Skip to content

Commit

Permalink
refactor(VulnerableCode): Update two response property names
Browse files Browse the repository at this point in the history 
The `unresolvedVulnerabilities` and `resolvedVulnerabilities` properties
have been renamed in the VulnerableCode 30.0.0 [1]. Update to the new
`affectedByVulnerabilities` and `fixingVulnerabilities` names which are
used by the public server instance, but keep the previous names for
compatibility with older server instances running on premise. Note that
`@JsonNames` takes raw property names after any `JsonNamingStrategy` was
applied. Also adjust the test asset to only include either name for a
field.

[1]: https://github.com/nexB/vulnerablecode/blob/main/CHANGELOG.rst#version-v3000

Signed-off-by: Sebastian Schuberth <[email protected]>
  • Loading branch information
@sschuberth
sschuberth committed Oct 31, 2023
1 parent 09ae12b commit 561ef19
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 22 deletions.
4 changes: 2 additions & 2 deletions advisor/src/main/kotlin/advisors/VulnerableCode.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -99,10 +99,10 @@ class VulnerableCode(name: String, config: VulnerableCodeConfiguration) : Advice
purls.chunked(BULK_REQUEST_SIZE).forEach { chunk ->
runCatching {
val chunkVulnerabilities = service.getPackageVulnerabilities(PackagesWrapper(chunk)).filter {
it.unresolvedVulnerabilities.isNotEmpty()
it.affectedByVulnerabilities.isNotEmpty()
}

allVulnerabilities += chunkVulnerabilities.associate { it.purl to it.unresolvedVulnerabilities }
allVulnerabilities += chunkVulnerabilities.associate { it.purl to it.affectedByVulnerabilities }
}.onFailure {
// Create dummy entries for all packages in the chunk as the current data model does not allow to return
// issues that are not associated to any package.
Expand Down
22 changes: 4 additions & 18 deletions advisor/src/test/assets/__files/vulnerable-code/response_junit.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,21 +9,6 @@
"qualifiers": {},
"subpath": "",
"affected_by_vulnerabilities": [
{
"url": "http://public.vulnerablecode.io/api/vulnerabilities/1265",
"vulnerability_id": "VCID-e1bu-4uh4-aaac",
"summary": "",
"fixed_packages": [
{
"url": "http://public.vulnerablecode.io/api/packages/99502",
"purl": "pkg:maven/junit/[email protected]",
"is_vulnerable": false
}
]
}
],
"fixing_vulnerabilities": [],
"unresolved_vulnerabilities": [
{
"url": "http://public.vulnerablecode.io/api/vulnerabilities/1265",
"vulnerability_id": "VCID-e1bu-4uh4-aaac",
Expand Down Expand Up @@ -55,8 +40,8 @@
}
],
"aliases": [
"CVE-2020-15250",
"GHSA-269g-pwp5-87pp"
"CVE-2020-15250",
"GHSA-269g-pwp5-87pp"
],
"fixed_packages": [
{
Expand All @@ -66,6 +51,7 @@
}
]
}
]
],
"fixing_vulnerabilities": []
}
]
7 changes: 5 additions & 2 deletions clients/vulnerable-code/src/main/kotlin/VulnerableCodeService.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import com.jakewharton.retrofit2.converter.kotlinx.serialization.asConverterFact

import kotlinx.serialization.Serializable
import kotlinx.serialization.json.Json
import kotlinx.serialization.json.JsonNames
import kotlinx.serialization.json.JsonNamingStrategy

import okhttp3.MediaType.Companion.toMediaType
Expand Down Expand Up @@ -139,10 +140,12 @@ interface VulnerableCodeService {
val purl: String,

/** An optional list with vulnerabilities that have not yet been resolved. */
val unresolvedVulnerabilities: List<Vulnerability> = emptyList(),
@JsonNames("unresolved_vulnerabilities")
val affectedByVulnerabilities: List<Vulnerability> = emptyList(),

/** An optional list with vulnerabilities that have already been resolved. */
val resolvedVulnerabilities: List<Vulnerability> = emptyList()
@JsonNames("resolved_vulnerabilities")
val fixingVulnerabilities: List<Vulnerability> = emptyList()
)

/**
Expand Down

0 comments on commit 561ef19

Please sign in to comment.