17093199286

Committed 20 Aug 2025 08:39AM UTC coverage: 68.717% (-0.4%) from 69.087%

Build # 17093199286

Build Type

Pull #1201

github

Committed by

web-flow

Commit Message

Merge 902765a14 into 6b7da03a8

Pull Request Pull Request #1201: #103: introduce security module

Run Details

3379 of 5385 branches covered (62.75%)

Branch coverage included in aggregate %.

8812 of 12356 relevant lines covered (71.32%)

3.13 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

9.78

cli/src/main/java/com/devonfw/tools/ide/url/model/file/UrlSecurityFile.java

package com.devonfw.tools.ide.url.model.file;

import java.io.BufferedWriter;
import java.nio.file.Files;
import java.util.List;
import java.util.Objects;

import com.devonfw.tools.ide.context.IdeContext;
import com.devonfw.tools.ide.json.JsonMapping;
import com.devonfw.tools.ide.url.model.file.json.CVE;
import com.devonfw.tools.ide.url.model.file.json.ToolSecurity;
import com.devonfw.tools.ide.url.model.folder.AbstractUrlToolOrEdition;
import com.devonfw.tools.ide.url.model.folder.UrlEdition;
import com.devonfw.tools.ide.version.VersionIdentifier;
import com.devonfw.tools.ide.version.VersionRange;
import com.fasterxml.jackson.databind.ObjectMapper;

/**
 * {@link UrlFile} with the security information for an {@link UrlEdition}.
 */
public class UrlSecurityFile extends AbstractUrlFile<AbstractUrlToolOrEdition<?, ?>> {

  /** {@link #getName() Name} of security file. */
  public static final String SECURITY_JSON = "security.json";


  private ToolSecurity security = ToolSecurity.getEmpty();

  private final ObjectMapper MAPPER = JsonMapping.create();

  /**
   * The constructor.
   *
   * @param parent the {@link #getParent() parent folder}.
   */
  public UrlSecurityFile(AbstractUrlToolOrEdition<?, ?> parent) {

    super(parent, SECURITY_JSON);
  }

  /**
   * Sets the security information for this {@link UrlSecurityFile}.
   *
   * @param security the {@link ToolSecurity} object containing security information to be set.
   */
  public void setSecurity(ToolSecurity security) {
    this.security = security;
    this.modified = true;
  }

  /**
   * @return the content of the CVE map of the security.json file
   */
  public ToolSecurity getSecurity() {

    if (this.security == null) {
      return ToolSecurity.getEmpty();
    }
    return this.security;
  }

  @Override
  protected void doLoad() {
    this.security = ToolSecurity.of(getPath());
  }

  @Override
  public void doSave() {

    if ((security == null || security.getIssues().isEmpty()) && !Files.exists(getPath())) {
      System.out.println("Skipping save for " + getPath() + " (no warnings and file doesn't exist)");
      return;
    }

    try (BufferedWriter writer = Files.newBufferedWriter(getPath())) {
      MAPPER.writeValue(writer, security);
    } catch (Exception e) {
      throw new IllegalStateException("Failed to save file " + getPath(), e);
    }

  }

  /**
   * Adds a new CVE warning with detailed information, such as severity, CVE ID and a versionRange
   */

  public void addCve(CVE cve) {
    if (this.security == null || this.security == ToolSecurity.getEmpty()) {
      this.security = new ToolSecurity();
    }

    List<CVE> issues = this.security.getIssues();
    if (!issues.contains(cve)) {
      issues.add(cve);
      this.modified = true;
    }
  }


  /**
   * Clears all security warnings from this {@link UrlSecurityFile}.
   */
  public void clearSecurityWarnings() {
    if (this.security != null) {
      this.security.getIssues().clear();
      this.modified = true;
    }
  }


