Search in sources :

Example 1 with HubProjectVersion

use of com.blackducksoftware.integration.fortify.batch.model.HubProjectVersion in project hub-fortify-ssc-integration-service by blackducksoftware.

the class BlackDuckFortifyPushThread method mergeVulnerabilities.

/**
 * Iterate the hub project versions and find the vulnerabilities for Hub project version and transform the
 * vulnerability component view to CSV vulnerability view and merge all the vulnerabilities
 *
 * @param hubProjectVersions
 * @param projectVersionItems
 * @return
 * @throws IntegrationException
 * @throws IllegalArgumentException
 */
private List<Vulnerability> mergeVulnerabilities(final List<HubProjectVersion> hubProjectVersions, final List<ProjectVersionView> projectVersionItems) throws IllegalArgumentException, IntegrationException {
    int index = 0;
    List<Vulnerability> mergedVulnerabilities = new ArrayList<>();
    for (HubProjectVersion hubProjectVersion : hubProjectVersions) {
        // Get the Vulnerability information
        final List<VulnerableComponentView> vulnerableComponentViews = hubServices.getVulnerabilityComponentViews(projectVersionItems.get(index));
        index++;
        // Convert the Hub Vulnerability component view to CSV Vulnerability object
        List<Vulnerability> vulnerabilities = VulnerabilityUtil.transformMapping(vulnerableComponentViews, hubProjectVersion.getHubProject(), hubProjectVersion.getHubProjectVersion(), maxBomUpdatedDate, propertyConstants);
        // Add the vulnerabilities to the main list
        mergedVulnerabilities.addAll(vulnerabilities);
    }
    return mergedVulnerabilities;
}
Also used : HubProjectVersion(com.blackducksoftware.integration.fortify.batch.model.HubProjectVersion) ArrayList(java.util.ArrayList) Vulnerability(com.blackducksoftware.integration.fortify.batch.model.Vulnerability) VulnerableComponentView(com.blackducksoftware.integration.hub.api.generated.view.VulnerableComponentView)

Example 2 with HubProjectVersion

use of com.blackducksoftware.integration.fortify.batch.model.HubProjectVersion in project hub-fortify-ssc-integration-service by blackducksoftware.

the class BlackDuckFortifyPushThread method call.

@Override
public Boolean call() throws DateTimeParseException, IntegrationException, IllegalArgumentException, JsonGenerationException, JsonMappingException, FileNotFoundException, UnsupportedEncodingException, IOException {
    logger.info("blackDuckFortifyMapper::" + blackDuckFortifyMapperGroup.toString());
    final List<HubProjectVersion> hubProjectVersions = blackDuckFortifyMapperGroup.getHubProjectVersion();
    // Get the last successful runtime of the job
    final Date getLastSuccessfulJobRunTime = getLastSuccessfulJobRunTime(propertyConstants.getBatchJobStatusFilePath());
    logger.debug("Last successful job excecution:" + getLastSuccessfulJobRunTime);
    // Get the project version view from Hub and calculate the max BOM updated date
    final List<ProjectVersionView> projectVersionItems = getProjectVersionItemsAndMaxBomUpdatedDate(hubProjectVersions);
    logger.info("Compare Dates: " + ((getLastSuccessfulJobRunTime != null && maxBomUpdatedDate.after(getLastSuccessfulJobRunTime)) || (getLastSuccessfulJobRunTime == null) || (!propertyConstants.isBatchJobStatusCheck())));
    logger.debug("maxBomUpdatedDate:: " + maxBomUpdatedDate);
    logger.debug("isBatchJobStatusCheck::" + propertyConstants.isBatchJobStatusCheck());
    if ((getLastSuccessfulJobRunTime != null && maxBomUpdatedDate.after(getLastSuccessfulJobRunTime)) || (getLastSuccessfulJobRunTime == null) || (!propertyConstants.isBatchJobStatusCheck())) {
        // Get the vulnerabilities for all Hub project versions and merge it
        List<Vulnerability> mergedVulnerabilities = mergeVulnerabilities(hubProjectVersions, projectVersionItems);
        if (mergedVulnerabilities.size() > 0) {
            if (hubProjectVersions.size() > 1) {
                // Removing Duplicates within multiple Hub Project Versions.
                mergedVulnerabilities = VulnerabilityUtil.removeDuplicates(mergedVulnerabilities);
            }
            final String fileDir = propertyConstants.getReportDir();
            final String fileName = hubProjectVersions.get(0).getHubProject() + UNDERSCORE + hubProjectVersions.get(0).getHubProjectVersion() + UNDERSCORE + DateTimeFormatter.ofPattern("yyyyMMddHHmmssSSS").format(LocalDateTime.now()) + ".csv";
            // Write the vulnerabilities to CSV
            CSVUtils.writeToCSV(mergedVulnerabilities, fileDir + fileName, ',');
            // Get the file token for upload
            String token = getFileToken();
            // Upload the vulnerabilities CSV to Fortify
            uploadCSV(token, fileDir + fileName, blackDuckFortifyMapperGroup.getFortifyApplicationId());
            // Delete the file token that is created for upload
            fortifyFileTokenApi.deleteFileToken();
        }
    }
    return true;
}
Also used : HubProjectVersion(com.blackducksoftware.integration.fortify.batch.model.HubProjectVersion) ProjectVersionView(com.blackducksoftware.integration.hub.api.generated.view.ProjectVersionView) Vulnerability(com.blackducksoftware.integration.fortify.batch.model.Vulnerability) Date(java.util.Date)

Example 3 with HubProjectVersion

use of com.blackducksoftware.integration.fortify.batch.model.HubProjectVersion in project hub-fortify-ssc-integration-service by blackducksoftware.

the class BlackDuckFortifyPushThread method getProjectVersionItemsAndMaxBomUpdatedDate.

/**
 * Iterate the hub project versions mapper and get the project version view for each item and calculate the max BOM
 * updated date
 *
 * @param hubProjectVersions
 * @return
 * @throws IllegalArgumentException
 * @throws IntegrationException
 */
private List<ProjectVersionView> getProjectVersionItemsAndMaxBomUpdatedDate(final List<HubProjectVersion> hubProjectVersions) throws IllegalArgumentException, IntegrationException {
    List<ProjectVersionView> projectVersionItems = new ArrayList<>();
    for (HubProjectVersion hubProjectVersion : hubProjectVersions) {
        String projectName = hubProjectVersion.getHubProject();
        String projectVersion = hubProjectVersion.getHubProjectVersion();
        // Get the project version
        final ProjectVersionView projectVersionItem = hubServices.getProjectVersion(projectName, projectVersion);
        projectVersionItems.add(projectVersionItem);
        Date bomUpdatedValueAt = hubServices.getBomLastUpdatedAt(projectVersionItem);
        if (maxBomUpdatedDate == null || bomUpdatedValueAt.after(maxBomUpdatedDate)) {
            maxBomUpdatedDate = bomUpdatedValueAt;
        }
        logger.debug("bomUpdatedValueAt::" + bomUpdatedValueAt);
    }
    return projectVersionItems;
}
Also used : HubProjectVersion(com.blackducksoftware.integration.fortify.batch.model.HubProjectVersion) ProjectVersionView(com.blackducksoftware.integration.hub.api.generated.view.ProjectVersionView) ArrayList(java.util.ArrayList) Date(java.util.Date)

Example 4 with HubProjectVersion

use of com.blackducksoftware.integration.fortify.batch.model.HubProjectVersion in project hub-fortify-ssc-integration-service by blackducksoftware.

the class MappingParser method buildGroupedMappings.

/**
 * This method, groups multiple Hub projects mapped to the same Fortify application.
 *
 * @param blackDuckFortifyMappers
 * @return
 * @throws IOException
 * @throws IntegrationException
 */
private List<BlackDuckFortifyMapperGroup> buildGroupedMappings(List<BlackDuckFortifyMapper> blackDuckFortifyMappers) throws IOException, IntegrationException {
    Map<String, BlackDuckFortifyMapperGroup> mappings = new HashMap<>();
    try {
        for (BlackDuckFortifyMapper blackDuckFortifyMapper : blackDuckFortifyMappers) {
            int applicationId;
            List<HubProjectVersion> hubProjectVersions = new ArrayList<>();
            BlackDuckFortifyMapperGroup blackDuckFortifyMapperGroup;
            HubProjectVersion hubProjectVersion = new HubProjectVersion(blackDuckFortifyMapper.getHubProject(), blackDuckFortifyMapper.getHubProjectVersion());
            String key = blackDuckFortifyMapper.getFortifyApplication() + '_' + blackDuckFortifyMapper.getFortifyApplicationVersion();
            if (mappings.containsKey(key)) {
                blackDuckFortifyMapperGroup = mappings.get(key);
                hubProjectVersions = blackDuckFortifyMapperGroup.getHubProjectVersion();
                applicationId = blackDuckFortifyMapperGroup.getFortifyApplicationId();
            } else {
                applicationId = getFortifyApplicationId(blackDuckFortifyMapper);
            }
            hubProjectVersions.add(hubProjectVersion);
            blackDuckFortifyMapperGroup = new BlackDuckFortifyMapperGroup(blackDuckFortifyMapper.getFortifyApplication(), blackDuckFortifyMapper.getFortifyApplicationVersion(), hubProjectVersions, applicationId);
            mappings.put(key, blackDuckFortifyMapperGroup);
        }
    } catch (IOException ioe) {
        logger.error(ioe.getMessage(), ioe);
        throw new IOException(ioe);
    }
    return new ArrayList<>(mappings.values());
}
Also used : HubProjectVersion(com.blackducksoftware.integration.fortify.batch.model.HubProjectVersion) HashMap(java.util.HashMap) BlackDuckFortifyMapper(com.blackducksoftware.integration.fortify.batch.model.BlackDuckFortifyMapper) ArrayList(java.util.ArrayList) BlackDuckFortifyMapperGroup(com.blackducksoftware.integration.fortify.batch.model.BlackDuckFortifyMapperGroup) IOException(java.io.IOException) JsonIOException(com.google.gson.JsonIOException)

Aggregations

HubProjectVersion (com.blackducksoftware.integration.fortify.batch.model.HubProjectVersion)4 ArrayList (java.util.ArrayList)3 Vulnerability (com.blackducksoftware.integration.fortify.batch.model.Vulnerability)2 ProjectVersionView (com.blackducksoftware.integration.hub.api.generated.view.ProjectVersionView)2 Date (java.util.Date)2 BlackDuckFortifyMapper (com.blackducksoftware.integration.fortify.batch.model.BlackDuckFortifyMapper)1 BlackDuckFortifyMapperGroup (com.blackducksoftware.integration.fortify.batch.model.BlackDuckFortifyMapperGroup)1 VulnerableComponentView (com.blackducksoftware.integration.hub.api.generated.view.VulnerableComponentView)1 JsonIOException (com.google.gson.JsonIOException)1 IOException (java.io.IOException)1 HashMap (java.util.HashMap)1