Examples with Vulnerability com.epam.pipeline.entity.scan.Vulnerability used on opensource projects

Search in sources :

Example 1 with Vulnerability

use of com.epam.pipeline.entity.scan.Vulnerability in project cloud-pipeline by epam.

the class ToolVulnerabilityDaoTest method createVulnerability.

private Vulnerability createVulnerability(Tool tool, String version, String name, String feature, String featureVersion) {
    Vulnerability vulnerability = buildVulnerability(name, feature, featureVersion);
    toolVulnerabilityDao.createVulnerabilityRecords(Collections.singletonList(vulnerability), tool.getId(), version);
    return vulnerability;
}
Also used : Vulnerability(com.epam.pipeline.entity.scan.Vulnerability)

Example 2 with Vulnerability

use of com.epam.pipeline.entity.scan.Vulnerability in project cloud-pipeline by epam.

the class ToolVulnerabilityDaoTest method buildVulnerability.

private Vulnerability buildVulnerability(String name, String feature, String featureVersion) {
    Vulnerability vulnerability = new Vulnerability();
    vulnerability.setCreatedDate(new Date());
    vulnerability.setName(name);
    vulnerability.setDescription("testDescription");
    vulnerability.setLink("///");
    vulnerability.setSeverity(VulnerabilitySeverity.High);
    vulnerability.setFeature(feature);
    vulnerability.setFeatureVersion(featureVersion);
    vulnerability.setFixedBy("testFixer");
    return vulnerability;
}
Also used : Vulnerability(com.epam.pipeline.entity.scan.Vulnerability) Date(java.util.Date)

Example 3 with Vulnerability

use of com.epam.pipeline.entity.scan.Vulnerability in project cloud-pipeline by epam.

the class TestUtils method createVulnerability.

public static Vulnerability createVulnerability(VulnerabilitySeverity severity) {
    Vulnerability v = new Vulnerability();
    v.setSeverity(severity);
    return v;
}
Also used : Vulnerability(com.epam.pipeline.entity.scan.Vulnerability)

Example 4 with Vulnerability

use of com.epam.pipeline.entity.scan.Vulnerability in project cloud-pipeline by epam.

the class AggregatingToolScanManager method convertResults.

private ToolVersionScanResult convertResults(ClairScanResult clairScanResult, DockerComponentScanResult compScanResult, Tool tool, String tag, String digest) {
    List<Vulnerability> vulnerabilities = Optional.ofNullable(clairScanResult).map(result -> ListUtils.emptyIfNull(result.getFeatures()).stream()).orElse(Stream.empty()).flatMap(f -> f.getVulnerabilities() != null ? f.getVulnerabilities().stream().map(v -> {
        Vulnerability vulnerability = new Vulnerability();
        vulnerability.setName(v.getName());
        vulnerability.setDescription(v.getDescription());
        vulnerability.setFixedBy(v.getFixedBy());
        vulnerability.setLink(v.getLink());
        vulnerability.setSeverity(v.getSeverity());
        vulnerability.setFeature(f.getName());
        vulnerability.setFeatureVersion(f.getVersion());
        return vulnerability;
    }) : Stream.empty()).collect(Collectors.toList());
    LOGGER.debug("Found: " + vulnerabilities.size() + " vulnerabilities for " + tool.getImage() + ":" + tag);
    // Concat dependencies from Clair and DockerCompScan
    List<ToolDependency> dependencies = Stream.concat(Optional.ofNullable(compScanResult).map(result -> ListUtils.emptyIfNull(result.getLayers()).stream()).orElse(Stream.empty()).flatMap(l -> l.getDependencies().stream().peek(dependency -> {
        dependency.setToolVersion(tag);
        dependency.setToolId(tool.getId());
    })), Optional.ofNullable(clairScanResult).map(result -> ListUtils.emptyIfNull(result.getFeatures()).stream()).orElse(Stream.empty()).map(f -> new ToolDependency(tool.getId(), tag, f.getName(), f.getVersion(), ToolDependency.Ecosystem.SYSTEM, null))).collect(Collectors.toList());
    LOGGER.debug("Found: " + dependencies.size() + " dependencies for " + tool.getImage() + ":" + tag);
    return new ToolVersionScanResult(tag, vulnerabilities, dependencies, ToolScanStatus.COMPLETED, clairScanResult.getName(), digest);
}
Also used : DockerComponentScanResult(com.epam.pipeline.manager.docker.scan.dockercompscan.DockerComponentScanResult) Arrays(java.util.Arrays) LoggerFactory(org.slf4j.LoggerFactory) SystemPreferences(com.epam.pipeline.manager.preference.SystemPreferences) Autowired(org.springframework.beans.factory.annotation.Autowired) ManifestV2(com.epam.pipeline.entity.docker.ManifestV2) Vulnerability(com.epam.pipeline.entity.scan.Vulnerability) URLUtils(com.epam.pipeline.utils.URLUtils) StringUtils(org.apache.commons.lang3.StringUtils) DeserializationFeature(com.fasterxml.jackson.databind.DeserializationFeature) ToolDependency(com.epam.pipeline.entity.scan.ToolDependency) MessageHelper(com.epam.pipeline.common.MessageHelper) ListUtils(org.apache.commons.collections4.ListUtils) Map(java.util.Map) VulnerabilitySeverity(com.epam.pipeline.entity.scan.VulnerabilitySeverity) DateUtils(com.epam.pipeline.entity.utils.DateUtils) ClairService(com.epam.pipeline.manager.docker.scan.clair.ClairService) UUID(java.util.UUID) Instant(java.time.Instant) Collectors(java.util.stream.Collectors) Retrofit(retrofit2.Retrofit) Tool(com.epam.pipeline.entity.pipeline.Tool) List(java.util.List) ClairScanResult(com.epam.pipeline.manager.docker.scan.clair.ClairScanResult) Stream(java.util.stream.Stream) JacksonConverterFactory(retrofit2.converter.jackson.JacksonConverterFactory) PostConstruct(javax.annotation.PostConstruct) Optional(java.util.Optional) StringPreference(com.epam.pipeline.manager.preference.AbstractSystemPreference.StringPreference) DockerClientFactory(com.epam.pipeline.manager.docker.DockerClientFactory) Call(retrofit2.Call) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ToolScanPolicy(com.epam.pipeline.entity.scan.ToolScanPolicy) MessageConstants(com.epam.pipeline.common.MessageConstants) ToolManager(com.epam.pipeline.manager.pipeline.ToolManager) ToolScanExternalServiceException(com.epam.pipeline.exception.ToolScanExternalServiceException) HashMap(java.util.HashMap) Response(retrofit2.Response) ClairScanRequest(com.epam.pipeline.manager.docker.scan.clair.ClairScanRequest) DockerRegistryManager(com.epam.pipeline.manager.docker.DockerRegistryManager) MapperFeature(com.fasterxml.jackson.databind.MapperFeature) Service(org.springframework.stereotype.Service) DockerComponentScanService(com.epam.pipeline.manager.docker.scan.dockercompscan.DockerComponentScanService) ToolScanStatus(com.epam.pipeline.entity.pipeline.ToolScanStatus) DockerComponentLayerScanResult(com.epam.pipeline.manager.docker.scan.dockercompscan.DockerComponentLayerScanResult) AbstractSystemPreference(com.epam.pipeline.manager.preference.AbstractSystemPreference) PreferenceManager(com.epam.pipeline.manager.preference.PreferenceManager) Logger(org.slf4j.Logger) DockerComponentScanRequest(com.epam.pipeline.manager.docker.scan.dockercompscan.DockerComponentScanRequest) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) IOException(java.io.IOException) TimeUnit(java.util.concurrent.TimeUnit) DockerRegistry(com.epam.pipeline.entity.pipeline.DockerRegistry) URLEncoder(java.net.URLEncoder) OkHttpClient(okhttp3.OkHttpClient) ToolVersionScanResult(com.epam.pipeline.entity.scan.ToolVersionScanResult) DockerClient(com.epam.pipeline.manager.docker.DockerClient) ToolVersionScanResult(com.epam.pipeline.entity.scan.ToolVersionScanResult) Vulnerability(com.epam.pipeline.entity.scan.Vulnerability) ToolDependency(com.epam.pipeline.entity.scan.ToolDependency)