  /**
   * Checks if a security warning exists for a given version. Optionally, warnings affecting all versions can be ignored.
   *
   * @param version the {@link VersionIdentifier} of the version to check for security warnings.
   * @param ignoreWarningsThatAffectAllVersions {@code true} to ignore warnings that affect all versions, {@code false} to include them.
   * @param context the {@link IdeContext} providing contextual information (can be {@code null}).
   * @param edition the {@link UrlEdition} to check for security warnings.
   * @return {@code true} if a security warning exists for the given version, {@code false} otherwise.
   */

  public boolean contains(VersionIdentifier version, boolean ignoreWarningsThatAffectAllVersions, IdeContext context,
      UrlEdition edition) {

    List<VersionIdentifier> sortedVersions = List.of();
    if (ignoreWarningsThatAffectAllVersions) {
      sortedVersions = Objects.requireNonNull(context).getUrls().getSortedVersions(
          edition.getName(), edition.getName(), null);
    }

    List<CVE> issues = this.security != null ? this.security.getIssues() : List.of();

    for (CVE cve : issues) {
      for (VersionRange versionRange : cve.versions()) {
        if (ignoreWarningsThatAffectAllVersions) {
          boolean includesOldestVersion = versionRange.getMin() == null
              || versionRange.contains(sortedVersions.get(sortedVersions.size() - 1));
          boolean includesNewestVersion = versionRange.getMax() == null
              || versionRange.contains(sortedVersions.get(0));
          if (includesOldestVersion && includesNewestVersion) {
            continue;
          }
        }
        if (versionRange.contains(version)) {
          return true;
        }
      }
    }
    return false;
  }


  /**
   * Checks if a security warning exists for a given version.
   *
   * @param version the {@link VersionIdentifier} of the version to check for security warnings.
   * @return {@code true} if a security warning exists for the given version, {@code false} otherwise.
   */
  public boolean contains(VersionIdentifier version) {

