Skip to content

Commit

Permalink
Add a custom deserializer for the Vulnerability class
Browse files Browse the repository at this point in the history
With the changes on the data structures to store vulnerabilities,
older ORT results can no longer be deserialized. To fix this, add a
custom deserializer, which can handle both the old and the new format
of vulnerability information.

Signed-off-by: Oliver Heger <[email protected]>
  • Loading branch information
oheger-bosch committed Apr 8, 2021
1 parent 096a1c4 commit 25fa967
Show file tree
Hide file tree
Showing 4 changed files with 12,603 additions and 0 deletions.
33 changes: 33 additions & 0 deletions model/src/main/kotlin/Vulnerability.kt
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,22 @@

package org.ossreviewtoolkit.model

import com.fasterxml.jackson.core.JsonParser
import com.fasterxml.jackson.databind.DeserializationContext
import com.fasterxml.jackson.databind.JsonNode
import com.fasterxml.jackson.databind.annotation.JsonDeserialize
import com.fasterxml.jackson.databind.deser.std.StdDeserializer
import com.fasterxml.jackson.module.kotlin.jacksonTypeRef

import java.net.URI

/**
* Base model for all vulnerability providers supported by the advisor.
*
* This class stores the information about a single vulnerability, which may have been retrieved from multiple
* vulnerability providers. For each source of information a [VulnerabilityReference] is contained.
*/
@JsonDeserialize(using = VulnerabilityDeserializer::class)
data class Vulnerability(
/**
* The ID of a vulnerability. Most likely a CVE identifier.
Expand Down Expand Up @@ -94,3 +104,26 @@ data class Vulnerability(
}
}
}

/**
* A custom deserializer to support the deserialization of [Vulnerability] instances using an older format, in which
* detailed information was embedded into the class rather than externalized in [VulnerabilityReference] objects.
*/
private class VulnerabilityDeserializer : StdDeserializer<Vulnerability>(Vulnerability::class.java) {
override fun deserialize(p: JsonParser, ctx: DeserializationContext): Vulnerability {
val vulnerabilityNode = p.codec.readTree<JsonNode>(p)
val id = vulnerabilityNode["id"].textValue()

return if (vulnerabilityNode["references"] != null) {
val references = jsonMapper.convertValue(
vulnerabilityNode["references"], jacksonTypeRef<List<VulnerabilityReference>>()
)
Vulnerability(id, references)
} else {
val severity = vulnerabilityNode["severity"].floatValue()
val uri = vulnerabilityNode["url"].textValue()
val reference = VulnerabilityReference(URI(uri), null, severity.toString())
Vulnerability(id, listOf(reference))
}
}
}
Loading

0 comments on commit 25fa967

Please sign in to comment.