diff --git a/cli/src/main/java/com/devonfw/tools/ide/common/SystemPath.java b/cli/src/main/java/com/devonfw/tools/ide/common/SystemPath.java index ac24d3a99..9219eea93 100644 --- a/cli/src/main/java/com/devonfw/tools/ide/common/SystemPath.java +++ b/cli/src/main/java/com/devonfw/tools/ide/common/SystemPath.java @@ -166,6 +166,7 @@ public Path getPath(String tool) { */ public void setPath(String tool, Path path) { + this.paths.add(path); this.tool2pathMap.put(tool, path); } diff --git a/cli/src/main/java/com/devonfw/tools/ide/tool/GlobalToolCommandlet.java b/cli/src/main/java/com/devonfw/tools/ide/tool/GlobalToolCommandlet.java index b4ae9822c..981dceff2 100644 --- a/cli/src/main/java/com/devonfw/tools/ide/tool/GlobalToolCommandlet.java +++ b/cli/src/main/java/com/devonfw/tools/ide/tool/GlobalToolCommandlet.java @@ -47,10 +47,8 @@ protected boolean doInstall(boolean silent) { String edition = getEdition(); ToolRepository toolRepository = this.context.getDefaultToolRepository(); VersionIdentifier configuredVersion = getConfiguredVersion(); - VersionIdentifier selectedVersion = securityRiskInteraction(configuredVersion); - System.out.println("Selected version: " + selectedVersion); - + setVersion(selectedVersion, silent); VersionIdentifier resolvedVersion = toolRepository.resolveVersion(this.tool, edition, selectedVersion); // download and install the global tool FileAccess fileAccess = this.context.getFileAccess(); diff --git a/cli/src/main/java/com/devonfw/tools/ide/tool/LocalToolCommandlet.java b/cli/src/main/java/com/devonfw/tools/ide/tool/LocalToolCommandlet.java index a77363e49..cbb5e57f0 100644 --- a/cli/src/main/java/com/devonfw/tools/ide/tool/LocalToolCommandlet.java +++ b/cli/src/main/java/com/devonfw/tools/ide/tool/LocalToolCommandlet.java @@ -60,15 +60,10 @@ public Path getToolBinPath() { protected boolean doInstall(boolean silent) { VersionIdentifier configuredVersion = getConfiguredVersion(); - VersionIdentifier selectedVersion = securityRiskInteraction(configuredVersion); - - System.out.println("Selected version: " + selectedVersion); - + setVersion(selectedVersion, silent); // install configured version of our tool in the software repository if not already installed ToolInstallation installation = installInRepo(selectedVersion); - - // check if we already have this version installed (linked) locally in IDE_HOME/software VersionIdentifier installedVersion = getInstalledVersion(); VersionIdentifier resolvedVersion = installation.resolvedVersion(); diff --git a/cli/src/main/java/com/devonfw/tools/ide/tool/ToolCommandlet.java b/cli/src/main/java/com/devonfw/tools/ide/tool/ToolCommandlet.java index b64636914..fdf081731 100644 --- a/cli/src/main/java/com/devonfw/tools/ide/tool/ToolCommandlet.java +++ b/cli/src/main/java/com/devonfw/tools/ide/tool/ToolCommandlet.java @@ -6,6 +6,7 @@ import java.nio.file.Paths; import java.util.List; import java.util.Set; +import java.util.stream.Collectors; import java.util.stream.Stream; import com.devonfw.tools.ide.cli.CliException; @@ -20,7 +21,8 @@ import com.devonfw.tools.ide.process.ProcessContext; import com.devonfw.tools.ide.process.ProcessErrorHandling; import com.devonfw.tools.ide.property.StringListProperty; -import com.devonfw.tools.ide.url.model.file.json.UrlSecurityJsonFile; +import com.devonfw.tools.ide.url.model.file.UrlSecurityJsonFile; +import com.devonfw.tools.ide.url.model.file.UrlSecurityJsonFile.UrlSecurityWarning; import com.devonfw.tools.ide.util.FilenameUtil; import com.devonfw.tools.ide.version.VersionIdentifier; @@ -173,7 +175,7 @@ public boolean install(boolean silent) { protected String securityRiskInteractionQuestion(String question, String... options) { - question += " Do you want to"; + question += "Do you want to"; for (int i = 0; i < options.length - 1; i++) { options[i] += " or"; } @@ -186,8 +188,8 @@ protected String securityRiskInteractionQuestion(String question, String... opti * * @param configuredVersion the {@link VersionIdentifier} to be checked. * @return the {@link VersionIdentifier} to be used for installation. If the configured version is safe or there are - * no save versions the potentially unresolved configured version is simply returned. Otherwise, a resolved version is - * returned. + * no save versions the potentially unresolved configured version is simply returned. Otherwise, a resolved + * version is returned. */ protected VersionIdentifier securityRiskInteraction(VersionIdentifier configuredVersion) { @@ -225,16 +227,17 @@ protected VersionIdentifier securityRiskInteraction(VersionIdentifier configured break; } } - - String currentIsUnsafe = "Currently, version " + current + " of " + this.getName() + " is installed, " - + "which is has a vulnerability:\n" + " TODO list vulnerability" + "\n\n (See also " + securityFile.getPath() - + ")"; + String cves = securityFile.getMatchingSecurityWarnings(current).stream().map(UrlSecurityWarning::cveName) + .collect(Collectors.joining(", ")); + String currentIsUnsafe = "Currently, version " + current + " of " + this.getName() + " is selected, " + + "which is has one or more vulnerabilities:\n\n" + cves + "\n\n(See also " + securityFile.getPath() + ")\n\n"; String stay = "stay with the current unsafe version (" + current + ")"; String installLatestSafe = "install the latest safe version (" + latestSafe + ")"; String installSafeLatest = "install the (safe) latest version (" + latestSafe + ")"; String installNextSafe = "install the next safe version (" + nextSafe + ")"; - // I don't need to offer "install latest which is unsafe" as option since the user can set to the latest and choose "stay" + // I don't need to offer "install latest which is unsafe" as option since the user can set to the latest and choose + // "stay" if (latestSafe == null) { this.context.warning(currentIsUnsafe + "There is no safe version available."); @@ -257,9 +260,8 @@ protected VersionIdentifier securityRiskInteraction(VersionIdentifier configured return answer.startsWith(stay) ? current : latestSafe; } else if (nextSafe.equals(latestSafe)) { - String answer = securityRiskInteractionQuestion( - currentIsUnsafe + " Of the newer versions, only the version " + nextSafe - + " is safe, Which is not the latest.", stay, "Install the safe version (" + nextSafe + ")"); + String answer = securityRiskInteractionQuestion(currentIsUnsafe + " Of the newer versions, only the version " + + nextSafe + " is safe, Which is not the latest.", stay, "Install the safe version (" + nextSafe + ")"); return answer.startsWith(stay) ? current : nextSafe; } else { diff --git a/cli/src/main/java/com/devonfw/tools/ide/tool/helm/HelmUrlUpdater.java b/cli/src/main/java/com/devonfw/tools/ide/tool/helm/HelmUrlUpdater.java index 6515a3fe2..c819d67ea 100644 --- a/cli/src/main/java/com/devonfw/tools/ide/tool/helm/HelmUrlUpdater.java +++ b/cli/src/main/java/com/devonfw/tools/ide/tool/helm/HelmUrlUpdater.java @@ -29,6 +29,12 @@ protected String getGithubOrganization() { return "helm"; } + @Override + public String mapUrlVersionToCpeVersion(String version) { + + return version.substring(getVersionPrefixToRemove().length()); + } + @Override protected void addVersion(UrlVersion urlVersion) { diff --git a/cli/src/main/java/com/devonfw/tools/ide/tool/java/JavaUrlUpdater.java b/cli/src/main/java/com/devonfw/tools/ide/tool/java/JavaUrlUpdater.java index ecad6ce41..e4d1c0e73 100644 --- a/cli/src/main/java/com/devonfw/tools/ide/tool/java/JavaUrlUpdater.java +++ b/cli/src/main/java/com/devonfw/tools/ide/tool/java/JavaUrlUpdater.java @@ -27,24 +27,15 @@ protected String mapVersion(String version) { } @Override - protected String getCpeVendor() { + public String getCpeVendor() { - // return "vikwp"; - return "eclipse"; + return "eclipse"; } @Override - protected String getCpeProduct() { + public String getCpeProduct() { - // return "vik_booking"; - return "temurin"; - } - - @Override - protected String mapUrlVersionToCpeVersion(String version) { - - // return "1.5.8"; - return version; + return "temurin"; } @Override diff --git a/cli/src/main/java/com/devonfw/tools/ide/url/model/file/json/UrlSecurityJsonFile.java b/cli/src/main/java/com/devonfw/tools/ide/url/model/file/UrlSecurityJsonFile.java similarity index 75% rename from cli/src/main/java/com/devonfw/tools/ide/url/model/file/json/UrlSecurityJsonFile.java rename to cli/src/main/java/com/devonfw/tools/ide/url/model/file/UrlSecurityJsonFile.java index d400e9f1f..18b1e543f 100644 --- a/cli/src/main/java/com/devonfw/tools/ide/url/model/file/json/UrlSecurityJsonFile.java +++ b/cli/src/main/java/com/devonfw/tools/ide/url/model/file/UrlSecurityJsonFile.java @@ -1,4 +1,4 @@ -package com.devonfw.tools.ide.url.model.file.json; +package com.devonfw.tools.ide.url.model.file; import java.io.BufferedWriter; import java.io.IOException; @@ -14,7 +14,6 @@ import org.slf4j.LoggerFactory; import com.devonfw.tools.ide.json.mapping.JsonMapping; -import com.devonfw.tools.ide.url.model.file.AbstractUrlFile; import com.devonfw.tools.ide.url.model.folder.UrlEdition; import com.devonfw.tools.ide.version.VersionIdentifier; import com.devonfw.tools.ide.version.VersionRange; @@ -22,14 +21,33 @@ import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.ObjectMapper; +/** + * {@link UrlFile} for the "security.json" file. + */ public class UrlSecurityJsonFile extends AbstractUrlFile { + /*** + * A simple container with the information about a security warning. + * + * @param versionRange the version range, specifying the versions of the tool to which the security risk applies. + * @param severity the severity of the security risk. + * @param severityVersion Indicating from which version the {@code severity} was obtained. As of December 2023, this + * is either v2 or v3. + * @param cveName the name of the CVE (Common Vulnerabilities and Exposures). + * @param description the description of the CVE. + * @param nistUrl the url to the CVE on the NIST website. + * @param referenceUrl the urls where additional information about the CVE can be found. + */ + public record UrlSecurityWarning(VersionRange versionRange, BigDecimal severity, String severityVersion, + String cveName, String description, String nistUrl, List referenceUrl) { + }; + /** {@link #getName() Name} of security json file. */ public static final String FILENAME_SECURITY = "security.json"; private static final Logger LOG = LoggerFactory.getLogger(UrlSecurityJsonFile.class); - Set warnings; + private Set warnings; /** * The constructor. @@ -45,21 +63,21 @@ public UrlSecurityJsonFile(UrlEdition parent) { /*** * Adds a new security warning to the security json file. * - * @param versionRange the version range, specifying the versions of the tool to which the security risk applies + * @param versionRange the version range, specifying the versions of the tool to which the security risk applies. * @param severity the severity of the security risk. * @param severityVersion Indicating from which version the {@code severity} was obtained. As of December 2023, this - * is either v2 or v3. + * is either v2 or v3. * @param cveName the name of the CVE (Common Vulnerabilities and Exposures). * @param description the description of the CVE. * @param nistUrl the url to the CVE on the NIST website. * @param referenceUrl the urls where additional information about the CVE can be found. * @return {@code true} if the security match was added, {@code false} if it was already present. */ - public boolean addSecurityWarning(VersionRange versionRange, BigDecimal severity, String severityVersion, String cveName, - String description, String nistUrl, List referenceUrl) { + public boolean addSecurityWarning(VersionRange versionRange, BigDecimal severity, String severityVersion, + String cveName, String description, String nistUrl, List referenceUrl) { - UrlSecurityWarning newWarning = new UrlSecurityWarning(versionRange, severity, severityVersion, cveName, description, nistUrl, - referenceUrl); + UrlSecurityWarning newWarning = new UrlSecurityWarning(versionRange, severity, severityVersion, cveName, + description, nistUrl, referenceUrl); boolean added = warnings.add(newWarning); this.modified = this.modified || added; return added; @@ -136,8 +154,4 @@ protected void doSave() { throw new IllegalStateException("Failed to save file " + path, e); } } -} - -record UrlSecurityWarning(VersionRange versionRange, BigDecimal severity, String severityVersion, String cveName, String description, String nistUrl, - List referenceUrl) { -}; \ No newline at end of file +} \ No newline at end of file diff --git a/cli/src/main/java/com/devonfw/tools/ide/url/model/folder/UrlEdition.java b/cli/src/main/java/com/devonfw/tools/ide/url/model/folder/UrlEdition.java index b3f0fdea3..9ee4f71e3 100644 --- a/cli/src/main/java/com/devonfw/tools/ide/url/model/folder/UrlEdition.java +++ b/cli/src/main/java/com/devonfw/tools/ide/url/model/folder/UrlEdition.java @@ -2,7 +2,7 @@ import com.devonfw.tools.ide.url.model.AbstractUrlFolderWithParent; import com.devonfw.tools.ide.url.model.file.UrlSecurityFile; -import com.devonfw.tools.ide.url.model.file.json.UrlSecurityJsonFile; +import com.devonfw.tools.ide.url.model.file.UrlSecurityJsonFile; /** * An {@link UrlFolder} representing the actual edition of a {@link UrlTool}. The default edition may have the same diff --git a/cli/src/test/java/com/devonfw/tools/ide/tool/ToolCommandletTest.java b/cli/src/test/java/com/devonfw/tools/ide/tool/ToolCommandletTest.java index da3da87e7..c70bfcbd8 100644 --- a/cli/src/test/java/com/devonfw/tools/ide/tool/ToolCommandletTest.java +++ b/cli/src/test/java/com/devonfw/tools/ide/tool/ToolCommandletTest.java @@ -1,16 +1,16 @@ package com.devonfw.tools.ide.tool; -import com.devonfw.tools.ide.context.IdeTestContext; -import com.devonfw.tools.ide.url.model.file.json.UrlSecurityJsonFile; -import com.devonfw.tools.ide.version.VersionRange; +import java.nio.file.Path; + import org.junit.jupiter.api.Test; import com.devonfw.tools.ide.context.AbstractIdeContextTest; import com.devonfw.tools.ide.context.IdeContext; +import com.devonfw.tools.ide.context.IdeTestContext; import com.devonfw.tools.ide.tool.az.Azure; +import com.devonfw.tools.ide.url.model.file.UrlSecurityJsonFile; import com.devonfw.tools.ide.version.VersionIdentifier; - -import java.nio.file.Path; +import com.devonfw.tools.ide.version.VersionRange; /*** * Test of {@link ToolCommandlet}. @@ -215,9 +215,11 @@ public void testSecurityRiskInteractionNoSafeVersionFound() { /*** * Creates the context and data for the tests of {@link ToolCommandlet#securityRiskInteraction(VersionIdentifier)}. * - * @param dummyTool the dummy tool to be used for the tests. The {@link com.devonfw.tools.ide.url.model.folder.UrlVersion folders} - * representing the versions of the dummy tool are created here. - * @param answers the answers to be used for the interaction in {@link ToolCommandlet#securityRiskInteraction(VersionIdentifier)}. + * @param dummyTool the dummy tool to be used for the tests. The + * {@link com.devonfw.tools.ide.url.model.folder.UrlVersion folders} representing the versions of the dummy + * tool are created here. + * @param answers the answers to be used for the interaction in + * {@link ToolCommandlet#securityRiskInteraction(VersionIdentifier)}. * @return the {@link IdeTestContext} to be used for the tests. */ private IdeContext getContextForSecurityJsonTests(Class dummyTool, String... answers) { @@ -234,5 +236,3 @@ private IdeContext getContextForSecurityJsonTests(Class sortedVersions = ideContext.getUrls().getSortedVersions(tool, edition); @@ -95,7 +96,7 @@ private static void run() { Set vulnerabilities = dependency.getVulnerabilities(true); for (Vulnerability vulnerability : vulnerabilities) { - addVulnerabilityToSecurityFile(vulnerability, securityFile, sortedCpeVersions); + addVulnerabilityToSecurityFile(vulnerability, securityFile, sortedVersions, sortedCpeVersions); } securityFile.save(); } @@ -123,14 +124,13 @@ private static Dependency[] getDependenciesWithVulnerabilities(UpdateManager upd } private static void addVulnerabilityToSecurityFile(Vulnerability vulnerability, UrlSecurityJsonFile securityFile, - List sortedVersions) { + List sortedVersions, List sortedCpeVersions) { if (vulnerability.getCvssV2() == null && vulnerability.getCvssV3() == null) { throw new RuntimeException("Vulnerability without severity found: " + vulnerability.getName()); } boolean hasV3Severity = vulnerability.getCvssV3() != null; - double severityDouble = hasV3Severity - ? vulnerability.getCvssV3().getBaseScore() + double severityDouble = hasV3Severity ? vulnerability.getCvssV3().getBaseScore() : vulnerability.getCvssV2().getScore(); String formatted = String.format(Locale.US, "%.1f", severityDouble); BigDecimal severity = new BigDecimal(formatted); @@ -143,18 +143,19 @@ private static void addVulnerabilityToSecurityFile(Vulnerability vulnerability, if (referenceUrls.isEmpty()) { referenceUrls.add("No references found, try searching for the CVE name (" + cveName + ") on the web."); } - boolean toLowSeverity = hasV3Severity - ? severity.compareTo(minV3Severity) < 0 + boolean toLowSeverity = hasV3Severity ? severity.compareTo(minV3Severity) < 0 : severity.compareTo(minV2Severity) < 0; if (toLowSeverity) { return; } - VersionRange versionRange = getVersionRangeFromVulnerability(sortedVersions, vulnerability); + VersionRange versionRange = getVersionRangeFromVulnerability(sortedVersions, sortedCpeVersions, vulnerability); if (versionRange == null) { logger.info( - "Vulnerability {} is not relevant because its affected versions have no overlap with the versions available " - + "through IDEasy.", vulnerability.getName()); + "Vulnerability {} seems to be irrelevant because its affected versions have no overlap with the versions " + + "available through IDEasy. If you think the versions should match, see the methode " + + "mapUrlVersionToCpeVersion() in the UrlUpdater of the tool.", + vulnerability.getName()); return; } @@ -166,13 +167,14 @@ private static void addVulnerabilityToSecurityFile(Vulnerability vulnerability, /*** * From the vulnerability determine the {@link VersionRange versionRange} to which the vulnerability applies. * - * @param sortedVersions sorted versions of the tool available through IDEasy. Must match the format of the versions - * in the vulnerability. See {@link AbstractUrlUpdater#mapUrlVersionToCpeVersion(String)}. + * @param sortedVersions sorted versions of the tool available through IDEasy. + * @param sortedCpeVersions sorted versions of the tool. Must match the format of the CPE versions. See + * {@link AbstractUrlUpdater#mapUrlVersionToCpeVersion(String)}. * @param vulnerability the vulnerability determined by OWASP dependency check. * @return the {@link VersionRange versionRange} to which the vulnerability applies. */ static VersionRange getVersionRangeFromVulnerability(List sortedVersions, - Vulnerability vulnerability) { + List sortedCpeVersions, Vulnerability vulnerability) { VulnerableSoftware matchedVulnerableSoftware = vulnerability.getMatchedVulnerableSoftware(); String vEndExcluding = matchedVulnerableSoftware.getVersionEndExcluding(); @@ -184,26 +186,35 @@ static VersionRange getVersionRangeFromVulnerability(List sor return VersionRange.of(">"); } - return getVersionRangeFromInterval(sortedVersions, vStartExcluding, vStartIncluding, vEndIncluding, vEndExcluding); + return getVersionRangeFromInterval(sortedVersions, sortedCpeVersions, vStartExcluding, vStartIncluding, + vEndIncluding, vEndExcluding); + } + + static VersionRange getVersionRangeFromInterval(List sortedVersions, String vStartExcluding, + String vStartIncluding, String vEndIncluding, String vEndExcluding) { + + return getVersionRangeFromInterval(sortedVersions, sortedVersions, vStartExcluding, vStartIncluding, vEndIncluding, + vEndExcluding); } /*** * From the interval determine the {@link VersionRange versionRange} to which the vulnerability applies. Since the - * versions as specified in the vulnerability might not be in the {@code sortedVersions} list, the {@link VersionRange} - * is determined by finding the versions in the {@code sortedVersions} list that, when selected, cover all affected - * versions correctly. + * versions as specified in the vulnerability might not be in the {@code sortedVersions} list, the + * {@link VersionRange} is determined by finding the versions in the {@code sortedVersions} list that, when selected, + * cover all affected versions correctly. */ - static VersionRange getVersionRangeFromInterval(List sortedVersions, String vStartExcluding, - String vStartIncluding, String vEndIncluding, String vEndExcluding) { + static VersionRange getVersionRangeFromInterval(List sortedVersions, + List sortedCpeVersions, String vStartExcluding, String vStartIncluding, String vEndIncluding, + String vEndExcluding) { VersionIdentifier min = null; if (vStartExcluding != null) { - min = findMinFromStartExcluding(sortedVersions, vStartExcluding); + min = findMinFromStartExcluding(sortedVersions, sortedCpeVersions, vStartExcluding); if (min == null) { return null; } } else if (vStartIncluding != null) { - min = findMinFromStartIncluding(sortedVersions, vStartIncluding); + min = findMinFromStartIncluding(sortedVersions, sortedCpeVersions, vStartIncluding); if (min == null) { return null; } @@ -211,12 +222,12 @@ static VersionRange getVersionRangeFromInterval(List sortedVe VersionIdentifier max = null; if (vEndIncluding != null) { - max = findMaxFromEndIncluding(sortedVersions, vEndIncluding); + max = findMaxFromEndIncluding(sortedVersions, sortedCpeVersions, vEndIncluding); if (max == null) { return null; } } else if (vEndExcluding != null) { - max = findMaxFromEndExcluding(sortedVersions, vEndExcluding); + max = findMaxFromEndExcluding(sortedVersions, sortedCpeVersions, vEndExcluding); if (max == null) { return null; } @@ -224,47 +235,53 @@ static VersionRange getVersionRangeFromInterval(List sortedVe return new VersionRange(min, max); } - private static VersionIdentifier findMinFromStartExcluding(List sortedVs, String vStartExcluding) { + private static VersionIdentifier findMinFromStartExcluding(List sortedVs, + List sortedCpeVs, String vStartExcluding) { VersionIdentifier startExcl = VersionIdentifier.of(vStartExcluding); - for (int i = sortedVs.size() - 1; i >= 0; i--) { - VersionIdentifier version = sortedVs.get(i); + for (int i = sortedCpeVs.size() - 1; i >= 0; i--) { + VersionIdentifier version = sortedCpeVs.get(i); if (version.isGreater(startExcl)) { - return version; + return sortedVs.get(i); } } return null; } - private static VersionIdentifier findMinFromStartIncluding(List sortedVs, String vStartIncluding) { + private static VersionIdentifier findMinFromStartIncluding(List sortedVs, + List sortedCpeVs, String vStartIncluding) { VersionIdentifier startIncl = VersionIdentifier.of(vStartIncluding); - for (int i = sortedVs.size() - 1; i >= 0; i--) { - VersionIdentifier version = sortedVs.get(i); + for (int i = sortedCpeVs.size() - 1; i >= 0; i--) { + VersionIdentifier version = sortedCpeVs.get(i); if (version.compareTo(startIncl) >= 0) { - return version; + return sortedVs.get(i); } } return null; } - private static VersionIdentifier findMaxFromEndIncluding(List sortedVs, String vEndIncluding) { + private static VersionIdentifier findMaxFromEndIncluding(List sortedVs, + List sortedCpeVs, String vEndIncluding) { VersionIdentifier endIncl = VersionIdentifier.of(vEndIncluding); - for (VersionIdentifier version : sortedVs) { + for (int i = 0; i < sortedCpeVs.size(); i++) { + VersionIdentifier version = sortedCpeVs.get(i); if (version.compareTo(endIncl) <= 0) { - return version; + return sortedVs.get(i); } } return null; } - private static VersionIdentifier findMaxFromEndExcluding(List sortedVs, String vEndExcluding) { + private static VersionIdentifier findMaxFromEndExcluding(List sortedVs, + List sortedCpeVs, String vEndExcluding) { VersionIdentifier endExl = VersionIdentifier.of(vEndExcluding); - for (VersionIdentifier version : sortedVs) { + for (int i = 0; i < sortedCpeVs.size(); i++) { + VersionIdentifier version = sortedCpeVs.get(i); if (version.isLess(endExl)) { - return version; + return sortedVs.get(i); } } return null; diff --git a/security/src/main/java/com/devonfw/tools/security/UrlAnalyzer.java b/security/src/main/java/com/devonfw/tools/security/UrlAnalyzer.java index 09ffca6a5..7ec2df8c8 100644 --- a/security/src/main/java/com/devonfw/tools/security/UrlAnalyzer.java +++ b/security/src/main/java/com/devonfw/tools/security/UrlAnalyzer.java @@ -5,7 +5,6 @@ import java.nio.file.Paths; import com.devonfw.tools.ide.url.updater.AbstractUrlUpdater; -import com.devonfw.tools.ide.url.updater.UrlUpdater; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.AbstractFileTypeAnalyzer; import org.owasp.dependencycheck.analyzer.AnalysisPhase; diff --git a/security/src/main/java/com/devonfw/tools/security/UrlFileFilter.java b/security/src/main/java/com/devonfw/tools/security/UrlFileFilter.java index d02fc418b..ca6b5a4fa 100644 --- a/security/src/main/java/com/devonfw/tools/security/UrlFileFilter.java +++ b/security/src/main/java/com/devonfw/tools/security/UrlFileFilter.java @@ -1,23 +1,20 @@ package com.devonfw.tools.security; -import com.devonfw.tools.ide.os.SystemInfo; -import com.devonfw.tools.ide.os.SystemInfoImpl; - import java.io.FileFilter; + +import static com.devonfw.tools.ide.url.model.file.UrlStatusFile.STATUS_JSON; + public class UrlFileFilter implements FileFilter { - final private SystemInfo systemInfo; - private final String os; + public UrlFileFilter() { + + } - public UrlFileFilter() { - this.systemInfo = new SystemInfoImpl(); - this.os = this.systemInfo.getOs().toString(); - } + @Override + public boolean accept(java.io.File pathname) { - @Override - public boolean accept(java.io.File pathname) { - boolean isUrlFile = pathname.toString().endsWith(".urls"); - boolean isCorrectOs = pathname.toString().contains(this.os); - return isUrlFile && isCorrectOs; - } +// System.out.println("UrlFileFilter.accept()" + pathname.getName().equals(STATUS_JSON)); +// return pathname.getName().endsWith("urls") && pathname.getName().startsWith("windows"); + return pathname.getName().equals(STATUS_JSON); + } }