19651727463

Committed 24 Nov 2025 10:43PM UTC coverage: 69.156% (+0.1%) from 69.024%

Build # 19651727463

Build Type

push

github

Committed by

web-flow

Commit Message

#1144: #1145: CVE warnings and suggestions (#1593)

Co-authored-by: KianRolf <kian.loroff@capgemini.com>
Co-authored-by: jan-vcapgemini <59438728+jan-vcapgemini@users.noreply.github.com>

Run Details

3613 of 5721 branches covered (63.15%)

Branch coverage included in aggregate %.

9387 of 13077 relevant lines covered (71.78%)

3.15 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

82.5

cli/src/main/java/com/devonfw/tools/ide/url/model/file/json/ToolSecurity.java

package com.devonfw.tools.ide.url.model.file.json;

import java.io.BufferedReader;
import java.nio.file.Files;
import java.nio.file.Path;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.function.Predicate;

import com.devonfw.tools.ide.json.JsonMapping;
import com.devonfw.tools.ide.log.IdeLogger;
import com.devonfw.tools.ide.variable.IdeVariables;
import com.devonfw.tools.ide.version.VersionIdentifier;
import com.devonfw.tools.ide.version.VersionRange;
import com.fasterxml.jackson.databind.ObjectMapper;

/**
 * Container representing data from the "security.json" file with all {@link Cve CVE}s of a specific tool.
 *
 * @see com.devonfw.tools.ide.url.model.file.UrlSecurityFile
 */
public class ToolSecurity {

  private static final ObjectMapper MAPPER = JsonMapping.create();

  private static final ToolSecurity EMPTY = new ToolSecurity(Collections.emptyList());

  private List<Cve> issues;

  /**
   * The constructor.
   */
  public ToolSecurity() {
    this(new ArrayList<>());
  }

  /**
   * The constructor.
   *
   * @param issues the {@link List} of {@link Cve CVE}s.
   */
  public ToolSecurity(List<Cve> issues) {

    super();
    this.issues = issues;
  }

  /**
   * @return the list of CVEs
   */
  public List<Cve> getIssues() {
    return issues;
  }

  /**
   * @param issues the list of CVEs
   */
  public void setIssues(List<Cve> issues) {
    this.issues = issues;
  }

  /**
   * Finds all {@link Cve}s for the given {@link VersionIdentifier} that also match the given {@link Predicate}.
   *
   * @param version the {@link VersionIdentifier} to check.
   * @param predicate the {@link Predicate} deciding which matching {@link Cve}s are {@link Predicate#test(Object) accepted}.
   * @return all {@link Cve}s for the given {@link VersionIdentifier}.
   */
  public Collection<Cve> findCves(VersionIdentifier version, IdeLogger logger, Predicate<Cve> predicate) {
    List<Cve> cvesOfVersion = new ArrayList<>();
    for (Cve cve : this.issues) {
      for (VersionRange range : cve.versions()) {
        if (range.contains(version)) {
          if (predicate.test(cve)) {
            cvesOfVersion.add(cve);
          } else {
            logger.info("Ignoring CVE {} with severity {}", cve.id(), cve.severity());
          }
        }
      }
    }
    return cvesOfVersion;
  }

  /**
   * Finds all {@link Cve}s for the given {@link VersionIdentifier} and {@code minSeverity}.
   *
   * @param version the {@link VersionIdentifier} to check.
   * @param minSeverity the {@link IdeVariables#CVE_MIN_SEVERITY minimum severity}.
   * @return all {@link Cve}s for the given {@link VersionIdentifier}.
   */
  public Collection<Cve> findCves(VersionIdentifier version, IdeLogger logger, double minSeverity) {
    return findCves(version, logger, cve -> cve.severity() >= minSeverity);
  }

  /**
   * @param file the {@link Path} to the JSON file to load.
   * @return the loaded {@link ToolSecurity} or the {@link #getEmpty() empty instance} if given {@link Path} does not exist.
   */
  public static ToolSecurity of(Path file) {

    if (Files.exists(file)) {
      try (BufferedReader reader = Files.newBufferedReader(file)) {
        return MAPPER.readValue(reader, ToolSecurity.class);
      } catch (Exception e) {
        throw new IllegalStateException("Failed to load " + file, e);
      }
    } else {
      return EMPTY;
    }
  }

