Examples with Vulnerability - org.eclipse.sw360.datahandler.thrift.vulnerabilities.Vulnerability

Example 26 with Vulnerability

use of org.eclipse.sw360.datahandler.thrift.vulnerabilities.Vulnerability in project sw360portal by sw360.

the class ComponentPortlet method updateVulnerabilityVerification.

private void updateVulnerabilityVerification(ResourceRequest request, ResourceResponse response) throws IOException {
    String[] releaseIds = request.getParameterValues(PortalConstants.RELEASE_IDS + "[]");
    String[] vulnerabilityIds = request.getParameterValues(PortalConstants.VULNERABILITY_IDS + "[]");
    User user = UserCacheHolder.getUserFromRequest(request);
    VulnerabilityService.Iface vulClient = thriftClients.makeVulnerabilityClient();
    RequestStatus requestStatus = RequestStatus.SUCCESS;
    try {
        if (vulnerabilityIds.length != releaseIds.length) {
            throw new SW360Exception("Length of vulnerabilities (" + vulnerabilityIds.length + ") does not match the length of releases (" + releaseIds.length + ")!");
        }
        for (int i = 0; i < vulnerabilityIds.length; i++) {
            String vulnerabilityId = vulnerabilityIds[i];
            String releaseId = releaseIds[i];
            Vulnerability dbVulnerability = vulClient.getVulnerabilityByExternalId(vulnerabilityId, user);
            ReleaseVulnerabilityRelation dbRelation = vulClient.getRelationByIds(releaseId, dbVulnerability.getId(), user);
            ReleaseVulnerabilityRelation resultRelation = ComponentPortletUtils.updateReleaseVulnerabilityRelationFromRequest(dbRelation, request);
            requestStatus = vulClient.updateReleaseVulnerabilityRelation(resultRelation, user);
            if (requestStatus != RequestStatus.SUCCESS) {
                break;
            }
        }
    } catch (TException e) {
        log.error("Error updating vulnerability verification in backend.", e);
        requestStatus = RequestStatus.FAILURE;
    }
    JSONObject responseData = JSONFactoryUtil.createJSONObject();
    responseData.put(PortalConstants.REQUEST_STATUS, requestStatus.toString());
    PrintWriter writer = response.getWriter();
    writer.write(responseData.toString());
}

Also used : TException(org.apache.thrift.TException) User(org.eclipse.sw360.datahandler.thrift.users.User) VulnerabilityService(org.eclipse.sw360.datahandler.thrift.vulnerabilities.VulnerabilityService) Vulnerability(org.eclipse.sw360.datahandler.thrift.vulnerabilities.Vulnerability) JSONObject(com.liferay.portal.kernel.json.JSONObject) ReleaseVulnerabilityRelation(org.eclipse.sw360.datahandler.thrift.vulnerabilities.ReleaseVulnerabilityRelation) PrintWriter(java.io.PrintWriter)

Example 27 with Vulnerability

use of org.eclipse.sw360.datahandler.thrift.vulnerabilities.Vulnerability in project sw360portal by sw360.

the class ComponentPortlet method putVulnerabilityMetadatasInRequest.

private void putVulnerabilityMetadatasInRequest(RenderRequest request, List<VulnerabilityDTO> vuls) {
    Map<String, Map<String, String>> vulnerabilityTooltips = new HashMap<>();
    Map<String, Map<String, VerificationState>> vulnerabilityVerifications = new HashMap<>();
    for (VulnerabilityDTO vulnerability : vuls) {
        addToVulnerabilityVerifications(vulnerabilityVerifications, vulnerabilityTooltips, vulnerability);
    }
    long numberOfCorrectVuls = vuls.stream().filter(vul -> !VerificationState.INCORRECT.equals(getVerificationState(vul))).map(vul -> vul.getExternalId()).collect(Collectors.toSet()).size();
    request.setAttribute(NUMBER_OF_CHECKED_OR_UNCHECKED_VULNERABILITIES, numberOfCorrectVuls);
    if (PermissionUtils.isAdmin(UserCacheHolder.getUserFromRequest(request))) {
        long numberOfIncorrectVuls = vuls.stream().filter(v -> VerificationState.INCORRECT.equals(getVerificationState(v))).map(vul -> vul.getExternalId()).collect(Collectors.toSet()).size();
        request.setAttribute(NUMBER_OF_INCORRECT_VULNERABILITIES, numberOfIncorrectVuls);
    }
    request.setAttribute(PortalConstants.VULNERABILITY_VERIFICATIONS, vulnerabilityVerifications);
    request.setAttribute(PortalConstants.VULNERABILITY_VERIFICATION_TOOLTIPS, vulnerabilityTooltips);
}

Also used : SW360Constants(org.eclipse.sw360.datahandler.common.SW360Constants) ContentTypes(com.liferay.portal.kernel.util.ContentTypes) PortletURLFactoryUtil(com.liferay.portlet.PortletURLFactoryUtil) User(org.eclipse.sw360.datahandler.thrift.users.User) TSimpleJSONProtocol(org.apache.thrift.protocol.TSimpleJSONProtocol) WebKeys(com.liferay.portal.kernel.util.WebKeys) TSerializer(org.apache.thrift.TSerializer) PortalUtil(com.liferay.portal.util.PortalUtil) Logger(org.apache.log4j.Logger) SW360Utils.printName(org.eclipse.sw360.datahandler.common.SW360Utils.printName) CONTENT_TYPE_OPENXML_SPREADSHEET(org.eclipse.sw360.datahandler.common.SW360Constants.CONTENT_TYPE_OPENXML_SPREADSHEET) Attachment(org.eclipse.sw360.datahandler.thrift.attachments.Attachment) ThriftEnumUtils(org.eclipse.sw360.datahandler.common.ThriftEnumUtils) VulnerabilityDTO(org.eclipse.sw360.datahandler.thrift.vulnerabilities.VulnerabilityDTO) LifeRayUserSession(org.eclipse.sw360.portal.users.LifeRayUserSession) Project(org.eclipse.sw360.datahandler.thrift.projects.Project) Vulnerability(org.eclipse.sw360.datahandler.thrift.vulnerabilities.Vulnerability) PrintWriter(java.io.PrintWriter) CveSearchService(org.eclipse.sw360.datahandler.thrift.cvesearch.CveSearchService) ComponentExporter(org.eclipse.sw360.exporter.ComponentExporter) UserGroup(org.eclipse.sw360.datahandler.thrift.users.UserGroup) PermissionUtils(org.eclipse.sw360.datahandler.permissions.PermissionUtils) org.eclipse.sw360.portal.common(org.eclipse.sw360.portal.common) VulnerabilityUpdateStatus(org.eclipse.sw360.datahandler.thrift.cvesearch.VulnerabilityUpdateStatus) Collectors(java.util.stream.Collectors) Sets(com.google.common.collect.Sets) ThemeDisplay(com.liferay.portal.theme.ThemeDisplay) CommonUtils(org.eclipse.sw360.datahandler.common.CommonUtils) VendorService(org.eclipse.sw360.datahandler.thrift.vendors.VendorService) ReleaseVulnerabilityRelation(org.eclipse.sw360.datahandler.thrift.vulnerabilities.ReleaseVulnerabilityRelation) VulnerabilityService(org.eclipse.sw360.datahandler.thrift.vulnerabilities.VulnerabilityService) org.eclipse.sw360.datahandler.thrift.components(org.eclipse.sw360.datahandler.thrift.components) LiferayPortletURL(com.liferay.portal.kernel.portlet.LiferayPortletURL) java.util(java.util) Strings.nullToEmpty(com.google.common.base.Strings.nullToEmpty) JsonGenerator(com.fasterxml.jackson.core.JsonGenerator) PortletResponseUtil(com.liferay.portal.kernel.portlet.PortletResponseUtil) Strings.isNullOrEmpty(com.google.common.base.Strings.isNullOrEmpty) ProjectService(org.eclipse.sw360.datahandler.thrift.projects.ProjectService) org.eclipse.sw360.datahandler.thrift(org.eclipse.sw360.datahandler.thrift) ImmutableList(com.google.common.collect.ImmutableList) SessionMessages(com.liferay.portal.kernel.servlet.SessionMessages) PortletUtils.getVerificationState(org.eclipse.sw360.portal.common.PortletUtils.getVerificationState) JsonGenerationException(com.fasterxml.jackson.core.JsonGenerationException) javax.portlet(javax.portlet) SW360Utils(org.eclipse.sw360.datahandler.common.SW360Utils) RequestedAction(org.eclipse.sw360.datahandler.thrift.users.RequestedAction) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Vendor(org.eclipse.sw360.datahandler.thrift.vendors.Vendor) HttpServletResponse(javax.servlet.http.HttpServletResponse) TException(org.apache.thrift.TException) JSONFactoryUtil(com.liferay.portal.kernel.json.JSONFactoryUtil) IOException(java.io.IOException) JSONObject(com.liferay.portal.kernel.json.JSONObject) FossologyAwarePortlet(org.eclipse.sw360.portal.portlets.FossologyAwarePortlet) JsonFactory(com.fasterxml.jackson.core.JsonFactory) UserCacheHolder(org.eclipse.sw360.portal.users.UserCacheHolder) PortalConstants(org.eclipse.sw360.portal.common.PortalConstants) VulnerabilityDTO(org.eclipse.sw360.datahandler.thrift.vulnerabilities.VulnerabilityDTO)

Example 28 with Vulnerability

use of org.eclipse.sw360.datahandler.thrift.vulnerabilities.Vulnerability in project sw360portal by sw360.

the class ComponentPortlet method addToVulnerabilityVerifications.

private void addToVulnerabilityVerifications(Map<String, Map<String, VerificationState>> vulnerabilityVerifications, Map<String, Map<String, String>> vulnerabilityTooltips, VulnerabilityDTO vulnerability) {
    String vulnerabilityId = vulnerability.getExternalId();
    String releaseId = vulnerability.getIntReleaseId();
    Map<String, VerificationState> vulnerabilityVerification = vulnerabilityVerifications.computeIfAbsent(vulnerabilityId, k -> new HashMap<>());
    Map<String, String> vulnerabilityTooltip = vulnerabilityTooltips.computeIfAbsent(vulnerabilityId, k -> new HashMap<>());
    ReleaseVulnerabilityRelation relation = vulnerability.getReleaseVulnerabilityRelation();
    if (!relation.isSetVerificationStateInfo()) {
        vulnerabilityVerification.put(releaseId, VerificationState.NOT_CHECKED);
        vulnerabilityTooltip.put(releaseId, "Not checked yet.");
    } else {
        List<VerificationStateInfo> infoHistory = relation.getVerificationStateInfo();
        VerificationStateInfo info = infoHistory.get(infoHistory.size() - 1);
        vulnerabilityVerification.put(releaseId, info.getVerificationState());
        vulnerabilityTooltip.put(releaseId, formatedMessageForVul(infoHistory));
    }
}

Also used : ReleaseVulnerabilityRelation(org.eclipse.sw360.datahandler.thrift.vulnerabilities.ReleaseVulnerabilityRelation) PortletUtils.getVerificationState(org.eclipse.sw360.portal.common.PortletUtils.getVerificationState)

Example 29 with Vulnerability

use of org.eclipse.sw360.datahandler.thrift.vulnerabilities.Vulnerability in project sw360portal by sw360.

the class CveSearchDataTranslatorTest method testWithApacheData.

