Release 3.0.3 fixed bug caused by EPSS changing response format. Bett…

…er diagnostic output in exception cases.

CHANGELOG.txt

@@ -1,3 +1,9 @@
+Release 3.0.3:
+
+Fixed bug caused by EPSS API changing response format - now ignores new fields
+Better diagnostics in exception conditions (separate message for files not found, error trace when EPSS API
+generates exception)
+
 Release 3.0.2:
 
 If the scan date is today, TrivySummary now omits the date from the EPSS Query as this

src/main/java/com/fujitsu/edgewareroad/trivysummary/TrivyScanCouldNotRetrieveEPSSScoresException.java

@@ -1,8 +1,8 @@
 package com.fujitsu.edgewareroad.trivysummary;
 
 public class TrivyScanCouldNotRetrieveEPSSScoresException extends Exception {
-    public TrivyScanCouldNotRetrieveEPSSScoresException(String message)
+    public TrivyScanCouldNotRetrieveEPSSScoresException(String message, Exception e)
     {
-        super(message);
+        super(message, e);
     }
 }

src/main/java/com/fujitsu/edgewareroad/trivysummary/TrivySummary.java

@@ -166,7 +166,7 @@ public boolean summariseTrivyHistory(String title) throws IOException, TrivyScan
 					updateEPSSScores(openVulnerabilities, false, epssQueryDate);
 					openVulnerabilities.prioritiseForRemediation(configuration.getPriorityModel());
 				} catch (Exception e) {
-					throw new TrivyScanCouldNotRetrieveEPSSScoresException(String.format("Could not retrieve EPSS scores for open vulnerabilities; Cannot create graph or prioritise vulnerabilities. Please check connectivity to %s or re-run TrivySummary with --offline.", BASE_EPSS_API_URL));
+					throw new TrivyScanCouldNotRetrieveEPSSScoresException(String.format("Could not retrieve EPSS scores for open vulnerabilities; Cannot create graph or prioritise vulnerabilities. Please check connectivity to %s or re-run TrivySummary with --offline.", BASE_EPSS_API_URL), e);
 				}
 				// Now update EPSS scores for closed vulnerabilities.
 				try {
@@ -251,7 +251,7 @@ else if (history.getScanHistory().size() == 1)
 					updateEPSSScores(openVulnerabilities, false, epssQueryDate);
 					openVulnerabilities.prioritiseForRemediation(configuration.getPriorityModel());
 				} catch (Exception e) {
-					throw new TrivyScanCouldNotRetrieveEPSSScoresException(String.format("Could not retrieve EPSS scores for open vulnerabilities; Cannot create graph or prioritise vulnerabilities. Please check connectivity to %s or re-run TrivySummary with --offline.", BASE_EPSS_API_URL));
+					throw new TrivyScanCouldNotRetrieveEPSSScoresException(String.format("Could not retrieve EPSS scores for open vulnerabilities; Cannot create graph or prioritise vulnerabilities. Please check connectivity to %s or re-run TrivySummary with --offline.", BASE_EPSS_API_URL), e);
 				}
 				// Now update EPSS scores for whitelisted vulnerabilities.
 				try {

src/main/java/com/fujitsu/edgewareroad/trivysummary/TrivySummaryApp.java

@@ -24,6 +24,7 @@
 import java.util.stream.Collectors;
 import java.util.stream.IntStream;
 
+import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.nio.file.Path;
@@ -184,14 +185,20 @@ else if (inputFiles.size() == 1)
 						displayHelp();
 						this.exitCode = -1;
 						return;
+					} catch (FileNotFoundException e) {
+						output("ERROR: Priority model not found %s", priorityModelPath.toString());
+						output("");
+						displayHelp();
+						this.exitCode = -1;
+						return;
 					} catch (IOException e) {
 						output("ERROR: File IO exception for priority model %s", priorityModelPath.toString());
 						output("");
 						displayHelp();
 						this.exitCode = -1;
 						return;
 					}
-				}
+		}
 			}
 		}
 
@@ -222,6 +229,12 @@ else if (inputFiles.size() == 1)
 					displayHelp();
 					this.exitCode = -1;
 					return;
+				} catch (FileNotFoundException e) {
+					output("ERROR: Whitelist file not found %s", whiteListFilePath.toString());
+					output("");
+					displayHelp();
+					this.exitCode = -1;
+					return;
 				} catch (IOException e) {
 					output("ERROR: File IO exception for whitelist file %s", whiteListFilePath.toString());
 					output("");
@@ -239,6 +252,12 @@ else if (inputFiles.size() == 1)
 
 			try {
 				worker.addTrivyScanFileToHistory(filePath);
+			} catch (FileNotFoundException e) {
+				output("ERROR: Could not find input file %s", filePath.toString());
+				output("");
+				displayHelp();
+				this.exitCode = -1;
+				return;
 			} catch (IOException e) {
 				output("ERROR: Could not read input file %s", filePath.toString());
 				output("");
@@ -273,6 +292,7 @@ else if (inputFiles.size() == 1)
 			return;
 		} catch (TrivyScanCouldNotRetrieveEPSSScoresException e) {
 			output("ERROR: %s", e.getMessage());
+			output("Cause of EPSS score retrieval failure: %s: %s", e.getCause().getClass().getName(), e.getCause().getMessage());
 			this.exitCode = -1;
 			return;
 		}

src/main/java/com/fujitsu/edgewareroad/trivyutils/dto/firstapiv1/EPSSResponse.java

@@ -1,7 +1,9 @@
 package com.fujitsu.edgewareroad.trivyutils.dto.firstapiv1;
 
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+@JsonIgnoreProperties(ignoreUnknown = true)
 public class EPSSResponse {
     @JsonProperty
     private String status;

src/main/resources/application.properties

@@ -1,4 +1,4 @@
-trivysummary.version=3.0.2
+trivysummary.version=3.0.3
 
 logging.level.root=ERROR