadata.builder().setCveId("CVE-2022-0103").build())
- .setContainers(Containers.builder()
- .setCna(Cna.builder()
- .setDescriptions(Optional.empty())
- .setMetrics(Optional.of(Arrays.asList(Metric.builder()
- .setCvssV31(Optional.of(CvssData.builder()
- .setBaseScore(9.0)
- .setVectorString("Vector")
- .build()))
- .build())))
- .build())
- .build())
- .build()));
- }
+ // one entry with no desc, one with no score. Used to test advisories fallback
+ this.cveProjectDatas = new ArrayList<>(Arrays
+ .asList(CveProjectDataBuilder
+ .builder()
+ .cveMetadata(CveProjectDataMetadataBuilder.builder().cveId("CVE-2020-27225").build())
+ .containers(CveProjectDataContainersBuilder
+ .builder()
+ .cna(CveProjectDataCnaBuilder
+ .builder()
+ .descriptions(Optional
+ .of(Arrays
+ .asList(CveProjectDataDescriptionBuilder
+ .builder()
+ .value("Here is a description of this CVE")
+ .build())))
+ .metrics(Optional.empty())
+ .build())
+ .build())
+ .build(),
+ CveProjectDataBuilder
+ .builder()
+ .cveMetadata(CveProjectDataMetadataBuilder.builder().cveId("CVE-2022-0103").build())
+ .containers(CveProjectDataContainersBuilder
+ .builder()
+ .cna(CveProjectDataCnaBuilder
+ .builder()
+ .descriptions(Optional.empty())
+ .metrics(Optional
+ .of(Arrays
+ .asList(CveProjectDataMetricBuilder
+ .builder()
+ .cvssV31(Optional
+ .of(CveProjectDataCvssDataBuilder
+ .builder()
+ .baseScore(9.0)
+ .vectorString("Vector")
+ .build()))
+ .build())))
+ .build())
+ .build())
+ .build()));
+ }
- @Override
- public List<GithubAdvisoriesData> getGhAdvisoriesDetails(GithubAdvisoriesRequestParams params) {
- return ghAdvisories.stream().filter(cve -> cve.getCveId().equalsIgnoreCase(params.cveId))
- .toList();
- }
+ @Override
+ public List<GithubAdvisoriesData> getGhAdvisoriesDetails(GithubAdvisoriesRequestParams params) {
+ return ghAdvisories.stream().filter(cve -> cve.cveId().equalsIgnoreCase(params.cveId)).toList();
+ }
- @Override
- public String getCveProjectDetails(CveProjectRequestParams params) {
- try {
- return om.writeValueAsString(
- cveProjectDatas.stream()
- .filter(cve -> cve.getCveMetadata().getCveId().equalsIgnoreCase(params.cveId))
- .findFirst());
- } catch (JsonProcessingException e) {
- throw new RuntimeException("Could not fetch test GH CVE data", e);
- }
- }
+ @Override
+ public String getCveProjectDetails(CveProjectRequestParams params) {
+ try {
+ return om
+ .writeValueAsString(cveProjectDatas
+ .stream()
+ .filter(cve -> cve.cveMetadata().cveId().equalsIgnoreCase(params.cveId))
+ .findFirst());
+ } catch (JsonProcessingException e) {
+ throw new RuntimeException("Could not fetch test GH CVE data", e);
+ }
+ }
}
diff --git a/src/test/java/org/eclipsefoundation/cve/test/api/MockGitlabCveAPI.java b/src/test/java/org/eclipsefoundation/cve/test/api/MockGitlabCveAPI.java
index d5ffd88..65a9f5b 100644
--- a/src/test/java/org/eclipsefoundation/cve/test/api/MockGitlabCveAPI.java
+++ b/src/test/java/org/eclipsefoundation/cve/test/api/MockGitlabCveAPI.java
@@ -17,6 +17,7 @@ import org.eclipse.microprofile.rest.client.inject.RestClient;
import org.eclipsefoundation.cve.api.GitlabCveAPI;
import org.eclipsefoundation.cve.api.models.GitlabRequestParams;
import org.eclipsefoundation.cve.model.CveData;
+import org.eclipsefoundation.cve.model.CveDataBuilder;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
@@ -37,43 +38,42 @@ public class MockGitlabCveAPI implements GitlabCveAPI {
public MockGitlabCveAPI() {
this.internal = new CveData[] {
- CveData
+ CveDataBuilder
.builder()
- .setId("CVE-2020-27225")
- .setDatePublished(LocalDate.now())
- .setProject("eclipse.platform")
- .setRequestLink("https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855")
- .setCvePullRequest("https://github.com/CVEProject/cvelist/pull/1012")
- .setStatus("PUBLIC")
+ .id("CVE-2020-27225")
+ .datePublished(LocalDate.now())
+ .project("eclipse.platform")
+ .requestLink("https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855")
+ .cvePullRequest("https://github.com/CVEProject/cvelist/pull/1012")
+ .status("PUBLIC")
.build(),
- CveData
+ CveDataBuilder
.builder()
- .setId("CVE-2022-0103")
- .setDatePublished(LocalDate.now())
- .setProject("technology.dash")
- .setRequestLink("https://bugs.eclipse.org/bugs/show_bug.cgi?id=1")
- .setCvePullRequest("")
- .setStatus("PUBLIC")
+ .id("CVE-2022-0103")
+ .datePublished(LocalDate.now())
+ .project("technology.dash")
+ .requestLink("https://bugs.eclipse.org/bugs/show_bug.cgi?id=1")
+ .cvePullRequest("")
+ .status("PUBLIC")
.build(),
- CveData
+ CveDataBuilder
.builder()
- .setId("CVE-2022-0104")
- .setDatePublished(LocalDate.now())
- .setProject("technology.dash")
- .setRequestLink("https://bugs.eclipse.org/bugs/show_bug.cgi?id=2")
- .setCvePullRequest("")
- .setStatus("RESERVED")
+ .id("CVE-2022-0104")
+ .datePublished(LocalDate.now())
+ .project("technology.dash")
+ .requestLink("https://bugs.eclipse.org/bugs/show_bug.cgi?id=2")
+ .cvePullRequest("")
+ .status("RESERVED")
.build(),
- CveData
+ CveDataBuilder
.builder()
- .setId("CVE-2022-0105")
- .setDatePublished(LocalDate.now())
- .setProject("technology.test")
- .setRequestLink("https://bugs.eclipse.org/bugs/show_bug.cgi?id=3")
- .setCvePullRequest("")
- .setStatus("PUBLIC")
- .build()
- };
+ .id("CVE-2022-0105")
+ .datePublished(LocalDate.now())
+ .project("technology.test")
+ .requestLink("https://bugs.eclipse.org/bugs/show_bug.cgi?id=3")
+ .cvePullRequest("")
+ .status("PUBLIC")
+ .build() };
}
@Override
--
GitLab