@Test
public void testWithApacheData() throws IOException {
    List<CveSearchData> cveSearchDatas = new CveSearchApiImpl(host).search("apache", ".*");
    List<CveSearchDataTranslator.VulnerabilityWithRelation> vms = cveSearchDatas.stream().map(cveSearchData -> cveSearchDataTranslator.apply(cveSearchData)).collect(Collectors.toList());
    assert (vms != null);
    List<Vulnerability> vs = vms.stream().map(vm -> vm.vulnerability).collect(Collectors.toList());
    assert (vs.size() > 700);
}

Also used : java.util(java.util) CveSearchData(org.eclipse.sw360.cvesearch.datasource.CveSearchData) Test(org.junit.Test) IOException(java.io.IOException) CveSearchHandler(org.eclipse.sw360.cvesearch.service.CveSearchHandler) Collectors(java.util.stream.Collectors) CommonUtils(org.eclipse.sw360.datahandler.common.CommonUtils) CveSearchApiImpl(org.eclipse.sw360.cvesearch.datasource.CveSearchApiImpl) Assume(org.junit.Assume) CVEReference(org.eclipse.sw360.datahandler.thrift.vulnerabilities.CVEReference) Vulnerability(org.eclipse.sw360.datahandler.thrift.vulnerabilities.Vulnerability) Before(org.junit.Before) CveSearchDataTestHelper.isUrlReachable(org.eclipse.sw360.cvesearch.datasource.CveSearchDataTestHelper.isUrlReachable) Vulnerability(org.eclipse.sw360.datahandler.thrift.vulnerabilities.Vulnerability) CveSearchData(org.eclipse.sw360.cvesearch.datasource.CveSearchData) CveSearchApiImpl(org.eclipse.sw360.cvesearch.datasource.CveSearchApiImpl) Test(org.junit.Test)

Example 30 with Vulnerability

use of org.eclipse.sw360.datahandler.thrift.vulnerabilities.Vulnerability in project sw360portal by sw360.

the class VulnerabilityController method getVulnerability.

@RequestMapping(VULNERABILITIES_URL + "/{id}")
public ResponseEntity<HalResource<Vulnerability>> getVulnerability(@PathVariable("id") String id, OAuth2Authentication oAuth2Authentication) {
    User user = restControllerHelper.getSw360UserFromAuthentication(oAuth2Authentication);
    Vulnerability vulnerability = vulnerabilityService.getVulnerabilityByExternalId(id, user);
    HalResource<Vulnerability> vulnerabilityHalResource = createHalVulnerability(vulnerability, user);
    return new ResponseEntity<>(vulnerabilityHalResource, HttpStatus.OK);
}

Also used : ResponseEntity(org.springframework.http.ResponseEntity) User(org.eclipse.sw360.datahandler.thrift.users.User) Vulnerability(org.eclipse.sw360.datahandler.thrift.vulnerabilities.Vulnerability) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

Vulnerability (org.eclipse.sw360.datahandler.thrift.vulnerabilities.Vulnerability)28 Test (org.junit.Test)15 UpdateType (org.eclipse.sw360.datahandler.thrift.cvesearch.UpdateType)10 User (org.eclipse.sw360.datahandler.thrift.users.User)8 TException (org.apache.thrift.TException)6 VulnerabilityService (org.eclipse.sw360.datahandler.thrift.vulnerabilities.VulnerabilityService)5 ReleaseVulnerabilityRelation (org.eclipse.sw360.datahandler.thrift.vulnerabilities.ReleaseVulnerabilityRelation)4 JSONObject (com.liferay.portal.kernel.json.JSONObject)3 PrintWriter (java.io.PrintWriter)3 VulnerabilityUpdateStatus (org.eclipse.sw360.datahandler.thrift.cvesearch.VulnerabilityUpdateStatus)3 Before (org.junit.Before)3 IOException (java.io.IOException)2 java.util (java.util)2 ArrayList (java.util.ArrayList)2 Collectors (java.util.stream.Collectors)2 CommonUtils (org.eclipse.sw360.datahandler.common.CommonUtils)2 PortletUtils.getVerificationState (org.eclipse.sw360.portal.common.PortletUtils.getVerificationState)2 ResponseEntity (org.springframework.http.ResponseEntity)2 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 JsonFactory (com.fasterxml.jackson.core.JsonFactory)1