Search in sources :

Example 1 with PolicyViolationVulnerabilityView

use of com.synopsys.integration.blackduck.api.manual.view.PolicyViolationVulnerabilityView in project synopsys-detect by blackducksoftware.

the class RapidScanResultAggregator method aggregateComponentData.

private List<RapidScanComponentDetail> aggregateComponentData(List<DeveloperScanComponentResultView> results) {
    // the key is the component identifier
    List<RapidScanComponentDetail> componentDetails = new LinkedList<>();
    for (DeveloperScanComponentResultView resultView : results) {
        String componentName = resultView.getComponentName();
        RapidScanComponentDetail componentDetail = createDetail(resultView);
        componentDetails.add(componentDetail);
        RapidScanComponentGroupDetail componentGroupDetail = componentDetail.getComponentDetails();
        RapidScanComponentGroupDetail securityGroupDetail = componentDetail.getSecurityDetails();
        RapidScanComponentGroupDetail licenseGroupDetail = componentDetail.getLicenseDetails();
        // violating policy names is a super set of policy names so we have to remove the vulnerability and license.
        Set<String> policyNames = new LinkedHashSet<>(resultView.getViolatingPolicyNames());
        Set<PolicyViolationVulnerabilityView> vulnerabilityViolations = resultView.getPolicyViolationVulnerabilities();
        Set<PolicyViolationLicenseView> licenseViolations = resultView.getPolicyViolationLicenses();
        Set<String> vulnerabilityPolicyNames = vulnerabilityViolations.stream().map(PolicyViolationVulnerabilityView::getViolatingPolicyNames).flatMap(Collection::stream).collect(Collectors.toSet());
        Set<String> licensePolicyNames = licenseViolations.stream().map(PolicyViolationLicenseView::getViolatingPolicyNames).flatMap(Collection::stream).collect(Collectors.toSet());
        policyNames.removeAll(vulnerabilityPolicyNames);
        policyNames.removeAll(licensePolicyNames);
        componentGroupDetail.addPolicies(policyNames);
        securityGroupDetail.addPolicies(vulnerabilityPolicyNames);
        licenseGroupDetail.addPolicies(licensePolicyNames);
        componentGroupDetail.addMessages(resultView::getErrorMessage, resultView::getWarningMessage);
        addVulnerabilityData(vulnerabilityViolations, securityGroupDetail);
        addLicenseData(licenseViolations, licenseGroupDetail);
    }
    return componentDetails;
}
Also used : LinkedHashSet(java.util.LinkedHashSet) PolicyViolationVulnerabilityView(com.synopsys.integration.blackduck.api.manual.view.PolicyViolationVulnerabilityView) LinkedList(java.util.LinkedList) DeveloperScanComponentResultView(com.synopsys.integration.blackduck.api.manual.view.DeveloperScanComponentResultView) PolicyViolationLicenseView(com.synopsys.integration.blackduck.api.manual.view.PolicyViolationLicenseView)

Example 2 with PolicyViolationVulnerabilityView

use of com.synopsys.integration.blackduck.api.manual.view.PolicyViolationVulnerabilityView in project synopsys-detect by blackducksoftware.

the class RapidScanResultAggregatorTest method createView.

private DeveloperScanComponentResultView createView() {
    return new DeveloperScanComponentResultView() {

        @Override
        public String getComponentName() {
            return "component_1";
        }

        @Override
        public String getVersionName() {
            return "component_version_1";
        }

        @Override
        public String getComponentIdentifier() {
            return "component_1:component_version_1";
        }

        @Override
        public Set<String> getViolatingPolicyNames() {
            Set<String> policyNames = new HashSet<>();
            policyNames.add("component_policy");
            policyNames.add("vulnerability_policy");
            policyNames.add("license_policy");
            return policyNames;
        }

        @Override
        public Set<PolicyViolationVulnerabilityView> getPolicyViolationVulnerabilities() {
            Set<PolicyViolationVulnerabilityView> vulnerabilities = new HashSet<>();
            PolicyViolationVulnerabilityView view = new PolicyViolationVulnerabilityView() {

                @Override
                public String getName() {
                    return "Vulnerability violation";
                }

                @Override
                public String getDescription() {
                    return "Violation Description";
                }

                @Override
                public Set<String> getViolatingPolicyNames() {
                    return Collections.singleton("vulnerability_policy");
                }

                @Override
                public String getErrorMessage() {
                    return "vulnerability_error_1";
                }

                @Override
                public String getWarningMessage() {
                    return "vulnerability_warning_1";
                }
            };
            vulnerabilities.add(view);
            return vulnerabilities;
        }

        @Override
        public Set<PolicyViolationLicenseView> getPolicyViolationLicenses() {
            Set<PolicyViolationLicenseView> licenses = new HashSet<>();
            PolicyViolationLicenseView view = new PolicyViolationLicenseView() {

                @Override
                public String getLicenseName() {
                    return "License name";
                }

                @Override
                public Set<String> getViolatingPolicyNames() {
                    return Collections.singleton("license_policy");
                }

                @Override
                public String getErrorMessage() {
                    return "license_error_1";
                }

                @Override
                public String getWarningMessage() {
                    return "license_warning_1";
                }
            };
            licenses.add(view);
            return licenses;
        }

        @Override
        public String getErrorMessage() {
            return "component_1_error_message";
        }

        @Override
        public String getWarningMessage() {
            return "component_1_warning_message";
        }
    };
}
Also used : DeveloperScanComponentResultView(com.synopsys.integration.blackduck.api.manual.view.DeveloperScanComponentResultView) PolicyViolationVulnerabilityView(com.synopsys.integration.blackduck.api.manual.view.PolicyViolationVulnerabilityView) HashSet(java.util.HashSet) PolicyViolationLicenseView(com.synopsys.integration.blackduck.api.manual.view.PolicyViolationLicenseView)

Aggregations

DeveloperScanComponentResultView (com.synopsys.integration.blackduck.api.manual.view.DeveloperScanComponentResultView)2 PolicyViolationLicenseView (com.synopsys.integration.blackduck.api.manual.view.PolicyViolationLicenseView)2 PolicyViolationVulnerabilityView (com.synopsys.integration.blackduck.api.manual.view.PolicyViolationVulnerabilityView)2 HashSet (java.util.HashSet)1 LinkedHashSet (java.util.LinkedHashSet)1 LinkedList (java.util.LinkedList)1