Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Parse CVE objects into domain objects
Browse files Browse the repository at this point in the history
fwilhe committed May 7, 2024
1 parent e3b98ee commit 30dc1fe
Showing 11 changed files with 482 additions and 18 deletions.
2 changes: 1 addition & 1 deletion src/main/java/io/gardenlinux/glvd/GlvdController.java
Original file line number Diff line number Diff line change
@@ -29,7 +29,7 @@ ResponseEntity<Cve> getCveId(@PathVariable("cveId") final String cveId) throws N
}

@GetMapping("/{vendor}/{product}/{codename}")
ResponseEntity<List<String>> getCveDistro(@PathVariable final String vendor, @PathVariable final String product,
ResponseEntity<List<Cve>> getCveDistro(@PathVariable final String vendor, @PathVariable final String product,
@PathVariable final String codename) {
return ResponseEntity.ok().body(glvdService.getCveForDistribution(vendor, product, codename));
}
22 changes: 19 additions & 3 deletions src/main/java/io/gardenlinux/glvd/GlvdService.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
package io.gardenlinux.glvd;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.gardenlinux.glvd.db.CveRepository;
import io.gardenlinux.glvd.db.HealthCheckRepository;
import io.gardenlinux.glvd.dto.Cve;
@@ -10,6 +12,7 @@
import org.springframework.stereotype.Service;

import java.util.List;
import java.util.stream.Collectors;

@Service
public class GlvdService {
@@ -37,12 +40,25 @@ public Readiness getReadiness() throws DbNotConnectedException {
public Cve getCve(String cveId) throws NotFoundException {
var cveEntity = cveRepository.findById(cveId).orElseThrow(NotFoundException::new);
// Todo: more specific transformation from db type 'cve' to response type 'cve'
return new Cve(cveEntity.getId(), cveEntity.getLastModified(), cveEntity.getData());
try {
return new ObjectMapper().readValue(cveEntity.getData(), Cve.class);
} catch (JsonProcessingException e) {
throw new RuntimeException(e);
}

}

public List<String> getCveForDistribution(String vendor, String product, String codename) {
return cveRepository.cvesForDistribution(vendor, product, codename);
public List<Cve> getCveForDistribution(String vendor, String product, String codename) {
var entities = cveRepository.cvesForDistribution(vendor, product, codename);
var ret = List.of(entities.stream().map(cveEntity -> {
try {
return new ObjectMapper().readValue(cveEntity.getData(), Cve.class);
} catch (JsonProcessingException e) {
throw new RuntimeException(e);
}
}).collect(Collectors.toList()));

return ret.get(0);
}

}
5 changes: 3 additions & 2 deletions src/main/java/io/gardenlinux/glvd/db/CveRepository.java
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
package io.gardenlinux.glvd.db;

import io.gardenlinux.glvd.dto.Cve;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.data.jpa.repository.Query;

@@ -9,7 +10,7 @@ public interface CveRepository extends JpaRepository<CveEntity, String> {

@Query(value = """
SELECT
all_cve.data AS cveEntity
all_cve.*
FROM
all_cve
INNER JOIN deb_cve USING (cve_id)
@@ -21,6 +22,6 @@ INNER JOIN dist_cpe ON (deb_cve.dist_id = dist_cpe.id)
ORDER BY
all_cve.cve_id
""", nativeQuery = true)
List<String> cvesForDistribution(String vendor, String product, String codename);
List<CveEntity> cvesForDistribution(String vendor, String product, String codename);

}
40 changes: 40 additions & 0 deletions src/main/java/io/gardenlinux/glvd/dto/Configuration.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
package io.gardenlinux.glvd.dto;

import java.util.List;
import java.util.Objects;

public class Configuration {
private List<Node> nodes;

public Configuration() {
}

public Configuration(List<Node> nodes) {
this.nodes = nodes;
}

public List<Node> getNodes() {
return nodes;
}

@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;

Configuration that = (Configuration) o;
return Objects.equals(nodes, that.nodes);
}

@Override
public int hashCode() {
return Objects.hashCode(nodes);
}

@Override
public String toString() {
return "Configuration{" +
"nodes=" + nodes +
'}';
}
}
81 changes: 81 additions & 0 deletions src/main/java/io/gardenlinux/glvd/dto/CpeMatch.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
package io.gardenlinux.glvd.dto;

import java.util.Objects;

public class CpeMatch {
private String criteria;
private Deb deb;
private boolean vulnerable;
private String versionStartIncluding;
private String versionEndExcluding;
private String matchCriteriaId;

public CpeMatch() {
}


public CpeMatch(String criteria, Deb deb, boolean vulnerable, String versionStartIncluding, String versionEndExcluding, String matchCriteriaId) {
this.criteria = criteria;
this.deb = deb;
this.vulnerable = vulnerable;
this.versionStartIncluding = versionStartIncluding;
this.versionEndExcluding = versionEndExcluding;
this.matchCriteriaId = matchCriteriaId;
}

public String getVersionStartIncluding() {
return versionStartIncluding;
}

public String getCriteria() {
return criteria;
}

public Deb getDeb() {
return deb;
}

public boolean isVulnerable() {
return vulnerable;
}

public String getVersionEndExcluding() {
return versionEndExcluding;
}

public String getMatchCriteriaId() {
return matchCriteriaId;
}

@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;

CpeMatch cpeMatch = (CpeMatch) o;
return vulnerable == cpeMatch.vulnerable && Objects.equals(criteria, cpeMatch.criteria) && Objects.equals(deb, cpeMatch.deb) && Objects.equals(versionStartIncluding, cpeMatch.versionStartIncluding) && Objects.equals(versionEndExcluding, cpeMatch.versionEndExcluding) && Objects.equals(matchCriteriaId, cpeMatch.matchCriteriaId);
}

@Override
public int hashCode() {
int result = Objects.hashCode(criteria);
result = 31 * result + Objects.hashCode(deb);
result = 31 * result + Boolean.hashCode(vulnerable);
result = 31 * result + Objects.hashCode(versionStartIncluding);
result = 31 * result + Objects.hashCode(versionEndExcluding);
result = 31 * result + Objects.hashCode(matchCriteriaId);
return result;
}

@Override
public String toString() {
return "CpeMatch{" +
"criteria='" + criteria + '\'' +
", deb=" + deb +
", vulnerable=" + vulnerable +
", versionStartIncluding='" + versionStartIncluding + '\'' +
", versionEndExcluding='" + versionEndExcluding + '\'' +
", matchCriteriaId='" + matchCriteriaId + '\'' +
'}';
}
}
95 changes: 83 additions & 12 deletions src/main/java/io/gardenlinux/glvd/dto/Cve.java
Original file line number Diff line number Diff line change
@@ -2,6 +2,7 @@

import jakarta.annotation.Nonnull;

import java.util.List;
import java.util.Objects;

public class Cve {
@@ -12,15 +13,37 @@ public class Cve {
private String lastModified;

@Nonnull
private String data;
private String sourceIdentifier;

private String published;

private String vulnStatus;

private List<Description> descriptions;

private Object metrics;

private List<Reference> references;

private List<Weakness> weaknesses;

private List<Configuration> configurations;


public Cve() {
}

public Cve(String id, @Nonnull String lastModified, @Nonnull String data) {
public Cve(String id, @Nonnull String lastModified, @Nonnull String sourceIdentifier, String published, String vulnStatus, List<Description> descriptions, Object metrics, List<Reference> references, List<Weakness> weaknesses, List<Configuration> configurations) {
this.id = id;
this.lastModified = lastModified;
this.data = data;
this.sourceIdentifier = sourceIdentifier;
this.published = published;
this.vulnStatus = vulnStatus;
this.descriptions = descriptions;
this.metrics = metrics;
this.references = references;
this.weaknesses = weaknesses;
this.configurations = configurations;
}