Example 5 with Vulnerability

use of com.epam.pipeline.entity.scan.Vulnerability in project cloud-pipeline by epam.

the class ToolVulnerabilityDaoTest method testLoadVulnerabilities.

@Test
@Transactional(propagation = Propagation.REQUIRES_NEW)
public void testLoadVulnerabilities() {
    Vulnerability vulnerability = createVulnerability(tool, LATEST_VERSION);
    List<Vulnerability> vulnerabilities = toolVulnerabilityDao.loadVulnerabilities(tool.getId(), LATEST_VERSION);
    Assert.assertFalse(vulnerabilities.isEmpty());
    Vulnerability loaded = vulnerabilities.get(0);
    TestUtils.checkEquals(vulnerability, loaded, objectMapper);
}
Also used : Vulnerability(com.epam.pipeline.entity.scan.Vulnerability) Test(org.junit.Test) AbstractSpringTest(com.epam.pipeline.AbstractSpringTest) Transactional(org.springframework.transaction.annotation.Transactional)

Aggregations

Vulnerability (com.epam.pipeline.entity.scan.Vulnerability)7 AbstractSpringTest (com.epam.pipeline.AbstractSpringTest)2 ManifestV2 (com.epam.pipeline.entity.docker.ManifestV2)2 ToolScanStatus (com.epam.pipeline.entity.pipeline.ToolScanStatus)2 ToolVersionScanResult (com.epam.pipeline.entity.scan.ToolVersionScanResult)2 VulnerabilitySeverity (com.epam.pipeline.entity.scan.VulnerabilitySeverity)2 DockerClient (com.epam.pipeline.manager.docker.DockerClient)2 DockerClientFactory (com.epam.pipeline.manager.docker.DockerClientFactory)2 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 List (java.util.List)2 Map (java.util.Map)2 Optional (java.util.Optional)2 Collectors (java.util.stream.Collectors)2 Test (org.junit.Test)2 Transactional (org.springframework.transaction.annotation.Transactional)2 MessageConstants (com.epam.pipeline.common.MessageConstants)1 MessageHelper (com.epam.pipeline.common.MessageHelper)1 ToolVersion (com.epam.pipeline.entity.docker.ToolVersion)1 DockerRegistry (com.epam.pipeline.entity.pipeline.DockerRegistry)1 Tool (com.epam.pipeline.entity.pipeline.Tool)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial