devonfw#103: fixed NPEs and other issues

adjusted getCpeVendor and getCpeProduct to return the tool name instead of an empty string removed unused urlEdition param from getCpeEdition added workaround for intellij #1378 fixed NPE's (added checks for missing UrlUpdaters)
MattesMrzik · Feb 29, 2024 · 4d6766c · 4d6766c
1 parent 69e1fdd
commit 4d6766c
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 17 deletions.
diff --git a/cli/src/main/java/com/devonfw/tools/ide/url/updater/AbstractUrlUpdater.java b/cli/src/main/java/com/devonfw/tools/ide/url/updater/AbstractUrlUpdater.java
@@ -103,24 +103,23 @@ protected final String getToolWithEdition() {
    */
   public String getCpeVendor() {
 
-    return "";
+    return getTool();
   }
 
   /**
    * @return the product name of the tool as specified in the CPE (Common Platform Enumeration)
    */
   public String getCpeProduct() {
 
-    return "";
+    return getTool();
   }
 
   /**
-   * @param urlEdition the {@link UrlEdition} to get the CPE (Common Platform Enumeration) edition for.
    * @return the edition as specified in the CPE.
    */
-  public String getCpeEdition(String urlEdition) {
+  public String getCpeEdition() {
 
-    return "";
+    return getTool();
   }
 
   /**

diff --git a/cli/src/main/java/com/devonfw/tools/ide/url/updater/UpdateManager.java b/cli/src/main/java/com/devonfw/tools/ide/url/updater/UpdateManager.java
@@ -108,8 +108,16 @@ public void updateAll() {
    */
   public AbstractUrlUpdater retrieveUrlUpdater(String tool, String edition) {
 
-    return updaters.stream().filter(updater -> updater.getTool().equals(tool) && updater.getEdition().equals(edition))
-        .findFirst().orElse(null);
+    for (AbstractUrlUpdater updater : updaters) {
+      // TODO: fix this ugly hack for intellij see: https://github.com/devonfw/ide/issues/1378
+      if (updater.getTool().equals(tool) && edition.equals("intellij")) {
+        return updater;
+      }
+      if (updater.getTool().equals(tool) && updater.getEdition().equals(edition)) {
+        return updater;
+      }
+    }
+    return null;
   }
 
   public UrlRepository getUrlRepository() {

diff --git a/security/src/main/java/com/devonfw/tools/security/BuildSecurityJsonFiles.java b/security/src/main/java/com/devonfw/tools/security/BuildSecurityJsonFiles.java
@@ -5,6 +5,7 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Locale;
@@ -111,14 +112,17 @@ private static void run() {
 
     initCvesToIgnore();
     UpdateManager updateManager = new UpdateManager(context.getUrlsPath(), null);
-    Dependency[] dependencies = getDependenciesWithVulnerabilities(updateManager);
+    List<Dependency> dependencies = getDependenciesWithVulnerabilities(updateManager);
     Set<Pair<String, String>> foundToolsAndEditions = new HashSet<>();
     for (Dependency dependency : dependencies) {
       String filePath = dependency.getFilePath();
       Path parent = Paths.get(filePath).getParent();
       String tool = parent.getParent().getParent().getFileName().toString();
       String edition = parent.getParent().getFileName().toString();
       AbstractUrlUpdater urlUpdater = updateManager.retrieveUrlUpdater(tool, edition);
+      if (urlUpdater == null) {
+        continue;
+      }
       UrlSecurityJsonFile securityFile = context.getUrls().getEdition(tool, edition).getSecurityJsonFile();
       boolean newlyAdded = foundToolsAndEditions.add(new Pair<>(tool, edition));
       if (newlyAdded) { // to assure that the file is cleared only once per tool and edition
@@ -153,6 +157,7 @@ private static Map<String, String> buildCpeToUrlVersionMap(String tool, String e
 
     List<String> sortedVersions = context.getUrls().getSortedVersions(tool, edition).stream()
         .map(VersionIdentifier::toString).toList();
+
     List<String> sortedCpeVersions = sortedVersions.stream().map(urlUpdater::mapUrlVersionToCpeVersion)
         .collect(Collectors.toList());
     Map<String, String> cpeToUrlVersion = MapUtil.createMapfromLists(sortedCpeVersions, sortedVersions);
@@ -163,13 +168,13 @@ private static Map<String, String> buildCpeToUrlVersionMap(String tool, String e
    * Uses the {@link Engine OWASP engine} to scan the {@link AbstractIdeContext#getUrlsPath() ide-url} folder for
    * dependencies and then runs {@link Engine#analyzeDependencies() analyzes} them to get the {@link Vulnerability
    * vulnerabilities}.
-   * 
+   *
    * @param updateManager the {@link UpdateManager} to use to get the {@link AbstractUrlUpdater} of the tool to get CPE
    *        Vendor, CPE Product and CPE edition of the tool, as well as the
    *        {@link AbstractUrlUpdater#mapCpeVersionToUrlVersion(String) CPE naming of its version}
    * @return the {@link Dependency dependencies} with associated {@link Vulnerability vulnerabilities}.
    */
-  private static Dependency[] getDependenciesWithVulnerabilities(UpdateManager updateManager) {
+  private static List<Dependency> getDependenciesWithVulnerabilities(UpdateManager updateManager) {
 
     Settings settings = new Settings();
     Engine engine = new Engine(settings);
@@ -189,8 +194,11 @@ private static Dependency[] getDependenciesWithVulnerabilities(UpdateManager upd
       throw new RuntimeException(e);
     }
     Dependency[] dependencies = engine.getDependencies();
+    // remove dependencies without vulnerabilities
+    List<Dependency> dependenciesFiltered = Arrays.stream(dependencies)
+        .filter(dependency -> !dependency.getVulnerabilities().isEmpty()).toList();
     engine.close();
-    return dependencies;
+    return dependenciesFiltered;
   }
 
   /**

diff --git a/security/src/main/java/com/devonfw/tools/security/UrlAnalyzer.java b/security/src/main/java/com/devonfw/tools/security/UrlAnalyzer.java
@@ -1,7 +1,9 @@
 package com.devonfw.tools.security;
 
-import com.devonfw.tools.ide.url.updater.AbstractUrlUpdater;
-import com.devonfw.tools.ide.url.updater.UpdateManager;
+import java.io.FileFilter;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer;
 import org.owasp.dependencycheck.analyzer.AnalysisPhase;
@@ -11,9 +13,8 @@
 import org.owasp.dependencycheck.dependency.EvidenceType;
 import org.owasp.dependencycheck.exception.InitializationException;
 
-import java.io.FileFilter;
-import java.nio.file.Path;
-import java.nio.file.Paths;
+import com.devonfw.tools.ide.url.updater.AbstractUrlUpdater;
+import com.devonfw.tools.ide.url.updater.UpdateManager;
 
 /**
  * Analyzes file paths to detect tool, edition and version of software listed in a directory structure like this:
@@ -56,9 +57,13 @@ protected void analyzeDependency(Dependency dependency, Engine engine) {
 
     AbstractUrlUpdater urlUpdater = this.updateManager.retrieveUrlUpdater(tool, edition);
 
+    if (urlUpdater == null) {
+      return;
+    }
+
     String cpeVendor = urlUpdater.getCpeVendor();
     String cpeProduct = urlUpdater.getCpeProduct();
-    String cpeEdition = urlUpdater.getCpeEdition(edition);
+    String cpeEdition = urlUpdater.getCpeEdition();
     String cpeVersion = urlUpdater.mapUrlVersionToCpeVersion(versionFolder.getFileName().toString());
 
     if (cpeVendor.isBlank() || cpeProduct.isBlank()) {