public String getId() {
@@ -33,27 +56,75 @@ public String getLastModified() {
}

@Nonnull
public String getData() {
return data;
public String getSourceIdentifier() {
return sourceIdentifier;
}

public String getPublished() {
return published;
}

public String getVulnStatus() {
return vulnStatus;
}

public List<Description> getDescriptions() {
return descriptions;
}

public Object getMetrics() {
return metrics;
}

public List<Reference> getReferences() {
return references;
}

public List<Weakness> getWeaknesses() {
return weaknesses;
}

public List<Configuration> getConfigurations() {
return configurations;
}

@Override
public boolean equals(Object o) {
if (this == o)
return true;
if (o == null || getClass() != o.getClass())
return false;
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;

Cve Cve = (Cve) o;
return Objects.equals(id, Cve.id) && lastModified.equals(Cve.lastModified) && data.equals(Cve.data);
Cve cve = (Cve) o;
return Objects.equals(id, cve.id) && lastModified.equals(cve.lastModified) && sourceIdentifier.equals(cve.sourceIdentifier) && Objects.equals(published, cve.published) && Objects.equals(vulnStatus, cve.vulnStatus) && Objects.equals(descriptions, cve.descriptions) && Objects.equals(metrics, cve.metrics) && Objects.equals(references, cve.references) && Objects.equals(weaknesses, cve.weaknesses) && Objects.equals(configurations, cve.configurations);
}

@Override
public int hashCode() {
int result = Objects.hashCode(id);
result = 31 * result + lastModified.hashCode();
result = 31 * result + data.hashCode();
result = 31 * result + sourceIdentifier.hashCode();
result = 31 * result + Objects.hashCode(published);
result = 31 * result + Objects.hashCode(vulnStatus);
result = 31 * result + Objects.hashCode(descriptions);
result = 31 * result + Objects.hashCode(metrics);
result = 31 * result + Objects.hashCode(references);
result = 31 * result + Objects.hashCode(weaknesses);
result = 31 * result + Objects.hashCode(configurations);
return result;
}

@Override
public String toString() {
return "Cve{" +
"id='" + id + '\'' +
", lastModified='" + lastModified + '\'' +
", sourceIdentifier='" + sourceIdentifier + '\'' +
", published='" + published + '\'' +
", vulnStatus='" + vulnStatus + '\'' +
", descriptions=" + descriptions +
", metrics=" + metrics +
", references=" + references +
", weaknesses=" + weaknesses +
", configurations=" + configurations +
'}';
}
}
56 changes: 56 additions & 0 deletions src/main/java/io/gardenlinux/glvd/dto/Deb.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
package io.gardenlinux.glvd.dto;

import java.util.Objects;

public class Deb {
private String versionLatest;
private String versionEndExcluding;
private String cvssSeverity;

public Deb() {
}

public Deb(String versionLatest, String versionEndExcluding, String cvssSeverity) {
this.versionLatest = versionLatest;
this.versionEndExcluding = versionEndExcluding;
this.cvssSeverity = cvssSeverity;
}

public String getVersionLatest() {
return versionLatest;
}

public String getVersionEndExcluding() {
return versionEndExcluding;
}

public String getCvssSeverity() {
return cvssSeverity;
}

@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;

Deb deb = (Deb) o;
return Objects.equals(versionLatest, deb.versionLatest) && Objects.equals(versionEndExcluding, deb.versionEndExcluding) && Objects.equals(cvssSeverity, deb.cvssSeverity);
}

@Override
public int hashCode() {
int result = Objects.hashCode(versionLatest);
result = 31 * result + Objects.hashCode(versionEndExcluding);
result = 31 * result + Objects.hashCode(cvssSeverity);
return result;
}

@Override
public String toString() {
return "Deb{" +
"versionLatest='" + versionLatest + '\'' +
", versionEndExcluding='" + versionEndExcluding + '\'' +
", cvssSeverity='" + cvssSeverity + '\'' +
'}';
}
}
42 changes: 42 additions & 0 deletions src/main/java/io/gardenlinux/glvd/dto/Description.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
package io.gardenlinux.glvd.dto;

import java.util.Objects;

public class Description {

private String lang;

private String value;

public Description() {
}

public Description(String lang, String value) {
this.lang = lang;
this.value = value;
}

public String getLang() {
return lang;
}

public String getValue() {
return value;
}

@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;

Description that = (Description) o;
return Objects.equals(lang, that.lang) && Objects.equals(value, that.value);
}

@Override
public int hashCode() {
int result = Objects.hashCode(lang);
result = 31 * result + Objects.hashCode(value);
return result;
}
}
40 changes: 40 additions & 0 deletions src/main/java/io/gardenlinux/glvd/dto/Node.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
package io.gardenlinux.glvd.dto;

import java.util.List;
import java.util.Objects;

public class Node {
private List<CpeMatch> cpeMatch;
private boolean negate;
private String operator;

public Node() {
}

public Node(List<CpeMatch> cpeMatch, boolean negate, String operator) {
this.cpeMatch = cpeMatch;
this.negate = negate;
this.operator = operator;
}

public List<CpeMatch> getCpeMatch() {
return cpeMatch;
}

public boolean isNegate() {
return negate;
}

public String getOperator() {
return operator;
}

@Override
public String toString() {
return "Node{" +
"cpeMatch=" + cpeMatch +
", negate=" + negate +
", operator='" + operator + '\'' +
'}';
}
}
57 changes: 57 additions & 0 deletions src/main/java/io/gardenlinux/glvd/dto/Reference.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
package io.gardenlinux.glvd.dto;

import java.util.List;
import java.util.Objects;

public class Reference {
private String url;
private String source;
private List<String> tags;

public Reference() {
}

public Reference(String url, String source, List<String> tags) {
this.url = url;
this.source = source;
this.tags = tags;
}

public String getUrl() {
return url;
}

public String getSource() {
return source;
}

public List<String> getTags() {
return tags;
}

@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;

Reference reference = (Reference) o;
return Objects.equals(url, reference.url) && Objects.equals(source, reference.source) && Objects.equals(tags, reference.tags);
}

@Override
public int hashCode() {
int result = Objects.hashCode(url);
result = 31 * result + Objects.hashCode(source);
result = 31 * result + Objects.hashCode(tags);
return result;
}

@Override
public String toString() {
return "Reference{" +
"url='" + url + '\'' +
", source='" + source + '\'' +
", tags=" + tags +
'}';
}
}
60 changes: 60 additions & 0 deletions src/main/java/io/gardenlinux/glvd/dto/Weakness.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
package io.gardenlinux.glvd.dto;

import java.util.List;
import java.util.Objects;

public class Weakness {

private String source;

private String type;

private List<Description> description;

public Weakness() {
}

public Weakness(String source, String type, List<Description> description) {
this.source = source;
this.type = type;
this.description = description;
}

public String getSource() {
return source;
}

public String getType() {
return type;
}

public List<Description> getDescription() {
return description;
}

@Override
public boolean equals(Object o) {
if (this == o) return true;
if (o == null || getClass() != o.getClass()) return false;

Weakness weakness = (Weakness) o;
return Objects.equals(source, weakness.source) && Objects.equals(type, weakness.type) && Objects.equals(description, weakness.description);
}

@Override
public int hashCode() {
int result = Objects.hashCode(source);
result = 31 * result + Objects.hashCode(type);
result = 31 * result + Objects.hashCode(description);
return result;
}

@Override
public String toString() {
return "Weakness{" +
"source='" + source + '\'' +
", type='" + type + '\'' +
", description=" + description +
'}';
}
}

0 comments on commit 30dc1fe

Please sign in to comment.