  /**
   * @return the empty instance of {@link ToolSecurity}.
   */
  public static ToolSecurity getEmpty() {

    return EMPTY;
  }
}

1	package com.devonfw.tools.ide.url.model.file.json;
2
3	import java.io.BufferedReader;
4	import java.nio.file.Files;
5	import java.nio.file.Path;
6	import java.util.ArrayList;
7	import java.util.Collection;
8	import java.util.Collections;
9	import java.util.List;
10	import java.util.function.Predicate;
11
12	import com.devonfw.tools.ide.json.JsonMapping;
13	import com.devonfw.tools.ide.log.IdeLogger;
14	import com.devonfw.tools.ide.variable.IdeVariables;
15	import com.devonfw.tools.ide.version.VersionIdentifier;
16	import com.devonfw.tools.ide.version.VersionRange;
17	import com.fasterxml.jackson.databind.ObjectMapper;
18
19	/**
20	* Container representing data from the "security.json" file with all {@link Cve CVE}s of a specific tool.
21	*
22	* @see com.devonfw.tools.ide.url.model.file.UrlSecurityFile
23	*/
24	public class ToolSecurity {
25
26	private static final ObjectMapper MAPPER = JsonMapping.create();	2✔
27
28	private static final ToolSecurity EMPTY = new ToolSecurity(Collections.emptyList());	6✔
29
30	private List<Cve> issues;
31
32	/**
33	* The constructor.
34	*/
35	public ToolSecurity() {
36	this(new ArrayList<>());	5✔
37	}	1✔
38
39	/**
40	* The constructor.
41	*
42	* @param issues the {@link List} of {@link Cve CVE}s.
43	*/
44	public ToolSecurity(List<Cve> issues) {
45
46	super();	2✔
47	this.issues = issues;	3✔
48	}	1✔
49
50	/**
51	* @return the list of CVEs
52	*/
53	public List<Cve> getIssues() {
54	return issues;	3✔
55	}
56
57	/**
58	* @param issues the list of CVEs
59	*/
60	public void setIssues(List<Cve> issues) {
61	this.issues = issues;	3✔
62	}	1✔
63
64	/**
65	* Finds all {@link Cve}s for the given {@link VersionIdentifier} that also match the given {@link Predicate}.
66	*
67	* @param version the {@link VersionIdentifier} to check.
68	* @param predicate the {@link Predicate} deciding which matching {@link Cve}s are {@link Predicate#test(Object) accepted}.
69	* @return all {@link Cve}s for the given {@link VersionIdentifier}.
70	*/
71	public Collection<Cve> findCves(VersionIdentifier version, IdeLogger logger, Predicate<Cve> predicate) {
72	List<Cve> cvesOfVersion = new ArrayList<>();	4✔
73	for (Cve cve : this.issues) {	11✔
74	for (VersionRange range : cve.versions()) {	11✔
75	if (range.contains(version)) {	4✔
76	if (predicate.test(cve)) {	4!
77	cvesOfVersion.add(cve);	5✔
78	} else {
79	logger.info("Ignoring CVE {} with severity {}", cve.id(), cve.severity());	×
80	}
81	}
82	}	1✔
83	}	1✔
84	return cvesOfVersion;	2✔
85	}
86
87	/**
88	* Finds all {@link Cve}s for the given {@link VersionIdentifier} and {@code minSeverity}.
89	*
90	* @param version the {@link VersionIdentifier} to check.
91	* @param minSeverity the {@link IdeVariables#CVE_MIN_SEVERITY minimum severity}.
92	* @return all {@link Cve}s for the given {@link VersionIdentifier}.
93	*/
94	public Collection<Cve> findCves(VersionIdentifier version, IdeLogger logger, double minSeverity) {
95	return findCves(version, logger, cve -> cve.severity() >= minSeverity);	15!
96	}
97
98	/**
99	* @param file the {@link Path} to the JSON file to load.
100	* @return the loaded {@link ToolSecurity} or the {@link #getEmpty() empty instance} if given {@link Path} does not exist.
101	*/
102	public static ToolSecurity of(Path file) {
103
104	if (Files.exists(file)) {	5!
105	try (BufferedReader reader = Files.newBufferedReader(file)) {	3✔
106	return MAPPER.readValue(reader, ToolSecurity.class);	8✔
107	} catch (Exception e) {	×
108	throw new IllegalStateException("Failed to load " + file, e);	×
109	}
110	} else {
111	return EMPTY;	×
112	}
113	}
114
115	/**
116	* @return the empty instance of {@link ToolSecurity}.
117	*/
118	public static ToolSecurity getEmpty() {
119
120	return EMPTY;	2✔
121	}
122	}

devonfw / IDEasy / 19651727463

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous