20003978026

Committed 07 Dec 2025 12:09PM UTC coverage: 70.101% (+0.2%) from 69.903%

Build # 20003978026

Build Type

push

github

Committed by

web-flow

Commit Message

#39: refactoring to extract package-manager logic out of node/npm (#1638)

Run Details

3892 of 6090 branches covered (63.91%)

Branch coverage included in aggregate %.

9955 of 13663 relevant lines covered (72.86%)

3.15 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

83.53

cli/src/main/java/com/devonfw/tools/ide/security/ToolVulnerabilities.java

package com.devonfw.tools.ide.security;

import java.util.Collection;
import java.util.List;

import com.devonfw.tools.ide.tool.ToolEditionAndVersion;
import com.devonfw.tools.ide.url.model.file.json.Cve;
import com.devonfw.tools.ide.version.GenericVersionRange;

/**
 * Container for {@link #getIssues() vulnerabilities} with internal scoring.
 */
public class ToolVulnerabilities implements Comparable<ToolVulnerabilities> {

  /** The empty {@link ToolVulnerabilities} instance. */
  public static final ToolVulnerabilities EMPTY = new ToolVulnerabilities(List.of());

  private final List<Cve> issues;

  private final double maxSeverity;

  private final double severitySum;

  /**
   * The constructor.
   *
   * @param issues the {@link Collection} of
   */
  private ToolVulnerabilities(Collection<Cve> issues) {
    this.issues = List.copyOf(issues);
    double max = 0;
    double sum = 0;
    for (Cve issue : issues) {
      double severity = issue.severity();
      sum += severity;
      if (severity > max) {
        max = severity;
      }
    }
    this.maxSeverity = max;
    this.severitySum = sum;
  }

  /**
   * @return the {@link Collection} of {@link Cve}s.
   */
  public Collection<Cve> getIssues() {

    return issues;
  }

  @Override
  public int compareTo(ToolVulnerabilities o) {

    if (o == null) {
      return 1;
    } else if (this.maxSeverity < o.maxSeverity) {
      return -1;
    } else if (this.maxSeverity > o.maxSeverity) {
      return 1;
    } else if (this.severitySum < o.severitySum) {
      return -1;
    } else if (this.severitySum > o.severitySum) {
      return 1;
    }
    return 0;
  }

  /**
   * @param other the {@link ToolVulnerabilities} to compare to.
   * @return {@code true} if this {@link ToolVulnerabilities} is safer than the given {@link ToolVulnerabilities}, {@code false} otherwise (equal or unsafer).
   */
  public boolean isSafer(ToolVulnerabilities other) {
    if (other == null) {
      return true;
    }
    return this.compareTo(other) < 0;
  }

  /**
   * @param other the {@link ToolVulnerabilities} to compare to.
   * @return {@code true} if this {@link ToolVulnerabilities} is safer than or equal to the given {@link ToolVulnerabilities}, {@code false} otherwise
   *     (unsafer).
   */
  public boolean isSaferOrEqual(ToolVulnerabilities other) {
    if (other == null) {
      return true;
    }
    return this.compareTo(other) <= 0;
  }

  @Override
  public String toString() {

    return toString(null);
  }

  /**
   * @param toolEditionAndVersion the optional {@link ToolEditionAndVersion}.
   * @return the {@link String} representation of this {@link ToolVulnerabilities}.
   */
  public String toString(ToolEditionAndVersion toolEditionAndVersion) {

    StringBuilder sb = new StringBuilder();
    char separator = '.';
    if (this.issues.isEmpty()) {
      sb.append("No CVEs found");
    } else {
      sb.append("Found ").append(this.issues.size()).append(" CVE(s)");
      separator = ':';
    }
    if (toolEditionAndVersion != null) {
      GenericVersionRange version = toolEditionAndVersion.getResolvedVersion();
      if (version == null) {
        version = toolEditionAndVersion.getVersion();
      }
      sb.append(" for version ").append(version).append(" of tool ").append(toolEditionAndVersion.getEdition());
    }
    sb.append(separator);
    for (Cve issue : issues) {
      sb.append('\n');
      sb.append(issue.toString());
    }
    return sb.toString();
  }

  /**
   * @param issues the {@link Collection} of {@link Cve}s.
   * @return the according {@link ToolVulnerabilities}.
   */
  public static ToolVulnerabilities of(Collection<Cve> issues) {
    if (issues.isEmpty()) {
      return EMPTY;
    }
    return new ToolVulnerabilities(issues);
  }
}

1	package com.devonfw.tools.ide.security;
2
3	import java.util.Collection;
4	import java.util.List;
5
6	import com.devonfw.tools.ide.tool.ToolEditionAndVersion;
7	import com.devonfw.tools.ide.url.model.file.json.Cve;
8	import com.devonfw.tools.ide.version.GenericVersionRange;
9
10	/**
11	* Container for {@link #getIssues() vulnerabilities} with internal scoring.
12	*/
13	public class ToolVulnerabilities implements Comparable<ToolVulnerabilities> {
14
15	/** The empty {@link ToolVulnerabilities} instance. */
16	public static final ToolVulnerabilities EMPTY = new ToolVulnerabilities(List.of());	6✔
17
18	private final List<Cve> issues;
19
20	private final double maxSeverity;
21
22	private final double severitySum;
23
24	/**
25	* The constructor.
26	*
27	* @param issues the {@link Collection} of
28	*/
29	private ToolVulnerabilities(Collection<Cve> issues) {	2✔
30	this.issues = List.copyOf(issues);	4✔
31	double max = 0;	2✔
32	double sum = 0;	2✔
33	for (Cve issue : issues) {	10✔
34	double severity = issue.severity();	3✔
35	sum += severity;	4✔
36	if (severity > max) {	4✔
37	max = severity;	2✔
38	}
39	}	1✔
40	this.maxSeverity = max;	3✔
41	this.severitySum = sum;	3✔
42	}	1✔
43
44	/**
45	* @return the {@link Collection} of {@link Cve}s.
46	*/
47	public Collection<Cve> getIssues() {
48
49	return issues;	3✔
50	}
51
52	@Override
53	public int compareTo(ToolVulnerabilities o) {
54
55	if (o == null) {	2!
56	return 1;	×
57	} else if (this.maxSeverity < o.maxSeverity) {	6✔
58	return -1;	2✔
59	} else if (this.maxSeverity > o.maxSeverity) {	6✔
60	return 1;	2✔
61	} else if (this.severitySum < o.severitySum) {	6!
62	return -1;	×
63	} else if (this.severitySum > o.severitySum) {	6!
64	return 1;	×
65	}
66	return 0;	2✔
67	}
68
69	/**
70	* @param other the {@link ToolVulnerabilities} to compare to.
71	* @return {@code true} if this {@link ToolVulnerabilities} is safer than the given {@link ToolVulnerabilities}, {@code false} otherwise (equal or unsafer).
72	*/
73	public boolean isSafer(ToolVulnerabilities other) {
74	if (other == null) {	2!
75	return true;	×
76	}
77	return this.compareTo(other) < 0;	8✔
78	}
79
80	/**
81	* @param other the {@link ToolVulnerabilities} to compare to.
82	* @return {@code true} if this {@link ToolVulnerabilities} is safer than or equal to the given {@link ToolVulnerabilities}, {@code false} otherwise
83	* (unsafer).
84	*/
85	public boolean isSaferOrEqual(ToolVulnerabilities other) {
86	if (other == null) {	2!
87	return true;	×
88	}
89	return this.compareTo(other) <= 0;	8✔
90	}
91
92	@Override
93	public String toString() {
94
95	return toString(null);	×
96	}
97
98	/**
99	* @param toolEditionAndVersion the optional {@link ToolEditionAndVersion}.
100	* @return the {@link String} representation of this {@link ToolVulnerabilities}.
101	*/
102	public String toString(ToolEditionAndVersion toolEditionAndVersion) {
103
104	StringBuilder sb = new StringBuilder();	4✔
105	char separator = '.';	2✔
106	if (this.issues.isEmpty()) {	4✔
107	sb.append("No CVEs found");	5✔
108	} else {
109	sb.append("Found ").append(this.issues.size()).append(" CVE(s)");	10✔
110	separator = ':';	2✔
111	}
112	if (toolEditionAndVersion != null) {	2!
113	GenericVersionRange version = toolEditionAndVersion.getResolvedVersion();	3✔
114	if (version == null) {	2!
115	version = toolEditionAndVersion.getVersion();	×
116	}
117	sb.append(" for version ").append(version).append(" of tool ").append(toolEditionAndVersion.getEdition());	11✔
118	}
119	sb.append(separator);	4✔
120	for (Cve issue : issues) {	11✔
121	sb.append('\n');	4✔
122	sb.append(issue.toString());	5✔
123	}	1✔
124	return sb.toString();	3✔
125	}
126
127	/**
128	* @param issues the {@link Collection} of {@link Cve}s.
129	* @return the according {@link ToolVulnerabilities}.
130	*/
131	public static ToolVulnerabilities of(Collection<Cve> issues) {
132	if (issues.isEmpty()) {	3✔
133	return EMPTY;	2✔
134	}
135	return new ToolVulnerabilities(issues);	5✔
136	}
137	}

devonfw / IDEasy / 20003978026

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous