Example 1 with Vulnerability
use of com.blackducksoftware.integration.fortify.batch.model.Vulnerability in project hub-fortify-ssc-integration-service by blackducksoftware.
the class BlackDuckFortifyPushThread method mergeVulnerabilities.
/**
* Iterate the hub project versions and find the vulnerabilities for Hub project version and transform the
* vulnerability component view to CSV vulnerability view and merge all the vulnerabilities
*
* @param hubProjectVersions
* @param projectVersionItems
* @return
* @throws IntegrationException
* @throws IllegalArgumentException
*/
private List<Vulnerability> mergeVulnerabilities(final List<HubProjectVersion> hubProjectVersions, final List<ProjectVersionView> projectVersionItems) throws IllegalArgumentException, IntegrationException {
int index = 0;
List<Vulnerability> mergedVulnerabilities = new ArrayList<>();
for (HubProjectVersion hubProjectVersion : hubProjectVersions) {
// Get the Vulnerability information
final List<VulnerableComponentView> vulnerableComponentViews = hubServices.getVulnerabilityComponentViews(projectVersionItems.get(index));
index++;
// Convert the Hub Vulnerability component view to CSV Vulnerability object
List<Vulnerability> vulnerabilities = VulnerabilityUtil.transformMapping(vulnerableComponentViews, hubProjectVersion.getHubProject(), hubProjectVersion.getHubProjectVersion(), maxBomUpdatedDate, propertyConstants);
// Add the vulnerabilities to the main list
mergedVulnerabilities.addAll(vulnerabilities);
}
return mergedVulnerabilities;
}
Also used :
HubProjectVersion(com.blackducksoftware.integration.fortify.batch.model.HubProjectVersion)
ArrayList(java.util.ArrayList)
Vulnerability(com.blackducksoftware.integration.fortify.batch.model.Vulnerability)
VulnerableComponentView(com.blackducksoftware.integration.hub.api.generated.view.VulnerableComponentView)
Example 2 with Vulnerability
use of com.blackducksoftware.integration.fortify.batch.model.Vulnerability in project hub-fortify-ssc-integration-service by blackducksoftware.
the class BlackDuckFortifyPushThread method call.
@Override
public Boolean call() throws DateTimeParseException, IntegrationException, IllegalArgumentException, JsonGenerationException, JsonMappingException, FileNotFoundException, UnsupportedEncodingException, IOException {
logger.info("blackDuckFortifyMapper::" + blackDuckFortifyMapperGroup.toString());
final List<HubProjectVersion> hubProjectVersions = blackDuckFortifyMapperGroup.getHubProjectVersion();
// Get the last successful runtime of the job
final Date getLastSuccessfulJobRunTime = getLastSuccessfulJobRunTime(propertyConstants.getBatchJobStatusFilePath());
logger.debug("Last successful job excecution:" + getLastSuccessfulJobRunTime);
// Get the project version view from Hub and calculate the max BOM updated date
final List<ProjectVersionView> projectVersionItems = getProjectVersionItemsAndMaxBomUpdatedDate(hubProjectVersions);
logger.info("Compare Dates: " + ((getLastSuccessfulJobRunTime != null && maxBomUpdatedDate.after(getLastSuccessfulJobRunTime)) || (getLastSuccessfulJobRunTime == null) || (!propertyConstants.isBatchJobStatusCheck())));
logger.debug("maxBomUpdatedDate:: " + maxBomUpdatedDate);
logger.debug("isBatchJobStatusCheck::" + propertyConstants.isBatchJobStatusCheck());
if ((getLastSuccessfulJobRunTime != null && maxBomUpdatedDate.after(getLastSuccessfulJobRunTime)) || (getLastSuccessfulJobRunTime == null) || (!propertyConstants.isBatchJobStatusCheck())) {
// Get the vulnerabilities for all Hub project versions and merge it
List<Vulnerability> mergedVulnerabilities = mergeVulnerabilities(hubProjectVersions, projectVersionItems);
if (mergedVulnerabilities.size() > 0) {
if (hubProjectVersions.size() > 1) {
// Removing Duplicates within multiple Hub Project Versions.
mergedVulnerabilities = VulnerabilityUtil.removeDuplicates(mergedVulnerabilities);
}
final String fileDir = propertyConstants.getReportDir();
final String fileName = hubProjectVersions.get(0).getHubProject() + UNDERSCORE + hubProjectVersions.get(0).getHubProjectVersion() + UNDERSCORE + DateTimeFormatter.ofPattern("yyyyMMddHHmmssSSS").format(LocalDateTime.now()) + ".csv";
// Write the vulnerabilities to CSV
CSVUtils.writeToCSV(mergedVulnerabilities, fileDir + fileName, ',');
// Get the file token for upload
String token = getFileToken();
// Upload the vulnerabilities CSV to Fortify
uploadCSV(token, fileDir + fileName, blackDuckFortifyMapperGroup.getFortifyApplicationId());
// Delete the file token that is created for upload
fortifyFileTokenApi.deleteFileToken();
}
}
return true;
}
Also used :
HubProjectVersion(com.blackducksoftware.integration.fortify.batch.model.HubProjectVersion)
ProjectVersionView(com.blackducksoftware.integration.hub.api.generated.view.ProjectVersionView)
Vulnerability(com.blackducksoftware.integration.fortify.batch.model.Vulnerability)
Date(java.util.Date)
Example 3 with Vulnerability
use of com.blackducksoftware.integration.fortify.batch.model.Vulnerability in project hub-fortify-ssc-integration-service by blackducksoftware.
the class VulnerabilityUtil method transformMapping.
/**
* It will convert Hub Component view to CSV Vulnerability view
*
* @param vulnerabilityComponentViews
* @param hubProjectName
* @param hubProjectVersion
* @return List<Vulnerability>
*/
public static List<Vulnerability> transformMapping(List<VulnerableComponentView> vulnerabilityComponentViews, String hubProjectName, String hubProjectVersion, Date maxBomUpdatedDate, PropertyConstants propertyConstants) {
List<Vulnerability> vulnerabilities = new ArrayList<>();
vulnerabilityComponentViews.forEach(vulnerableComponentView -> {
String[] componentVersionLinkArr = vulnerableComponentView.componentVersion.split("/");
Vulnerability vulnerability = new Vulnerability(String.valueOf(hubProjectName), String.valueOf(hubProjectVersion), String.valueOf(componentVersionLinkArr[5]), String.valueOf(componentVersionLinkArr[7]), "", String.valueOf(vulnerableComponentView.componentName), String.valueOf(vulnerableComponentView.componentVersionName), String.valueOf(vulnerableComponentView.componentVersionOriginName), String.valueOf(vulnerableComponentView.componentVersionOriginId), String.valueOf(vulnerableComponentView.componentVersionName), String.valueOf(vulnerableComponentView.vulnerabilityWithRemediation.vulnerabilityName), String.valueOf(vulnerableComponentView.vulnerabilityWithRemediation.description.replaceAll("\\r\\n", "")), vulnerableComponentView.vulnerabilityWithRemediation.vulnerabilityPublishedDate, vulnerableComponentView.vulnerabilityWithRemediation.vulnerabilityUpdatedDate, vulnerableComponentView.vulnerabilityWithRemediation.baseScore, vulnerableComponentView.vulnerabilityWithRemediation.exploitabilitySubscore, vulnerableComponentView.vulnerabilityWithRemediation.impactSubscore, String.valueOf(vulnerableComponentView.vulnerabilityWithRemediation.source.toString()), propertyConstants.getHubServerUrl() + "/api/vulnerabilities/" + String.valueOf(vulnerableComponentView.vulnerabilityWithRemediation.vulnerabilityName), String.valueOf(vulnerableComponentView.vulnerabilityWithRemediation.remediationStatus.toString()), vulnerableComponentView.vulnerabilityWithRemediation.remediationTargetAt, vulnerableComponentView.vulnerabilityWithRemediation.remediationActualAt, String.valueOf(""), VulnerabilityWithRemediationSourceType.NVD.equals(vulnerableComponentView.vulnerabilityWithRemediation.source) ? "http://web.nvd.nist.gov/view/vuln/detail?vulnId=" + vulnerableComponentView.vulnerabilityWithRemediation.vulnerabilityName : "", String.valueOf(vulnerableComponentView.vulnerabilityWithRemediation.severity.toString()), maxBomUpdatedDate);
vulnerabilities.add(vulnerability);
});
return vulnerabilities;
}
Also used :
ArrayList(java.util.ArrayList)
Vulnerability(com.blackducksoftware.integration.fortify.batch.model.Vulnerability)
Example 4 with Vulnerability
use of com.blackducksoftware.integration.fortify.batch.model.Vulnerability in project hub-fortify-ssc-integration-service by blackducksoftware.
the class CSVUtilsTest method testWriteToCSV.
@Test
public void testWriteToCSV() {
System.out.println("Executing testWriteToCSV");
ProjectVersionView projectVersionItem = null;
List<VulnerableComponentView> vulnerableComponentViews;
try {
projectVersionItem = hubServices.getProjectVersion(PROJECT_NAME, VERSION_NAME);
vulnerableComponentViews = hubServices.getVulnerabilityComponentViews(projectVersionItem);
bomUpdatedValueAt = hubServices.getBomLastUpdatedAt(projectVersionItem);
} catch (final IllegalArgumentException e1) {
e1.printStackTrace();
throw new RuntimeException(e1);
} catch (final IntegrationException e1) {
e1.printStackTrace();
throw new RuntimeException(e1);
}
System.out.println("vulnerableComponentViews size::" + vulnerableComponentViews.size());
assertNotNull(vulnerableComponentViews);
assertNotNull(bomUpdatedValueAt);
final List<Vulnerability> vulnerabilities = VulnerabilityUtil.transformMapping(vulnerableComponentViews, PROJECT_NAME, VERSION_NAME, bomUpdatedValueAt, propertyConstants);
System.out.println("vulnerabilities size::" + vulnerabilities.size());
assertEquals(vulnerableComponentViews.size(), vulnerabilities.size());
try {
// csvUtils.writeToCSV(vulnerabilities, PROJECT_NAME + "_" + VERSION_NAME + new Date(), ',');
CSVUtils.writeToCSV(vulnerabilities, "sample.csv", ',');
} catch (final Exception e) {
e.printStackTrace();
}
}
Also used :
IntegrationException(com.blackducksoftware.integration.exception.IntegrationException)
ProjectVersionView(com.blackducksoftware.integration.hub.api.generated.view.ProjectVersionView)
Vulnerability(com.blackducksoftware.integration.fortify.batch.model.Vulnerability)
VulnerableComponentView(com.blackducksoftware.integration.hub.api.generated.view.VulnerableComponentView)
IOException(java.io.IOException)
JsonIOException(com.google.gson.JsonIOException)
IntegrationException(com.blackducksoftware.integration.exception.IntegrationException)
Test(org.junit.Test)
SpringBootTest(org.springframework.boot.test.context.SpringBootTest)
Example 5 with Vulnerability
use of com.blackducksoftware.integration.fortify.batch.model.Vulnerability in project hub-fortify-ssc-integration-service by blackducksoftware.
the class CSVUtils method writeToCSV.
/**
* It will be used to render the list of vulnerabilities in CSV
*
* @param vulnerabilities
* @param fileName
* @param delimiter
* @throws JsonGenerationException
* @throws JsonMappingException
* @throws FileNotFoundException
* @throws UnsupportedEncodingException
* @throws IOException
*/
@SuppressWarnings("resource")
public static void writeToCSV(List<Vulnerability> vulnerabilities, String fileName, char delimiter) throws JsonGenerationException, JsonMappingException, FileNotFoundException, UnsupportedEncodingException, IOException {
// create mapper and schema
CsvMapper mapper = new CsvMapper();
// Create the schema with the header
CsvSchema schema = mapper.schemaFor(Vulnerability.class).withHeader();
schema = schema.withColumnSeparator(delimiter);
// output writer
ObjectWriter objectWriter = mapper.writer(schema);
File file = new File(fileName);
FileOutputStream fileOutputStream;
try {
fileOutputStream = new FileOutputStream(file);
} catch (FileNotFoundException e) {
throw new FileSystemNotFoundException(fileName + " CSV file is not created successfully");
}
BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(fileOutputStream, 1024);
OutputStreamWriter writerOutputStream;
try {
writerOutputStream = new OutputStreamWriter(bufferedOutputStream, "UTF-8");
} catch (UnsupportedEncodingException e) {
throw new UnsupportedEncodingException(e.getMessage());
}
// write to CSV file
try {
objectWriter.writeValue(writerOutputStream, vulnerabilities);
} catch (IOException e) {
throw new IOException("Error while rendering the vulnerabilities in CSV file::" + fileName, e);
}
}
Also used :
CsvSchema(com.fasterxml.jackson.dataformat.csv.CsvSchema)
FileSystemNotFoundException(java.nio.file.FileSystemNotFoundException)
CsvMapper(com.fasterxml.jackson.dataformat.csv.CsvMapper)
FileOutputStream(java.io.FileOutputStream)
FileNotFoundException(java.io.FileNotFoundException)
ObjectWriter(com.fasterxml.jackson.databind.ObjectWriter)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Vulnerability(com.blackducksoftware.integration.fortify.batch.model.Vulnerability)
OutputStreamWriter(java.io.OutputStreamWriter)
IOException(java.io.IOException)
File(java.io.File)
BufferedOutputStream(java.io.BufferedOutputStream)
Aggregations
Vulnerability (com.blackducksoftware.integration.fortify.batch.model.Vulnerability)7
ArrayList (java.util.ArrayList)4
ProjectVersionView (com.blackducksoftware.integration.hub.api.generated.view.ProjectVersionView)3
IOException (java.io.IOException)3
IntegrationException (com.blackducksoftware.integration.exception.IntegrationException)2
HubProjectVersion (com.blackducksoftware.integration.fortify.batch.model.HubProjectVersion)2
VulnerableComponentView (com.blackducksoftware.integration.hub.api.generated.view.VulnerableComponentView)2
JsonIOException (com.google.gson.JsonIOException)2
FileNotFoundException (java.io.FileNotFoundException)2
FileOutputStream (java.io.FileOutputStream)2
OutputStreamWriter (java.io.OutputStreamWriter)2
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
Date (java.util.Date)2
Test (org.junit.Test)2
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)2
ObjectWriter (com.fasterxml.jackson.databind.ObjectWriter)1
CsvMapper (com.fasterxml.jackson.dataformat.csv.CsvMapper)1
CsvSchema (com.fasterxml.jackson.dataformat.csv.CsvSchema)1
BufferedOutputStream (java.io.BufferedOutputStream)1
BufferedWriter (java.io.BufferedWriter)1
