19805773032

Committed 30 Nov 2025 10:26PM UTC coverage: 69.845% (+0.05%) from 69.793%

Build # 19805773032

Build Type

Pull #1625

github

Committed by

web-flow

Commit Message

Merge fc8aa82ce into 4dc416fd3

Pull Request Pull Request #1625: #1617: fix CVE generation #1624: tolerant versionrange parsing

Run Details

3825 of 6007 branches covered (63.68%)

Branch coverage included in aggregate %.

9799 of 13499 relevant lines covered (72.59%)

3.16 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

85.25

cli/src/main/java/com/devonfw/tools/ide/url/model/file/json/Cve.java

package com.devonfw.tools.ide.url.model.file.json;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;

import com.devonfw.tools.ide.version.VersionIdentifier;
import com.devonfw.tools.ide.version.VersionRange;
import com.devonfw.tools.ide.version.VersionRangeRelation;

/**
 * Model to represent a CVE (common vulnerabilities and exposures) of a tool.
 *
 * @param id the unique identifier (e.g. "CVE-2021-44228").
 * @param severity the severity in the range from (0,10.0] where 10.0 is most critical.
 * @param versions the {@link VersionRange}s of the affected versions. Typically one entry but might also affect multiple ranges. E.g. "[1.0,1.2)" and
 *     "[2.0,2.2)". Should never be {@code null} or {@link List#isEmpty() empty}.
 * @see ToolSecurity
 */
public record Cve(String id, double severity, List<VersionRange> versions) {

  static final String PROPERTY_ID = "id";

  static final String PROPERTY_SEVERITY = "severity";

  static final String PROPERTY_VERSIONS = "versions";

  public Cve {
    Objects.requireNonNull(id);
    Objects.requireNonNull(versions);
    assert !versions.isEmpty();
  }

  /**
   * @param cves the {@link Cve}s to summarize.
   * @return the sum of {@link Cve#severity()}.
   */
  public static double severitySum(Collection<Cve> cves) {
    double severitySum = 0;
    for (Cve cve : cves) {
      severitySum += cve.severity();
    }
    return severitySum;
  }

  /**
   * @param issue the {@link Cve} to merge with. Has to have the same {@link #id()} and {@link #severity()}.
   * @return the merged {@link Cve}.
   */
  public Cve merge(Cve issue) {

    if (!this.id.equals(issue.id)) {
      throw new IllegalArgumentException(this.id + " != " + issue.id);
    }
    if (this.severity != issue.severity) {
      throw new IllegalArgumentException(this.severity + " != " + issue.severity + " - cannot merge " + this.id);
    }
    List<VersionRange> newVersions = new ArrayList<>(this.versions);
    for (VersionRange versionRange : issue.versions) {
      mergeVersionRage(newVersions, versionRange);
    }
    return new Cve(this.id, this.severity, newVersions);
  }

  /**
   * @param newVersions the {@link List} of {@link VersionRange}s.
   * @param versionRange the new {@link VersionRange} to add.
   */
  public static void mergeVersionRage(List<VersionRange> newVersions, VersionRange versionRange) {

    if (newVersions.isEmpty()) {
      newVersions.add(versionRange);
      return;
    }
    VersionIdentifier min = versionRange.getMin();
    int insertIndex = 0;
    boolean removed = false;
    VersionRange current = versionRange;
    Iterator<VersionRange> versionIterator = newVersions.iterator();
    while (versionIterator.hasNext()) {
      VersionRange range = versionIterator.next();
      VersionRange merged = range.union(current, VersionRangeRelation.CONNECTED_LOOSELY);
      if (merged != null) {
        current = merged;
        versionIterator.remove();
      } else if (!removed && (min != null) && min.isGreater(range.getMin())) {
        insertIndex++;
      }
    }
    newVersions.add(insertIndex, current);
  }
}

1	package com.devonfw.tools.ide.url.model.file.json;
2
3	import java.util.ArrayList;
4	import java.util.Collection;
5	import java.util.Iterator;
6	import java.util.List;
7	import java.util.Objects;
8
9	import com.devonfw.tools.ide.version.VersionIdentifier;
10	import com.devonfw.tools.ide.version.VersionRange;
11	import com.devonfw.tools.ide.version.VersionRangeRelation;
12
13	/**
14	* Model to represent a CVE (common vulnerabilities and exposures) of a tool.
15	*
16	* @param id the unique identifier (e.g. "CVE-2021-44228").
17	* @param severity the severity in the range from (0,10.0] where 10.0 is most critical.
18	* @param versions the {@link VersionRange}s of the affected versions. Typically one entry but might also affect multiple ranges. E.g. "[1.0,1.2)" and
19	* "[2.0,2.2)". Should never be {@code null} or {@link List#isEmpty() empty}.
20	* @see ToolSecurity
21	*/
22	public record Cve(String id, double severity, List<VersionRange> versions) {	1✔
23
24	static final String PROPERTY_ID = "id";
25
26	static final String PROPERTY_SEVERITY = "severity";
27
28	static final String PROPERTY_VERSIONS = "versions";
29
30	public Cve {	11✔
31	Objects.requireNonNull(id);	3✔
32	Objects.requireNonNull(versions);	3✔
33	assert !versions.isEmpty();	4!
34	}	1✔
35
36	/**
37	* @param cves the {@link Cve}s to summarize.
38	* @return the sum of {@link Cve#severity()}.
39	*/
40	public static double severitySum(Collection<Cve> cves) {
41	double severitySum = 0;	2✔
42	for (Cve cve : cves) {	10✔
43	severitySum += cve.severity();	5✔
44	}	1✔
45	return severitySum;	2✔
46	}
47
48	/**
49	* @param issue the {@link Cve} to merge with. Has to have the same {@link #id()} and {@link #severity()}.
50	* @return the merged {@link Cve}.
51	*/
52	public Cve merge(Cve issue) {
53
54	if (!this.id.equals(issue.id)) {	6!
55	throw new IllegalArgumentException(this.id + " != " + issue.id);	×
56	}
57	if (this.severity != issue.severity) {	6!
58	throw new IllegalArgumentException(this.severity + " != " + issue.severity + " - cannot merge " + this.id);	×
59	}
60	List<VersionRange> newVersions = new ArrayList<>(this.versions);	6✔
61	for (VersionRange versionRange : issue.versions) {	11✔
62	mergeVersionRage(newVersions, versionRange);	3✔
63	}	1✔
64	return new Cve(this.id, this.severity, newVersions);	9✔
65	}
66
67	/**
68	* @param newVersions the {@link List} of {@link VersionRange}s.
69	* @param versionRange the new {@link VersionRange} to add.
70	*/
71	public static void mergeVersionRage(List<VersionRange> newVersions, VersionRange versionRange) {
72
73	if (newVersions.isEmpty()) {	3!
74	newVersions.add(versionRange);	×
75	return;	×
76	}
77	VersionIdentifier min = versionRange.getMin();	3✔
78	int insertIndex = 0;	2✔
79	boolean removed = false;	2✔
80	VersionRange current = versionRange;	2✔
81	Iterator<VersionRange> versionIterator = newVersions.iterator();	3✔
82	while (versionIterator.hasNext()) {	3✔
83	VersionRange range = versionIterator.next();	4✔
84	VersionRange merged = range.union(current, VersionRangeRelation.CONNECTED_LOOSELY);	5✔
85	if (merged != null) {	2✔
86	current = merged;	2✔
87	versionIterator.remove();	3✔
88	} else if (!removed && (min != null) && min.isGreater(range.getMin())) {	9!
89	insertIndex++;	1✔
90	}
91	}	1✔
92	newVersions.add(insertIndex, current);	4✔
93	}	1✔
94	}

devonfw / IDEasy / 19805773032

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous