From 59ecd03cb4894bb291437ca7ea08f5397fdbcc3f Mon Sep 17 00:00:00 2001
From: Florian Wilhelm <2292245+fwilhe@users.noreply.github.com>
Date: Fri, 13 Sep 2024 11:07:02 +0200
Subject: [PATCH] Put package list (#37)

Allow clients to send a realistically large list of packages to query for CVEs

Fixes https://github.com/gardenlinux/glvd/issues/99
---
 ...Es by Gardenlinux Version Packages PUT.bru | 15 ++++++++++++
 src/docs/asciidoc/index.adoc                  | 11 +++++++++
 .../io/gardenlinux/glvd/GlvdController.java   | 14 +++++++++++
 .../java/io/gardenlinux/glvd/PackageList.java | 24 +++++++++++++++++++
 .../gardenlinux/glvd/GlvdControllerTest.java  | 22 +++++++++++++++++
 5 files changed, 86 insertions(+)
 create mode 100644 api-examples/Get CVEs by Gardenlinux Version Packages PUT.bru
 create mode 100644 src/main/java/io/gardenlinux/glvd/PackageList.java

diff --git a/api-examples/Get CVEs by Gardenlinux Version Packages PUT.bru b/api-examples/Get CVEs by Gardenlinux Version Packages PUT.bru
new file mode 100644
index 0000000..332cc7d
--- /dev/null
+++ b/api-examples/Get CVEs by Gardenlinux Version Packages PUT.bru	
@@ -0,0 +1,15 @@
+meta {
+  name: Get CVEs by Gardenlinux Version Packages PUT
+  type: http
+  seq: 8
+}
+
+put {
+  url: {{schema_hostname_port}}/v1/cves/1592.0/packages
+  body: json
+  auth: none
+}
+
+body:json {
+  ["vim","bash","python3","curl"]
+}
diff --git a/src/docs/asciidoc/index.adoc b/src/docs/asciidoc/index.adoc
index 215237e..2f6f268 100644
--- a/src/docs/asciidoc/index.adoc
+++ b/src/docs/asciidoc/index.adoc
@@ -37,6 +37,17 @@ The expected response looks like this:
 
 include::{snippets}/getCveForPackages/http-response.adoc[]
 
+=== Get a list of CVEs for packages by distro via PUT
+
+This endpoint will give you all the CVE for a list of packages in a specified distro.
+Package names are provided in the request body in json-encoded form.
+
+include::{snippets}/getCveForPackagesPut/curl-request.adoc[]
+
+The expected response looks like this:
+
+include::{snippets}/getCveForPackagesPut/http-response.adoc[]
+
 === Get List of Packages
 
 Just gives you a list of packages in a given distribution.
diff --git a/src/main/java/io/gardenlinux/glvd/GlvdController.java b/src/main/java/io/gardenlinux/glvd/GlvdController.java
index a1b80e5..f14a957 100644
--- a/src/main/java/io/gardenlinux/glvd/GlvdController.java
+++ b/src/main/java/io/gardenlinux/glvd/GlvdController.java
@@ -44,6 +44,20 @@ ResponseEntity<List<SourcePackageCve>> getCvePackages(
         return ResponseEntity.ok().body(cveForPackages);
     }
 
+    @PutMapping("/cves/{gardenlinuxVersion}/packages")
+    ResponseEntity<List<SourcePackageCve>> getCvePackagesxx(
+            @PathVariable final String gardenlinuxVersion,
+            @RequestBody final PackageList packages,
+            @RequestParam(defaultValue = "cveId") final String sortBy,
+            @RequestParam(defaultValue = "ASC") final String sortOrder,
+            @RequestParam(required = false) final String pageNumber,
+            @RequestParam(required = false) final String pageSize
+    ) {
+        var packageList = packages.toString();
+        var cveForPackages = glvdService.getCveForPackages(gardenlinuxVersion, packageList, new SortAndPageOptions(sortBy, sortOrder, pageNumber, pageSize));
+        return ResponseEntity.ok().body(cveForPackages);
+    }
+
     @GetMapping("/packages/{sourcePackage}")
     ResponseEntity<List<SourcePackageCve>> packageWithVulnerabilities(
             @PathVariable final String sourcePackage,
diff --git a/src/main/java/io/gardenlinux/glvd/PackageList.java b/src/main/java/io/gardenlinux/glvd/PackageList.java
new file mode 100644
index 0000000..7775c04
--- /dev/null
+++ b/src/main/java/io/gardenlinux/glvd/PackageList.java
@@ -0,0 +1,24 @@
+package io.gardenlinux.glvd;
+
+import java.util.List;
+
+public class PackageList {
+
+    private List<String> packageNames;
+
+    public PackageList() {
+    }
+
+    public PackageList(List<String> packageNames) {
+        this.packageNames = packageNames;
+    }
+
+    public List<String> getPackageNames() {
+        return packageNames;
+    }
+
+    @Override
+    public String toString() {
+        return String.join(",", packageNames);
+    }
+}
diff --git a/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java b/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java
index 5963211..4cb511c 100644
--- a/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java
+++ b/src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java
@@ -92,6 +92,28 @@ public void shouldReturnCvesForListOfPackages() {
                 .then().statusCode(HttpStatus.SC_OK);
     }
 
+    @Test
+    public void shouldReturnCvesForPutListOfPackages() {
+        var packageList = """
+                  {
+                  "packageNames": [
+                    "vim",
+                    "bash",
+                    "python3",
+                    "curl"
+                  ]
+                }""";
+
+        given(this.spec).accept("application/json")
+                .filter(document("getCveForPackagesPut",
+                        preprocessRequest(modifyUris().scheme("https").host("glvd.gardenlinux.io").removePort()),
+                        preprocessResponse(prettyPrint())))
+                .contentType("application/json")
+                .body(packageList)
+                .when().port(this.port).put("/v1/cves/1592.0/packages?pageNumber=4&pageSize=2")
+                .then().statusCode(HttpStatus.SC_OK);
+    }
+
     @Test
     public void shouldGetPackagesForDistro() {
         given(this.spec).accept("application/json")