    return contains(version, false, null, null);
  }


}



1	package com.devonfw.tools.ide.url.model.file;
2
3	import java.io.BufferedWriter;
4	import java.nio.file.Files;
5	import java.util.List;
6	import java.util.Objects;
7
8	import com.devonfw.tools.ide.context.IdeContext;
9	import com.devonfw.tools.ide.json.JsonMapping;
10	import com.devonfw.tools.ide.url.model.file.json.CVE;
11	import com.devonfw.tools.ide.url.model.file.json.ToolSecurity;
12	import com.devonfw.tools.ide.url.model.folder.AbstractUrlToolOrEdition;
13	import com.devonfw.tools.ide.url.model.folder.UrlEdition;
14	import com.devonfw.tools.ide.version.VersionIdentifier;
15	import com.devonfw.tools.ide.version.VersionRange;
16	import com.fasterxml.jackson.databind.ObjectMapper;
17
18	/**
19	* {@link UrlFile} with the security information for an {@link UrlEdition}.
20	*/
21	public class UrlSecurityFile extends AbstractUrlFile<AbstractUrlToolOrEdition<?, ?>> {
22
23	/** {@link #getName() Name} of security file. */
24	public static final String SECURITY_JSON = "security.json";
25
26
27	private ToolSecurity security = ToolSecurity.getEmpty();	3✔
28
29	private final ObjectMapper MAPPER = JsonMapping.create();	3✔
30
31	/**
32	* The constructor.
33	*
34	* @param parent the {@link #getParent() parent folder}.
35	*/
36	public UrlSecurityFile(AbstractUrlToolOrEdition<?, ?> parent) {
37
38	super(parent, SECURITY_JSON);	4✔
39	}	1✔
40
41	/**
42	* Sets the security information for this {@link UrlSecurityFile}.
43	*
44	* @param security the {@link ToolSecurity} object containing security information to be set.
45	*/
46	public void setSecurity(ToolSecurity security) {
47	this.security = security;	×
48	this.modified = true;	×
49	}	×
50
51	/**
52	* @return the content of the CVE map of the security.json file
53	*/
54	public ToolSecurity getSecurity() {
55
56	if (this.security == null) {	3!
57	return ToolSecurity.getEmpty();	×
58	}
59	return this.security;	3✔
60	}
61
62	@Override
63	protected void doLoad() {
64	this.security = ToolSecurity.of(getPath());	5✔
65	}	1✔
66
67	@Override
68	public void doSave() {
69
70	if ((security == null \|\| security.getIssues().isEmpty()) && !Files.exists(getPath())) {	×
71	System.out.println("Skipping save for " + getPath() + " (no warnings and file doesn't exist)");	×
72	return;	×
73	}
74
75	try (BufferedWriter writer = Files.newBufferedWriter(getPath())) {	×
76	MAPPER.writeValue(writer, security);	×
77	} catch (Exception e) {	×
78	throw new IllegalStateException("Failed to save file " + getPath(), e);	×
79	}	×
80
81	}	×
82
83	/**
84	* Adds a new CVE warning with detailed information, such as severity, CVE ID and a versionRange
85	*/
86
87	public void addCve(CVE cve) {
88	if (this.security == null \|\| this.security == ToolSecurity.getEmpty()) {	×
89	this.security = new ToolSecurity();	×
90	}
91
92	List<CVE> issues = this.security.getIssues();	×
93	if (!issues.contains(cve)) {	×
94	issues.add(cve);	×
95	this.modified = true;	×
96	}
97	}	×
98
99
100	/**
101	* Clears all security warnings from this {@link UrlSecurityFile}.
102	*/
103	public void clearSecurityWarnings() {
104	if (this.security != null) {	×
105	this.security.getIssues().clear();	×
106	this.modified = true;	×
107	}
108	}	×
109
110
111	/**
112	* Checks if a security warning exists for a given version. Optionally, warnings affecting all versions can be ignored.
113	*
114	* @param version the {@link VersionIdentifier} of the version to check for security warnings.
115	* @param ignoreWarningsThatAffectAllVersions {@code true} to ignore warnings that affect all versions, {@code false} to include them.
116	* @param context the {@link IdeContext} providing contextual information (can be {@code null}).
117	* @param edition the {@link UrlEdition} to check for security warnings.
118	* @return {@code true} if a security warning exists for the given version, {@code false} otherwise.
119	*/
120
121	public boolean contains(VersionIdentifier version, boolean ignoreWarningsThatAffectAllVersions, IdeContext context,
122	UrlEdition edition) {
123
124	List<VersionIdentifier> sortedVersions = List.of();	×
125	if (ignoreWarningsThatAffectAllVersions) {	×
126	sortedVersions = Objects.requireNonNull(context).getUrls().getSortedVersions(	×
127	edition.getName(), edition.getName(), null);	×
128	}
129
130	List<CVE> issues = this.security != null ? this.security.getIssues() : List.of();	×
131
132	for (CVE cve : issues) {	×
133	for (VersionRange versionRange : cve.versions()) {	×
134	if (ignoreWarningsThatAffectAllVersions) {	×
135	boolean includesOldestVersion = versionRange.getMin() == null	×
136	\|\| versionRange.contains(sortedVersions.get(sortedVersions.size() - 1));	×
137	boolean includesNewestVersion = versionRange.getMax() == null	×
138	\|\| versionRange.contains(sortedVersions.get(0));	×
139	if (includesOldestVersion && includesNewestVersion) {	×
140	continue;	×
141	}
142	}
143	if (versionRange.contains(version)) {	×
144	return true;	×
145	}
146	}	×
147	}	×
148	return false;	×
149	}
150
151
152	/**
153	* Checks if a security warning exists for a given version.
154	*
155	* @param version the {@link VersionIdentifier} of the version to check for security warnings.
156	* @return {@code true} if a security warning exists for the given version, {@code false} otherwise.
157	*/
158	public boolean contains(VersionIdentifier version) {
159
160	return contains(version, false, null, null);	×
161	}
162
163
164	}
165
166

devonfw / IDEasy / 17093199286

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous