From 13534541c4eda1d60d38990a509666ea5681f5e6 Mon Sep 17 00:00:00 2001 From: Harald Aamot Date: Tue, 12 Nov 2024 20:41:10 +0100 Subject: [PATCH] spotless formatting instead of checkstyle --- pom.xml | 34 +- .../fosstars/advice/AdviceContent.java | 3 +- .../advice/AdviceContentYamlStorage.java | 74 +- .../oss/phosphor/fosstars/advice/Link.java | 3 +- .../fosstars/advice/SimpleAdvice.java | 3 +- .../advice/oss/AbstractOssAdvisor.java | 106 +- .../fosstars/advice/oss/LgtmAdvisor.java | 40 +- .../fosstars/advice/oss/NoHttpAdvisor.java | 16 +- .../oss/OssAdviceContentYamlStorage.java | 28 +- .../advice/oss/OssRulesOfPlayAdvisor.java | 32 +- .../oss/OwaspDependencyCheckAdvisor.java | 70 +- .../fosstars/advice/oss/SigningAdvisor.java | 18 +- .../github/AdviceForGitHubContextFactory.java | 6 +- .../data/AbstractReleaseInfoLoader.java | 82 +- .../AbstractStaticScanToolsDataProvider.java | 14 +- .../fosstars/data/DataProviderSelector.java | 22 +- .../data/SimpleCompositeDataProvider.java | 20 +- .../fosstars/data/StandardValueCache.java | 73 +- .../data/artifact/ReleaseInfoFromMaven.java | 30 +- .../data/artifact/ReleaseInfoLoader.java | 32 +- .../artifact/VulnerabilitiesFromNpmAudit.java | 6 +- ...lnerabilitiesFromOwaspDependencyCheck.java | 192 +- .../AbstractDependencyScanDataProvider.java | 4 +- ...timateImpactUsingKnownVulnerabilities.java | 86 +- .../fosstars/data/github/GitHubDataCache.java | 2 +- .../data/github/GitHubDataFetcher.java | 324 +- .../data/github/GoSecDataProvider.java | 14 +- .../data/github/HasExecutableBinaries.java | 20 +- .../data/github/HasSecurityPolicy.java | 30 +- .../data/github/InfoAboutVulnerabilities.java | 2 +- .../fosstars/data/github/LicenseInfo.java | 64 +- .../data/github/LocalRepositoryInfo.java | 6 +- .../NumberOfDependentProjectOnGitHub.java | 54 +- .../fosstars/data/github/NvdEntryMatcher.java | 82 +- .../data/github/OwaspSecurityLibraries.java | 78 +- .../data/github/PackageManagement.java | 94 +- .../fosstars/data/github/ReadmeInfo.java | 64 +- .../data/github/ReleasesFromGitHub.java | 20 +- .../github/SecurityReviewsFromOpenSSF.java | 140 +- .../data/github/SignsJarArtifacts.java | 34 +- .../data/github/UseReuseDataProvider.java | 180 +- .../fosstars/data/github/UsesDependabot.java | 10 +- .../fosstars/data/github/UsesFindSecBugs.java | 72 +- .../data/github/UsesGithubForDevelopment.java | 58 +- .../fosstars/data/github/UsesNoHttpTool.java | 68 +- .../data/github/UsesOwaspDependencyCheck.java | 26 +- .../fosstars/data/github/UsesSanitizers.java | 92 +- .../fosstars/data/github/UsesSnyk.java | 32 +- .../data/github/VulnerabilityAlertsInfo.java | 36 +- .../graphql/GitHubAdvisories.java | 34 +- .../experimental/graphql/data/Advisory.java | 3 +- .../graphql/data/AdvisoryReference.java | 3 +- .../experimental/graphql/data/Data.java | 3 +- .../graphql/data/GitHubAdvisoryEntry.java | 3 +- .../experimental/graphql/data/Identifier.java | 3 +- .../experimental/graphql/data/Node.java | 3 +- .../experimental/graphql/data/Package.java | 3 +- .../experimental/graphql/data/PageInfo.java | 3 +- .../graphql/data/SecurityAdvisories.java | 3 +- .../graphql/data/SecurityVulnerabilities.java | 3 +- .../AskAboutUnpatchedVulnerabilities.java | 28 +- .../fosstars/data/interactive/AskOptions.java | 22 +- .../data/json/BugBountyProgramStorage.java | 20 +- .../data/json/CompanySupportStorage.java | 20 +- .../data/json/SecurityTeamStorage.java | 20 +- .../json/UnpatchedVulnerabilitiesStorage.java | 126 +- .../fosstars/github/GitHubVisitor.java | 16 +- .../sap/oss/phosphor/fosstars/maven/GAV.java | 40 +- .../phosphor/fosstars/maven/ModelVisitor.java | 18 +- .../phosphor/fosstars/model/Confidence.java | 17 +- .../oss/phosphor/fosstars/model/Label.java | 6 +- .../fosstars/model/RatingRepository.java | 110 +- .../oss/phosphor/fosstars/model/Score.java | 86 +- .../oss/phosphor/fosstars/model/Subject.java | 40 +- .../oss/phosphor/fosstars/model/Weight.java | 28 +- .../model/feature/AbstractFeature.java | 2 +- .../model/feature/BoundedDoubleFeature.java | 2 +- .../model/feature/BoundedIntegerFeature.java | 2 +- .../fosstars/model/feature/EnumFeature.java | 2 +- .../model/feature/PositiveIntegerFeature.java | 20 +- .../feature/example/ExampleFeatures.java | 9 +- .../NumberOfCommitsLastMonthExample.java | 18 +- .../NumberOfContributorsLastMonthExample.java | 18 +- .../model/feature/oss/OssFeatures.java | 6 +- .../fosstars/model/math/DoubleInterval.java | 72 +- .../model/other/ImmutabilityChecker.java | 3 +- .../fosstars/model/other/MakeImmutable.java | 25 +- .../fosstars/model/qa/AbstractTestVector.java | 56 +- .../model/qa/AbstractVerification.java | 18 +- .../fosstars/model/qa/AbstractVerifier.java | 66 +- .../fosstars/model/qa/RatingVerifier.java | 34 +- .../fosstars/model/qa/StandardTestVector.java | 3 +- .../fosstars/model/qa/TestScoreValue.java | 24 +- .../fosstars/model/qa/TestVectorBuilder.java | 6 +- .../fosstars/model/qa/TestVectorResult.java | 12 +- .../model/qa/TestVectorWithDefaults.java | 2 +- .../fosstars/model/qa/TestVectors.java | 54 +- .../fosstars/model/rating/AbstractRating.java | 2 +- .../rating/example/SecurityRatingExample.java | 22 +- .../rating/oss/OssArtifactSecurityRating.java | 18 +- .../rating/oss/OssRulesOfPlayRating.java | 16 +- .../model/rating/oss/OssSecurityRating.java | 16 +- .../oss/SecurityRiskIntroducedByOss.java | 52 +- .../fosstars/model/score/AbstractScore.java | 236 +- .../model/score/AverageCompositeScore.java | 2 +- .../model/score/FeatureBasedScore.java | 2 +- .../model/score/WeightedCompositeScore.java | 2 +- .../model/score/example/ExampleScores.java | 8 +- .../example/ProjectActivityScoreExample.java | 3 +- .../oss/ArtifactReleaseHistoryScore.java | 100 +- .../model/score/oss/DependabotScore.java | 12 +- .../model/score/oss/OssRulesOfPlayScore.java | 44 +- .../score/oss/OwaspDependencyScanScore.java | 2 +- .../model/score/oss/ProjectActivityScore.java | 10 +- .../score/oss/ProjectPopularityScore.java | 46 +- .../oss/ProjectSecurityAwarenessScore.java | 51 +- .../model/score/oss/SecurityReviewScore.java | 30 +- .../score/oss/SnykDependencyScanScore.java | 12 +- .../model/score/oss/StaticAnalysisScore.java | 28 +- .../oss/UnpatchedVulnerabilitiesScore.java | 38 +- ...ilityDiscoveryAndSecurityTestingScore.java | 38 +- .../score/oss/VulnerabilityLifetimeScore.java | 10 +- .../model/score/oss/risk/RiskImpactScore.java | 50 +- .../oss/risk/RiskLikelihoodCoefficient.java | 22 +- .../score/oss/risk/RiskLikelihoodFactors.java | 22 +- .../model/subject/oss/GitHubProject.java | 62 +- .../model/tuning/TuningWithCMAES.java | 34 +- .../model/value/ArtifactVersionValue.java | 2 +- .../model/value/ArtifactVersions.java | 62 +- .../model/value/ArtifactVersionsValue.java | 2 +- .../fosstars/model/value/BooleanValue.java | 2 +- .../phosphor/fosstars/model/value/CVSS.java | 208 +- .../fosstars/model/value/DateValue.java | 2 +- .../fosstars/model/value/DoubleValue.java | 2 +- .../fosstars/model/value/EnumValue.java | 2 +- .../fosstars/model/value/ExpiringValue.java | 2 +- .../fosstars/model/value/IntegerValue.java | 2 +- .../fosstars/model/value/Languages.java | 40 +- .../fosstars/model/value/LanguagesValue.java | 2 +- .../fosstars/model/value/LgtmGrade.java | 20 +- .../fosstars/model/value/LgtmGradeValue.java | 2 +- .../model/value/NotApplicableValue.java | 20 +- ...waspDependencyCheckCvssThresholdValue.java | 2 +- .../value/OwaspDependencyCheckUsageValue.java | 2 +- .../fosstars/model/value/PackageManagers.java | 38 +- .../model/value/PackageManagersValue.java | 2 +- .../fosstars/model/value/RatingValue.java | 2 +- .../fosstars/model/value/Reference.java | 2 +- .../fosstars/model/value/ScoreValue.java | 101 +- .../fosstars/model/value/SecurityReview.java | 6 +- .../fosstars/model/value/SecurityReviews.java | 38 +- .../fosstars/model/value/SemanticVersion.java | 8 +- .../fosstars/model/value/StringValue.java | 2 +- .../fosstars/model/value/UnknownValue.java | 24 +- .../fosstars/model/value/ValueHashSet.java | 24 +- .../fosstars/model/value/Vulnerabilities.java | 2 +- .../model/value/VulnerabilitiesValue.java | 2 +- .../fosstars/model/value/Vulnerability.java | 138 +- .../model/weight/ImmutableWeight.java | 2 +- .../fosstars/model/weight/MutableWeight.java | 2 +- .../fosstars/model/weight/ScoreWeights.java | 24 +- .../fosstars/tool/AbstractHandler.java | 3 +- .../phosphor/fosstars/tool/Application.java | 262 +- .../oss/phosphor/fosstars/tool/Config.java | 18 +- .../fosstars/tool/GitHubProjectFinder.java | 10 +- .../fosstars/tool/MavenScmFinder.java | 104 +- .../tool/MultipleRatingsCalculator.java | 6 +- .../phosphor/fosstars/tool/NpmScmFinder.java | 34 +- .../OssArtifactSecurityRatingHandler.java | 3 +- .../phosphor/fosstars/tool/ReportConfig.java | 16 +- .../phosphor/fosstars/tool/SubjectCache.java | 80 +- .../phosphor/fosstars/tool/YesNoQuestion.java | 12 +- .../fosstars/tool/YesNoSkipQuestion.java | 14 +- .../format/AbstractMarkdownFormatter.java | 126 +- .../fosstars/tool/format/CommonFormatter.java | 134 +- .../tool/format/JsonPrettyPrinter.java | 72 +- .../fosstars/tool/format/MarkdownList.java | 3 +- .../tool/format/MarkdownTemplate.java | 2 +- ...tifactSecurityRatingMarkdownFormatter.java | 18 +- ...OssRulesOfPlayRatingMarkdownFormatter.java | 406 +- .../fosstars/tool/format/PrettyPrinter.java | 140 +- .../tool/report/AbstractReporter.java | 28 +- .../OssRulesOfPlayMarkdownReporter.java | 64 +- .../OssSecurityRatingMarkdownReporter.java | 294 +- .../fosstars/tool/report/Reporter.java | 16 +- .../fosstars/data/BugBountyPrograms.json | 44 +- .../fosstars/data/CompanySupport.json | 108 +- .../fosstars/data/SecurityReview.json | 4 +- .../data/UnpatchedVulnerabilities.json | 218 +- .../rating/example/SecurityRatingExample.json | 43 +- .../oss/OssArtifactSecurityScoreWeights.json | 26 +- .../OssRulesOfPlayMarkdownReporterTemplate.md | 20 +- ...urityRatingMarkdownReporterMainTemplate.md | 17 +- src/main/resources/log4j2.xml | 32 +- ...stractStaticScanToolsDataProviderTest.java | 2 +- .../data/SimpleCompositeDataProviderTest.java | 84 +- .../fosstars/data/StandardValueCacheTest.java | 30 +- .../data/artifact/ReleaseInfoLoaderTest.java | 3 +- .../data/github/BanditDataProviderTest.java | 18 +- .../CodeOfConductGuidelineInfoTest.java | 14 +- .../data/github/CodeqlDataProviderTest.java | 18 +- .../github/ContributingGuidelineInfoTest.java | 14 +- ...teImpactUsingKnownVulnerabilitiesTest.java | 78 +- .../data/github/GitHubDataFetcherTest.java | 78 +- .../data/github/GoSecDataProviderTest.java | 18 +- .../github/HasExecutableBinariesTest.java | 22 +- .../data/github/HasSecurityPolicyTest.java | 36 +- .../data/github/HasSecurityTeamTest.java | 30 +- .../fosstars/data/github/LicenseInfoTest.java | 60 +- .../NumberOfDependentProjectOnGitHubTest.java | 36 +- .../github/OwaspSecurityLibrariesTest.java | 30 +- .../fosstars/data/github/ReadmeInfoTest.java | 20 +- .../data/github/ReleasesFromGitHubTest.java | 4 +- .../data/github/SignsJarArtifactsTest.java | 38 +- .../fosstars/data/github/TeamsInfoTest.java | 30 +- .../github/TestGitHubDataFetcherHolder.java | 20 +- .../data/github/UseReuseDataProviderTest.java | 34 +- .../data/github/UsesFindSecBugsTest.java | 32 +- .../github/UsesGithubForDevelopmentTest.java | 91 +- .../data/github/UsesNoHttpToolTest.java | 32 +- .../github/UsesOwaspDependencyCheckTest.java | 72 +- .../data/github/UsesSanitizersTest.java | 4 +- .../github/VulnerabilityAlertsInfoTest.java | 26 +- .../interactive/AskAboutSecurityTeamTest.java | 20 +- .../AskAboutUnpatchedVulnerabilitiesTest.java | 34 +- .../data/interactive/TestUserCallback.java | 2 +- .../model/feature/EnumFeatureTest.java | 26 +- .../model/qa/TestVectorResultTest.java | 10 +- .../fosstars/model/qa/TestVectorsTest.java | 3 +- .../rating/oss/OssRulesOfPlayRatingTest.java | 5 +- .../score/AverageCompositeScoreTest.java | 5 +- .../score/WeightedCompositeScoreTest.java | 5 +- .../ProjectActivityScoreExampleTest.java | 18 +- .../oss/ArtifactVersionSecurityScoreTest.java | 56 +- .../oss/CommunityCommitmentScoreTest.java | 10 +- .../oss/OssArtifactSecurityScoreTest.java | 56 +- .../score/oss/OssRulesOfPlayScoreTest.java | 31 +- .../model/score/oss/OssSecurityScoreTest.java | 56 +- .../score/oss/ProjectActivityScoreTest.java | 12 +- .../score/oss/ProjectPopularityScoreTest.java | 14 +- ...ulatedSecurityRiskIntroducedByOssTest.java | 28 +- .../model/subject/AbstractSubjectTest.java | 28 +- .../model/value/AbstractKnownValueTest.java | 70 +- .../fosstars/model/value/EnumValueTest.java | 12 +- .../model/value/VulnerabilitiesTest.java | 20 +- .../tool/GitHubProjectFinderTest.java | 12 +- .../fosstars/tool/MavenScmFinderTest.java | 3 +- .../tool/MultipleRatingsCalculatorTest.java | 18 +- ...ulesOfPlayRatingMarkdownFormatterTest.java | 24 +- .../tool/format/PrettyPrinterTest.java | 10 +- .../OssRulesOfPlayMarkdownReporterTest.java | 34 +- .../OssSecurityRatingJsonReporterTest.java | 28 +- ...OssSecurityRatingMarkdownReporterTest.java | 28 +- .../advice/AdviceContentStorageTest.yml | 2 +- .../OwaspDependencyHasNoVulnerabilities.json | 712 ++-- .../data/artifact/ReleaseInfoFromMaven.html | 16 +- .../ReleaseInfoFromMavenNoArtifactInList.html | 16 +- .../data/artifact/ReleaseInfoFromNpm.json | 3438 ++++++++--------- ...lnerabilitiesFromOwaspDependencyCheck.json | 2044 +++++----- ...ulnerabilitiesFromOwaspNoDependencies.json | 54 +- .../data/github/MavenCheckStyleWithNoHttp.xml | 88 +- ...venCheckStyleWithNoHttpInProfilesBuild.xml | 98 +- .../github/MavenCheckStyleWithoutNoHttp.xml | 72 +- .../data/github/MavenPomWithMavenGPG.xml | 44 +- .../data/github/MavenPomWithoutMavenGPG.xml | 18 +- .../data/github/MavenWithFindSecBugs.xml | 38 +- .../MavenWithFindSecBugsInProfilesBuild.xml | 52 +- .../MavenWithOwaspDependencyCheckInBuild.xml | 32 +- ...hOwaspDependencyCheckInBuildAndProfile.xml | 82 +- ...DependencyCheckInBuildPluginManagement.xml | 36 +- ...ithOwaspDependencyCheckInProfilesBuild.xml | 60 +- ...waspDependencyCheckInProfilesReporting.xml | 34 +- ...venWithOwaspDependencyCheckInReporting.xml | 38 +- ...venWithOwaspEsapiInDefaultDependencies.xml | 38 +- ...enWithOwaspEsapiInProfiledDependencies.xml | 50 +- ...hOwaspJavaEncoderInDefaultDependencies.xml | 36 +- ...JavaHtmlSanitizerInDefaultDependencies.xml | 36 +- .../data/github/MavenWithoutFindSecBugs.xml | 38 +- .../MavenWithoutOwaspDependencyCheck.xml | 6 +- .../MavenWithoutOwaspEsapiDependency.xml | 42 +- .../bandit-analysis-with-multiple-jobs.yml | 4 +- ...sis-with-no-bandit-run-but-uses-bandit.yml | 4 +- .../bandit-analysis-with-no-bandit-run.yml | 4 +- .../data/github/bandit-analysis-with-run.yml | 4 +- .../data/github/codeql-analysis-with-pr.yml | 6 +- .../github/codeql-analysis-without-pr.yml | 2 +- .../gosec-analysis-run-with-exclude-rules.yml | 9 +- .../gosec-analysis-run-with-include-rules.yml | 9 +- .../gosec-analysis-run-without-rules.yml | 9 +- .../gosec-analysis-uses-without-with-key.yml | 2 +- .../gosec-analysis-with-multiple-jobs.yml | 4 +- .../gosec-analysis-with-no-gosec-run.yml | 4 +- ...-analysis-with-rules-in-different-step.yml | 2 +- .../data/github/gosec-analysis-with-run.yml | 9 +- .../data/github/gosec-analysis-with-uses.yml | 2 +- .../mypy-analysis-with-pre-commit-hook.yml | 8 +- .../github/mypy-analysis-with-prospector.yml | 6 +- .../data/github/mypy-analysis-with-run.yml | 4 +- .../data/github/no-codeql-analysis.yml | 6 +- .../pylint-analysis-as-pre-commit-hook.yml | 20 +- .../github/pylint-analysis-no-pylint-hook.yml | 20 +- .../pylint-analysis-with-multiple-jobs.yml | 4 +- ...sis-with-no-pylint-run-but-uses-pylint.yml | 4 +- .../pylint-analysis-with-no-pylint-run.yml | 4 +- .../pylint-analysis-with-prospector.yml | 6 +- .../pylint-analysis-with-pylint-in-entry.yml | 20 +- .../pylint-analysis-with-pylint-in-repo.yml | 20 +- .../pylint-analysis-with-pylint-in-rev.yml | 20 +- .../data/github/pylint-analysis-with-run.yml | 4 +- .../fosstars/maven/PomWithDependencies.xml | 46 +- ...tyRatingExampleVerificationTestVectors.yml | 264 +- .../OssArtifactSecurityRatingTestVectors.yml | 34 +- .../oss/OssSecurityRatingTestVectors.yml | 1094 +++--- .../score/oss/CodeqlScoreTestVectors.yml | 296 +- .../CommunityCommitmentScoreTestVectors.yml | 376 +- .../score/oss/DependabotScoreTestVectors.yml | 282 +- .../oss/DependencyScanScoreTestVectors.yml | 478 +-- .../score/oss/FindSecBugsScoreTestVectors.yml | 2 +- .../score/oss/FuzzingScoreTestVectors.yml | 424 +- .../model/score/oss/LgtmScoreTestVectors.yml | 304 +- .../MemorySafetyTestingScoreTestVectors.yml | 528 +-- .../score/oss/NoHttpToolScoreTestVectors.yml | 276 +- .../score/oss/OssSecurityScoreTestVectors.yml | 2 +- .../OwaspDependencyScanScoreTestVectors.yml | 302 +- .../oss/ProjectActivityScoreTestVectors.yml | 440 +-- .../oss/ProjectPopularityScoreTestVectors.yml | 592 +-- ...ojectSecurityAwarenessScoreTestVectors.yml | 1222 +++--- ...ProjectSecurityTestingScoreTestVectors.yml | 256 +- .../oss/SecurityReviewScoreTestVectors.yml | 4 +- .../SnykDependencyScanScoreTestVectors.yml | 282 +- .../oss/StaticAnalysisScoreTestVectors.yml | 126 +- ...patchedVulnerabilitiesScoreTestVectors.yml | 516 +-- ...veryAndSecurityTestingScoreTestVectors.yml | 916 ++--- .../VulnerabilityLifetimeScoreTestVectors.yml | 1052 ++--- .../oss/phosphor/fosstars/nvd/NVD_part.json | 508 +-- ...esOfPlayRatingMarkdownFormatter.config.yml | 2 +- src/test/shell/tool/github/README.md | 6 +- .../github/test_project_security_with_pom.xml | 46 +- 338 files changed, 13864 insertions(+), 13773 deletions(-) diff --git a/pom.xml b/pom.xml index c952510c6..6f7371e6f 100644 --- a/pom.xml +++ b/pom.xml @@ -96,7 +96,6 @@ 3.0 2.43.0 1.24.0 - 3.1.2 3.1.0 1.6.13 3.11.0 @@ -137,7 +136,6 @@ ${version.maven-javadoc-plugin} ${maven.compiler.source} - ${maven.compiler.target} true true -Xdoclint:none @@ -206,7 +204,7 @@ - check + apply compile @@ -219,32 +217,6 @@ - - org.apache.maven.plugins - maven-checkstyle-plugin - ${version.maven-checkstyle-plugin} - - google_checks.xml - ${project.build.sourceEncoding} - true - warning - true - false - checkstyle-suppressions.xml - checkstyle.suppressions.file - true - - - - validate - package - - checkstyle - check - - - - @@ -284,7 +256,7 @@ develop - true + true true true @@ -293,7 +265,7 @@ quick-assemble - true + true false true diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/advice/AdviceContent.java b/src/main/java/com/sap/oss/phosphor/fosstars/advice/AdviceContent.java index d9bede705..8d386bc00 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/advice/AdviceContent.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/advice/AdviceContent.java @@ -83,8 +83,7 @@ public boolean equals(Object o) { return true; } - if (o instanceof AdviceContent) { - AdviceContent that = (AdviceContent) o; + if (o instanceof AdviceContent that) { return Objects.equals(feature, that.feature) && Objects.equals(text, that.text) && Objects.equals(links, that.links); diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/advice/AdviceContentYamlStorage.java b/src/main/java/com/sap/oss/phosphor/fosstars/advice/AdviceContentYamlStorage.java index 144f9681c..6384e46ed 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/advice/AdviceContentYamlStorage.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/advice/AdviceContentYamlStorage.java @@ -61,25 +61,6 @@ protected AdviceContentYamlStorage(Map> featureTo this.featureToContent = new HashMap<>(featureToContent); } - /** - * Returns advice for a feature in a specified context. - * - * @param feature The feature. - * @param context The context. - * @return A list of advice. - * @throws MalformedURLException If the method couldn't parse URLs. - */ - public List adviceFor(Feature feature, AdviceContext context) - throws MalformedURLException { - - List adviceContents = new ArrayList<>(); - for (RawAdviceContent rawAdvice : featureToContent.getOrDefault(feature.name(), emptyList())) { - adviceContents.add(rawAdvice.transformFor(feature, context)); - } - - return adviceContents; - } - /** * Loads advice from a resource. * @@ -104,6 +85,25 @@ public static AdviceContentYamlStorage loadFrom(String path) throws IOException throw new IOException(String.format("'%s' not found!", path)); } + /** + * Returns advice for a feature in a specified context. + * + * @param feature The feature. + * @param context The context. + * @return A list of advice. + * @throws MalformedURLException If the method couldn't parse URLs. + */ + public List adviceFor(Feature feature, AdviceContext context) + throws MalformedURLException { + + List adviceContents = new ArrayList<>(); + for (RawAdviceContent rawAdvice : featureToContent.getOrDefault(feature.name(), emptyList())) { + adviceContents.add(rawAdvice.transformFor(feature, context)); + } + + return adviceContents; + } + /** A link to additional info for an advice. */ static class RawLink { @@ -187,6 +187,24 @@ static class RawAdviceContent { this.links = new ArrayList<>(links != null ? links : emptyList()); } + /** + * Replaces variables with their values in a string. + * + * @param string The string. + * @param values Maps variable names to their values. + * @return An updated string. + */ + private static String resolve(String string, Map> values) { + for (Map.Entry> entry : values.entrySet()) { + if (entry.getValue().isPresent()) { + string = + string.replaceAll( + String.format("\\$\\{%s\\}", entry.getKey()), entry.getValue().get()); + } + } + return string; + } + @JsonGetter("advice") private String advice() { return advice; @@ -258,24 +276,6 @@ AdviceContent transformFor(Feature feature, AdviceContext context) return new AdviceContent(feature, advice, links); } - /** - * Replaces variables with their values in a string. - * - * @param string The string. - * @param values Maps variable names to their values. - * @return An updated string. - */ - private static String resolve(String string, Map> values) { - for (Map.Entry> entry : values.entrySet()) { - if (entry.getValue().isPresent()) { - string = - string.replaceAll( - String.format("\\$\\{%s\\}", entry.getKey()), entry.getValue().get()); - } - } - return string; - } - @Override public boolean equals(Object o) { if (this == o) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/advice/Link.java b/src/main/java/com/sap/oss/phosphor/fosstars/advice/Link.java index 760d39e4c..d79d046c3 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/advice/Link.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/advice/Link.java @@ -40,8 +40,7 @@ public boolean equals(Object o) { return true; } - if (o instanceof Link) { - Link link = (Link) o; + if (o instanceof Link link) { return Objects.equals(name, link.name) && Objects.equals(url, link.url); } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/advice/SimpleAdvice.java b/src/main/java/com/sap/oss/phosphor/fosstars/advice/SimpleAdvice.java index 23b5a96a7..e7963c989 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/advice/SimpleAdvice.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/advice/SimpleAdvice.java @@ -69,8 +69,7 @@ public boolean equals(Object o) { return true; } - if (o instanceof SimpleAdvice) { - SimpleAdvice that = (SimpleAdvice) o; + if (o instanceof SimpleAdvice that) { return Objects.equals(subject, that.subject) && Objects.equals(value, that.value) && Objects.equals(content, that.content); diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/AbstractOssAdvisor.java b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/AbstractOssAdvisor.java index 682fdf816..1bb935490 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/AbstractOssAdvisor.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/AbstractOssAdvisor.java @@ -50,6 +50,59 @@ protected AbstractOssAdvisor( this.contextFactory = contextFactory; } + /** + * Checks if a boolean value is known and false. + * + * @param value The value to be checked. + * @return True if the value is known and false, false otherwise. + */ + protected static boolean knownFalseValue(Value value) { + return !value.isUnknown() && Boolean.FALSE.equals(value.get()); + } + + /** + * Looks for a sub-score value in a rating value assigned to a subject. + * + * @param subject The subject. + * @param subScoreClass A class of the sub-score. + * @return A sub-score value if present. + */ + protected static Optional findSubScoreValue( + Subject subject, Class subScoreClass) { + + if (!subject.ratingValue().isPresent()) { + return Optional.empty(); + } + + return findSubScoreValue(subject.ratingValue().get().scoreValue(), subScoreClass); + } + + /** + * Looks for a sub-score value in a score value. + * + * @param scoreValue The score value. + * @param subScoreClass A class of the sub-score. + * @return A sub-score value if present. + */ + private static Optional findSubScoreValue( + ScoreValue scoreValue, Class subScoreClass) { + + if (scoreValue.score().getClass().equals(subScoreClass)) { + return Optional.of(scoreValue); + } + + for (Value usedValue : scoreValue.usedValues()) { + if (usedValue instanceof ScoreValue) { + Optional result = findSubScoreValue((ScoreValue) usedValue, subScoreClass); + if (result.isPresent()) { + return result; + } + } + } + + return Optional.empty(); + } + @Override public final List adviceFor(Subject subject) throws MalformedURLException { if (!subject.ratingValue().isPresent()) { @@ -123,59 +176,6 @@ protected List adviceForFeature( .collect(Collectors.toList()); } - /** - * Checks if a boolean value is known and false. - * - * @param value The value to be checked. - * @return True if the value is known and false, false otherwise. - */ - protected static boolean knownFalseValue(Value value) { - return !value.isUnknown() && Boolean.FALSE.equals(value.get()); - } - - /** - * Looks for a sub-score value in a rating value assigned to a subject. - * - * @param subject The subject. - * @param subScoreClass A class of the sub-score. - * @return A sub-score value if present. - */ - protected static Optional findSubScoreValue( - Subject subject, Class subScoreClass) { - - if (!subject.ratingValue().isPresent()) { - return Optional.empty(); - } - - return findSubScoreValue(subject.ratingValue().get().scoreValue(), subScoreClass); - } - - /** - * Looks for a sub-score value in a score value. - * - * @param scoreValue The score value. - * @param subScoreClass A class of the sub-score. - * @return A sub-score value if present. - */ - private static Optional findSubScoreValue( - ScoreValue scoreValue, Class subScoreClass) { - - if (scoreValue.score().getClass().equals(subScoreClass)) { - return Optional.of(scoreValue); - } - - for (Value usedValue : scoreValue.usedValues()) { - if (usedValue instanceof ScoreValue) { - Optional result = findSubScoreValue((ScoreValue) usedValue, subScoreClass); - if (result.isPresent()) { - return result; - } - } - } - - return Optional.empty(); - } - /** A factory that provides advice contexts for open-source projects. */ public interface OssAdviceContextFactory { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/LgtmAdvisor.java b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/LgtmAdvisor.java index db18ee998..69ab2a2a0 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/LgtmAdvisor.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/LgtmAdvisor.java @@ -28,26 +28,6 @@ public LgtmAdvisor(OssAdviceContextFactory contextFactory) { super(OssAdviceContentYamlStorage.DEFAULT, contextFactory); } - @Override - protected List adviceFor( - Subject subject, List> usedValues, OssAdviceContext context) - throws MalformedURLException { - - Optional> value = - findValue(usedValues, WORST_LGTM_GRADE) - .filter(LgtmAdvisor::isKnown) - .filter(LgtmAdvisor::notTheBest); - - if (!value.isPresent()) { - return emptyList(); - } - - return adviceStorage.adviceFor(value.get().feature(), context).stream() - .map(content -> new SimpleAdvice(subject, value.get(), content)) - .map(Advice.class::cast) - .collect(Collectors.toList()); - } - /** * Checks if a value is known. * @@ -67,4 +47,24 @@ private static boolean isKnown(Value value) { private static boolean notTheBest(Value value) { return value.get() != A_PLUS; } + + @Override + protected List adviceFor( + Subject subject, List> usedValues, OssAdviceContext context) + throws MalformedURLException { + + Optional> value = + findValue(usedValues, WORST_LGTM_GRADE) + .filter(LgtmAdvisor::isKnown) + .filter(LgtmAdvisor::notTheBest); + + if (!value.isPresent()) { + return emptyList(); + } + + return adviceStorage.adviceFor(value.get().feature(), context).stream() + .map(content -> new SimpleAdvice(subject, value.get(), content)) + .map(Advice.class::cast) + .collect(Collectors.toList()); + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/NoHttpAdvisor.java b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/NoHttpAdvisor.java index ad876b22c..f1aabb223 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/NoHttpAdvisor.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/NoHttpAdvisor.java @@ -21,14 +21,6 @@ public NoHttpAdvisor(OssAdviceContextFactory contextFactory) { super(OssAdviceContentYamlStorage.DEFAULT, contextFactory); } - @Override - protected List adviceFor( - Subject subject, List> usedValues, OssAdviceContext context) - throws MalformedURLException { - - return adviceForFeature(usedValues, USES_NOHTTP, subject, context, NoHttpAdvisor::noHttpTool); - } - /** * Checks if a value tells that NoHttp tool is not used. * @@ -40,4 +32,12 @@ private static boolean noHttpTool(Value value) { && !value.isUnknown() && Boolean.FALSE.equals(value.get()); } + + @Override + protected List adviceFor( + Subject subject, List> usedValues, OssAdviceContext context) + throws MalformedURLException { + + return adviceForFeature(usedValues, USES_NOHTTP, subject, context, NoHttpAdvisor::noHttpTool); + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/OssAdviceContentYamlStorage.java b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/OssAdviceContentYamlStorage.java index 7fc7c63e3..be57c92df 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/OssAdviceContentYamlStorage.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/OssAdviceContentYamlStorage.java @@ -19,13 +19,13 @@ */ public class OssAdviceContentYamlStorage { + /** A default instance of the storage that contains advice loaded from {@link #RESOURCE_PATH}. */ + public static final OssAdviceContentYamlStorage DEFAULT; + /** A path to a resource that contains the default advice. */ private static final String RESOURCE_PATH = "com/sap/oss/phosphor/fosstars/advice/oss/OssAdvice.yml"; - /** A default instance of the storage that contains advice loaded from {@link #RESOURCE_PATH}. */ - public static final OssAdviceContentYamlStorage DEFAULT; - static { try { DEFAULT = OssAdviceContentYamlStorage.loadFrom(RESOURCE_PATH); @@ -47,6 +47,17 @@ private OssAdviceContentYamlStorage(AdviceContentYamlStorage adviceContentYamlSt this.adviceContentYamlStorage = adviceContentYamlStorage; } + /** + * Loads advice from a resource. + * + * @param path A path to the resource. + * @return An instance of {@link OssAdviceContentYamlStorage}. + * @throws IOException If the advice couldn't be loaded. + */ + public static OssAdviceContentYamlStorage loadFrom(String path) throws IOException { + return new OssAdviceContentYamlStorage(AdviceContentYamlStorage.loadFrom(path)); + } + /** * Returns advice for a feature in a specified context for an open-source project. * @@ -61,17 +72,6 @@ public List adviceFor(Feature feature, AdviceContext context) return adviceContentYamlStorage.adviceFor(feature, context); } - /** - * Loads advice from a resource. - * - * @param path A path to the resource. - * @return An instance of {@link OssAdviceContentYamlStorage}. - * @throws IOException If the advice couldn't be loaded. - */ - public static OssAdviceContentYamlStorage loadFrom(String path) throws IOException { - return new OssAdviceContentYamlStorage(AdviceContentYamlStorage.loadFrom(path)); - } - /** A context for advice for open-source projects. */ public abstract static class OssAdviceContext implements AdviceContext { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/OssRulesOfPlayAdvisor.java b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/OssRulesOfPlayAdvisor.java index bb34f16f4..9d4be2244 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/OssRulesOfPlayAdvisor.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/OssRulesOfPlayAdvisor.java @@ -64,6 +64,22 @@ public OssRulesOfPlayAdvisor(String path, OssAdviceContextFactory contextFactory super(OssAdviceContentYamlStorage.loadFrom(path), contextFactory); } + /** + * Load an advice storage. + * + * @return An advice storage. + * @throws IOException If an advice storage could not be loaded. + */ + private static OssAdviceContentYamlStorage storage() throws IOException { + Optional path = loadDefaultYamlConfigIfAvailable(OssRulesOfPlayAdvisor.class); + if (path.isPresent()) { + LOGGER.info("Found a config for the advisor: {}", path.get()); + return OssAdviceContentYamlStorage.loadFrom(path.get().toString()); + } + + return DEFAULT; + } + @Override protected List adviceFor( Subject subject, List> usedValues, OssAdviceContext context) @@ -85,20 +101,4 @@ protected List adviceFor( return advice; } - - /** - * Load an advice storage. - * - * @return An advice storage. - * @throws IOException If an advice storage could not be loaded. - */ - private static OssAdviceContentYamlStorage storage() throws IOException { - Optional path = loadDefaultYamlConfigIfAvailable(OssRulesOfPlayAdvisor.class); - if (path.isPresent()) { - LOGGER.info("Found a config for the advisor: {}", path.get()); - return OssAdviceContentYamlStorage.loadFrom(path.get().toString()); - } - - return DEFAULT; - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/OwaspDependencyCheckAdvisor.java b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/OwaspDependencyCheckAdvisor.java index 82fb01c5f..160d3ae2a 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/OwaspDependencyCheckAdvisor.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/OwaspDependencyCheckAdvisor.java @@ -30,39 +30,6 @@ public OwaspDependencyCheckAdvisor(OssAdviceContextFactory contextFactory) { super(OssAdviceContentYamlStorage.DEFAULT, contextFactory); } - @Override - protected List adviceFor( - Subject subject, List> usedValues, OssAdviceContext context) - throws MalformedURLException { - - Optional owaspDependencyScanScore = - findSubScoreValue(subject, OwaspDependencyScanScore.class); - - if (!owaspDependencyScanScore.isPresent() || owaspDependencyScanScore.get().isNotApplicable()) { - return Collections.emptyList(); - } - - List advice = new ArrayList<>(); - - advice.addAll( - adviceForFeature( - usedValues, - OWASP_DEPENDENCY_CHECK_USAGE, - subject, - context, - OwaspDependencyCheckAdvisor::notMandatoryOwaspDependencyCheck)); - - advice.addAll( - adviceForFeature( - usedValues, - OWASP_DEPENDENCY_CHECK_FAIL_CVSS_THRESHOLD, - subject, - context, - OwaspDependencyCheckAdvisor::noThresholdForOwaspDependencyCheck)); - - return advice; - } - /** * Checks if a value is {@link * com.sap.oss.phosphor.fosstars.model.value.OwaspDependencyCheckUsageValue} and it is equal to @@ -91,12 +58,43 @@ private static boolean noThresholdForOwaspDependencyCheck(Value value) { return false; } - if (value instanceof OwaspDependencyCheckCvssThresholdValue) { - OwaspDependencyCheckCvssThresholdValue thresholdValue = - (OwaspDependencyCheckCvssThresholdValue) value; + if (value instanceof OwaspDependencyCheckCvssThresholdValue thresholdValue) { return !thresholdValue.specified(); } return false; } + + @Override + protected List adviceFor( + Subject subject, List> usedValues, OssAdviceContext context) + throws MalformedURLException { + + Optional owaspDependencyScanScore = + findSubScoreValue(subject, OwaspDependencyScanScore.class); + + if (!owaspDependencyScanScore.isPresent() || owaspDependencyScanScore.get().isNotApplicable()) { + return Collections.emptyList(); + } + + List advice = new ArrayList<>(); + + advice.addAll( + adviceForFeature( + usedValues, + OWASP_DEPENDENCY_CHECK_USAGE, + subject, + context, + OwaspDependencyCheckAdvisor::notMandatoryOwaspDependencyCheck)); + + advice.addAll( + adviceForFeature( + usedValues, + OWASP_DEPENDENCY_CHECK_FAIL_CVSS_THRESHOLD, + subject, + context, + OwaspDependencyCheckAdvisor::noThresholdForOwaspDependencyCheck)); + + return advice; + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/SigningAdvisor.java b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/SigningAdvisor.java index a2f6bc33c..af90d286b 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/SigningAdvisor.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/SigningAdvisor.java @@ -21,15 +21,6 @@ public SigningAdvisor(OssAdviceContextFactory contextFactory) { super(OssAdviceContentYamlStorage.DEFAULT, contextFactory); } - @Override - protected List adviceFor( - Subject subject, List> usedValues, OssAdviceContext context) - throws MalformedURLException { - - return adviceForFeature( - usedValues, SIGNS_ARTIFACTS, subject, context, SigningAdvisor::disabledArtifactSigning); - } - /** * Checks if a value tells that artifact signing is disabled. * @@ -41,4 +32,13 @@ private static boolean disabledArtifactSigning(Value value) { && !value.isUnknown() && Boolean.FALSE.equals(value.get()); } + + @Override + protected List adviceFor( + Subject subject, List> usedValues, OssAdviceContext context) + throws MalformedURLException { + + return adviceForFeature( + usedValues, SIGNS_ARTIFACTS, subject, context, SigningAdvisor::disabledArtifactSigning); + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/github/AdviceForGitHubContextFactory.java b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/github/AdviceForGitHubContextFactory.java index b4b66554c..9a8f486e1 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/github/AdviceForGitHubContextFactory.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/advice/oss/github/AdviceForGitHubContextFactory.java @@ -21,8 +21,7 @@ public OssAdviceContext contextFor(Subject subject) { @Override public Optional lgtmProjectLink() { - if (subject instanceof GitHubProject) { - GitHubProject project = (GitHubProject) subject; + if (subject instanceof GitHubProject project) { return Optional.of( String.format( "https://lgtm.com/projects/g/%s/%s", @@ -34,8 +33,7 @@ public Optional lgtmProjectLink() { @Override public Optional suggestSecurityPolicyLink() { - if (subject instanceof GitHubProject) { - GitHubProject project = (GitHubProject) subject; + if (subject instanceof GitHubProject project) { return Optional.of( String.format( "https://github.com/%s/%s/security/policy", diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/AbstractReleaseInfoLoader.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/AbstractReleaseInfoLoader.java index 199eab824..1fac57261 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/AbstractReleaseInfoLoader.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/AbstractReleaseInfoLoader.java @@ -55,6 +55,47 @@ public abstract class AbstractReleaseInfoLoader implements DataProvider { /** A logger. */ protected final Logger logger = LogManager.getLogger(getClass()); + /** + * Update the {@link com.sap.oss.phosphor.fosstars.model.feature.oss.OssFeatures#ARTIFACT_VERSION} + * value based on given parameters. If version is not in the set of artifact versions or the + * optional version is not the ARTIFACT_VERSION is set to unknown. + * + * @param version The artifact version. + * @param artifactVersions All found artifact versions. + * @param values The set of values to be updated. + */ + protected static void updateArtifactVersion( + Optional version, Set artifactVersions, ValueSet values) { + + Value match = + version + .flatMap( + ver -> artifactVersions.stream().filter(v -> v.version().equals(ver)).findFirst()) + .map(ARTIFACT_VERSION::value) + .orElseGet(ARTIFACT_VERSION::unknown); + values.update(match); + } + + /** + * Converts Epoch time in milliseconds to Local Date. + * + * @param epoch The DateTime in milliseconds. + * @return Local Date. + */ + protected static LocalDateTime convertEpochToLocalDate(Long epoch) { + return Instant.ofEpochMilli(epoch).atZone(ZoneId.systemDefault()).toLocalDateTime(); + } + + /** + * Converts string Date to Local Date. + * + * @param date in String. + * @return Local Date. + */ + protected static LocalDateTime convertToLocalDate(String date) { + return ZonedDateTime.parse(date).toLocalDateTime(); + } + /** The method always returns false, so that all child classes can't be interactive. */ @Override public final boolean interactive() { @@ -108,27 +149,6 @@ protected JsonNode fetchJson(String url) throws IOException { } } - /** - * Update the {@link com.sap.oss.phosphor.fosstars.model.feature.oss.OssFeatures#ARTIFACT_VERSION} - * value based on given parameters. If version is not in the set of artifact versions or the - * optional version is not the ARTIFACT_VERSION is set to unknown. - * - * @param version The artifact version. - * @param artifactVersions All found artifact versions. - * @param values The set of values to be updated. - */ - protected static void updateArtifactVersion( - Optional version, Set artifactVersions, ValueSet values) { - - Value match = - version - .flatMap( - ver -> artifactVersions.stream().filter(v -> v.version().equals(ver)).findFirst()) - .map(ARTIFACT_VERSION::value) - .orElseGet(ARTIFACT_VERSION::unknown); - values.update(match); - } - /** * Creates an HTTP client. * @@ -146,26 +166,6 @@ public CloseableHttpClient httpClient() { return HttpClientBuilder.create().setDefaultRequestConfig(config).build(); } - /** - * Converts Epoch time in milliseconds to Local Date. - * - * @param epoch The DateTime in milliseconds. - * @return Local Date. - */ - protected static LocalDateTime convertEpochToLocalDate(Long epoch) { - return Instant.ofEpochMilli(epoch).atZone(ZoneId.systemDefault()).toLocalDateTime(); - } - - /** - * Converts string Date to Local Date. - * - * @param date in String. - * @return Local Date. - */ - protected static LocalDateTime convertToLocalDate(String date) { - return ZonedDateTime.parse(date).toLocalDateTime(); - } - /** * Gathers release versions about Maven artifact. * diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/AbstractStaticScanToolsDataProvider.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/AbstractStaticScanToolsDataProvider.java index 360b73151..6f3a11956 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/AbstractStaticScanToolsDataProvider.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/AbstractStaticScanToolsDataProvider.java @@ -104,11 +104,6 @@ public AbstractStaticScanToolsDataProvider( this.supportedFeatures = supportedFeatures; } - @Override - public Set> supportedFeatures() { - return supportedFeatures; - } - /** * Browse a POM file with a specified visitor. * @@ -175,7 +170,7 @@ public static List findIniConfigsIn(LocalRepository repository) throws IOE * * @param githubAction GitHub Actions. * @param matchers predicates to match through the given action. - * @return Optional<{@link Map}> step if one of the predicate finds matches. Optional.empty + * @return Optional<{ @ link Map }> step if one of the predicate finds matches. Optional.empty * otherwise. */ private static Optional scanGitHubAction( @@ -199,7 +194,7 @@ private static Optional scanGitHubAction( * * @param jobs Iterable list of GitHub action jobs. * @param matchers predicates to match through the given action. - * @return Optional<{@link Map}> step if one of the predicate finds matches. Optional.empty + * @return Optional<{ @ link Map }> step if one of the predicate finds matches. Optional.empty * otherwise. */ private static Optional scanJobs(Iterable jobs, Map> matchers) { @@ -387,6 +382,11 @@ protected static Visitor withVisitor() { return new Visitor(); } + @Override + public Set> supportedFeatures() { + return supportedFeatures; + } + /** A visitor for searching a specific config predicate in a {@link GitHubProject}. */ public static class Visitor extends AbstractGitHubVisitor { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/DataProviderSelector.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/DataProviderSelector.java index 464f7b4d5..b7f515584 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/DataProviderSelector.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/DataProviderSelector.java @@ -252,6 +252,17 @@ public DataProviderSelector(GitHubDataFetcher fetcher, NVD nvd) throws IOExcepti new AskAboutUnpatchedVulnerabilities()); } + /** + * Check whether a data provider gathers a feature. + * + * @param provider The provider. + * @param feature The feature. + * @return True if the data provider gathers the feature, false otherwise. + */ + private static boolean applicable(DataProvider provider, Feature feature) { + return provider.supportedFeatures().contains(feature); + } + /** * Configure data providers. * @@ -308,15 +319,4 @@ List providersFor(Feature feature) { .filter(provider -> applicable(provider, feature)) .collect(Collectors.toList()); } - - /** - * Check whether a data provider gathers a feature. - * - * @param provider The provider. - * @param feature The feature. - * @return True if the data provider gathers the feature, false otherwise. - */ - private static boolean applicable(DataProvider provider, Feature feature) { - return provider.supportedFeatures().contains(feature); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/SimpleCompositeDataProvider.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/SimpleCompositeDataProvider.java index 3b0c94a08..faad1f40d 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/SimpleCompositeDataProvider.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/SimpleCompositeDataProvider.java @@ -91,6 +91,16 @@ public SimpleCompositeDataProvider( this.defaultValue = defaultValue; } + /** + * Crete a builder for configuring a new data provider. + * + * @param feature A feature that the provider should support. + * @return A builder. + */ + public static Builder forFeature(Feature feature) { + return new Builder(feature); + } + @Override protected ValueSet fetchValuesFor(Subject subject) throws IOException { ValueSet values = new ValueHashSet(); @@ -146,16 +156,6 @@ private boolean weAreHappyWith(ValueSet values) { return values.of(feature).map(value -> !value.isUnknown()).orElse(false); } - /** - * Crete a builder for configuring a new data provider. - * - * @param feature A feature that the provider should support. - * @return A builder. - */ - public static Builder forFeature(Feature feature) { - return new Builder(feature); - } - /** A builder for configuring a data provider. */ public static class Builder { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/StandardValueCache.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/StandardValueCache.java index 3a6ffb87e..8524c5b4b 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/StandardValueCache.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/StandardValueCache.java @@ -42,6 +42,41 @@ private StandardValueCache(Map entries) { this.entries = entries; } + /** + * The method extracts an original value from a ExpiringValue if it's not expired. + * + * @param value The ExpiringValue. + * @param Type of data that the value holds. + * @return The original value if it's not expired. + * @throws IllegalStateException If the value is not an instance of ExpiringValue. + */ + private static Optional> unwrapExpiring(Value value) { + if (!(value instanceof ExpiringValue expiringValue)) { + throw new IllegalStateException("It should be an expiring value!"); + } + + if (expiringValue.neverExpires() || !expiringValue.expired()) { + return Optional.of(expiringValue.original()); + } + + return Optional.empty(); + } + + /** + * Loads a cache from a specified file. + * + * @param path A path to the file. + * @return The loaded cache. + * @throws IOException If something went wrong. + */ + public static StandardValueCache load(String path) throws IOException { + File file = new File(path); + if (!file.exists()) { + throw new FileNotFoundException(String.format("Can't find %s", path)); + } + return Json.mapper().readValue(file, StandardValueCache.class); + } + /* * This getter is here to make Jackson happy. */ @@ -86,27 +121,6 @@ public Optional get(String key) { return Optional.of(result); } - /** - * The method extracts an original value from a ExpiringValue if it's not expired. - * - * @param value The ExpiringValue. - * @param Type of data that the value holds. - * @return The original value if it's not expired. - * @throws IllegalStateException If the value is not an instance of ExpiringValue. - */ - private static Optional> unwrapExpiring(Value value) { - if (value instanceof ExpiringValue == false) { - throw new IllegalStateException("It should be an expiring value!"); - } - ExpiringValue expiringValue = (ExpiringValue) value; - - if (expiringValue.neverExpires() || !expiringValue.expired()) { - return Optional.of(expiringValue.original()); - } - - return Optional.empty(); - } - @Override public int size() { return entries.size(); @@ -168,27 +182,12 @@ public void store(String filename) throws IOException { Files.write(path, Json.toBytes(this)); } - /** - * Loads a cache from a specified file. - * - * @param path A path to the file. - * @return The loaded cache. - * @throws IOException If something went wrong. - */ - public static StandardValueCache load(String path) throws IOException { - File file = new File(path); - if (!file.exists()) { - throw new FileNotFoundException(String.format("Can't find %s", path)); - } - return Json.mapper().readValue(file, StandardValueCache.class); - } - @Override public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof StandardValueCache == false) { + if (!(o instanceof StandardValueCache)) { return false; } StandardValueCache cache = (StandardValueCache) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromMaven.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromMaven.java index d2f598650..24c61c8b7 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromMaven.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromMaven.java @@ -23,6 +23,21 @@ */ public class ReleaseInfoFromMaven extends AbstractReleaseInfoLoader { + /** + * Main function used for testing purpose only. + * + * @param args String array + * @throws IOException If something goes wrong. + */ + public static void main(String[] args) throws IOException { + MavenArtifact mavenArtifact = + new MavenArtifact("com.fasterxml.jackson.core", "jackson-databind", "2.9.8", null); + ReleaseInfoFromMaven releaseInfoFromMaven = new ReleaseInfoFromMaven(); + ValueSet values = new ValueHashSet(); + releaseInfoFromMaven.update(mavenArtifact, values); + values.forEach(System.out::println); + } + @Override public ReleaseInfoFromMaven update(Subject subject, ValueSet values) throws IOException { Objects.requireNonNull(values, "Oh no! Values is null!"); @@ -43,19 +58,4 @@ public ReleaseInfoFromMaven update(Subject subject, ValueSet values) throws IOEx public boolean supports(Subject subject) { return subject instanceof MavenArtifact; } - - /** - * Main function used for testing purpose only. - * - * @param args String array - * @throws IOException If something goes wrong. - */ - public static void main(String[] args) throws IOException { - MavenArtifact mavenArtifact = - new MavenArtifact("com.fasterxml.jackson.core", "jackson-databind", "2.9.8", null); - ReleaseInfoFromMaven releaseInfoFromMaven = new ReleaseInfoFromMaven(); - ValueSet values = new ValueHashSet(); - releaseInfoFromMaven.update(mavenArtifact, values); - values.forEach(System.out::println); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoLoader.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoLoader.java index 14baa7262..f63e78dfe 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoLoader.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoLoader.java @@ -60,6 +60,20 @@ public ReleaseInfoLoader( releaseInfoFromNpm, "Oh no! You gave me a null instead of a ReleaseInfoFromNpm!"); } + /** + * Checks if the values contain the known feature {@link + * com.sap.oss.phosphor.fosstars.model.feature.oss.OssFeatures#RELEASED_ARTIFACT_VERSIONS}. + * + * @param values The {@link ValueSet}. + * @return true if the values has the feature {@link + * com.sap.oss.phosphor.fosstars.model.feature.oss.OssFeatures #RELEASED_ARTIFACT_VERSIONS}. + * Otherwise false. + */ + private static boolean hasFeatureIn(ValueSet values) { + return values.of(RELEASED_ARTIFACT_VERSIONS).isPresent() + && !values.of(RELEASED_ARTIFACT_VERSIONS).get().isUnknown(); + } + @Override public ReleaseInfoLoader update(Subject subject, ValueSet values) throws IOException { Objects.requireNonNull(subject, "Oh no! Subject cannot be null"); @@ -70,9 +84,9 @@ public ReleaseInfoLoader update(Subject subject, ValueSet values) throws IOExcep } if (subject instanceof MavenArtifact) { - releaseInfoFromMaven.update((MavenArtifact) subject, values); + releaseInfoFromMaven.update(subject, values); } else if (subject instanceof NpmArtifact) { - releaseInfoFromNpm.update((NpmArtifact) subject, values); + releaseInfoFromNpm.update(subject, values); } Optional project = projectOf(subject); @@ -105,20 +119,6 @@ private Optional projectOf(Subject subject) { return Optional.empty(); } - /** - * Checks if the values contain the known feature {@link - * com.sap.oss.phosphor.fosstars.model.feature.oss.OssFeatures#RELEASED_ARTIFACT_VERSIONS}. - * - * @param values The {@link ValueSet}. - * @return true if the values has the feature {@link - * com.sap.oss.phosphor.fosstars.model.feature.oss.OssFeatures #RELEASED_ARTIFACT_VERSIONS}. - * Otherwise false. - */ - private static boolean hasFeatureIn(ValueSet values) { - return values.of(RELEASED_ARTIFACT_VERSIONS).isPresent() - && !values.of(RELEASED_ARTIFACT_VERSIONS).get().isUnknown(); - } - @Override public boolean supports(Subject subject) { return subject instanceof Artifact; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromNpmAudit.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromNpmAudit.java index 2c3191464..28ae6668b 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromNpmAudit.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromNpmAudit.java @@ -50,9 +50,6 @@ */ public class VulnerabilitiesFromNpmAudit implements DataProvider { - /** A logger. */ - private final Logger logger = LogManager.getLogger(getClass()); - /** NPM registry URL to access security audit. */ private static final String NPM_AUDIT_URL = "https://registry.npmjs.org/-/npm/v1/security/audits"; @@ -67,6 +64,9 @@ public class VulnerabilitiesFromNpmAudit implements DataProvider { "\"dependencies\": {\"%s\": {\"version\": \"%s\"}}", "}"); + /** A logger. */ + private final Logger logger = LogManager.getLogger(getClass()); + /** An interface to NVD. */ private final NVD nvd; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspDependencyCheck.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspDependencyCheck.java index b225e08de..278f2200d 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspDependencyCheck.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspDependencyCheck.java @@ -99,80 +99,6 @@ public VulnerabilitiesFromOwaspDependencyCheck() { settings.setString(Settings.KEYS.H2_DATA_DIRECTORY, DB_DIR); } - /** The method always returns false, so that all child classes can't be interactive. */ - @Override - public final boolean interactive() { - return false; - } - - /** This is a dummy cache which stores nothing. */ - @Override - public ValueCache cache() { - return NoValueCache.create(); - } - - /** There is not call back required for this data provider. */ - @Override - public VulnerabilitiesFromOwaspDependencyCheck set(UserCallback callback) { - return this; - } - - /** No cache value is needed that is used by the data provider. */ - @Override - public VulnerabilitiesFromOwaspDependencyCheck set(ValueCache cache) { - return this; - } - - /** No configuration is required for this data provider. */ - @Override - public VulnerabilitiesFromOwaspDependencyCheck configure(Path config) throws IOException { - return this; - } - - @Override - public VulnerabilitiesFromOwaspDependencyCheck update(Subject subject, ValueSet values) - throws IOException { - - Objects.requireNonNull(values, "On no! Values cannot be null"); - MavenArtifact artifact = cast(subject, MavenArtifact.class); - - if (!artifact.version().isPresent()) { - throw new IOException("Oh no! The version is not available."); - } - - Optional owaspDependencyCheckEntry = scan(artifact); - if (!owaspDependencyCheckEntry.isPresent() - || owaspDependencyCheckEntry.get().getDependencies() == null) { - values.update(VULNERABILITIES_IN_ARTIFACT.unknown()); - return this; - } - - Vulnerabilities vulnerabilities = new Vulnerabilities(); - for (Dependency dependency : owaspDependencyCheckEntry.get().getDependencies()) { - if (dependency.getVulnerabilities() == null) { - continue; - } - - for (OwaspDependencyCheckVuln owaspDependencyCheckVuln : dependency.getVulnerabilities()) { - vulnerabilities.add(from(owaspDependencyCheckVuln)); - } - } - - values.update(VULNERABILITIES_IN_ARTIFACT.value(vulnerabilities)); - return this; - } - - /** Returns the supported feature loaded by this data provider. */ - @Override - public Set> supportedFeatures() { - return setOf(VULNERABILITIES_IN_ARTIFACT); - } - - @Override - public boolean supports(Subject subject) { - return subject instanceof MavenArtifact; - } - /** * Scan the input jar file and analyze the extracted {@link Dependency}. * @@ -215,28 +141,6 @@ private static Optional process( return Optional.empty(); } - /** - * Scan the {@link MavenArtifact}. - * - * @param artifact The {@link MavenArtifact}. - * @return An optional of {@link OwaspDependencyCheckEntry}. - * @throws IOException If something went wrong. - */ - Optional scan(MavenArtifact artifact) throws IOException { - Optional filePath = fetch(artifact); - - if (filePath.isPresent()) { - final ExceptionCollection exceptionCollection = new ExceptionCollection(); - try (Engine engine = new Engine(settings)) { - analyze(engine, filePath.get().toFile(), exceptionCollection); - return process(engine, filePath.get().toFile().getName(), exceptionCollection); - } finally { - delete(TEMP_DIR, JAR_DIR, REPORT_DIR); - } - } - return Optional.empty(); - } - /** * Converts an {@link OwaspDependencyCheckVuln} to a {@link Vulnerability}. * @@ -405,4 +309,100 @@ private static Optional writeFile(HttpEntity entity, String directory, Str private static Optional createDirectory(String directory) throws IOException { return Optional.ofNullable(Files.createDirectories(Paths.get(directory))); } + + /** The method always returns false, so that all child classes can't be interactive. */ + @Override + public final boolean interactive() { + return false; + } + + /** This is a dummy cache which stores nothing. */ + @Override + public ValueCache cache() { + return NoValueCache.create(); + } + + /** There is not call back required for this data provider. */ + @Override + public VulnerabilitiesFromOwaspDependencyCheck set(UserCallback callback) { + return this; + } + + /** No cache value is needed that is used by the data provider. */ + @Override + public VulnerabilitiesFromOwaspDependencyCheck set(ValueCache cache) { + return this; + } + + /** No configuration is required for this data provider. */ + @Override + public VulnerabilitiesFromOwaspDependencyCheck configure(Path config) throws IOException { + return this; + } + + @Override + public VulnerabilitiesFromOwaspDependencyCheck update(Subject subject, ValueSet values) + throws IOException { + + Objects.requireNonNull(values, "On no! Values cannot be null"); + MavenArtifact artifact = cast(subject, MavenArtifact.class); + + if (!artifact.version().isPresent()) { + throw new IOException("Oh no! The version is not available."); + } + + Optional owaspDependencyCheckEntry = scan(artifact); + if (!owaspDependencyCheckEntry.isPresent() + || owaspDependencyCheckEntry.get().getDependencies() == null) { + values.update(VULNERABILITIES_IN_ARTIFACT.unknown()); + return this; + } + + Vulnerabilities vulnerabilities = new Vulnerabilities(); + for (Dependency dependency : owaspDependencyCheckEntry.get().getDependencies()) { + if (dependency.getVulnerabilities() == null) { + continue; + } + + for (OwaspDependencyCheckVuln owaspDependencyCheckVuln : dependency.getVulnerabilities()) { + vulnerabilities.add(from(owaspDependencyCheckVuln)); + } + } + + values.update(VULNERABILITIES_IN_ARTIFACT.value(vulnerabilities)); + return this; + } + + /** Returns the supported feature loaded by this data provider. */ + @Override + public Set> supportedFeatures() { + return setOf(VULNERABILITIES_IN_ARTIFACT); + } + + @Override + public boolean supports(Subject subject) { + return subject instanceof MavenArtifact; + } + + /** + * Scan the {@link MavenArtifact}. + * + * @param artifact The {@link MavenArtifact}. + * @return An optional of {@link OwaspDependencyCheckEntry}. + * @throws IOException If something went wrong. + */ + Optional scan(MavenArtifact artifact) throws IOException { + Optional filePath = fetch(artifact); + + if (filePath.isPresent()) { + final ExceptionCollection exceptionCollection = new ExceptionCollection(); + try (Engine engine = new Engine(settings)) { + analyze(engine, filePath.get().toFile(), exceptionCollection); + return process(engine, filePath.get().toFile().getName(), exceptionCollection); + } finally { + delete(TEMP_DIR, JAR_DIR, REPORT_DIR); + } + } + return Optional.empty(); + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/AbstractDependencyScanDataProvider.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/AbstractDependencyScanDataProvider.java index edc23f35b..88b56cd1e 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/AbstractDependencyScanDataProvider.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/AbstractDependencyScanDataProvider.java @@ -19,8 +19,6 @@ public abstract class AbstractDependencyScanDataProvider extends GitHubCachingDa /** A minimal number of characters in a config for dependency checker. */ private static final int ACCEPTABLE_CONFIG_SIZE = 10; - protected abstract String getDependencyCheckerPattern(); - /** * Initializes a data provider. * @@ -30,6 +28,8 @@ public AbstractDependencyScanDataProvider(GitHubDataFetcher fetcher) { super(fetcher); } + protected abstract String getDependencyCheckerPattern(); + /** * Checks if a repository contains commits from dependency checker in the commit history. * diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/EstimateImpactUsingKnownVulnerabilities.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/EstimateImpactUsingKnownVulnerabilities.java index c24606214..25fb73d42 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/EstimateImpactUsingKnownVulnerabilities.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/EstimateImpactUsingKnownVulnerabilities.java @@ -53,49 +53,6 @@ public EstimateImpactUsingKnownVulnerabilities( this.infoAboutVulnerabilities = infoAboutVulnerabilities; } - @Override - protected EstimateImpactUsingKnownVulnerabilities doUpdate(Subject subject, ValueSet values) - throws IOException { - - infoAboutVulnerabilities.update(subject, values); - Value vulnerabilities = - values - .of(VULNERABILITIES_IN_PROJECT) - .orElseThrow( - () -> - new IllegalStateException( - "Oops! The underlying provider could not provide info about vulnerabilities!")); - - Impact worstConfidentialityImpact = null; - Impact worstIntegrityImpact = null; - Impact worstAvailableImpact = null; - - if (vulnerabilities.get().size() >= KNOWN_VULNERABILITIES_THRESHOLD) { - logger.info("Found enough vulnerabilities for estimating potential CIA impact"); - for (Vulnerability vulnerability : vulnerabilities.get()) { - if (!vulnerability.cvss().isPresent()) { - continue; - } - worstConfidentialityImpact = - set( - worstConfidentialityImpact, - vulnerability.cvss().get().confidentialityImpact().orElse(null)); - worstIntegrityImpact = - set(worstIntegrityImpact, vulnerability.cvss().get().integrityImpact().orElse(null)); - worstAvailableImpact = - set(worstAvailableImpact, vulnerability.cvss().get().availabilityImpact().orElse(null)); - } - } else { - logger.info("Not enough info about vulnerabilities to estimate potential CIA impact"); - } - - set(CONFIDENTIALITY_IMPACT, worstConfidentialityImpact, values); - set(INTEGRITY_IMPACT, worstIntegrityImpact, values); - set(AVAILABILITY_IMPACT, worstAvailableImpact, values); - - return this; - } - /** * Set a feature in a value set. * @@ -140,6 +97,49 @@ private static Impact set(Impact currentImpact, Object cvssImpact) { return newImpact.compareTo(currentImpact) <= 0 ? currentImpact : newImpact; } + @Override + protected EstimateImpactUsingKnownVulnerabilities doUpdate(Subject subject, ValueSet values) + throws IOException { + + infoAboutVulnerabilities.update(subject, values); + Value vulnerabilities = + values + .of(VULNERABILITIES_IN_PROJECT) + .orElseThrow( + () -> + new IllegalStateException( + "Oops! The underlying provider could not provide info about vulnerabilities!")); + + Impact worstConfidentialityImpact = null; + Impact worstIntegrityImpact = null; + Impact worstAvailableImpact = null; + + if (vulnerabilities.get().size() >= KNOWN_VULNERABILITIES_THRESHOLD) { + logger.info("Found enough vulnerabilities for estimating potential CIA impact"); + for (Vulnerability vulnerability : vulnerabilities.get()) { + if (!vulnerability.cvss().isPresent()) { + continue; + } + worstConfidentialityImpact = + set( + worstConfidentialityImpact, + vulnerability.cvss().get().confidentialityImpact().orElse(null)); + worstIntegrityImpact = + set(worstIntegrityImpact, vulnerability.cvss().get().integrityImpact().orElse(null)); + worstAvailableImpact = + set(worstAvailableImpact, vulnerability.cvss().get().availabilityImpact().orElse(null)); + } + } else { + logger.info("Not enough info about vulnerabilities to estimate potential CIA impact"); + } + + set(CONFIDENTIALITY_IMPACT, worstConfidentialityImpact, values); + set(INTEGRITY_IMPACT, worstIntegrityImpact, values); + set(AVAILABILITY_IMPACT, worstAvailableImpact, values); + + return this; + } + @Override public boolean interactive() { return false; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/GitHubDataCache.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/GitHubDataCache.java index ec46c6145..45c088cef 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/GitHubDataCache.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/GitHubDataCache.java @@ -73,7 +73,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof GitHubDataCache == false) { + if (!(o instanceof GitHubDataCache)) { return false; } GitHubDataCache cache = (GitHubDataCache) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/GitHubDataFetcher.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/GitHubDataFetcher.java index bc814cbc0..7df52f8f2 100755 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/GitHubDataFetcher.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/GitHubDataFetcher.java @@ -50,16 +50,6 @@ */ public class GitHubDataFetcher { - /** A logger. */ - private static final Logger LOGGER = LogManager.getLogger(GitHubDataFetcher.class); - - /** A type reference for serializing {@link #LOCAL_REPOSITORIES_INFO}. */ - private static final TypeReference> - LOCAL_REPOSITORIES_TYPE_REF = new TypeReference>() {}; - - /** Defines how often new updates should be pulled to a local repository by default. */ - private static final Duration DEFAULT_PULL_INTERVAL = Duration.ofDays(1); - /** A system property that contains a path to base directory for local repositories. */ static final String REPOSITORIES_BASE_PATH_PROPERTY = "fosstars.github.fetcher.repositories.base"; @@ -74,20 +64,30 @@ public class GitHubDataFetcher { /** Maximum size of the cache for local repositories. */ static final int LOCAL_REPOSITORIES_CACHE_CAPACITY = 100; + /** Synchronized map containing info about local repositories. */ + static final Map LOCAL_REPOSITORIES_INFO = + Collections.synchronizedMap(new HashMap<>()); + + /** A logger. */ + private static final Logger LOGGER = LogManager.getLogger(GitHubDataFetcher.class); + + /** A type reference for serializing {@link #LOCAL_REPOSITORIES_INFO}. */ + private static final TypeReference> + LOCAL_REPOSITORIES_TYPE_REF = new TypeReference>() {}; + + /** Defines how often new updates should be pulled to a local repository by default. */ + private static final Duration DEFAULT_PULL_INTERVAL = Duration.ofDays(1); + /** This flag doesn't allow exceeding the maximum cache size. */ private static final boolean SCAN_UNTIL_REMOVABLE = true; - /** Defines how often new updates should be pulled to a local repository. */ - private static Duration PULL_INTERVAL = DEFAULT_PULL_INTERVAL; - /** A synchronized cache of local repositories. */ static final Map LOCAL_REPOSITORIES = Collections.synchronizedMap( new LRUMap<>(LOCAL_REPOSITORIES_CACHE_CAPACITY, SCAN_UNTIL_REMOVABLE)); - /** Synchronized map containing info about local repositories. */ - static final Map LOCAL_REPOSITORIES_INFO = - Collections.synchronizedMap(new HashMap<>()); + /** Defines how often new updates should be pulled to a local repository. */ + private static Duration PULL_INTERVAL = DEFAULT_PULL_INTERVAL; static { try { @@ -129,134 +129,6 @@ public GitHubDataFetcher(GitHub github, String token) throws IOException { this.token = token; } - /** - * Get an interface to the GitHub API. - * - * @return The interface to the GitHub API. - */ - public synchronized GitHub github() { - return github; - } - - /** - * Get a token for accessing the GitHub API. - * - * @return A token for accessing the GitHub API. - */ - public synchronized String token() { - return token; - } - - /** - * Returns a number of latest commits. - * - * @param project The project. - * @param n The number of commits. - * @return The list of commits. - * @throws IOException If something went wrong. - */ - public List githubCommitsFor(GitHubProject project, int n) throws IOException { - Objects.requireNonNull(project, "Oh no! The project is null!"); - if (n <= 0) { - throw new IllegalArgumentException("Oh no! The number of commit is not positive!"); - } - - try { - List commits = new ArrayList<>(); - for (GHCommit commit : repositoryFor(project).listCommits()) { - commits.add(commit); - n--; - if (n == 0) { - break; - } - } - - return commits; - } catch (HttpException e) { - LOGGER.error(format("Could not fetch commits from %s", project.scm()), e); - return Collections.emptyList(); - } - } - - /** - * Creates a new GitHub issue in the given project with the provided title and body. - * - * @param project The project that shall receive the new issue. - * @param title The title of the new issue. - * @param body The body of the new issue. - * @return The newly created issue. - * @throws IOException If something went wrong. - */ - public GHIssue createGitHubIssue(GitHubProject project, String title, String body) - throws IOException { - Objects.requireNonNull(project, "Oh no! The project is null!"); - if (title == null || title.isEmpty()) { - throw new IllegalArgumentException("Oh no! The issue title is invalid!"); - } - if (body == null || body.isEmpty()) { - throw new IllegalArgumentException("Oh no! The issue body is invalid!"); - } - - GHRepository gitHubRepository = repositoryFor(project); - GHIssueBuilder issueBuilder = gitHubRepository.createIssue(title); - issueBuilder.body(body); - return issueBuilder.create(); - } - - /** - * Search existing GitHub issues in the given project. - * - * @param project The project that shall be searched for issues. - * @param text The text that shall be used for the search. - * @return A list of found issues. Empty if search was unsuccessful. - * @throws IOException If something went wrong. - */ - public List gitHubIssuesFor(GitHubProject project, String text) throws IOException { - Objects.requireNonNull(project, "Oh no! The project is null!"); - if (StringUtils.isEmpty(text)) { - throw new IllegalArgumentException("Oh no! The search query is invalid!"); - } - - String searchQuery = - format("%s repo:%s/%s", text, project.organization().name(), project.name()); - List issues = new ArrayList<>(); - for (GHIssue issue : github().searchIssues().isOpen().q(searchQuery).list()) { - issues.add(issue); - } - - return issues; - } - - /** - * Gets the GitHub project repository. This repository will then be stored in a cache ({@link - * LRUMap}). - * - * @param project of type {@link GitHubProject}, which holds the project information. - * @return {@link GHRepository} with the project information. - * @throws IOException occurred during REST call to GitHub API. - */ - public GHRepository repositoryFor(GitHubProject project) throws IOException { - Optional cachedRepository = repositoryCache.get(project); - if (cachedRepository.isPresent()) { - return cachedRepository.get(); - } - - GHRepository repository = github().getRepository(project.path()); - if (repository == null) { - throw new IOException(format("Could not fetch repository %s (null)", project.scm())); - } - - try { - repository.getDirectoryContent("/"); - } catch (GHFileNotFoundException e) { - throw new IOException(format("Could not fetch content of / in %s", project.scm())); - } - - repositoryCache.put(project, repository, expiration()); - - return repository; - } - /** * Clones a repository of a specified project. * @@ -403,24 +275,6 @@ private static Optional openRepository(Path path) { } } - /** - * Get the cache of repositories. - * - * @return The cache of repositories. - */ - GitHubDataCache repositoryCache() { - return repositoryCache; - } - - /** - * Get an expiration date for the cache entries. - * - * @return An expiration date for cache entries. - */ - public Date expiration() { - return Date.from(Instant.now().plus(1, ChronoUnit.DAYS)); // tomorrow - } - /** * Loads information about local repositories. * @@ -454,6 +308,152 @@ private static void storeLocalRepositoriesInfo() throws IOException { } } + /** + * Get an interface to the GitHub API. + * + * @return The interface to the GitHub API. + */ + public synchronized GitHub github() { + return github; + } + + /** + * Get a token for accessing the GitHub API. + * + * @return A token for accessing the GitHub API. + */ + public synchronized String token() { + return token; + } + + /** + * Returns a number of latest commits. + * + * @param project The project. + * @param n The number of commits. + * @return The list of commits. + * @throws IOException If something went wrong. + */ + public List githubCommitsFor(GitHubProject project, int n) throws IOException { + Objects.requireNonNull(project, "Oh no! The project is null!"); + if (n <= 0) { + throw new IllegalArgumentException("Oh no! The number of commit is not positive!"); + } + + try { + List commits = new ArrayList<>(); + for (GHCommit commit : repositoryFor(project).listCommits()) { + commits.add(commit); + n--; + if (n == 0) { + break; + } + } + + return commits; + } catch (HttpException e) { + LOGGER.error(format("Could not fetch commits from %s", project.scm()), e); + return Collections.emptyList(); + } + } + + /** + * Creates a new GitHub issue in the given project with the provided title and body. + * + * @param project The project that shall receive the new issue. + * @param title The title of the new issue. + * @param body The body of the new issue. + * @return The newly created issue. + * @throws IOException If something went wrong. + */ + public GHIssue createGitHubIssue(GitHubProject project, String title, String body) + throws IOException { + Objects.requireNonNull(project, "Oh no! The project is null!"); + if (title == null || title.isEmpty()) { + throw new IllegalArgumentException("Oh no! The issue title is invalid!"); + } + if (body == null || body.isEmpty()) { + throw new IllegalArgumentException("Oh no! The issue body is invalid!"); + } + + GHRepository gitHubRepository = repositoryFor(project); + GHIssueBuilder issueBuilder = gitHubRepository.createIssue(title); + issueBuilder.body(body); + return issueBuilder.create(); + } + + /** + * Search existing GitHub issues in the given project. + * + * @param project The project that shall be searched for issues. + * @param text The text that shall be used for the search. + * @return A list of found issues. Empty if search was unsuccessful. + * @throws IOException If something went wrong. + */ + public List gitHubIssuesFor(GitHubProject project, String text) throws IOException { + Objects.requireNonNull(project, "Oh no! The project is null!"); + if (StringUtils.isEmpty(text)) { + throw new IllegalArgumentException("Oh no! The search query is invalid!"); + } + + String searchQuery = + format("%s repo:%s/%s", text, project.organization().name(), project.name()); + List issues = new ArrayList<>(); + for (GHIssue issue : github().searchIssues().isOpen().q(searchQuery).list()) { + issues.add(issue); + } + + return issues; + } + + /** + * Gets the GitHub project repository. This repository will then be stored in a cache ({@link + * LRUMap}). + * + * @param project of type {@link GitHubProject}, which holds the project information. + * @return {@link GHRepository} with the project information. + * @throws IOException occurred during REST call to GitHub API. + */ + public GHRepository repositoryFor(GitHubProject project) throws IOException { + Optional cachedRepository = repositoryCache.get(project); + if (cachedRepository.isPresent()) { + return cachedRepository.get(); + } + + GHRepository repository = github().getRepository(project.path()); + if (repository == null) { + throw new IOException(format("Could not fetch repository %s (null)", project.scm())); + } + + try { + repository.getDirectoryContent("/"); + } catch (GHFileNotFoundException e) { + throw new IOException(format("Could not fetch content of / in %s", project.scm())); + } + + repositoryCache.put(project, repository, expiration()); + + return repository; + } + + /** + * Get the cache of repositories. + * + * @return The cache of repositories. + */ + GitHubDataCache repositoryCache() { + return repositoryCache; + } + + /** + * Get an expiration date for the cache entries. + * + * @return An expiration date for cache entries. + */ + public Date expiration() { + return Date.from(Instant.now().plus(1, ChronoUnit.DAYS)); // tomorrow + } + /** * Cleans up local repositories. * diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/GoSecDataProvider.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/GoSecDataProvider.java index 6b460ccb4..86051c663 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/GoSecDataProvider.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/GoSecDataProvider.java @@ -32,6 +32,13 @@ public class GoSecDataProvider extends AbstractStaticScanToolsDataProvider { /** A Predicate to check step in a GitHub action that triggers analysis with GoSec. */ private static final Map> MATCH_GOSEC_PREDICATE = new HashMap<>(); + /** + * A Predicate to check step in a GitHub action that triggers analysis with GoSec with specific + * configs. + */ + private static final Map> MATCH_GOSEC_STEP_CONFIG_PREDICATE = + new HashMap<>(); + static { { MATCH_GOSEC_PREDICATE.put( @@ -42,13 +49,6 @@ public class GoSecDataProvider extends AbstractStaticScanToolsDataProvider { } } - /** - * A Predicate to check step in a GitHub action that triggers analysis with GoSec with specific - * configs. - */ - private static final Map> MATCH_GOSEC_STEP_CONFIG_PREDICATE = - new HashMap<>(); - static { { MATCH_GOSEC_STEP_CONFIG_PREDICATE.put( diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/HasExecutableBinaries.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/HasExecutableBinaries.java index d76b2661a..29132d7a1 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/HasExecutableBinaries.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/HasExecutableBinaries.java @@ -70,6 +70,16 @@ public HasExecutableBinaries(GitHubDataFetcher fetcher) { super(fetcher); } + /** + * Check if the file represented by the path is a executable binary file. + * + * @param path The file path. + * @return true if the executable binary file type is found, otherwise false. + */ + private static boolean isExecutableBinary(Path path) { + return FILE_EXTENSIONS.stream().anyMatch(ext -> path.getFileName().toString().endsWith(ext)); + } + @Override protected Feature supportedFeature() { return HAS_EXECUTABLE_BINARIES; @@ -94,14 +104,4 @@ protected Value fetchValueFor(GitHubProject project) throws IOException LocalRepository loadLocalRepository(GitHubProject project) throws IOException { return GitHubDataFetcher.localRepositoryFor(project); } - - /** - * Check if the file represented by the path is a executable binary file. - * - * @param path The file path. - * @return true if the executable binary file type is found, otherwise false. - */ - private static boolean isExecutableBinary(Path path) { - return FILE_EXTENSIONS.stream().anyMatch(ext -> path.getFileName().toString().endsWith(ext)); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/HasSecurityPolicy.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/HasSecurityPolicy.java index a82a8a148..51d695c91 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/HasSecurityPolicy.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/HasSecurityPolicy.java @@ -42,6 +42,21 @@ public HasSecurityPolicy(GitHubDataFetcher fetcher) { super(fetcher); } + /** + * Check if a file exists in a repository and its content more than {@link + * #ACCEPTABLE_POLICY_SIZE}. + * + * @param repository The repository. + * @param path A path to the file + * @return True if the file exists in the repository and it's big enough, false otherwise. + */ + private static boolean isPolicy(LocalRepository repository, String path) throws IOException { + return repository + .file(path) + .filter(content -> content.length() > ACCEPTABLE_POLICY_SIZE) + .isPresent(); + } + @Override protected Feature supportedFeature() { return HAS_SECURITY_POLICY; @@ -99,19 +114,4 @@ private boolean hasSecurityPolicy(GitHubOrganization organization) throws IOExce CloseableHttpClient httpClient() { return HttpClients.createDefault(); } - - /** - * Check if a file exists in a repository and its content more than {@link - * #ACCEPTABLE_POLICY_SIZE}. - * - * @param repository The repository. - * @param path A path to the file - * @return True if the file exists in the repository and it's big enough, false otherwise. - */ - private static boolean isPolicy(LocalRepository repository, String path) throws IOException { - return repository - .file(path) - .filter(content -> content.length() > ACCEPTABLE_POLICY_SIZE) - .isPresent(); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/InfoAboutVulnerabilities.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/InfoAboutVulnerabilities.java index 05cc469c6..42c82b7b1 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/InfoAboutVulnerabilities.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/InfoAboutVulnerabilities.java @@ -25,7 +25,7 @@ *
  • {@link VulnerabilitiesFromNvd} * * - * The data provider caches a value for the {@link + *

    The data provider caches a value for the {@link * com.sap.oss.phosphor.fosstars.model.feature.oss.OssFeatures#VULNERABILITIES_IN_PROJECT} feature. */ public class InfoAboutVulnerabilities diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/LicenseInfo.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/LicenseInfo.java index 840433e42..e463a5e72 100755 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/LicenseInfo.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/LicenseInfo.java @@ -78,6 +78,38 @@ public LicenseInfo(GitHubDataFetcher fetcher) throws IOException { loadDefaultConfigIfAvailable(); } + /** + * This is for testing and demo purposes. + * + * @param args Command-line options (option 1: API token, option 2: project URL). + * @throws Exception If something went wrong. + */ + public static void main(String... args) throws Exception { + String token = args.length > 0 ? args[0] : ""; + String url = args.length > 1 ? args[1] : "https://github.com/SAP/fosstars-rating-core"; + GitHubProject project = GitHubProject.parse(url); + GitHub github = new GitHubBuilder().withOAuthToken(token).build(); + LicenseInfo provider = new LicenseInfo(new GitHubDataFetcher(github, token)); + provider.configure( + IOUtils.toInputStream( + "---\n" + + "allowedLicenses:\n" + + " - Apache-2.0\n" + + " - CC-BY-4.0\n" + + " - MIT\n" + + " - EPL-2.0\n" + + "disallowedLicensePatterns:\n" + + " - API\n" + + "repositoryExceptions:\n" + + " - https://github.com/SAP/SapMachine\n" + + " - https://github.com/SAP/jmc\n", + "UTF-8")); + ValueSet values = provider.fetchValuesFor(project); + for (Value value : values) { + System.out.printf("%s: %s%n", value.feature().name(), value.get()); + } + } + /** * Returns a list of SPDX IDs of allowed licenses. * @@ -334,36 +366,4 @@ LicenseInfo configure(InputStream is) throws IOException { repositoryExceptions(readListFrom(config, "repositoryExceptions")); return this; } - - /** - * This is for testing and demo purposes. - * - * @param args Command-line options (option 1: API token, option 2: project URL). - * @throws Exception If something went wrong. - */ - public static void main(String... args) throws Exception { - String token = args.length > 0 ? args[0] : ""; - String url = args.length > 1 ? args[1] : "https://github.com/SAP/fosstars-rating-core"; - GitHubProject project = GitHubProject.parse(url); - GitHub github = new GitHubBuilder().withOAuthToken(token).build(); - LicenseInfo provider = new LicenseInfo(new GitHubDataFetcher(github, token)); - provider.configure( - IOUtils.toInputStream( - "---\n" - + "allowedLicenses:\n" - + " - Apache-2.0\n" - + " - CC-BY-4.0\n" - + " - MIT\n" - + " - EPL-2.0\n" - + "disallowedLicensePatterns:\n" - + " - API\n" - + "repositoryExceptions:\n" - + " - https://github.com/SAP/SapMachine\n" - + " - https://github.com/SAP/jmc\n", - "UTF-8")); - ValueSet values = provider.fetchValuesFor(project); - for (Value value : values) { - System.out.printf("%s: %s%n", value.feature().name(), value.get()); - } - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/LocalRepositoryInfo.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/LocalRepositoryInfo.java index 124d78ff2..b787c6457 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/LocalRepositoryInfo.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/LocalRepositoryInfo.java @@ -14,15 +14,15 @@ /** The class holds info about a local repository. */ public class LocalRepositoryInfo { - /** A date when the repository was updated. */ - private Date updated; - /** A path to the repository. */ private final Path path; /** A URL to the repository. */ private final URL url; + /** A date when the repository was updated. */ + private Date updated; + /** Holds a size of repository (may be outdated). */ @JsonIgnore private BigInteger cachedRepositorySize; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/NumberOfDependentProjectOnGitHub.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/NumberOfDependentProjectOnGitHub.java index 189b21224..b2d373618 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/NumberOfDependentProjectOnGitHub.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/NumberOfDependentProjectOnGitHub.java @@ -31,6 +31,33 @@ public NumberOfDependentProjectOnGitHub(GitHubDataFetcher fetcher) throws IOExce super(fetcher); } + /** + * Try to extract an integer from a string. + * + * @param s The string. + * @return An integer. + * @throws NumberFormatException If the string doesn't have an integer. + */ + static int numberFrom(String s) throws NumberFormatException { + return Integer.parseInt(s.replaceAll("[,+\\s+]", EMPTY)); + } + + /** + * This is for testing and demo purposes. + * + * @param args Command-line options (option 1: API token, option 2: project URL). + * @throws Exception If something went wrong. + */ + public static void main(String... args) throws Exception { + String token = args.length > 0 ? args[0] : ""; + String url = args.length > 1 ? args[1] : "https://github.com/FasterXML/jackson-databind"; + GitHubProject project = GitHubProject.parse(url); + GitHub github = new GitHubBuilder().withOAuthToken(token).build(); + NumberOfDependentProjectOnGitHub provider = + new NumberOfDependentProjectOnGitHub(new GitHubDataFetcher(github, token)); + System.out.println(provider.fetchValueFor(project)); + } + @Override protected Feature supportedFeature() { return NUMBER_OF_DEPENDENT_PROJECTS_ON_GITHUB; @@ -77,31 +104,4 @@ Element loadFrontPageOf(GitHubProject project) throws IOException { String url = format("https://github.com/%s/%s", project.organization().name(), project.name()); return Jsoup.connect(url).get(); } - - /** - * Try to extract an integer from a string. - * - * @param s The string. - * @return An integer. - * @throws NumberFormatException If the string doesn't have an integer. - */ - static int numberFrom(String s) throws NumberFormatException { - return Integer.parseInt(s.replaceAll("[,+\\s+]", EMPTY)); - } - - /** - * This is for testing and demo purposes. - * - * @param args Command-line options (option 1: API token, option 2: project URL). - * @throws Exception If something went wrong. - */ - public static void main(String... args) throws Exception { - String token = args.length > 0 ? args[0] : ""; - String url = args.length > 1 ? args[1] : "https://github.com/FasterXML/jackson-databind"; - GitHubProject project = GitHubProject.parse(url); - GitHub github = new GitHubBuilder().withOAuthToken(token).build(); - NumberOfDependentProjectOnGitHub provider = - new NumberOfDependentProjectOnGitHub(new GitHubDataFetcher(github, token)); - System.out.println(provider.fetchValueFor(project)); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/NvdEntryMatcher.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/NvdEntryMatcher.java index 6b92c86df..7c5934bac 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/NvdEntryMatcher.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/NvdEntryMatcher.java @@ -44,21 +44,11 @@ public class NvdEntryMatcher implements Matcher { /** Instance of {@link JaroWinklerSimilarity}. */ private static final JaroWinklerSimilarity JWS = new JaroWinklerSimilarity(); - /** A project to be checked. */ - private final GitHubProject project; - /** A black list of words, which should not be present when checking reference URLs. */ private static final List STOP_WORDS = Collections.singletonList("wiki"); - /** - * Creates a new matcher for a project. - * - * @param project The project. - * @return The new matcher. - */ - public static NvdEntryMatcher entriesFor(GitHubProject project) { - return new NvdEntryMatcher(project); - } + /** A project to be checked. */ + private final GitHubProject project; /** * Initializes a new matcher. @@ -69,35 +59,14 @@ private NvdEntryMatcher(GitHubProject project) { this.project = Objects.requireNonNull(project, "Null is not a project!"); } - @Override - public boolean match(NvdEntry entry) { - Objects.requireNonNull(entry, "NVD entry can't be null!"); - - Configurations configurations = entry.getConfigurations(); - CVE cve = entry.getCve(); - - if (match(configurations, cve, project)) { - return true; - } - - if (cve == null) { - LOGGER.warn("No CVE in NVD entry"); - return false; - } - - CveMetaData meta = cve.getCveDataMeta(); - if (meta == null) { - LOGGER.warn("No metadata in NVD entry"); - return false; - } - - String cveId = meta.getId(); - if (cveId == null) { - LOGGER.warn("No CVE ID in NVD entry"); - return false; - } - - return match(cve.getAffects(), project); + /** + * Creates a new matcher for a project. + * + * @param project The project. + * @return The new matcher. + */ + public static NvdEntryMatcher entriesFor(GitHubProject project) { + return new NvdEntryMatcher(project); } /** @@ -367,4 +336,35 @@ private static boolean checkSplitPath(String[] path, GitHubProject project) { private static boolean notStopWord(String word) { return word != null && !STOP_WORDS.contains(word); } + + @Override + public boolean match(NvdEntry entry) { + Objects.requireNonNull(entry, "NVD entry can't be null!"); + + Configurations configurations = entry.getConfigurations(); + CVE cve = entry.getCve(); + + if (match(configurations, cve, project)) { + return true; + } + + if (cve == null) { + LOGGER.warn("No CVE in NVD entry"); + return false; + } + + CveMetaData meta = cve.getCveDataMeta(); + if (meta == null) { + LOGGER.warn("No metadata in NVD entry"); + return false; + } + + String cveId = meta.getId(); + if (cveId == null) { + LOGGER.warn("No CVE ID in NVD entry"); + return false; + } + + return match(cve.getAffects(), project); + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/OwaspSecurityLibraries.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/OwaspSecurityLibraries.java index 4b9398268..1ab8d66a0 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/OwaspSecurityLibraries.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/OwaspSecurityLibraries.java @@ -48,30 +48,6 @@ public OwaspSecurityLibraries(GitHubDataFetcher fetcher) { super(fetcher); } - @Override - public Set> supportedFeatures() { - return setOf(USES_OWASP_ESAPI, USES_OWASP_JAVA_ENCODER, USES_OWASP_JAVA_HTML_SANITIZER); - } - - @Override - protected ValueSet fetchValuesFor(GitHubProject project) throws IOException { - logger.info("Figuring out if the project uses OWASP security libraries ..."); - - ValueSet values = new ValueHashSet(); - - // set default values - values.update(USES_OWASP_ESAPI.value(false)); - values.update(USES_OWASP_JAVA_ENCODER.value(false)); - values.update(USES_OWASP_JAVA_HTML_SANITIZER.value(false)); - - LocalRepository repository = GitHubDataFetcher.localRepositoryFor(project); - - checkMaven(repository, values); - checkGradle(repository, values); - - return values; - } - /** * Looks for the feature in a Maven project. * @@ -215,6 +191,30 @@ private static Visitor withVisitor() { return new Visitor(); } + @Override + public Set> supportedFeatures() { + return setOf(USES_OWASP_ESAPI, USES_OWASP_JAVA_ENCODER, USES_OWASP_JAVA_HTML_SANITIZER); + } + + @Override + protected ValueSet fetchValuesFor(GitHubProject project) throws IOException { + logger.info("Figuring out if the project uses OWASP security libraries ..."); + + ValueSet values = new ValueHashSet(); + + // set default values + values.update(USES_OWASP_ESAPI.value(false)); + values.update(USES_OWASP_JAVA_ENCODER.value(false)); + values.update(USES_OWASP_JAVA_HTML_SANITIZER.value(false)); + + LocalRepository repository = GitHubDataFetcher.localRepositoryFor(project); + + checkMaven(repository, values); + checkGradle(repository, values); + + return values; + } + /** A visitor for searching security libraries in a POM file. */ private static class Visitor extends AbstractModelVisitor { @@ -227,21 +227,6 @@ private static class Visitor extends AbstractModelVisitor { /** This flag shows whether OWASP Java HTML Sanitizer was found in a POM file or not. */ private boolean foundOwaspJavaHtmlSanitizer = false; - @Override - public void accept(Dependency dependency, Set locations) { - if (isOwaspEsapi(dependency)) { - foundOwaspEsapi = true; - } - - if (isOwaspJavaEncoder(dependency)) { - foundOwaspJavaEncoder = true; - } - - if (isOwaspJavaHtmlSanitizer(dependency)) { - foundOwaspJavaHtmlSanitizer = true; - } - } - /** * Checks if a dependency is OWASP ESAPI. * @@ -275,5 +260,20 @@ private static boolean isOwaspJavaHtmlSanitizer(Dependency dependency) { return "com.googlecode.owasp-java-html-sanitizer".equals(dependency.getGroupId()) && "owasp-java-html-sanitizer".equals(dependency.getArtifactId()); } + + @Override + public void accept(Dependency dependency, Set locations) { + if (isOwaspEsapi(dependency)) { + foundOwaspEsapi = true; + } + + if (isOwaspJavaEncoder(dependency)) { + foundOwaspJavaEncoder = true; + } + + if (isOwaspJavaHtmlSanitizer(dependency)) { + foundOwaspJavaHtmlSanitizer = true; + } + } } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/PackageManagement.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/PackageManagement.java index cabbc267a..fdb8b54c7 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/PackageManagement.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/PackageManagement.java @@ -49,6 +49,16 @@ public class PackageManagement extends CachedSingleFeatureGitHubDataProvider KNOWN_PACKAGE_MANAGERS = new EnumMap<>(Language.class); + /** + * Maps a package manager to a list of its possible config files. + * + * @see + * Listing the packages that a repository depends on + */ + private static final Map[]> CONFIG_FILES_PATTERNS = + new EnumMap<>(PackageManager.class); + static { register(JAVA, MAVEN, GRADLE); register(SCALA, MAVEN); @@ -62,16 +72,6 @@ public class PackageManagement extends CachedSingleFeatureGitHubDataProvider - * Listing the packages that a repository depends on - */ - private static final Map[]> CONFIG_FILES_PATTERNS = - new EnumMap<>(PackageManager.class); - static { register(MAVEN, "pom.xml"::equals); register(GRADLE, "build.gradle"::equals); @@ -90,6 +90,15 @@ public class PackageManagement extends CachedSingleFeatureGitHubDataProvider... } /** - * Initializes a data provider. + * Checks if a file looks like a config of a specified package manager. * - * @param fetcher An interface to GitHub. + * @param path A path to the file. + * @param packageManager The package manager. + * @return True if a file looks like a config of the package manager, false otherwise. */ - public PackageManagement(GitHubDataFetcher fetcher) { - super(fetcher); + static boolean isKnownConfigFile(Path path, PackageManager packageManager) { + if (!CONFIG_FILES_PATTERNS.containsKey(packageManager)) { + return false; + } + + try { + if (!Files.isRegularFile(path)) { + return false; + } + + if (Files.size(path) < ACCEPTABLE_CONFIG_SIZE) { + return false; + } + + for (Predicate matcher : CONFIG_FILES_PATTERNS.get(packageManager)) { + if (matcher.test(path.getFileName().toString())) { + return true; + } + } + } catch (IOException e) { + return false; + } + + return false; } @Override @@ -167,39 +200,6 @@ private Value packageManagers(GitHubProject project) throws IOE return PACKAGE_MANAGERS.value(packageManagers); } - /** - * Checks if a file looks like a config of a specified package manager. - * - * @param path A path to the file. - * @param packageManager The package manager. - * @return True if a file looks like a config of the package manager, false otherwise. - */ - static boolean isKnownConfigFile(Path path, PackageManager packageManager) { - if (!CONFIG_FILES_PATTERNS.containsKey(packageManager)) { - return false; - } - - try { - if (!Files.isRegularFile(path)) { - return false; - } - - if (Files.size(path) < ACCEPTABLE_CONFIG_SIZE) { - return false; - } - - for (Predicate matcher : CONFIG_FILES_PATTERNS.get(packageManager)) { - if (matcher.test(path.getFileName().toString())) { - return true; - } - } - } catch (IOException e) { - return false; - } - - return false; - } - /** * Returns a programming languages that are used in a project. * diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/ReadmeInfo.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/ReadmeInfo.java index 5b2bf199c..168de2422 100755 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/ReadmeInfo.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/ReadmeInfo.java @@ -64,6 +64,38 @@ public ReadmeInfo(GitHubDataFetcher fetcher) throws IOException { loadDefaultConfigIfAvailable(); } + /** + * Looks for a README file in a repository. + * + * @param repository The repository. + * @return A file name of README. + */ + static Optional readmeIn(LocalRepository repository) { + for (String filename : KNOWN_README_FILES) { + if (repository.hasFile(filename)) { + return Optional.of(filename); + } + } + + return Optional.empty(); + } + + /** + * Reads a README file in a repository. + * + * @param repository The repository. + * @return Content of a README fine if found. + * @throws IOException If something went wrong. + */ + static Optional readReadmeIn(LocalRepository repository) throws IOException { + Optional readme = readmeIn(repository); + if (!readme.isPresent()) { + return Optional.empty(); + } + + return repository.readTextFrom(readme.get()); + } + /** * Return a list of patterns that describe required content in README. * @@ -135,38 +167,6 @@ protected ValueSet fetchValuesFor(GitHubProject project) throws IOException { return ValueHashSet.from(hasReadme, incompleteReadme); } - /** - * Looks for a README file in a repository. - * - * @param repository The repository. - * @return A file name of README. - */ - static Optional readmeIn(LocalRepository repository) { - for (String filename : KNOWN_README_FILES) { - if (repository.hasFile(filename)) { - return Optional.of(filename); - } - } - - return Optional.empty(); - } - - /** - * Reads a README file in a repository. - * - * @param repository The repository. - * @return Content of a README fine if found. - * @throws IOException If something went wrong. - */ - static Optional readReadmeIn(LocalRepository repository) throws IOException { - Optional readme = readmeIn(repository); - if (!readme.isPresent()) { - return Optional.empty(); - } - - return repository.readTextFrom(readme.get()); - } - /** * Reads a configuration from a YAML file. * diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/ReleasesFromGitHub.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/ReleasesFromGitHub.java index f612e97fb..a2a20f0fe 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/ReleasesFromGitHub.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/ReleasesFromGitHub.java @@ -32,6 +32,16 @@ public ReleasesFromGitHub(GitHubDataFetcher fetcher) { super(fetcher); } + /** + * Convert a Date to a LocalDateTime instance using the system default ZoneId. + * + * @param date The date to be converted. + * @return The time as LocalDateTime. + */ + private static LocalDateTime convertToLocalDate(Date date) { + return date.toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime(); + } + @Override protected Feature supportedFeature() { return RELEASED_ARTIFACT_VERSIONS; @@ -73,14 +83,4 @@ private ArtifactVersion createArtifactVersion(GHTag tag) { return null; } } - - /** - * Convert a Date to a LocalDateTime instance using the system default ZoneId. - * - * @param date The date to be converted. - * @return The time as LocalDateTime. - */ - private static LocalDateTime convertToLocalDate(Date date) { - return date.toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime(); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/SecurityReviewsFromOpenSSF.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/SecurityReviewsFromOpenSSF.java index 831f91835..f466e8a65 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/SecurityReviewsFromOpenSSF.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/SecurityReviewsFromOpenSSF.java @@ -66,6 +66,76 @@ public SecurityReviewsFromOpenSSF(GitHubDataFetcher fetcher) { super(fetcher); } + /** + * Reads review metadata from a file. + * + * @param file The file. + * @return Metadata if available. + * @throws IOException If something went wrong. + */ + private static Optional readMetadataFrom(Path file) throws IOException { + try (BufferedReader reader = Files.newBufferedReader(file)) { + return readMetadataFrom(reader); + } + } + + /** + * Reads review metadata from a reader. + * + * @param reader The reader. + * @return Metadata if available. + * @throws IOException If something wrong. + */ + static Optional readMetadataFrom(BufferedReader reader) throws IOException { + String line = reader.readLine(); + if (!"---".equals(line)) { + return Optional.empty(); + } + + StringBuilder metadata = new StringBuilder(); + do { + metadata.append(line).append("\n"); + line = reader.readLine(); + } while (line != null && !"---".equals(line)); + + return Optional.of(Yaml.mapper().readTree(metadata.toString())); + } + + /** + * Checks if a file looks like a security review. + * + * @param path A path to the file. + * @return True if the file looks like a security review, false otherwise. + */ + private static boolean isReview(Path path) { + return Files.isRegularFile(path) && path.getFileName().toString().endsWith(".md"); + } + + /** + * This is for testing and demo purposes. + * + * @param args Command-line options (option 1: API token, option 2: project URL). + * @throws Exception If something went wrong. + */ + public static void main(String... args) throws Exception { + String token = args.length > 0 ? args[0] : ""; + String url = args.length > 1 ? args[1] : "https://github.com/madler/zlib"; + GitHubProject project = GitHubProject.parse(url); + GitHub github = new GitHubBuilder().withOAuthToken(token).build(); + SecurityReviewsFromOpenSSF provider = + new SecurityReviewsFromOpenSSF(new GitHubDataFetcher(github, token)); + + ValueSet values = provider.fetchValuesFor(project); + Optional> securityReviews = values.of(SECURITY_REVIEWS); + if (!securityReviews.isPresent()) { + throw new RuntimeException("Could not find security reviews!"); + } + + for (SecurityReview review : securityReviews.get().get()) { + System.out.println(review); + } + } + @Override protected Feature supportedFeature() { return SECURITY_REVIEWS; @@ -171,74 +241,4 @@ boolean purlBelongsTo(GitHubProject project, String purl) { return false; } - - /** - * Reads review metadata from a file. - * - * @param file The file. - * @return Metadata if available. - * @throws IOException If something went wrong. - */ - private static Optional readMetadataFrom(Path file) throws IOException { - try (BufferedReader reader = Files.newBufferedReader(file)) { - return readMetadataFrom(reader); - } - } - - /** - * Reads review metadata from a reader. - * - * @param reader The reader. - * @return Metadata if available. - * @throws IOException If something wrong. - */ - static Optional readMetadataFrom(BufferedReader reader) throws IOException { - String line = reader.readLine(); - if (!"---".equals(line)) { - return Optional.empty(); - } - - StringBuilder metadata = new StringBuilder(); - do { - metadata.append(line).append("\n"); - line = reader.readLine(); - } while (line != null && !"---".equals(line)); - - return Optional.of(Yaml.mapper().readTree(metadata.toString())); - } - - /** - * Checks if a file looks like a security review. - * - * @param path A path to the file. - * @return True if the file looks like a security review, false otherwise. - */ - private static boolean isReview(Path path) { - return Files.isRegularFile(path) && path.getFileName().toString().endsWith(".md"); - } - - /** - * This is for testing and demo purposes. - * - * @param args Command-line options (option 1: API token, option 2: project URL). - * @throws Exception If something went wrong. - */ - public static void main(String... args) throws Exception { - String token = args.length > 0 ? args[0] : ""; - String url = args.length > 1 ? args[1] : "https://github.com/madler/zlib"; - GitHubProject project = GitHubProject.parse(url); - GitHub github = new GitHubBuilder().withOAuthToken(token).build(); - SecurityReviewsFromOpenSSF provider = - new SecurityReviewsFromOpenSSF(new GitHubDataFetcher(github, token)); - - ValueSet values = provider.fetchValuesFor(project); - Optional> securityReviews = values.of(SECURITY_REVIEWS); - if (!securityReviews.isPresent()) { - throw new RuntimeException("Could not find security reviews!"); - } - - for (SecurityReview review : securityReviews.get().get()) { - System.out.println(review); - } - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/SignsJarArtifacts.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/SignsJarArtifacts.java index bec2d5dfc..2c3b946c4 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/SignsJarArtifacts.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/SignsJarArtifacts.java @@ -35,6 +35,23 @@ public SignsJarArtifacts(GitHubDataFetcher fetcher) { super(fetcher); } + /** + * Checks a plugin is the Maven GPG plugin. + * + * @param plugin The plugin to be checked. + * @return True if the plugin is the Maven GPG plugin, false otherwise. + */ + private static boolean isMavenGpg(Plugin plugin) { + return plugin != null + && "org.apache.maven.plugins".equals(plugin.getGroupId()) + && "maven-gpg-plugin".equals(plugin.getArtifactId()); + } + + /** Creates a new visitor for searching for Maven GPG plugin in a build section of a POM file. */ + private static Visitor withVisitor() { + return new Visitor(); + } + @Override protected Feature supportedFeature() { return SIGNS_ARTIFACTS; @@ -68,23 +85,6 @@ private boolean checkMaven(LocalRepository repository) throws IOException { } } - /** - * Checks a plugin is the Maven GPG plugin. - * - * @param plugin The plugin to be checked. - * @return True if the plugin is the Maven GPG plugin, false otherwise. - */ - private static boolean isMavenGpg(Plugin plugin) { - return plugin != null - && "org.apache.maven.plugins".equals(plugin.getGroupId()) - && "maven-gpg-plugin".equals(plugin.getArtifactId()); - } - - /** Creates a new visitor for searching for Maven GPG plugin in a build section of a POM file. */ - private static Visitor withVisitor() { - return new Visitor(); - } - /** A visitor for searching for Maven GPG plugin in a build section of a POM file. */ private static class Visitor extends AbstractModelVisitor { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UseReuseDataProvider.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UseReuseDataProvider.java index 2f48a485d..2dd7928ba 100755 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UseReuseDataProvider.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UseReuseDataProvider.java @@ -72,38 +72,6 @@ public UseReuseDataProvider(GitHubDataFetcher fetcher) throws IOException { loadDefaultConfigIfAvailable(); } - @Override - public Set> supportedFeatures() { - return setOf( - USES_REUSE, - README_HAS_REUSE_INFO, - HAS_REUSE_LICENSES, - REGISTERED_IN_REUSE, - IS_REUSE_COMPLIANT); - } - - @Override - protected ValueSet fetchValuesFor(GitHubProject project) throws IOException { - logger.info("Figuring out how the project uses REUSE ..."); - - // Some repositories apply other copyright annotations and are well-known exceptions. - // Those ones will reported as OK by this data provider. - if (this.repositoryExceptionUrls.contains(project.toString())) { - return ValueHashSet.from( - USES_REUSE.value(true), - README_HAS_REUSE_INFO.value(true), - HAS_REUSE_LICENSES.value(true), - REGISTERED_IN_REUSE.value(true), - IS_REUSE_COMPLIANT.value(true)); - } - - ValueSet values = - ValueHashSet.from( - useReuse(project), readmeHasReuseInfo(project), hasReuseLicenses(project)); - values.update(reuseInfo(project)); - return values; - } - /** * Check whether a project uses REUSE or not. * @@ -170,13 +138,87 @@ static Value hasReuseLicenses(GitHubProject project) throws IOException .explainIf(false, "The project doesn't have licenses in %s directory", licenseDirectory); } - /** Possible results of the REUSE tool registration check. */ - private enum ReuseInfo { - UNAVAILABLE, - UNKNOWN, - UNREGISTERED, - COMPLIANT, - NON_COMPLIANT + /** + * Checks if a path is a regular file. + * + * @param path The path. + * @return True if the path is a regular file, false otherwise. + */ + private static boolean isFile(Path path) { + return Files.isRegularFile(path); + } + + /** + * Command-line interface for testing. + * + * @param args Command-line options. + * @throws Exception If something went wrong. + */ + public static void main(String... args) throws Exception { + String token = args[0]; + String url = args[1]; + GitHub github = new GitHubBuilder().withOAuthToken(token).build(); + GitHubDataFetcher fetcher = new GitHubDataFetcher(github, token); + UseReuseDataProvider provider = new UseReuseDataProvider(fetcher); + provider.configure( + IOUtils.toInputStream( + "---\n" + + "repositoryExceptions:\n" + + " - https://github.com/SAP/SapMachine\n" + + " - https://github.com/SAP/async-profiler\n" + + " - https://github.com/SAP/jmc\n", + "UTF-8")); + GitHubProject project = GitHubProject.parse(url); + ValueSet values = provider.fetchValuesFor(project); + print(values, USES_REUSE); + print(values, README_HAS_REUSE_INFO); + print(values, HAS_REUSE_LICENSES); + print(values, REGISTERED_IN_REUSE); + print(values, IS_REUSE_COMPLIANT); + } + + /** + * Looks for a feature in a set of values and prints it out. + * + * @param values The values. + * @param feature The feature. + */ + private static void print(ValueSet values, Feature feature) { + Optional> something = values.of(feature); + System.out.printf( + "%s: %s%n", feature.name(), something.map(Value::toString).orElse("not found")); + } + + @Override + public Set> supportedFeatures() { + return setOf( + USES_REUSE, + README_HAS_REUSE_INFO, + HAS_REUSE_LICENSES, + REGISTERED_IN_REUSE, + IS_REUSE_COMPLIANT); + } + + @Override + protected ValueSet fetchValuesFor(GitHubProject project) throws IOException { + logger.info("Figuring out how the project uses REUSE ..."); + + // Some repositories apply other copyright annotations and are well-known exceptions. + // Those ones will reported as OK by this data provider. + if (this.repositoryExceptionUrls.contains(project.toString())) { + return ValueHashSet.from( + USES_REUSE.value(true), + README_HAS_REUSE_INFO.value(true), + HAS_REUSE_LICENSES.value(true), + REGISTERED_IN_REUSE.value(true), + IS_REUSE_COMPLIANT.value(true)); + } + + ValueSet values = + ValueHashSet.from( + useReuse(project), readmeHasReuseInfo(project), hasReuseLicenses(project)); + values.update(reuseInfo(project)); + return values; } /** @@ -291,57 +333,6 @@ CloseableHttpClient httpClient() { return HttpClients.createDefault(); } - /** - * Checks if a path is a regular file. - * - * @param path The path. - * @return True if the path is a regular file, false otherwise. - */ - private static boolean isFile(Path path) { - return Files.isRegularFile(path); - } - - /** - * Command-line interface for testing. - * - * @param args Command-line options. - * @throws Exception If something went wrong. - */ - public static void main(String... args) throws Exception { - String token = args[0]; - String url = args[1]; - GitHub github = new GitHubBuilder().withOAuthToken(token).build(); - GitHubDataFetcher fetcher = new GitHubDataFetcher(github, token); - UseReuseDataProvider provider = new UseReuseDataProvider(fetcher); - provider.configure( - IOUtils.toInputStream( - "---\n" - + "repositoryExceptions:\n" - + " - https://github.com/SAP/SapMachine\n" - + " - https://github.com/SAP/async-profiler\n" - + " - https://github.com/SAP/jmc\n", - "UTF-8")); - GitHubProject project = GitHubProject.parse(url); - ValueSet values = provider.fetchValuesFor(project); - print(values, USES_REUSE); - print(values, README_HAS_REUSE_INFO); - print(values, HAS_REUSE_LICENSES); - print(values, REGISTERED_IN_REUSE); - print(values, IS_REUSE_COMPLIANT); - } - - /** - * Looks for a feature in a set of values and prints it out. - * - * @param values The values. - * @param feature The feature. - */ - private static void print(ValueSet values, Feature feature) { - Optional> something = values.of(feature); - System.out.printf( - "%s: %s%n", feature.name(), something.map(Value::toString).orElse("not found")); - } - @Override public UseReuseDataProvider configure(Path configurationPath) throws IOException { try (InputStream is = Files.newInputStream(configurationPath)) { @@ -393,4 +384,13 @@ public UseReuseDataProvider repositoryExceptions(List repositoryExceptio List repositoryExceptions() { return new ArrayList<>(repositoryExceptionUrls); } + + /** Possible results of the REUSE tool registration check. */ + private enum ReuseInfo { + UNAVAILABLE, + UNKNOWN, + UNREGISTERED, + COMPLIANT, + NON_COMPLIANT + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesDependabot.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesDependabot.java index 2ab9a2931..726a86256 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesDependabot.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesDependabot.java @@ -38,11 +38,6 @@ public class UsesDependabot extends AbstractDependencyScanDataProvider { /** A pattern to detect commits by Dependabot. */ private static final String DEPENDABOT_PATTERN = "dependabot"; - @Override - protected String getDependencyCheckerPattern() { - return DEPENDABOT_PATTERN; - } - /** * Initializes a data provider. * @@ -52,6 +47,11 @@ public UsesDependabot(GitHubDataFetcher fetcher) { super(fetcher); } + @Override + protected String getDependencyCheckerPattern() { + return DEPENDABOT_PATTERN; + } + @Override public Set> supportedFeatures() { return setOf(USES_DEPENDABOT, HAS_OPEN_PULL_REQUEST_FROM_DEPENDABOT); diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesFindSecBugs.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesFindSecBugs.java index be2193fc6..590ce725b 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesFindSecBugs.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesFindSecBugs.java @@ -35,41 +35,6 @@ public UsesFindSecBugs(GitHubDataFetcher fetcher) { super(fetcher); } - @Override - protected Feature supportedFeature() { - return USES_FIND_SEC_BUGS; - } - - @Override - protected Value fetchValueFor(GitHubProject project) throws IOException { - logger.info("Figuring out if the project uses FindSecBugs ..."); - LocalRepository repository = GitHubDataFetcher.localRepositoryFor(project); - boolean answer = checkMaven(repository); - return USES_FIND_SEC_BUGS.value(answer); - } - - /** - * Checks if a repository uses FindSecBugs with Maven. - * - * @param repository The repository. - * @return True if the project uses FindSecBugs, false otherwise. - * @throws IOException If something went wrong - * @see Maven - * configuration - */ - private boolean checkMaven(LocalRepository repository) throws IOException { - Optional content = repository.read("pom.xml"); - - if (!content.isPresent()) { - return false; - } - - try (InputStream is = content.get()) { - Model model = readModel(is); - return browse(model, withVisitor()).result; - } - } - /** * Check if a plugin runs FindSecBugs. * @@ -117,7 +82,7 @@ private static boolean isFindSecBugs(ReportPlugin plugin) { * @return True if the object is a configuration of FindSecBugs plugin, false otherwise. */ private static boolean isFindSecBugs(Object object) { - if (object instanceof Xpp3Dom == false) { + if (!(object instanceof Xpp3Dom)) { return false; } Xpp3Dom configuration = (Xpp3Dom) object; @@ -172,6 +137,41 @@ private static Visitor withVisitor() { return new Visitor(); } + @Override + protected Feature supportedFeature() { + return USES_FIND_SEC_BUGS; + } + + @Override + protected Value fetchValueFor(GitHubProject project) throws IOException { + logger.info("Figuring out if the project uses FindSecBugs ..."); + LocalRepository repository = GitHubDataFetcher.localRepositoryFor(project); + boolean answer = checkMaven(repository); + return USES_FIND_SEC_BUGS.value(answer); + } + + /** + * Checks if a repository uses FindSecBugs with Maven. + * + * @param repository The repository. + * @return True if the project uses FindSecBugs, false otherwise. + * @throws IOException If something went wrong + * @see Maven + * configuration + */ + private boolean checkMaven(LocalRepository repository) throws IOException { + Optional content = repository.read("pom.xml"); + + if (!content.isPresent()) { + return false; + } + + try (InputStream is = content.get()) { + Model model = readModel(is); + return browse(model, withVisitor()).result; + } + } + /** A visitor for searching FindSecBugs in a POM file. */ private static class Visitor extends AbstractModelVisitor { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesGithubForDevelopment.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesGithubForDevelopment.java index 18c09599f..166162c31 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesGithubForDevelopment.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesGithubForDevelopment.java @@ -61,35 +61,6 @@ public UsesGithubForDevelopment(GitHubDataFetcher fetcher) { super(fetcher); } - @Override - protected Feature supportedFeature() { - return USES_GITHUB_FOR_DEVELOPMENT; - } - - @Override - protected Value fetchValueFor(GitHubProject project) { - logger.info("Figuring out if the project uses GitHub for development ..."); - return usesGithubForDevelopment(project); - } - - /** - * Checks if a project uses GitHub for development. - * - * @param project The project to be checked. - * @return A value of {@link OssFeatures#USES_GITHUB_FOR_DEVELOPMENT}. - */ - private Value usesGithubForDevelopment(GitHubProject project) { - try { - GHRepository repository = fetcher.repositoryFor(project); - - return USES_GITHUB_FOR_DEVELOPMENT.value( - usesGitHubForDevelopment(repository, CONFIDENCE_THRESHOLD)); - } catch (IOException e) { - logger.warn("Couldn't fetch data, something went wrong!", e); - return USES_GITHUB_FOR_DEVELOPMENT.unknown(); - } - } - /** * The method checks if it looks like that a project uses GitHub for development. The method runs * a number of checks for the project. If most of the checks pass, then the method concludes that @@ -164,4 +135,33 @@ private static boolean hasGitHubDirectory(GHRepository repository) { return false; } } + + @Override + protected Feature supportedFeature() { + return USES_GITHUB_FOR_DEVELOPMENT; + } + + @Override + protected Value fetchValueFor(GitHubProject project) { + logger.info("Figuring out if the project uses GitHub for development ..."); + return usesGithubForDevelopment(project); + } + + /** + * Checks if a project uses GitHub for development. + * + * @param project The project to be checked. + * @return A value of {@link OssFeatures#USES_GITHUB_FOR_DEVELOPMENT}. + */ + private Value usesGithubForDevelopment(GitHubProject project) { + try { + GHRepository repository = fetcher.repositoryFor(project); + + return USES_GITHUB_FOR_DEVELOPMENT.value( + usesGitHubForDevelopment(repository, CONFIDENCE_THRESHOLD)); + } catch (IOException e) { + logger.warn("Couldn't fetch data, something went wrong!", e); + return USES_GITHUB_FOR_DEVELOPMENT.unknown(); + } + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesNoHttpTool.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesNoHttpTool.java index 0c6f451d4..0c2c5c9b7 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesNoHttpTool.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesNoHttpTool.java @@ -35,6 +35,40 @@ public UsesNoHttpTool(GitHubDataFetcher fetcher) { super(fetcher); } + /** + * Check if a plugin is maven-checkstyle-plugin with nohttp. + * + * @param plugin The plugin to be checked. + * @return True if the plugin runs nohttp, false otherwise. + * @see Demo + * of using nohttp checkstyle with Maven + */ + private static boolean isNoHttp(Plugin plugin) { + + // first, check if the plugin is maven-checkstyle-plugin + if (!"org.apache.maven.plugins".equals(plugin.getGroupId()) + || !"maven-checkstyle-plugin".equals(plugin.getArtifactId())) { + + return false; + } + + // next, check if one of the dependencies is nohttp + for (Dependency dependency : plugin.getDependencies()) { + if ("io.spring.nohttp".equals(dependency.getGroupId()) + && "nohttp-checkstyle".equals(dependency.getArtifactId())) { + + return true; + } + } + + return false; + } + + /** Creates a new visitor for searching the nohttp tool. */ + private static Visitor withVisitor() { + return new Visitor(); + } + @Override protected Feature supportedFeature() { return USES_NOHTTP; @@ -92,40 +126,6 @@ private boolean checkGradle(LocalRepository repository) throws IOException { return false; } - /** - * Check if a plugin is maven-checkstyle-plugin with nohttp. - * - * @param plugin The plugin to be checked. - * @return True if the plugin runs nohttp, false otherwise. - * @see Demo - * of using nohttp checkstyle with Maven - */ - private static boolean isNoHttp(Plugin plugin) { - - // first, check if the plugin is maven-checkstyle-plugin - if (!"org.apache.maven.plugins".equals(plugin.getGroupId()) - || !"maven-checkstyle-plugin".equals(plugin.getArtifactId())) { - - return false; - } - - // next, check if one of the dependencies is nohttp - for (Dependency dependency : plugin.getDependencies()) { - if ("io.spring.nohttp".equals(dependency.getGroupId()) - && "nohttp-checkstyle".equals(dependency.getArtifactId())) { - - return true; - } - } - - return false; - } - - /** Creates a new visitor for searching the nohttp tool. */ - private static Visitor withVisitor() { - return new Visitor(); - } - /** A visitor for searching the nohttp tool. */ private static class Visitor extends AbstractModelVisitor { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesOwaspDependencyCheck.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesOwaspDependencyCheck.java index f43791a64..be8ea3888 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesOwaspDependencyCheck.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesOwaspDependencyCheck.java @@ -68,18 +68,6 @@ public UsesOwaspDependencyCheck(GitHubDataFetcher fetcher) { super(fetcher); } - @Override - public Set> supportedFeatures() { - return setOf(OWASP_DEPENDENCY_CHECK_USAGE, OWASP_DEPENDENCY_CHECK_FAIL_CVSS_THRESHOLD); - } - - @Override - protected ValueSet fetchValuesFor(GitHubProject project) throws IOException { - logger.info("Figuring out if the project uses OWASP Dependency Check ..."); - LocalRepository repository = GitHubDataFetcher.localRepositoryFor(project); - return selectBetter(checkMaven(repository), checkGradle(repository)); - } - private static ValueSet selectBetter(ValueSet firstSet, ValueSet secondSet) { OwaspDependencyCheckUsage firstUsage = firstSet.of(OWASP_DEPENDENCY_CHECK_USAGE).map(Value::get).orElse(NOT_USED); @@ -319,7 +307,7 @@ private static Double parseScore(String value, String type) { * @return The value of the configuration if found. */ private static Optional parameter(String name, Object configuration) { - if (configuration instanceof Xpp3Dom == false) { + if (!(configuration instanceof Xpp3Dom)) { return Optional.empty(); } @@ -346,6 +334,18 @@ private static Visitor withVisitor() { return new Visitor(); } + @Override + public Set> supportedFeatures() { + return setOf(OWASP_DEPENDENCY_CHECK_USAGE, OWASP_DEPENDENCY_CHECK_FAIL_CVSS_THRESHOLD); + } + + @Override + protected ValueSet fetchValuesFor(GitHubProject project) throws IOException { + logger.info("Figuring out if the project uses OWASP Dependency Check ..."); + LocalRepository repository = GitHubDataFetcher.localRepositoryFor(project); + return selectBetter(checkMaven(repository), checkGradle(repository)); + } + /** A visitor for searching OWASP Dependency Check in a POM file. */ private static class Visitor extends AbstractModelVisitor { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesSanitizers.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesSanitizers.java index 50a199f1b..c991dce54 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesSanitizers.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesSanitizers.java @@ -58,52 +58,6 @@ public UsesSanitizers(GitHubDataFetcher fetcher) { super(fetcher); } - @Override - public Set> supportedFeatures() { - return setOf(USES_ADDRESS_SANITIZER, USES_MEMORY_SANITIZER, USES_UNDEFINED_BEHAVIOR_SANITIZER); - } - - @Override - protected ValueSet fetchValuesFor(GitHubProject project) throws IOException { - Objects.requireNonNull(project, "Oh no! Project is null!"); - - logger.info("Figuring out if the project uses sanitizers ..."); - - ValueSet values = new ValueHashSet(); - values.update(USES_ADDRESS_SANITIZER.value(false)); - values.update(USES_MEMORY_SANITIZER.value(false)); - values.update(USES_UNDEFINED_BEHAVIOR_SANITIZER.value(false)); - - LocalRepository repository = GitHubDataFetcher.localRepositoryFor(project); - - List files = - repository.files(path -> Files.isRegularFile(path) && maybeBuildConfig(path)); - - for (Path path : files) { - Optional content = repository.file(path); - if (!content.isPresent()) { - continue; - } - - List sanitizers = lookForSanitizers(content.get()); - for (String sanitizer : sanitizers) { - if (sanitizer.contains("address")) { - values.update(USES_ADDRESS_SANITIZER.value(true)); - } - - if (sanitizer.contains("memory")) { - values.update(USES_MEMORY_SANITIZER.value(true)); - } - - if (sanitizer.contains("undefined")) { - values.update(USES_UNDEFINED_BEHAVIOR_SANITIZER.value(true)); - } - } - } - - return values; - } - /** * Checks if a file looks like a build config. * @@ -179,4 +133,50 @@ static List parseOptions(String line) { return options; } + + @Override + public Set> supportedFeatures() { + return setOf(USES_ADDRESS_SANITIZER, USES_MEMORY_SANITIZER, USES_UNDEFINED_BEHAVIOR_SANITIZER); + } + + @Override + protected ValueSet fetchValuesFor(GitHubProject project) throws IOException { + Objects.requireNonNull(project, "Oh no! Project is null!"); + + logger.info("Figuring out if the project uses sanitizers ..."); + + ValueSet values = new ValueHashSet(); + values.update(USES_ADDRESS_SANITIZER.value(false)); + values.update(USES_MEMORY_SANITIZER.value(false)); + values.update(USES_UNDEFINED_BEHAVIOR_SANITIZER.value(false)); + + LocalRepository repository = GitHubDataFetcher.localRepositoryFor(project); + + List files = + repository.files(path -> Files.isRegularFile(path) && maybeBuildConfig(path)); + + for (Path path : files) { + Optional content = repository.file(path); + if (!content.isPresent()) { + continue; + } + + List sanitizers = lookForSanitizers(content.get()); + for (String sanitizer : sanitizers) { + if (sanitizer.contains("address")) { + values.update(USES_ADDRESS_SANITIZER.value(true)); + } + + if (sanitizer.contains("memory")) { + values.update(USES_MEMORY_SANITIZER.value(true)); + } + + if (sanitizer.contains("undefined")) { + values.update(USES_UNDEFINED_BEHAVIOR_SANITIZER.value(true)); + } + } + } + + return values; + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesSnyk.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesSnyk.java index 0a90476b9..f8f87885b 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesSnyk.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/UsesSnyk.java @@ -26,14 +26,6 @@ */ public class UsesSnyk extends AbstractDependencyScanDataProvider { - /** - * A file name containing Snyk policies in a repository. - * - * @see The .snyk - * file - */ - private static String SNYK_POLICY_FILE_NAME = ".snyk"; - /** * A location of a Snyk configuration file in a repository. * @@ -43,10 +35,6 @@ public class UsesSnyk extends AbstractDependencyScanDataProvider { ".github/workflows/snyk.yaml", ".github/workflows/snyk.yml" }; - /** Predicate to confirm if there is a file in open-source project with the .snyk extension. */ - private static final Predicate SNYK_FILE_PREDICATE = - path -> path.getFileName().toString().endsWith(SNYK_POLICY_FILE_NAME); - /** * A pattern to detect commits by Snyk. * @@ -56,10 +44,17 @@ public class UsesSnyk extends AbstractDependencyScanDataProvider { */ private static final String SNYK_PATTERN = "snyk"; - @Override - protected String getDependencyCheckerPattern() { - return SNYK_PATTERN; - } + /** + * A file name containing Snyk policies in a repository. + * + * @see The .snyk + * file + */ + private static final String SNYK_POLICY_FILE_NAME = ".snyk"; + + /** Predicate to confirm if there is a file in open-source project with the .snyk extension. */ + private static final Predicate SNYK_FILE_PREDICATE = + path -> path.getFileName().toString().endsWith(SNYK_POLICY_FILE_NAME); /** * Initializes a data provider. @@ -70,6 +65,11 @@ public UsesSnyk(GitHubDataFetcher fetcher) { super(fetcher); } + @Override + protected String getDependencyCheckerPattern() { + return SNYK_PATTERN; + } + @Override public Set> supportedFeatures() { return setOf(USES_SNYK, HAS_OPEN_PULL_REQUEST_FROM_SNYK); diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/VulnerabilityAlertsInfo.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/VulnerabilityAlertsInfo.java index a16637c17..2caae6417 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/VulnerabilityAlertsInfo.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/VulnerabilityAlertsInfo.java @@ -53,6 +53,24 @@ public VulnerabilityAlertsInfo(GitHubDataFetcher fetcher) { super(fetcher); } + /** + * Command-line interface for testing. + * + * @param args Command-line options. + * @throws Exception If something went wrong. + */ + public static void main(String... args) throws Exception { + String token = args[0]; + String url = args[1]; + GitHub github = new GitHubBuilder().withOAuthToken(token).build(); + GitHubDataFetcher fetcher = new GitHubDataFetcher(github, token); + VulnerabilityAlertsInfo provider = new VulnerabilityAlertsInfo(fetcher); + GitHubProject project = GitHubProject.parse(url); + ValueSet values = provider.fetchValuesFor(project); + System.out.println(values.of(ENABLED_VULNERABILITY_ALERTS_ON_GITHUB)); + System.out.println(values.of(HAS_UNRESOLVED_VULNERABILITY_ALERTS)); + } + @Override public Set> supportedFeatures() { return setOf(ENABLED_VULNERABILITY_ALERTS_ON_GITHUB, HAS_UNRESOLVED_VULNERABILITY_ALERTS); @@ -151,22 +169,4 @@ private Value hasUnresolvedVulnerabilityAlerts(GitHubProject project) { CloseableHttpClient httpClient() { return HttpClients.createDefault(); } - - /** - * Command-line interface for testing. - * - * @param args Command-line options. - * @throws Exception If something went wrong. - */ - public static void main(String... args) throws Exception { - String token = args[0]; - String url = args[1]; - GitHub github = new GitHubBuilder().withOAuthToken(token).build(); - GitHubDataFetcher fetcher = new GitHubDataFetcher(github, token); - VulnerabilityAlertsInfo provider = new VulnerabilityAlertsInfo(fetcher); - GitHubProject project = GitHubProject.parse(url); - ValueSet values = provider.fetchValuesFor(project); - System.out.println(values.of(ENABLED_VULNERABILITY_ALERTS_ON_GITHUB)); - System.out.println(values.of(HAS_UNRESOLVED_VULNERABILITY_ALERTS)); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/GitHubAdvisories.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/GitHubAdvisories.java index 349278c9b..5b6f31eee 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/GitHubAdvisories.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/GitHubAdvisories.java @@ -9,6 +9,7 @@ import java.io.IOException; import java.io.InputStream; import java.io.UnsupportedEncodingException; +import java.nio.charset.StandardCharsets; import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -61,6 +62,21 @@ public GitHubAdvisories(String gitHubToken) { this.gitHubToken = Objects.requireNonNull(gitHubToken, "The GitHub token cannot be null!"); } + /** + * This is for testing purpose only. + * + * @param args Command line arguments. + * @throws IOException if something goes wrong. + */ + public static void main(String... args) throws IOException { + String token = System.getenv("TOKEN"); + GitHubAdvisories gitHubAdvisories = new GitHubAdvisories(token); + List advisories = + gitHubAdvisories.advisoriesFor( + PackageManager.MAVEN, "com.fasterxml.jackson.core:jackson-databind"); + System.out.println("Total count :" + advisories.size()); + } + /** * Get the all the advisories for the given artifact and the package manager which are not present * in NVD database. This is done by checking if the advisory has a CVE associated to it. @@ -184,7 +200,8 @@ CloseableHttpClient httpClient() { */ private String load(String file) throws IOException { try (final InputStream is = getClass().getResourceAsStream(file)) { - return IOUtils.toString(is, "UTF-8").replaceAll("(\\r|\\n)", StringUtils.EMPTY); + return IOUtils.toString(is, StandardCharsets.UTF_8) + .replaceAll("(\\r|\\n)", StringUtils.EMPTY); } } @@ -232,19 +249,4 @@ private boolean hasCve(Advisory advisory) { } return false; } - - /** - * This is for testing purpose only. - * - * @param args Command line arguments. - * @throws IOException if something goes wrong. - */ - public static void main(String... args) throws IOException { - String token = System.getenv("TOKEN"); - GitHubAdvisories gitHubAdvisories = new GitHubAdvisories(token); - List advisories = - gitHubAdvisories.advisoriesFor( - PackageManager.MAVEN, "com.fasterxml.jackson.core:jackson-databind"); - System.out.println("Total count :" + advisories.size()); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Advisory.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Advisory.java index 740205fec..bb4f49fc8 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Advisory.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Advisory.java @@ -67,7 +67,8 @@ public class Advisory { @JsonProperty("withdrawnAt") private Object withdrawnAt; - @JsonIgnore private Map additionalProperties = new HashMap(); + @JsonIgnore + private final Map additionalProperties = new HashMap(); @JsonProperty("identifiers") public List getIdentifiers() { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/AdvisoryReference.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/AdvisoryReference.java index 77331752b..2133e1108 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/AdvisoryReference.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/AdvisoryReference.java @@ -16,7 +16,8 @@ public class AdvisoryReference { @JsonProperty("url") private String url; - @JsonIgnore private Map additionalProperties = new HashMap(); + @JsonIgnore + private final Map additionalProperties = new HashMap(); @JsonProperty("url") public String getUrl() { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Data.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Data.java index b96a62d44..83fd10ad3 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Data.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Data.java @@ -16,7 +16,8 @@ public class Data { @JsonProperty("securityVulnerabilities") private SecurityVulnerabilities securityVulnerabilities; - @JsonIgnore private Map additionalProperties = new HashMap(); + @JsonIgnore + private final Map additionalProperties = new HashMap(); @JsonProperty("securityVulnerabilities") public SecurityVulnerabilities getSecurityVulnerabilities() { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/GitHubAdvisoryEntry.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/GitHubAdvisoryEntry.java index 4ba615ff7..5daf8f43c 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/GitHubAdvisoryEntry.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/GitHubAdvisoryEntry.java @@ -16,7 +16,8 @@ public class GitHubAdvisoryEntry { @JsonProperty("data") private Data data; - @JsonIgnore private Map additionalProperties = new HashMap(); + @JsonIgnore + private final Map additionalProperties = new HashMap(); @JsonProperty("data") public Data getData() { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Identifier.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Identifier.java index 0c44e1d56..339949c14 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Identifier.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Identifier.java @@ -19,7 +19,8 @@ public class Identifier { @JsonProperty("type") private String type; - @JsonIgnore private Map additionalProperties = new HashMap(); + @JsonIgnore + private final Map additionalProperties = new HashMap(); @JsonProperty("value") public String getValue() { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Node.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Node.java index 6c924faad..8aa9fdc82 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Node.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Node.java @@ -38,7 +38,8 @@ public class Node { @JsonProperty("vulnerableVersionRange") private String vulnerableVersionRange; - @JsonIgnore private Map additionalProperties = new HashMap(); + @JsonIgnore + private final Map additionalProperties = new HashMap(); @JsonProperty("advisory") public Advisory getAdvisory() { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Package.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Package.java index 1aac6bf7d..869422069 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Package.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/Package.java @@ -19,7 +19,8 @@ public class Package { @JsonProperty("ecosystem") private String ecosystem; - @JsonIgnore private Map additionalProperties = new HashMap(); + @JsonIgnore + private final Map additionalProperties = new HashMap(); @JsonProperty("name") public String getName() { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/PageInfo.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/PageInfo.java index 709a227bc..691c84a3b 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/PageInfo.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/PageInfo.java @@ -19,7 +19,8 @@ public class PageInfo { @JsonProperty("hasNextPage") private Boolean hasNextPage; - @JsonIgnore private Map additionalProperties = new HashMap(); + @JsonIgnore + private final Map additionalProperties = new HashMap(); @JsonProperty("endCursor") public String getEndCursor() { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/SecurityAdvisories.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/SecurityAdvisories.java index 25e8740c5..52b6050e3 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/SecurityAdvisories.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/SecurityAdvisories.java @@ -23,7 +23,8 @@ public class SecurityAdvisories { @JsonProperty("nodes") private List nodes = null; - @JsonIgnore private Map additionalProperties = new HashMap(); + @JsonIgnore + private final Map additionalProperties = new HashMap(); @JsonProperty("pageInfo") public PageInfo getPageInfo() { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/SecurityVulnerabilities.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/SecurityVulnerabilities.java index c1552784f..748e23409 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/SecurityVulnerabilities.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/github/experimental/graphql/data/SecurityVulnerabilities.java @@ -20,7 +20,8 @@ public class SecurityVulnerabilities { @JsonProperty("nodes") private List nodes = null; - @JsonIgnore private Map additionalProperties = new HashMap(); + @JsonIgnore + private final Map additionalProperties = new HashMap(); @JsonProperty("pageInfo") public PageInfo getPageInfo() { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/interactive/AskAboutUnpatchedVulnerabilities.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/interactive/AskAboutUnpatchedVulnerabilities.java index 26721d326..0d3d8fd6a 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/interactive/AskAboutUnpatchedVulnerabilities.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/interactive/AskAboutUnpatchedVulnerabilities.java @@ -18,6 +18,20 @@ /** This data provider asks a user about unpatched vulnerabilities. */ public class AskAboutUnpatchedVulnerabilities extends AbstractInteractiveDataProvider { + /** + * Searches for {@link + * com.sap.oss.phosphor.fosstars.model.feature.oss.OssFeatures#VULNERABILITIES_IN_PROJECT} feature + * a set of values. + * + * @param values The set of value. + * @return An existing value for the feature, or an empty value otherwise. + */ + private static Value knownVulnerabilities(ValueSet values) { + return values + .of(VULNERABILITIES_IN_PROJECT) + .orElseGet(() -> VULNERABILITIES_IN_PROJECT.value(new Vulnerabilities())); + } + @Override protected AskAboutUnpatchedVulnerabilities ask(Subject subject, ValueSet values) { Vulnerabilities unpatchedVulnerabilities = new Vulnerabilities(); @@ -49,20 +63,6 @@ public boolean supports(Subject subject) { return true; } - /** - * Searches for {@link - * com.sap.oss.phosphor.fosstars.model.feature.oss.OssFeatures#VULNERABILITIES_IN_PROJECT} feature - * a set of values. - * - * @param values The set of value. - * @return An existing value for the feature, or an empty value otherwise. - */ - private static Value knownVulnerabilities(ValueSet values) { - return values - .of(VULNERABILITIES_IN_PROJECT) - .orElseGet(() -> VULNERABILITIES_IN_PROJECT.value(new Vulnerabilities())); - } - @Override public Set> supportedFeatures() { return Collections.singleton(VULNERABILITIES_IN_PROJECT); diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/interactive/AskOptions.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/interactive/AskOptions.java index 754fbac27..76065015f 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/interactive/AskOptions.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/interactive/AskOptions.java @@ -33,6 +33,17 @@ public AskOptions(Feature feature, String question, Class enumClass) { this.enumClass = requireNonNull(enumClass, "Oops! Options is null!"); } + /** + * Create a builder for configuring a data provider. + * + * @param feature A feature that the provider should support. + * @param A type of data that the feature holds. + * @return A builder. + */ + public static > Builder forFeature(Feature feature) { + return new Builder<>(feature); + } + @Override public Set> supportedFeatures() { return singleton(feature); @@ -51,17 +62,6 @@ protected AbstractInteractiveDataProvider ask(Subject subject, ValueSet values) return this; } - /** - * Create a builder for configuring a data provider. - * - * @param feature A feature that the provider should support. - * @param A type of data that the feature holds. - * @return A builder. - */ - public static > Builder forFeature(Feature feature) { - return new Builder<>(feature); - } - /** * A builder for configuring a data provider. * diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/json/BugBountyProgramStorage.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/json/BugBountyProgramStorage.java index 1c1c9a891..047adeb4f 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/json/BugBountyProgramStorage.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/json/BugBountyProgramStorage.java @@ -33,6 +33,16 @@ private BugBountyProgramStorage( this.bugBountyPrograms = bugBountyPrograms; } + /** + * Loads a {@link BugBountyProgramStorage}. + * + * @return The loaded storage. + * @throws IOException If something went wrong. + */ + public static BugBountyProgramStorage load() throws IOException { + return load(RESOURCE_PATH, BugBountyProgramStorage.class); + } + /** * Checks if a project has a bug bounty program. * @@ -58,14 +68,4 @@ public boolean existsFor(URL url) { return false; } - - /** - * Loads a {@link BugBountyProgramStorage}. - * - * @return The loaded storage. - * @throws IOException If something went wrong. - */ - public static BugBountyProgramStorage load() throws IOException { - return load(RESOURCE_PATH, BugBountyProgramStorage.class); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/json/CompanySupportStorage.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/json/CompanySupportStorage.java index 6e71aa11c..8f217368d 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/json/CompanySupportStorage.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/json/CompanySupportStorage.java @@ -29,6 +29,16 @@ public CompanySupportStorage(@JsonProperty("projects") Map> this.projects = projects; } + /** + * Loads info about company support from the default location. + * + * @return An instance of {@link CompanySupportStorage}. + * @throws IOException If something went wrong. + */ + public static CompanySupportStorage load() throws IOException { + return load(RESOURCE_PATH, CompanySupportStorage.class); + } + /** * Checks if a project is supported by at least one company. * @@ -75,14 +85,4 @@ public List companies(String url) { private Map> projects() { return Collections.unmodifiableMap(projects); } - - /** - * Loads info about company support from the default location. - * - * @return An instance of {@link CompanySupportStorage}. - * @throws IOException If something went wrong. - */ - public static CompanySupportStorage load() throws IOException { - return load(RESOURCE_PATH, CompanySupportStorage.class); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/json/SecurityTeamStorage.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/json/SecurityTeamStorage.java index c82e0a55c..622751c63 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/json/SecurityTeamStorage.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/json/SecurityTeamStorage.java @@ -29,6 +29,16 @@ public SecurityTeamStorage(@JsonProperty("securityTeams") Map secu this.securityTeams = securityTeams; } + /** + * Loads info about security teams from the default location. + * + * @return An instance of {@link SecurityTeamStorage}. + * @throws IOException If something went wrong. + */ + public static SecurityTeamStorage load() throws IOException { + return load(RESOURCE_PATH, SecurityTeamStorage.class); + } + /** * Checks if a project has a security team. * @@ -66,16 +76,6 @@ private Map securityTeams() { return Collections.unmodifiableMap(securityTeams); } - /** - * Loads info about security teams from the default location. - * - * @return An instance of {@link SecurityTeamStorage}. - * @throws IOException If something went wrong. - */ - public static SecurityTeamStorage load() throws IOException { - return load(RESOURCE_PATH, SecurityTeamStorage.class); - } - /** * This class contains info about a security team and open-source projects which the team covers. */ diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/data/json/UnpatchedVulnerabilitiesStorage.java b/src/main/java/com/sap/oss/phosphor/fosstars/data/json/UnpatchedVulnerabilitiesStorage.java index e2844099b..aa061fdf2 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/data/json/UnpatchedVulnerabilitiesStorage.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/data/json/UnpatchedVulnerabilitiesStorage.java @@ -47,6 +47,69 @@ public UnpatchedVulnerabilitiesStorage( this.projectVulnerabilities = projectVulnerabilities; } + /** + * Loads the default list of unpatched vulnerabilities. + * + * @return An instance of {@link UnpatchedVulnerabilitiesStorage}. + * @throws IOException If something went wrong. + */ + public static UnpatchedVulnerabilitiesStorage load() throws IOException { + return load(RESOURCE_PATH); + } + + /** + * Loads a list of unpatched vulnerabilities from a JSON file or resource. + * + * @param path A path to the file or resource. + * @return An instance of {@link UnpatchedVulnerabilitiesStorage}. + * @throws IOException If something went wrong. + */ + public static UnpatchedVulnerabilitiesStorage load(String path) throws IOException { + return load(path, UnpatchedVulnerabilitiesStorage.class); + } + + /** + * Check if an instance of {@link UnpatchedVulnerabilitiesStorage} is valid. + * + * @param storage The storage to be checked; + * @return The same storage if it's valid. + * @throws IllegalArgumentException If the storage is invalid. + */ + private static UnpatchedVulnerabilitiesStorage check(UnpatchedVulnerabilitiesStorage storage) { + for (Map.Entry entry : storage.projectVulnerabilities.entrySet()) { + for (Vulnerability vulnerability : entry.getValue().entries()) { + if (vulnerability.resolution() != Resolution.UNPATCHED) { + throw new IllegalArgumentException( + String.format( + "Hey! The list of unpatched vulnerabilities is supposed to contain " + + "only unpatched vulnerabilities (check out '%s')", + vulnerability.id())); + } + } + } + return storage; + } + + /** + * The main method is here for demo purposes. It can be also used to add unpatched vulnerabilities + * to the storage. + * + * @param args Command line arguments. + * @throws IOException If something went wrong. + */ + public static void main(String... args) throws IOException { + UnpatchedVulnerabilitiesStorage storage = UnpatchedVulnerabilitiesStorage.load(); + + storage.add( + "https://github.com/odata4j/odata4j", + newVulnerability("https://nvd.nist.gov/vuln/detail/CVE-2014-0171") + .set(new CVSS.V2(5.0, V2.UNKNOWN_IMPACT, V2.UNKNOWN_IMPACT, V2.UNKNOWN_IMPACT)) + .set(Resolution.UNPATCHED) + .make()); + + storage.store("src/main/resources/" + RESOURCE_PATH); + } + /* * This getter is here to make Jackson happy. */ @@ -108,27 +171,6 @@ public void add(URL url, Vulnerability vulnerability) { } } - /** - * Loads the default list of unpatched vulnerabilities. - * - * @return An instance of {@link UnpatchedVulnerabilitiesStorage}. - * @throws IOException If something went wrong. - */ - public static UnpatchedVulnerabilitiesStorage load() throws IOException { - return load(RESOURCE_PATH); - } - - /** - * Loads a list of unpatched vulnerabilities from a JSON file or resource. - * - * @param path A path to the file or resource. - * @return An instance of {@link UnpatchedVulnerabilitiesStorage}. - * @throws IOException If something went wrong. - */ - public static UnpatchedVulnerabilitiesStorage load(String path) throws IOException { - return load(path, UnpatchedVulnerabilitiesStorage.class); - } - /** * Stores the current list of unpatched vulnerabilities to a JSON file. * @@ -138,46 +180,4 @@ public static UnpatchedVulnerabilitiesStorage load(String path) throws IOExcepti public void store(String path) throws IOException { Files.write(Paths.get(path), Json.toBytes(this)); } - - /** - * Check if an instance of {@link UnpatchedVulnerabilitiesStorage} is valid. - * - * @param storage The storage to be checked; - * @return The same storage if it's valid. - * @throws IllegalArgumentException If the storage is invalid. - */ - private static UnpatchedVulnerabilitiesStorage check(UnpatchedVulnerabilitiesStorage storage) { - for (Map.Entry entry : storage.projectVulnerabilities.entrySet()) { - for (Vulnerability vulnerability : entry.getValue().entries()) { - if (vulnerability.resolution() != Resolution.UNPATCHED) { - throw new IllegalArgumentException( - String.format( - "Hey! The list of unpatched vulnerabilities is supposed to contain " - + "only unpatched vulnerabilities (check out '%s')", - vulnerability.id())); - } - } - } - return storage; - } - - /** - * The main method is here for demo purposes. It can be also used to add unpatched vulnerabilities - * to the storage. - * - * @param args Command line arguments. - * @throws IOException If something went wrong. - */ - public static void main(String... args) throws IOException { - UnpatchedVulnerabilitiesStorage storage = UnpatchedVulnerabilitiesStorage.load(); - - storage.add( - "https://github.com/odata4j/odata4j", - newVulnerability("https://nvd.nist.gov/vuln/detail/CVE-2014-0171") - .set(new CVSS.V2(5.0, V2.UNKNOWN_IMPACT, V2.UNKNOWN_IMPACT, V2.UNKNOWN_IMPACT)) - .set(Resolution.UNPATCHED) - .make()); - - storage.store("src/main/resources/" + RESOURCE_PATH); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/github/GitHubVisitor.java b/src/main/java/com/sap/oss/phosphor/fosstars/github/GitHubVisitor.java index b6adab8b0..07a6a427b 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/github/GitHubVisitor.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/github/GitHubVisitor.java @@ -10,14 +10,6 @@ /** A visitor for visiting elements in a {@link GitHubProject}. */ public interface GitHubVisitor { - /** Known locations of elements in a {@link GitHubProject}. */ - enum Location { - PRE_COMMIT_HOOK, - INI_CONFIG, - TYPE_PY, - GITHUB_ACTION - } - /** * Visit the pre-commit hook config file. * @@ -74,4 +66,12 @@ void visitGitHubAction( Map> configMatchers, Set locations) throws IOException; + + /** Known locations of elements in a {@link GitHubProject}. */ + enum Location { + PRE_COMMIT_HOOK, + INI_CONFIG, + TYPE_PY, + GITHUB_ACTION + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/maven/GAV.java b/src/main/java/com/sap/oss/phosphor/fosstars/maven/GAV.java index c21d2eb6d..c32d3f31a 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/maven/GAV.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/maven/GAV.java @@ -37,6 +37,26 @@ public GAV(String group, String artifact, @Nullable String version) { this.version = version; } + /** + * Parse a string with GAV coordinates. The coordinates have to have group and artifact IDs, but + * version is optional. + * + * @param gav The string with GAV coordinates. + * @return An instance of {@link GAV}. + * @throws IllegalArgumentException If the string doesn't have valid GAV coordinates. + */ + public static GAV parse(String gav) { + Objects.requireNonNull(gav, "Oh no! GAV is null"); + + String[] parts = gav.trim().split(":"); + + if (parts.length < 2 || parts.length > 3) { + throw new IllegalArgumentException("Oh no! The string doesn't look like GAV!"); + } + + return new GAV(parts[0], parts[1], parts.length > 2 ? parts[2] : null); + } + /** * Return the group ID. * @@ -91,24 +111,4 @@ public String toString() { return format("%s:%s:%s", group, artifact, version); } - - /** - * Parse a string with GAV coordinates. The coordinates have to have group and artifact IDs, but - * version is optional. - * - * @param gav The string with GAV coordinates. - * @return An instance of {@link GAV}. - * @throws IllegalArgumentException If the string doesn't have valid GAV coordinates. - */ - public static GAV parse(String gav) { - Objects.requireNonNull(gav, "Oh no! GAV is null"); - - String[] parts = gav.trim().split(":"); - - if (parts.length < 2 || parts.length > 3) { - throw new IllegalArgumentException("Oh no! The string doesn't look like GAV!"); - } - - return new GAV(parts[0], parts[1], parts.length > 2 ? parts[2] : null); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/maven/ModelVisitor.java b/src/main/java/com/sap/oss/phosphor/fosstars/maven/ModelVisitor.java index a271020b1..f0da17ea6 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/maven/ModelVisitor.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/maven/ModelVisitor.java @@ -8,15 +8,6 @@ /** A visitor for visiting elements in a POM file. */ public interface ModelVisitor { - /** Known locations of elements in a POM file. */ - enum Location { - BUILD, - REPORTING, - PROFILE, - MANAGEMENT, - DEPENDENCIES - } - /** * Visit a plugin. * @@ -40,4 +31,13 @@ enum Location { * @param locations A set of locations that tells where the dependency is located. */ void accept(Dependency dependency, Set locations); + + /** Known locations of elements in a POM file. */ + enum Location { + BUILD, + REPORTING, + PROFILE, + MANAGEMENT, + DEPENDENCIES + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/Confidence.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/Confidence.java index 3ecdd6c31..387f461cf 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/Confidence.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/Confidence.java @@ -21,13 +21,6 @@ public interface Confidence { /** A valid interval for a score value. */ Interval INTERVAL = DoubleInterval.init().from(MIN).to(MAX).closed().make(); - /** - * Get a level of confidence. - * - * @return A level of confidence. - */ - double confidence(); - /** * Checks if a specified confidence level is correct. * @@ -89,8 +82,7 @@ static double make(List> values) { if (value.isUnknown()) { // if value is unknown, then confidence is min and weight is 1.0 weightSum += 1.0; - } else if (value instanceof ScoreValue) { - ScoreValue scoreValue = (ScoreValue) value; + } else if (value instanceof ScoreValue scoreValue) { weightSum += scoreValue.weight(); weightedConfidenceSum += scoreValue.weight() * scoreValue.confidence(); } else if (value instanceof Confidence) { @@ -117,4 +109,11 @@ static double make(Value... values) { Objects.requireNonNull(values, "Hey! Values can't be null!"); return make(Arrays.asList(values)); } + + /** + * Get a level of confidence. + * + * @return A level of confidence. + */ + double confidence(); } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/Label.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/Label.java index b112bfc38..7b1569606 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/Label.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/Label.java @@ -7,6 +7,9 @@ @JsonTypeInfo(use = JsonTypeInfo.Id.NAME, property = "type") public interface Label { + /** This is a label for a score value that is marked as not-applicable. */ + Label NOT_APPLICABLE = new NotApplicableLabel(); + /** * Get the label's name. * @@ -22,7 +25,4 @@ public interface Label { default boolean isNotApplicable() { return false; } - - /** This is a label for a score value that is marked as not-applicable. */ - Label NOT_APPLICABLE = new NotApplicableLabel(); } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/RatingRepository.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/RatingRepository.java index ed8724827..c0eff2ded 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/RatingRepository.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/RatingRepository.java @@ -36,24 +36,12 @@ /** This is a repository for all available ratings. */ public class RatingRepository { - /** An interface of a factory that can create a rating. */ - private interface RatingFactory { - - /** - * Create a new rating. - * - * @return A new rating. - * @throws IOException If something went wrong. - */ - Rating create() throws IOException; - } + /** Singleton. */ + public static final RatingRepository INSTANCE = new RatingRepository(); /** A logger. */ private static final Logger LOGGER = LogManager.getLogger(RatingRepository.class); - /** Singleton. */ - public static final RatingRepository INSTANCE = new RatingRepository(); - /** A mapping from a version to a rating. */ private final Map, Rating> ratings = new HashMap<>(); @@ -66,6 +54,50 @@ private RatingRepository() { register(this::securityRiskIntroducedByOssRating); } + /** + * Loads a serialized object from a resource specified by a path. First, the method checks if the + * path points to an existing file, and if so, the method tries to load the object from the file. + * If the path doesn't point to an existing file, then the method tries to load the object from a + * resource. + * + * @param path The path to a stored rating. + * @param clazz The class of the object to be loaded. + * @param The type of the object. + * @return The loaded object. + * @throws IOException If the object can't be loaded + * @throws NullPointerException If the specified path is null + */ + private static T load(String path, Class clazz) throws IOException { + Objects.requireNonNull(path, "Hey! Path can't be null!"); + + File file = Paths.get(path.replace('/', File.separatorChar)).toFile(); + if (file.exists()) { + return Yaml.mapper().readValue(file, clazz); + } + + InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(path); + if (is != null) { + try { + return Yaml.mapper().readValue(is, clazz); + } finally { + is.close(); + } + } + + throw new IOException(String.format("Could not load %s from %s", clazz.getSimpleName(), file)); + } + + /** + * Load score weights from a file. + * + * @param path A path to the file. + * @return The loaded weights. + * @throws IOException If something went wrong. + */ + private static ScoreWeights loadScoreWeights(String path) throws IOException { + return load(path, ScoreWeights.class); + } + /** * Loads a {@link SecurityRatingExample}. * @@ -255,47 +287,15 @@ private void store(Score score, Path path) throws IOException { Files.write(path, Json.toBytes(score)); } - /** - * Loads a serialized object from a resource specified by a path. First, the method checks if the - * path points to an existing file, and if so, the method tries to load the object from the file. - * If the path doesn't point to an existing file, then the method tries to load the object from a - * resource. - * - * @param path The path to a stored rating. - * @param clazz The class of the object to be loaded. - * @param The type of the object. - * @return The loaded object. - * @throws IOException If the object can't be loaded - * @throws NullPointerException If the specified path is null - */ - private static T load(String path, Class clazz) throws IOException { - Objects.requireNonNull(path, "Hey! Path can't be null!"); - - File file = Paths.get(path.replace('/', File.separatorChar)).toFile(); - if (file.exists()) { - return Yaml.mapper().readValue(file, clazz); - } - - InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(path); - if (is != null) { - try { - return Yaml.mapper().readValue(is, clazz); - } finally { - is.close(); - } - } - - throw new IOException(String.format("Could not load %s from %s", clazz.getSimpleName(), file)); - } + /** An interface of a factory that can create a rating. */ + private interface RatingFactory { - /** - * Load score weights from a file. - * - * @param path A path to the file. - * @return The loaded weights. - * @throws IOException If something went wrong. - */ - private static ScoreWeights loadScoreWeights(String path) throws IOException { - return load(path, ScoreWeights.class); + /** + * Create a new rating. + * + * @return A new rating. + * @throws IOException If something went wrong. + */ + Rating create() throws IOException; } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/Score.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/Score.java index f9adb4f80..b67962f30 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/Score.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/Score.java @@ -25,6 +25,49 @@ public interface Score extends Feature { /** A valid interval for a score value. */ Interval INTERVAL = DoubleInterval.init().from(0).to(10).closed().make(); + /** + * Checks if a score is correct. + * + * @param score The score to be checked. + * @return The same score if it's correct. + * @throws IllegalArgumentException If the score is not correct. + */ + static double check(double score) { + if (score < MIN || score > MAX) { + throw new IllegalArgumentException( + String.format("Score is not in the range [0, 1]: %f", score)); + } + return score; + } + + /** + * Checks if a score is in the valid range, and returns an adjusted value if necessary. + * + * @param value A score to be checked. + * @return {@link #MIN} if the score is less than {@link Score#MIN}, {@link #MAX} if the score is + * greater than {@link Score#MAX}, or the original score otherwise. + */ + static double adjust(double value) { + if (value < Score.MIN) { + return Score.MIN; + } + if (value > Score.MAX) { + return Score.MAX; + } + return value; + } + + /** + * Get an Interval with the provided range. + * + * @param min An interval start value. + * @param max An interval end value. + * @return Interval with the range provided from min and max param values. + */ + static Interval makeInterval(double min, double max) { + return DoubleInterval.init().from(min).to(max).closed().make(); + } + /** * Get a name of the score. * @@ -96,47 +139,4 @@ public interface Score extends Feature { * @param visitor The visitor. */ void accept(Visitor visitor); - - /** - * Checks if a score is correct. - * - * @param score The score to be checked. - * @return The same score if it's correct. - * @throws IllegalArgumentException If the score is not correct. - */ - static double check(double score) { - if (score < MIN || score > MAX) { - throw new IllegalArgumentException( - String.format("Score is not in the range [0, 1]: %f", score)); - } - return score; - } - - /** - * Checks if a score is in the valid range, and returns an adjusted value if necessary. - * - * @param value A score to be checked. - * @return {@link #MIN} if the score is less than {@link Score#MIN}, {@link #MAX} if the score is - * greater than {@link Score#MAX}, or the original score otherwise. - */ - static double adjust(double value) { - if (value < Score.MIN) { - return Score.MIN; - } - if (value > Score.MAX) { - return Score.MAX; - } - return value; - } - - /** - * Get an Interval with the provided range. - * - * @param min An interval start value. - * @param max An interval end value. - * @return Interval with the range provided from min and max param values. - */ - static Interval makeInterval(double min, double max) { - return DoubleInterval.init().from(min).to(max).closed().make(); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/Subject.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/Subject.java index 87c2fe77c..a13aebcda 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/Subject.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/Subject.java @@ -18,6 +18,26 @@ public interface Subject { /** Shows that the date when a rating value was assigned is unknown. */ Date NO_RATING_DATE = null; + /** + * Casts a subject to a specified type that implements {@link Subject}. + * + * @param subject The subject. + * @param clazz The class. + * @param The type. + * @return The subject. + * @throws IllegalArgumentException If the subject can't be casted to the specified type. + */ + static T cast(Subject subject, Class clazz) { + Objects.requireNonNull(subject, "Oh no! Subject is null!"); + Objects.requireNonNull(clazz, "Oh no! Class is null!"); + + if (!clazz.isAssignableFrom(subject.getClass())) { + throw new IllegalArgumentException(format("Oh no! Expected %s", clazz.getName())); + } + + return clazz.cast(subject); + } + /** * Returns a date when the rating value was calculated if it's set. * @@ -45,24 +65,4 @@ public interface Subject { * @return A PURL. */ String purl(); - - /** - * Casts a subject to a specified type that implements {@link Subject}. - * - * @param subject The subject. - * @param clazz The class. - * @param The type. - * @return The subject. - * @throws IllegalArgumentException If the subject can't be casted to the specified type. - */ - static T cast(Subject subject, Class clazz) { - Objects.requireNonNull(subject, "Oh no! Subject is null!"); - Objects.requireNonNull(clazz, "Oh no! Class is null!"); - - if (!clazz.isAssignableFrom(subject.getClass())) { - throw new IllegalArgumentException(format("Oh no! Expected %s", clazz.getName())); - } - - return clazz.cast(subject); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/Weight.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/Weight.java index 727f52ec1..a23d6ae2d 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/Weight.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/Weight.java @@ -19,20 +19,6 @@ public interface Weight extends Parameter { /** An valid interval for a weight. */ Interval INTERVAL = DoubleInterval.init().from(MIN).to(MAX).openLeft().closedRight().make(); - /** - * Get the weight's value. - * - * @return The weight's value. - */ - Double value(); - - /** - * Accept a visitor. - * - * @param visitor The visitor. - */ - void accept(Visitor visitor); - /** * Checks if a weight belongs to the correct interval. * @@ -47,4 +33,18 @@ static double check(double value) { } return value; } + + /** + * Get the weight's value. + * + * @return The weight's value. + */ + Double value(); + + /** + * Accept a visitor. + * + * @param visitor The visitor. + */ + void accept(Visitor visitor); } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/AbstractFeature.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/AbstractFeature.java index 41d306818..88e920f40 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/AbstractFeature.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/AbstractFeature.java @@ -38,7 +38,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof AbstractFeature == false) { + if (!(o instanceof AbstractFeature)) { return false; } AbstractFeature that = (AbstractFeature) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/BoundedDoubleFeature.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/BoundedDoubleFeature.java index bf1564bbd..bc4df5c1c 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/BoundedDoubleFeature.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/BoundedDoubleFeature.java @@ -55,7 +55,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof BoundedDoubleFeature == false) { + if (!(o instanceof BoundedDoubleFeature)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/BoundedIntegerFeature.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/BoundedIntegerFeature.java index a0d804c48..2fb2c5f6c 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/BoundedIntegerFeature.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/BoundedIntegerFeature.java @@ -54,7 +54,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof BoundedIntegerFeature == false) { + if (!(o instanceof BoundedIntegerFeature)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/EnumFeature.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/EnumFeature.java index 51ab83236..100599024 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/EnumFeature.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/EnumFeature.java @@ -46,7 +46,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof EnumFeature == false) { + if (!(o instanceof EnumFeature)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/PositiveIntegerFeature.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/PositiveIntegerFeature.java index 8a0dfb0ec..f109635bb 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/PositiveIntegerFeature.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/PositiveIntegerFeature.java @@ -18,16 +18,6 @@ public PositiveIntegerFeature(@JsonProperty("name") String name) { super(name); } - @Override - public IntegerValue value(Integer object) { - return new IntegerValue(this, check(object)); - } - - @Override - public Value parse(String string) { - return value(Integer.valueOf(string)); - } - /** * Checks if an integer is more or equal to 0. * @@ -40,4 +30,14 @@ private static Integer check(Integer n) { return n; } + + @Override + public IntegerValue value(Integer object) { + return new IntegerValue(this, check(object)); + } + + @Override + public Value parse(String string) { + return value(Integer.valueOf(string)); + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/example/ExampleFeatures.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/example/ExampleFeatures.java index b61615abb..49398827f 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/example/ExampleFeatures.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/example/ExampleFeatures.java @@ -3,18 +3,15 @@ /** A collection of sample features. */ public class ExampleFeatures { - /** Private constructor, We don't need to create an instance of this class. */ - private ExampleFeatures() {} - public static final NumberOfCommitsLastMonthExample NUMBER_OF_COMMITS_LAST_MONTH_EXAMPLE = new NumberOfCommitsLastMonthExample(); - public static final NumberOfContributorsLastMonthExample NUMBER_OF_CONTRIBUTORS_LAST_MONTH_EXAMPLE = new NumberOfContributorsLastMonthExample(); - public static final SecurityReviewDoneExample SECURITY_REVIEW_DONE_EXAMPLE = new SecurityReviewDoneExample(); - public static final StaticCodeAnalysisDoneExample STATIC_CODE_ANALYSIS_DONE_EXAMPLE = new StaticCodeAnalysisDoneExample(); + + /** Private constructor, We don't need to create an instance of this class. */ + private ExampleFeatures() {} } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/example/NumberOfCommitsLastMonthExample.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/example/NumberOfCommitsLastMonthExample.java index 44bee6241..f941dad1e 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/example/NumberOfCommitsLastMonthExample.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/example/NumberOfCommitsLastMonthExample.java @@ -17,6 +17,15 @@ public class NumberOfCommitsLastMonthExample extends AbstractFeature { super("Number of commits last month (example)"); } + private static Integer check(Integer n) { + if (n < 0) { + throw new IllegalArgumentException( + String.format("Number of commits (%d) can't be negative!", n)); + } + + return n; + } + @Override public IntegerValue value(Integer object) { return new IntegerValue(this, check(object)); @@ -26,13 +35,4 @@ public IntegerValue value(Integer object) { public Value parse(String string) { return value(Integer.valueOf(string)); } - - private static Integer check(Integer n) { - if (n < 0) { - throw new IllegalArgumentException( - String.format("Number of commits (%d) can't be negative!", n)); - } - - return n; - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/example/NumberOfContributorsLastMonthExample.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/example/NumberOfContributorsLastMonthExample.java index 187f9ad79..b554e0ede 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/example/NumberOfContributorsLastMonthExample.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/example/NumberOfContributorsLastMonthExample.java @@ -17,6 +17,15 @@ public class NumberOfContributorsLastMonthExample extends AbstractFeature parse(String string) { return value(Integer.valueOf(string)); } - - private static Integer check(Integer n) { - if (n < 0) { - throw new IllegalArgumentException( - String.format("Number of contributors (%d) can't be negative!", n)); - } - - return n; - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/oss/OssFeatures.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/oss/OssFeatures.java index 85611f055..26453775c 100755 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/oss/OssFeatures.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/feature/oss/OssFeatures.java @@ -18,9 +18,6 @@ /** This class holds a list of features for open-source projects. */ public class OssFeatures { - /** Don't allow creating instances of this class. */ - private OssFeatures() {} - /** Holds a list of artifact versions released by an open source project. */ public static final Feature RELEASED_ARTIFACT_VERSIONS = new ArtifactVersionsFeature("Released artifact versions"); @@ -485,4 +482,7 @@ private OssFeatures() {} /** Shows how many projects use a project on GitHub. */ public static final PositiveIntegerFeature NUMBER_OF_DEPENDENT_PROJECTS_ON_GITHUB = new PositiveIntegerFeature("Number of projects on GitHub that use an open source project"); + + /** Don't allow creating instances of this class. */ + private OssFeatures() {} } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/math/DoubleInterval.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/math/DoubleInterval.java index d4680f77f..35bedcc0e 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/math/DoubleInterval.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/math/DoubleInterval.java @@ -44,6 +44,37 @@ private DoubleInterval( this.positiveInfinity = positiveInfinity; } + /** + * Check if two double numbers are equal. + * + * @param a The first number. + * @param b The seconds number. + * @return True if the numbers are equal, false otherwise. + */ + private static boolean equals(double a, double b) { + return Math.abs(a - b) < PRECISION; + } + + /** + * Initializes a builder to build an interval. + * + * @return A new builder. + */ + public static DoubleIntervalBuilder init() { + return new DoubleIntervalBuilder(); + } + + /** + * Creates a closed interval. + * + * @param from A left boundary. + * @param to A right boundary. + * @return A new interval. + */ + public static DoubleInterval closed(double from, double to) { + return new DoubleInterval(from, false, false, to, false, false); + } + /** * Get a left boundary of the interval. * @@ -118,11 +149,9 @@ public boolean contains(double x) { if (!positiveInfinity) { if (equals(x, to)) { - if (openRight) { - return false; - } - } else if (Double.compare(x, to) > 0) { - return false; + return !openRight; + } else { + return Double.compare(x, to) <= 0; } } @@ -175,7 +204,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof DoubleInterval == false) { + if (!(o instanceof DoubleInterval)) { return false; } DoubleInterval that = (DoubleInterval) o; @@ -187,42 +216,11 @@ public boolean equals(Object o) { && positiveInfinity == that.positiveInfinity; } - /** - * Check if two double numbers are equal. - * - * @param a The first number. - * @param b The seconds number. - * @return True if the numbers are equal, false otherwise. - */ - private static boolean equals(double a, double b) { - return Math.abs(a - b) < PRECISION; - } - @Override public int hashCode() { return Objects.hash(from, openLeft, negativeInfinity, to, openRight, positiveInfinity); } - /** - * Initializes a builder to build an interval. - * - * @return A new builder. - */ - public static DoubleIntervalBuilder init() { - return new DoubleIntervalBuilder(); - } - - /** - * Creates a closed interval. - * - * @param from A left boundary. - * @param to A right boundary. - * @return A new interval. - */ - public static DoubleInterval closed(double from, double to) { - return new DoubleInterval(from, false, false, to, false, false); - } - /** A builder for an interval. */ public static class DoubleIntervalBuilder { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/other/ImmutabilityChecker.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/other/ImmutabilityChecker.java index 430ad2146..52bd08de2 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/other/ImmutabilityChecker.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/other/ImmutabilityChecker.java @@ -47,8 +47,7 @@ public void visit(Parameter parameter) { * @param object The object to be checked. */ private void checkImmutability(Object object) { - if (object instanceof Tunable) { - Tunable tunable = (Tunable) object; + if (object instanceof Tunable tunable) { if (!tunable.isImmutable()) { isImmutable = false; } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/other/MakeImmutable.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/other/MakeImmutable.java index 2e069f40a..b6dd06fe6 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/other/MakeImmutable.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/other/MakeImmutable.java @@ -10,6 +10,18 @@ /** The visitor tries to make objects immutable if they implement the {@link Tunable} interface. */ public class MakeImmutable implements Visitor { + /** + * Checks if an object implements the {@link Tunable} interface, and if so, try to make it + * immutable. + * + * @param object The object to be examined. + */ + private static void tryToMakeImmutable(Object object) { + if (object instanceof Tunable tunable) { + tunable.makeImmutable(); + } + } + @Override public void visit(Rating rating) { tryToMakeImmutable(rating); @@ -29,17 +41,4 @@ public void visit(Feature feature) { public void visit(Parameter parameter) { tryToMakeImmutable(parameter); } - - /** - * Checks if an object implements the {@link Tunable} interface, and if so, try to make it - * immutable. - * - * @param object The object to be examined. - */ - private static void tryToMakeImmutable(Object object) { - if (object instanceof Tunable) { - Tunable tunable = (Tunable) object; - tunable.makeImmutable(); - } - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/AbstractTestVector.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/AbstractTestVector.java index c7d63f259..d05b2f280 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/AbstractTestVector.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/AbstractTestVector.java @@ -57,6 +57,33 @@ public abstract class AbstractTestVector implements TestVector { this.expectedNotApplicableScore = expectedNotApplicableScore; } + /** + * Looks for a sub-score in a score. + * + * @param score The score. + * @param scoreClassName A class name of the sub-score. + * @return The sub-score if it's found. + * @throws IllegalArgumentException If no sub-score found. + */ + static Optional subScoreIn(Score score, String scoreClassName) { + Class scoreClass = score.getClass(); + if (scoreClassName.equals(scoreClass.getName()) + || scoreClassName.equals(scoreClass.getSimpleName()) + || scoreClassName.equals(scoreClass.getCanonicalName())) { + + return Optional.of(score); + } + + for (Score subScore : score.subScores()) { + Optional result = subScoreIn(subScore, scoreClassName); + if (result.isPresent()) { + return result; + } + } + + return Optional.empty(); + } + @Override @JsonGetter("expectedScore") public final Interval expectedScore() { @@ -97,7 +124,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof AbstractTestVector == false) { + if (!(o instanceof AbstractTestVector)) { return false; } AbstractTestVector that = (AbstractTestVector) o; @@ -113,31 +140,4 @@ public int hashCode() { return Objects.hash( expectedScore, expectedUnknownScore, expectedNotApplicableScore, expectedLabel, alias); } - - /** - * Looks for a sub-score in a score. - * - * @param score The score. - * @param scoreClassName A class name of the sub-score. - * @return The sub-score if it's found. - * @throws IllegalArgumentException If no sub-score found. - */ - static Optional subScoreIn(Score score, String scoreClassName) { - Class scoreClass = score.getClass(); - if (scoreClassName.equals(scoreClass.getName()) - || scoreClassName.equals(scoreClass.getSimpleName()) - || scoreClassName.equals(scoreClass.getCanonicalName())) { - - return Optional.of(score); - } - - for (Score subScore : score.subScores()) { - Optional result = subScoreIn(subScore, scoreClassName); - if (result.isPresent()) { - return result; - } - } - - return Optional.empty(); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/AbstractVerification.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/AbstractVerification.java index 204d24d1d..c3d91cac0 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/AbstractVerification.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/AbstractVerification.java @@ -17,15 +17,6 @@ public abstract class AbstractVerification { this.vectors = check(vectors); } - /** - * Get the test vectors. - * - * @return The test vectors. - */ - public TestVectors vectors() { - return vectors; - } - /** * Checks if a list of test vectors is not empty and doesn't contain duplicate entries. * @@ -42,4 +33,13 @@ private static TestVectors check(TestVectors vectors) { return vectors; } + + /** + * Get the test vectors. + * + * @return The test vectors. + */ + public TestVectors vectors() { + return vectors; + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/AbstractVerifier.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/AbstractVerifier.java index 6c290583d..5623097eb 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/AbstractVerifier.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/AbstractVerifier.java @@ -9,12 +9,12 @@ public abstract class AbstractVerifier implements Verifier { - /** A logger. */ - private final Logger logger = LogManager.getLogger(getClass()); - /** A list of test vectors. */ final TestVectors vectors; + /** A logger. */ + private final Logger logger = LogManager.getLogger(getClass()); + /** * Initialize a verifier. * @@ -30,36 +30,6 @@ public abstract class AbstractVerifier implements Verifier { this.vectors = vectors; } - /** - * Check the rating against the test vectors and returns a list of failed test vectors. - * - * @return A list of failed test vectors. - */ - abstract List runImpl(); - - @Override - public final List run() { - List results = runImpl(); - for (TestVectorResult vector : results) { - if (vector.failed()) { - logger.info("Test vector #{} failed", vector.index); - logger.info(" reason: {}", vector.message); - logger.info(" alias: {}", vector.vector.alias()); - } - } - return results; - } - - @Override - public void verify() throws VerificationFailedException { - List results = run(); - for (TestVectorResult result : results) { - if (result.failed()) { - throw new VerificationFailedException(); - } - } - } - /** * Verify a score value against a test vector. * @@ -127,4 +97,34 @@ static TestVectorResult testResultFor(TestVector vector, ScoreValue scoreValue, return new TestVectorResult( vector, index, scoreValue, Status.PASSED, "Ok, got an expected score value"); } + + /** + * Check the rating against the test vectors and returns a list of failed test vectors. + * + * @return A list of failed test vectors. + */ + abstract List runImpl(); + + @Override + public final List run() { + List results = runImpl(); + for (TestVectorResult vector : results) { + if (vector.failed()) { + logger.info("Test vector #{} failed", vector.index); + logger.info(" reason: {}", vector.message); + logger.info(" alias: {}", vector.vector.alias()); + } + } + return results; + } + + @Override + public void verify() throws VerificationFailedException { + List results = run(); + for (TestVectorResult result : results) { + if (result.failed()) { + throw new VerificationFailedException(); + } + } + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/RatingVerifier.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/RatingVerifier.java index 334909e0e..ac554af97 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/RatingVerifier.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/RatingVerifier.java @@ -26,23 +26,6 @@ public RatingVerifier(Rating rating, TestVectors vectors) { this.rating = rating; } - /** - * Check if the rating produces expected scores and labels defined by the test vectors. - * - * @return A list of failed test vectors. - */ - List runImpl() { - List results = new ArrayList<>(); - - int index = 0; - for (TestVector vector : vectors) { - RatingValue ratingValue = rating.calculate(vector.valuesFor(rating)); - results.add(testResultFor(vector, ratingValue, index++)); - } - - return results; - } - /** * Verifies a rating value against a test vector. * @@ -87,4 +70,21 @@ private static boolean unexpectedLabel(TestVector vector, RatingValue ratingValu return !vector.expectedLabel().equals(ratingValue.label()); } + + /** + * Check if the rating produces expected scores and labels defined by the test vectors. + * + * @return A list of failed test vectors. + */ + List runImpl() { + List results = new ArrayList<>(); + + int index = 0; + for (TestVector vector : vectors) { + RatingValue ratingValue = rating.calculate(vector.valuesFor(rating)); + results.add(testResultFor(vector, ratingValue, index++)); + } + + return results; + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/StandardTestVector.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/StandardTestVector.java index 8220ada3d..2c295518c 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/StandardTestVector.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/StandardTestVector.java @@ -95,8 +95,7 @@ public Set> valuesFor(Score score) { * @return A prepared or the same value. */ private Value prepare(Value value, Score score) { - if (value instanceof TestScoreValue) { - TestScoreValue testScoreValue = (TestScoreValue) value; + if (value instanceof TestScoreValue testScoreValue) { Score targetScore = subScoreIn(score, testScoreValue.scoreClassName()) .orElseThrow( diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestScoreValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestScoreValue.java index 92c9f25a8..7e02adbac 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestScoreValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestScoreValue.java @@ -44,6 +44,18 @@ public TestScoreValue( this.isNotApplicable = isNotApplicable; } + /** + * Create a new test score value. + * + * @param scoreClass A score class. + * @param value A score value. + * @return A test score value. + */ + public static TestScoreValue testScoreValue(Class scoreClass, double value) { + requireNonNull(scoreClass, "Oops! Score is null!"); + return new TestScoreValue(scoreClass.getCanonicalName(), value, false, false); + } + /** * Return a class name of a score which the value is for. * @@ -107,16 +119,4 @@ public Value processIfKnown(Processor processor) { public Value processIfUnknown(Runnable processor) { throw new UnsupportedOperationException("Oops! I can't do that!"); } - - /** - * Create a new test score value. - * - * @param scoreClass A score class. - * @param value A score value. - * @return A test score value. - */ - public static TestScoreValue testScoreValue(Class scoreClass, double value) { - requireNonNull(scoreClass, "Oops! Score is null!"); - return new TestScoreValue(scoreClass.getCanonicalName(), value, false, false); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorBuilder.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorBuilder.java index ccd2cbe00..04e0e2934 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorBuilder.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorBuilder.java @@ -34,6 +34,9 @@ public class TestVectorBuilder { /** An alias. */ private String alias; + /** Private constructor. Please use the {@link #newTestVector()} method to create an instance. */ + private TestVectorBuilder() {} + /** * Creates a new test vector builder. * @@ -53,9 +56,6 @@ public static TestVectorBuilder newTestVector(String alias) { return newTestVector().alias(alias); } - /** Private constructor. Please use the {@link #newTestVector()} method to create an instance. */ - private TestVectorBuilder() {} - /** * Set an expected interval for a score. * diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorResult.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorResult.java index 8fe505fb1..22de1f8a4 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorResult.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorResult.java @@ -6,11 +6,6 @@ /** A holder for a result of executing a test vector. */ public class TestVectorResult { - public enum Status { - PASSED, - FAILED - } - /** A test vector. */ public final TestVector vector; @@ -65,7 +60,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof TestVectorResult == false) { + if (!(o instanceof TestVectorResult)) { return false; } TestVectorResult result = (TestVectorResult) o; @@ -80,4 +75,9 @@ public boolean equals(Object o) { public int hashCode() { return Objects.hash(vector, index, scoreValue, status, message); } + + public enum Status { + PASSED, + FAILED + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorWithDefaults.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorWithDefaults.java index 05d155a63..9136ce08d 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorWithDefaults.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorWithDefaults.java @@ -104,7 +104,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof TestVectorWithDefaults == false) { + if (!(o instanceof TestVectorWithDefaults)) { return false; } TestVectorWithDefaults that = (TestVectorWithDefaults) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectors.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectors.java index 42a28a531..3b8e0e707 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectors.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectors.java @@ -55,6 +55,32 @@ public TestVectors( this.defaults = new HashSet<>(defaults); } + /** + * Loads a list of test vectors from a YAML file. + * + * @param filename The filename. + * @return A list of loaded test vectors. + * @throws IOException If something went wrong (file doesn't exist, the content is wrong, etc). + */ + public static TestVectors loadFromYaml(Path filename) throws IOException { + Objects.requireNonNull(filename, "Filename can't be null!"); + try (InputStream is = Files.newInputStream(filename)) { + return loadFromYaml(is); + } + } + + /** + * Loads a list of test vectors from YAML. + * + * @param is An input stream with YAML. + * @return A list of test vectors. + * @throws IOException If something went wrong. + */ + public static TestVectors loadFromYaml(InputStream is) throws IOException { + Objects.requireNonNull(is, "Input stream can't be null!"); + return Yaml.read(is, TestVectors.class); + } + /** * Adds a test vector to the collection. * @@ -122,7 +148,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof TestVectors == false) { + if (!(o instanceof TestVectors)) { return false; } TestVectors that = (TestVectors) o; @@ -149,32 +175,6 @@ private List vectorsWithDefaults() { return list; } - /** - * Loads a list of test vectors from a YAML file. - * - * @param filename The filename. - * @return A list of loaded test vectors. - * @throws IOException If something went wrong (file doesn't exist, the content is wrong, etc). - */ - public static TestVectors loadFromYaml(Path filename) throws IOException { - Objects.requireNonNull(filename, "Filename can't be null!"); - try (InputStream is = Files.newInputStream(filename)) { - return loadFromYaml(is); - } - } - - /** - * Loads a list of test vectors from YAML. - * - * @param is An input stream with YAML. - * @return A list of test vectors. - * @throws IOException If something went wrong. - */ - public static TestVectors loadFromYaml(InputStream is) throws IOException { - Objects.requireNonNull(is, "Input stream can't be null!"); - return Yaml.read(is, TestVectors.class); - } - /** * Stores a list of test vectors to a YAML file. * diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/AbstractRating.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/AbstractRating.java index af8d0fd52..a7d3394e0 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/AbstractRating.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/AbstractRating.java @@ -93,7 +93,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof AbstractRating == false) { + if (!(o instanceof AbstractRating)) { return false; } AbstractRating that = (AbstractRating) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/example/SecurityRatingExample.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/example/SecurityRatingExample.java index c6a770a2f..252802ed8 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/example/SecurityRatingExample.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/example/SecurityRatingExample.java @@ -18,6 +18,11 @@ */ public class SecurityRatingExample extends AbstractRating implements Tunable { + /** Initializes a security rating with SecurityScoreExample. */ + SecurityRatingExample() { + super("Security rating (example)", SECURITY_SCORE_EXAMPLE); + } + @Override public List parameters() { return score().parameters(); @@ -34,17 +39,6 @@ public void makeImmutable() { score().makeImmutable(); } - public enum SecurityLabelExample implements Label { - AWFUL, - OKAY, - AWESOME - } - - /** Initializes a security rating with SecurityScoreExample. */ - SecurityRatingExample() { - super("Security rating (example)", SECURITY_SCORE_EXAMPLE); - } - @Override public SecurityScoreExample score() { return (SecurityScoreExample) super.score(); @@ -67,4 +61,10 @@ protected SecurityLabelExample label(ScoreValue scoreValue) { return SecurityLabelExample.AWESOME; } + + public enum SecurityLabelExample implements Label { + AWFUL, + OKAY, + AWESOME + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssArtifactSecurityRating.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssArtifactSecurityRating.java index 6d1a9d4cf..e0c73fbaf 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssArtifactSecurityRating.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssArtifactSecurityRating.java @@ -16,15 +16,6 @@ */ public class OssArtifactSecurityRating extends AbstractRating { - /** A set of labels for the rating. */ - public enum ArtifactSecurityLabel implements Label { - BAD, - MODERATE, - GOOD, - UNCLEAR, - UNKNOWN; - } - /** Thresholds for labels. */ private final Thresholds thresholds; @@ -80,6 +71,15 @@ protected ArtifactSecurityLabel label(ScoreValue scoreValue) { return ArtifactSecurityLabel.GOOD; } + /** A set of labels for the rating. */ + public enum ArtifactSecurityLabel implements Label { + BAD, + MODERATE, + GOOD, + UNCLEAR, + UNKNOWN + } + /** Holds thresholds for labels. */ public static class Thresholds { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssRulesOfPlayRating.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssRulesOfPlayRating.java index 0a6e9d609..dd4f9b00d 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssRulesOfPlayRating.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssRulesOfPlayRating.java @@ -10,14 +10,6 @@ /** This rating checks whether an open source project violates certain rules or not. */ public class OssRulesOfPlayRating extends AbstractRating { - /** A set of labels for the rating. */ - public enum OssRulesOfPlayLabel implements Label { - PASSED, - PASSED_WITH_WARNING, - FAILED, - UNCLEAR - } - /** Initializes a new rating. */ public OssRulesOfPlayRating() { super("Open source rules of play rating", new OssRulesOfPlayScore()); @@ -46,4 +38,12 @@ protected OssRulesOfPlayLabel label(ScoreValue scoreValue) { return OssRulesOfPlayLabel.PASSED; } + + /** A set of labels for the rating. */ + public enum OssRulesOfPlayLabel implements Label { + PASSED, + PASSED_WITH_WARNING, + FAILED, + UNCLEAR + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssSecurityRating.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssSecurityRating.java index 4c9a13a56..06167aecd 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssSecurityRating.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssSecurityRating.java @@ -16,14 +16,6 @@ */ public class OssSecurityRating extends AbstractRating { - /** A set of labels for the rating. */ - public enum SecurityLabel implements Label { - BAD, - MODERATE, - GOOD, - UNCLEAR - } - /** Thresholds for labels. */ private final Thresholds thresholds; @@ -83,6 +75,14 @@ public Thresholds thresholds() { return thresholds; } + /** A set of labels for the rating. */ + public enum SecurityLabel implements Label { + BAD, + MODERATE, + GOOD, + UNCLEAR + } + /** Holds thresholds for labels. */ public static class Thresholds { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/SecurityRiskIntroducedByOss.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/SecurityRiskIntroducedByOss.java index 1b02c5bb7..b07949abe 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/SecurityRiskIntroducedByOss.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/rating/oss/SecurityRiskIntroducedByOss.java @@ -17,16 +17,6 @@ */ public class SecurityRiskIntroducedByOss extends AbstractRating { - /** A set of labels for the rating. */ - public enum OssSecurityRiskLabel implements Label { - NOTE, - LOW, - MEDIUM, - HIGH, - CRITICAL, - UNCLEAR - } - /** A matrix for determining a risk label based on impact (rows) and likelihood (columns). */ private static final OssSecurityRiskLabel[][] RISK_MATRIX = new OssSecurityRiskLabel[][] { @@ -60,6 +50,24 @@ public SecurityRiskIntroducedByOss(CalculatedSecurityRiskIntroducedByOss score) super("Security risk introduced by an open source project", score); } + /** + * Get an index in the risk matrix for a score value that contains likelihood or impact. + * + * @param value The score value. + * @return An index in the risk matrix. + */ + private static int indexFor(ScoreValue value) { + if (value.get() < MEDIUM_THRESHOLD) { + return 0; + } + + if (value.get() < HIGH_THRESHOLD) { + return 1; + } + + return 2; + } + /** * Get an underlying score. * @@ -103,21 +111,13 @@ protected Label label(ScoreValue scoreValue) { return RISK_MATRIX[indexFor(impact.get())][indexFor(likelihood.get())]; } - /** - * Get an index in the risk matrix for a score value that contains likelihood or impact. - * - * @param value The score value. - * @return An index in the risk matrix. - */ - private static int indexFor(ScoreValue value) { - if (value.get() < MEDIUM_THRESHOLD) { - return 0; - } - - if (value.get() < HIGH_THRESHOLD) { - return 1; - } - - return 2; + /** A set of labels for the rating. */ + public enum OssSecurityRiskLabel implements Label { + NOTE, + LOW, + MEDIUM, + HIGH, + CRITICAL, + UNCLEAR } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/AbstractScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/AbstractScore.java index b7d147bcf..048afc868 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/AbstractScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/AbstractScore.java @@ -28,15 +28,15 @@ public abstract class AbstractScore implements Score { /** No description. */ static final String EMPTY_DESCRIPTION = ""; + /** A logger. */ + @JsonIgnore protected final Logger logger = LogManager.getLogger(getClass()); + /** Score name. */ private final String name; /** Description. */ @JsonIgnore private final String description; - /** A logger. */ - @JsonIgnore protected final Logger logger = LogManager.getLogger(getClass()); - /** * Initializes a new score. * @@ -64,6 +64,120 @@ public AbstractScore(String name, String description) { this.description = description; } + /** + * Collect all features which are used by a specified score and its sub-scores. The method browses + * the underlying sub-scores recursively and adds features to a specified set. + * + * @param score The score. + * @param allFeatures A set of features to be filled out. + * @return The specified set of features. + */ + private static Set> fillOutFeatures(Score score, Set> allFeatures) { + allFeatures.addAll(score.features()); + for (Score subScore : score.subScores()) { + fillOutFeatures(subScore, allFeatures); + } + return allFeatures; + } + + /** + * The method calculates a score value for a specified score if the value is not available. + * + * @param score The score. + * @param values The values that should be used to calculate the score value. + * @return The calculated score value. + * @see #calculateIfNecessary(Score, ValueSet) + */ + protected static ScoreValue calculateIfNecessary(Score score, Value... values) { + return calculateIfNecessary(score, ValueHashSet.from(values)); + } + + /** + * The method calculates a value for a specified score if the value is not available. First, the + * method checks if the set of values already contains a value for the specified score. If yes, + * the method just returns the existing value. Otherwise, the method tries to calculate a value of + * the specified score. + * + * @param score The score. + * @param values The set of values. + * @return A value of the specified score. + * @throws IllegalArgumentException If a value for the score is not a {@link ScoreValue}. + */ + protected static ScoreValue calculateIfNecessary(Score score, ValueSet values) { + Optional> something = values.of(score); + + // if the set of values doesn't contain a value for the specified score, then calculate it + Value value = something.orElseGet(() -> UnknownValue.of(score)); + if (value.isUnknown()) { + return score.calculate(values); + } + + // if the set of values contain a value for the specified score, then return it + if (value instanceof ScoreValue) { + return (ScoreValue) value; + } + + throw new IllegalArgumentException( + String.format("Hey! I expected a ScoreValue for a score but got %s!", value.getClass())); + } + + /** + * Checks if all values are unknown. + * + * @param values The values to be checked. + * @return True if all values are unknown, false otherwise. + * @throws IllegalArgumentException If values are empty. + */ + protected static boolean allUnknown(Value... values) { + return allUnknown(Arrays.asList(values)); + } + + /** + * Checks if all values are unknown. + * + * @param values A list of values to be checked. + * @return True if all values are unknown, false otherwise. + * @throws IllegalArgumentException If values are empty. + */ + protected static boolean allUnknown(List> values) { + Objects.requireNonNull(values, "Oh no! Values is null!"); + + if (values.size() == 0) { + throw new IllegalStateException("Oh no! Values is empty!"); + } + + for (Value value : values) { + if (!value.isUnknown()) { + return false; + } + } + + return true; + } + + /** + * Checks if all values are N/A. + * + * @param values The values to be checked. + * @return True if all values are N/A, false otherwise. + * @throws IllegalArgumentException If values are empty. + */ + protected static boolean allNotApplicable(Value... values) { + Objects.requireNonNull(values, "Oh no! Values is null!"); + + if (values.length == 0) { + throw new IllegalStateException("Oh no! Values is empty!"); + } + + for (Value value : values) { + if (!value.isNotApplicable()) { + return false; + } + } + + return true; + } + @Override @JsonGetter("name") public final String name() { @@ -124,7 +238,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof AbstractScore == false) { + if (!(o instanceof AbstractScore)) { return false; } AbstractScore that = (AbstractScore) o; @@ -155,22 +269,6 @@ public Score score(Class clazz) { String.format("Sub-score %s not found", clazz.getCanonicalName())); } - /** - * Collect all features which are used by a specified score and its sub-scores. The method browses - * the underlying sub-scores recursively and adds features to a specified set. - * - * @param score The score. - * @param allFeatures A set of features to be filled out. - * @return The specified set of features. - */ - private static Set> fillOutFeatures(Score score, Set> allFeatures) { - allFeatures.addAll(score.features()); - for (Score subScore : score.subScores()) { - fillOutFeatures(subScore, allFeatures); - } - return allFeatures; - } - /** * Initializes a score value for the score. The method adjusts the specified score value so that * it fits to the valid range [0, 10]. @@ -223,102 +321,4 @@ protected Value find(Feature feature, Value... values) { throw new IllegalArgumentException( String.format("Oh no! We could not find feature: %s", feature.name())); } - - /** - * The method calculates a score value for a specified score if the value is not available. - * - * @param score The score. - * @param values The values that should be used to calculate the score value. - * @return The calculated score value. - * @see #calculateIfNecessary(Score, ValueSet) - */ - protected static ScoreValue calculateIfNecessary(Score score, Value... values) { - return calculateIfNecessary(score, ValueHashSet.from(values)); - } - - /** - * The method calculates a value for a specified score if the value is not available. First, the - * method checks if the set of values already contains a value for the specified score. If yes, - * the method just returns the existing value. Otherwise, the method tries to calculate a value of - * the specified score. - * - * @param score The score. - * @param values The set of values. - * @return A value of the specified score. - * @throws IllegalArgumentException If a value for the score is not a {@link ScoreValue}. - */ - protected static ScoreValue calculateIfNecessary(Score score, ValueSet values) { - Optional> something = values.of(score); - - // if the set of values doesn't contain a value for the specified score, then calculate it - Value value = something.orElseGet(() -> UnknownValue.of(score)); - if (value.isUnknown()) { - return score.calculate(values); - } - - // if the set of values contain a value for the specified score, then return it - if (value instanceof ScoreValue) { - return (ScoreValue) value; - } - - throw new IllegalArgumentException( - String.format("Hey! I expected a ScoreValue for a score but got %s!", value.getClass())); - } - - /** - * Checks if all values are unknown. - * - * @param values The values to be checked. - * @return True if all values are unknown, false otherwise. - * @throws IllegalArgumentException If values are empty. - */ - protected static boolean allUnknown(Value... values) { - return allUnknown(Arrays.asList(values)); - } - - /** - * Checks if all values are unknown. - * - * @param values A list of values to be checked. - * @return True if all values are unknown, false otherwise. - * @throws IllegalArgumentException If values are empty. - */ - protected static boolean allUnknown(List> values) { - Objects.requireNonNull(values, "Oh no! Values is null!"); - - if (values.size() == 0) { - throw new IllegalStateException("Oh no! Values is empty!"); - } - - for (Value value : values) { - if (!value.isUnknown()) { - return false; - } - } - - return true; - } - - /** - * Checks if all values are N/A. - * - * @param values The values to be checked. - * @return True if all values are N/A, false otherwise. - * @throws IllegalArgumentException If values are empty. - */ - protected static boolean allNotApplicable(Value... values) { - Objects.requireNonNull(values, "Oh no! Values is null!"); - - if (values.length == 0) { - throw new IllegalStateException("Oh no! Values is empty!"); - } - - for (Value value : values) { - if (!value.isNotApplicable()) { - return false; - } - } - - return true; - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/AverageCompositeScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/AverageCompositeScore.java index d940f2ea0..d134f4230 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/AverageCompositeScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/AverageCompositeScore.java @@ -106,7 +106,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof AverageCompositeScore == false) { + if (!(o instanceof AverageCompositeScore)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/FeatureBasedScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/FeatureBasedScore.java index d07f8c6dc..fa00e8eb3 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/FeatureBasedScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/FeatureBasedScore.java @@ -77,7 +77,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof FeatureBasedScore == false) { + if (!(o instanceof FeatureBasedScore)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/WeightedCompositeScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/WeightedCompositeScore.java index 6b144e4d1..83ca2254e 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/WeightedCompositeScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/WeightedCompositeScore.java @@ -220,7 +220,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof WeightedCompositeScore == false) { + if (!(o instanceof WeightedCompositeScore)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/example/ExampleScores.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/example/ExampleScores.java index 180237bd2..27af8e5cb 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/example/ExampleScores.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/example/ExampleScores.java @@ -3,14 +3,12 @@ /** A collection of sample scores. */ public class ExampleScores { - /** Private constructor, We don't need to create an instance of this class. */ - private ExampleScores() {} - public static final ProjectActivityScoreExample PROJECT_ACTIVITY_SCORE_EXAMPLE = new ProjectActivityScoreExample(); - public static final SecurityTestingScoreExample SECURITY_TESTING_SCORE_EXAMPLE = new SecurityTestingScoreExample(); - public static final SecurityScoreExample SECURITY_SCORE_EXAMPLE = new SecurityScoreExample(); + + /** Private constructor, We don't need to create an instance of this class. */ + private ExampleScores() {} } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/example/ProjectActivityScoreExample.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/example/ProjectActivityScoreExample.java index 1146a903a..b765adbfd 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/example/ProjectActivityScoreExample.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/example/ProjectActivityScoreExample.java @@ -19,6 +19,7 @@ public class ProjectActivityScoreExample extends FeatureBasedScore { private static final Map NUMBER_OF_COMMITS_TO_POINTS = new HashMap<>(); + private static final Map NUMBER_OF_CONTRIBUTORS_TO_POINTS = new HashMap<>(); static { NUMBER_OF_COMMITS_TO_POINTS.put( @@ -29,8 +30,6 @@ public class ProjectActivityScoreExample extends FeatureBasedScore { DoubleInterval.init().from(30).openLeft().positiveInfinity().make(), 5.0); } - private static final Map NUMBER_OF_CONTRIBUTORS_TO_POINTS = new HashMap<>(); - static { NUMBER_OF_CONTRIBUTORS_TO_POINTS.put( DoubleInterval.init().from(0).to(1).openLeft().closedRight().make(), 2.0); diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ArtifactReleaseHistoryScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ArtifactReleaseHistoryScore.java index d29e722cc..e72c36069 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ArtifactReleaseHistoryScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ArtifactReleaseHistoryScore.java @@ -38,56 +38,6 @@ public ArtifactReleaseHistoryScore() { ARTIFACT_VERSION); } - @Override - public ScoreValue calculate(Value... values) { - Value artifactVersions = find(RELEASED_ARTIFACT_VERSIONS, values); - Value artifactVersion = find(ARTIFACT_VERSION, values); - - if (artifactVersions.isUnknown()) { - return scoreValue(0.0, artifactVersions) - .makeUnknown() - .withMinConfidence() - .explain("No versions are found. Hence, no release history score can be calculated"); - } - - if (artifactVersions.get().size() <= ARTIFACT_VERSIONS_SIZE_THRESHOLD) { - return scoreValue(0.0, artifactVersions) - .explain("Only one version is given. Hence, no release history score can be calculated") - .withMinConfidence(); - } - - ScoreValue scoreValue = scoreValue(7.0, artifactVersions, artifactVersion); - - final Collection artifactCollection = - filter(artifactVersions, artifactVersion); - - // check release frequency over time - Collection versionInfo = versionInfo(artifactCollection); - VersionStats stats = calculateVersionStats(versionInfo); - - if (stats.averageDaysBetweenReleases < 10) { - scoreValue.increase(3); - } else if (stats.averageDaysBetweenReleases < 30) { - scoreValue.increase(2); - } else if (stats.averageDaysBetweenReleases < 60) { - scoreValue.increase(1); - } else if (stats.averageDaysBetweenReleases < 180) { - scoreValue.decrease(1); - } else if (stats.averageDaysBetweenReleases < 270) { - scoreValue.decrease(2); - } else if (stats.averageDaysBetweenReleases < 360) { - scoreValue.decrease(3); - } - - if (stats.releaseCycleTrend < 0) { - scoreValue.decrease(-1 * stats.releaseCycleTrend); - } else { - scoreValue.increase(stats.releaseCycleTrend); - } - - return scoreValue; - } - /** * Calculate statistics. * @@ -174,6 +124,56 @@ private static Collection filter( return artifactVersions.get().sortByReleaseDate(); } + @Override + public ScoreValue calculate(Value... values) { + Value artifactVersions = find(RELEASED_ARTIFACT_VERSIONS, values); + Value artifactVersion = find(ARTIFACT_VERSION, values); + + if (artifactVersions.isUnknown()) { + return scoreValue(0.0, artifactVersions) + .makeUnknown() + .withMinConfidence() + .explain("No versions are found. Hence, no release history score can be calculated"); + } + + if (artifactVersions.get().size() <= ARTIFACT_VERSIONS_SIZE_THRESHOLD) { + return scoreValue(0.0, artifactVersions) + .explain("Only one version is given. Hence, no release history score can be calculated") + .withMinConfidence(); + } + + ScoreValue scoreValue = scoreValue(7.0, artifactVersions, artifactVersion); + + final Collection artifactCollection = + filter(artifactVersions, artifactVersion); + + // check release frequency over time + Collection versionInfo = versionInfo(artifactCollection); + VersionStats stats = calculateVersionStats(versionInfo); + + if (stats.averageDaysBetweenReleases < 10) { + scoreValue.increase(3); + } else if (stats.averageDaysBetweenReleases < 30) { + scoreValue.increase(2); + } else if (stats.averageDaysBetweenReleases < 60) { + scoreValue.increase(1); + } else if (stats.averageDaysBetweenReleases < 180) { + scoreValue.decrease(1); + } else if (stats.averageDaysBetweenReleases < 270) { + scoreValue.decrease(2); + } else if (stats.averageDaysBetweenReleases < 360) { + scoreValue.decrease(3); + } + + if (stats.releaseCycleTrend < 0) { + scoreValue.decrease(-1 * stats.releaseCycleTrend); + } else { + scoreValue.increase(stats.releaseCycleTrend); + } + + return scoreValue; + } + /** Statistics about artifact versions. */ static class VersionStats { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/DependabotScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/DependabotScore.java index 5b4a2e7a4..283e102ec 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/DependabotScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/DependabotScore.java @@ -59,6 +59,12 @@ public class DependabotScore extends FeatureBasedScore { */ private static final Map SUPPORTED_LANGUAGES = new HashMap<>(); + /** + * A score value that is returned if it's likely that a project uses the security alerts on + * GitHub. + */ + private static final double GITHUB_ALERTS_SCORE_VALUE = 5.0; + static { SUPPORTED_LANGUAGES.put(MAVEN, Languages.of(JAVA, SCALA)); SUPPORTED_LANGUAGES.put(NPM, Languages.of(JAVASCRIPT)); @@ -69,12 +75,6 @@ public class DependabotScore extends FeatureBasedScore { SUPPORTED_LANGUAGES.put(COMPOSER, Languages.of(PHP)); } - /** - * A score value that is returned if it's likely that a project uses the security alerts on - * GitHub. - */ - private static final double GITHUB_ALERTS_SCORE_VALUE = 5.0; - /** Initializes a new score. */ public DependabotScore() { super( diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssRulesOfPlayScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssRulesOfPlayScore.java index 70ef7a102..1e2d58377 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssRulesOfPlayScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssRulesOfPlayScore.java @@ -93,28 +93,6 @@ public OssRulesOfPlayScore() { merge(EXPECTED_TRUE, EXPECTED_FALSE, RECOMMENDED_TRUE, RECOMMENDED_FALSE)); } - @Override - public ScoreValue calculate(Value... values) { - List> usedValues = - features().stream().map(feature -> find(feature, values)).collect(Collectors.toList()); - - List> violatedRules = findViolatedRulesIn(usedValues); - if (!violatedRules.isEmpty()) { - return scoreValue(MIN, usedValues) - .explain( - "Found %d violated rule%s", - violatedRules.size(), violatedRules.size() == 1 ? "" : "s"); - } - - List> warnings = findWarningsIn(usedValues); - if (!warnings.isEmpty()) { - return scoreValue(SCORE_WITH_WARNING, usedValues) - .explain("Found %d recommendations%s", warnings.size(), warnings.size() == 1 ? "" : "s"); - } - - return scoreValue(MAX, usedValues).explain("No violated rules found."); - } - /** * Looks for violated rules. * @@ -174,4 +152,26 @@ private static Set> merge(Set>... sets) { } return result; } + + @Override + public ScoreValue calculate(Value... values) { + List> usedValues = + features().stream().map(feature -> find(feature, values)).collect(Collectors.toList()); + + List> violatedRules = findViolatedRulesIn(usedValues); + if (!violatedRules.isEmpty()) { + return scoreValue(MIN, usedValues) + .explain( + "Found %d violated rule%s", + violatedRules.size(), violatedRules.size() == 1 ? "" : "s"); + } + + List> warnings = findWarningsIn(usedValues); + if (!warnings.isEmpty()) { + return scoreValue(SCORE_WITH_WARNING, usedValues) + .explain("Found %d recommendations%s", warnings.size(), warnings.size() == 1 ? "" : "s"); + } + + return scoreValue(MAX, usedValues).explain("No violated rules found."); + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/OwaspDependencyScanScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/OwaspDependencyScanScore.java index 156ed680f..fe50e2729 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/OwaspDependencyScanScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/OwaspDependencyScanScore.java @@ -79,7 +79,7 @@ public ScoreValue calculate(Value... values) { return scoreValue; } - if (thresholdValue instanceof OwaspDependencyCheckCvssThresholdValue == false) { + if (!(thresholdValue instanceof OwaspDependencyCheckCvssThresholdValue)) { throw new IllegalArgumentException("Expected OwaspDependencyCheckCvssThresholdValue!"); } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectActivityScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectActivityScore.java index f3eea70f1..fe92b4817 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectActivityScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectActivityScore.java @@ -43,17 +43,17 @@ public class ProjectActivityScore extends FeatureBasedScore { private static final Map CONTRIBUTOR_FACTOR = new TreeMap<>(); + /** A description of the score. */ + private static final String DESCRIPTION = + "The score evaluates how active a project is. " + + "It's based on number of commits and contributors in the last 3 months."; + static { CONTRIBUTOR_FACTOR.put(2, 0.05); CONTRIBUTOR_FACTOR.put(3, 0.1); CONTRIBUTOR_FACTOR.put(5, 0.2); } - /** A description of the score. */ - private static final String DESCRIPTION = - "The score evaluates how active a project is. " - + "It's based on number of commits and contributors in the last 3 months."; - /** Initializes a new score. */ ProjectActivityScore() { super( diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectPopularityScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectPopularityScore.java index 7d5ebd31e..9b0f6b9b8 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectPopularityScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectPopularityScore.java @@ -43,29 +43,6 @@ public class ProjectPopularityScore extends FeatureBasedScore { NUMBER_OF_DEPENDENT_PROJECTS_ON_GITHUB); } - @Override - public ScoreValue calculate(Value... values) { - Value stars = - findValue(values, NUMBER_OF_GITHUB_STARS, "Hey! You have to give me a number of stars!"); - Value watchers = - findValue( - values, NUMBER_OF_WATCHERS_ON_GITHUB, "Hey! You have to give me a number of watchers!"); - Value dependents = - findValue( - values, - NUMBER_OF_DEPENDENT_PROJECTS_ON_GITHUB, - "Hey! You have to give me a number of dependents!"); - - if (allUnknown(stars, watchers, dependents)) { - return scoreValue(MIN, stars, watchers, dependents).makeUnknown(); - } - - return scoreValue(MIN, stars, watchers, dependents) - .increase(subScoreFor(stars, BEST_STARS_AMOUNT)) - .increase(subScoreFor(watchers, BEST_WATCHERS_AMOUNT)) - .increase(subScoreFor(dependents, BEST_DEPENDENTS_AMOUNT)); - } - /** * Calculates a sub-score for a value. * @@ -90,4 +67,27 @@ private static double subScoreFor(Value value, int threshold) { return MAX; } + + @Override + public ScoreValue calculate(Value... values) { + Value stars = + findValue(values, NUMBER_OF_GITHUB_STARS, "Hey! You have to give me a number of stars!"); + Value watchers = + findValue( + values, NUMBER_OF_WATCHERS_ON_GITHUB, "Hey! You have to give me a number of watchers!"); + Value dependents = + findValue( + values, + NUMBER_OF_DEPENDENT_PROJECTS_ON_GITHUB, + "Hey! You have to give me a number of dependents!"); + + if (allUnknown(stars, watchers, dependents)) { + return scoreValue(MIN, stars, watchers, dependents).makeUnknown(); + } + + return scoreValue(MIN, stars, watchers, dependents) + .increase(subScoreFor(stars, BEST_STARS_AMOUNT)) + .increase(subScoreFor(watchers, BEST_WATCHERS_AMOUNT)) + .increase(subScoreFor(dependents, BEST_DEPENDENTS_AMOUNT)); + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectSecurityAwarenessScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectSecurityAwarenessScore.java index 558fb5d57..dcee8f6b6 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectSecurityAwarenessScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectSecurityAwarenessScore.java @@ -143,6 +143,31 @@ public class ProjectSecurityAwarenessScore extends FeatureBasedScore { HAS_EXECUTABLE_BINARIES)); } + /** + * Checks if a value means that one of the security tools is used in a project. + * + * @param value The value to be examined. + * @return True if a value means that one of the security tools is used, false otherwise. + * @throws IllegalArgumentException In case of an unexpected type of the value. + */ + private static boolean usedSecurityTools(Value value) { + if (value.isUnknown()) { + return false; + } + + Object object = value.get(); + if (object instanceof Boolean) { + return (Boolean) object; + } + + if (object instanceof OwaspDependencyCheckUsage usage) { + return usage != NOT_USED; + } + + throw new IllegalArgumentException( + String.format("Hey! This is an unexpected value: %s", value)); + } + @Override public ScoreValue calculate(Value... values) { Value securityPolicy = find(HAS_SECURITY_POLICY, values); @@ -223,30 +248,4 @@ public ScoreValue calculate(Value... values) { return scoreValue; } - - /** - * Checks if a value means that one of the security tools is used in a project. - * - * @param value The value to be examined. - * @return True if a value means that one of the security tools is used, false otherwise. - * @throws IllegalArgumentException In case of an unexpected type of the value. - */ - private static boolean usedSecurityTools(Value value) { - if (value.isUnknown()) { - return false; - } - - Object object = value.get(); - if (object instanceof Boolean) { - return (Boolean) object; - } - - if (object instanceof OwaspDependencyCheckUsage) { - OwaspDependencyCheckUsage usage = (OwaspDependencyCheckUsage) object; - return usage != NOT_USED; - } - - throw new IllegalArgumentException( - String.format("Hey! This is an unexpected value: %s", value)); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/SecurityReviewScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/SecurityReviewScore.java index ee15cdddb..003584575 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/SecurityReviewScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/SecurityReviewScore.java @@ -23,6 +23,21 @@ public SecurityReviewScore() { super("How security reviews have been done for an open source project", SECURITY_REVIEWS); } + /** + * Calculate points for a security review. + * + * @param review The security review. + * @param now Current time. + * @return Points for the security review. + */ + static double pointsFor(SecurityReview review, Instant now) { + if (review.projectChanged().isPresent()) { + return MAX * (1.0 - review.projectChanged().get()); + } + long years = (Duration.between(review.date().toInstant(), now).toDays() / 365) + 1; + return MAX / years; + } + @Override public ScoreValue calculate(Value... values) { Value reviews = @@ -45,19 +60,4 @@ public ScoreValue calculate(Value... values) { return score.set(value); } - - /** - * Calculate points for a security review. - * - * @param review The security review. - * @param now Current time. - * @return Points for the security review. - */ - static double pointsFor(SecurityReview review, Instant now) { - if (review.projectChanged().isPresent()) { - return MAX * (1.0 - review.projectChanged().get()); - } - long years = (Duration.between(review.date().toInstant(), now).toDays() / 365) + 1; - return MAX / years; - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/SnykDependencyScanScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/SnykDependencyScanScore.java index aad055652..7be3a1628 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/SnykDependencyScanScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/SnykDependencyScanScore.java @@ -38,6 +38,12 @@ public class SnykDependencyScanScore extends FeatureBasedScore { private static final Map SUPPORTED_LANGUAGES = new HashMap<>(); + /** + * A score value that is returned if it's likely that a project uses the security alerts on + * GitHub. + */ + private static final double GITHUB_ALERTS_SCORE_VALUE = 5.0; + static { SUPPORTED_LANGUAGES.put(MAVEN, Languages.of(JAVA, SCALA)); SUPPORTED_LANGUAGES.put(NPM, Languages.of(JAVASCRIPT)); @@ -49,12 +55,6 @@ public class SnykDependencyScanScore extends FeatureBasedScore { SUPPORTED_LANGUAGES.put(GOMODULES, Languages.of(GO)); } - /** - * A score value that is returned if it's likely that a project uses the security alerts on - * GitHub. - */ - private static final double GITHUB_ALERTS_SCORE_VALUE = 5.0; - /** Initializes a new score. */ public SnykDependencyScanScore() { super( diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/StaticAnalysisScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/StaticAnalysisScore.java index 066b09bbc..df7081614 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/StaticAnalysisScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/StaticAnalysisScore.java @@ -25,6 +25,20 @@ */ public class StaticAnalysisScore extends WeightedCompositeScore { + /** Initializes a new score. */ + public StaticAnalysisScore() { + super( + "How a project uses static analysis for security testing", + setOf( + new CodeqlScore(), + new FindSecBugsScore(), + new BanditScore(), + new PylintScore(), + new MyPyScore(), + new GoSecScore()), + initWeights()); + } + /** * Initializes weights for sub-scores. * @@ -39,18 +53,4 @@ private static ScoreWeights initWeights() { .set(MyPyScore.class, new ImmutableWeight(0.2)) .set(GoSecScore.class, new ImmutableWeight(0.3)); } - - /** Initializes a new score. */ - public StaticAnalysisScore() { - super( - "How a project uses static analysis for security testing", - setOf( - new CodeqlScore(), - new FindSecBugsScore(), - new BanditScore(), - new PylintScore(), - new MyPyScore(), - new GoSecScore()), - initWeights()); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/UnpatchedVulnerabilitiesScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/UnpatchedVulnerabilitiesScore.java index 1ceb88ada..d0b8682b8 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/UnpatchedVulnerabilitiesScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/UnpatchedVulnerabilitiesScore.java @@ -42,6 +42,25 @@ public class UnpatchedVulnerabilitiesScore extends FeatureBasedScore { super("How well vulnerabilities are patched", VULNERABILITIES_IN_PROJECT); } + /** + * Apply a penalty to a score value if issues found. + * + * @param scoreValue The score value to be updated. + * @param issues The number of issues. + * @param severity The severity of issues in human-readable format. + * @param penalty The penalty for one issue. + */ + private static void applyPenaltyIfNecessary( + ScoreValue scoreValue, int issues, String severity, double penalty) { + + if (issues > 0) { + double overallPenalty = penalty * issues; + scoreValue.decrease(overallPenalty); + scoreValue.explain( + String.format(EXPLANATION_TEMPLATE, issues, severity, overallPenalty, issues, penalty)); + } + } + @Override public ScoreValue calculate(Value... values) { Value vulnerabilities = @@ -85,23 +104,4 @@ public ScoreValue calculate(Value... values) { return scoreValue; } - - /** - * Apply a penalty to a score value if issues found. - * - * @param scoreValue The score value to be updated. - * @param issues The number of issues. - * @param severity The severity of issues in human-readable format. - * @param penalty The penalty for one issue. - */ - private static void applyPenaltyIfNecessary( - ScoreValue scoreValue, int issues, String severity, double penalty) { - - if (issues > 0) { - double overallPenalty = penalty * issues; - scoreValue.decrease(overallPenalty); - scoreValue.explain( - String.format(EXPLANATION_TEMPLATE, issues, severity, overallPenalty, issues, penalty)); - } - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityDiscoveryAndSecurityTestingScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityDiscoveryAndSecurityTestingScore.java index 4ec8cdee0..e39e3cef0 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityDiscoveryAndSecurityTestingScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityDiscoveryAndSecurityTestingScore.java @@ -79,6 +79,24 @@ public VulnerabilityDiscoveryAndSecurityTestingScore( this.securityTestingScore = securityTestingScore; } + /** + * Checks if there are recent vulnerabilities. + * + * @param vulnerabilities The vulnerabilities to be checked. + * @return True if there are recent vulnerabilities, false otherwise. + */ + private static boolean hasRecent(Value vulnerabilities) { + Date date = Date.from(Instant.now().minus(TIME_FRAME)); + + for (Vulnerability vulnerability : vulnerabilities.get()) { + if (vulnerability.published().filter(published -> published.after(date)).isPresent()) { + return true; + } + } + + return false; + } + /** * A getter to make Jackson happy. * @@ -141,7 +159,7 @@ public boolean equals(Object o) { return true; } - if (o instanceof VulnerabilityDiscoveryAndSecurityTestingScore == false) { + if (!(o instanceof VulnerabilityDiscoveryAndSecurityTestingScore)) { return false; } @@ -159,22 +177,4 @@ public boolean equals(Object o) { public int hashCode() { return Objects.hash(super.hashCode(), securityTestingScore); } - - /** - * Checks if there are recent vulnerabilities. - * - * @param vulnerabilities The vulnerabilities to be checked. - * @return True if there are recent vulnerabilities, false otherwise. - */ - private static boolean hasRecent(Value vulnerabilities) { - Date date = Date.from(Instant.now().minus(TIME_FRAME)); - - for (Vulnerability vulnerability : vulnerabilities.get()) { - if (vulnerability.published().filter(published -> published.after(date)).isPresent()) { - return true; - } - } - - return false; - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityLifetimeScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityLifetimeScore.java index e2e49f043..0843c8282 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityLifetimeScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityLifetimeScore.java @@ -36,6 +36,11 @@ public class VulnerabilityLifetimeScore extends FeatureBasedScore { LIFETIME_TO_FACTOR.put(Duration.ofDays(370), 0.2); } + /** Initializes a new score. */ + VulnerabilityLifetimeScore() { + super("How fast vulnerabilities are patched", VULNERABILITIES_IN_PROJECT); + } + /** * Returns a factor for a specified lifetime. * @@ -51,11 +56,6 @@ static double factorOf(Duration lifetime) { return MAX_LIFETIME_FACTOR; } - /** Initializes a new score. */ - VulnerabilityLifetimeScore() { - super("How fast vulnerabilities are patched", VULNERABILITIES_IN_PROJECT); - } - @Override public ScoreValue calculate(Value... values) { Value vulnerabilities = diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/RiskImpactScore.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/RiskImpactScore.java index d563e4a3b..edff3d94b 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/RiskImpactScore.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/RiskImpactScore.java @@ -22,6 +22,31 @@ */ public class RiskImpactScore extends WeightedCompositeScore { + /** Initializes a new score. */ + public RiskImpactScore() { + super( + "Aggregated impact factors for security risk of open source project", + setOf( + new DataConfidentialityRiskImpactFactor(), + new ConfidentialityRiskImpactFactor(), + new IntegrityRiskImpactFactor(), + new AvailabilityRiskImpactFactor()), + initWeights()); + } + + /** + * Initializes weights for sub-scores. + * + * @return The weights of sub-scores. + */ + private static ScoreWeights initWeights() { + return ScoreWeights.empty() + .set(DataConfidentialityRiskImpactFactor.class, new ImmutableWeight(1.0)) + .set(ConfidentialityRiskImpactFactor.class, new ImmutableWeight(0.8)) + .set(IntegrityRiskImpactFactor.class, new ImmutableWeight(0.8)) + .set(AvailabilityRiskImpactFactor.class, new ImmutableWeight(0.8)); + } + /** * This scoring function outputs am impact factor for security risk of open source project. The * factor is based on potential confidentiality impact in case of a security problem in an open @@ -60,29 +85,4 @@ public AvailabilityRiskImpactFactor() { super("Availability impact factor", AVAILABILITY_IMPACT); } } - - /** - * Initializes weights for sub-scores. - * - * @return The weights of sub-scores. - */ - private static ScoreWeights initWeights() { - return ScoreWeights.empty() - .set(DataConfidentialityRiskImpactFactor.class, new ImmutableWeight(1.0)) - .set(ConfidentialityRiskImpactFactor.class, new ImmutableWeight(0.8)) - .set(IntegrityRiskImpactFactor.class, new ImmutableWeight(0.8)) - .set(AvailabilityRiskImpactFactor.class, new ImmutableWeight(0.8)); - } - - /** Initializes a new score. */ - public RiskImpactScore() { - super( - "Aggregated impact factors for security risk of open source project", - setOf( - new DataConfidentialityRiskImpactFactor(), - new ConfidentialityRiskImpactFactor(), - new IntegrityRiskImpactFactor(), - new AvailabilityRiskImpactFactor()), - initWeights()); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/RiskLikelihoodCoefficient.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/RiskLikelihoodCoefficient.java index 35cfb3ad1..687424c55 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/RiskLikelihoodCoefficient.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/RiskLikelihoodCoefficient.java @@ -20,17 +20,6 @@ */ public class RiskLikelihoodCoefficient extends WeightedCompositeScore { - /** - * Initializes weights for sub-scores. - * - * @return The weights of sub-scores. - */ - private static ScoreWeights initWeights() { - return ScoreWeights.empty() - .set(OssSecurityScore.class, new ImmutableWeight(0.8)) - .set(AdoptedRiskLikelihoodFactor.class, new ImmutableWeight(0.2)); - } - /** Creates a new scoring function with default parameters. */ RiskLikelihoodCoefficient() { this(new OssSecurityScore(), new AdoptedRiskLikelihoodFactor()); @@ -51,6 +40,17 @@ public RiskLikelihoodCoefficient( initWeights()); } + /** + * Initializes weights for sub-scores. + * + * @return The weights of sub-scores. + */ + private static ScoreWeights initWeights() { + return ScoreWeights.empty() + .set(OssSecurityScore.class, new ImmutableWeight(0.8)) + .set(AdoptedRiskLikelihoodFactor.class, new ImmutableWeight(0.2)); + } + @Override public ScoreValue calculate(Value... values) { ScoreValue scoreValue = super.calculate(values); diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/RiskLikelihoodFactors.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/RiskLikelihoodFactors.java index 3fdefc114..423b0aa02 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/RiskLikelihoodFactors.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/RiskLikelihoodFactors.java @@ -18,6 +18,17 @@ */ public class RiskLikelihoodFactors extends WeightedCompositeScore { + /** Initializes a new score. */ + public RiskLikelihoodFactors() { + super( + "Aggregated likelihood factors for security risk of open source project", + setOf( + new UsageRiskLikelihoodFactor(), + new FunctionalityRiskLikelihoodFactor(), + new HandlingUntrustedDataRiskLikelihoodFactor()), + initWeights()); + } + /** * Initializes weights for sub-scores. * @@ -29,15 +40,4 @@ private static ScoreWeights initWeights() { .set(FunctionalityRiskLikelihoodFactor.class, new ImmutableWeight(0.8)) .set(HandlingUntrustedDataRiskLikelihoodFactor.class, new ImmutableWeight(0.8)); } - - /** Initializes a new score. */ - public RiskLikelihoodFactors() { - super( - "Aggregated likelihood factors for security risk of open source project", - setOf( - new UsageRiskLikelihoodFactor(), - new FunctionalityRiskLikelihoodFactor(), - new HandlingUntrustedDataRiskLikelihoodFactor()), - initWeights()); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/subject/oss/GitHubProject.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/subject/oss/GitHubProject.java index 6ab7a5d93..ed10e5221 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/subject/oss/GitHubProject.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/subject/oss/GitHubProject.java @@ -63,6 +63,37 @@ public GitHubProject( this.name = Objects.requireNonNull(name, "Hey! Project's name can't be null!"); } + /** + * Makes a project from its URL. + * + * @param urlString The URL. + * @return A new project. + * @throws IOException If something went wrong. + */ + public static GitHubProject parse(String urlString) throws IOException { + URL url = new URL(urlString); + if (!"github.com".equals(url.getHost())) { + throw new IllegalArgumentException(format("The host name is not github.com: %s", urlString)); + } + String[] parts = url.getPath().split("/"); + String name = parts[2]; + if (name.endsWith(".git")) { + name = name.substring(0, name.length() - 4); + } + return new GitHubProject(new GitHubOrganization(parts[1]), name); + } + + /** + * Checks if a URL points to GitHub. + * + * @param url The URL to be checked. + * @return True if the URL points to GitHub, false otherwise. + */ + public static boolean isOnGitHub(String url) { + return url != null + && (url.startsWith("https://github.com/") || url.startsWith("http://github.com/")); + } + @Override public URL scm() { try { @@ -127,35 +158,4 @@ public int hashCode() { public String toString() { return scm().toString(); } - - /** - * Makes a project from its URL. - * - * @param urlString The URL. - * @return A new project. - * @throws IOException If something went wrong. - */ - public static GitHubProject parse(String urlString) throws IOException { - URL url = new URL(urlString); - if (!"github.com".equals(url.getHost())) { - throw new IllegalArgumentException(format("The host name is not github.com: %s", urlString)); - } - String[] parts = url.getPath().split("/"); - String name = parts[2]; - if (name.endsWith(".git")) { - name = name.substring(0, name.length() - 4); - } - return new GitHubProject(new GitHubOrganization(parts[1]), name); - } - - /** - * Checks if a URL points to GitHub. - * - * @param url The URL to be checked. - * @return True if the URL points to GitHub, false otherwise. - */ - public static boolean isOnGitHub(String url) { - return url != null - && (url.startsWith("https://github.com/") || url.startsWith("http://github.com/")); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/tuning/TuningWithCMAES.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/tuning/TuningWithCMAES.java index 107e98191..1726b9d50 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/tuning/TuningWithCMAES.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/tuning/TuningWithCMAES.java @@ -52,6 +52,23 @@ public TuningWithCMAES(Tunable object, Verifier verifier) { fitnessFunction = new FitnessFunction(verifier, object.parameters()); } + /** + * Checks if a new solution is better than the current one. A new solution is better its value of + * the fitness function is lower, or there is currently no solution. + * + * @param currentSolution The old solution. + * @param newSolution The new solution. + * @return True if the new solution is better than the old solution, false otherwise. + */ + private static boolean isBetter(PointValuePair currentSolution, PointValuePair newSolution) { + if (currentSolution == null) { + return true; + } + double oldValue = currentSolution.getValue(); + double newValue = newSolution.getValue(); + return oldValue > newValue && oldValue - newValue > ACCURACY; + } + /** * Runs the CMA-ES optimization algorithm with particular parameters. * @@ -194,23 +211,6 @@ public void runTuning() { } } - /** - * Checks if a new solution is better than the current one. A new solution is better its value of - * the fitness function is lower, or there is currently no solution. - * - * @param currentSolution The old solution. - * @param newSolution The new solution. - * @return True if the new solution is better than the old solution, false otherwise. - */ - private static boolean isBetter(PointValuePair currentSolution, PointValuePair newSolution) { - if (currentSolution == null) { - return true; - } - double oldValue = currentSolution.getValue(); - double newValue = newSolution.getValue(); - return oldValue > newValue && oldValue - newValue > ACCURACY; - } - /** * This is a fitness function for minimization. For each test vector, the function does the * following: diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ArtifactVersionValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ArtifactVersionValue.java index 69ee3e6cd..4e1ff9459 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ArtifactVersionValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ArtifactVersionValue.java @@ -40,7 +40,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof ArtifactVersionValue == false) { + if (!(o instanceof ArtifactVersionValue)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ArtifactVersions.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ArtifactVersions.java index 230b14e23..654893f64 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ArtifactVersions.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ArtifactVersions.java @@ -26,6 +26,27 @@ public class ArtifactVersions implements Iterable { /** A set of versions. */ private final Set elements; + /** + * Initializes a set of versions. + * + * @param versions A set of versions. + */ + @JsonCreator + public ArtifactVersions(@JsonProperty("elements") Set versions) { + Objects.requireNonNull(versions, "versions can't be null!"); + this.elements = new TreeSet<>(ArtifactVersion.RELEASE_DATE_VERSION_COMPARISON); + this.elements.addAll(versions); + } + + /** + * Initializes a set of versions. + * + * @param versions A number of versions. + */ + public ArtifactVersions(ArtifactVersion... versions) { + this(setOf(versions)); + } + /** * Creates a collection of versions. * @@ -46,24 +67,18 @@ public static ArtifactVersions ofNothing() { } /** - * Initializes a set of versions. + * Sort artifact versions hold by ArtifactVersions by release date. * - * @param versions A set of versions. + * @param artifactVersions the artifact versions + * @return sorted collection of ArtifactVersion */ - @JsonCreator - public ArtifactVersions(@JsonProperty("elements") Set versions) { - Objects.requireNonNull(versions, "versions can't be null!"); - this.elements = new TreeSet<>(ArtifactVersion.RELEASE_DATE_VERSION_COMPARISON); - this.elements.addAll(versions); - } + public static Collection sortByReleaseDate( + Value artifactVersions) { - /** - * Initializes a set of versions. - * - * @param versions A number of versions. - */ - public ArtifactVersions(ArtifactVersion... versions) { - this(setOf(versions)); + if (artifactVersions.isUnknown()) { + return Collections.emptyList(); + } + return artifactVersions.get().sortByReleaseDate(); } /** @@ -127,21 +142,6 @@ public Collection sortByReleaseDate() { return Collections.unmodifiableCollection(elements); } - /** - * Sort artifact versions hold by ArtifactVersions by release date. - * - * @param artifactVersions the artifact versions - * @return sorted collection of ArtifactVersion - */ - public static Collection sortByReleaseDate( - Value artifactVersions) { - - if (artifactVersions.isUnknown()) { - return Collections.emptyList(); - } - return artifactVersions.get().sortByReleaseDate(); - } - /** * Filter {@link ArtifactVersions} by major version. * @@ -193,7 +193,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof ArtifactVersions == false) { + if (!(o instanceof ArtifactVersions)) { return false; } ArtifactVersions other = (ArtifactVersions) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ArtifactVersionsValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ArtifactVersionsValue.java index cd37756cf..3ac31dc72 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ArtifactVersionsValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ArtifactVersionsValue.java @@ -42,7 +42,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof ArtifactVersionsValue == false) { + if (!(o instanceof ArtifactVersionsValue)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/BooleanValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/BooleanValue.java index 15a848583..332ff0ba3 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/BooleanValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/BooleanValue.java @@ -38,7 +38,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof BooleanValue == false) { + if (!(o instanceof BooleanValue)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/CVSS.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/CVSS.java index 7020fb4fd..297be98e3 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/CVSS.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/CVSS.java @@ -12,19 +12,104 @@ @JsonTypeInfo(use = JsonTypeInfo.Id.NAME, property = "type") public abstract class CVSS { + /** The minimum CVSS score. */ + public static final double MIN = 0.0; + + /** The maximum CVSS score. */ + public static final double MAX = 10.0; + + /** A score. */ + private final Double value; + + /** + * Initializes a CVSS score. + * + * @param value A score in the interval [0, 10]. + */ + public CVSS(@JsonProperty("value") Double value) { + this.value = check(value); + } + + /** + * Checks that a score belongs to the interval [0, 10], it's null. + * + * @param value The score value to be checked. + * @return The score value if it's valid or null. + * @throws IllegalArgumentException If the score value is invalid. + */ + public static Double check(Double value) { + if (value == null) { + return null; + } + + if (Double.compare(value, MIN) < 0 || Double.compare(value, MAX) > 0) { + throw new IllegalArgumentException( + format("What the heck? %f doesn't look like a CVSS score!", value)); + } + + return value; + } + + /** + * Get the CVSS score. + * + * @return The CVSS score. + */ + @JsonGetter("value") + public Double value() { + return value; + } + + /** + * Get the confidentiality impact. + * + * @return The confidentiality impact if available. + */ + public abstract Optional confidentialityImpact(); + + /** + * Get the integrity impact. + * + * @return The integrity impact if available. + */ + public abstract Optional integrityImpact(); + + /** + * Get the availability impact. + * + * @return The availability impact if available. + */ + public abstract Optional availabilityImpact(); + + @Override + public boolean equals(Object o) { + if (this == o) { + return true; + } + if (!CVSS.class.isAssignableFrom(o.getClass())) { + return false; + } + CVSS cvss = (CVSS) o; + return Objects.equals(value, cvss.value); + } + + @Override + public int hashCode() { + return Objects.hash(value); + } + + /** CVSS version. */ + public enum Version { + V2, + V3 + } + /** CVSS version 2. */ public static class V2 extends CVSS { /** Unknown impact. */ public static final Impact UNKNOWN_IMPACT = null; - /** Possible impact values. */ - public enum Impact { - NONE, - PARTIAL, - COMPLETE - } - /** Confidentiality impact. */ @JsonProperty("confidentialityImpact") private final Impact confidentialityImpact; @@ -106,6 +191,13 @@ public int hashCode() { return Objects.hash( super.hashCode(), confidentialityImpact, integrityImpact, availabilityImpact); } + + /** Possible impact values. */ + public enum Impact { + NONE, + PARTIAL, + COMPLETE + } } /** CVSS version 3. */ @@ -114,13 +206,6 @@ public static class V3 extends CVSS { /** Unknown impact. */ public static final Impact UNKNOWN_IMPACT = null; - /** Possible impact values. */ - public enum Impact { - NONE, - LOW, - HIGH - } - /** Confidentiality impact. */ @JsonProperty("confidentialityImpact") private final Impact confidentialityImpact; @@ -202,97 +287,12 @@ public int hashCode() { return Objects.hash( super.hashCode(), confidentialityImpact, integrityImpact, availabilityImpact); } - } - - /** The minimum CVSS score. */ - public static final double MIN = 0.0; - - /** The maximum CVSS score. */ - public static final double MAX = 10.0; - - /** CVSS version. */ - public enum Version { - V2, - V3 - } - - /** A score. */ - private final Double value; - - /** - * Initializes a CVSS score. - * - * @param value A score in the interval [0, 10]. - */ - public CVSS(@JsonProperty("value") Double value) { - this.value = check(value); - } - - /** - * Get the CVSS score. - * - * @return The CVSS score. - */ - @JsonGetter("value") - public Double value() { - return value; - } - - /** - * Get the confidentiality impact. - * - * @return The confidentiality impact if available. - */ - public abstract Optional confidentialityImpact(); - - /** - * Get the integrity impact. - * - * @return The integrity impact if available. - */ - public abstract Optional integrityImpact(); - - /** - * Get the availability impact. - * - * @return The availability impact if available. - */ - public abstract Optional availabilityImpact(); - - @Override - public boolean equals(Object o) { - if (this == o) { - return true; - } - if (!CVSS.class.isAssignableFrom(o.getClass())) { - return false; - } - CVSS cvss = (CVSS) o; - return Objects.equals(value, cvss.value); - } - - @Override - public int hashCode() { - return Objects.hash(value); - } - - /** - * Checks that a score belongs to the interval [0, 10], it's null. - * - * @param value The score value to be checked. - * @return The score value if it's valid or null. - * @throws IllegalArgumentException If the score value is invalid. - */ - public static Double check(Double value) { - if (value == null) { - return null; - } - if (Double.compare(value, MIN) < 0 || Double.compare(value, MAX) > 0) { - throw new IllegalArgumentException( - format("What the heck? %f doesn't look like a CVSS score!", value)); + /** Possible impact values. */ + public enum Impact { + NONE, + LOW, + HIGH } - - return value; } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/DateValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/DateValue.java index 1176b9520..861817d62 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/DateValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/DateValue.java @@ -43,7 +43,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof DateValue == false) { + if (!(o instanceof DateValue)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/DoubleValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/DoubleValue.java index aa8d7994f..3b3eb0268 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/DoubleValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/DoubleValue.java @@ -38,7 +38,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof DoubleValue == false) { + if (!(o instanceof DoubleValue)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/EnumValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/EnumValue.java index e7da8cff0..3aa975002 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/EnumValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/EnumValue.java @@ -44,7 +44,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof EnumValue == false) { + if (!(o instanceof EnumValue)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ExpiringValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ExpiringValue.java index b073f9685..94b8a620a 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ExpiringValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ExpiringValue.java @@ -145,7 +145,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof ExpiringValue == false) { + if (!(o instanceof ExpiringValue)) { return false; } ExpiringValue that = (ExpiringValue) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/IntegerValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/IntegerValue.java index f4d3993c2..be603db84 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/IntegerValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/IntegerValue.java @@ -37,7 +37,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof IntegerValue == false) { + if (!(o instanceof IntegerValue)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Languages.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Languages.java index 54f25a1a1..2ef68d90b 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Languages.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Languages.java @@ -17,25 +17,6 @@ public class Languages implements Iterable { /** A set of languages. */ private final Set elements; - /** - * Creates a collection of languages. - * - * @param languages The languages. - * @return A collection of the specified languages. - */ - public static Languages of(Language... languages) { - return new Languages(setOf(languages)); - } - - /** - * Creates an empty set of languages. - * - * @return An empty set of languages. - */ - public static Languages empty() { - return new Languages(); - } - /** * Initializes a set of languages. * @@ -56,6 +37,25 @@ public Languages(Language... languages) { this(setOf(languages)); } + /** + * Creates a collection of languages. + * + * @param languages The languages. + * @return A collection of the specified languages. + */ + public static Languages of(Language... languages) { + return new Languages(setOf(languages)); + } + + /** + * Creates an empty set of languages. + * + * @return An empty set of languages. + */ + public static Languages empty() { + return new Languages(); + } + /** * Get a size of the set. * @@ -108,7 +108,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof Languages == false) { + if (!(o instanceof Languages)) { return false; } Languages other = (Languages) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/LanguagesValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/LanguagesValue.java index 3d577cfcc..f17e36c91 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/LanguagesValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/LanguagesValue.java @@ -38,7 +38,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof LanguagesValue == false) { + if (!(o instanceof LanguagesValue)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/LgtmGrade.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/LgtmGrade.java index 48a443223..8660d20ae 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/LgtmGrade.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/LgtmGrade.java @@ -25,16 +25,6 @@ public enum LgtmGrade { this.grade = grade; } - /** - * Get the grade as a string. - * - * @return The LGTM grade as a string. - */ - @JsonValue - public String grade() { - return grade; - } - /** * Converts a string to an LGTM grade. * @@ -60,6 +50,16 @@ public static LgtmGrade parse(String string) { throw new IllegalArgumentException(String.format("Unknown value: %s", string)); } + /** + * Get the grade as a string. + * + * @return The LGTM grade as a string. + */ + @JsonValue + public String grade() { + return grade; + } + @Override public String toString() { return grade; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/LgtmGradeValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/LgtmGradeValue.java index 8eebcf9d0..e987bd23c 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/LgtmGradeValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/LgtmGradeValue.java @@ -38,7 +38,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof LgtmGradeValue == false) { + if (!(o instanceof LgtmGradeValue)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/NotApplicableValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/NotApplicableValue.java index 0d9b87fd1..7c161f235 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/NotApplicableValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/NotApplicableValue.java @@ -8,33 +8,33 @@ public final class NotApplicableValue extends AbstractKnownValue { /** - * This factory method returns a not-applicable value of a specified feature. + * Initializes a not-applicable value for a feature. * * @param feature The feature. - * @param Feature value type. - * @return A not-applicable value for the feature. */ - public static NotApplicableValue of(Feature feature) { - return new NotApplicableValue<>(feature); + public NotApplicableValue(@JsonProperty("feature") Feature feature) { + super(feature); } /** - * Initializes a not-applicable value for a feature. + * This factory method returns a not-applicable value of a specified feature. * * @param feature The feature. + * @param Feature value type. + * @return A not-applicable value for the feature. */ - public NotApplicableValue(@JsonProperty("feature") Feature feature) { - super(feature); + public static NotApplicableValue of(Feature feature) { + return new NotApplicableValue<>(feature); } @Override @JsonIgnore - public final boolean isNotApplicable() { + public boolean isNotApplicable() { return true; } @Override - public final T get() { + public T get() { throw new UnsupportedOperationException( "It's a not-applicable value, get() method is not supposed to be called!"); } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/OwaspDependencyCheckCvssThresholdValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/OwaspDependencyCheckCvssThresholdValue.java index baa1ebc63..9300b4e3d 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/OwaspDependencyCheckCvssThresholdValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/OwaspDependencyCheckCvssThresholdValue.java @@ -45,7 +45,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof OwaspDependencyCheckCvssThresholdValue == false) { + if (!(o instanceof OwaspDependencyCheckCvssThresholdValue)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/OwaspDependencyCheckUsageValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/OwaspDependencyCheckUsageValue.java index 6c9a77ef3..99346e324 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/OwaspDependencyCheckUsageValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/OwaspDependencyCheckUsageValue.java @@ -42,7 +42,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof OwaspDependencyCheckUsageValue == false) { + if (!(o instanceof OwaspDependencyCheckUsageValue)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/PackageManagers.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/PackageManagers.java index c2d97b8f8..e347c7c0d 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/PackageManagers.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/PackageManagers.java @@ -20,43 +20,43 @@ public class PackageManagers implements Iterable { private final Set packageManagers; /** - * Creates an empty set of package managers. + * Initializes a set of package managers. * - * @return An empty set of package managers. + * @param packageManagers A set of package managers. */ - public static PackageManagers empty() { - return new PackageManagers(); + @JsonCreator + public PackageManagers(@JsonProperty("packageManagers") Set packageManagers) { + + Objects.requireNonNull(packageManagers, "Package managers can't be null!"); + this.packageManagers = new TreeSet<>(packageManagers); } /** * Initializes a set of package managers. * - * @param entries A number of package managers. - * @return A new set of package managers. + * @param packageManagers A number of package managers. */ - public static PackageManagers from(PackageManager... entries) { - return new PackageManagers(entries); + public PackageManagers(PackageManager... packageManagers) { + this(setOf(packageManagers)); } /** - * Initializes a set of package managers. + * Creates an empty set of package managers. * - * @param packageManagers A set of package managers. + * @return An empty set of package managers. */ - @JsonCreator - public PackageManagers(@JsonProperty("packageManagers") Set packageManagers) { - - Objects.requireNonNull(packageManagers, "Package managers can't be null!"); - this.packageManagers = new TreeSet<>(packageManagers); + public static PackageManagers empty() { + return new PackageManagers(); } /** * Initializes a set of package managers. * - * @param packageManagers A number of package managers. + * @param entries A number of package managers. + * @return A new set of package managers. */ - public PackageManagers(PackageManager... packageManagers) { - this(setOf(packageManagers)); + public static PackageManagers from(PackageManager... entries) { + return new PackageManagers(entries); } /** @@ -140,7 +140,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof PackageManagers == false) { + if (!(o instanceof PackageManagers)) { return false; } PackageManagers that = (PackageManagers) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/PackageManagersValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/PackageManagersValue.java index 3c16f2c5a..d4637d8fd 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/PackageManagersValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/PackageManagersValue.java @@ -39,7 +39,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof PackageManagersValue == false) { + if (!(o instanceof PackageManagersValue)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/RatingValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/RatingValue.java index 3014072ef..39f322e73 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/RatingValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/RatingValue.java @@ -79,7 +79,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof RatingValue == false) { + if (!(o instanceof RatingValue)) { return false; } RatingValue that = (RatingValue) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Reference.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Reference.java index ab917ffce..a373d31d8 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Reference.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Reference.java @@ -51,7 +51,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof Reference == false) { + if (!(o instanceof Reference)) { return false; } Reference reference = (Reference) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ScoreValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ScoreValue.java index c147efb4e..ae09659d0 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ScoreValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ScoreValue.java @@ -19,6 +19,9 @@ public class ScoreValue extends AbstractValue implements Con /** A score. */ private final Score score; + /** A list of values which were used to build the score value. */ + private final List> usedValues; + /** A score value. */ private double value; @@ -28,9 +31,6 @@ public class ScoreValue extends AbstractValue implements Con /** A weight of the score. */ private double weight; - /** A list of values which were used to build the score value. */ - private final List> usedValues; - /** A flag that tells if the score value is unknown. */ private boolean isUnknown; @@ -97,6 +97,53 @@ public ScoreValue( this.isNotApplicable = isNotApplicable; } + /** + * Get a list of feature values that are used in a score value or in its underlying score values. + * + * @param scoreValue The score value to be checked. + * @return A list of feature values. + */ + private static List> usedFeatureValuesIn(ScoreValue scoreValue) { + List> usedFeatureValues = new ArrayList<>(); + + for (Value value : scoreValue.usedValues) { + if (value instanceof ScoreValue) { + usedFeatureValues.addAll(usedFeatureValuesIn((ScoreValue) value)); + } else { + usedFeatureValues.add(value); + } + } + + return usedFeatureValues; + } + + /** + * Recursively looks for a used sub-score value of a specified score. + * + * @param scoreValue The score value to be checked. + * @param subScoreClass A class of the sub-score. + * @return An {@link Optional} with the sub-score value. + */ + private static Optional findUsedSubScoreValueIn( + ScoreValue scoreValue, Class subScoreClass) { + + for (Value usedValue : scoreValue.usedValues) { + if (usedValue instanceof ScoreValue subScoreValue) { + + if (subScoreClass.isInstance(subScoreValue.score)) { + return Optional.of(subScoreValue); + } + + Optional result = findUsedSubScoreValueIn(subScoreValue, subScoreClass); + if (result.isPresent()) { + return result; + } + } + } + + return Optional.empty(); + } + @JsonGetter("score") public Score score() { return score; @@ -168,26 +215,6 @@ public List> usedFeatureValues() { return usedFeatureValuesIn(this); } - /** - * Get a list of feature values that are used in a score value or in its underlying score values. - * - * @param scoreValue The score value to be checked. - * @return A list of feature values. - */ - private static List> usedFeatureValuesIn(ScoreValue scoreValue) { - List> usedFeatureValues = new ArrayList<>(); - - for (Value value : scoreValue.usedValues) { - if (value instanceof ScoreValue) { - usedFeatureValues.addAll(usedFeatureValuesIn((ScoreValue) value)); - } else { - usedFeatureValues.add(value); - } - } - - return usedFeatureValues; - } - /** * Recursively looks for a used sub-score value of a specified score. * @@ -198,34 +225,6 @@ public Optional findUsedSubScoreValue(Class subScor return findUsedSubScoreValueIn(this, subScoreClass); } - /** - * Recursively looks for a used sub-score value of a specified score. - * - * @param scoreValue The score value to be checked. - * @param subScoreClass A class of the sub-score. - * @return An {@link Optional} with the sub-score value. - */ - private static Optional findUsedSubScoreValueIn( - ScoreValue scoreValue, Class subScoreClass) { - - for (Value usedValue : scoreValue.usedValues) { - if (usedValue instanceof ScoreValue) { - ScoreValue subScoreValue = (ScoreValue) usedValue; - - if (subScoreClass.isInstance(subScoreValue.score)) { - return Optional.of(subScoreValue); - } - - Optional result = findUsedSubScoreValueIn(subScoreValue, subScoreClass); - if (result.isPresent()) { - return result; - } - } - } - - return Optional.empty(); - } - /** * Get the weight of the score value. * diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/SecurityReview.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/SecurityReview.java index 18690cd63..8cff4ff65 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/SecurityReview.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/SecurityReview.java @@ -19,12 +19,12 @@ public class SecurityReview { /** No info about changes since a review. */ public static final Double NO_INFO_ABOUT_CHANGES = null; - /** A valid interval for amount of changes returned by {@link #changes()}. */ - private static final Interval CHANGES_INTERVAL = DoubleInterval.closed(0.0, 1.0); - /** A parser for dates. */ static final DateFormat DATE_FORMAT = new SimpleDateFormat("yyyy-MM-dd"); + /** A valid interval for amount of changes returned by {@link #changes()}. */ + private static final Interval CHANGES_INTERVAL = DoubleInterval.closed(0.0, 1.0); + /** When the review was done. */ private final Date date; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/SecurityReviews.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/SecurityReviews.java index 1daac2e9c..85918e1a5 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/SecurityReviews.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/SecurityReviews.java @@ -12,15 +12,6 @@ /** A set of security reviews. */ public class SecurityReviews implements Set { - /** - * Returns an empty set of security reviews. - * - * @return An empty set of security reviews. - */ - public static SecurityReviews noReviews() { - return new SecurityReviews(); - } - /** Security reviews. */ private final Set elements = new HashSet<>(); @@ -37,16 +28,6 @@ public SecurityReviews(SecurityReview... elements) { this.elements.addAll(asList(elements)); } - /** - * Returns a set of security reviews. - * - * @return A set of security reviews. - */ - @JsonGetter("elements") - public Set elements() { - return new HashSet<>(elements); - } - /** * Create a set of security reviews. * @@ -57,6 +38,25 @@ public SecurityReviews(SecurityReviews reviews) { this.elements.addAll(reviews.elements); } + /** + * Returns an empty set of security reviews. + * + * @return An empty set of security reviews. + */ + public static SecurityReviews noReviews() { + return new SecurityReviews(); + } + + /** + * Returns a set of security reviews. + * + * @return A set of security reviews. + */ + @JsonGetter("elements") + public Set elements() { + return new HashSet<>(elements); + } + @Override public int size() { return elements.size(); diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/SemanticVersion.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/SemanticVersion.java index 8d47d9e5d..abf06a6b1 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/SemanticVersion.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/SemanticVersion.java @@ -122,9 +122,7 @@ private boolean checkStartVersion(SemanticVersion startVersion) { if (this.minor > startVersion.minor) { return true; } else if (this.minor == startVersion.minor) { - if (this.micro >= startVersion.micro) { - return true; - } + return this.micro >= startVersion.micro; } } return false; @@ -138,9 +136,7 @@ private boolean checkEndVersion(SemanticVersion endVersion) { if (this.minor < endVersion.minor) { return true; } else if (this.minor == endVersion.minor) { - if (this.micro <= endVersion.micro) { - return true; - } + return this.micro <= endVersion.micro; } } return false; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/StringValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/StringValue.java index 1746e6a64..db94107c1 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/StringValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/StringValue.java @@ -37,7 +37,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof StringValue == false) { + if (!(o instanceof StringValue)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/UnknownValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/UnknownValue.java index e95569ce7..a1e78fb65 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/UnknownValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/UnknownValue.java @@ -10,28 +10,28 @@ public final class UnknownValue extends AbstractValue> { /** - * This factory method returns an unknown values of a specified feature. + * Initializes an unknown value for a feature. * * @param feature The feature. - * @param Value type. - * @return An unknown value for the specified feature. */ - public static UnknownValue of(Feature feature) { - return new UnknownValue<>(feature); + public UnknownValue(@JsonProperty("feature") Feature feature) { + super(feature); } /** - * Initializes an unknown value for a feature. + * This factory method returns an unknown values of a specified feature. * * @param feature The feature. + * @param Value type. + * @return An unknown value for the specified feature. */ - public UnknownValue(@JsonProperty("feature") Feature feature) { - super(feature); + public static UnknownValue of(Feature feature) { + return new UnknownValue<>(feature); } @Override @JsonIgnore - public final boolean isUnknown() { + public boolean isUnknown() { return true; } @@ -42,7 +42,7 @@ public boolean isNotApplicable() { } @Override - public final T get() { + public T get() { throw new IllegalStateException( "It's an unknown value, get() method is not supposed to be called!"); } @@ -53,12 +53,12 @@ public T orElse(T other) { } @Override - public final Value processIfKnown(Processor processor) { + public Value processIfKnown(Processor processor) { return this; } @Override - public final Value processIfUnknown(Runnable processor) { + public Value processIfUnknown(Runnable processor) { Objects.requireNonNull(processor, "Processor can't be null!"); processor.run(); return this; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ValueHashSet.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ValueHashSet.java index 23329825f..c3a7dccc2 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ValueHashSet.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/ValueHashSet.java @@ -35,17 +35,6 @@ public class ValueHashSet implements ValueSet { /** A mapping from a feature to its value. */ private final Map, Value> featureToValue = new HashMap<>(); - /** - * Initializes a new {@link ValueHashSet} with a number of values. - * - * @param values The values. - * @return The new {@link ValueHashSet}. - */ - public static ValueHashSet from(Value... values) { - Objects.requireNonNull(values, "Values can't be null!"); - return new ValueHashSet(values); - } - /** Initializes an empty {@link ValueHashSet}. */ public ValueHashSet() {} @@ -70,6 +59,17 @@ public ValueHashSet(Value... values) { } } + /** + * Initializes a new {@link ValueHashSet} with a number of values. + * + * @param values The values. + * @return The new {@link ValueHashSet}. + */ + public static ValueHashSet from(Value... values) { + Objects.requireNonNull(values, "Values can't be null!"); + return new ValueHashSet(values); + } + /** * Create an empty value set. * @@ -166,7 +166,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof ValueHashSet == false) { + if (!(o instanceof ValueHashSet)) { return false; } ValueHashSet that = (ValueHashSet) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Vulnerabilities.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Vulnerabilities.java index 970b0422c..8e3543d76 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Vulnerabilities.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Vulnerabilities.java @@ -90,7 +90,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof Vulnerabilities == false) { + if (!(o instanceof Vulnerabilities)) { return false; } Vulnerabilities that = (Vulnerabilities) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/VulnerabilitiesValue.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/VulnerabilitiesValue.java index 298a1b4c7..ccc3a6b1a 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/VulnerabilitiesValue.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/VulnerabilitiesValue.java @@ -39,7 +39,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof VulnerabilitiesValue == false) { + if (!(o instanceof VulnerabilitiesValue)) { return false; } if (!super.equals(o)) { diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Vulnerability.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Vulnerability.java index 63c12fa87..c05d012ab 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Vulnerability.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/value/Vulnerability.java @@ -29,13 +29,6 @@ /** The class holds information about a vulnerability. */ public class Vulnerability { - /** A enum of resolution statuses of a vulnerability. */ - public enum Resolution { - PATCHED, - UNPATCHED, - UNKNOWN - } - /** This means that a vulnerability has no description. */ public static final String NO_DESCRIPTION = null; @@ -139,6 +132,34 @@ public enum Resolution { this.vulnerableVersions = vulnerableVersions; } + /** + * Convert {@link CVSSv3.CiaType} to {@link CVSS.V3.Impact}. + * + * @param impact The impact to be converted. + * @return A converted impact. + */ + private static CVSS.V3.Impact get(CVSSv3.CiaType impact) { + if (impact == null) { + return CVSS.V3.UNKNOWN_IMPACT; + } + + return CVSS.V3.Impact.valueOf(impact.value()); + } + + /** + * Convert {@link CVSSv2.CiaType} to {@link CVSS.V2.Impact}. + * + * @param impact The impact to be converted. + * @return A converted impact. + */ + private static CVSS.V2.Impact get(CVSSv2.CiaType impact) { + if (impact == null) { + return CVSS.V2.UNKNOWN_IMPACT; + } + + return CVSS.V2.Impact.valueOf(impact.value()); + } + /** * Get the vulnerability identifier. * @@ -230,7 +251,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof Vulnerability == false) { + if (!(o instanceof Vulnerability)) { return false; } Vulnerability that = (Vulnerability) o; @@ -270,6 +291,13 @@ private String getDescription() { return description; } + /** A enum of resolution statuses of a vulnerability. */ + public enum Resolution { + PATCHED, + UNPATCHED, + UNKNOWN + } + /** The builder builds instances of {@link Vulnerability}. */ public static class Builder { @@ -374,6 +402,39 @@ private static VersionRange createVersionRange(CpeMatch cpe) { return new VersionRange(cpe.versionStartIncluding(), cpe.versionEndIncluding()); } + /** + * Extracts a CVSS score from an NVD entry. + * + * @param entry The NVD entry. + * @return The CVSS score. + */ + private static CVSS cvssFrom(NvdEntry entry) { + Impact impact = entry.getImpact(); + if (impact == null) { + return null; + } + + if (impact.getBaseMetricV3() != null) { + CVSSv3 cvssV3 = entry.getImpact().getBaseMetricV3().getCVSSv3(); + return new CVSS.V3( + cvssV3.getBaseScore(), + get(cvssV3.confidentialityImpact()), + get(cvssV3.integrityImpact()), + get(cvssV3.availabilityImpact())); + } + + if (impact.getBaseMetricV2() != null) { + CVSSv2 cvssV2 = entry.getImpact().getBaseMetricV2().getCVSSv2(); + return new CVSS.V2( + cvssV2.getBaseScore(), + get(cvssV2.confidentialityImpact()), + get(cvssV2.integrityImpact()), + get(cvssV2.availabilityImpact())); + } + + return null; + } + /** * Set a description for the vulnerability. * @@ -494,66 +555,5 @@ public Vulnerability make() { published, vulnerableVersions); } - - /** - * Extracts a CVSS score from an NVD entry. - * - * @param entry The NVD entry. - * @return The CVSS score. - */ - private static CVSS cvssFrom(NvdEntry entry) { - Impact impact = entry.getImpact(); - if (impact == null) { - return null; - } - - if (impact.getBaseMetricV3() != null) { - CVSSv3 cvssV3 = entry.getImpact().getBaseMetricV3().getCVSSv3(); - return new CVSS.V3( - cvssV3.getBaseScore(), - get(cvssV3.confidentialityImpact()), - get(cvssV3.integrityImpact()), - get(cvssV3.availabilityImpact())); - } - - if (impact.getBaseMetricV2() != null) { - CVSSv2 cvssV2 = entry.getImpact().getBaseMetricV2().getCVSSv2(); - return new CVSS.V2( - cvssV2.getBaseScore(), - get(cvssV2.confidentialityImpact()), - get(cvssV2.integrityImpact()), - get(cvssV2.availabilityImpact())); - } - - return null; - } - } - - /** - * Convert {@link CVSSv3.CiaType} to {@link CVSS.V3.Impact}. - * - * @param impact The impact to be converted. - * @return A converted impact. - */ - private static CVSS.V3.Impact get(CVSSv3.CiaType impact) { - if (impact == null) { - return CVSS.V3.UNKNOWN_IMPACT; - } - - return CVSS.V3.Impact.valueOf(impact.value()); - } - - /** - * Convert {@link CVSSv2.CiaType} to {@link CVSS.V2.Impact}. - * - * @param impact The impact to be converted. - * @return A converted impact. - */ - private static CVSS.V2.Impact get(CVSSv2.CiaType impact) { - if (impact == null) { - return CVSS.V2.UNKNOWN_IMPACT; - } - - return CVSS.V2.Impact.valueOf(impact.value()); } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/weight/ImmutableWeight.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/weight/ImmutableWeight.java index 8297f0ca4..2847bbcfd 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/weight/ImmutableWeight.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/weight/ImmutableWeight.java @@ -41,7 +41,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof ImmutableWeight == false) { + if (!(o instanceof ImmutableWeight)) { return false; } ImmutableWeight weight = (ImmutableWeight) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/weight/MutableWeight.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/weight/MutableWeight.java index f5b8225b3..af98635de 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/weight/MutableWeight.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/weight/MutableWeight.java @@ -40,7 +40,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof MutableWeight == false) { + if (!(o instanceof MutableWeight)) { return false; } MutableWeight weight = (MutableWeight) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/model/weight/ScoreWeights.java b/src/main/java/com/sap/oss/phosphor/fosstars/model/weight/ScoreWeights.java index f2b0d9098..e674f6152 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/model/weight/ScoreWeights.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/model/weight/ScoreWeights.java @@ -29,6 +29,17 @@ public class ScoreWeights implements Tunable { /** Maps a score type to its weight. */ private final Map, Weight> values; + /** + * Initializes a new collection of weights. + * + * @param values The weights. + */ + @JsonCreator + public ScoreWeights(@JsonProperty("values") Map, Weight> values) { + Objects.requireNonNull(values, "Weights can't be null!"); + this.values = new HashMap<>(values); + } + /** * Creates an empty collection of weights. * @@ -64,17 +75,6 @@ public static ScoreWeights createFor(Set scores) { return createFor(scores.toArray(new Score[0])); } - /** - * Initializes a new collection of weights. - * - * @param values The weights. - */ - @JsonCreator - public ScoreWeights(@JsonProperty("values") Map, Weight> values) { - Objects.requireNonNull(values, "Weights can't be null!"); - this.values = new HashMap<>(values); - } - /** * Creates a weight for a score. * @@ -157,7 +157,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof ScoreWeights == false) { + if (!(o instanceof ScoreWeights)) { return false; } ScoreWeights weights = (ScoreWeights) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/AbstractHandler.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/AbstractHandler.java index cae7791f3..cd042196c 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/AbstractHandler.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/AbstractHandler.java @@ -106,8 +106,7 @@ SingleRatingCalculator calculator() throws IOException { if (commandLine.hasOption("cleanup")) { calculator.doAfter( subject -> { - if (subject instanceof GitHubProject) { - GitHubProject project = (GitHubProject) subject; + if (subject instanceof GitHubProject project) { CleanupStrategy processedRepository = (url, info, total) -> project.scm().equals(url); try { fetcher.cleanup(processedRepository); diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/Application.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/Application.java index 2fadaf37c..fc844e95a 100755 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/Application.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/Application.java @@ -60,6 +60,22 @@ public class Application { /** The default handler. */ private final Handler defaultHandler; + /** + * Initialize CLI. + * + * @throws IOException If something went wrong. + */ + public Application() throws IOException { + handlers = + new Handler[] { + new OssProjectSecurityRatingHandler(), + new OssArtifactSecurityRatingHandler(), + new OssRulesOfPlayRatingHandler(), + new SecurityRiskIntroducedByOssHandler() + }; + defaultHandler = handlers[0]; + } + /** * Entry point. * @@ -77,19 +93,123 @@ public static void main(String... args) { } /** - * Initialize CLI. + * Checks command-line options and throws an exception if something is wrong. * - * @throws IOException If something went wrong. + * @param commandLine The command-line options. + * @throws IllegalArgumentException If the options are invalid. */ - public Application() throws IOException { - handlers = - new Handler[] { - new OssProjectSecurityRatingHandler(), - new OssArtifactSecurityRatingHandler(), - new OssRulesOfPlayRatingHandler(), - new SecurityRiskIntroducedByOssHandler() - }; - defaultHandler = handlers[0]; + private static void checkOptionsIn(CommandLine commandLine) { + if (commandLine.hasOption("h")) { + return; + } + + if (commandLine.hasOption("report-type") && !commandLine.hasOption("report-file")) { + throw new IllegalArgumentException( + "The option --report-type has to be used with --report-file"); + } + + if (commandLine.hasOption("report-type") + && !asList("text", "markdown", "json") + .contains(commandLine.getOptionValue("report-type"))) { + + throw new IllegalArgumentException( + format("Unknown report type: %s", commandLine.getOptionValue("report-type"))); + } + } + + /** + * Tries to establish a connection to GitHub. + * + * @param token A GitHub token (may be null). + * @return An interface for the GitHub API. + * @throws IOException If a connection to GitHub couldn't be established. + */ + private static GitHub connectToGithub(String token, UserCallback callback) throws IOException { + if (token == null && callback.canTalk()) { + LOGGER.warn("You didn't provide an access token for GitHub ..."); + LOGGER.warn("But you can create it now. Do the following:"); + LOGGER.info(" 1. Go to https://github.com/settings/tokens"); + LOGGER.info(" 2. Click the 'Generate new token' button"); + LOGGER.info(" 3. Write a short note for a token"); + LOGGER.info(" 4. Select scopes"); + LOGGER.info(" 5. Click the 'Generate token' button"); + LOGGER.info(" 6. Copy your new token"); + LOGGER.info(" 7. Paste the token here"); + + Answer answer = new YesNoQuestion(callback, "Would you like to create a token now?").ask(); + switch (answer) { + case YES: + LOGGER.info("Paste the token here ------+"); + LOGGER.info(" |"); + LOGGER.info(" |"); + LOGGER.info(" +-------------------------+"); + LOGGER.info(" |"); + LOGGER.info(" |"); + LOGGER.info(" V"); + token = new InputString(callback).get(); + break; + case NO: + LOGGER.info("Okay ..."); + break; + default: + throw new IllegalArgumentException(format("Not sure what I can do with '%s'", answer)); + } + } + + List suppressed = new ArrayList<>(); + if (token != null) { + LOGGER.info("Okay, we have a GitHub token, let's try to use it"); + try { + return new GitHubBuilder() + .withConnector(okHttpGitHubConnector()) + .withOAuthToken(token) + .build(); + } catch (IOException e) { + LOGGER.warn("Something went wrong: {}", e.getMessage()); + suppressed.add(e); + } + } else { + LOGGER.warn("No GitHub token provided"); + } + + try { + LOGGER.info("Now, let's try to use GitHub settings from environment variables"); + return GitHubBuilder.fromEnvironment().withConnector(okHttpGitHubConnector()).build(); + } catch (IOException e) { + LOGGER.warn("Could not connect to GitHub", e); + + suppressed.add(e); + } + + try { + LOGGER.info("Then, let's try to establish an anonymous connection"); + GitHub github = new GitHubBuilder().withConnector(okHttpGitHubConnector()).build(); + LOGGER.warn("We have established only an anonymous connection to GitHub ..."); + return github; + } catch (IOException e) { + LOGGER.warn("Something went wrong", e); + suppressed.add(e); + } + + IOException error = new IOException("Could not connect to GitHub!"); + for (Exception e : suppressed) { + error.addSuppressed(e); + } + throw error; + } + + /** + * Create a {@link OkHttpGitHubConnector}. + * + * @return {@link OkHttpGitHubConnector}. + */ + private static OkHttpGitHubConnector okHttpGitHubConnector() { + OkHttpClient client = + new OkHttpClient.Builder() + .connectTimeout(60, TimeUnit.SECONDS) + .readTimeout(60, TimeUnit.SECONDS) + .build(); + return new OkHttpGitHubConnector(client); } /** @@ -294,124 +414,4 @@ private SubjectValueCache loadValueCache() { } return new SubjectValueCache(); } - - /** - * Checks command-line options and throws an exception if something is wrong. - * - * @param commandLine The command-line options. - * @throws IllegalArgumentException If the options are invalid. - */ - private static void checkOptionsIn(CommandLine commandLine) { - if (commandLine.hasOption("h")) { - return; - } - - if (commandLine.hasOption("report-type") && !commandLine.hasOption("report-file")) { - throw new IllegalArgumentException( - "The option --report-type has to be used with --report-file"); - } - - if (commandLine.hasOption("report-type") - && !asList("text", "markdown", "json") - .contains(commandLine.getOptionValue("report-type"))) { - - throw new IllegalArgumentException( - format("Unknown report type: %s", commandLine.getOptionValue("report-type"))); - } - } - - /** - * Tries to establish a connection to GitHub. - * - * @param token A GitHub token (may be null). - * @return An interface for the GitHub API. - * @throws IOException If a connection to GitHub couldn't be established. - */ - private static GitHub connectToGithub(String token, UserCallback callback) throws IOException { - if (token == null && callback.canTalk()) { - LOGGER.warn("You didn't provide an access token for GitHub ..."); - LOGGER.warn("But you can create it now. Do the following:"); - LOGGER.info(" 1. Go to https://github.com/settings/tokens"); - LOGGER.info(" 2. Click the 'Generate new token' button"); - LOGGER.info(" 3. Write a short note for a token"); - LOGGER.info(" 4. Select scopes"); - LOGGER.info(" 5. Click the 'Generate token' button"); - LOGGER.info(" 6. Copy your new token"); - LOGGER.info(" 7. Paste the token here"); - - Answer answer = new YesNoQuestion(callback, "Would you like to create a token now?").ask(); - switch (answer) { - case YES: - LOGGER.info("Paste the token here ------+"); - LOGGER.info(" |"); - LOGGER.info(" |"); - LOGGER.info(" +-------------------------+"); - LOGGER.info(" |"); - LOGGER.info(" |"); - LOGGER.info(" V"); - token = new InputString(callback).get(); - break; - case NO: - LOGGER.info("Okay ..."); - break; - default: - throw new IllegalArgumentException(format("Not sure what I can do with '%s'", answer)); - } - } - - List suppressed = new ArrayList<>(); - if (token != null) { - LOGGER.info("Okay, we have a GitHub token, let's try to use it"); - try { - return new GitHubBuilder() - .withConnector(okHttpGitHubConnector()) - .withOAuthToken(token) - .build(); - } catch (IOException e) { - LOGGER.warn("Something went wrong: {}", e.getMessage()); - suppressed.add(e); - } - } else { - LOGGER.warn("No GitHub token provided"); - } - - try { - LOGGER.info("Now, let's try to use GitHub settings from environment variables"); - return GitHubBuilder.fromEnvironment().withConnector(okHttpGitHubConnector()).build(); - } catch (IOException e) { - LOGGER.warn("Could not connect to GitHub", e); - - suppressed.add(e); - } - - try { - LOGGER.info("Then, let's try to establish an anonymous connection"); - GitHub github = new GitHubBuilder().withConnector(okHttpGitHubConnector()).build(); - LOGGER.warn("We have established only an anonymous connection to GitHub ..."); - return github; - } catch (IOException e) { - LOGGER.warn("Something went wrong", e); - suppressed.add(e); - } - - IOException error = new IOException("Could not connect to GitHub!"); - for (Exception e : suppressed) { - error.addSuppressed(e); - } - throw error; - } - - /** - * Create a {@link OkHttpGitHubConnector}. - * - * @return {@link OkHttpGitHubConnector}. - */ - private static OkHttpGitHubConnector okHttpGitHubConnector() { - OkHttpClient client = - new OkHttpClient.Builder() - .connectTimeout(60, TimeUnit.SECONDS) - .readTimeout(60, TimeUnit.SECONDS) - .build(); - return new OkHttpGitHubConnector(client); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/Config.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/Config.java index 33002a5a7..21e650430 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/Config.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/Config.java @@ -39,15 +39,6 @@ public class Config { this.finderConfig = finderConfig; } - /** - * Checks the config has a filename of a cache. - * - * @return True if the config has a filename of a cache, false otherwise. - */ - boolean hasCacheFile() { - return cacheFilename != null && !cacheFilename.trim().isEmpty(); - } - /** * Loads a config from a file. * @@ -73,4 +64,13 @@ static Config from(InputStream is) throws IOException { mapper.enable(MapperFeature.ACCEPT_CASE_INSENSITIVE_ENUMS); return mapper.readValue(is, Config.class); } + + /** + * Checks the config has a filename of a cache. + * + * @return True if the config has a filename of a cache, false otherwise. + */ + boolean hasCacheFile() { + return cacheFilename != null && !cacheFilename.trim().isEmpty(); + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/GitHubProjectFinder.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/GitHubProjectFinder.java index 47b59645b..816ffe381 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/GitHubProjectFinder.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/GitHubProjectFinder.java @@ -25,15 +25,15 @@ */ public class GitHubProjectFinder { + /** An empty exclude list. */ + static final List EMPTY_EXCLUDE_LIST = Collections.emptyList(); + /** The default minimal number of stars. */ private static final int DEFAULT_STARS = 0; /** A page size for requests to GitHub. */ private static final int PAGE_SIZE = 100; - /** An empty exclude list. */ - static final List EMPTY_EXCLUDE_LIST = Collections.emptyList(); - /** An interface to GitHub. */ private final GitHub github; @@ -332,7 +332,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof OrganizationConfig == false) { + if (!(o instanceof OrganizationConfig)) { return false; } OrganizationConfig that = (OrganizationConfig) o; @@ -375,7 +375,7 @@ public boolean equals(Object o) { if (this == o) { return true; } - if (o instanceof ProjectConfig == false) { + if (!(o instanceof ProjectConfig)) { return false; } ProjectConfig that = (ProjectConfig) o; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/MavenScmFinder.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/MavenScmFinder.java index 7f0cf5c95..86d1dda5e 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/MavenScmFinder.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/MavenScmFinder.java @@ -43,23 +43,6 @@ public class MavenScmFinder { Pattern.compile( "\\s*([A-Za-z0-9]+(\\.[A-Za-z0-9]+)*.*)", Pattern.CASE_INSENSITIVE); - /** - * Takes GAV coordinates of an artifact and looks for a URL to its SCM. - * - * @param gav The GAV coordinates. - * @return A URL to SCM. - * @throws IOException If something went wrong. - */ - public Optional findScmFor(GAV gav) throws IOException { - Model pom = loadPomFor(gav); - Scm scm = pom.getScm(); - if (scm == null) { - return Optional.empty(); - } - - return normalizeGitHubProjectPath(scm.getUrl()); - } - /** * The method tries to normalize and resolve a GitHub project path from the given URI syntax. * @@ -108,41 +91,6 @@ private static Optional extractProjectPath(String url) throws IllegalArg return Optional.ofNullable(uri.getPath()); } - /** - * Takes GAV coordinates to an artifact and looks for a corresponding GitHub project (maybe a - * mirror) that contains the source code. - * - * @param gav The GAV coordinates. - * @return A project on GitHub. - * @throws IOException If something went wrong. - */ - public Optional findGithubProjectFor(GAV gav) throws IOException { - Optional scm = findScmFor(gav); - if (scm.isPresent()) { - String url = scm.get(); - if (isOnGitHub(url)) { - return Optional.of(GitHubProject.parse(url)); - } - } - - return tryToGuessGitHubProjectFor(gav); - } - - /** - * Takes GAV coordinates and tries to guess a possible GitHub project. - * - * @param gav The GAV coordinates. - * @return A project on GitHub if it exists. - */ - public Optional tryToGuessGitHubProjectFor(GAV gav) { - Optional project = guessGitHubProjectFor(gav); - if (project.isPresent() && looksLikeValid(project.get())) { - return project; - } - - return Optional.empty(); - } - /** * Checks if a specified GitHub project is valid. * @@ -326,4 +274,56 @@ public static void main(String... args) throws IOException { System.out.println( project.isPresent() ? String.format("GitHub URL = %s", project.get()) : "No SCM found!"); } + + /** + * Takes GAV coordinates of an artifact and looks for a URL to its SCM. + * + * @param gav The GAV coordinates. + * @return A URL to SCM. + * @throws IOException If something went wrong. + */ + public Optional findScmFor(GAV gav) throws IOException { + Model pom = loadPomFor(gav); + Scm scm = pom.getScm(); + if (scm == null) { + return Optional.empty(); + } + + return normalizeGitHubProjectPath(scm.getUrl()); + } + + /** + * Takes GAV coordinates to an artifact and looks for a corresponding GitHub project (maybe a + * mirror) that contains the source code. + * + * @param gav The GAV coordinates. + * @return A project on GitHub. + * @throws IOException If something went wrong. + */ + public Optional findGithubProjectFor(GAV gav) throws IOException { + Optional scm = findScmFor(gav); + if (scm.isPresent()) { + String url = scm.get(); + if (isOnGitHub(url)) { + return Optional.of(GitHubProject.parse(url)); + } + } + + return tryToGuessGitHubProjectFor(gav); + } + + /** + * Takes GAV coordinates and tries to guess a possible GitHub project. + * + * @param gav The GAV coordinates. + * @return A project on GitHub if it exists. + */ + public Optional tryToGuessGitHubProjectFor(GAV gav) { + Optional project = guessGitHubProjectFor(gav); + if (project.isPresent() && looksLikeValid(project.get())) { + return project; + } + + return Optional.empty(); + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/MultipleRatingsCalculator.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/MultipleRatingsCalculator.java index 61c0822e6..001150ed8 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/MultipleRatingsCalculator.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/MultipleRatingsCalculator.java @@ -23,15 +23,15 @@ public class MultipleRatingsCalculator implements RatingCalculator { /** A calculator that calculates a rating for a single subject. */ private final RatingCalculator calculator; + /** A list of subjects for which a rating couldn't be calculated. */ + private final List failedSubjects = new ArrayList<>(); + /** A cache of processed subjects. */ private SubjectCache subjectCache = SubjectCache.empty(); /** A filename where the cache of subjects should be stored. */ private String subjectCacheFile; - /** A list of subjects for which a rating couldn't be calculated. */ - private final List failedSubjects = new ArrayList<>(); - /** * Initializes a new calculator that calculates ratings for multiple subjects. * diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/NpmScmFinder.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/NpmScmFinder.java index 9acf12659..c549ef0d9 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/NpmScmFinder.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/NpmScmFinder.java @@ -19,6 +19,23 @@ /** The class takes a name of an NPM package and looks for a URL to its SCM. */ public class NpmScmFinder { + /** + * Fetch JSON from a specified URL. + * + * @param url The URL. + * @return A {@link JsonNode}. + * @throws IOException If something went wrong. + */ + static JsonNode fetchJsonFrom(String url) throws IOException { + try (CloseableHttpClient client = HttpClients.createDefault()) { + HttpGet httpGetRequest = new HttpGet(url); + httpGetRequest.addHeader(HttpHeaders.ACCEPT, ContentType.APPLICATION_JSON.getMimeType()); + try (CloseableHttpResponse httpResponse = client.execute(httpGetRequest)) { + return Json.mapper().readTree(httpResponse.getEntity().getContent()); + } + } + } + /** * Takes a name of an NPM package and looks for its SCM on GitHub. * @@ -68,21 +85,4 @@ public Optional scmForNpm(String identifier) throws IOException { return Optional.empty(); } - - /** - * Fetch JSON from a specified URL. - * - * @param url The URL. - * @return A {@link JsonNode}. - * @throws IOException If something went wrong. - */ - static JsonNode fetchJsonFrom(String url) throws IOException { - try (CloseableHttpClient client = HttpClients.createDefault()) { - HttpGet httpGetRequest = new HttpGet(url); - httpGetRequest.addHeader(HttpHeaders.ACCEPT, ContentType.APPLICATION_JSON.getMimeType()); - try (CloseableHttpResponse httpResponse = client.execute(httpGetRequest)) { - return Json.mapper().readTree(httpResponse.getEntity().getContent()); - } - } - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/OssArtifactSecurityRatingHandler.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/OssArtifactSecurityRatingHandler.java index 084671100..99cde19af 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/OssArtifactSecurityRatingHandler.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/OssArtifactSecurityRatingHandler.java @@ -132,8 +132,7 @@ SingleRatingCalculator calculator() throws IOException { return Optional.of(subject); } - if (subject instanceof Artifact) { - Artifact artifact = (Artifact) subject; + if (subject instanceof Artifact artifact) { if (artifact.project().isPresent() && provider.supports(artifact.project().get())) { return Optional.of(artifact.project().get()); } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/ReportConfig.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/ReportConfig.java index 8d2730d7a..374930386 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/ReportConfig.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/ReportConfig.java @@ -5,14 +5,6 @@ /** A config for reporting. */ public class ReportConfig { - /** Types of reports. */ - public enum ReportType { - MARKDOWN, - JSON, - ISSUES, - JSON_REPORT - } - /** A type of a report. */ final ReportType type; @@ -38,4 +30,12 @@ public enum ReportType { this.where = where; this.source = source; } + + /** Types of reports. */ + public enum ReportType { + MARKDOWN, + JSON, + ISSUES, + JSON_REPORT + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/SubjectCache.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/SubjectCache.java index c6ce25c3c..1b4294b94 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/SubjectCache.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/SubjectCache.java @@ -29,6 +29,16 @@ public class SubjectCache { /** A lifetime of a cache entry in days. */ private long lifetime = DEFAULT_LIFETIME; + /** + * Initializes a new cache. The constructor is used for deserialization. + * + * @param cache A map with cache entries. + */ + @JsonCreator + private SubjectCache(@JsonProperty("cache") Map cache) { + this.cache = cache; + } + /** * Creates an empty cache. * @@ -39,13 +49,38 @@ public static SubjectCache empty() { } /** - * Initializes a new cache. The constructor is used for deserialization. + * Load a cache from a file. * - * @param cache A map with cache entries. + * @param filename A path to the file. + * @return A loaded cache. + * @throws IOException If something went wrong. */ - @JsonCreator - private SubjectCache(@JsonProperty("cache") Map cache) { - this.cache = cache; + public static SubjectCache load(String filename) throws IOException { + return load(Paths.get(filename)); + } + + /** + * Load a cache from a file. + * + * @param filename A path to the file. + * @return A loaded cache. + * @throws IOException If something went wrong. + */ + public static SubjectCache load(Path filename) throws IOException { + try (InputStream is = Files.newInputStream(filename)) { + return load(is); + } + } + + /** + * Load a cache from an input stream. + * + * @param is The input stream. + * @return A loaded cache. + * @throws IOException If something went wrong. + */ + public static SubjectCache load(InputStream is) throws IOException { + return Json.read(is, SubjectCache.class); } /** @@ -114,41 +149,6 @@ public Optional cachedRatingValueFor(Subject subject) { return Optional.of(ratingValue); } - /** - * Load a cache from a file. - * - * @param filename A path to the file. - * @return A loaded cache. - * @throws IOException If something went wrong. - */ - public static SubjectCache load(String filename) throws IOException { - return load(Paths.get(filename)); - } - - /** - * Load a cache from a file. - * - * @param filename A path to the file. - * @return A loaded cache. - * @throws IOException If something went wrong. - */ - public static SubjectCache load(Path filename) throws IOException { - try (InputStream is = Files.newInputStream(filename)) { - return load(is); - } - } - - /** - * Load a cache from an input stream. - * - * @param is The input stream. - * @return A loaded cache. - * @throws IOException If something went wrong. - */ - public static SubjectCache load(InputStream is) throws IOException { - return Json.read(is, SubjectCache.class); - } - /** * Stores a cache of subjects to a file. * diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/YesNoQuestion.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/YesNoQuestion.java index c2384e927..aa5776762 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/YesNoQuestion.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/YesNoQuestion.java @@ -6,12 +6,6 @@ /** Ask a questions and offers yes/no answers. */ public class YesNoQuestion { - /** Acceptable answers. */ - public enum Answer { - YES, - NO - } - /** A callback to interact with a user. */ private final UserCallback callback; @@ -54,4 +48,10 @@ public Answer ask() { } } } + + /** Acceptable answers. */ + public enum Answer { + YES, + NO + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/YesNoSkipQuestion.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/YesNoSkipQuestion.java index 22aaad8fa..7009ae1b9 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/YesNoSkipQuestion.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/YesNoSkipQuestion.java @@ -6,13 +6,6 @@ /** Ask a questions and offers yes/no/skip answers. */ public class YesNoSkipQuestion { - /** Acceptable answers. */ - public enum Answer { - YES, - NO, - SKIP - } - /** A callback to interact with a user. */ private final UserCallback callback; @@ -63,4 +56,11 @@ public Answer ask() { } } } + + /** Acceptable answers. */ + public enum Answer { + YES, + NO, + SKIP + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/AbstractMarkdownFormatter.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/AbstractMarkdownFormatter.java index 9431963f7..0afbb73b7 100755 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/AbstractMarkdownFormatter.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/AbstractMarkdownFormatter.java @@ -48,6 +48,66 @@ protected AbstractMarkdownFormatter(Advisor advisor) { super(advisor); } + /** + * Build a string that shows an actual value of a score value. The method takes care about unknown + * and not-applicable score values. + * + * @param scoreValue The score value. + * @return A string that represents the score value. + */ + public static MarkdownString actualValueOf(ScoreValue scoreValue) { + if (scoreValue.isNotApplicable()) { + return Markdown.string("N/A"); + } + + if (scoreValue.isUnknown()) { + return Markdown.string("unknown"); + } + + return Markdown.string(formatted(scoreValue.get())); + } + + /** + * Prints a link for a vulnerability if possible. + * + * @param vulnerability The vulnerability. + * @return A link for the vulnerability if available, or its identifier otherwise. + */ + private static MarkdownElement linkFor(Vulnerability vulnerability) { + if (vulnerability.id().startsWith("CVE-")) { + String url = format("https://nvd.nist.gov/vuln/detail/%s", vulnerability.id()); + return Markdown.link().to(url).withCaption(vulnerability.id()); + } + + return Markdown.string(vulnerability.id()); + } + + /** + * Builds a string with explanations for a score value if they are available. + * + * @param scoreValue The score value. + * @return A formatted string. + */ + static MarkdownElement explanationOf(ScoreValue scoreValue) { + List explanations = + scoreValue.explanation().stream().map(Markdown::string).collect(toList()); + return Markdown.join(explanations).delimitedBy(NEW_LINE); + } + + /** + * Looks for sub-score values that were used in a specified score value. + * + * @param scoreValue The score value. + * @return A list of sub-score values. + */ + private static List usedSubScoreValuesIn(ScoreValue scoreValue) { + return scoreValue.usedValues().stream() + .filter(value -> value instanceof ScoreValue) + .map(ScoreValue.class::cast) + .sorted(Collections.reverseOrder(Comparator.comparingDouble(ScoreValue::weight))) + .collect(Collectors.toList()); + } + /** * Returns a header for the advice section. * @@ -124,29 +184,9 @@ MarkdownLink formatted(Link link) { return Markdown.link().to(link.url).withCaption(link.name); } - /** - * Build a string that shows an actual value of a score value. The method takes care about unknown - * and not-applicable score values. - * - * @param scoreValue The score value. - * @return A string that represents the score value. - */ - public static MarkdownString actualValueOf(ScoreValue scoreValue) { - if (scoreValue.isNotApplicable()) { - return Markdown.string("N/A"); - } - - if (scoreValue.isUnknown()) { - return Markdown.string("unknown"); - } - - return Markdown.string(formatted(scoreValue.get())); - } - @Override public String actualValueOf(Value value) { - if (!value.isUnknown() && value.get() instanceof Vulnerabilities) { - Vulnerabilities vulnerabilities = (Vulnerabilities) value.get(); + if (!value.isUnknown() && value.get() instanceof Vulnerabilities vulnerabilities) { if (vulnerabilities.isEmpty()) { return "Not found"; } @@ -187,8 +227,7 @@ MarkdownElement infoAboutVulnerabilitiesIn(ScoreValue scoreValue) { continue; } - if (value.get() instanceof Vulnerabilities) { - Vulnerabilities vulnerabilities = (Vulnerabilities) value.get(); + if (value.get() instanceof Vulnerabilities vulnerabilities) { for (Vulnerability vulnerability : vulnerabilities) { uniqueVulnerabilities.add(vulnerability); } @@ -215,47 +254,6 @@ MarkdownElement infoAboutVulnerabilitiesIn(ScoreValue scoreValue) { return Markdown.orderedListOf(elements); } - /** - * Prints a link for a vulnerability if possible. - * - * @param vulnerability The vulnerability. - * @return A link for the vulnerability if available, or its identifier otherwise. - */ - private static MarkdownElement linkFor(Vulnerability vulnerability) { - if (vulnerability.id().startsWith("CVE-")) { - String url = format("https://nvd.nist.gov/vuln/detail/%s", vulnerability.id()); - return Markdown.link().to(url).withCaption(vulnerability.id()); - } - - return Markdown.string(vulnerability.id()); - } - - /** - * Builds a string with explanations for a score value if they are available. - * - * @param scoreValue The score value. - * @return A formatted string. - */ - static MarkdownElement explanationOf(ScoreValue scoreValue) { - List explanations = - scoreValue.explanation().stream().map(Markdown::string).collect(toList()); - return Markdown.join(explanations).delimitedBy(NEW_LINE); - } - - /** - * Looks for sub-score values that were used in a specified score value. - * - * @param scoreValue The score value. - * @return A list of sub-score values. - */ - private static List usedSubScoreValuesIn(ScoreValue scoreValue) { - return scoreValue.usedValues().stream() - .filter(value -> value instanceof ScoreValue) - .map(ScoreValue.class::cast) - .sorted(Collections.reverseOrder(Comparator.comparingDouble(ScoreValue::weight))) - .collect(Collectors.toList()); - } - /** * Builds a list of short descriptions of sub-score values for a specified score value. * diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/CommonFormatter.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/CommonFormatter.java index 1f903ed92..5b0192e1d 100755 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/CommonFormatter.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/CommonFormatter.java @@ -117,6 +117,12 @@ public abstract class CommonFormatter implements Formatter { private static final Map>, String> FEATURE_CLASS_TO_NAME = new HashMap<>(); + /** Maps a feature to its shorter name which should be used in output. */ + private static final Map, String> FEATURE_TO_NAME = new HashMap<>(); + + /** A formatter for doubles. */ + private static final DecimalFormat DECIMAL_FORMAT = new DecimalFormat("#.#"); + static { add(OssSecurityScore.class, "Security of project"); add(CommunityCommitmentScore.class, "Community commitment"); @@ -143,25 +149,6 @@ public abstract class CommonFormatter implements Formatter { add(SecurityReviewScore.class, "Security reviews"); } - /** - * Add a caption for a feature class to {@link #FEATURE_CLASS_TO_NAME}. - * - * @param clazz The feature class. - * @param caption The caption. - * @throws IllegalArgumentException If a caption for the feature has already been added. - */ - private static void add(Class> clazz, String caption) { - if (FEATURE_CLASS_TO_NAME.containsKey(clazz)) { - throw new IllegalArgumentException( - String.format( - "Oops! This feature class has already been added: %s", clazz.getSimpleName())); - } - FEATURE_CLASS_TO_NAME.put(clazz, caption); - } - - /** Maps a feature to its shorter name which should be used in output. */ - private static final Map, String> FEATURE_TO_NAME = new HashMap<>(); - static { add(HAS_SECURITY_TEAM, "Does it have a security team?"); add(HAS_SECURITY_POLICY, "Does it have a security policy?"); @@ -248,24 +235,6 @@ private static void add(Class> clazz, String caption) { add(USES_MYPY_SCAN_CHECKS, "Does it run MyPy scans on all commits?"); } - /** - * Add a caption for a feature to {@link #FEATURE_TO_NAME}. - * - * @param feature The feature. - * @param caption The caption. - * @throws IllegalArgumentException If a caption for the feature has already been added. - */ - private static void add(Feature feature, String caption) { - if (FEATURE_TO_NAME.containsKey(feature)) { - throw new IllegalArgumentException( - String.format("Oops! This feature has already been added: %s", feature.name())); - } - FEATURE_TO_NAME.put(feature, caption); - } - - /** A formatter for doubles. */ - private static final DecimalFormat DECIMAL_FORMAT = new DecimalFormat("#.#"); - static { DECIMAL_FORMAT.setMinimumFractionDigits(1); DECIMAL_FORMAT.setMaximumFractionDigits(2); @@ -283,6 +252,37 @@ protected CommonFormatter(Advisor advisor) { this.advisor = Objects.requireNonNull(advisor, "Oh no! Advisor is null!"); } + /** + * Add a caption for a feature class to {@link #FEATURE_CLASS_TO_NAME}. + * + * @param clazz The feature class. + * @param caption The caption. + * @throws IllegalArgumentException If a caption for the feature has already been added. + */ + private static void add(Class> clazz, String caption) { + if (FEATURE_CLASS_TO_NAME.containsKey(clazz)) { + throw new IllegalArgumentException( + String.format( + "Oops! This feature class has already been added: %s", clazz.getSimpleName())); + } + FEATURE_CLASS_TO_NAME.put(clazz, caption); + } + + /** + * Add a caption for a feature to {@link #FEATURE_TO_NAME}. + * + * @param feature The feature. + * @param caption The caption. + * @throws IllegalArgumentException If a caption for the feature has already been added. + */ + private static void add(Feature feature, String caption) { + if (FEATURE_TO_NAME.containsKey(feature)) { + throw new IllegalArgumentException( + String.format("Oops! This feature has already been added: %s", feature.name())); + } + FEATURE_TO_NAME.put(feature, caption); + } + /** * Returns a human-readable label for a confidence. * @@ -315,6 +315,31 @@ static String weightLabel(double weight) { return "High"; } + /** + * Loads a resource. + * + * @param resource A name of the resource. + * @param clazz A class for loading the resource. + * @return The content of the resource. + */ + static String loadFrom(String resource, Class clazz) { + try (InputStream is = clazz.getResourceAsStream(resource)) { + return IOUtils.toString(is, StandardCharsets.UTF_8); + } catch (IOException e) { + throw new UncheckedIOException("Holy moly! Could not load template!", e); + } + } + + /** + * Formats a double. + * + * @param n The double to be formatted. + * @return A formatted string. + */ + static String formatted(double n) { + return DECIMAL_FORMAT.format(n); + } + /** * Figures out how a name of a feature should be printed out. * @@ -348,47 +373,18 @@ public String actualValueOf(Value value) { return "unknown"; } - if (value instanceof BooleanValue) { - BooleanValue booleanValue = (BooleanValue) value; + if (value instanceof BooleanValue booleanValue) { return booleanValue.get() ? "Yes" : "No"; } - if (value instanceof OwaspDependencyCheckUsageValue) { - OwaspDependencyCheckUsageValue usageValue = (OwaspDependencyCheckUsageValue) value; + if (value instanceof OwaspDependencyCheckUsageValue usageValue) { return StringUtils.capitalize(usageValue.get().toString().replace("_", " ").toLowerCase()); } - if (value instanceof OwaspDependencyCheckCvssThresholdValue) { - OwaspDependencyCheckCvssThresholdValue threshold = - (OwaspDependencyCheckCvssThresholdValue) value; + if (value instanceof OwaspDependencyCheckCvssThresholdValue threshold) { return threshold.specified() ? String.valueOf(threshold.get()) : "Not specified"; } return value.get().toString(); } - - /** - * Loads a resource. - * - * @param resource A name of the resource. - * @param clazz A class for loading the resource. - * @return The content of the resource. - */ - static String loadFrom(String resource, Class clazz) { - try (InputStream is = clazz.getResourceAsStream(resource)) { - return IOUtils.toString(is, StandardCharsets.UTF_8); - } catch (IOException e) { - throw new UncheckedIOException("Holy moly! Could not load template!", e); - } - } - - /** - * Formats a double. - * - * @param n The double to be formatted. - * @return A formatted string. - */ - static String formatted(double n) { - return DECIMAL_FORMAT.format(n); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/JsonPrettyPrinter.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/JsonPrettyPrinter.java index 6a201c0b0..5151870f0 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/JsonPrettyPrinter.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/JsonPrettyPrinter.java @@ -50,42 +50,6 @@ public JsonPrettyPrinter(Advisor advisor) { super(advisor); } - @Override - public String print(Subject subject) { - if (!subject.ratingValue().isPresent()) { - return StringUtils.EMPTY; - } - RatingValue ratingValue = subject.ratingValue().get(); - Rating rating = from(ratingValue, subject); - rating.advices(adviceFor(subject)); - StringBuilder output = new StringBuilder(); - try { - output.append(mapper.writerWithDefaultPrettyPrinter().writeValueAsString(rating)); - } catch (JsonProcessingException e) { - throw new UncheckedIOException( - "Oops! Could not parse the rating value object to Json string!", e); - } - - return output.toString(); - } - - /** - * Extract advices for a subject. - * - * @param subject The subject. - * @return Advices collected form a subject. - */ - private List adviceFor(Subject subject) { - try { - return advisor.adviceFor(subject).stream() - .map(JsonPrettyPrinter::from) - .collect(Collectors.toList()); - } catch (IOException e) { - LOGGER.warn("Oops! Could not collect advices!", e); - return emptyList(); - } - } - /** * Map Advice to serializable class. * @@ -203,4 +167,40 @@ public static String tellMeActualValueOf(Value value) { public static String printValue(double value) { return String.format("%-4s", DECIMAL_FORMAT.format(value)); } + + @Override + public String print(Subject subject) { + if (!subject.ratingValue().isPresent()) { + return StringUtils.EMPTY; + } + RatingValue ratingValue = subject.ratingValue().get(); + Rating rating = from(ratingValue, subject); + rating.advices(adviceFor(subject)); + StringBuilder output = new StringBuilder(); + try { + output.append(mapper.writerWithDefaultPrettyPrinter().writeValueAsString(rating)); + } catch (JsonProcessingException e) { + throw new UncheckedIOException( + "Oops! Could not parse the rating value object to Json string!", e); + } + + return output.toString(); + } + + /** + * Extract advices for a subject. + * + * @param subject The subject. + * @return Advices collected form a subject. + */ + private List adviceFor(Subject subject) { + try { + return advisor.adviceFor(subject).stream() + .map(JsonPrettyPrinter::from) + .collect(Collectors.toList()); + } catch (IOException e) { + LOGGER.warn("Oops! Could not collect advices!", e); + return emptyList(); + } + } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/MarkdownList.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/MarkdownList.java index ba6c07f66..7bdd5bac5 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/MarkdownList.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/MarkdownList.java @@ -41,8 +41,7 @@ public String make() { StringBuilder content = new StringBuilder(); String indent = repeat(" ", prefix.length()); for (MarkdownElement element : elements) { - if (element instanceof GroupedMarkdownElements) { - GroupedMarkdownElements nestedElements = (GroupedMarkdownElements) element; + if (element instanceof GroupedMarkdownElements nestedElements) { Iterator iterator = nestedElements.get().iterator(); if (!iterator.hasNext()) { continue; diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/MarkdownTemplate.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/MarkdownTemplate.java index 22a0ff7d8..1dd970df6 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/MarkdownTemplate.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/MarkdownTemplate.java @@ -33,7 +33,7 @@ public MarkdownTemplate(String template, MarkdownElement... parameters) { @Override public String make() { - String[] renderedParameters = new String[parameters.size()]; + Object[] renderedParameters = new String[parameters.size()]; for (int i = 0; i < parameters.size(); i++) { renderedParameters[i] = parameters.get(i).make(); } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/OssArtifactSecurityRatingMarkdownFormatter.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/OssArtifactSecurityRatingMarkdownFormatter.java index fdb0d61d9..74bc2ccca 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/OssArtifactSecurityRatingMarkdownFormatter.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/OssArtifactSecurityRatingMarkdownFormatter.java @@ -35,15 +35,6 @@ public OssArtifactSecurityRatingMarkdownFormatter(Advisor advisor) { this(advisor, DEFAULT_RATING_VALUE_TEMPLATE); } - @Override - public String print(Subject subject) { - if (!subject.ratingValue().isPresent()) { - return StringUtils.EMPTY; - } - - return print(subject.ratingValue().get(), markdownAdviceFor(subject)); - } - /** * Create a new formatter. * @@ -55,6 +46,15 @@ public OssArtifactSecurityRatingMarkdownFormatter(Advisor advisor, String templa this.template = Objects.requireNonNull(template, "Oh no! Template can't be null!"); } + @Override + public String print(Subject subject) { + if (!subject.ratingValue().isPresent()) { + return StringUtils.EMPTY; + } + + return print(subject.ratingValue().get(), markdownAdviceFor(subject)); + } + protected String print(RatingValue ratingValue, MarkdownElement advice) { Objects.requireNonNull(ratingValue, "Hey! Rating can't be null!"); diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/OssRulesOfPlayRatingMarkdownFormatter.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/OssRulesOfPlayRatingMarkdownFormatter.java index 226e6b6ba..d30420db3 100755 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/OssRulesOfPlayRatingMarkdownFormatter.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/OssRulesOfPlayRatingMarkdownFormatter.java @@ -133,6 +133,209 @@ public OssRulesOfPlayRatingMarkdownFormatter( this.template = template; } + /** + * Looks for advice for a specified rule. + * + * @param rule The rule. + * @param adviceList A list of advice. + * @return A sub-list of advice that apply to the rule. + */ + private static List selectAdviceFor(Value rule, List adviceList) { + return adviceList.stream().filter(advice -> advice.value().equals(rule)).collect(toList()); + } + + /** + * Looks for violations in a rating value. + * + * @param ratingValue The rating value. + * @return A list of violations. + */ + private static List> violationsIn(RatingValue ratingValue) { + return findViolatedRulesIn(ratingValue.scoreValue().usedValues()); + } + + /** + * Looks for warnings in a rating value. + * + * @param ratingValue The rating value. + * @return A list of warnings. + */ + private static List> warningsIn(RatingValue ratingValue) { + return findWarningsIn(ratingValue.scoreValue().usedValues()); + } + + /** + * Looks for passed rules in a rating value. + * + * @param ratingValue The raging value. + * @return A list of passed rules. + */ + private static List> passedRulesIn(RatingValue ratingValue) { + List> violatedRules = violationsIn(ratingValue); + List> warnings = warningsIn(ratingValue); + + return ratingValue.scoreValue().usedValues().stream() + .filter(rule -> !violatedRules.contains(rule)) + .filter(rule -> !warnings.contains(rule)) + .filter(rule -> !rule.isUnknown()) + .map(value -> (Value) value) + .collect(toList()); + } + + /** + * Looks for unclear rules in a rating value. + * + * @param ratingValue The rating value. + * @return A list of unclear rules. + */ + private static List> unclearRulesIn(RatingValue ratingValue) { + return ratingValue.scoreValue().usedValues().stream() + .filter(Value::isUnknown) + .map(value -> (Value) value) + .collect(toList()); + } + + /** + * Prints our a label of the OSS Rules of Play rating. + * + * @param label The label to be printed. + * @return A formatted label. + * @throws IllegalArgumentException In case of unknown label. + */ + public static String formatted(Label label) { + if (!OssRulesOfPlayRating.OssRulesOfPlayLabel.class.equals(label.getClass())) { + throw new IllegalArgumentException("Oops! Unknown label!"); + } + + switch ((OssRulesOfPlayRating.OssRulesOfPlayLabel) label) { + case FAILED: + return "Failed"; + case PASSED: + return "Passed"; + case PASSED_WITH_WARNING: + return "Passed with warnings"; + case UNCLEAR: + return "Not clear"; + default: + throw new IllegalArgumentException(format("Oops! Unexpected label: %s", label)); + } + } + + /** + * Looks for a configuration file. + * + * @return The config if found. + * @throws UncheckedIOException If something went wrong. + */ + private static Optional loadConfig() throws IOException { + Class clazz = OssRulesOfPlayRatingMarkdownFormatter.class; + for (String name : asList(clazz.getSimpleName(), clazz.getCanonicalName())) { + for (String suffix : asList("yml", "yaml")) { + Path path = Paths.get(format("%s.config.%s", name, suffix)); + if (Files.isRegularFile(path)) { + return Optional.of(loadConfigFrom(path)); + } + } + } + + return Optional.empty(); + } + + /** + * Load a config from a file. + * + * @param path The file. + * @return A config. + * @throws IOException If the config could not be loaded. + */ + private static JsonNode loadConfigFrom(Path path) throws IOException { + try (BufferedReader reader = Files.newBufferedReader(path)) { + return Yaml.mapper().readTree(reader); + } + } + + /** + * Load rule IDs from a config. + * + * @param config The config. + * @return A map with rule IDs. + * @throws IOException If something went wrong. + */ + private static Map, String> readRuleIdsFrom(JsonNode config) throws IOException { + if (!config.has("ruleIds")) { + return emptyMap(); + } + + if (!config.isObject()) { + throw new IOException("Oops! ruleIds is not an object!"); + } + + OssRulesOfPlayRating rating = RatingRepository.INSTANCE.rating(OssRulesOfPlayRating.class); + + Map, String> map = new HashMap<>(); + Set ruleIds = new HashSet<>(); + + Iterator ruleIdIterator = config.get("ruleIds").fieldNames(); + while (ruleIdIterator.hasNext()) { + String ruleId = ruleIdIterator.next(); + + if (ruleIds.contains(ruleId)) { + throw new IOException(format("Oops! Duplicate rule ID: %s", ruleId)); + } + + JsonNode node = config.get("ruleIds").get(ruleId); + if (!node.isTextual()) { + throw new IOException(format("Oops! '%s' is not a string!", ruleId)); + } + + String featureName = node.asText(); + boolean found = false; + for (Feature feature : rating.allFeatures()) { + if (!BooleanFeature.class.equals(feature.getClass())) { + throw new IOException(format("Oops! Not a boolean feature: %s", featureName)); + } + + if (!feature.name().equals(featureName)) { + continue; + } + + if (map.containsKey(feature)) { + throw new IOException(format("Oops! Duplicate feature: %s", featureName)); + } + + map.put((BooleanFeature) feature, ruleId); + ruleIds.add(ruleId); + found = true; + break; + } + + if (!found) { + throw new IOException(format("Oops! Could not find this feature: %s", featureName)); + } + } + + return map; + } + + /** + * Load rule documentation URI from a config. + * + * @param config The config. + * @return The rule documentation URL. + * @throws IOException If something went wrong. + */ + private static String readRuleDocumentationUrlFrom(JsonNode config) throws IOException { + if (!config.has("documentationUrl")) { + return EMPTY; + } + + if (!config.isObject()) { + throw new IOException("Oops! Configuration is not an object!"); + } + + return config.get("documentationUrl").asText(); + } + /** * Return the URL to docs if available. * @@ -189,17 +392,6 @@ private List adviceFor(List rules) { .collect(toList()); } - /** - * Looks for advice for a specified rule. - * - * @param rule The rule. - * @param adviceList A list of advice. - * @return A sub-list of advice that apply to the rule. - */ - private static List selectAdviceFor(Value rule, List adviceList) { - return adviceList.stream().filter(advice -> advice.value().equals(rule)).collect(toList()); - } - /** * Make a Markdown-formatted document that contains advice for specified rules. * @@ -273,57 +465,6 @@ private String adviceTextFor(Value rule, List adviceList) { return Markdown.join(elements).delimitedBy(DOUBLE_NEW_LINE).make(); } - /** - * Looks for violations in a rating value. - * - * @param ratingValue The rating value. - * @return A list of violations. - */ - private static List> violationsIn(RatingValue ratingValue) { - return findViolatedRulesIn(ratingValue.scoreValue().usedValues()); - } - - /** - * Looks for warnings in a rating value. - * - * @param ratingValue The rating value. - * @return A list of warnings. - */ - private static List> warningsIn(RatingValue ratingValue) { - return findWarningsIn(ratingValue.scoreValue().usedValues()); - } - - /** - * Looks for passed rules in a rating value. - * - * @param ratingValue The raging value. - * @return A list of passed rules. - */ - private static List> passedRulesIn(RatingValue ratingValue) { - List> violatedRules = violationsIn(ratingValue); - List> warnings = warningsIn(ratingValue); - - return ratingValue.scoreValue().usedValues().stream() - .filter(rule -> !violatedRules.contains(rule)) - .filter(rule -> !warnings.contains(rule)) - .filter(rule -> !rule.isUnknown()) - .map(value -> (Value) value) - .collect(toList()); - } - - /** - * Looks for unclear rules in a rating value. - * - * @param ratingValue The rating value. - * @return A list of unclear rules. - */ - private static List> unclearRulesIn(RatingValue ratingValue) { - return ratingValue.scoreValue().usedValues().stream() - .filter(Value::isUnknown) - .map(value -> (Value) value) - .collect(toList()); - } - /** * Format a boolean value. * @@ -404,147 +545,6 @@ private String formatted(Value value) { return format("%s **%s**", nameOf(value.feature()), printValueAnswer(value)); } - /** - * Prints our a label of the OSS Rules of Play rating. - * - * @param label The label to be printed. - * @return A formatted label. - * @throws IllegalArgumentException In case of unknown label. - */ - public static String formatted(Label label) { - if (!OssRulesOfPlayRating.OssRulesOfPlayLabel.class.equals(label.getClass())) { - throw new IllegalArgumentException("Oops! Unknown label!"); - } - - switch ((OssRulesOfPlayRating.OssRulesOfPlayLabel) label) { - case FAILED: - return "Failed"; - case PASSED: - return "Passed"; - case PASSED_WITH_WARNING: - return "Passed with warnings"; - case UNCLEAR: - return "Not clear"; - default: - throw new IllegalArgumentException(format("Oops! Unexpected label: %s", label)); - } - } - - /** - * Looks for a configuration file. - * - * @return The config if found. - * @throws UncheckedIOException If something went wrong. - */ - private static Optional loadConfig() throws IOException { - Class clazz = OssRulesOfPlayRatingMarkdownFormatter.class; - for (String name : asList(clazz.getSimpleName(), clazz.getCanonicalName())) { - for (String suffix : asList("yml", "yaml")) { - Path path = Paths.get(format("%s.config.%s", name, suffix)); - if (Files.isRegularFile(path)) { - return Optional.of(loadConfigFrom(path)); - } - } - } - - return Optional.empty(); - } - - /** - * Load a config from a file. - * - * @param path The file. - * @return A config. - * @throws IOException If the config could not be loaded. - */ - private static JsonNode loadConfigFrom(Path path) throws IOException { - try (BufferedReader reader = Files.newBufferedReader(path)) { - return Yaml.mapper().readTree(reader); - } - } - - /** - * Load rule IDs from a config. - * - * @param config The config. - * @return A map with rule IDs. - * @throws IOException If something went wrong. - */ - private static Map, String> readRuleIdsFrom(JsonNode config) throws IOException { - if (!config.has("ruleIds")) { - return emptyMap(); - } - - if (!config.isObject()) { - throw new IOException("Oops! ruleIds is not an object!"); - } - - OssRulesOfPlayRating rating = RatingRepository.INSTANCE.rating(OssRulesOfPlayRating.class); - - Map, String> map = new HashMap<>(); - Set ruleIds = new HashSet<>(); - - Iterator ruleIdIterator = config.get("ruleIds").fieldNames(); - while (ruleIdIterator.hasNext()) { - String ruleId = ruleIdIterator.next(); - - if (ruleIds.contains(ruleId)) { - throw new IOException(format("Oops! Duplicate rule ID: %s", ruleId)); - } - - JsonNode node = config.get("ruleIds").get(ruleId); - if (!node.isTextual()) { - throw new IOException(format("Oops! '%s' is not a string!", ruleId)); - } - - String featureName = node.asText(); - boolean found = false; - for (Feature feature : rating.allFeatures()) { - if (!BooleanFeature.class.equals(feature.getClass())) { - throw new IOException(format("Oops! Not a boolean feature: %s", featureName)); - } - - if (!feature.name().equals(featureName)) { - continue; - } - - if (map.containsKey(feature)) { - throw new IOException(format("Oops! Duplicate feature: %s", featureName)); - } - - map.put((BooleanFeature) feature, ruleId); - ruleIds.add(ruleId); - found = true; - break; - } - - if (!found) { - throw new IOException(format("Oops! Could not find this feature: %s", featureName)); - } - } - - return map; - } - - /** - * Load rule documentation URI from a config. - * - * @param config The config. - * @return The rule documentation URL. - * @throws IOException If something went wrong. - */ - private static String readRuleDocumentationUrlFrom(JsonNode config) throws IOException { - if (!config.has("documentationUrl")) { - return EMPTY; - } - - if (!config.isObject()) { - throw new IOException("Oops! Configuration is not an object!"); - } - - return config.get("documentationUrl").asText(); - } - /** * This class holds Markdown elements for one rule. The elements may be rendered in different * parts of the report. diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/PrettyPrinter.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/PrettyPrinter.java index be60adcc1..e56ab4232 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/PrettyPrinter.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/format/PrettyPrinter.java @@ -43,6 +43,20 @@ public class PrettyPrinter extends CommonFormatter { DECIMAL_FORMAT.setMaximumFractionDigits(2); } + /** A flag that turns on verbose output. */ + private final boolean verbose; + + /** + * Creates a new {@link PrettyPrinter}. + * + * @param verbose A flag that turns on verbose output. + * @param advisor An advisor. + */ + private PrettyPrinter(boolean verbose, Advisor advisor) { + super(advisor); + this.verbose = verbose; + } + /** * Creates a new {@link PrettyPrinter} that doesn't print all the details. * @@ -62,18 +76,53 @@ public static PrettyPrinter withVerboseOutput(Advisor advisor) { return new PrettyPrinter(true, advisor); } - /** A flag that turns on verbose output. */ - private final boolean verbose; + /** + * Prints an actual value of a score value. The method takes care about unknown and not-applicable + * score values. + * + * @param scoreValue The score value. + * @return A string that represents the score value. + */ + public static String tellMeActualValueOf(ScoreValue scoreValue) { + if (scoreValue.isNotApplicable()) { + return "N/A"; + } + + if (scoreValue.isUnknown()) { + return "unknown"; + } + + return printValueAndMax(scoreValue.get(), Score.MAX); + } /** - * Creates a new {@link PrettyPrinter}. + * Prints out a number with its max value. * - * @param verbose A flag that turns on verbose output. - * @param advisor An advisor. + * @param value The number. + * @param max The max value. + * @return A formatted string with the number and max value. */ - private PrettyPrinter(boolean verbose, Advisor advisor) { - super(advisor); - this.verbose = verbose; + public static String printValueAndMax(double value, double max) { + return String.format( + "%-4s out of %4s", DECIMAL_FORMAT.format(value), DECIMAL_FORMAT.format(max)); + } + + /** + * Adds a number of specified characters to the end of a string to make it fit to the specified + * length. + * + * @param string The original string. + * @param c The character to be appended. + * @param length The final length of the string. + * @return A string with appended characters if the length of the original string is less than the + * specified length, otherwise the original string. + */ + private static String append(String string, char c, int length) { + StringBuilder sb = new StringBuilder(string); + while (sb.length() <= length) { + sb.append(c); + } + return sb.toString(); } @Override @@ -92,20 +141,18 @@ public String print(Subject subject) { * @return A formatted rating value. */ public String print(RatingValue ratingValue) { - StringBuilder sb = new StringBuilder(); - sb.append(String.format("Here is how the rating was calculated:%n")); - sb.append(print(ratingValue.scoreValue(), INDENT_STEP, true, new HashSet<>())); - sb.append("\n"); - sb.append( - String.format( - "Rating: %s -> %s%n", - tellMeActualValueOf(ratingValue.scoreValue()), ratingValue.label())); - sb.append( - String.format( - "Confidence: %s (%s)%n", - confidenceLabelFor(ratingValue.confidence()), - printValueAndMax(ratingValue.confidence(), Confidence.MAX))); - return sb.toString(); + String sb = + String.format("Here is how the rating was calculated:%n") + + print(ratingValue.scoreValue(), INDENT_STEP, true, new HashSet<>()) + + "\n" + + String.format( + "Rating: %s -> %s%n", + tellMeActualValueOf(ratingValue.scoreValue()), ratingValue.label()) + + String.format( + "Confidence: %s (%s)%n", + confidenceLabelFor(ratingValue.confidence()), + printValueAndMax(ratingValue.confidence(), Confidence.MAX)); + return sb; } /** @@ -314,53 +361,4 @@ private boolean shouldPrintExplanationFor(ScoreValue scoreValue) { private boolean shouldPrint(List> featureValues) { return verbose && !featureValues.isEmpty(); } - - /** - * Prints an actual value of a score value. The method takes care about unknown and not-applicable - * score values. - * - * @param scoreValue The score value. - * @return A string that represents the score value. - */ - public static String tellMeActualValueOf(ScoreValue scoreValue) { - if (scoreValue.isNotApplicable()) { - return "N/A"; - } - - if (scoreValue.isUnknown()) { - return "unknown"; - } - - return printValueAndMax(scoreValue.get(), Score.MAX); - } - - /** - * Prints out a number with its max value. - * - * @param value The number. - * @param max The max value. - * @return A formatted string with the number and max value. - */ - public static String printValueAndMax(double value, double max) { - return String.format( - "%-4s out of %4s", DECIMAL_FORMAT.format(value), DECIMAL_FORMAT.format(max)); - } - - /** - * Adds a number of specified characters to the end of a string to make it fit to the specified - * length. - * - * @param string The original string. - * @param c The character to be appended. - * @param length The final length of the string. - * @return A string with appended characters if the length of the original string is less than the - * specified length, otherwise the original string. - */ - private static String append(String string, char c, int length) { - StringBuilder sb = new StringBuilder(string); - while (sb.length() <= length) { - sb.append(c); - } - return sb.toString(); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/AbstractReporter.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/AbstractReporter.java index 78d52d57a..673c77bb3 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/AbstractReporter.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/AbstractReporter.java @@ -62,6 +62,20 @@ static List merge( return allProjects; } + /** + * Loads a resource. + * + * @param name A name of the resource. + * @return The content of the resource. + */ + static String loadFrom(String name, Class clazz) { + try (InputStream is = clazz.getResourceAsStream(name)) { + return IOUtils.toString(is, StandardCharsets.UTF_8); + } catch (IOException e) { + throw new UncheckedIOException("Holy moly! Could not load template!", e); + } + } + /** * Loads projects from a JSON file. If the file doesn't exist, then the method returns an empty * list. @@ -97,18 +111,4 @@ List loadProjects(Path extraSourceFileName) throws IOException { return Json.mapper().readValue(is, LIST_OF_GITHUB_PROJECTS_TYPE); } } - - /** - * Loads a resource. - * - * @param name A name of the resource. - * @return The content of the resource. - */ - static String loadFrom(String name, Class clazz) { - try (InputStream is = clazz.getResourceAsStream(name)) { - return IOUtils.toString(is, StandardCharsets.UTF_8); - } catch (IOException e) { - throw new UncheckedIOException("Holy moly! Could not load template!", e); - } - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/OssRulesOfPlayMarkdownReporter.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/OssRulesOfPlayMarkdownReporter.java index 9a94d209e..19039c733 100755 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/OssRulesOfPlayMarkdownReporter.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/OssRulesOfPlayMarkdownReporter.java @@ -79,6 +79,38 @@ public OssRulesOfPlayMarkdownReporter(String outputDirectory, Advisor advisor) this.formatter = new OssRulesOfPlayRatingMarkdownFormatter(advisor); } + /** + * Prints a name of a project. + * + * @param project The project. + * @return A formatted name of the project. + */ + private static String nameOf(GitHubProject project) { + return String.format( + "[%s/%s](%s)", project.organization().name(), project.name(), project.scm().toString()); + } + + /** + * Prints a formatted number of violated rules for a project. + * + * @param project The project. + * @return A formatted number of violated rules for the project. + */ + private static String numberOfViolatedRulesIn(GitHubProject project) { + Optional ratingValue = project.ratingValue(); + if (!ratingValue.isPresent()) { + return "UNKNOWN"; + } + + int n = findViolatedRulesIn(ratingValue.get().scoreValue().usedValues()).size(); + + if (n == 0) { + return "No violated rules"; + } + + return String.format("%d violated rule%s", n, n > 1 ? "s" : ""); + } + @Override public void runFor(List projects) throws IOException { @@ -226,17 +258,6 @@ private String rowFor(GitHubProject project) { .replace("%NUMBER_OF_VIOLATED_RULES%", numberOfViolatedRulesIn(project)); } - /** - * Prints a name of a project. - * - * @param project The project. - * @return A formatted name of the project. - */ - private static String nameOf(GitHubProject project) { - return String.format( - "[%s/%s](%s)", project.organization().name(), project.name(), project.scm().toString()); - } - /** * Prints a status of a project. * @@ -254,25 +275,4 @@ private String statusOf(GitHubProject project) { project.organization().name(), project.name()); } - - /** - * Prints a formatted number of violated rules for a project. - * - * @param project The project. - * @return A formatted number of violated rules for the project. - */ - private static String numberOfViolatedRulesIn(GitHubProject project) { - Optional ratingValue = project.ratingValue(); - if (!ratingValue.isPresent()) { - return "UNKNOWN"; - } - - int n = findViolatedRulesIn(ratingValue.get().scoreValue().usedValues()).size(); - - if (n == 0) { - return "No violated rules"; - } - - return String.format("%d violated rule%s", n, n > 1 ? "s" : ""); - } } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingMarkdownReporter.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingMarkdownReporter.java index 42d71859a..003071f38 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingMarkdownReporter.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingMarkdownReporter.java @@ -35,20 +35,9 @@ public class OssSecurityRatingMarkdownReporter extends AbstractReporter projects) throws IOException { - List allProjects = merge(projects, extraProjects); - - Map stars = new HashMap<>(); - for (GitHubProject project : allProjects) { - stars.put(project, starsOf(project)); - } - allProjects.sort(Collections.reverseOrder(Comparator.comparingInt(stars::get))); - - StringBuilder projectsTable = new StringBuilder(); - Statistics statistics = new Statistics(); - for (GitHubProject project : allProjects) { - String projectPath = project.scm().getPath().replaceFirst("/", ""); - - Path organizationDirectory = outputDirectory.resolve(project.organization().name()); - if (!Files.isDirectory(organizationDirectory)) { - Files.createDirectories(organizationDirectory); - } - - String relativePathToDetails = - String.format( - "%s/%s", - project.organization().name(), - writeReport(project, projectPath, organizationDirectory)); - - String labelLink = String.format(LINK_TEMPLATE, labelOf(project), relativePathToDetails); - String nameLink = String.format(LINK_TEMPLATE, nameOf(project), relativePathToDetails); - - Integer numberOfStars = stars.get(project); - String numberOfStarsString = - numberOfStars != null && numberOfStars >= 0 ? numberOfStars.toString() : UNKNOWN; - String numberOfStarsLink = String.format(LINK_TEMPLATE, numberOfStarsString, project.scm()); - - String line = - PROJECT_LINE_TEMPLATE - .replace("%NAME%", nameLink) - .replace("%STARS%", numberOfStarsLink) - .replace("%SCORE%", scoreOf(project)) - .replace("%LABEL%", labelLink) - .replace("%CONFIDENCE%", confidenceOf(project)) - .replace("%DATE%", lastUpdateOf(project)); - projectsTable.append(line).append("\n"); - - statistics.add(project); - } - - Path path = outputDirectory.resolve(REPORT_FILENAME); - logger.info("Storing a report to {}", path); - Files.write(path, buildReportWith(projectsTable.toString(), statistics).getBytes()); - } - - /** - * Write the report of the associated project. - * - * @param project The GitHub project to get the rating. - * @param projectPath The path to the project output. - * @param organizationDirectory The path of the organization folder to write the projects' - * reports. - * @return The file name of the report. - */ - protected String writeReport( - GitHubProject project, String projectPath, Path organizationDirectory) throws IOException { - String details = - PROJECT_DETAILS_TEMPLATE - .replace("%PROJECT_URL%", project.scm().toString()) - .replace( - "%UPDATED_DATE%", - project.ratingValueDate().map(DATE_FORMAT::format).orElse(UNKNOWN)) - .replace("%PROJECT_NAME%", projectPath) - .replace("%DETAILS%", detailsOf(project)); - - String projectReportFilename = String.format("%s.md", project.name()); - Files.write(organizationDirectory.resolve(projectReportFilename), details.getBytes()); - - return projectReportFilename; - } - - /** Return the formatter to be used to generate the project details. */ - protected Formatter formatter() { - return formatter; - } - /** * Prints out a name of a project. * @@ -281,39 +198,6 @@ protected static String insert(String string, int n, String content) { return sb.toString(); } - /** - * Builds a report for projects. - * - * @param table A content of the table with projects. - * @param statistics Statistics about the projects. - * @return The report. - * @throws IOException If something went wrong. - */ - protected String buildReportWith(String table, Statistics statistics) throws IOException { - try (InputStream is = - OssSecurityRatingMarkdownReporter.class.getResourceAsStream( - "OssSecurityRatingMarkdownReporterMainTemplate.md")) { - - String template = IOUtils.toString(is, StandardCharsets.UTF_8); - return template - .replace("%PROJECT_TABLE%", table) - .replace("%NUMBER_OF_PROJECTS%", String.valueOf(statistics.total)) - .replace("%NUMBER_BAD_RATINGS%", String.valueOf(statistics.badRatings)) - .replace("%NUMBER_MODERATE_RATINGS%", String.valueOf(statistics.moderateRatings)) - .replace("%NUMBER_GOOD_RATINGS%", String.valueOf(statistics.goodRatings)) - .replace("%NUMBER_UNKNOWN_RATINGS%", String.valueOf(statistics.unknownRatings)) - .replace("%NUMBER_UNCLEAR_RATINGS%", String.valueOf(statistics.unclearRatings)) - .replace("%PERCENT_BAD_RATINGS%", printPercent(statistics.badRatingsPercent())) - .replace("%PERCENT_MODERATE_RATINGS%", printPercent(statistics.moderateRatingsPercent())) - .replace("%PERCENT_GOOD_RATINGS%", printPercent(statistics.goodRatingsPercent())) - .replace("%PERCENT_UNCLEAR_RATINGS%", printPercent(statistics.unclearRatingsPercent())) - .replace("%PERCENT_UNKNOWN_RATINGS%", printPercent(statistics.unknownRatingsPercent())) - .replaceAll("%MODERATE_THRESHOLD%", format(rating.thresholds().forModerate())) - .replaceAll("%GOOD_THRESHOLD%", format(rating.thresholds().forGood())) - .replaceAll("%UNCLEAR_THRESHOLD%", format(rating.thresholds().forUnclear())); - } - } - /** * Formats a percent value. * @@ -334,19 +218,6 @@ private static String format(double value) { return DECIMAL_FORMAT.format(value); } - /** - * Prepares a description how a rating was calculated for a project. - * - * @param project The project. - * @return The details of the rating calculation. - */ - protected String detailsOf(GitHubProject project) { - if (!project.ratingValue().isPresent()) { - return UNKNOWN; - } - return formatter.print(project); - } - /** Formats a date when a rating was calculated for a project. */ protected static String lastUpdateOf(GitHubProject project) { return project.ratingValueDate().map(DATE_FORMAT::format).orElse(UNKNOWN); @@ -450,6 +321,135 @@ private static int stars(ScoreValue scoreValue) { return UNKNOWN_NUMBER_OF_STARS; } + @Override + public void runFor(List projects) throws IOException { + List allProjects = merge(projects, extraProjects); + + Map stars = new HashMap<>(); + for (GitHubProject project : allProjects) { + stars.put(project, starsOf(project)); + } + allProjects.sort(Collections.reverseOrder(Comparator.comparingInt(stars::get))); + + StringBuilder projectsTable = new StringBuilder(); + Statistics statistics = new Statistics(); + for (GitHubProject project : allProjects) { + String projectPath = project.scm().getPath().replaceFirst("/", ""); + + Path organizationDirectory = outputDirectory.resolve(project.organization().name()); + if (!Files.isDirectory(organizationDirectory)) { + Files.createDirectories(organizationDirectory); + } + + String relativePathToDetails = + String.format( + "%s/%s", + project.organization().name(), + writeReport(project, projectPath, organizationDirectory)); + + String labelLink = String.format(LINK_TEMPLATE, labelOf(project), relativePathToDetails); + String nameLink = String.format(LINK_TEMPLATE, nameOf(project), relativePathToDetails); + + Integer numberOfStars = stars.get(project); + String numberOfStarsString = + numberOfStars != null && numberOfStars >= 0 ? numberOfStars.toString() : UNKNOWN; + String numberOfStarsLink = String.format(LINK_TEMPLATE, numberOfStarsString, project.scm()); + + String line = + PROJECT_LINE_TEMPLATE + .replace("%NAME%", nameLink) + .replace("%STARS%", numberOfStarsLink) + .replace("%SCORE%", scoreOf(project)) + .replace("%LABEL%", labelLink) + .replace("%CONFIDENCE%", confidenceOf(project)) + .replace("%DATE%", lastUpdateOf(project)); + projectsTable.append(line).append("\n"); + + statistics.add(project); + } + + Path path = outputDirectory.resolve(REPORT_FILENAME); + logger.info("Storing a report to {}", path); + Files.write(path, buildReportWith(projectsTable.toString(), statistics).getBytes()); + } + + /** + * Write the report of the associated project. + * + * @param project The GitHub project to get the rating. + * @param projectPath The path to the project output. + * @param organizationDirectory The path of the organization folder to write the projects' + * reports. + * @return The file name of the report. + */ + protected String writeReport( + GitHubProject project, String projectPath, Path organizationDirectory) throws IOException { + String details = + PROJECT_DETAILS_TEMPLATE + .replace("%PROJECT_URL%", project.scm().toString()) + .replace( + "%UPDATED_DATE%", + project.ratingValueDate().map(DATE_FORMAT::format).orElse(UNKNOWN)) + .replace("%PROJECT_NAME%", projectPath) + .replace("%DETAILS%", detailsOf(project)); + + String projectReportFilename = String.format("%s.md", project.name()); + Files.write(organizationDirectory.resolve(projectReportFilename), details.getBytes()); + + return projectReportFilename; + } + + /** Return the formatter to be used to generate the project details. */ + protected Formatter formatter() { + return formatter; + } + + /** + * Builds a report for projects. + * + * @param table A content of the table with projects. + * @param statistics Statistics about the projects. + * @return The report. + * @throws IOException If something went wrong. + */ + protected String buildReportWith(String table, Statistics statistics) throws IOException { + try (InputStream is = + OssSecurityRatingMarkdownReporter.class.getResourceAsStream( + "OssSecurityRatingMarkdownReporterMainTemplate.md")) { + + String template = IOUtils.toString(is, StandardCharsets.UTF_8); + return template + .replace("%PROJECT_TABLE%", table) + .replace("%NUMBER_OF_PROJECTS%", String.valueOf(statistics.total)) + .replace("%NUMBER_BAD_RATINGS%", String.valueOf(statistics.badRatings)) + .replace("%NUMBER_MODERATE_RATINGS%", String.valueOf(statistics.moderateRatings)) + .replace("%NUMBER_GOOD_RATINGS%", String.valueOf(statistics.goodRatings)) + .replace("%NUMBER_UNKNOWN_RATINGS%", String.valueOf(statistics.unknownRatings)) + .replace("%NUMBER_UNCLEAR_RATINGS%", String.valueOf(statistics.unclearRatings)) + .replace("%PERCENT_BAD_RATINGS%", printPercent(statistics.badRatingsPercent())) + .replace("%PERCENT_MODERATE_RATINGS%", printPercent(statistics.moderateRatingsPercent())) + .replace("%PERCENT_GOOD_RATINGS%", printPercent(statistics.goodRatingsPercent())) + .replace("%PERCENT_UNCLEAR_RATINGS%", printPercent(statistics.unclearRatingsPercent())) + .replace("%PERCENT_UNKNOWN_RATINGS%", printPercent(statistics.unknownRatingsPercent())) + .replaceAll("%MODERATE_THRESHOLD%", format(rating.thresholds().forModerate())) + .replaceAll("%GOOD_THRESHOLD%", format(rating.thresholds().forGood())) + .replaceAll("%UNCLEAR_THRESHOLD%", format(rating.thresholds().forUnclear())); + } + } + + /** + * Prepares a description how a rating was calculated for a project. + * + * @param project The project. + * @return The details of the rating calculation. + */ + protected String detailsOf(GitHubProject project) { + if (!project.ratingValue().isPresent()) { + return UNKNOWN; + } + return formatter.print(project); + } + /** This class holds statistics about projects. */ protected static class Statistics { @@ -486,7 +486,7 @@ void add(GitHubProject project) { RatingValue ratingValue = project.ratingValue().get(); - if (ratingValue.label() instanceof SecurityLabel == false) { + if (!(ratingValue.label() instanceof SecurityLabel)) { unknownRatings++; return; } diff --git a/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/Reporter.java b/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/Reporter.java index a0ca0f82d..47eb5d635 100644 --- a/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/Reporter.java +++ b/src/main/java/com/sap/oss/phosphor/fosstars/tool/report/Reporter.java @@ -12,14 +12,6 @@ */ public interface Reporter { - /** - * Runs the reporter for a list of projects. - * - * @param projects The projects. - * @throws IOException If something went wrong. - */ - void runFor(List projects) throws IOException; - /** * Returns a reporter that does nothing. * @@ -29,4 +21,12 @@ public interface Reporter { static Reporter dummy() { return projects -> {}; } + + /** + * Runs the reporter for a list of projects. + * + * @param projects The projects. + * @throws IOException If something went wrong. + */ + void runFor(List projects) throws IOException; } diff --git a/src/main/resources/com/sap/oss/phosphor/fosstars/data/BugBountyPrograms.json b/src/main/resources/com/sap/oss/phosphor/fosstars/data/BugBountyPrograms.json index a0b39d59c..6f0f9a22f 100644 --- a/src/main/resources/com/sap/oss/phosphor/fosstars/data/BugBountyPrograms.json +++ b/src/main/resources/com/sap/oss/phosphor/fosstars/data/BugBountyPrograms.json @@ -1,8 +1,14 @@ { "bugBountyPrograms": { - "https://hackerone.com/curl": [ "https://github.com/curl/curl" ], - "https://hackerone.com/kubernetes": [ "https://github.com/kubernetes/kubernetes" ], - "https://hackerone.com/nodejs": [ "https://github.com/nodejs/node" ], + "https://hackerone.com/curl": [ + "https://github.com/curl/curl" + ], + "https://hackerone.com/kubernetes": [ + "https://github.com/kubernetes/kubernetes" + ], + "https://hackerone.com/nodejs": [ + "https://github.com/nodejs/node" + ], "https://hackerone.com/ibb-data": [ "https://github.com/glennrp/libpng", "https://github.com/ImageMagick/ImageMagick", @@ -11,14 +17,30 @@ "https://git.libav.org/?p=libav.git;a=summary", "http://hg.code.sf.net/p/graphicsmagick/code" ], - "https://hackerone.com/ruby": [ "https://github.com/ruby/ruby" ], - "https://hackerone.com/ibb-apache": [ "https://github.com/apache/httpd" ], - "https://hackerone.com/apachenifi": [ "https://github.com/apache/nifi" ], - "https://hackerone.com/ibb-openssl": [ "https://github.com/openssl/openssl" ], - "https://hackerone.com/ibb-nginx": [ "https://github.com/nginx/nginx" ], - "https://hackerone.com/ibb-python": [ "https://github.com/python/cpython" ], - "https://hackerone.com/ibb-php": [ "https://github.com/php/php-src" ], - "https://hackerone.com/ibb-squid-cache": [ "https://github.com/squid-cache/squid" ], + "https://hackerone.com/ruby": [ + "https://github.com/ruby/ruby" + ], + "https://hackerone.com/ibb-apache": [ + "https://github.com/apache/httpd" + ], + "https://hackerone.com/apachenifi": [ + "https://github.com/apache/nifi" + ], + "https://hackerone.com/ibb-openssl": [ + "https://github.com/openssl/openssl" + ], + "https://hackerone.com/ibb-nginx": [ + "https://github.com/nginx/nginx" + ], + "https://hackerone.com/ibb-python": [ + "https://github.com/python/cpython" + ], + "https://hackerone.com/ibb-php": [ + "https://github.com/php/php-src" + ], + "https://hackerone.com/ibb-squid-cache": [ + "https://github.com/squid-cache/squid" + ], "https://bugcrowd.com/squareopensource": [ "https://github.com/square/git-fastclone", "https://github.com/square/go-jose", diff --git a/src/main/resources/com/sap/oss/phosphor/fosstars/data/CompanySupport.json b/src/main/resources/com/sap/oss/phosphor/fosstars/data/CompanySupport.json index af643e6da..177aeba91 100644 --- a/src/main/resources/com/sap/oss/phosphor/fosstars/data/CompanySupport.json +++ b/src/main/resources/com/sap/oss/phosphor/fosstars/data/CompanySupport.json @@ -1,30 +1,86 @@ { "projects": { - "https://github.com/spring-projects": [ "VMware" ], - "https://github.com/SAP": [ "SAP" ], - "https://github.com/GoogleChrome": [ "Google" ], - "https://github.com/aws": [ "Amazon" ], - "https://github.com/microsoft": [ "Microsoft" ], - "https://github.com/github": [ "GitHub" ], - "https://github.com/okta": [ "Okta" ], - "https://github.com/openjdk": [ "Oracle", "SAP", "Amazon", "Google", "Other" ], - "https://github.com/amzn": [ "Amazon" ], - "https://github.com/google": [ "Google" ], - "https://github.com/Netflix": [ "Netflix" ], - "https://github.com/square": [ "Square" ], - "https://github.com/twitter": [ "Twitter" ], - "https://github.com/Shopify": [ "Shopify" ], - "https://github.com/IBM": [ "IBM" ], - "https://github.com/cloudflare": [ "Cloudflare" ], - "https://github.com/alibaba": [ "Alibaba" ], - "https://github.com/mozilla": [ "Mozilla" ], - "https://github.com/zalando": [ "Zalando" ], - "https://github.com/GoogleCloudPlatform": [ "Google" ], - "https://github.com/awslabs": [ "Amazon" ], - "https://github.com/netty": [ "Apple" ], - "https://github.com/facebook": [ "Facebook" ], - "https://github.com/oracle": [ "Oracle" ], - "https://github.com/apple": [ "Apple" ], - "https://github.com/flyway/flyway": [ "Redgate" ] + "https://github.com/spring-projects": [ + "VMware" + ], + "https://github.com/SAP": [ + "SAP" + ], + "https://github.com/GoogleChrome": [ + "Google" + ], + "https://github.com/aws": [ + "Amazon" + ], + "https://github.com/microsoft": [ + "Microsoft" + ], + "https://github.com/github": [ + "GitHub" + ], + "https://github.com/okta": [ + "Okta" + ], + "https://github.com/openjdk": [ + "Oracle", + "SAP", + "Amazon", + "Google", + "Other" + ], + "https://github.com/amzn": [ + "Amazon" + ], + "https://github.com/google": [ + "Google" + ], + "https://github.com/Netflix": [ + "Netflix" + ], + "https://github.com/square": [ + "Square" + ], + "https://github.com/twitter": [ + "Twitter" + ], + "https://github.com/Shopify": [ + "Shopify" + ], + "https://github.com/IBM": [ + "IBM" + ], + "https://github.com/cloudflare": [ + "Cloudflare" + ], + "https://github.com/alibaba": [ + "Alibaba" + ], + "https://github.com/mozilla": [ + "Mozilla" + ], + "https://github.com/zalando": [ + "Zalando" + ], + "https://github.com/GoogleCloudPlatform": [ + "Google" + ], + "https://github.com/awslabs": [ + "Amazon" + ], + "https://github.com/netty": [ + "Apple" + ], + "https://github.com/facebook": [ + "Facebook" + ], + "https://github.com/oracle": [ + "Oracle" + ], + "https://github.com/apple": [ + "Apple" + ], + "https://github.com/flyway/flyway": [ + "Redgate" + ] } } \ No newline at end of file diff --git a/src/main/resources/com/sap/oss/phosphor/fosstars/data/SecurityReview.json b/src/main/resources/com/sap/oss/phosphor/fosstars/data/SecurityReview.json index 614b5b8d0..b77b55a74 100644 --- a/src/main/resources/com/sap/oss/phosphor/fosstars/data/SecurityReview.json +++ b/src/main/resources/com/sap/oss/phosphor/fosstars/data/SecurityReview.json @@ -1,6 +1,6 @@ { - "reviews" : { - "https://github.com/spring-projects/spring-security-oauth" : [ + "reviews": { + "https://github.com/spring-projects/spring-security-oauth": [ { "who": "Artem Smotrakov, Phosphor (SAP)", "when": "2019-06-06", diff --git a/src/main/resources/com/sap/oss/phosphor/fosstars/data/UnpatchedVulnerabilities.json b/src/main/resources/com/sap/oss/phosphor/fosstars/data/UnpatchedVulnerabilities.json index fdcf2a232..0a63ba584 100644 --- a/src/main/resources/com/sap/oss/phosphor/fosstars/data/UnpatchedVulnerabilities.json +++ b/src/main/resources/com/sap/oss/phosphor/fosstars/data/UnpatchedVulnerabilities.json @@ -1,109 +1,129 @@ { - "projectVulnerabilities" : { - "https://github.com/apache/httpcomponents-client" : { - "entries" : [ { - "id" : "https://issues.apache.org/jira/browse/HTTPCLIENT-1973", - "cvss" : null, - "references" : [ ], - "resolution" : "UNPATCHED", - "introduced" : null, - "fixed" : null - } ] + "projectVulnerabilities": { + "https://github.com/apache/httpcomponents-client": { + "entries": [ + { + "id": "https://issues.apache.org/jira/browse/HTTPCLIENT-1973", + "cvss": null, + "references": [], + "resolution": "UNPATCHED", + "introduced": null, + "fixed": null + } + ] }, - "https://github.com/apache/commons-fileupload" : { - "entries" : [ { - "id" : "https://issues.apache.org/jira/browse/FILEUPLOAD-297", - "cvss" : null, - "references" : [ ], - "resolution" : "UNPATCHED", - "introduced" : null, - "fixed" : null - }, { - "id" : "CVE-2013-0248", - "cvss" : null, - "references" : [ { - "description" : "", - "url" : "https://issues.apache.org/jira/browse/FILEUPLOAD-298" - } ], - "resolution" : "UNPATCHED", - "introduced" : null, - "fixed" : null - } ] + "https://github.com/apache/commons-fileupload": { + "entries": [ + { + "id": "https://issues.apache.org/jira/browse/FILEUPLOAD-297", + "cvss": null, + "references": [], + "resolution": "UNPATCHED", + "introduced": null, + "fixed": null + }, + { + "id": "CVE-2013-0248", + "cvss": null, + "references": [ + { + "description": "", + "url": "https://issues.apache.org/jira/browse/FILEUPLOAD-298" + } + ], + "resolution": "UNPATCHED", + "introduced": null, + "fixed": null + } + ] }, - "https://github.com/spring-projects/spring-security-oauth" : { - "entries" : [ { - "id" : "https://github.com/spring-projects/spring-security-oauth/issues/1472", - "cvss" : null, - "references" : [ ], - "resolution" : "UNPATCHED", - "introduced" : null, - "fixed" : null - }, { - "id" : "https://github.com/spring-projects/spring-security-oauth/issues/1682", - "cvss" : null, - "references" : [ ], - "resolution" : "UNPATCHED", - "introduced" : null, - "fixed" : null - } ] + "https://github.com/spring-projects/spring-security-oauth": { + "entries": [ + { + "id": "https://github.com/spring-projects/spring-security-oauth/issues/1472", + "cvss": null, + "references": [], + "resolution": "UNPATCHED", + "introduced": null, + "fixed": null + }, + { + "id": "https://github.com/spring-projects/spring-security-oauth/issues/1682", + "cvss": null, + "references": [], + "resolution": "UNPATCHED", + "introduced": null, + "fixed": null + } + ] }, - "https://github.com/apache/batik" : { - "entries" : [ { - "id" : "https://issues.apache.org/jira/browse/BATIK-1189", - "cvss" : null, - "references" : [ ], - "resolution" : "UNPATCHED", - "introduced" : null, - "fixed" : null - } ] + "https://github.com/apache/batik": { + "entries": [ + { + "id": "https://issues.apache.org/jira/browse/BATIK-1189", + "cvss": null, + "references": [], + "resolution": "UNPATCHED", + "introduced": null, + "fixed": null + } + ] }, - "https://github.com/odata4j/odata4j" : { - "entries" : [ { - "id" : "CVE-2014-0171", - "cvss" : { - "type" : "CVSS$V2", - "value" : 5.0, - "confidentialityImpact": "PARTIAL", - "integrityImpact": "NONE", - "availabilityImpact": "NONE" - }, - "references" : [ ], - "resolution" : "UNPATCHED", - "introduced" : null, - "fixed" : null - }, { - "id" : "CVE-2016-11023", - "cvss" : { - "type" : "CVSS$V3", - "value" : 9.8, - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH" + "https://github.com/odata4j/odata4j": { + "entries": [ + { + "id": "CVE-2014-0171", + "cvss": { + "type": "CVSS$V2", + "value": 5.0, + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "references": [], + "resolution": "UNPATCHED", + "introduced": null, + "fixed": null }, - "references" : [ { - "description" : "Public disclosure", - "url" : "https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ" - } ], - "resolution" : "UNPATCHED", - "introduced" : null, - "fixed" : null - }, { - "id" : "CVE-2016-11024", - "cvss" : { - "type" : "CVSS$V3", - "value" : 9.8, - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH" + { + "id": "CVE-2016-11023", + "cvss": { + "type": "CVSS$V3", + "value": 9.8, + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "references": [ + { + "description": "Public disclosure", + "url": "https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ" + } + ], + "resolution": "UNPATCHED", + "introduced": null, + "fixed": null }, - "references" : [ { - "description" : "Public disclosure", - "url" : "https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ" - } ], - "resolution" : "UNPATCHED", - "introduced" : null, - "fixed" : null - } ] + { + "id": "CVE-2016-11024", + "cvss": { + "type": "CVSS$V3", + "value": 9.8, + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "references": [ + { + "description": "Public disclosure", + "url": "https://groups.google.com/d/msg/odata4j-discuss/_lBwwXP30g0/Av6zkZMdBwAJ" + } + ], + "resolution": "UNPATCHED", + "introduced": null, + "fixed": null + } + ] } } } \ No newline at end of file diff --git a/src/main/resources/com/sap/oss/phosphor/fosstars/model/rating/example/SecurityRatingExample.json b/src/main/resources/com/sap/oss/phosphor/fosstars/model/rating/example/SecurityRatingExample.json index 80f8a7be8..272d379fd 100644 --- a/src/main/resources/com/sap/oss/phosphor/fosstars/model/rating/example/SecurityRatingExample.json +++ b/src/main/resources/com/sap/oss/phosphor/fosstars/model/rating/example/SecurityRatingExample.json @@ -1,25 +1,28 @@ { - "type" : "SecurityRatingExample", - "name" : "Security rating (example)", - "score" : { - "type" : "SecurityScoreExample", - "name" : "Security score (example)", - "subScores" : [ { - "type" : "ProjectActivityScoreExample", - "name" : "Project activity score (example)" - }, { - "type" : "SecurityTestingScoreExample", - "name" : "Security testing score (example)" - } ], - "weights" : { - "values" : { - "com.sap.oss.phosphor.fosstars.model.score.example.ProjectActivityScoreExample" : { - "type" : "ImmutableWeight", - "value" : 0.23191550842811487 + "type": "SecurityRatingExample", + "name": "Security rating (example)", + "score": { + "type": "SecurityScoreExample", + "name": "Security score (example)", + "subScores": [ + { + "type": "ProjectActivityScoreExample", + "name": "Project activity score (example)" + }, + { + "type": "SecurityTestingScoreExample", + "name": "Security testing score (example)" + } + ], + "weights": { + "values": { + "com.sap.oss.phosphor.fosstars.model.score.example.ProjectActivityScoreExample": { + "type": "ImmutableWeight", + "value": 0.23191550842811487 }, - "com.sap.oss.phosphor.fosstars.model.score.example.SecurityTestingScoreExample" : { - "type" : "ImmutableWeight", - "value" : 0.5411361863322678 + "com.sap.oss.phosphor.fosstars.model.score.example.SecurityTestingScoreExample": { + "type": "ImmutableWeight", + "value": 0.5411361863322678 } } } diff --git a/src/main/resources/com/sap/oss/phosphor/fosstars/model/score/oss/OssArtifactSecurityScoreWeights.json b/src/main/resources/com/sap/oss/phosphor/fosstars/model/score/oss/OssArtifactSecurityScoreWeights.json index 137379da1..eb37302b1 100644 --- a/src/main/resources/com/sap/oss/phosphor/fosstars/model/score/oss/OssArtifactSecurityScoreWeights.json +++ b/src/main/resources/com/sap/oss/phosphor/fosstars/model/score/oss/OssArtifactSecurityScoreWeights.json @@ -1,20 +1,20 @@ { - "values" : { - "com.sap.oss.phosphor.fosstars.model.score.oss.ArtifactVersionUpToDateScore" : { - "type" : "ImmutableWeight", - "value" : 0.1 + "values": { + "com.sap.oss.phosphor.fosstars.model.score.oss.ArtifactVersionUpToDateScore": { + "type": "ImmutableWeight", + "value": 0.1 }, - "com.sap.oss.phosphor.fosstars.model.score.oss.ArtifactLatestReleaseAgeScore" : { - "type" : "ImmutableWeight", - "value" : 0.1 + "com.sap.oss.phosphor.fosstars.model.score.oss.ArtifactLatestReleaseAgeScore": { + "type": "ImmutableWeight", + "value": 0.1 }, - "com.sap.oss.phosphor.fosstars.model.score.oss.ArtifactReleaseHistoryScore" : { - "type" : "ImmutableWeight", - "value" : 0.5 + "com.sap.oss.phosphor.fosstars.model.score.oss.ArtifactReleaseHistoryScore": { + "type": "ImmutableWeight", + "value": 0.5 }, - "com.sap.oss.phosphor.fosstars.model.score.oss.ArtifactVersionVulnerabilityScore" : { - "type" : "ImmutableWeight", - "value" : 1.0 + "com.sap.oss.phosphor.fosstars.model.score.oss.ArtifactVersionVulnerabilityScore": { + "type": "ImmutableWeight", + "value": 1.0 } } } diff --git a/src/main/resources/com/sap/oss/phosphor/fosstars/tool/report/OssRulesOfPlayMarkdownReporterTemplate.md b/src/main/resources/com/sap/oss/phosphor/fosstars/tool/report/OssRulesOfPlayMarkdownReporterTemplate.md index cb4f38015..a604df814 100755 --- a/src/main/resources/com/sap/oss/phosphor/fosstars/tool/report/OssRulesOfPlayMarkdownReporterTemplate.md +++ b/src/main/resources/com/sap/oss/phosphor/fosstars/tool/report/OssRulesOfPlayMarkdownReporterTemplate.md @@ -2,19 +2,21 @@ ## Overall Statistics -| | # or projects | % or projects | -| :------------------------ | -------------------------------: | ---------------------------------: | -| Total | %NUMBER_OF_PROJECTS% | 100% | -| Failed | %NUMBER_FAILED_PROJECTS% | %PERCENT_FAILED_PROJECTS%% | -| Passed with warnings | %NUMBER_PROJECTS_WITH_WARNINGS% | %PERCENT_PROJECTS_WITH_WARNINGS%% | -| Passed | %NUMBER_PASSED_PROJECTS% | %PERCENT_PASSED_PROJECTS%% | -| Unclear | %NUMBER_UNCLEAR_PROJECTS% | %PERCENT_UNCLEAR_PROJECTS%% | +| | # or projects | % or projects | +|:--------------------------|--------------------------------:|----------------------------------:| +| Total | %NUMBER_OF_PROJECTS% | 100% | +| Failed | %NUMBER_FAILED_PROJECTS% | %PERCENT_FAILED_PROJECTS%% | +| Passed with warnings | %NUMBER_PROJECTS_WITH_WARNINGS% | %PERCENT_PROJECTS_WITH_WARNINGS%% | +| Passed | %NUMBER_PASSED_PROJECTS% | %PERCENT_PASSED_PROJECTS%% | +| Unclear | %NUMBER_UNCLEAR_PROJECTS% | %PERCENT_UNCLEAR_PROJECTS%% | ## Statistics per Rule + %PER_RULE_STATISTICS% ## Projects -| Project | Status | # of violated rules | -| ------- | :----- | :------------------ | +| Project | Status | # of violated rules | +|---------|:-------|:--------------------| + %PROJECT_TABLE% diff --git a/src/main/resources/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingMarkdownReporterMainTemplate.md b/src/main/resources/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingMarkdownReporterMainTemplate.md index cd4e40ce2..fb13ce811 100644 --- a/src/main/resources/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingMarkdownReporterMainTemplate.md +++ b/src/main/resources/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingMarkdownReporterMainTemplate.md @@ -1,16 +1,17 @@ # Statistics -| | | # or projects | % or projects | -| :--------------- | :------------------------------------------------------ | ------------------------: | --------------------------: | -| Total | | %NUMBER_OF_PROJECTS% | 100% | -| BAD ratings | score below %MODERATE_THRESHOLD% | %NUMBER_BAD_RATINGS% | %PERCENT_BAD_RATINGS%% | +| | | # or projects | % or projects | +|:-----------------|:--------------------------------------------------------|--------------------------:|----------------------------:| +| Total | | %NUMBER_OF_PROJECTS% | 100% | +| BAD ratings | score below %MODERATE_THRESHOLD% | %NUMBER_BAD_RATINGS% | %PERCENT_BAD_RATINGS%% | | MODERATE ratings | score between %MODERATE_THRESHOLD% and %GOOD_THRESHOLD% | %NUMBER_MODERATE_RATINGS% | %PERCENT_MODERATE_RATINGS%% | -| GOOD ratings | score above %GOOD_THRESHOLD% | %NUMBER_GOOD_RATINGS% | %PERCENT_GOOD_RATINGS%% | -| UNCLEAR ratings | confidence below %UNCLEAR_THRESHOLD% | %NUMBER_UNCLEAR_RATINGS% | %PERCENT_UNCLEAR_RATINGS%% | -| UNKNOWN ratings | | %NUMBER_UNKNOWN_RATINGS% | %PERCENT_UNKNOWN_RATINGS%% | +| GOOD ratings | score above %GOOD_THRESHOLD% | %NUMBER_GOOD_RATINGS% | %PERCENT_GOOD_RATINGS%% | +| UNCLEAR ratings | confidence below %UNCLEAR_THRESHOLD% | %NUMBER_UNCLEAR_RATINGS% | %PERCENT_UNCLEAR_RATINGS%% | +| UNKNOWN ratings | | %NUMBER_UNKNOWN_RATINGS% | %PERCENT_UNKNOWN_RATINGS%% | # Projects | Project | Stars | Score
    from 0 to 10 | Rating | Confidence | Last
    updated | -| ------- | ----: | -----------------------------------: | :----- | :--------- | --------------- | +|---------|------:|-------------------------------------:|:-------|:-----------|-----------------| + %PROJECT_TABLE% diff --git a/src/main/resources/log4j2.xml b/src/main/resources/log4j2.xml index 3e9653504..557427dcd 100644 --- a/src/main/resources/log4j2.xml +++ b/src/main/resources/log4j2.xml @@ -1,19 +1,19 @@ - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/AbstractStaticScanToolsDataProviderTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/AbstractStaticScanToolsDataProviderTest.java index a67551ce7..8f7cf2a8e 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/AbstractStaticScanToolsDataProviderTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/AbstractStaticScanToolsDataProviderTest.java @@ -21,7 +21,7 @@ public class AbstractStaticScanToolsDataProviderTest extends GitHubDataFetcherTest { - private static GitHubDataFetcher FETCHER = mock(GitHubDataFetcher.class); + private static final GitHubDataFetcher FETCHER = mock(GitHubDataFetcher.class); @Test public void testBanditSupportedFeatures() { diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/SimpleCompositeDataProviderTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/SimpleCompositeDataProviderTest.java index beef8738d..790bb64a2 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/SimpleCompositeDataProviderTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/SimpleCompositeDataProviderTest.java @@ -21,6 +21,48 @@ public class SimpleCompositeDataProviderTest { private static final Feature SOMETHING = new PositiveIntegerFeature("test feature"); + private static void assertValueIn(ValueSet values, int expectedValue) { + assertEquals(1, values.size()); + Optional> something = values.of(SOMETHING); + assertTrue(something.isPresent()); + assertEquals(expectedValue, (int) something.get().get()); + } + + @Test + public void testSupportedFeatures() { + SimpleCompositeDataProvider provider = + SimpleCompositeDataProvider.forFeature(SOMETHING).withDefaultValue(SOMETHING.value(42)); + assertEquals(1, provider.supportedFeatures().size()); + assertTrue(provider.supportedFeatures().contains(SOMETHING)); + } + + @Test + public void testUpdate() throws IOException { + ValueSet values = new ValueHashSet(); + + SimpleCompositeDataProvider provider = + SimpleCompositeDataProvider.forFeature(SOMETHING).withDefaultValue(SOMETHING.value(42)); + provider.update(PROJECT, values); + assertValueIn(values, 42); + + provider = + SimpleCompositeDataProvider.forFeature(SOMETHING) + .withInteractiveProvider(new TestInteractiveProvider()) + .withDefaultValue(SOMETHING.value(42)); + provider.set(new TestCallback()); + provider.update(PROJECT, values); + assertValueIn(values, 2); + + provider = + SimpleCompositeDataProvider.forFeature(SOMETHING) + .withInteractiveProvider(new TestInteractiveProvider()) + .withNonInteractiveProvider(new TestNonInteractiveProvider()) + .withDefaultValue(SOMETHING.value(42)); + provider.set(new TestCallback()); + provider.update(PROJECT, values); + assertValueIn(values, 1); + } + private static class TestNonInteractiveProvider extends AbstractDataProvider { @Override @@ -86,46 +128,4 @@ public void say(String phrase) { // do nothing } } - - @Test - public void testSupportedFeatures() { - SimpleCompositeDataProvider provider = - SimpleCompositeDataProvider.forFeature(SOMETHING).withDefaultValue(SOMETHING.value(42)); - assertEquals(1, provider.supportedFeatures().size()); - assertTrue(provider.supportedFeatures().contains(SOMETHING)); - } - - @Test - public void testUpdate() throws IOException { - ValueSet values = new ValueHashSet(); - - SimpleCompositeDataProvider provider = - SimpleCompositeDataProvider.forFeature(SOMETHING).withDefaultValue(SOMETHING.value(42)); - provider.update(PROJECT, values); - assertValueIn(values, 42); - - provider = - SimpleCompositeDataProvider.forFeature(SOMETHING) - .withInteractiveProvider(new TestInteractiveProvider()) - .withDefaultValue(SOMETHING.value(42)); - provider.set(new TestCallback()); - provider.update(PROJECT, values); - assertValueIn(values, 2); - - provider = - SimpleCompositeDataProvider.forFeature(SOMETHING) - .withInteractiveProvider(new TestInteractiveProvider()) - .withNonInteractiveProvider(new TestNonInteractiveProvider()) - .withDefaultValue(SOMETHING.value(42)); - provider.set(new TestCallback()); - provider.update(PROJECT, values); - assertValueIn(values, 1); - } - - private static void assertValueIn(ValueSet values, int expectedValue) { - assertEquals(1, values.size()); - Optional> something = values.of(SOMETHING); - assertTrue(something.isPresent()); - assertEquals(expectedValue, (int) something.get().get()); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/StandardValueCacheTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/StandardValueCacheTest.java index bf0287293..469e524cb 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/StandardValueCacheTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/StandardValueCacheTest.java @@ -22,6 +22,21 @@ public class StandardValueCacheTest { + private static void testPutAndGet(StandardValueCache cache, String key, Value value) { + cache.put(key, value); + + Optional someValueSet = cache.get(key); + assertTrue(someValueSet.isPresent()); + ValueSet values = someValueSet.get(); + assertTrue(values.has(value.feature())); + assertTrue(values.of(value.feature()).isPresent()); + assertEquals(value, values.of(value.feature()).get()); + + Optional> someValue = cache.get(key, value.feature()); + assertTrue(someValue.isPresent()); + assertEquals(value, someValue.get()); + } + @Test public void testStoreAndLoad() throws IOException { Path tmp = Files.createTempFile(StandardValueCacheTest.class.getCanonicalName(), "test"); @@ -74,21 +89,6 @@ public void testPutAndGet() { assertEquals(2, cache.size()); } - private static void testPutAndGet(StandardValueCache cache, String key, Value value) { - cache.put(key, value); - - Optional someValueSet = cache.get(key); - assertTrue(someValueSet.isPresent()); - ValueSet values = someValueSet.get(); - assertTrue(values.has(value.feature())); - assertTrue(values.of(value.feature()).isPresent()); - assertEquals(value, values.of(value.feature()).get()); - - Optional> someValue = cache.get(key, value.feature()); - assertTrue(someValue.isPresent()); - assertEquals(value, someValue.get()); - } - @Test public void testExpiration() throws InterruptedException { StandardValueCache cache = new StandardValueCache(); diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoLoaderTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoLoaderTest.java index 2441c7977..d300f51df 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoLoaderTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoLoaderTest.java @@ -23,7 +23,6 @@ import com.sap.oss.phosphor.fosstars.model.value.ValueHashSet; import java.io.IOException; import java.time.LocalDateTime; -import java.util.Arrays; import java.util.Collections; import java.util.Date; import java.util.List; @@ -55,7 +54,7 @@ public void setup() throws IOException { when(release.getName()).thenReturn("2.0.0"); when(release.getPublished_at()).thenReturn(new Date()); - List releaselist = Arrays.asList(release); + List releaselist = List.of(release); when(pagedIterable.toList()).thenReturn(releaselist); when(fetcher.github().getRepository(any())).thenReturn(repository); diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/BanditDataProviderTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/BanditDataProviderTest.java index 689b4c7af..cb3c00817 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/BanditDataProviderTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/BanditDataProviderTest.java @@ -50,6 +50,15 @@ public static void setup() { } } + @AfterAll + public static void shutdown() { + try { + FileUtils.forceDeleteOnExit(repositoryDirectory.toFile()); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + @Test public void testNotInteractive() { assertFalse(new BanditDataProvider(fetcher).interactive()); @@ -129,13 +138,4 @@ private void testBanditRuns(String filename, InputStream content, Value... ex assertEquals(expectedValue, something.get()); } } - - @AfterAll - public static void shutdown() { - try { - FileUtils.forceDeleteOnExit(repositoryDirectory.toFile()); - } catch (IOException e) { - throw new UncheckedIOException(e); - } - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/CodeOfConductGuidelineInfoTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/CodeOfConductGuidelineInfoTest.java index 81c9c5977..a11a701ea 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/CodeOfConductGuidelineInfoTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/CodeOfConductGuidelineInfoTest.java @@ -23,6 +23,13 @@ public class CodeOfConductGuidelineInfoTest extends TestGitHubDataFetcherHolder { + private static void checkValue(ValueSet values, Feature feature, boolean expected) { + Optional> something = values.of(feature); + assertTrue(something.isPresent()); + Value value = something.get(); + assertEquals(expected, value.get()); + } + @Test public void testSupportedFeatures() throws IOException { CodeOfConductGuidelineInfo provider = new CodeOfConductGuidelineInfo(fetcher); @@ -103,11 +110,4 @@ public void testLoadingDefaultConfig() throws IOException { FileUtils.forceDeleteOnExit(config.toFile()); } } - - private static void checkValue(ValueSet values, Feature feature, boolean expected) { - Optional> something = values.of(feature); - assertTrue(something.isPresent()); - Value value = something.get(); - assertEquals(expected, value.get()); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/CodeqlDataProviderTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/CodeqlDataProviderTest.java index 63dc69288..b5bfb764a 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/CodeqlDataProviderTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/CodeqlDataProviderTest.java @@ -48,6 +48,15 @@ public static void setup() { } } + @AfterAll + public static void shutdown() { + try { + FileUtils.forceDeleteOnExit(repositoryDirectory.toFile()); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + @Test public void testNotInteractive() { assertFalse(new CodeqlDataProvider(fetcher).interactive()); @@ -113,13 +122,4 @@ private void testCodeqlRuns(String filename, InputStream content, Value... ex assertEquals(expectedValue, something.get()); } } - - @AfterAll - public static void shutdown() { - try { - FileUtils.forceDeleteOnExit(repositoryDirectory.toFile()); - } catch (IOException e) { - throw new UncheckedIOException(e); - } - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/ContributingGuidelineInfoTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/ContributingGuidelineInfoTest.java index daf998831..1ad389ad8 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/ContributingGuidelineInfoTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/ContributingGuidelineInfoTest.java @@ -23,6 +23,13 @@ public class ContributingGuidelineInfoTest extends TestGitHubDataFetcherHolder { + private static void checkValue(ValueSet values, Feature feature, boolean expected) { + Optional> something = values.of(feature); + assertTrue(something.isPresent()); + Value value = something.get(); + assertEquals(expected, value.get()); + } + @Test public void testSupportedFeatures() throws IOException { ContributingGuidelineInfo provider = new ContributingGuidelineInfo(fetcher); @@ -138,11 +145,4 @@ public void testLoadingDefaultConfig() throws IOException { FileUtils.forceDeleteOnExit(config.toFile()); } } - - private static void checkValue(ValueSet values, Feature feature, boolean expected) { - Optional> something = values.of(feature); - assertTrue(something.isPresent()); - Value value = something.get(); - assertEquals(expected, value.get()); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/EstimateImpactUsingKnownVulnerabilitiesTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/EstimateImpactUsingKnownVulnerabilitiesTest.java index 191927647..7c14b3d7e 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/EstimateImpactUsingKnownVulnerabilitiesTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/EstimateImpactUsingKnownVulnerabilitiesTest.java @@ -34,34 +34,23 @@ public class EstimateImpactUsingKnownVulnerabilitiesTest extends TestGitHubDataFetcherHolder { - private static class TestVulnerabilitiesProvider extends AbstractDataProvider { - - private final Vulnerabilities vulnerabilities = new Vulnerabilities(); - - void add(Vulnerability vulnerability) { - vulnerabilities.add(vulnerability); - } - - @Override - protected TestVulnerabilitiesProvider doUpdate(Subject subject, ValueSet values) { - values.update(VULNERABILITIES_IN_PROJECT.value(vulnerabilities)); - return this; - } - - @Override - public Set> supportedFeatures() { - return singleton(VULNERABILITIES_IN_PROJECT); - } - - @Override - public boolean supports(Subject subject) { - return true; + private static void assertUnknown(ValueSet values, Feature feature) { + Optional> something = values.of(feature); + if (!something.isPresent()) { + fail("Could not find value!"); } + Value value = something.get(); + assertTrue(value.isUnknown()); + } - @Override - public boolean interactive() { - return false; + private static void assertValue(ValueSet values, Feature feature, Impact expectedImpact) { + Optional> something = values.of(feature); + if (!something.isPresent()) { + fail("Could not find value!"); } + Value value = something.get(); + assertFalse(value.isUnknown()); + assertEquals(expectedImpact, value.get()); } @Test @@ -142,22 +131,33 @@ public void testWithEnoughVulnerabilities() throws IOException { assertValue(values, AVAILABILITY_IMPACT, Impact.HIGH); } - private static void assertUnknown(ValueSet values, Feature feature) { - Optional> something = values.of(feature); - if (!something.isPresent()) { - fail("Could not find value!"); + private static class TestVulnerabilitiesProvider extends AbstractDataProvider { + + private final Vulnerabilities vulnerabilities = new Vulnerabilities(); + + void add(Vulnerability vulnerability) { + vulnerabilities.add(vulnerability); } - Value value = something.get(); - assertTrue(value.isUnknown()); - } - private static void assertValue(ValueSet values, Feature feature, Impact expectedImpact) { - Optional> something = values.of(feature); - if (!something.isPresent()) { - fail("Could not find value!"); + @Override + protected TestVulnerabilitiesProvider doUpdate(Subject subject, ValueSet values) { + values.update(VULNERABILITIES_IN_PROJECT.value(vulnerabilities)); + return this; + } + + @Override + public Set> supportedFeatures() { + return singleton(VULNERABILITIES_IN_PROJECT); + } + + @Override + public boolean supports(Subject subject) { + return true; + } + + @Override + public boolean interactive() { + return false; } - Value value = something.get(); - assertFalse(value.isUnknown()); - assertEquals(expectedImpact, value.get()); } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/GitHubDataFetcherTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/GitHubDataFetcherTest.java index 6fc5175e2..0183e2f28 100755 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/GitHubDataFetcherTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/GitHubDataFetcherTest.java @@ -50,6 +50,45 @@ public class GitHubDataFetcherTest extends TestGitHubDataFetcherHolder { + private static List generateProjectsForSize(int n) { + List projects = new ArrayList<>(); + for (int i = 0; i < n; i++) { + projects.add(new GitHubProject("test", String.format("project%s", i))); + } + return projects; + } + + private static boolean checkLocalRepositories( + List projects, Map localRepositories) { + + Set projectUrls = projects.stream().map(GitHubProject::scm).collect(Collectors.toSet()); + assertEquals(projects.size(), projectUrls.size()); + + return projectUrls.containsAll(localRepositories.keySet()); + } + + private static void checkLocalRepository(GitHubProject project, int expectedSize) + throws IOException { + + LocalRepositoryInfo localRepositoryInfo = localRepositoryInfoFor(project, expectedSize); + assertNotNull(localRepositoryInfo); + assertEquals(project.scm(), localRepositoryInfo.url()); + } + + private static void checkCleanUp(GitHubProject project, int expectedSize) throws IOException { + LocalRepositoryInfo cleanRepositoryInfo = localRepositoryInfoFor(project, expectedSize); + assertNull(cleanRepositoryInfo); + assertFalse(LOCAL_REPOSITORIES.containsKey(project.scm())); + } + + private static LocalRepositoryInfo localRepositoryInfoFor(GitHubProject project, int expectedSize) + throws IOException { + + loadLocalRepositoriesInfo(); + assertEquals(LOCAL_REPOSITORIES_INFO.size(), expectedSize); + return LOCAL_REPOSITORIES_INFO.get(project.scm()); + } + @Test public void testRepositoryCache() throws IOException { GHRepository repository = mock(GHRepository.class); @@ -417,36 +456,11 @@ public void testGitHubIssuesForNotFound() throws IOException { assertEquals(0, foundIssues.size()); } - private static List generateProjectsForSize(int n) { - List projects = new ArrayList<>(); - for (int i = 0; i < n; i++) { - projects.add(new GitHubProject("test", String.format("project%s", i))); - } - return projects; - } - - private static boolean checkLocalRepositories( - List projects, Map localRepositories) { - - Set projectUrls = projects.stream().map(GitHubProject::scm).collect(Collectors.toSet()); - assertEquals(projects.size(), projectUrls.size()); - - return projectUrls.containsAll(localRepositories.keySet()); - } - private void testLocalRepositoryFor(GitHubProject project, int expectedSize) throws IOException { GitHubDataFetcher.localRepositoryFor(project); checkLocalRepository(project, expectedSize); } - private static void checkLocalRepository(GitHubProject project, int expectedSize) - throws IOException { - - LocalRepositoryInfo localRepositoryInfo = localRepositoryInfoFor(project, expectedSize); - assertNotNull(localRepositoryInfo); - assertEquals(project.scm(), localRepositoryInfo.url()); - } - private void testCleanup(GitHubProject project, int expectedSize) throws IOException { runCleanupFor(project); checkCleanUp(project, expectedSize); @@ -455,18 +469,4 @@ private void testCleanup(GitHubProject project, int expectedSize) throws IOExcep private void runCleanupFor(GitHubProject project) throws IOException { fetcher.cleanup((url, repo, total) -> url.equals(project.scm())); } - - private static void checkCleanUp(GitHubProject project, int expectedSize) throws IOException { - LocalRepositoryInfo cleanRepositoryInfo = localRepositoryInfoFor(project, expectedSize); - assertNull(cleanRepositoryInfo); - assertFalse(LOCAL_REPOSITORIES.containsKey(project.scm())); - } - - private static LocalRepositoryInfo localRepositoryInfoFor(GitHubProject project, int expectedSize) - throws IOException { - - loadLocalRepositoriesInfo(); - assertEquals(LOCAL_REPOSITORIES_INFO.size(), expectedSize); - return LOCAL_REPOSITORIES_INFO.get(project.scm()); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/GoSecDataProviderTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/GoSecDataProviderTest.java index dffb2cc3c..e1691b161 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/GoSecDataProviderTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/GoSecDataProviderTest.java @@ -51,6 +51,15 @@ public static void setup() { } } + @AfterAll + public static void shutdown() { + try { + FileUtils.forceDeleteOnExit(repositoryDirectory.toFile()); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + @Test public void testNotInteractive() { assertFalse(new GoSecDataProvider(fetcher).interactive()); @@ -199,13 +208,4 @@ private void testGoSecRuns(String filename, InputStream content, Value... exp assertEquals(expectedValue, something.get()); } } - - @AfterAll - public static void shutdown() { - try { - FileUtils.forceDeleteOnExit(repositoryDirectory.toFile()); - } catch (IOException e) { - throw new UncheckedIOException(e); - } - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/HasExecutableBinariesTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/HasExecutableBinariesTest.java index e7a27493b..75e7a78d5 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/HasExecutableBinariesTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/HasExecutableBinariesTest.java @@ -25,10 +25,8 @@ public class HasExecutableBinariesTest extends TestGitHubDataFetcherHolder { - private static Path BASE_DIR; - private static final GitHubProject PROJECT = new GitHubProject("org", "test"); - + private static Path BASE_DIR; private static LocalRepository LOCAL_REPOSITORY; @BeforeAll @@ -57,6 +55,15 @@ public static void setup() { } } + @AfterAll + public static void shutdown() { + try { + FileUtils.forceDeleteOnExit(BASE_DIR.toFile()); + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + @Test public void testExecutableIsPresent() throws IOException { Path exe = BASE_DIR.resolve("game.exe"); @@ -106,13 +113,4 @@ public void testExecutableIsNotPresent() throws IOException { FileUtils.forceDeleteOnExit(javaFile.toFile()); } } - - @AfterAll - public static void shutdown() { - try { - FileUtils.forceDeleteOnExit(BASE_DIR.toFile()); - } catch (IOException e) { - throw new UncheckedIOException(e); - } - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/HasSecurityPolicyTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/HasSecurityPolicyTest.java index a60719387..8db4a858e 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/HasSecurityPolicyTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/HasSecurityPolicyTest.java @@ -28,6 +28,24 @@ public class HasSecurityPolicyTest extends TestGitHubDataFetcherHolder { + private static void check(HasSecurityPolicy provider, boolean expectedValue) throws IOException { + ValueHashSet values = new ValueHashSet(); + GitHubProject project = new GitHubProject("org", "test"); + provider.update(project, values); + + assertEquals(1, values.size()); + assertTrue(values.has(HAS_SECURITY_POLICY)); + Optional> something = values.of(HAS_SECURITY_POLICY); + assertNotNull(something); + assertTrue(something.isPresent()); + Value value = something.get(); + assertNotNull(value); + assertEquals(expectedValue, value.get()); + if (!expectedValue) { + assertFalse(value.explanation().isEmpty()); + } + } + @Test public void testIfProjectHasPolicy() throws IOException { final LocalRepository repository = mock(LocalRepository.class); @@ -96,22 +114,4 @@ public void testNoPolicy() throws IOException { check(provider, false); } - - private static void check(HasSecurityPolicy provider, boolean expectedValue) throws IOException { - ValueHashSet values = new ValueHashSet(); - GitHubProject project = new GitHubProject("org", "test"); - provider.update(project, values); - - assertEquals(1, values.size()); - assertTrue(values.has(HAS_SECURITY_POLICY)); - Optional> something = values.of(HAS_SECURITY_POLICY); - assertNotNull(something); - assertTrue(something.isPresent()); - Value value = something.get(); - assertNotNull(value); - assertEquals(expectedValue, value.get()); - if (!expectedValue) { - assertFalse(value.explanation().isEmpty()); - } - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/HasSecurityTeamTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/HasSecurityTeamTest.java index 73de5a5e9..02684809a 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/HasSecurityTeamTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/HasSecurityTeamTest.java @@ -16,6 +16,21 @@ public class HasSecurityTeamTest extends TestGitHubDataFetcherHolder { + private static Value check(HasSecurityTeam provider, GitHubProject project) + throws IOException { + ValueHashSet values = new ValueHashSet(); + provider.update(project, values); + + assertEquals(1, values.size()); + assertTrue(values.has(HAS_SECURITY_TEAM)); + + Optional> something = values.of(HAS_SECURITY_TEAM); + assertNotNull(something); + assertTrue(something.isPresent()); + + return something.get(); + } + @Test public void testHasTeam() throws IOException { GitHubProject project = new GitHubProject("apache", "poi"); @@ -35,19 +50,4 @@ public void testNoTeam() throws IOException { assertNotNull(value); assertFalse(value.get()); } - - private static Value check(HasSecurityTeam provider, GitHubProject project) - throws IOException { - ValueHashSet values = new ValueHashSet(); - provider.update(project, values); - - assertEquals(1, values.size()); - assertTrue(values.has(HAS_SECURITY_TEAM)); - - Optional> something = values.of(HAS_SECURITY_TEAM); - assertNotNull(something); - assertTrue(something.isPresent()); - - return something.get(); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/LicenseInfoTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/LicenseInfoTest.java index 116d09a4c..489d4e941 100755 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/LicenseInfoTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/LicenseInfoTest.java @@ -27,27 +27,14 @@ public class LicenseInfoTest extends TestGitHubDataFetcherHolder { - private static class LicenseInfoMock extends LicenseInfo { - - protected Map licenseMetadataMock = new HashMap<>(); - - public LicenseInfoMock(GitHubDataFetcher fetcher) throws IOException { - super(fetcher); - allowedLicenses("Apache-2.0", "CC-BY-4.0", "MIT", "EPL-2.0"); - } - - @Override - Map licenseMetadata(GitHubProject project) { - return licenseMetadataMock; - } - - public void setLicensePath(String path) { - licenseMetadataMock.put(LICENSE_PATH, path); - } + private static Value checkValue( + ValueSet values, Feature feature, boolean expected) { - public void setSpdxId(String spdxId) { - licenseMetadataMock.put(SPDX_ID, spdxId); - } + Optional> something = values.of(feature); + assertTrue(something.isPresent()); + Value value = something.get(); + assertEquals(expected, value.get()); + return value; } @Test @@ -87,16 +74,6 @@ public void testLicenseContent() throws IOException { assertTrue(value.explanation().get(0).contains(disallowedPattern)); } - private static Value checkValue( - ValueSet values, Feature feature, boolean expected) { - - Optional> something = values.of(feature); - assertTrue(something.isPresent()); - Value value = something.get(); - assertEquals(expected, value.get()); - return value; - } - @Test public void testSupportedFeatures() throws IOException { LicenseInfo provider = new LicenseInfo(fetcher); @@ -349,4 +326,27 @@ public void testProjectWithNullsInMetadata() throws IOException { assertTrue(something.isPresent()); assertTrue(something.get().isUnknown()); } + + private static class LicenseInfoMock extends LicenseInfo { + + protected Map licenseMetadataMock = new HashMap<>(); + + public LicenseInfoMock(GitHubDataFetcher fetcher) throws IOException { + super(fetcher); + allowedLicenses("Apache-2.0", "CC-BY-4.0", "MIT", "EPL-2.0"); + } + + @Override + Map licenseMetadata(GitHubProject project) { + return licenseMetadataMock; + } + + public void setLicensePath(String path) { + licenseMetadataMock.put(LICENSE_PATH, path); + } + + public void setSpdxId(String spdxId) { + licenseMetadataMock.put(SPDX_ID, spdxId); + } + } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/NumberOfDependentProjectOnGitHubTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/NumberOfDependentProjectOnGitHubTest.java index e0817ac57..6c77d7a76 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/NumberOfDependentProjectOnGitHubTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/NumberOfDependentProjectOnGitHubTest.java @@ -17,24 +17,6 @@ public class NumberOfDependentProjectOnGitHubTest extends TestGitHubDataFetcherHolder { - private static class TestProvider extends NumberOfDependentProjectOnGitHub { - - private String content; - - public TestProvider(GitHubDataFetcher fetcher) throws IOException { - super(fetcher); - } - - void set(String content) { - this.content = content; - } - - @Override - Element loadFrontPageOf(GitHubProject project) { - return Jsoup.parse(content); - } - } - @Test public void testSupportedFeature() throws IOException { assertEquals( @@ -91,4 +73,22 @@ public void testFetchValueFor() throws IOException { assertFalse(value.isUnknown()); assertEquals(423030, (int) value.get()); } + + private static class TestProvider extends NumberOfDependentProjectOnGitHub { + + private String content; + + public TestProvider(GitHubDataFetcher fetcher) throws IOException { + super(fetcher); + } + + void set(String content) { + this.content = content; + } + + @Override + Element loadFrontPageOf(GitHubProject project) { + return Jsoup.parse(content); + } + } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/OwaspSecurityLibrariesTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/OwaspSecurityLibrariesTest.java index c3cbeacb9..3c9464d3f 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/OwaspSecurityLibrariesTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/OwaspSecurityLibrariesTest.java @@ -28,6 +28,21 @@ public class OwaspSecurityLibrariesTest extends TestGitHubDataFetcherHolder { + private static void checkValue( + OwaspSecurityLibraries provider, Feature feature, boolean expectedValue) + throws IOException { + + GitHubProject project = new GitHubProject("org", "test"); + ValueSet values = new ValueHashSet(); + provider.update(project, values); + + Optional> something = values.of(feature); + assertTrue(something.isPresent()); + Value value = something.get(); + assertFalse(value.isUnknown()); + assertEquals(expectedValue, value.get()); + } + @Test public void testSupportedFeatures() { OwaspSecurityLibraries provider = new OwaspSecurityLibraries(fetcher); @@ -131,21 +146,6 @@ public void testGradleWithoutOwaspSecurityTools() throws IOException { } } - private static void checkValue( - OwaspSecurityLibraries provider, Feature feature, boolean expectedValue) - throws IOException { - - GitHubProject project = new GitHubProject("org", "test"); - ValueSet values = new ValueHashSet(); - provider.update(project, values); - - Optional> something = values.of(feature); - assertTrue(something.isPresent()); - Value value = something.get(); - assertFalse(value.isUnknown()); - assertEquals(expectedValue, value.get()); - } - private OwaspSecurityLibraries createProvider(InputStream is, String filename) throws IOException { diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/ReadmeInfoTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/ReadmeInfoTest.java index 5affe3820..ed83f430d 100755 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/ReadmeInfoTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/ReadmeInfoTest.java @@ -25,6 +25,16 @@ public class ReadmeInfoTest extends TestGitHubDataFetcherHolder { + private static Value checkValue( + ValueSet values, Feature feature, boolean expected) { + + Optional> something = values.of(feature); + assertTrue(something.isPresent()); + Value value = something.get(); + assertEquals(expected, value.get()); + return value; + } + @Test public void testSupportedFeatures() throws IOException { Set> features = new ReadmeInfo(fetcher).supportedFeatures(); @@ -176,14 +186,4 @@ public void testLoadingDefaultConfig() throws IOException { FileUtils.forceDeleteOnExit(config.toFile()); } } - - private static Value checkValue( - ValueSet values, Feature feature, boolean expected) { - - Optional> something = values.of(feature); - assertTrue(something.isPresent()); - Value value = something.get(); - assertEquals(expected, value.get()); - return value; - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/ReleasesFromGitHubTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/ReleasesFromGitHubTest.java index 23ab524a2..8a1a8faab 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/ReleasesFromGitHubTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/ReleasesFromGitHubTest.java @@ -39,7 +39,7 @@ public void testIfGitHubHasReleaseInfo() throws IOException { when(release.getName()).thenReturn("2.0.0"); when(release.getPublished_at()).thenReturn(new Date()); - List releaselist = Arrays.asList(release); + List releaselist = List.of(release); when(pagedIterable.toList()).thenReturn(releaselist); when(repository.listReleases()).thenReturn(pagedIterable); @@ -76,7 +76,7 @@ public void testIfGitHubHasNoReleaseInfoButTags() throws IOException { when(commit.getCommitDate()).thenReturn(new Date()); when(tag.getCommit()).thenReturn(commit); - List tagList = Arrays.asList(tag); + List tagList = List.of(tag); when(pagedTagIterable.toList()).thenReturn(tagList); when(repository.listTags()).thenReturn(pagedTagIterable); diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/SignsJarArtifactsTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/SignsJarArtifactsTest.java index da22aeb5f..46d69b5f3 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/SignsJarArtifactsTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/SignsJarArtifactsTest.java @@ -18,6 +18,24 @@ public class SignsJarArtifactsTest extends TestGitHubDataFetcherHolder { + private static void checkValue(SignsJarArtifacts provider, boolean expectedValue) + throws IOException { + + GitHubProject project = new GitHubProject("org", "test"); + + ValueSet values = new ValueHashSet(); + provider.update(project, values); + + assertEquals(1, values.size()); + assertTrue(values.has(SIGNS_ARTIFACTS)); + + Optional> something = values.of(SIGNS_ARTIFACTS); + assertTrue(something.isPresent()); + + Value actualValue = something.get(); + assertEquals(expectedValue, actualValue.get()); + } + @Test public void testSupportedFeature() { SignsJarArtifacts provider = new SignsJarArtifacts(fetcher); @@ -43,29 +61,11 @@ private SignsJarArtifacts createProvider(InputStream is, String filename) throws when(repository.read(filename)).thenReturn(Optional.of(is)); GitHubProject project = new GitHubProject("org", "test"); - fetcher.addForTesting(project, repository); + TestGitHubDataFetcher.addForTesting(project, repository); SignsJarArtifacts provider = new SignsJarArtifacts(fetcher); provider.set(new SubjectValueCache()); return provider; } - - private static void checkValue(SignsJarArtifacts provider, boolean expectedValue) - throws IOException { - - GitHubProject project = new GitHubProject("org", "test"); - - ValueSet values = new ValueHashSet(); - provider.update(project, values); - - assertEquals(1, values.size()); - assertTrue(values.has(SIGNS_ARTIFACTS)); - - Optional> something = values.of(SIGNS_ARTIFACTS); - assertTrue(something.isPresent()); - - Value actualValue = something.get(); - assertEquals(expectedValue, actualValue.get()); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/TeamsInfoTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/TeamsInfoTest.java index 74a7b3fce..0a6f8eb82 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/TeamsInfoTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/TeamsInfoTest.java @@ -33,6 +33,21 @@ public class TeamsInfoTest extends TestGitHubDataFetcherHolder { private static final boolean EXPECT_TRUE = true; private static final boolean EXPECT_FALSE = false; + private static void checkValue( + ValueSet values, + Feature feature, + boolean expected, + Consumer> additionalCheck) { + + Optional> something = values.of(feature); + assertTrue(something.isPresent()); + Value value = something.get(); + assertFalse(value.isUnknown()); + assertFalse(value.isNotApplicable()); + assertEquals(expected, value.get()); + additionalCheck.accept(value); + } + @Test public void testSupportedFeatures() { TeamsInfo provider = new TeamsInfo(fetcher); @@ -145,19 +160,4 @@ public void testWithBadProject() throws IOException { checkValue(values, HAS_TEAM_WITH_PUSH_PRIVILEGES_ON_GITHUB, EXPECT_FALSE, HAS_EXPLANATION); checkValue(values, HAS_ENOUGH_TEAM_MEMBERS_ON_GITHUB, EXPECT_FALSE, HAS_EXPLANATION); } - - private static void checkValue( - ValueSet values, - Feature feature, - boolean expected, - Consumer> additionalCheck) { - - Optional> something = values.of(feature); - assertTrue(something.isPresent()); - Value value = something.get(); - assertFalse(value.isUnknown()); - assertFalse(value.isNotApplicable()); - assertEquals(expected, value.get()); - additionalCheck.accept(value); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/TestGitHubDataFetcherHolder.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/TestGitHubDataFetcherHolder.java index cb7a2820c..69f97d97c 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/TestGitHubDataFetcherHolder.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/TestGitHubDataFetcherHolder.java @@ -68,16 +68,6 @@ public TestGitHubDataFetcher(GitHub github) throws IOException { super(github, "test token"); } - /** - * Adds {@link GitHubProject} and its {@link GHRepository repository on Github} to the cache. - * - * @param project The {@link GitHubProject}. - * @param repository The {@link GHRepository repository on GitHub}. - */ - void addForTesting(GitHubProject project, GHRepository repository) { - repositoryCache().put(project, repository); - } - /** * Adds {@link GitHubProject} and its associated {@link LocalRepository} details to cache. * @@ -110,5 +100,15 @@ static void addRepositoryInfoForTesting(GitHubProject project, Path projectDir) static Path directoryFor(GitHubProject project) { return REPOSITORIES_BASE_PATH.resolve(project.name()); } + + /** + * Adds {@link GitHubProject} and its {@link GHRepository repository on Github} to the cache. + * + * @param project The {@link GitHubProject}. + * @param repository The {@link GHRepository repository on GitHub}. + */ + void addForTesting(GitHubProject project, GHRepository repository) { + repositoryCache().put(project, repository); + } } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UseReuseDataProviderTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UseReuseDataProviderTest.java index cfe23831b..c22ec9240 100755 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UseReuseDataProviderTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UseReuseDataProviderTest.java @@ -240,23 +240,6 @@ public void testReuseInfo(int responseCode, String status, ValueSet expectedValu } } - static class HttpGetMatcher implements ArgumentMatcher { - - private final String expectedUrl; - - public HttpGetMatcher(String expectedUrl) { - this.expectedUrl = expectedUrl; - } - - @Override - public boolean matches(HttpGet actualHttpGet) { - if (actualHttpGet == null) { - return false; - } - return actualHttpGet.getURI().toString().equals(expectedUrl); - } - } - @Test public void testReuseCompliantWithTrailingSlash() throws IOException { @@ -367,4 +350,21 @@ public void testReuseRepositoryExceptions() throws IOException { "Could not find an expected feature: %s", IS_REUSE_COMPLIANT.name()))); assertTrue(isCompliantValue.get()); } + + static class HttpGetMatcher implements ArgumentMatcher { + + private final String expectedUrl; + + public HttpGetMatcher(String expectedUrl) { + this.expectedUrl = expectedUrl; + } + + @Override + public boolean matches(HttpGet actualHttpGet) { + if (actualHttpGet == null) { + return false; + } + return actualHttpGet.getURI().toString().equals(expectedUrl); + } + } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesFindSecBugsTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesFindSecBugsTest.java index 8054155d9..f9df2a4e4 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesFindSecBugsTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesFindSecBugsTest.java @@ -19,6 +19,22 @@ public class UsesFindSecBugsTest extends TestGitHubDataFetcherHolder { + private static void checkValue(UsesFindSecBugs provider, boolean expectedValue) + throws IOException { + + GitHubProject project = new GitHubProject("org", "test"); + + ValueSet values = new ValueHashSet(); + provider.update(project, values); + + assertEquals(1, values.size()); + assertTrue(values.has(USES_FIND_SEC_BUGS)); + assertTrue(values.of(USES_FIND_SEC_BUGS).isPresent()); + + Value value = values.of(USES_FIND_SEC_BUGS).get(); + assertEquals(expectedValue, value.get()); + } + @Test public void testMavenWithFindSecBugs() throws IOException { try (InputStream is = getClass().getResourceAsStream("MavenWithFindSecBugs.xml")) { @@ -54,20 +70,4 @@ private UsesFindSecBugs createProvider(InputStream is, String filename) throws I return provider; } - - private static void checkValue(UsesFindSecBugs provider, boolean expectedValue) - throws IOException { - - GitHubProject project = new GitHubProject("org", "test"); - - ValueSet values = new ValueHashSet(); - provider.update(project, values); - - assertEquals(1, values.size()); - assertTrue(values.has(USES_FIND_SEC_BUGS)); - assertTrue(values.of(USES_FIND_SEC_BUGS).isPresent()); - - Value value = values.of(USES_FIND_SEC_BUGS).get(); - assertEquals(expectedValue, value.get()); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesGithubForDevelopmentTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesGithubForDevelopmentTest.java index 65f57e19b..11e81687d 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesGithubForDevelopmentTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesGithubForDevelopmentTest.java @@ -27,52 +27,6 @@ public class UsesGithubForDevelopmentTest extends TestGitHubDataFetcherHolder { - private static class RepositoryMockBuilder { - - GHRepository repository; - Set passedChecks; - - private final List> checks = - Arrays.asList( - passed -> - when(repository.getDescription()) - .thenReturn(passed ? "This is the main repository" : "This is a mirror"), - passed -> when(repository.hasIssues()).thenReturn(passed), - passed -> when(repository.hasWiki()).thenReturn(passed), - passed -> { - when(repository.getMirrorUrl()).thenReturn(passed ? "" : "https://test.com"); - when(repository.getSvnUrl()).thenReturn(passed ? "" : "https://test.com"); - }, - passed -> when(repository.isArchived()).thenReturn(!passed)); - - RepositoryMockBuilder() { - init(); - } - - final void init() { - repository = mock(GHRepository.class); - passedChecks = new HashSet<>(); - checks.forEach(check -> check.accept(false)); - } - - int allChecks() { - return checks.size(); - } - - int passedChecks() { - return passedChecks.size(); - } - - void passCheck(int i) { - checks.get(i).accept(true); - passedChecks.add(i); - } - - GHRepository repository() { - return repository; - } - } - @Test public void testVariousChecks() throws IOException { Random random = new Random(); @@ -185,4 +139,49 @@ public void testNotGitHubUrl() { assertTrue(notGitHubUrl("https://test.com/test")); assertFalse(notGitHubUrl("https://github.com/apache/nifi")); } + + private static class RepositoryMockBuilder { + + GHRepository repository; + private final List> checks = + Arrays.asList( + passed -> + when(repository.getDescription()) + .thenReturn(passed ? "This is the main repository" : "This is a mirror"), + passed -> when(repository.hasIssues()).thenReturn(passed), + passed -> when(repository.hasWiki()).thenReturn(passed), + passed -> { + when(repository.getMirrorUrl()).thenReturn(passed ? "" : "https://test.com"); + when(repository.getSvnUrl()).thenReturn(passed ? "" : "https://test.com"); + }, + passed -> when(repository.isArchived()).thenReturn(!passed)); + Set passedChecks; + + RepositoryMockBuilder() { + init(); + } + + final void init() { + repository = mock(GHRepository.class); + passedChecks = new HashSet<>(); + checks.forEach(check -> check.accept(false)); + } + + int allChecks() { + return checks.size(); + } + + int passedChecks() { + return passedChecks.size(); + } + + void passCheck(int i) { + checks.get(i).accept(true); + passedChecks.add(i); + } + + GHRepository repository() { + return repository; + } + } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesNoHttpToolTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesNoHttpToolTest.java index 83201f180..cfe301cbf 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesNoHttpToolTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesNoHttpToolTest.java @@ -19,6 +19,22 @@ public class UsesNoHttpToolTest extends TestGitHubDataFetcherHolder { + private static void checkValue(UsesNoHttpTool provider, boolean expectedValue) + throws IOException { + + GitHubProject project = new GitHubProject("org", "test"); + + ValueSet values = new ValueHashSet(); + provider.update(project, values); + + assertEquals(1, values.size()); + assertTrue(values.has(USES_NOHTTP)); + assertTrue(values.of(USES_NOHTTP).isPresent()); + + Value value = values.of(USES_NOHTTP).get(); + assertEquals(expectedValue, value.get()); + } + @Test public void testMavenWithNoHttp() throws IOException { try (InputStream is = getClass().getResourceAsStream("MavenCheckStyleWithNoHttp.xml")) { @@ -68,20 +84,4 @@ private UsesNoHttpTool createProvider(InputStream is, String filename) throws IO return provider; } - - private static void checkValue(UsesNoHttpTool provider, boolean expectedValue) - throws IOException { - - GitHubProject project = new GitHubProject("org", "test"); - - ValueSet values = new ValueHashSet(); - provider.update(project, values); - - assertEquals(1, values.size()); - assertTrue(values.has(USES_NOHTTP)); - assertTrue(values.of(USES_NOHTTP).isPresent()); - - Value value = values.of(USES_NOHTTP).get(); - assertEquals(expectedValue, value.get()); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesOwaspDependencyCheckTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesOwaspDependencyCheckTest.java index de59613a9..fdb7c6626 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesOwaspDependencyCheckTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesOwaspDependencyCheckTest.java @@ -8,6 +8,7 @@ import static com.sap.oss.phosphor.fosstars.model.value.OwaspDependencyCheckUsage.OPTIONAL; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.mock; @@ -36,6 +37,40 @@ public class UsesOwaspDependencyCheckTest extends TestGitHubDataFetcherHolder { private static final Double NOT_SPECIFIED = null; + private static ValueSet values(UsesOwaspDependencyCheck provider) throws IOException { + GitHubProject project = new GitHubProject("org", "test"); + + ValueSet values = new ValueHashSet(); + provider.update(project, values); + + Set> features = provider.supportedFeatures(); + assertEquals(features.size(), values.size()); + assertTrue(values.containsAll(features)); + return values; + } + + private static void checkUsage(OwaspDependencyCheckUsage expected, ValueSet values) { + Optional> value = values.of(OWASP_DEPENDENCY_CHECK_USAGE); + assertTrue(value.isPresent()); + Value usage = value.get(); + assertEquals(expected, usage.get()); + } + + private static void checkThreshold(Double expected, ValueSet values) { + Optional> value = values.of(OWASP_DEPENDENCY_CHECK_FAIL_CVSS_THRESHOLD); + assertTrue(value.isPresent()); + Value n = value.get(); + assertInstanceOf(OwaspDependencyCheckCvssThresholdValue.class, n); + OwaspDependencyCheckCvssThresholdValue threshold = (OwaspDependencyCheckCvssThresholdValue) n; + + if (expected == null) { + assertFalse(threshold.specified()); + } else { + assertTrue(threshold.specified()); + assertEquals(expected, threshold.get()); + } + } + @Test public void testMavenWithOwaspDependencyCheckInBuild() throws IOException { try (InputStream is = @@ -189,8 +224,7 @@ public void testGradleWithMandatoryOwaspDependencyCheckWithBuildOnAnyIssueFalse( @Test public void testWithBigFailBuildOnCVSS() throws IOException { String pom = - "" - + "\n" + "\n" + " \n" + " \n" + " \n" @@ -239,38 +273,4 @@ private UsesOwaspDependencyCheck createProvider(InputStream is, String filename) return provider; } - - private static ValueSet values(UsesOwaspDependencyCheck provider) throws IOException { - GitHubProject project = new GitHubProject("org", "test"); - - ValueSet values = new ValueHashSet(); - provider.update(project, values); - - Set> features = provider.supportedFeatures(); - assertEquals(features.size(), values.size()); - assertTrue(values.containsAll(features)); - return values; - } - - private static void checkUsage(OwaspDependencyCheckUsage expected, ValueSet values) { - Optional> value = values.of(OWASP_DEPENDENCY_CHECK_USAGE); - assertTrue(value.isPresent()); - Value usage = value.get(); - assertEquals(expected, usage.get()); - } - - private static void checkThreshold(Double expected, ValueSet values) { - Optional> value = values.of(OWASP_DEPENDENCY_CHECK_FAIL_CVSS_THRESHOLD); - assertTrue(value.isPresent()); - Value n = value.get(); - assertTrue(n instanceof OwaspDependencyCheckCvssThresholdValue); - OwaspDependencyCheckCvssThresholdValue threshold = (OwaspDependencyCheckCvssThresholdValue) n; - - if (expected == null) { - assertFalse(threshold.specified()); - } else { - assertTrue(threshold.specified()); - assertEquals(expected, threshold.get()); - } - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesSanitizersTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesSanitizersTest.java index bf58a6f26..d43798f76 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesSanitizersTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/UsesSanitizersTest.java @@ -187,8 +187,8 @@ public void testLookForSanitizers() throws IOException { @Test public void testParseOptions() { assertTrue(UsesSanitizers.parseOptions("something else").isEmpty()); - assertEquals(Arrays.asList("address"), UsesSanitizers.parseOptions("-fsanitize=address")); - assertEquals(Arrays.asList("memory"), UsesSanitizers.parseOptions("-fsanitize=memory")); + assertEquals(List.of("address"), UsesSanitizers.parseOptions("-fsanitize=address")); + assertEquals(List.of("memory"), UsesSanitizers.parseOptions("-fsanitize=memory")); assertEquals( Arrays.asList("address", "memory", "test"), UsesSanitizers.parseOptions("-fsanitize=address,memory,test")); diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/VulnerabilityAlertsInfoTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/VulnerabilityAlertsInfoTest.java index c6059bb46..0a8100682 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/github/VulnerabilityAlertsInfoTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/github/VulnerabilityAlertsInfoTest.java @@ -59,6 +59,19 @@ public class VulnerabilityAlertsInfoTest extends TestGitHubDataFetcherHolder { + " ]\n" + "}"; + private static void checkValue( + ValueSet values, + Feature feature, + boolean expected, + Consumer> additionalCheck) { + + Optional> something = values.of(feature); + assertTrue(something.isPresent()); + Value value = something.get(); + assertEquals(expected, value.get()); + additionalCheck.accept(value); + } + @Test public void testSupportedFeatures() { VulnerabilityAlertsInfo provider = new VulnerabilityAlertsInfo(fetcher); @@ -179,17 +192,4 @@ public void testWithError() throws IOException { assertTrue(something.isPresent()); assertTrue(something.get().isUnknown()); } - - private static void checkValue( - ValueSet values, - Feature feature, - boolean expected, - Consumer> additionalCheck) { - - Optional> something = values.of(feature); - assertTrue(something.isPresent()); - Value value = something.get(); - assertEquals(expected, value.get()); - additionalCheck.accept(value); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/interactive/AskAboutSecurityTeamTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/interactive/AskAboutSecurityTeamTest.java index 61a2e73d7..a3f33d5c1 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/interactive/AskAboutSecurityTeamTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/interactive/AskAboutSecurityTeamTest.java @@ -14,16 +14,6 @@ public class AskAboutSecurityTeamTest { - @Test - public void answerYes() throws IOException { - testProvider(true, new AskAboutSecurityTeam(), new TestUserCallback("yes")); - } - - @Test - public void answerNo() throws IOException { - testProvider(false, new AskAboutSecurityTeam(), new TestUserCallback("no")); - } - private static void testProvider( boolean expected, AskAboutSecurityTeam provider, UserCallback callback) throws IOException { @@ -37,4 +27,14 @@ private static void testProvider( assertTrue(values.of(HAS_SECURITY_TEAM).isPresent()); assertEquals(expected, values.of(HAS_SECURITY_TEAM).get().get()); } + + @Test + public void answerYes() throws IOException { + testProvider(true, new AskAboutSecurityTeam(), new TestUserCallback("yes")); + } + + @Test + public void answerNo() throws IOException { + testProvider(false, new AskAboutSecurityTeam(), new TestUserCallback("no")); + } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/interactive/AskAboutUnpatchedVulnerabilitiesTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/interactive/AskAboutUnpatchedVulnerabilitiesTest.java index 8b7c12047..282b60603 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/interactive/AskAboutUnpatchedVulnerabilitiesTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/interactive/AskAboutUnpatchedVulnerabilitiesTest.java @@ -16,6 +16,23 @@ public class AskAboutUnpatchedVulnerabilitiesTest { + private static void testProvider( + Vulnerabilities expectedVulnerabilities, + AskAboutUnpatchedVulnerabilities provider, + UserCallback callback) { + + ValueSet values = new ValueHashSet(); + provider.set(NoValueCache.create()); + provider.set(callback); + GitHubProject project = new GitHubProject("org", "test"); + provider.ask(project, values); + assertEquals(1, values.size()); + assertTrue(values.has(VULNERABILITIES_IN_PROJECT)); + assertTrue(values.of(VULNERABILITIES_IN_PROJECT).isPresent()); + Value value = values.of(VULNERABILITIES_IN_PROJECT).get(); + assertEquals(expectedVulnerabilities, value.get()); + } + @Test public void twoVulnerabilities() { final String firstIssueId = "https://github.com/org/test/issues/1"; @@ -33,21 +50,4 @@ public void noVulnerabilities() { testProvider( new Vulnerabilities(), new AskAboutUnpatchedVulnerabilities(), new TestUserCallback("no")); } - - private static void testProvider( - Vulnerabilities expectedVulnerabilities, - AskAboutUnpatchedVulnerabilities provider, - UserCallback callback) { - - ValueSet values = new ValueHashSet(); - provider.set(NoValueCache.create()); - provider.set(callback); - GitHubProject project = new GitHubProject("org", "test"); - provider.ask(project, values); - assertEquals(1, values.size()); - assertTrue(values.has(VULNERABILITIES_IN_PROJECT)); - assertTrue(values.of(VULNERABILITIES_IN_PROJECT).isPresent()); - Value value = values.of(VULNERABILITIES_IN_PROJECT).get(); - assertEquals(expectedVulnerabilities, value.get()); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/data/interactive/TestUserCallback.java b/src/test/java/com/sap/oss/phosphor/fosstars/data/interactive/TestUserCallback.java index 9990d6d0c..d112fd733 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/data/interactive/TestUserCallback.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/data/interactive/TestUserCallback.java @@ -15,7 +15,7 @@ public class TestUserCallback implements UserCallback { private static final Logger LOGGER = LogManager.getLogger(TestUserCallback.class); /** An iterator over pre-defined answers. */ - private Iterator iterator; + private final Iterator iterator; /** * Initialize a callback with a number of answers. diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/feature/EnumFeatureTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/feature/EnumFeatureTest.java index a866ea848..15409f792 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/feature/EnumFeatureTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/feature/EnumFeatureTest.java @@ -14,19 +14,6 @@ public class EnumFeatureTest { - private enum TestEnum { - A, - B, - C - } - - private enum AnotherEnum { - A, - B, - C, - D - } - @Test public void testValue() { EnumFeature feature = new EnumFeature<>(TestEnum.class, "test"); @@ -86,4 +73,17 @@ public void testSerializeAndDeserialize() throws IOException { assertEquals(feature, clone); assertEquals(feature.hashCode(), clone.hashCode()); } + + private enum TestEnum { + A, + B, + C + } + + private enum AnotherEnum { + A, + B, + C, + D + } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorResultTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorResultTest.java index 6469393b9..228d0b55b 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorResultTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorResultTest.java @@ -17,11 +17,6 @@ public class TestVectorResultTest { - public enum TestLabel implements Label { - BAD, - GOOD - } - private static final Interval ALMOST_MIN = DoubleInterval.init().from(Score.MIN).to(0.001).closed().make(); @@ -106,4 +101,9 @@ public void equalsAndHashCode() { Status.PASSED, "Alles gut!")); } + + public enum TestLabel implements Label { + BAD, + GOOD + } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorsTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorsTest.java index feb11a108..ea580638b 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorsTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/qa/TestVectorsTest.java @@ -3,6 +3,7 @@ import static com.sap.oss.phosphor.fosstars.model.other.Utils.setOf; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; import static org.junit.jupiter.api.Assertions.assertTrue; import com.sap.oss.phosphor.fosstars.model.feature.example.ExampleFeatures; @@ -64,7 +65,7 @@ public void testGetAndAdd() { assertFalse(vectors.isEmpty()); assertEquals(2, vectors.size()); for (TestVector vector : vectors) { - assertTrue(vector instanceof TestVectorWithDefaults); + assertInstanceOf(TestVectorWithDefaults.class, vector); } assertEquals(firstVector, ((TestVectorWithDefaults) vectors.get(0)).originalVector()); diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssRulesOfPlayRatingTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssRulesOfPlayRatingTest.java index 9f9f8ddf8..02339c5a3 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssRulesOfPlayRatingTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/rating/oss/OssRulesOfPlayRatingTest.java @@ -3,6 +3,7 @@ import static com.sap.oss.phosphor.fosstars.model.score.oss.OssRulesOfPlayScoreTest.allRulesPassed; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -113,7 +114,7 @@ public void testCalculateWithAllPassedRules() { @Test public void testCalculateWithOneFailedRule() { for (Feature feature : RATING.allFeatures()) { - assertTrue(feature instanceof BooleanFeature); + assertInstanceOf(BooleanFeature.class, feature); ValueSet values = allRulesPassed(); double expectedScore = Score.MIN; OssRulesOfPlayLabel expectedLabel = OssRulesOfPlayLabel.FAILED; @@ -145,7 +146,7 @@ public void testCalculateWithOneFailedRule() { @Test public void testCalculateWithOneUnknownValue() { for (Feature feature : RATING.allFeatures()) { - assertTrue(feature instanceof BooleanFeature); + assertInstanceOf(BooleanFeature.class, feature); ValueSet values = allRulesPassed().update(UnknownValue.of(feature)); RatingValue ratingValue = RATING.calculate(values); ScoreValue scoreValue = ratingValue.scoreValue(); diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/AverageCompositeScoreTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/AverageCompositeScoreTest.java index 3e28f2815..7b34816dc 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/AverageCompositeScoreTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/AverageCompositeScoreTest.java @@ -2,6 +2,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertThrows; @@ -132,10 +133,10 @@ public void testWithOneNotApplicable() { assertEquals(2, usedValues.size()); - assertTrue(usedValues.get(0) instanceof ScoreValue); + assertInstanceOf(ScoreValue.class, usedValues.get(0)); assertTrue(usedValues.get(0).isNotApplicable()); - assertTrue(usedValues.get(1) instanceof ScoreValue); + assertInstanceOf(ScoreValue.class, usedValues.get(1)); ScoreValue subScoreValue = (ScoreValue) usedValues.get(1); assertEquals(SecondScore.VALUE, subScoreValue.get(), PRECISION); assertEquals(Confidence.MAX, subScoreValue.confidence(), PRECISION); diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/WeightedCompositeScoreTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/WeightedCompositeScoreTest.java index fc5f50220..8c0c8ef1b 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/WeightedCompositeScoreTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/WeightedCompositeScoreTest.java @@ -6,6 +6,7 @@ import static com.sap.oss.phosphor.fosstars.model.score.example.ExampleScores.SECURITY_TESTING_SCORE_EXAMPLE; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; import static org.junit.jupiter.api.Assertions.assertThrows; @@ -318,12 +319,12 @@ public void testWithOneNotApplicableSubScore() { assertEquals(2, usedValues.size()); - assertTrue(usedValues.get(0) instanceof ScoreValue); + assertInstanceOf(ScoreValue.class, usedValues.get(0)); ScoreValue subScoreValue = (ScoreValue) usedValues.get(0); assertTrue(subScoreValue.isNotApplicable()); assertEquals(WeightedScoreImpl.FIRST_WEIGHT, subScoreValue.weight(), PRECISION); - assertTrue(usedValues.get(1) instanceof ScoreValue); + assertInstanceOf(ScoreValue.class, usedValues.get(1)); subScoreValue = (ScoreValue) usedValues.get(1); assertFalse(subScoreValue.isNotApplicable()); assertEquals(SecondScore.VALUE, subScoreValue.get(), PRECISION); diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/example/ProjectActivityScoreExampleTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/example/ProjectActivityScoreExampleTest.java index 9493c1565..658ee5431 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/example/ProjectActivityScoreExampleTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/example/ProjectActivityScoreExampleTest.java @@ -17,6 +17,15 @@ public class ProjectActivityScoreExampleTest { + private static Set> makeValues( + int numberOfCommitsLastMonth, int numberOfContributorsLastMonth) { + + Set> values = new HashSet<>(); + values.add(NUMBER_OF_COMMITS_LAST_MONTH_EXAMPLE.value(numberOfCommitsLastMonth)); + values.add(NUMBER_OF_CONTRIBUTORS_LAST_MONTH_EXAMPLE.value(numberOfContributorsLastMonth)); + return values; + } + @Test public void name() { assertNotNull(PROJECT_ACTIVITY_SCORE_EXAMPLE.name()); @@ -86,13 +95,4 @@ public void noContributorsNumber() { Score.INTERVAL.contains(PROJECT_ACTIVITY_SCORE_EXAMPLE.calculate(values).get()); }); } - - private static Set> makeValues( - int numberOfCommitsLastMonth, int numberOfContributorsLastMonth) { - - Set> values = new HashSet<>(); - values.add(NUMBER_OF_COMMITS_LAST_MONTH_EXAMPLE.value(numberOfCommitsLastMonth)); - values.add(NUMBER_OF_CONTRIBUTORS_LAST_MONTH_EXAMPLE.value(numberOfContributorsLastMonth)); - return values; - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/ArtifactVersionSecurityScoreTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/ArtifactVersionSecurityScoreTest.java index 251881897..769894b65 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/ArtifactVersionSecurityScoreTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/ArtifactVersionSecurityScoreTest.java @@ -42,6 +42,34 @@ public class ArtifactVersionSecurityScoreTest { private static final double DELTA = 0.01; private static final double CONFIDENCE_NO_VULNERABILITIES = 8.823529411764705; + private static ArtifactVersions testArtifactVersions(boolean with2xx) { + ArtifactVersion version100 = new ArtifactVersion("1.0.0", LocalDateTime.now().minusMonths(14)); + ArtifactVersion version101 = new ArtifactVersion("1.0.1", LocalDateTime.now().minusMonths(13)); + ArtifactVersion version110 = new ArtifactVersion("1.1.0", LocalDateTime.now().minusMonths(6)); + ArtifactVersion version120 = new ArtifactVersion("1.2.0", LocalDateTime.now().minusDays(72)); + if (with2xx) { + ArtifactVersion version200 = new ArtifactVersion("2.0.0", LocalDateTime.now().minusDays(7)); + return ArtifactVersions.of(version100, version101, version110, version120, version200); + } + return ArtifactVersions.of(version100, version101, version110, version120); + } + + private static void checkUsedValues(ScoreValue scoreValue) { + assertEquals(scoreValue.score().subScores().size(), scoreValue.usedValues().size()); + for (Value value : scoreValue.usedValues()) { + boolean found = false; + for (Score subScore : scoreValue.score().subScores()) { + if (value.feature().getClass() == subScore.getClass()) { + found = true; + break; + } + } + if (!found) { + fail("Unexpected value: " + value.feature().getClass()); + } + } + } + @Test public void testSerializeAndDeserialize() throws IOException { ObjectMapper mapper = Json.mapper(); @@ -215,32 +243,4 @@ public void testCalculateWith20UsedAndOldVulnerability() { assertEquals(Confidence.MAX, scoreValue.confidence(), DELTA); checkUsedValues(scoreValue); } - - private static ArtifactVersions testArtifactVersions(boolean with2xx) { - ArtifactVersion version100 = new ArtifactVersion("1.0.0", LocalDateTime.now().minusMonths(14)); - ArtifactVersion version101 = new ArtifactVersion("1.0.1", LocalDateTime.now().minusMonths(13)); - ArtifactVersion version110 = new ArtifactVersion("1.1.0", LocalDateTime.now().minusMonths(6)); - ArtifactVersion version120 = new ArtifactVersion("1.2.0", LocalDateTime.now().minusDays(72)); - if (with2xx) { - ArtifactVersion version200 = new ArtifactVersion("2.0.0", LocalDateTime.now().minusDays(7)); - return ArtifactVersions.of(version100, version101, version110, version120, version200); - } - return ArtifactVersions.of(version100, version101, version110, version120); - } - - private static void checkUsedValues(ScoreValue scoreValue) { - assertEquals(scoreValue.score().subScores().size(), scoreValue.usedValues().size()); - for (Value value : scoreValue.usedValues()) { - boolean found = false; - for (Score subScore : scoreValue.score().subScores()) { - if (value.feature().getClass() == subScore.getClass()) { - found = true; - break; - } - } - if (!found) { - fail("Unexpected value: " + value.feature().getClass()); - } - } - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/CommunityCommitmentScoreTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/CommunityCommitmentScoreTest.java index 3376fc61b..13ff009e5 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/CommunityCommitmentScoreTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/CommunityCommitmentScoreTest.java @@ -22,6 +22,11 @@ public class CommunityCommitmentScoreTest { private static final CommunityCommitmentScore SCORE = new CommunityCommitmentScore(); + private static Set> values(boolean company, boolean apache, boolean eclipse) { + return setOf( + SUPPORTED_BY_COMPANY.value(company), IS_APACHE.value(apache), IS_ECLIPSE.value(eclipse)); + } + @Test public void testWithoutValueForCompanySupport() { assertThrows( @@ -68,9 +73,4 @@ public void testCalculateWithAllUnknown() { assertTrue(scoreValue.isUnknown()); assertEquals(Confidence.MIN, scoreValue.confidence(), DELTA); } - - private static Set> values(boolean company, boolean apache, boolean eclipse) { - return setOf( - SUPPORTED_BY_COMPANY.value(company), IS_APACHE.value(apache), IS_ECLIPSE.value(eclipse)); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssArtifactSecurityScoreTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssArtifactSecurityScoreTest.java index 9a46fe094..b853691ac 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssArtifactSecurityScoreTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssArtifactSecurityScoreTest.java @@ -32,6 +32,34 @@ public class OssArtifactSecurityScoreTest { private static final double DELTA = 0.2; private static final double CONFIDENCE_NO_VULNERABILITY = 9.411764705882351; + private static ArtifactVersions testArtifactVersions(boolean with2xx) { + ArtifactVersion version100 = new ArtifactVersion("1.0.0", LocalDateTime.now().minusMonths(14)); + ArtifactVersion version101 = new ArtifactVersion("1.0.1", LocalDateTime.now().minusMonths(13)); + ArtifactVersion version110 = new ArtifactVersion("1.1.0", LocalDateTime.now().minusMonths(6)); + ArtifactVersion version120 = new ArtifactVersion("1.2.0", LocalDateTime.now().minusDays(72)); + if (with2xx) { + ArtifactVersion version200 = new ArtifactVersion("2.0.0", LocalDateTime.now().minusDays(7)); + return ArtifactVersions.of(version100, version101, version110, version120, version200); + } + return ArtifactVersions.of(version100, version101, version110, version120); + } + + private static void checkUsedValues(ScoreValue scoreValue) { + assertEquals(scoreValue.score().subScores().size(), scoreValue.usedValues().size()); + for (Value value : scoreValue.usedValues()) { + boolean found = false; + for (Score subScore : scoreValue.score().subScores()) { + if (value.feature().getClass() == subScore.getClass()) { + found = true; + break; + } + } + if (!found) { + fail("Unexpected value: " + value.feature().getClass()); + } + } + } + @Test public void testSerializeAndDeserialize() throws IOException { ObjectMapper mapper = Json.mapper(); @@ -171,32 +199,4 @@ public void testMaxScore() { private Vulnerability createBasicVulnerability() { return TestUtils.createBasicVulnerability(9.0, "1.0.0", "1.2.0"); } - - private static ArtifactVersions testArtifactVersions(boolean with2xx) { - ArtifactVersion version100 = new ArtifactVersion("1.0.0", LocalDateTime.now().minusMonths(14)); - ArtifactVersion version101 = new ArtifactVersion("1.0.1", LocalDateTime.now().minusMonths(13)); - ArtifactVersion version110 = new ArtifactVersion("1.1.0", LocalDateTime.now().minusMonths(6)); - ArtifactVersion version120 = new ArtifactVersion("1.2.0", LocalDateTime.now().minusDays(72)); - if (with2xx) { - ArtifactVersion version200 = new ArtifactVersion("2.0.0", LocalDateTime.now().minusDays(7)); - return ArtifactVersions.of(version100, version101, version110, version120, version200); - } - return ArtifactVersions.of(version100, version101, version110, version120); - } - - private static void checkUsedValues(ScoreValue scoreValue) { - assertEquals(scoreValue.score().subScores().size(), scoreValue.usedValues().size()); - for (Value value : scoreValue.usedValues()) { - boolean found = false; - for (Score subScore : scoreValue.score().subScores()) { - if (value.feature().getClass() == subScore.getClass()) { - found = true; - break; - } - } - if (!found) { - fail("Unexpected value: " + value.feature().getClass()); - } - } - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssRulesOfPlayScoreTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssRulesOfPlayScoreTest.java index ec8abbb6d..bb7198a26 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssRulesOfPlayScoreTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssRulesOfPlayScoreTest.java @@ -2,6 +2,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertInstanceOf; import static org.junit.jupiter.api.Assertions.assertNotEquals; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -29,11 +30,20 @@ public class OssRulesOfPlayScoreTest { private static final double DELTA = 0.01; + public static ValueSet allRulesPassed() { + ValueSet values = new ValueHashSet(); + OssRulesOfPlayScore.EXPECTED_TRUE.forEach(feature -> values.update(feature.value(true))); + OssRulesOfPlayScore.EXPECTED_FALSE.forEach(feature -> values.update(feature.value(false))); + OssRulesOfPlayScore.RECOMMENDED_TRUE.forEach(feature -> values.update(feature.value(true))); + OssRulesOfPlayScore.RECOMMENDED_FALSE.forEach(feature -> values.update(feature.value(false))); + return values; + } + @Test public void testFeatures() { assertFalse(SCORE.features().isEmpty()); for (Feature feature : SCORE.features()) { - assertTrue(feature instanceof BooleanFeature); + assertInstanceOf(BooleanFeature.class, feature); } } @@ -57,14 +67,14 @@ public void testSerialization() throws IOException { assertEquals(SCORE, Json.read(Json.toBytes(SCORE), OssRulesOfPlayScore.class)); } + // the test cases below implement verification procedure for the score + // if necessary, they may be re-written using test vectors + @Test public void testCalculateWithNoValues() { assertThrows(IllegalArgumentException.class, () -> SCORE.calculate()); } - // the test cases below implement verification procedure for the score - // if necessary, they may be re-written using test vectors - @Test public void testCalculateWithUnknownValues() { Set> values = Utils.allUnknown(SCORE.allFeatures()); @@ -91,7 +101,7 @@ public void testCalculateWithAllPassedRules() { @Test public void testCalculateWithOneFailedRule() { for (Feature feature : SCORE.features()) { - assertTrue(feature instanceof BooleanFeature); + assertInstanceOf(BooleanFeature.class, feature); ValueSet values = allRulesPassed(); double expectedScore = Score.MIN; if (OssRulesOfPlayScore.EXPECTED_FALSE.contains(feature)) { @@ -119,7 +129,7 @@ public void testCalculateWithOneFailedRule() { @Test public void testCalculateWithOneUnknownValue() { for (Feature feature : SCORE.features()) { - assertTrue(feature instanceof BooleanFeature); + assertInstanceOf(BooleanFeature.class, feature); ValueSet values = allRulesPassed().update(UnknownValue.of(feature)); ScoreValue scoreValue = SCORE.calculate(values); assertFalse(scoreValue.isUnknown()); @@ -130,13 +140,4 @@ public void testCalculateWithOneUnknownValue() { assertEquals(values.size(), scoreValue.usedValues().size()); } } - - public static ValueSet allRulesPassed() { - ValueSet values = new ValueHashSet(); - OssRulesOfPlayScore.EXPECTED_TRUE.forEach(feature -> values.update(feature.value(true))); - OssRulesOfPlayScore.EXPECTED_FALSE.forEach(feature -> values.update(feature.value(false))); - OssRulesOfPlayScore.RECOMMENDED_TRUE.forEach(feature -> values.update(feature.value(true))); - OssRulesOfPlayScore.RECOMMENDED_FALSE.forEach(feature -> values.update(feature.value(false))); - return values; - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssSecurityScoreTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssSecurityScoreTest.java index 7e0260fb8..6e665c1eb 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssSecurityScoreTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/OssSecurityScoreTest.java @@ -71,34 +71,6 @@ public class OssSecurityScoreTest { - @Test - public void testSerializeAndDeserialize() throws IOException { - OssSecurityScore score = new OssSecurityScore(); - byte[] bytes = Json.toBytes(score); - assertNotNull(bytes); - assertTrue(bytes.length > 0); - OssSecurityScore clone = Json.read(bytes, OssSecurityScore.class); - assertEquals(score, clone); - } - - @Test - public void testCalculateForAllUnknown() { - Score score = new OssSecurityScore(); - ScoreValue scoreValue = score.calculate(Utils.allUnknown(score.allFeatures())); - assertTrue(scoreValue.isUnknown()); - assertEquals(Confidence.MIN, scoreValue.confidence(), DELTA); - checkUsedValues(scoreValue); - } - - @Test - public void testCalculate() { - Score score = new OssSecurityScore(); - ScoreValue scoreValue = score.calculate(defaultValues()); - assertTrue(Score.INTERVAL.contains(scoreValue.get())); - assertEquals(Confidence.MAX, scoreValue.confidence(), DELTA); - checkUsedValues(scoreValue); - } - public static Set> defaultValues() { return setOf( SUPPORTED_BY_COMPANY.value(false), @@ -162,4 +134,32 @@ private static void checkUsedValues(ScoreValue scoreValue) { } } } + + @Test + public void testSerializeAndDeserialize() throws IOException { + OssSecurityScore score = new OssSecurityScore(); + byte[] bytes = Json.toBytes(score); + assertNotNull(bytes); + assertTrue(bytes.length > 0); + OssSecurityScore clone = Json.read(bytes, OssSecurityScore.class); + assertEquals(score, clone); + } + + @Test + public void testCalculateForAllUnknown() { + Score score = new OssSecurityScore(); + ScoreValue scoreValue = score.calculate(Utils.allUnknown(score.allFeatures())); + assertTrue(scoreValue.isUnknown()); + assertEquals(Confidence.MIN, scoreValue.confidence(), DELTA); + checkUsedValues(scoreValue); + } + + @Test + public void testCalculate() { + Score score = new OssSecurityScore(); + ScoreValue scoreValue = score.calculate(defaultValues()); + assertTrue(Score.INTERVAL.contains(scoreValue.get())); + assertEquals(Confidence.MAX, scoreValue.confidence(), DELTA); + checkUsedValues(scoreValue); + } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectActivityScoreTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectActivityScoreTest.java index b013dc671..67a47d84a 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectActivityScoreTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectActivityScoreTest.java @@ -22,6 +22,12 @@ public class ProjectActivityScoreTest { private static final ProjectActivityScore PROJECT_ACTIVITY = new ProjectActivityScore(); + private static Set> values(int commits, int contributors) { + return setOf( + NUMBER_OF_COMMITS_LAST_THREE_MONTHS.value(commits), + NUMBER_OF_CONTRIBUTORS_LAST_THREE_MONTHS.value(contributors)); + } + @Test public void testCalculate() { ScoreValue scoreValue = @@ -112,10 +118,4 @@ public void testDescription() { assertNotNull(PROJECT_ACTIVITY.description()); assertFalse(PROJECT_ACTIVITY.description().isEmpty()); } - - private static Set> values(int commits, int contributors) { - return setOf( - NUMBER_OF_COMMITS_LAST_THREE_MONTHS.value(commits), - NUMBER_OF_CONTRIBUTORS_LAST_THREE_MONTHS.value(contributors)); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectPopularityScoreTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectPopularityScoreTest.java index 678f40f9f..5f99ac160 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectPopularityScoreTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectPopularityScoreTest.java @@ -21,6 +21,13 @@ public class ProjectPopularityScoreTest { private static final ProjectPopularityScore SCORE = new ProjectPopularityScore(); + private static Set> values(int stars, int watchers, int dependents) { + return setOf( + NUMBER_OF_GITHUB_STARS.value(stars), + NUMBER_OF_WATCHERS_ON_GITHUB.value(watchers), + NUMBER_OF_DEPENDENT_PROJECTS_ON_GITHUB.value(dependents)); + } + @Test public void testWithNegativeStars() { assertThrows( @@ -125,11 +132,4 @@ public void testDescription() { assertNotNull(SCORE.description()); assertFalse(SCORE.description().isEmpty()); } - - private static Set> values(int stars, int watchers, int dependents) { - return setOf( - NUMBER_OF_GITHUB_STARS.value(stars), - NUMBER_OF_WATCHERS_ON_GITHUB.value(watchers), - NUMBER_OF_DEPENDENT_PROJECTS_ON_GITHUB.value(dependents)); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/CalculatedSecurityRiskIntroducedByOssTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/CalculatedSecurityRiskIntroducedByOssTest.java index c5d1d579f..5e70f9fee 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/CalculatedSecurityRiskIntroducedByOssTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/score/oss/risk/CalculatedSecurityRiskIntroducedByOssTest.java @@ -36,6 +36,20 @@ public class CalculatedSecurityRiskIntroducedByOssTest { private static final CalculatedSecurityRiskIntroducedByOss SCORE = new CalculatedSecurityRiskIntroducedByOss(); + public static ValueSet defaultValues() { + ValueSet values = new ValueHashSet(); + values.update(OssSecurityScoreTest.defaultValues()); + values.update(PROJECT_USAGE.value(QUITE_A_LOT)); + values.update(FUNCTIONALITY.value(NETWORKING)); + values.update(HANDLING_UNTRUSTED_DATA_LIKELIHOOD.value(MEDIUM)); + values.update(IS_ADOPTED.no()); + values.update(DATA_CONFIDENTIALITY.value(INTERNAL)); + values.update(CONFIDENTIALITY_IMPACT.value(LOW)); + values.update(INTEGRITY_IMPACT.value(LOW)); + values.update(AVAILABILITY_IMPACT.value(HIGH)); + return values; + } + @Test public void testJsonSerialization() throws IOException { CalculatedSecurityRiskIntroducedByOss clone = @@ -72,18 +86,4 @@ public void testScoreValueSerialization() throws IOException { assertTrue(scoreValue.equals(clone) && clone.equals(scoreValue)); assertEquals(scoreValue.hashCode(), clone.hashCode()); } - - public static ValueSet defaultValues() { - ValueSet values = new ValueHashSet(); - values.update(OssSecurityScoreTest.defaultValues()); - values.update(PROJECT_USAGE.value(QUITE_A_LOT)); - values.update(FUNCTIONALITY.value(NETWORKING)); - values.update(HANDLING_UNTRUSTED_DATA_LIKELIHOOD.value(MEDIUM)); - values.update(IS_ADOPTED.no()); - values.update(DATA_CONFIDENTIALITY.value(INTERNAL)); - values.update(CONFIDENTIALITY_IMPACT.value(LOW)); - values.update(INTEGRITY_IMPACT.value(LOW)); - values.update(AVAILABILITY_IMPACT.value(HIGH)); - return values; - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/subject/AbstractSubjectTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/subject/AbstractSubjectTest.java index 8c9970d7c..f13d45250 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/subject/AbstractSubjectTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/subject/AbstractSubjectTest.java @@ -14,20 +14,6 @@ public class AbstractSubjectTest { - private static class TestSubject extends AbstractSubject { - - public TestSubject(RatingValue ratingValue, Date ratingValueDate) { - super(ratingValue, ratingValueDate); - } - - public TestSubject() {} - - @Override - public String purl() { - return "scheme:type/namespace/name@version?qualifiers#subpath"; - } - } - @Test public void testSetAndGet() { TestSubject subject = new TestSubject(); @@ -60,4 +46,18 @@ public void testEqualsAndHashCode() { assertEquals(firstSubject, secondSubject); assertEquals(firstSubject.hashCode(), secondSubject.hashCode()); } + + private static class TestSubject extends AbstractSubject { + + public TestSubject(RatingValue ratingValue, Date ratingValueDate) { + super(ratingValue, ratingValueDate); + } + + public TestSubject() {} + + @Override + public String purl() { + return "scheme:type/namespace/name@version?qualifiers#subpath"; + } + } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/value/AbstractKnownValueTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/value/AbstractKnownValueTest.java index e30d8ca70..1770d3d9e 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/value/AbstractKnownValueTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/value/AbstractKnownValueTest.java @@ -20,41 +20,6 @@ public class AbstractKnownValueTest { - private static class FeatureImpl extends AbstractFeature { - - FeatureImpl(@JsonProperty("name") String name) { - super(name); - } - - @Override - public Value value(String object) { - return new ValueImpl(this, object); - } - - @Override - public Value parse(String string) { - throw new UnsupportedOperationException(); - } - } - - private static class ValueImpl extends AbstractKnownValue { - - final String value; - - ValueImpl( - @JsonProperty("feature") Feature feature, @JsonProperty("value") String value) { - - super(feature); - this.value = value; - } - - @Override - @JsonGetter("value") - public String get() { - return value; - } - } - @Test public void testProcessIfKnown() { ValueImpl value = new ValueImpl(new FeatureImpl("feature"), "test"); @@ -132,4 +97,39 @@ public void testJsonDeserializationWithoutExplanations() throws IOException { assertEquals("test", value.get()); assertTrue(value.explanation().isEmpty()); } + + private static class FeatureImpl extends AbstractFeature { + + FeatureImpl(@JsonProperty("name") String name) { + super(name); + } + + @Override + public Value value(String object) { + return new ValueImpl(this, object); + } + + @Override + public Value parse(String string) { + throw new UnsupportedOperationException(); + } + } + + private static class ValueImpl extends AbstractKnownValue { + + final String value; + + ValueImpl( + @JsonProperty("feature") Feature feature, @JsonProperty("value") String value) { + + super(feature); + this.value = value; + } + + @Override + @JsonGetter("value") + public String get() { + return value; + } + } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/value/EnumValueTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/value/EnumValueTest.java index 912487910..63b2fe14e 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/value/EnumValueTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/value/EnumValueTest.java @@ -14,12 +14,6 @@ public class EnumValueTest { - private enum TestEnum { - A, - B, - C - } - @Test public void smokeTest() { EnumFeature feature = new EnumFeature<>(TestEnum.class, "feature"); @@ -70,4 +64,10 @@ public void testSerializeAndDeserialize() throws IOException { assertEquals(a, clone); assertEquals(a.hashCode(), clone.hashCode()); } + + private enum TestEnum { + A, + B, + C + } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/model/value/VulnerabilitiesTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/model/value/VulnerabilitiesTest.java index 03dca9a55..739e8862e 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/model/value/VulnerabilitiesTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/model/value/VulnerabilitiesTest.java @@ -19,16 +19,6 @@ public class VulnerabilitiesTest { - @Test - public void testJsonSerializationAndDeserialization() throws IOException { - serializationAndDeserialization(Json.mapper(), vulnerabilities()); - } - - @Test - public void testYamlSerializationAndDeserialization() throws IOException { - serializationAndDeserialization(Yaml.mapper(), vulnerabilities()); - } - private static void serializationAndDeserialization( ObjectMapper mapper, Vulnerabilities vulnerabilities) throws IOException { @@ -59,4 +49,14 @@ private static Vulnerabilities vulnerabilities() throws MalformedURLException { .fixed(new Date()) .make()); } + + @Test + public void testJsonSerializationAndDeserialization() throws IOException { + serializationAndDeserialization(Json.mapper(), vulnerabilities()); + } + + @Test + public void testYamlSerializationAndDeserialization() throws IOException { + serializationAndDeserialization(Yaml.mapper(), vulnerabilities()); + } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/tool/GitHubProjectFinderTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/tool/GitHubProjectFinderTest.java index 3e5d6db75..4216ce8e6 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/tool/GitHubProjectFinderTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/tool/GitHubProjectFinderTest.java @@ -29,6 +29,12 @@ public class GitHubProjectFinderTest { + private static GHRepository mockRepository(String name) { + GHRepository repository = mock(GHRepository.class); + when(repository.getName()).thenReturn(name); + return repository; + } + @Test public void parseValidConfig() throws IOException { ConfigParser parser = new ConfigParser(); @@ -108,10 +114,4 @@ public void noOrganizations() throws IOException { config.projectConfigs, hasItem(new ProjectConfig("FasterXML", "jackson-dataformat-xml"))); } } - - private static GHRepository mockRepository(String name) { - GHRepository repository = mock(GHRepository.class); - when(repository.getName()).thenReturn(name); - return repository; - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/tool/MavenScmFinderTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/tool/MavenScmFinderTest.java index 11e593648..971e6c22c 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/tool/MavenScmFinderTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/tool/MavenScmFinderTest.java @@ -2,6 +2,7 @@ import static com.sap.oss.phosphor.fosstars.tool.MavenScmFinder.normalizeGitHubProjectPath; import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -39,7 +40,7 @@ public void testNonGitHubUrls() throws IOException { for (String url : inputSyntaxes) { Optional parsedUrl = normalizeGitHubProjectPath(url); - assertTrue(!parsedUrl.isPresent()); + assertFalse(parsedUrl.isPresent()); } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/tool/MultipleRatingsCalculatorTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/tool/MultipleRatingsCalculatorTest.java index 234785d83..c17e85124 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/tool/MultipleRatingsCalculatorTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/tool/MultipleRatingsCalculatorTest.java @@ -22,6 +22,15 @@ public class MultipleRatingsCalculatorTest extends TestGitHubDataFetcherHolder { + private static void check(RatingValue ratingValue) { + assertEquals(SecurityLabel.UNCLEAR, ratingValue.label()); + assertEquals( + Confidence.MIN, + Double.compare(Confidence.MIN, ratingValue.scoreValue().confidence()), + DELTA); + assertTrue(ratingValue.scoreValue().isUnknown()); + } + @Test public void testCalculateFor() { Rating rating = RatingRepository.INSTANCE.rating(OssSecurityRating.class); @@ -51,13 +60,4 @@ public void testCalculateFor() { assertTrue(multipleRatingsCalculator.failedSubjects().isEmpty()); } - - private static void check(RatingValue ratingValue) { - assertEquals(SecurityLabel.UNCLEAR, ratingValue.label()); - assertEquals( - Confidence.MIN, - Double.compare(Confidence.MIN, ratingValue.scoreValue().confidence()), - DELTA); - assertTrue(ratingValue.scoreValue().isUnknown()); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/tool/format/OssRulesOfPlayRatingMarkdownFormatterTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/tool/format/OssRulesOfPlayRatingMarkdownFormatterTest.java index 72b6295a4..ecdc1d190 100755 --- a/src/test/java/com/sap/oss/phosphor/fosstars/tool/format/OssRulesOfPlayRatingMarkdownFormatterTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/tool/format/OssRulesOfPlayRatingMarkdownFormatterTest.java @@ -40,6 +40,18 @@ public class OssRulesOfPlayRatingMarkdownFormatterTest { + " rl-readme_file-1: If a project has a README file\n" + "documentationUrl: https://wiki.local/TestPage"; + private static void checkRuleIds(String text) { + assertTrue(text.contains("rl-license_file-1")); + assertTrue(text.contains("rl-license_file-2")); + assertTrue(text.contains("rl-license_file-3")); + assertTrue(text.contains("rl-readme_file-1")); + } + + @AfterAll + public static void shutdown() throws IOException { + FileUtils.forceDeleteOnExit(CONFIG_PATH.toFile()); + } + @Test public void testPrintWithCompliantProject() throws IOException { Files.write(CONFIG_PATH, RULE_IDS.getBytes()); @@ -137,16 +149,4 @@ public void testPrintWithUnclearProject() throws IOException { FileUtils.forceDeleteOnExit(CONFIG_PATH.toFile()); } } - - private static void checkRuleIds(String text) { - assertTrue(text.contains("rl-license_file-1")); - assertTrue(text.contains("rl-license_file-2")); - assertTrue(text.contains("rl-license_file-3")); - assertTrue(text.contains("rl-readme_file-1")); - } - - @AfterAll - public static void shutdown() throws IOException { - FileUtils.forceDeleteOnExit(CONFIG_PATH.toFile()); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/tool/format/PrettyPrinterTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/tool/format/PrettyPrinterTest.java index 08d8aea1e..8b9e10048 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/tool/format/PrettyPrinterTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/tool/format/PrettyPrinterTest.java @@ -134,6 +134,11 @@ public static void setup() { Locale.setDefault(Locale.US); } + @AfterAll + public static void cleanup() { + Locale.setDefault(savedLocale); + } + @Test public void testPrint() { RatingValue ratingValue = RATING.calculate(TEST_VALUES); @@ -189,9 +194,4 @@ public void testFormatValueAndMax() { assertEquals("10.0 out of 10.0", PrettyPrinter.printValueAndMax(10.0, 10.0)); assertEquals("9.0 out of 10.0", PrettyPrinter.printValueAndMax(9.0, 10.0)); } - - @AfterAll - public static void cleanup() { - Locale.setDefault(savedLocale); - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/tool/report/OssRulesOfPlayMarkdownReporterTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/tool/report/OssRulesOfPlayMarkdownReporterTest.java index 8493cb7ae..263854ae8 100755 --- a/src/test/java/com/sap/oss/phosphor/fosstars/tool/report/OssRulesOfPlayMarkdownReporterTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/tool/report/OssRulesOfPlayMarkdownReporterTest.java @@ -32,6 +32,20 @@ public class OssRulesOfPlayMarkdownReporterTest { + private static int linesWith(String string, String content) throws IOException { + BufferedReader reader = new BufferedReader(new StringReader(content)); + + String line; + int n = 0; + while ((line = reader.readLine()) != null) { + if (line.contains(string)) { + n++; + } + } + + return n; + } + @Test public void testReport() throws IOException { Path outputDirectory = @@ -67,11 +81,7 @@ public void testReport() throws IOException { failedProject2.set( new RatingValue( new ScoreValue( - rating.score(), - Score.MIN, - Weight.MAX, - Confidence.MIN, - Arrays.asList(failedReadme)) + rating.score(), Score.MIN, Weight.MAX, Confidence.MIN, List.of(failedReadme)) .set(Score.MIN) .confidence(8.0), FAILED)); @@ -123,18 +133,4 @@ public void testReport() throws IOException { FileUtils.forceDeleteOnExit(outputDirectory.toFile()); } } - - private static int linesWith(String string, String content) throws IOException { - BufferedReader reader = new BufferedReader(new StringReader(content)); - - String line; - int n = 0; - while ((line = reader.readLine()) != null) { - if (line.contains(string)) { - n++; - } - } - - return n; - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingJsonReporterTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingJsonReporterTest.java index e04696bc2..f196160a4 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingJsonReporterTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingJsonReporterTest.java @@ -30,6 +30,20 @@ public class OssSecurityRatingJsonReporterTest { + private static int linesWith(String string, String content) throws IOException { + BufferedReader reader = new BufferedReader(new StringReader(content)); + + String line; + int n = 0; + while ((line = reader.readLine()) != null) { + if (line.contains(string)) { + n++; + } + } + + return n; + } + @Test public void testReport() throws IOException { Path outputDirectory = @@ -107,18 +121,4 @@ public void testCreatingReportDirectory() throws IOException { FileUtils.forceDeleteOnExit(baseDirectory.toFile()); } } - - private static int linesWith(String string, String content) throws IOException { - BufferedReader reader = new BufferedReader(new StringReader(content)); - - String line; - int n = 0; - while ((line = reader.readLine()) != null) { - if (line.contains(string)) { - n++; - } - } - - return n; - } } diff --git a/src/test/java/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingMarkdownReporterTest.java b/src/test/java/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingMarkdownReporterTest.java index 1d92db559..b6473c124 100644 --- a/src/test/java/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingMarkdownReporterTest.java +++ b/src/test/java/com/sap/oss/phosphor/fosstars/tool/report/OssSecurityRatingMarkdownReporterTest.java @@ -30,6 +30,20 @@ public class OssSecurityRatingMarkdownReporterTest { + private static int linesWith(String string, String content) throws IOException { + BufferedReader reader = new BufferedReader(new StringReader(content)); + + String line; + int n = 0; + while ((line = reader.readLine()) != null) { + if (line.contains(string)) { + n++; + } + } + + return n; + } + @Test public void testReport() throws IOException { Path outputDirectory = @@ -118,18 +132,4 @@ public void testCreatingReportDirectory() throws IOException { FileUtils.forceDeleteOnExit(baseDirectory.toFile()); } } - - private static int linesWith(String string, String content) throws IOException { - BufferedReader reader = new BufferedReader(new StringReader(content)); - - String line; - int n = 0; - while ((line = reader.readLine()) != null) { - if (line.contains(string)) { - n++; - } - } - - return n; - } } diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/advice/AdviceContentStorageTest.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/advice/AdviceContentStorageTest.yml index d01ce4d5a..74ce29fc9 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/advice/AdviceContentStorageTest.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/advice/AdviceContentStorageTest.yml @@ -20,5 +20,5 @@ Static code analysis status (example): - name: link6 url: https://test/6 - advice: Advice with empty links - links: [] + links: [ ] - advice: Advice with no links \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/OwaspDependencyHasNoVulnerabilities.json b/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/OwaspDependencyHasNoVulnerabilities.json index 5b6d55034..ef2458ec7 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/OwaspDependencyHasNoVulnerabilities.json +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/OwaspDependencyHasNoVulnerabilities.json @@ -1,362 +1,362 @@ { - "reportSchema": "1.1", - "scanInfo": { - "engineVersion": "6.2.2", - "dataSource": [ - { - "name": "NVD CVE Checked", - "timestamp": "2021-07-28T15:08:24" - }, - { - "name": "NVD CVE Modified", - "timestamp": "2021-07-28T14:00:06" - }, - { - "name": "VersionCheckOn", - "timestamp": "2021-07-13T16:42:04" - } + "reportSchema": "1.1", + "scanInfo": { + "engineVersion": "6.2.2", + "dataSource": [ + { + "name": "NVD CVE Checked", + "timestamp": "2021-07-28T15:08:24" + }, + { + "name": "NVD CVE Modified", + "timestamp": "2021-07-28T14:00:06" + }, + { + "name": "VersionCheckOn", + "timestamp": "2021-07-13T16:42:04" + } + ] + }, + "projectInfo": { + "name": "jackson-databind-2.9.1.jar", + "reportDate": "2021-07-28T13:26:57.202Z", + "credits": { + "NVD": "This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov", + "NPM": "This report may contain data retrieved from the NPM Public Advisories: https://www.npmjs.com/advisories", + "RETIREJS": "This report may contain data retrieved from the RetireJS community: https://retirejs.github.io/retire.js/", + "OSSINDEX": "This report may contain data retrieved from the Sonatype OSS Index: https://ossindex.sonatype.org" + } + }, + "dependencies": [ + { + "isVirtual": false, + "fileName": "jackson-databind-2.9.1.jar", + "filePath": "C:\\Users\\D067452\\eclipseWorkspace\\fosstars\\fosstars-rating-core\\.fosstars\\jars\\jackson-databind-2.9.1.jar", + "md5": "88d151266214f04685a7b5630cb3f55a", + "sha1": "716da1830a2043f18882fc036ec26eb32cbe5aff", + "sha256": "17b28ec21ae487bb9a0570b6c0ec66b2277d47546d4089c3a5a2b3e60054134c", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "license": "http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "jackson-databind" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "databind" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "fasterxml" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "jackson" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "com.fasterxml.jackson.databind" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/github.com\/FasterXML\/jackson" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "com.fasterxml.jackson.core.jackson-databind" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "implementation-build-date", + "value": "2017-09-08 01:09:29+0000" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Vendor", + "value": "FasterXML" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Implementation-Vendor-Id", + "value": "com.fasterxml.jackson.core" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.7))\"" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "specification-vendor", + "value": "FasterXML" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "jackson-databind" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "fasterxml.jackson.core" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "jackson-databind" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "jackson-bom" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "com.fasterxml.jackson" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/github.com\/FasterXML\/jackson" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "jackson-databind" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "hint analyzer", + "name": "product", + "value": "java8" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "hint analyzer", + "name": "product", + "value": "modules" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "databind" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "fasterxml" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "jackson" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "com.fasterxml.jackson.databind" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/github.com\/FasterXML\/jackson" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "jackson-databind" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "com.fasterxml.jackson.core.jackson-databind" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "implementation-build-date", + "value": "2017-09-08 01:09:29+0000" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "jackson-databind" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.7))\"" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "specification-title", + "value": "jackson-databind" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "jackson-databind" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "fasterxml.jackson.core" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "jackson-databind" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "jackson-bom" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "com.fasterxml.jackson" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/github.com\/FasterXML\/jackson" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "2.9.1" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "2.9.1" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "2.9.1" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "2.9.1" + } ] - }, - "projectInfo": { - "name": "jackson-databind-2.9.1.jar", - "reportDate": "2021-07-28T13:26:57.202Z", - "credits": { - "NVD": "This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov", - "NPM": "This report may contain data retrieved from the NPM Public Advisories: https://www.npmjs.com/advisories", - "RETIREJS": "This report may contain data retrieved from the RetireJS community: https://retirejs.github.io/retire.js/", - "OSSINDEX": "This report may contain data retrieved from the Sonatype OSS Index: https://ossindex.sonatype.org" + }, + "packages": [ + { + "id": "pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.1", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.1?utm_source=dependency-check&utm_medium=integration&utm_content=6.2.2" } - }, - "dependencies": [ + ], + "vulnerabilityIds": [ { - "isVirtual": false, - "fileName": "jackson-databind-2.9.1.jar", - "filePath": "C:\\Users\\D067452\\eclipseWorkspace\\fosstars\\fosstars-rating-core\\.fosstars\\jars\\jackson-databind-2.9.1.jar", - "md5": "88d151266214f04685a7b5630cb3f55a", - "sha1": "716da1830a2043f18882fc036ec26eb32cbe5aff", - "sha256": "17b28ec21ae487bb9a0570b6c0ec66b2277d47546d4089c3a5a2b3e60054134c", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "license": "http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", - "evidenceCollected": { - "vendorEvidence": [ - { - "type": "vendor", - "confidence": "HIGH", - "source": "file", - "name": "name", - "value": "jackson-databind" - }, - { - "type": "vendor", - "confidence": "HIGHEST", - "source": "jar", - "name": "package name", - "value": "databind" - }, - { - "type": "vendor", - "confidence": "HIGHEST", - "source": "jar", - "name": "package name", - "value": "fasterxml" - }, - { - "type": "vendor", - "confidence": "HIGHEST", - "source": "jar", - "name": "package name", - "value": "jackson" - }, - { - "type": "vendor", - "confidence": "MEDIUM", - "source": "Manifest", - "name": "automatic-module-name", - "value": "com.fasterxml.jackson.databind" - }, - { - "type": "vendor", - "confidence": "LOW", - "source": "Manifest", - "name": "bundle-docurl", - "value": "http:\/\/github.com\/FasterXML\/jackson" - }, - { - "type": "vendor", - "confidence": "MEDIUM", - "source": "Manifest", - "name": "bundle-symbolicname", - "value": "com.fasterxml.jackson.core.jackson-databind" - }, - { - "type": "vendor", - "confidence": "LOW", - "source": "Manifest", - "name": "implementation-build-date", - "value": "2017-09-08 01:09:29+0000" - }, - { - "type": "vendor", - "confidence": "HIGH", - "source": "Manifest", - "name": "Implementation-Vendor", - "value": "FasterXML" - }, - { - "type": "vendor", - "confidence": "MEDIUM", - "source": "Manifest", - "name": "Implementation-Vendor-Id", - "value": "com.fasterxml.jackson.core" - }, - { - "type": "vendor", - "confidence": "LOW", - "source": "Manifest", - "name": "require-capability", - "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.7))\"" - }, - { - "type": "vendor", - "confidence": "LOW", - "source": "Manifest", - "name": "specification-vendor", - "value": "FasterXML" - }, - { - "type": "vendor", - "confidence": "LOW", - "source": "pom", - "name": "artifactid", - "value": "jackson-databind" - }, - { - "type": "vendor", - "confidence": "HIGHEST", - "source": "pom", - "name": "groupid", - "value": "fasterxml.jackson.core" - }, - { - "type": "vendor", - "confidence": "HIGH", - "source": "pom", - "name": "name", - "value": "jackson-databind" - }, - { - "type": "vendor", - "confidence": "LOW", - "source": "pom", - "name": "parent-artifactid", - "value": "jackson-bom" - }, - { - "type": "vendor", - "confidence": "MEDIUM", - "source": "pom", - "name": "parent-groupid", - "value": "com.fasterxml.jackson" - }, - { - "type": "vendor", - "confidence": "HIGHEST", - "source": "pom", - "name": "url", - "value": "http:\/\/github.com\/FasterXML\/jackson" - } - ], - "productEvidence": [ - { - "type": "product", - "confidence": "HIGH", - "source": "file", - "name": "name", - "value": "jackson-databind" - }, - { - "type": "product", - "confidence": "HIGHEST", - "source": "hint analyzer", - "name": "product", - "value": "java8" - }, - { - "type": "product", - "confidence": "HIGHEST", - "source": "hint analyzer", - "name": "product", - "value": "modules" - }, - { - "type": "product", - "confidence": "HIGHEST", - "source": "jar", - "name": "package name", - "value": "databind" - }, - { - "type": "product", - "confidence": "HIGHEST", - "source": "jar", - "name": "package name", - "value": "fasterxml" - }, - { - "type": "product", - "confidence": "HIGHEST", - "source": "jar", - "name": "package name", - "value": "jackson" - }, - { - "type": "product", - "confidence": "MEDIUM", - "source": "Manifest", - "name": "automatic-module-name", - "value": "com.fasterxml.jackson.databind" - }, - { - "type": "product", - "confidence": "LOW", - "source": "Manifest", - "name": "bundle-docurl", - "value": "http:\/\/github.com\/FasterXML\/jackson" - }, - { - "type": "product", - "confidence": "MEDIUM", - "source": "Manifest", - "name": "Bundle-Name", - "value": "jackson-databind" - }, - { - "type": "product", - "confidence": "MEDIUM", - "source": "Manifest", - "name": "bundle-symbolicname", - "value": "com.fasterxml.jackson.core.jackson-databind" - }, - { - "type": "product", - "confidence": "LOW", - "source": "Manifest", - "name": "implementation-build-date", - "value": "2017-09-08 01:09:29+0000" - }, - { - "type": "product", - "confidence": "HIGH", - "source": "Manifest", - "name": "Implementation-Title", - "value": "jackson-databind" - }, - { - "type": "product", - "confidence": "LOW", - "source": "Manifest", - "name": "require-capability", - "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.7))\"" - }, - { - "type": "product", - "confidence": "MEDIUM", - "source": "Manifest", - "name": "specification-title", - "value": "jackson-databind" - }, - { - "type": "product", - "confidence": "HIGHEST", - "source": "pom", - "name": "artifactid", - "value": "jackson-databind" - }, - { - "type": "product", - "confidence": "HIGHEST", - "source": "pom", - "name": "groupid", - "value": "fasterxml.jackson.core" - }, - { - "type": "product", - "confidence": "HIGH", - "source": "pom", - "name": "name", - "value": "jackson-databind" - }, - { - "type": "product", - "confidence": "MEDIUM", - "source": "pom", - "name": "parent-artifactid", - "value": "jackson-bom" - }, - { - "type": "product", - "confidence": "MEDIUM", - "source": "pom", - "name": "parent-groupid", - "value": "com.fasterxml.jackson" - }, - { - "type": "product", - "confidence": "MEDIUM", - "source": "pom", - "name": "url", - "value": "http:\/\/github.com\/FasterXML\/jackson" - } - ], - "versionEvidence": [ - { - "type": "version", - "confidence": "HIGH", - "source": "file", - "name": "version", - "value": "2.9.1" - }, - { - "type": "version", - "confidence": "HIGH", - "source": "Manifest", - "name": "Bundle-Version", - "value": "2.9.1" - }, - { - "type": "version", - "confidence": "HIGH", - "source": "Manifest", - "name": "Implementation-Version", - "value": "2.9.1" - }, - { - "type": "version", - "confidence": "HIGHEST", - "source": "pom", - "name": "version", - "value": "2.9.1" - } - ] - }, - "packages": [ - { - "id": "pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.1", - "confidence": "HIGH", - "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.1?utm_source=dependency-check&utm_medium=integration&utm_content=6.2.2" - } - ], - "vulnerabilityIds": [ - { - "id": "cpe:2.3:a:fasterxml:jackson-databind:2.9.1:*:*:*:*:*:*:*", - "confidence": "HIGHEST", - "url": "https:\/\/nvd.nist.gov\/vuln\/search\/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.9.1" - }, - { - "id": "cpe:2.3:a:fasterxml:jackson-modules-java8:2.9.1:*:*:*:*:*:*:*", - "confidence": "LOW" - } - ] + "id": "cpe:2.3:a:fasterxml:jackson-databind:2.9.1:*:*:*:*:*:*:*", + "confidence": "HIGHEST", + "url": "https:\/\/nvd.nist.gov\/vuln\/search\/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.9.1" + }, + { + "id": "cpe:2.3:a:fasterxml:jackson-modules-java8:2.9.1:*:*:*:*:*:*:*", + "confidence": "LOW" } - ] + ] + } + ] } \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromMaven.html b/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromMaven.html index 73ac7e063..a5f62fef0 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromMaven.html +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromMaven.html @@ -2,18 +2,18 @@ - Central Repository: com/fasterxml/jackson/core/jackson-databind - - + Central Repository: com/fasterxml/jackson/core/jackson-databind + +

    -

    com/fasterxml/jackson/core/jackson-databind

    +

    com/fasterxml/jackson/core/jackson-databind

    diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromMavenNoArtifactInList.html b/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromMavenNoArtifactInList.html index bc025545e..caa5014bc 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromMavenNoArtifactInList.html +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromMavenNoArtifactInList.html @@ -2,18 +2,18 @@ - Central Repository: com/fasterxml/jackson/core/jackson-databind - - + Central Repository: com/fasterxml/jackson/core/jackson-databind + +
    -

    com/fasterxml/jackson/core/jackson-databind

    +

    com/fasterxml/jackson/core/jackson-databind

    diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromNpm.json b/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromNpm.json index da2da2a41..fd53add01 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromNpm.json +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/ReleaseInfoFromNpm.json @@ -1,1740 +1,1740 @@ { - "_id": "amqplib", - "_rev": "109-a0b36b0122d68410233d19f14d583730", - "name": "amqplib", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "dist-tags": { - "latest": "0.7.1" + "_id": "amqplib", + "_rev": "109-a0b36b0122d68410233d19f14d583730", + "name": "amqplib", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "dist-tags": { + "latest": "0.7.1" + }, + "versions": { + "0.0.1": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./lib/channel_api.js", + "version": "0.0.1", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": "0.8 || 0.10" + }, + "dependencies": { + "bitsyntax": "0.0.2", + "buffer-more-ints": "0.0.1", + "readable-stream": "1.x >=1.0.2", + "when": "~2.1" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MPL 2.0", + "_id": "amqplib@0.0.1", + "dist": { + "shasum": "cfcc77fefb668555594677c98836fefa491c30de", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.0.1.tgz" + }, + "_from": ".", + "_npmVersion": "1.2.18", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "directories": {} }, - "versions": { - "0.0.1": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./lib/channel_api.js", - "version": "0.0.1", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": "0.8 || 0.10" - }, - "dependencies": { - "bitsyntax": "0.0.2", - "buffer-more-ints": "0.0.1", - "readable-stream": "1.x >=1.0.2", - "when": "~2.1" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MPL 2.0", - "_id": "amqplib@0.0.1", - "dist": { - "shasum": "cfcc77fefb668555594677c98836fefa491c30de", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.0.1.tgz" - }, - "_from": ".", - "_npmVersion": "1.2.18", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "directories": {} - }, - "0.0.2": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./lib/channel_api.js", - "version": "0.0.2", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": "0.8 || 0.10" - }, - "dependencies": { - "bitsyntax": "0.0.2", - "buffer-more-ints": "0.0.1", - "readable-stream": "1.x >=1.0.2", - "when": "~2.1" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.0.2", - "dist": { - "shasum": "b2053fdfb6abe941cabd00d2f5d630eea803f70d", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.0.2.tgz" - }, - "_from": ".", - "_npmVersion": "1.3.1", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "directories": {} - }, - "0.1.0": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.1.0", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": "0.8 || 0.9 || 0.10 || 0.11" - }, - "dependencies": { - "bitsyntax": "0.0.3", - "buffer-more-ints": "0.0.2", - "readable-stream": "1.x >=1.1.9", - "when": "~2.1" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1", - "uglify-js": "2.4.x", - "istanbul": "0.1.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.1.0", - "dist": { - "shasum": "a60a1c137c1e5224e9d147019b3909a7b0e8ef05", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.1.0.tgz" - }, - "_from": ".", - "_npmVersion": "1.3.1", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "directories": {} - }, - "0.1.1": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.1.1", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": "0.8 || 0.9 || 0.10 || 0.11" - }, - "dependencies": { - "bitsyntax": "0.0.3", - "buffer-more-ints": "0.0.2", - "readable-stream": "1.x >=1.1.9", - "when": "~2.1" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1", - "uglify-js": "2.4.x", - "istanbul": "0.1.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.1.1", - "dist": { - "shasum": "9a90cb239a3153a0bd3f67b29199951604432481", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.1.1.tgz" - }, - "_from": ".", - "_npmVersion": "1.3.11", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "directories": {} - }, - "0.1.2": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.1.2", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": "0.8 || 0.9 || 0.10 || 0.11" - }, - "dependencies": { - "bitsyntax": "0.0.3", - "buffer-more-ints": "0.0.2", - "readable-stream": "1.x >=1.1.9", - "when": "~2.1" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1", - "uglify-js": "2.4.x", - "istanbul": "0.1.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.1.2", - "dist": { - "shasum": "4f796dd9524eb36dfad37c1f698626b097a64d97", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.1.2.tgz" - }, - "_from": ".", - "_npmVersion": "1.3.24", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "directories": {} - }, - "0.1.3": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.1.3", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": "0.8 || 0.9 || 0.10 || 0.11" - }, - "dependencies": { - "bitsyntax": "0.0.3", - "buffer-more-ints": "0.0.2", - "readable-stream": "1.x >=1.1.9", - "when": "~2.1" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1", - "uglify-js": "2.4.x", - "istanbul": "0.1.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.1.3", - "dist": { - "shasum": "200c174af83226815a21aa621d55fe99eb130a6a", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.1.3.tgz" - }, - "_from": ".", - "_npmVersion": "1.3.24", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "directories": {} - }, - "0.2.0": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.2.0", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": "0.8 || 0.9 || 0.10 || 0.11" - }, - "dependencies": { - "bitsyntax": "~0.0.4", - "buffer-more-ints": "0.0.2", - "readable-stream": "1.x >=1.1.9", - "when": "~2.1" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1", - "uglify-js": "2.4.x", - "istanbul": "0.1.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.2.0", - "dist": { - "shasum": "664281952c4f1fd9748510fcfb2a5564baaaf5be", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.2.0.tgz" - }, - "_from": ".", - "_npmVersion": "1.3.24", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "directories": {} - }, - "0.2.1": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.2.1", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": "0.8 || 0.9 || 0.10 || 0.11" - }, - "dependencies": { - "bitsyntax": "~0.0.4", - "buffer-more-ints": "0.0.2", - "readable-stream": "1.x >=1.1.9", - "when": "~3.2.3" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1", - "uglify-js": "2.4.x", - "istanbul": "0.1.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "0c5fc5cd2dd15568ef3983f743af258655e1045a", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.2.1", - "_shasum": "576267a01302a75763600750767fc1565fe46e8a", - "_from": ".", - "_npmVersion": "1.4.13", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "dist": { - "shasum": "576267a01302a75763600750767fc1565fe46e8a", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.2.1.tgz" - }, - "directories": {} - }, - "0.3.0": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.3.0", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": "0.8 || 0.9 || 0.10 || 0.11" - }, - "dependencies": { - "bitsyntax": "~0.0.4", - "buffer-more-ints": "0.0.2", - "readable-stream": "1.x >=1.1.9", - "when": "~3.2.3" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1", - "uglify-js": "2.4.x", - "istanbul": "0.1.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "21922d55a548d54b70667e3d0c6c933266edfb94", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.3.0", - "_shasum": "1b5dafebac66b36e4afd9dc815766bd2dd400b3d", - "_from": ".", - "_npmVersion": "1.4.13", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "dist": { - "shasum": "1b5dafebac66b36e4afd9dc815766bd2dd400b3d", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.3.0.tgz" - }, - "directories": {} - }, - "0.3.1": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.3.1", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": "0.8 || 0.9 || 0.10 || 0.11 || 0.12 || 1.0 || 1.1" - }, - "dependencies": { - "bitsyntax": "~0.0.4", - "buffer-more-ints": "0.0.2", - "readable-stream": "1.x >=1.1.9", - "when": "~3.6.2" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1", - "uglify-js": "2.4.x", - "istanbul": "0.1.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "0eb65a369749c0f5e0b7a3923d8c9923801f8b60", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.3.1", - "_shasum": "cee1b86fa4516a2963a61e134258ef9da9d38781", - "_from": ".", - "_npmVersion": "1.4.13", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "dist": { - "shasum": "cee1b86fa4516a2963a61e134258ef9da9d38781", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.3.1.tgz" - }, - "directories": {} - }, - "0.3.2": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.3.2", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": ">=0.8 <0.13 || ^1" - }, - "dependencies": { - "bitsyntax": "~0.0.4", - "buffer-more-ints": "0.0.2", - "readable-stream": "1.x >=1.1.9", - "when": "~3.6.2" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1", - "uglify-js": "2.4.x", - "istanbul": "0.1.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "93fde0fe29e3fca2b91743b1a63a81ce291effc9", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.3.2", - "_shasum": "e77d8fb3842ebcae78cf1c930c490d1e954f4297", - "_from": ".", - "_npmVersion": "1.4.13", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "dist": { - "shasum": "e77d8fb3842ebcae78cf1c930c490d1e954f4297", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.3.2.tgz" - }, - "directories": {} - }, - "0.4.0": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.4.0", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": ">=0.8 <4 || ^4" - }, - "dependencies": { - "bitsyntax": "~0.0.4", - "buffer-more-ints": "0.0.2", - "readable-stream": "1.x >=1.1.9", - "when": "~3.6.2" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1", - "uglify-js": "2.4.x", - "istanbul": "0.1.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "105b73c266ed16f377a54072a5ab68bdb6a2c2f0", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.4.0", - "_shasum": "9efe7656dda85a7359f664a2726e8e85229e124c", - "_from": ".", - "_npmVersion": "1.4.13", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "dist": { - "shasum": "9efe7656dda85a7359f664a2726e8e85229e124c", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.4.0.tgz" - }, - "directories": {} - }, - "0.4.1": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.4.1", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "git+https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": ">=0.8 <5 || ^5" - }, - "dependencies": { - "bitsyntax": "~0.0.4", - "buffer-more-ints": "0.0.2", - "readable-stream": "1.x >=1.1.9", - "when": "~3.6.2" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1", - "uglify-js": "2.4.x", - "istanbul": "0.1.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "e6e52d94ef308ece88188b3a89c4a68b5d70863f", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.4.1", - "_shasum": "988e5c65eb992b2df8486d52ef2f6bbbc8fdbd0e", - "_from": ".", - "_npmVersion": "3.3.3", - "_nodeVersion": "0.10.25", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "dist": { - "shasum": "988e5c65eb992b2df8486d52ef2f6bbbc8fdbd0e", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.4.1.tgz" - }, - "_npmOperationalInternal": { - "host": "packages-5-east.internal.npmjs.com", - "tmp": "tmp/amqplib-0.4.1.tgz_1454652521626_0.6085246792063117" - }, - "directories": {} - }, - "0.4.2": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.4.2", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "git+https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": ">=0.8 <6 || ^6" - }, - "dependencies": { - "bitsyntax": "~0.0.4", - "buffer-more-ints": "0.0.2", - "readable-stream": "1.x >=1.1.9", - "when": "~3.6.2" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1", - "uglify-js": "2.4.x", - "istanbul": "0.1.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "46d14f8f0916d49a2e9fa7e8596ddc68b0ab5007", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.4.2", - "_shasum": "5e4a2a914ccb3125f9cb91f6da07c97aa4cb13a6", - "_from": ".", - "_npmVersion": "3.9.3", - "_nodeVersion": "6.2.1", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "dist": { - "shasum": "5e4a2a914ccb3125f9cb91f6da07c97aa4cb13a6", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.4.2.tgz" - }, - "_npmOperationalInternal": { - "host": "packages-12-west.internal.npmjs.com", - "tmp": "tmp/amqplib-0.4.2.tgz_1465287074710_0.32056331844069064" - }, - "directories": {} - }, - "0.5.0": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.5.0", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "git+https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": ">=0.8 <6 || ^6" - }, - "dependencies": { - "bitsyntax": "~0.0.4", - "buffer-more-ints": "0.0.2", - "readable-stream": "1.x >=1.1.9", - "bluebird": "^3.4.6" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1", - "uglify-js": "2.4.x", - "istanbul": "0.1.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "e5c19d4da864954ba907daa00f0dd3910f239715", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.5.0", - "_shasum": "426da5e40dd455245bb626c8a0be9a109cb743b2", - "_from": ".", - "_npmVersion": "3.10.3", - "_nodeVersion": "6.7.0", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "dist": { - "shasum": "426da5e40dd455245bb626c8a0be9a109cb743b2", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.5.0.tgz" - }, - "_npmOperationalInternal": { - "host": "packages-12-west.internal.npmjs.com", - "tmp": "tmp/amqplib-0.5.0.tgz_1478041443784_0.8355621297378093" - }, - "directories": {} - }, - "0.5.1": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.5.1", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "git+https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": ">=0.8 <6 || ^6" - }, - "dependencies": { - "bitsyntax": "~0.0.4", - "buffer-more-ints": "0.0.2", - "readable-stream": "1.x >=1.1.9", - "bluebird": "^3.4.6" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1", - "uglify-js": "2.4.x", - "istanbul": "0.1.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "b21133d708fbb9677267428dd74ddb7fe7f1f80e", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.5.1", - "_shasum": "7cccfebabe56c2e984ea7a2243f7cefe6fbfc6cf", - "_from": ".", - "_npmVersion": "3.3.3", - "_nodeVersion": "0.10.25", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "dist": { - "shasum": "7cccfebabe56c2e984ea7a2243f7cefe6fbfc6cf", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.5.1.tgz" - }, - "_npmOperationalInternal": { - "host": "packages-12-west.internal.npmjs.com", - "tmp": "tmp/amqplib-0.5.1.tgz_1478962016225_0.675085368566215" - }, - "directories": {} - }, - "0.5.2": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.5.2", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "git+https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": ">=0.8 <=9" - }, - "dependencies": { - "bitsyntax": "~0.0.4", - "bluebird": "^3.4.6", - "buffer-more-ints": "0.0.2", - "readable-stream": "1.x >=1.1.9", - "safe-buffer": "^5.0.1" - }, - "devDependencies": { - "mocha": "~1", - "claire": "0.4.1", - "uglify-js": "2.4.x", - "istanbul": "0.1.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "be11b7d8bdfdc9875dc2c50ec39138497e9dc5bd", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.5.2", - "_npmVersion": "5.5.1", - "_nodeVersion": "8.9.1", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "dist": { - "integrity": "sha512-l9mCs6LbydtHqRniRwYkKdqxVa6XMz3Vw1fh+2gJaaVgTM6Jk3o8RccAKWKtlhT1US5sWrFh+KKxsVUALURSIA==", - "shasum": "d2d7313c7ffaa4d10bcf1e6252de4591b6cc7b63", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.5.2.tgz" - }, - "_npmOperationalInternal": { - "host": "s3://npm-registry-packages", - "tmp": "tmp/amqplib-0.5.2.tgz_1510442097876_0.672039186116308" - }, - "directories": {} - }, - "0.5.3": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.5.3", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "git+https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": ">=0.8 <=9" - }, - "dependencies": { - "bitsyntax": "~0.1.0", - "bluebird": "^3.5.2", - "buffer-more-ints": "~1.0.0", - "readable-stream": "1.x >=1.1.9", - "safe-buffer": "~5.1.2", - "url-parse": "~1.4.3" - }, - "devDependencies": { - "claire": "0.4.1", - "istanbul": "0.1.x", - "mocha": "^3.5.3", - "uglify-js": "2.6.x" - }, - "scripts": { - "test": "make test", - "prepublish": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "c28c176dd74565c73957eebf00932a892d2aa840", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.5.3", - "_npmVersion": "6.4.1", - "_nodeVersion": "8.9.1", - "_npmUser": { - "name": "cressie176", - "email": "stephen.cresswell@gmail.com" - }, - "dist": { - "integrity": "sha512-ZOdUhMxcF+u62rPI+hMtU1NBXSDFQ3eCJJrenamtdQ7YYwh7RZJHOIM1gonVbZ5PyVdYH4xqBPje9OYqk7fnqw==", - "shasum": "7ccfc85d12ee7cd3c6dc861bb07f0648ec3d7193", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.5.3.tgz", - "fileCount": 65, - "unpackedSize": 374004, - "npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJcBE6gCRA9TVsSAnZWagAAaskP/iiwYildFRfmyxBWDSm0\nnOGqfTLp7yuYbSFzTPaqwtcx8bAFuCyA7M/0TlVyrLwI5Qm7lkbyDR2EFrW2\ntndeR5ZYSb9RuoPi7zlxS1Ob9QPc65hK5JXuVC0gwq5dN1aIre6E6wsGn5PN\nRHRMZsgOJBsY+WN4Wfj/aVRlGWcGYdOQaoCSTDEfXDdtbzxW4/3WCnHKWcg4\nLPRnPAR/Ac7wUmiccP9SBL7PcN3nvZRxZVKghlVvz0LUrS27p0ptGnet5Uyo\nvUyLeN/dzeczjOgFzkeFZ5njERiT3jozhgxHh6etFT5qsSF8bXtnMmC5TWOU\nBWQrPOxdZswWNLnvAPtmOY9yLU0pYQ9uY2OGH/6AChPxqSaABLtQ5QcMhRra\ngKA0tq/CuD2f6DlHAAIVhyrGheau9MRWZJ+SpbxynLMEEEzkHiMT9fdumNUn\nB5uJeQnzr0skg9w0HQ5UYzKWB8aXqcv7Ml+ob49b69I7i3e9M/WZK3hnop1x\nW/gSvfCGxakJASfn2lviNUbXLJj1myP3EZTdZIRCcKk+KcFlu+cC94wyh375\n/o5+lQ8Klk1cpOphmV4zhytcII4NLGcDT4Yr9qFKtKVapnQz/uesf6XGSuih\ngIAYxqA/EI4quLsFfn1xSWXYrIGzRBuvFrLBpQZyYlqn7xvKxTjZlooPKLUb\nkUqK\r\n=RQeS\r\n-----END PGP SIGNATURE-----\r\n" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "directories": {}, - "_npmOperationalInternal": { - "host": "s3://npm-registry-packages", - "tmp": "tmp/amqplib_0.5.3_1543786143313_0.24922878211377086" - }, - "_hasShrinkwrap": false - }, - "0.5.4": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.5.4", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "git+https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": ">=0.8 <=12" - }, - "dependencies": { - "bitsyntax": "~0.1.0", - "bluebird": "^3.5.2", - "buffer-more-ints": "~1.0.0", - "readable-stream": "1.x >=1.1.9", - "safe-buffer": "~5.1.2", - "url-parse": "~1.4.3" - }, - "devDependencies": { - "claire": "0.4.1", - "istanbul": "0.1.x", - "mocha": "^3.5.3", - "uglify-js": "2.6.x" - }, - "scripts": { - "test": "make test", - "prepare": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "524e707042fbbfd34ae29a559326945546463b92", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.5.4", - "_shasum": "3fa9f1ec569f7da97caa579d51187ee75758ea51", - "_from": ".", - "_npmVersion": "2.15.12", - "_nodeVersion": "11.1.0", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "dist": { - "shasum": "3fa9f1ec569f7da97caa579d51187ee75758ea51", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.5.4.tgz", - "integrity": "sha512-kl7tAGUV57f67pUcSZ12NbfbzaeejQxab0antU3U7gMG3/LCqzM5bqpzYKEsgwfHRDjDyY98Wmyk2dU4qQhffg==", - "fileCount": 67, - "unpackedSize": 284113, - "npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJdP0P9CRA9TVsSAnZWagAAHHsP/jtfsVi+q4059aFDGoyK\nwdmZUN5UIbUEvzJwu07q9Qo1XCwWpJP+glcmQA72X3x5xxPB8xJtTb9aVXrV\nMtFKzFOcEh/8RdUDuintB6+/TJAojwPdjeQd5XdAsAwidakUoaQvhrlcNafQ\nKaOz8jnwoHo39bWjCVbvXrG1xG5ArQxLmP4vlXs5TQ1j9rcCuL2jZK/UdrhK\nss2YTnh2kfXhBFV0fuF+xlCyfggteeJX2GOn7jp93eE4NkC404IguF/6Dkq2\nAnm96XkpMxwODexjvzA+MXw612pVZoUa0DasCoFANMncY9PE/edQVHB6O94K\nBUL4ytDW6wdNuSk1TM4fCBrycbGOq6TtWTQgEF4MyDCQTLlv1JNUImdMVU0r\n//3RbP6z9FlDvto4PIDwfP9NENgL0SrUzZn9loRBN1sXlobqBsJbEZgvJX2v\nUNxm2pfdJNEz0waB1kbuU0kIaPne09qfUqDvbNwRkkAANDDBcfB3Ba+YNHbp\nN1KZgvkHyBJgpLWIEfITbDt5gYWh413S2pKo64sMhOsSOo5knfkuCPdqASbo\nu+SZhxWIS/lJxjBVP6TEIIjyJvFNHmWtvIaqfxPc9M3mSEQ0q8M38iuiopec\nGUyGVgVs0RVvlyWeKso9v8WNTJmIisYQ6F5TV/QnWp1b9/3MZyAkYGp9UQOt\nv7gk\r\n=0qiw\r\n-----END PGP SIGNATURE-----\r\n" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "directories": {}, - "_npmOperationalInternal": { - "host": "s3://npm-registry-packages", - "tmp": "tmp/amqplib_0.5.4_1564427260983_0.3743646858867635" - }, - "_hasShrinkwrap": false, - "deprecated": "See github.com/squaremo/amqp.node/issues/534" - }, - "0.5.5": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.5.5", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "git+https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": ">=0.8 <=12" - }, - "dependencies": { - "bitsyntax": "~0.1.0", - "bluebird": "^3.5.2", - "buffer-more-ints": "~1.0.0", - "readable-stream": "1.x >=1.1.9", - "safe-buffer": "~5.1.2", - "url-parse": "~1.4.3" - }, - "devDependencies": { - "claire": "0.4.1", - "istanbul": "0.1.x", - "mocha": "^3.5.3", - "uglify-js": "2.6.x" - }, - "scripts": { - "test": "make test", - "prepare": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "df4f807c9dd5276b7d280f8b988e5117996becd2", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.5.5", - "_shasum": "698f0cb577e0591954a90572fcb3b8998a76fd40", - "_from": ".", - "_npmVersion": "2.15.12", - "_nodeVersion": "11.1.0", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "dist": { - "shasum": "698f0cb577e0591954a90572fcb3b8998a76fd40", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.5.5.tgz", - "integrity": "sha512-sWx1hbfHbyKMw6bXOK2k6+lHL8TESWxjAx5hG8fBtT7wcxoXNIsFxZMnFyBjxt3yL14vn7WqBDe5U6BGOadtLg==", - "fileCount": 68, - "unpackedSize": 419882, - "npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJdP/jNCRA9TVsSAnZWagAApxwP/0KYLAtgmM2LtYA7q5Sk\nQW54gy4BoZRNfe2ZFdpba9rSIQYPyo5wLg9DFURu/S108lVnh6v1b1DhT8qF\nA7J6SALc9rIfvUMHIAkawuTwlUXlfEbsdOjj7ts3eHthc8nS4hiUbRG7yAeS\nqb3VtAV4za5hh/uzhEi/Blxu7RNLOSuUQh1imvlrC0IZTbsD2VMnEmwaK3LA\nClMz0wtkdCWpybo7E6hDEQ4ga7Le3gBUyO51K0A0Yb42uqBhkdmoiUdLTo9G\nDxodCgfyIDm4UVf7JtvmgE2nJZ1fUCjydzHeGw+EK4cdasCphdZPMC+WpKag\n6IyzJQ1iA8eUjRd3FWhySj9zemECx9WigsBDuUwEyaQP3vk4/8cT6ugeoctB\npUOd+8G3NaN7/hdTqxoEf/5PaFzdvQpGKJhhJu0sTJlgRRf4ZElRHobP3nUU\nqi8VII3R9fy7cnVv6LpLtj+x2/d4MROUcuzryoqTh2Rg2dMj/1oS6ta9EWvw\n/sOEp6Zh6wndxVniggdNvz4J+th9JmoXxPq0UE7cn6SfhUpXHcHvms11Bdyq\nbUQRRBve3GmQiTKBkK22YIpTcx5wT949EvkbMeQFjjGV8cmIXCKV3HFnDZrH\nluCbe3Tk/UKmNEUfgqk4tQJ8Y4HQSILx5avPMNp2gK1KMsu53aYGsuA0RjIF\np4La\r\n=FZqF\r\n-----END PGP SIGNATURE-----\r\n" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "directories": {}, - "_npmOperationalInternal": { - "host": "s3://npm-registry-packages", - "tmp": "tmp/amqplib_0.5.5_1564473549268_0.26824015975247884" - }, - "_hasShrinkwrap": false - }, - "0.5.6": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.5.6", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "git+https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": ">=0.8 <=12" - }, - "dependencies": { - "bitsyntax": "~0.1.0", - "bluebird": "^3.5.2", - "buffer-more-ints": "~1.0.0", - "readable-stream": "1.x >=1.1.9", - "safe-buffer": "~5.1.2", - "url-parse": "~1.4.3" - }, - "devDependencies": { - "claire": "0.4.1", - "istanbul": "0.1.x", - "mocha": "^3.5.3", - "uglify-js": "2.6.x" - }, - "scripts": { - "test": "make test", - "prepare": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "6c266c8ffc708697931844034954e5401060e53b", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.5.6", - "_shasum": "86a7850f4f39c568eaa0dd0300ef374e17941cf4", - "_from": ".", - "_npmVersion": "2.15.12", - "_nodeVersion": "11.1.0", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "dist": { - "shasum": "86a7850f4f39c568eaa0dd0300ef374e17941cf4", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.5.6.tgz", - "integrity": "sha512-J4TR0WAMPBHN+tgTuhNsSObfM9eTVTZm/FNw0LyaGfbiLsBxqSameDNYpChUFXW4bnTKHDXy0ab+nuLhumnRrQ==", - "fileCount": 68, - "unpackedSize": 420357, - "npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJevO9iCRA9TVsSAnZWagAAKPkP/RCjRColaZcnqrcMY8BA\n6f7pTwU4rdI56wUbXMTOF0sZqt4izXoNkZStOxmQGu8iO5b7wOaT7+T84ffu\nZMlMcdCkeh4V6F7dV5kI7NSTZp6dRyP+rfxiNyoMk3B5qtGBCxhN3d4GpGg4\nTDsjb03P+Jz5pR/mTjAmg4hu/Go9Rj/sWX4GqiLz88AxrJOcUZegOsFahVnv\n7FeOKnOFmJUObfsvQ2OYwBbDIqmE5CRpjG8qKAQUH+TC0mbFxZjbUvQ8hGIW\n1Dut448s//5yUiDhd8XO4UObaYv6KqQ+xPJzRQfIcu7QXWpuNHC7xehwjVmE\nQGL4/8E/ZtabSw0mBN0ZDEkP1F+Rl3a9xsMfqhE2yPg///STQj9BiVgpC3Os\nJqDr502LrOy57D1N9tqlVVPum9QAaiYt3l4F8Jy02VSGIKnvngoJ8/FvinIR\nGgj67iEb7CBu1vNM3ho+FeRTlh+ljK0MQWoXdGTlMibFbsSDzvl2CNYL0dJC\nKV0TgAvctTvOJYQHYpE2yabesvq6zrosANN0lQa3LzSDreVi88oyyQHRqkIB\n2CaVrPaEicO4kpZ0OazaQJjR5ammqtosjfiEXoo5fsWLRyOStOkKhgQgPAbo\nJPzQSJDjJCBauoRmvFzXDVztDK1q2v35hZAPz9Qvbtabm2Ym2COw6AO54SYK\nWNO4\r\n=AQK3\r\n-----END PGP SIGNATURE-----\r\n" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "directories": {}, - "_npmOperationalInternal": { - "host": "s3://npm-registry-packages", - "tmp": "tmp/amqplib_0.5.6_1589440354483_0.7381409694522896" - }, - "_hasShrinkwrap": false - }, - "0.6.0": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.6.0", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "git+https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": ">=0.8 <=14" - }, - "dependencies": { - "bitsyntax": "~0.1.0", - "bluebird": "^3.5.2", - "buffer-more-ints": "~1.0.0", - "readable-stream": "1.x >=1.1.9", - "safe-buffer": "~5.1.2", - "url-parse": "~1.4.3" - }, - "devDependencies": { - "claire": "0.4.1", - "istanbul": "0.1.x", - "mocha": "^3.5.3", - "uglify-js": "2.6.x" - }, - "scripts": { - "test": "make test", - "prepare": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "e3e10167d3f498f632a5a50dc7fac62b314400c8", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.6.0", - "_shasum": "87857c7c95d56d22438ced4cf1f7e5f0dc43b309", - "_from": ".", - "_npmVersion": "2.15.12", - "_nodeVersion": "11.1.0", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "dist": { - "shasum": "87857c7c95d56d22438ced4cf1f7e5f0dc43b309", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.6.0.tgz", - "integrity": "sha512-zXCh4jQ77TBZe1YtvZ1n7sUxnTjnNagpy8MVi2yc1ive239pS3iLwm4e4d5o4XZGx1BdTKQ/U0ZmaDU3c8MxYQ==", - "fileCount": 68, - "unpackedSize": 420918, - "npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJfDrrFCRA9TVsSAnZWagAASSsQAJSUi1juFlP72+kL6QXY\nUseHaDxvah11CzZNBVT7TlmSxtWpsN13JiHD2V6qn0oRjtFtvrOO0uqys0QG\n3hnJjxBqCPvUSpAlySW7dhvBasWjz2OZ4/V3btGZ/svmcr0zwPJqKP0zTTWg\nN4hmipSI5ec3MGnxy1Ik4PIEUW/pC215cm7kNURXdQ/othTGr/rhxU1Q1/Ru\nAAXSSrVauj4gSu3QhJ52FCLNxtml3iTISjqSfwGGjVLTC13pl4BadL9uj905\n7WL5xsAiiOZRz7h6gInW6Yav7qtmdo+HQ0MmEGNmk/p2XGEs4hTo3/MYZozJ\nzuGQFLdEz7FaO9HdY+eH38lkJRP3o3RLByc4dyxN6Gd+kLxF59jYXNsezhne\ng4kvB67q4dIqq28BwY2IpuJ9sgco/RuUF9HGIMoKj+35Glq6fzV1jpQ3EU95\nu0jcjbuIlBDvMBnA5YXtN3OCUDq8XCHV/99qW3LbbOXkIo4sK88P7xOJ9Oox\n8Ue65SVn4ISQxQI6diq3ytNY8OxvkrENDiEKCJ/AbOJvRpvYqZONKdQLd8A4\nQCOEszlAeMzmnAUb0Q9O55yaaodnRvdvYBuOQ/YsatyAQVJQf4ipizEd3r91\n0D8Sy70aO2XLG0lG+dWG6h+UMancMMHYvJrLITr3ZNeZpvouKCCHSIqg8s7m\nCCKp\r\n=Lps0\r\n-----END PGP SIGNATURE-----\r\n" - }, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - } - ], - "directories": {}, - "_npmOperationalInternal": { - "host": "s3://npm-registry-packages", - "tmp": "tmp/amqplib_0.6.0_1594800837012_0.43470777612224554" - }, - "_hasShrinkwrap": false - }, - "0.7.0": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.7.0", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "git+https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": ">=0.8 <=15" - }, - "dependencies": { - "bitsyntax": "~0.1.0", - "bluebird": "^3.5.2", - "buffer-more-ints": "~1.0.0", - "readable-stream": "1.x >=1.1.9", - "safe-buffer": "~5.1.2", - "url-parse": "~1.4.3" - }, - "devDependencies": { - "claire": "0.4.1", - "istanbul": "0.1.x", - "mocha": "^3.5.3", - "uglify-js": "2.6.x" - }, - "scripts": { - "test": "make test", - "prepare": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "99a854f9fccac0517ed58696058f9ccd8e356b2e", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.7.0", - "_shasum": "83ae81d5bce3406bc8c75a90b9c4789cbbd1e6c4", - "_from": ".", - "_npmVersion": "2.15.12", - "_nodeVersion": "11.1.0", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "dist": { - "shasum": "83ae81d5bce3406bc8c75a90b9c4789cbbd1e6c4", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.7.0.tgz", - "integrity": "sha512-WIH+AV/p2UU7YUaP35m0uDlG871YFLm4pz5MKVVNz11OSWUYfWvbsPMklbSDTAbXscvbUB+QO4Z8HsgkfaqNeQ==", - "fileCount": 68, - "unpackedSize": 449454, - "npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.13\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJgM8AuCRA9TVsSAnZWagAAiCYQAIEx6IfyZhu0TGky90l7\nfsTDMKdGmVCPHO1VGmJVB2E8IFwmFvMEJsfH1hEDlxKQ/oy1UT3u5SgyFt+D\nXfY2oeAw9eB2zvC/92y4rpuzKu67ePYzb6i1bCco6Fim8OSSWZwBStbTzrTM\npr+SvPNezjPvi+FdRLd8y+TQ8vu9GdfDtjfcADMQ3SF8gDK+Tq/kvTxrjxCj\nYMgb2q1BeHLReDn/1rOWZ9FvYwwF+OvdItR0vF+N6H+N9mxg97KbA7FDGlFM\n8MHoNdk6Xrxtmjoeja7Y8yX9UAkMKAZTzGZnoNEW/ZIdFM2j+U0ZQ+EPZTI+\n8Ogh5M981xYTLgNa/EnYBPAOa/8IQ3oQgb09J2Ac0aoL/EnuwR8Zv2t3x0rk\nidmlMgtwY0llxPxyw/uyUHiRiAvOn8htvXNUM25wkRcpyf9gem4GlsqWXWSf\nNHvLUk8uFLk7hNsuegRMrjdBD5n7NsY2VsfmyP59LUAZT5M22xhH6eC9xtOV\nDigePC1O8xEHuHZ4JtGpjazevM6BveN6qrtoUcpZiooYETIjjtGitfPmPwO0\nAnTWknW9Kb4JRm+SoFIJzDWhK6mnmez7vwGPZEuMzyAX2mEzKhE4sd/jrsi6\n08+PWrbv0hNGQG/1wHFnPiIPRLd6FfW3ftwfd9GKMijDlsVzO0qCrsTAh17e\nQ0/u\r\n=eFfu\r\n-----END PGP SIGNATURE-----\r\n" - }, - "directories": {}, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - { - "name": "cressie176", - "email": "stephen.cresswell@gmail.com" - } - ], - "_npmOperationalInternal": { - "host": "s3://npm-registry-packages", - "tmp": "tmp/amqplib_0.7.0_1614004270013_0.097458798472281" - }, - "_hasShrinkwrap": false - }, - "0.7.1": { - "name": "amqplib", - "homepage": "http://squaremo.github.io/amqp.node/", - "main": "./channel_api.js", - "version": "0.7.1", - "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", - "repository": { - "type": "git", - "url": "git+https://github.com/squaremo/amqp.node.git" - }, - "engines": { - "node": ">=0.8 <=15" - }, - "dependencies": { - "bitsyntax": "~0.1.0", - "bluebird": "^3.7.2", - "buffer-more-ints": "~1.0.0", - "readable-stream": "1.x >=1.1.9", - "safe-buffer": "~5.2.1", - "url-parse": "~1.5.1" - }, - "devDependencies": { - "claire": "0.4.1", - "istanbul": "0.1.x", - "mocha": "^3.5.3", - "uglify-js": "2.8.x" - }, - "scripts": { - "test": "make test", - "prepare": "make" - }, - "keywords": [ - "AMQP", - "AMQP 0-9-1", - "RabbitMQ" - ], - "author": { - "name": "Michael Bridgen", - "email": "mikeb@squaremobius.net" - }, - "license": "MIT", - "gitHead": "32aa2025a20200d0df861d5520bb263ba7b10523", - "bugs": { - "url": "https://github.com/squaremo/amqp.node/issues" - }, - "_id": "amqplib@0.7.1", - "_shasum": "1ac60934cbddb445bdc9c648310a0d232a53b3af", - "_from": ".", - "_npmVersion": "2.15.12", - "_nodeVersion": "11.1.0", - "_npmUser": { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - "dist": { - "shasum": "1ac60934cbddb445bdc9c648310a0d232a53b3af", - "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.7.1.tgz", - "integrity": "sha512-KePK3tTOLGU4emTo+PwSDMbc123jrxo13FpRpim1LzJoSlQrIBB2/kMeCC40jK/Zb0olHGaABjLqXDsdK46iLA==", - "fileCount": 68, - "unpackedSize": 449192, - "npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.13\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJgRdsoCRA9TVsSAnZWagAA+MgP/AigaN5KcFUsBxufNEL5\nm7n0NkY9D6HNT3B7Mv8SNPfloAlLB6oXVXjEtXSCJzexJXaOt0+3szSkg62e\nWHxkBBmL75U88vwYQuQ37B4EmNwf102MnUyYrFiAIPFhs8Yo07/py7nNqRWR\nSZThTGnY30ouvix0zEcqjrek0ZbCF0IZTj9H7Ru9fEGvsPDhrbL7wGBg7cCY\ngmTxdQu+ysbtioCrXi+zNyWvsXpE7Kfj79gYU4iuVV6aJylMs/5zStHq0K5b\noghPiAaJNHvv0fjIevBDdNBkykMNJOMEJzj7VGBgz/YKBnwuk6fqBshYBDTs\nEUbCMsxUTiJUyEKWX7gbAPf5LWAnkWrmF73CEZslBDzK5PqaYGdRarAuN9Qs\nf1QCET5K/iQSZMu+hxZwqrMk+ilOLsXzFi4NuhVqnHT00gTyUyr1bjbM9nsO\nOVmeQput5kLxLNx16FX4w3P7SSV6hqSTTW7BSY5j4Fn0BTH+5qFS9fBOKddC\nmdJ9EloaClw2jlwkqscZTHjv5/yDhUb6XuOZZ3Zg4AMV2fq1RFDaT9MOFf3X\n9JLHiYvUDcZg+v7ueNGx90U1FTtj1K1mX9gm1teuA1qjk8Achdvq40TPObIw\nX1ITjvh4Y6Q0TN7KLIZIZTpCK3zxOpOO7HF7/AjlUJt0HlCTHQ+wlnByQDD9\nLekq\r\n=BWxZ\r\n-----END PGP SIGNATURE-----\r\n" - }, - "directories": {}, - "maintainers": [ - { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, - { - "name": "cressie176", - "email": "stephen.cresswell@gmail.com" - } - ], - "_npmOperationalInternal": { - "host": "s3://npm-registry-packages", - "tmp": "tmp/amqplib_0.7.1_1615190823512_0.14578457256946886" - }, - "_hasShrinkwrap": false + "0.0.2": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./lib/channel_api.js", + "version": "0.0.2", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": "0.8 || 0.10" + }, + "dependencies": { + "bitsyntax": "0.0.2", + "buffer-more-ints": "0.0.1", + "readable-stream": "1.x >=1.0.2", + "when": "~2.1" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.0.2", + "dist": { + "shasum": "b2053fdfb6abe941cabd00d2f5d630eea803f70d", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.0.2.tgz" + }, + "_from": ".", + "_npmVersion": "1.3.1", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" } + ], + "directories": {} }, - "readme": "# AMQP 0-9-1 library and client for Node.JS\n\n[![Build Status](https://travis-ci.org/squaremo/amqp.node.png)](https://travis-ci.org/squaremo/amqp.node)\n\n npm install amqplib\n\n * [Change log][changelog]\n * [GitHub pages][gh-pages]\n * [API reference][gh-pages-apiref]\n * [Examples from RabbitMQ tutorials][tutes]\n\nA library for making AMQP 0-9-1 clients for Node.JS, and an AMQP 0-9-1\nclient for Node.JS v0.8-0.12, v4-v15, and the intervening io.js\nreleases.\n\nThis library does not implement [AMQP\n1.0](https://github.com/squaremo/amqp.node/issues/63) or [AMQP\n0-10](https://github.com/squaremo/amqp.node/issues/94).\n\nProject status:\n\n - Expected to work\n - Complete high-level and low-level APIs (i.e., all bits of the protocol)\n - Stable APIs\n - A fair few tests\n - Measured test coverage\n - Ports of the [RabbitMQ tutorials][rabbitmq-tutes] as [examples][tutes]\n - Used in production\n\nStill working on:\n\n - Getting to 100% (or very close to 100%) test coverage\n\n## Callback API example\n\n```javascript\nvar q = 'tasks';\n\nfunction bail(err) {\n console.error(err);\n process.exit(1);\n}\n\n// Publisher\nfunction publisher(conn) {\n conn.createChannel(on_open);\n function on_open(err, ch) {\n if (err != null) bail(err);\n ch.assertQueue(q);\n ch.sendToQueue(q, Buffer.from('something to do'));\n }\n}\n\n// Consumer\nfunction consumer(conn) {\n var ok = conn.createChannel(on_open);\n function on_open(err, ch) {\n if (err != null) bail(err);\n ch.assertQueue(q);\n ch.consume(q, function(msg) {\n if (msg !== null) {\n console.log(msg.content.toString());\n ch.ack(msg);\n }\n });\n }\n}\n\nrequire('amqplib/callback_api')\n .connect('amqp://localhost', function(err, conn) {\n if (err != null) bail(err);\n consumer(conn);\n publisher(conn);\n });\n```\n\n## Promise API example\n\n```javascript\nvar q = 'tasks';\n\nvar open = require('amqplib').connect('amqp://localhost');\n\n// Publisher\nopen.then(function(conn) {\n return conn.createChannel();\n}).then(function(ch) {\n return ch.assertQueue(q).then(function(ok) {\n return ch.sendToQueue(q, Buffer.from('something to do'));\n });\n}).catch(console.warn);\n\n// Consumer\nopen.then(function(conn) {\n return conn.createChannel();\n}).then(function(ch) {\n return ch.assertQueue(q).then(function(ok) {\n return ch.consume(q, function(msg) {\n if (msg !== null) {\n console.log(msg.content.toString());\n ch.ack(msg);\n }\n });\n });\n}).catch(console.warn);\n```\n\n## Running tests\n\n npm test\n\nTo run the tests RabbitMQ is required. Either install it with your package\nmanager, or use [docker][] to run a RabbitMQ instance.\n\n docker run -d --name amqp.test -p 5672:5672 rabbitmq\n\nIf prefer not to run RabbitMQ locally it is also possible to use a\ninstance of RabbitMQ hosted elsewhere. Use the `URL` environment\nvariable to configure a different amqp host to connect to. You may\nalso need to do this if docker is not on localhost; e.g., if it's\nrunning in docker-machine.\n\nOne public host is dev.rabbitmq.com:\n\n URL=amqp://dev.rabbitmq.com npm test\n\n**NB** You may experience test failures due to timeouts if using the\ndev.rabbitmq.com instance.\n\nYou can run it under different versions of Node.JS using [nave][]:\n\n nave use 0.8 npm test\n\nor run the tests on all supported versions of Node.JS in one go:\n\n make test-all-nodejs\n\n(which also needs `nave` installed, of course).\n\nLastly, setting the environment variable `LOG_ERRORS` will cause the\ntests to output error messages encountered, to the console; this is\nreally only useful for checking the kind and formatting of the errors.\n\n LOG_ERRORS=true npm test\n\n## Test coverage\n\n make coverage\n open file://`pwd`/coverage/lcov-report/index.html\n\n[gh-pages]: http://squaremo.github.com/amqp.node/\n[gh-pages-apiref]: http://squaremo.github.com/amqp.node/channel_api.html\n[nave]: https://github.com/isaacs/nave\n[tutes]: https://github.com/squaremo/amqp.node/tree/master/examples/tutorials\n[rabbitmq-tutes]: http://www.rabbitmq.com/getstarted.html\n[changelog]: https://github.com/squaremo/amqp.node/blob/master/CHANGELOG.md\n[docker]: https://www.docker.com/\n", - "maintainers": [ + "0.1.0": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.1.0", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": "0.8 || 0.9 || 0.10 || 0.11" + }, + "dependencies": { + "bitsyntax": "0.0.3", + "buffer-more-ints": "0.0.2", + "readable-stream": "1.x >=1.1.9", + "when": "~2.1" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1", + "uglify-js": "2.4.x", + "istanbul": "0.1.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.1.0", + "dist": { + "shasum": "a60a1c137c1e5224e9d147019b3909a7b0e8ef05", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.1.0.tgz" + }, + "_from": ".", + "_npmVersion": "1.3.1", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ { - "name": "squaremo", - "email": "mikeb@squaremobius.net" - }, + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "directories": {} + }, + "0.1.1": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.1.1", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": "0.8 || 0.9 || 0.10 || 0.11" + }, + "dependencies": { + "bitsyntax": "0.0.3", + "buffer-more-ints": "0.0.2", + "readable-stream": "1.x >=1.1.9", + "when": "~2.1" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1", + "uglify-js": "2.4.x", + "istanbul": "0.1.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.1.1", + "dist": { + "shasum": "9a90cb239a3153a0bd3f67b29199951604432481", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.1.1.tgz" + }, + "_from": ".", + "_npmVersion": "1.3.11", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "directories": {} + }, + "0.1.2": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.1.2", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": "0.8 || 0.9 || 0.10 || 0.11" + }, + "dependencies": { + "bitsyntax": "0.0.3", + "buffer-more-ints": "0.0.2", + "readable-stream": "1.x >=1.1.9", + "when": "~2.1" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1", + "uglify-js": "2.4.x", + "istanbul": "0.1.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.1.2", + "dist": { + "shasum": "4f796dd9524eb36dfad37c1f698626b097a64d97", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.1.2.tgz" + }, + "_from": ".", + "_npmVersion": "1.3.24", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ { - "name": "cressie176", - "email": "stephen.cresswell@gmail.com" + "name": "squaremo", + "email": "mikeb@squaremobius.net" } - ], - "time": { - "modified": "2021-03-08T08:07:05.839Z", - "created": "2013-06-21T23:33:53.303Z", - "0.0.1": "2013-06-21T23:33:56.623Z", - "0.0.2": "2013-08-07T10:03:03.124Z", - "0.1.0": "2013-10-10T22:23:29.448Z", - "0.1.1": "2013-11-28T21:44:55.834Z", - "0.1.2": "2014-02-17T12:07:22.891Z", - "0.1.3": "2014-02-27T16:45:20.901Z", - "0.2.0": "2014-06-03T13:13:27.442Z", - "0.2.1": "2014-08-07T20:36:54.763Z", - "0.3.0": "2014-10-21T08:31:17.811Z", - "0.3.1": "2015-02-17T06:35:30.390Z", - "0.3.2": "2015-03-25T09:46:31.019Z", - "0.4.0": "2015-09-16T23:26:22.156Z", - "0.4.1": "2016-02-05T06:08:43.818Z", - "0.4.2": "2016-06-07T08:11:17.345Z", - "0.5.0": "2016-11-01T23:04:06.154Z", - "0.5.1": "2016-11-12T14:46:58.509Z", - "0.5.2": "2017-11-11T23:14:58.997Z", - "0.5.3": "2018-12-02T21:29:03.453Z", - "0.5.4": "2019-07-29T19:07:41.123Z", - "0.5.5": "2019-07-30T07:59:09.442Z", - "0.5.6": "2020-05-14T07:12:34.623Z", - "0.6.0": "2020-07-15T08:13:57.277Z", - "0.7.0": "2021-02-22T14:31:10.139Z", - "0.7.1": "2021-03-08T08:07:03.701Z" + ], + "directories": {} }, - "author": { + "0.1.3": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.1.3", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": "0.8 || 0.9 || 0.10 || 0.11" + }, + "dependencies": { + "bitsyntax": "0.0.3", + "buffer-more-ints": "0.0.2", + "readable-stream": "1.x >=1.1.9", + "when": "~2.1" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1", + "uglify-js": "2.4.x", + "istanbul": "0.1.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.1.3", + "dist": { + "shasum": "200c174af83226815a21aa621d55fe99eb130a6a", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.1.3.tgz" + }, + "_from": ".", + "_npmVersion": "1.3.24", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "directories": {} + }, + "0.2.0": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.2.0", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": "0.8 || 0.9 || 0.10 || 0.11" + }, + "dependencies": { + "bitsyntax": "~0.0.4", + "buffer-more-ints": "0.0.2", + "readable-stream": "1.x >=1.1.9", + "when": "~2.1" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1", + "uglify-js": "2.4.x", + "istanbul": "0.1.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.2.0", + "dist": { + "shasum": "664281952c4f1fd9748510fcfb2a5564baaaf5be", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.2.0.tgz" + }, + "_from": ".", + "_npmVersion": "1.3.24", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "directories": {} + }, + "0.2.1": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.2.1", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": "0.8 || 0.9 || 0.10 || 0.11" + }, + "dependencies": { + "bitsyntax": "~0.0.4", + "buffer-more-ints": "0.0.2", + "readable-stream": "1.x >=1.1.9", + "when": "~3.2.3" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1", + "uglify-js": "2.4.x", + "istanbul": "0.1.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { "name": "Michael Bridgen", "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "0c5fc5cd2dd15568ef3983f743af258655e1045a", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.2.1", + "_shasum": "576267a01302a75763600750767fc1565fe46e8a", + "_from": ".", + "_npmVersion": "1.4.13", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "dist": { + "shasum": "576267a01302a75763600750767fc1565fe46e8a", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.2.1.tgz" + }, + "directories": {} }, - "repository": { + "0.3.0": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.3.0", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": "0.8 || 0.9 || 0.10 || 0.11" + }, + "dependencies": { + "bitsyntax": "~0.0.4", + "buffer-more-ints": "0.0.2", + "readable-stream": "1.x >=1.1.9", + "when": "~3.2.3" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1", + "uglify-js": "2.4.x", + "istanbul": "0.1.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "21922d55a548d54b70667e3d0c6c933266edfb94", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.3.0", + "_shasum": "1b5dafebac66b36e4afd9dc815766bd2dd400b3d", + "_from": ".", + "_npmVersion": "1.4.13", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "dist": { + "shasum": "1b5dafebac66b36e4afd9dc815766bd2dd400b3d", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.3.0.tgz" + }, + "directories": {} + }, + "0.3.1": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.3.1", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": "0.8 || 0.9 || 0.10 || 0.11 || 0.12 || 1.0 || 1.1" + }, + "dependencies": { + "bitsyntax": "~0.0.4", + "buffer-more-ints": "0.0.2", + "readable-stream": "1.x >=1.1.9", + "when": "~3.6.2" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1", + "uglify-js": "2.4.x", + "istanbul": "0.1.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "0eb65a369749c0f5e0b7a3923d8c9923801f8b60", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.3.1", + "_shasum": "cee1b86fa4516a2963a61e134258ef9da9d38781", + "_from": ".", + "_npmVersion": "1.4.13", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "dist": { + "shasum": "cee1b86fa4516a2963a61e134258ef9da9d38781", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.3.1.tgz" + }, + "directories": {} + }, + "0.3.2": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.3.2", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": ">=0.8 <0.13 || ^1" + }, + "dependencies": { + "bitsyntax": "~0.0.4", + "buffer-more-ints": "0.0.2", + "readable-stream": "1.x >=1.1.9", + "when": "~3.6.2" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1", + "uglify-js": "2.4.x", + "istanbul": "0.1.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "93fde0fe29e3fca2b91743b1a63a81ce291effc9", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.3.2", + "_shasum": "e77d8fb3842ebcae78cf1c930c490d1e954f4297", + "_from": ".", + "_npmVersion": "1.4.13", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "dist": { + "shasum": "e77d8fb3842ebcae78cf1c930c490d1e954f4297", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.3.2.tgz" + }, + "directories": {} + }, + "0.4.0": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.4.0", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": ">=0.8 <4 || ^4" + }, + "dependencies": { + "bitsyntax": "~0.0.4", + "buffer-more-ints": "0.0.2", + "readable-stream": "1.x >=1.1.9", + "when": "~3.6.2" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1", + "uglify-js": "2.4.x", + "istanbul": "0.1.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "105b73c266ed16f377a54072a5ab68bdb6a2c2f0", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.4.0", + "_shasum": "9efe7656dda85a7359f664a2726e8e85229e124c", + "_from": ".", + "_npmVersion": "1.4.13", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "dist": { + "shasum": "9efe7656dda85a7359f664a2726e8e85229e124c", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.4.0.tgz" + }, + "directories": {} + }, + "0.4.1": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.4.1", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { "type": "git", "url": "git+https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": ">=0.8 <5 || ^5" + }, + "dependencies": { + "bitsyntax": "~0.0.4", + "buffer-more-ints": "0.0.2", + "readable-stream": "1.x >=1.1.9", + "when": "~3.6.2" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1", + "uglify-js": "2.4.x", + "istanbul": "0.1.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "e6e52d94ef308ece88188b3a89c4a68b5d70863f", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.4.1", + "_shasum": "988e5c65eb992b2df8486d52ef2f6bbbc8fdbd0e", + "_from": ".", + "_npmVersion": "3.3.3", + "_nodeVersion": "0.10.25", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "dist": { + "shasum": "988e5c65eb992b2df8486d52ef2f6bbbc8fdbd0e", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.4.1.tgz" + }, + "_npmOperationalInternal": { + "host": "packages-5-east.internal.npmjs.com", + "tmp": "tmp/amqplib-0.4.1.tgz_1454652521626_0.6085246792063117" + }, + "directories": {} }, - "users": { - "djensen47": true, - "magomogo": true, - "nekinie": true, - "sherrman": true, - "olamedia": true, - "pihizi": true, - "mfarid": true, - "koslun": true, - "matteo.collina": true, - "goliatone": true, - "undertuga": true, - "fmoliveira": true, - "spiros.politis": true, - "bojand": true, - "lgh06": true, - "mdrobny": true, - "jonasfj": true, - "santihbc": true, - "rhyslbw": true, - "shanewholloway": true, - "moskalenko": true, - "antixrist": true, - "coolhanddev": true, - "qard": true, - "dmdnkv": true, - "beh01der": true, - "drdanryan": true, - "algonzo": true, - "sunggun": true, - "segen": true, - "kistoryg": true, - "dannluciano": true, - "sachacr": true, - "ma-ha": true, - "456wyc": true, - "zaxnode": true, - "ultimatik": true, - "strongwray": true, - "serge-nikitin": true, - "icerainnuaa": true, - "stevepsharpe": true, - "waleedmkasem": true, - "oleg_tsyba": true, - "danielpavelic": true, - "kulyk404": true, - "jamesbedont": true, - "kkho595": true, - "kkk123321": true, - "programmer.severson": true, - "htzhao200744": true, - "nuwaio": true, - "jbpionnier": true, - "nicknaso": true, - "pantheraleo": true, - "jonathas": true, - "bilalkaplan": true, - "selenasong": true, - "gurunate": true, - "mofier": true, - "itonyyo": true, - "hintss": true, - "mikroacse": true + "0.4.2": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.4.2", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "git+https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": ">=0.8 <6 || ^6" + }, + "dependencies": { + "bitsyntax": "~0.0.4", + "buffer-more-ints": "0.0.2", + "readable-stream": "1.x >=1.1.9", + "when": "~3.6.2" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1", + "uglify-js": "2.4.x", + "istanbul": "0.1.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "46d14f8f0916d49a2e9fa7e8596ddc68b0ab5007", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.4.2", + "_shasum": "5e4a2a914ccb3125f9cb91f6da07c97aa4cb13a6", + "_from": ".", + "_npmVersion": "3.9.3", + "_nodeVersion": "6.2.1", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "dist": { + "shasum": "5e4a2a914ccb3125f9cb91f6da07c97aa4cb13a6", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.4.2.tgz" + }, + "_npmOperationalInternal": { + "host": "packages-12-west.internal.npmjs.com", + "tmp": "tmp/amqplib-0.4.2.tgz_1465287074710_0.32056331844069064" + }, + "directories": {} }, - "readmeFilename": "README.md", - "homepage": "http://squaremo.github.io/amqp.node/", - "keywords": [ + "0.5.0": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.5.0", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "git+https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": ">=0.8 <6 || ^6" + }, + "dependencies": { + "bitsyntax": "~0.0.4", + "buffer-more-ints": "0.0.2", + "readable-stream": "1.x >=1.1.9", + "bluebird": "^3.4.6" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1", + "uglify-js": "2.4.x", + "istanbul": "0.1.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ "AMQP", "AMQP 0-9-1", "RabbitMQ" - ], - "bugs": { + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "e5c19d4da864954ba907daa00f0dd3910f239715", + "bugs": { "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.5.0", + "_shasum": "426da5e40dd455245bb626c8a0be9a109cb743b2", + "_from": ".", + "_npmVersion": "3.10.3", + "_nodeVersion": "6.7.0", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "dist": { + "shasum": "426da5e40dd455245bb626c8a0be9a109cb743b2", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.5.0.tgz" + }, + "_npmOperationalInternal": { + "host": "packages-12-west.internal.npmjs.com", + "tmp": "tmp/amqplib-0.5.0.tgz_1478041443784_0.8355621297378093" + }, + "directories": {} + }, + "0.5.1": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.5.1", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "git+https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": ">=0.8 <6 || ^6" + }, + "dependencies": { + "bitsyntax": "~0.0.4", + "buffer-more-ints": "0.0.2", + "readable-stream": "1.x >=1.1.9", + "bluebird": "^3.4.6" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1", + "uglify-js": "2.4.x", + "istanbul": "0.1.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "b21133d708fbb9677267428dd74ddb7fe7f1f80e", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.5.1", + "_shasum": "7cccfebabe56c2e984ea7a2243f7cefe6fbfc6cf", + "_from": ".", + "_npmVersion": "3.3.3", + "_nodeVersion": "0.10.25", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "dist": { + "shasum": "7cccfebabe56c2e984ea7a2243f7cefe6fbfc6cf", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.5.1.tgz" + }, + "_npmOperationalInternal": { + "host": "packages-12-west.internal.npmjs.com", + "tmp": "tmp/amqplib-0.5.1.tgz_1478962016225_0.675085368566215" + }, + "directories": {} + }, + "0.5.2": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.5.2", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "git+https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": ">=0.8 <=9" + }, + "dependencies": { + "bitsyntax": "~0.0.4", + "bluebird": "^3.4.6", + "buffer-more-ints": "0.0.2", + "readable-stream": "1.x >=1.1.9", + "safe-buffer": "^5.0.1" + }, + "devDependencies": { + "mocha": "~1", + "claire": "0.4.1", + "uglify-js": "2.4.x", + "istanbul": "0.1.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "be11b7d8bdfdc9875dc2c50ec39138497e9dc5bd", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.5.2", + "_npmVersion": "5.5.1", + "_nodeVersion": "8.9.1", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "dist": { + "integrity": "sha512-l9mCs6LbydtHqRniRwYkKdqxVa6XMz3Vw1fh+2gJaaVgTM6Jk3o8RccAKWKtlhT1US5sWrFh+KKxsVUALURSIA==", + "shasum": "d2d7313c7ffaa4d10bcf1e6252de4591b6cc7b63", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.5.2.tgz" + }, + "_npmOperationalInternal": { + "host": "s3://npm-registry-packages", + "tmp": "tmp/amqplib-0.5.2.tgz_1510442097876_0.672039186116308" + }, + "directories": {} + }, + "0.5.3": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.5.3", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "git+https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": ">=0.8 <=9" + }, + "dependencies": { + "bitsyntax": "~0.1.0", + "bluebird": "^3.5.2", + "buffer-more-ints": "~1.0.0", + "readable-stream": "1.x >=1.1.9", + "safe-buffer": "~5.1.2", + "url-parse": "~1.4.3" + }, + "devDependencies": { + "claire": "0.4.1", + "istanbul": "0.1.x", + "mocha": "^3.5.3", + "uglify-js": "2.6.x" + }, + "scripts": { + "test": "make test", + "prepublish": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "c28c176dd74565c73957eebf00932a892d2aa840", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.5.3", + "_npmVersion": "6.4.1", + "_nodeVersion": "8.9.1", + "_npmUser": { + "name": "cressie176", + "email": "stephen.cresswell@gmail.com" + }, + "dist": { + "integrity": "sha512-ZOdUhMxcF+u62rPI+hMtU1NBXSDFQ3eCJJrenamtdQ7YYwh7RZJHOIM1gonVbZ5PyVdYH4xqBPje9OYqk7fnqw==", + "shasum": "7ccfc85d12ee7cd3c6dc861bb07f0648ec3d7193", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.5.3.tgz", + "fileCount": 65, + "unpackedSize": 374004, + "npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJcBE6gCRA9TVsSAnZWagAAaskP/iiwYildFRfmyxBWDSm0\nnOGqfTLp7yuYbSFzTPaqwtcx8bAFuCyA7M/0TlVyrLwI5Qm7lkbyDR2EFrW2\ntndeR5ZYSb9RuoPi7zlxS1Ob9QPc65hK5JXuVC0gwq5dN1aIre6E6wsGn5PN\nRHRMZsgOJBsY+WN4Wfj/aVRlGWcGYdOQaoCSTDEfXDdtbzxW4/3WCnHKWcg4\nLPRnPAR/Ac7wUmiccP9SBL7PcN3nvZRxZVKghlVvz0LUrS27p0ptGnet5Uyo\nvUyLeN/dzeczjOgFzkeFZ5njERiT3jozhgxHh6etFT5qsSF8bXtnMmC5TWOU\nBWQrPOxdZswWNLnvAPtmOY9yLU0pYQ9uY2OGH/6AChPxqSaABLtQ5QcMhRra\ngKA0tq/CuD2f6DlHAAIVhyrGheau9MRWZJ+SpbxynLMEEEzkHiMT9fdumNUn\nB5uJeQnzr0skg9w0HQ5UYzKWB8aXqcv7Ml+ob49b69I7i3e9M/WZK3hnop1x\nW/gSvfCGxakJASfn2lviNUbXLJj1myP3EZTdZIRCcKk+KcFlu+cC94wyh375\n/o5+lQ8Klk1cpOphmV4zhytcII4NLGcDT4Yr9qFKtKVapnQz/uesf6XGSuih\ngIAYxqA/EI4quLsFfn1xSWXYrIGzRBuvFrLBpQZyYlqn7xvKxTjZlooPKLUb\nkUqK\r\n=RQeS\r\n-----END PGP SIGNATURE-----\r\n" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "directories": {}, + "_npmOperationalInternal": { + "host": "s3://npm-registry-packages", + "tmp": "tmp/amqplib_0.5.3_1543786143313_0.24922878211377086" + }, + "_hasShrinkwrap": false + }, + "0.5.4": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.5.4", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "git+https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": ">=0.8 <=12" + }, + "dependencies": { + "bitsyntax": "~0.1.0", + "bluebird": "^3.5.2", + "buffer-more-ints": "~1.0.0", + "readable-stream": "1.x >=1.1.9", + "safe-buffer": "~5.1.2", + "url-parse": "~1.4.3" + }, + "devDependencies": { + "claire": "0.4.1", + "istanbul": "0.1.x", + "mocha": "^3.5.3", + "uglify-js": "2.6.x" + }, + "scripts": { + "test": "make test", + "prepare": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "524e707042fbbfd34ae29a559326945546463b92", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.5.4", + "_shasum": "3fa9f1ec569f7da97caa579d51187ee75758ea51", + "_from": ".", + "_npmVersion": "2.15.12", + "_nodeVersion": "11.1.0", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "dist": { + "shasum": "3fa9f1ec569f7da97caa579d51187ee75758ea51", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.5.4.tgz", + "integrity": "sha512-kl7tAGUV57f67pUcSZ12NbfbzaeejQxab0antU3U7gMG3/LCqzM5bqpzYKEsgwfHRDjDyY98Wmyk2dU4qQhffg==", + "fileCount": 67, + "unpackedSize": 284113, + "npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJdP0P9CRA9TVsSAnZWagAAHHsP/jtfsVi+q4059aFDGoyK\nwdmZUN5UIbUEvzJwu07q9Qo1XCwWpJP+glcmQA72X3x5xxPB8xJtTb9aVXrV\nMtFKzFOcEh/8RdUDuintB6+/TJAojwPdjeQd5XdAsAwidakUoaQvhrlcNafQ\nKaOz8jnwoHo39bWjCVbvXrG1xG5ArQxLmP4vlXs5TQ1j9rcCuL2jZK/UdrhK\nss2YTnh2kfXhBFV0fuF+xlCyfggteeJX2GOn7jp93eE4NkC404IguF/6Dkq2\nAnm96XkpMxwODexjvzA+MXw612pVZoUa0DasCoFANMncY9PE/edQVHB6O94K\nBUL4ytDW6wdNuSk1TM4fCBrycbGOq6TtWTQgEF4MyDCQTLlv1JNUImdMVU0r\n//3RbP6z9FlDvto4PIDwfP9NENgL0SrUzZn9loRBN1sXlobqBsJbEZgvJX2v\nUNxm2pfdJNEz0waB1kbuU0kIaPne09qfUqDvbNwRkkAANDDBcfB3Ba+YNHbp\nN1KZgvkHyBJgpLWIEfITbDt5gYWh413S2pKo64sMhOsSOo5knfkuCPdqASbo\nu+SZhxWIS/lJxjBVP6TEIIjyJvFNHmWtvIaqfxPc9M3mSEQ0q8M38iuiopec\nGUyGVgVs0RVvlyWeKso9v8WNTJmIisYQ6F5TV/QnWp1b9/3MZyAkYGp9UQOt\nv7gk\r\n=0qiw\r\n-----END PGP SIGNATURE-----\r\n" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "directories": {}, + "_npmOperationalInternal": { + "host": "s3://npm-registry-packages", + "tmp": "tmp/amqplib_0.5.4_1564427260983_0.3743646858867635" + }, + "_hasShrinkwrap": false, + "deprecated": "See github.com/squaremo/amqp.node/issues/534" + }, + "0.5.5": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.5.5", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "git+https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": ">=0.8 <=12" + }, + "dependencies": { + "bitsyntax": "~0.1.0", + "bluebird": "^3.5.2", + "buffer-more-ints": "~1.0.0", + "readable-stream": "1.x >=1.1.9", + "safe-buffer": "~5.1.2", + "url-parse": "~1.4.3" + }, + "devDependencies": { + "claire": "0.4.1", + "istanbul": "0.1.x", + "mocha": "^3.5.3", + "uglify-js": "2.6.x" + }, + "scripts": { + "test": "make test", + "prepare": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "df4f807c9dd5276b7d280f8b988e5117996becd2", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.5.5", + "_shasum": "698f0cb577e0591954a90572fcb3b8998a76fd40", + "_from": ".", + "_npmVersion": "2.15.12", + "_nodeVersion": "11.1.0", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "dist": { + "shasum": "698f0cb577e0591954a90572fcb3b8998a76fd40", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.5.5.tgz", + "integrity": "sha512-sWx1hbfHbyKMw6bXOK2k6+lHL8TESWxjAx5hG8fBtT7wcxoXNIsFxZMnFyBjxt3yL14vn7WqBDe5U6BGOadtLg==", + "fileCount": 68, + "unpackedSize": 419882, + "npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJdP/jNCRA9TVsSAnZWagAApxwP/0KYLAtgmM2LtYA7q5Sk\nQW54gy4BoZRNfe2ZFdpba9rSIQYPyo5wLg9DFURu/S108lVnh6v1b1DhT8qF\nA7J6SALc9rIfvUMHIAkawuTwlUXlfEbsdOjj7ts3eHthc8nS4hiUbRG7yAeS\nqb3VtAV4za5hh/uzhEi/Blxu7RNLOSuUQh1imvlrC0IZTbsD2VMnEmwaK3LA\nClMz0wtkdCWpybo7E6hDEQ4ga7Le3gBUyO51K0A0Yb42uqBhkdmoiUdLTo9G\nDxodCgfyIDm4UVf7JtvmgE2nJZ1fUCjydzHeGw+EK4cdasCphdZPMC+WpKag\n6IyzJQ1iA8eUjRd3FWhySj9zemECx9WigsBDuUwEyaQP3vk4/8cT6ugeoctB\npUOd+8G3NaN7/hdTqxoEf/5PaFzdvQpGKJhhJu0sTJlgRRf4ZElRHobP3nUU\nqi8VII3R9fy7cnVv6LpLtj+x2/d4MROUcuzryoqTh2Rg2dMj/1oS6ta9EWvw\n/sOEp6Zh6wndxVniggdNvz4J+th9JmoXxPq0UE7cn6SfhUpXHcHvms11Bdyq\nbUQRRBve3GmQiTKBkK22YIpTcx5wT949EvkbMeQFjjGV8cmIXCKV3HFnDZrH\nluCbe3Tk/UKmNEUfgqk4tQJ8Y4HQSILx5avPMNp2gK1KMsu53aYGsuA0RjIF\np4La\r\n=FZqF\r\n-----END PGP SIGNATURE-----\r\n" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "directories": {}, + "_npmOperationalInternal": { + "host": "s3://npm-registry-packages", + "tmp": "tmp/amqplib_0.5.5_1564473549268_0.26824015975247884" + }, + "_hasShrinkwrap": false + }, + "0.5.6": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.5.6", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "git+https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": ">=0.8 <=12" + }, + "dependencies": { + "bitsyntax": "~0.1.0", + "bluebird": "^3.5.2", + "buffer-more-ints": "~1.0.0", + "readable-stream": "1.x >=1.1.9", + "safe-buffer": "~5.1.2", + "url-parse": "~1.4.3" + }, + "devDependencies": { + "claire": "0.4.1", + "istanbul": "0.1.x", + "mocha": "^3.5.3", + "uglify-js": "2.6.x" + }, + "scripts": { + "test": "make test", + "prepare": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "6c266c8ffc708697931844034954e5401060e53b", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.5.6", + "_shasum": "86a7850f4f39c568eaa0dd0300ef374e17941cf4", + "_from": ".", + "_npmVersion": "2.15.12", + "_nodeVersion": "11.1.0", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "dist": { + "shasum": "86a7850f4f39c568eaa0dd0300ef374e17941cf4", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.5.6.tgz", + "integrity": "sha512-J4TR0WAMPBHN+tgTuhNsSObfM9eTVTZm/FNw0LyaGfbiLsBxqSameDNYpChUFXW4bnTKHDXy0ab+nuLhumnRrQ==", + "fileCount": 68, + "unpackedSize": 420357, + "npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJevO9iCRA9TVsSAnZWagAAKPkP/RCjRColaZcnqrcMY8BA\n6f7pTwU4rdI56wUbXMTOF0sZqt4izXoNkZStOxmQGu8iO5b7wOaT7+T84ffu\nZMlMcdCkeh4V6F7dV5kI7NSTZp6dRyP+rfxiNyoMk3B5qtGBCxhN3d4GpGg4\nTDsjb03P+Jz5pR/mTjAmg4hu/Go9Rj/sWX4GqiLz88AxrJOcUZegOsFahVnv\n7FeOKnOFmJUObfsvQ2OYwBbDIqmE5CRpjG8qKAQUH+TC0mbFxZjbUvQ8hGIW\n1Dut448s//5yUiDhd8XO4UObaYv6KqQ+xPJzRQfIcu7QXWpuNHC7xehwjVmE\nQGL4/8E/ZtabSw0mBN0ZDEkP1F+Rl3a9xsMfqhE2yPg///STQj9BiVgpC3Os\nJqDr502LrOy57D1N9tqlVVPum9QAaiYt3l4F8Jy02VSGIKnvngoJ8/FvinIR\nGgj67iEb7CBu1vNM3ho+FeRTlh+ljK0MQWoXdGTlMibFbsSDzvl2CNYL0dJC\nKV0TgAvctTvOJYQHYpE2yabesvq6zrosANN0lQa3LzSDreVi88oyyQHRqkIB\n2CaVrPaEicO4kpZ0OazaQJjR5ammqtosjfiEXoo5fsWLRyOStOkKhgQgPAbo\nJPzQSJDjJCBauoRmvFzXDVztDK1q2v35hZAPz9Qvbtabm2Ym2COw6AO54SYK\nWNO4\r\n=AQK3\r\n-----END PGP SIGNATURE-----\r\n" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "directories": {}, + "_npmOperationalInternal": { + "host": "s3://npm-registry-packages", + "tmp": "tmp/amqplib_0.5.6_1589440354483_0.7381409694522896" + }, + "_hasShrinkwrap": false + }, + "0.6.0": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.6.0", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "git+https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": ">=0.8 <=14" + }, + "dependencies": { + "bitsyntax": "~0.1.0", + "bluebird": "^3.5.2", + "buffer-more-ints": "~1.0.0", + "readable-stream": "1.x >=1.1.9", + "safe-buffer": "~5.1.2", + "url-parse": "~1.4.3" + }, + "devDependencies": { + "claire": "0.4.1", + "istanbul": "0.1.x", + "mocha": "^3.5.3", + "uglify-js": "2.6.x" + }, + "scripts": { + "test": "make test", + "prepare": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "e3e10167d3f498f632a5a50dc7fac62b314400c8", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.6.0", + "_shasum": "87857c7c95d56d22438ced4cf1f7e5f0dc43b309", + "_from": ".", + "_npmVersion": "2.15.12", + "_nodeVersion": "11.1.0", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "dist": { + "shasum": "87857c7c95d56d22438ced4cf1f7e5f0dc43b309", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.6.0.tgz", + "integrity": "sha512-zXCh4jQ77TBZe1YtvZ1n7sUxnTjnNagpy8MVi2yc1ive239pS3iLwm4e4d5o4XZGx1BdTKQ/U0ZmaDU3c8MxYQ==", + "fileCount": 68, + "unpackedSize": 420918, + "npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.4\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJfDrrFCRA9TVsSAnZWagAASSsQAJSUi1juFlP72+kL6QXY\nUseHaDxvah11CzZNBVT7TlmSxtWpsN13JiHD2V6qn0oRjtFtvrOO0uqys0QG\n3hnJjxBqCPvUSpAlySW7dhvBasWjz2OZ4/V3btGZ/svmcr0zwPJqKP0zTTWg\nN4hmipSI5ec3MGnxy1Ik4PIEUW/pC215cm7kNURXdQ/othTGr/rhxU1Q1/Ru\nAAXSSrVauj4gSu3QhJ52FCLNxtml3iTISjqSfwGGjVLTC13pl4BadL9uj905\n7WL5xsAiiOZRz7h6gInW6Yav7qtmdo+HQ0MmEGNmk/p2XGEs4hTo3/MYZozJ\nzuGQFLdEz7FaO9HdY+eH38lkJRP3o3RLByc4dyxN6Gd+kLxF59jYXNsezhne\ng4kvB67q4dIqq28BwY2IpuJ9sgco/RuUF9HGIMoKj+35Glq6fzV1jpQ3EU95\nu0jcjbuIlBDvMBnA5YXtN3OCUDq8XCHV/99qW3LbbOXkIo4sK88P7xOJ9Oox\n8Ue65SVn4ISQxQI6diq3ytNY8OxvkrENDiEKCJ/AbOJvRpvYqZONKdQLd8A4\nQCOEszlAeMzmnAUb0Q9O55yaaodnRvdvYBuOQ/YsatyAQVJQf4ipizEd3r91\n0D8Sy70aO2XLG0lG+dWG6h+UMancMMHYvJrLITr3ZNeZpvouKCCHSIqg8s7m\nCCKp\r\n=Lps0\r\n-----END PGP SIGNATURE-----\r\n" + }, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + } + ], + "directories": {}, + "_npmOperationalInternal": { + "host": "s3://npm-registry-packages", + "tmp": "tmp/amqplib_0.6.0_1594800837012_0.43470777612224554" + }, + "_hasShrinkwrap": false + }, + "0.7.0": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.7.0", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "git+https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": ">=0.8 <=15" + }, + "dependencies": { + "bitsyntax": "~0.1.0", + "bluebird": "^3.5.2", + "buffer-more-ints": "~1.0.0", + "readable-stream": "1.x >=1.1.9", + "safe-buffer": "~5.1.2", + "url-parse": "~1.4.3" + }, + "devDependencies": { + "claire": "0.4.1", + "istanbul": "0.1.x", + "mocha": "^3.5.3", + "uglify-js": "2.6.x" + }, + "scripts": { + "test": "make test", + "prepare": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "99a854f9fccac0517ed58696058f9ccd8e356b2e", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.7.0", + "_shasum": "83ae81d5bce3406bc8c75a90b9c4789cbbd1e6c4", + "_from": ".", + "_npmVersion": "2.15.12", + "_nodeVersion": "11.1.0", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "dist": { + "shasum": "83ae81d5bce3406bc8c75a90b9c4789cbbd1e6c4", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.7.0.tgz", + "integrity": "sha512-WIH+AV/p2UU7YUaP35m0uDlG871YFLm4pz5MKVVNz11OSWUYfWvbsPMklbSDTAbXscvbUB+QO4Z8HsgkfaqNeQ==", + "fileCount": 68, + "unpackedSize": 449454, + "npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.13\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJgM8AuCRA9TVsSAnZWagAAiCYQAIEx6IfyZhu0TGky90l7\nfsTDMKdGmVCPHO1VGmJVB2E8IFwmFvMEJsfH1hEDlxKQ/oy1UT3u5SgyFt+D\nXfY2oeAw9eB2zvC/92y4rpuzKu67ePYzb6i1bCco6Fim8OSSWZwBStbTzrTM\npr+SvPNezjPvi+FdRLd8y+TQ8vu9GdfDtjfcADMQ3SF8gDK+Tq/kvTxrjxCj\nYMgb2q1BeHLReDn/1rOWZ9FvYwwF+OvdItR0vF+N6H+N9mxg97KbA7FDGlFM\n8MHoNdk6Xrxtmjoeja7Y8yX9UAkMKAZTzGZnoNEW/ZIdFM2j+U0ZQ+EPZTI+\n8Ogh5M981xYTLgNa/EnYBPAOa/8IQ3oQgb09J2Ac0aoL/EnuwR8Zv2t3x0rk\nidmlMgtwY0llxPxyw/uyUHiRiAvOn8htvXNUM25wkRcpyf9gem4GlsqWXWSf\nNHvLUk8uFLk7hNsuegRMrjdBD5n7NsY2VsfmyP59LUAZT5M22xhH6eC9xtOV\nDigePC1O8xEHuHZ4JtGpjazevM6BveN6qrtoUcpZiooYETIjjtGitfPmPwO0\nAnTWknW9Kb4JRm+SoFIJzDWhK6mnmez7vwGPZEuMzyAX2mEzKhE4sd/jrsi6\n08+PWrbv0hNGQG/1wHFnPiIPRLd6FfW3ftwfd9GKMijDlsVzO0qCrsTAh17e\nQ0/u\r\n=eFfu\r\n-----END PGP SIGNATURE-----\r\n" + }, + "directories": {}, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + { + "name": "cressie176", + "email": "stephen.cresswell@gmail.com" + } + ], + "_npmOperationalInternal": { + "host": "s3://npm-registry-packages", + "tmp": "tmp/amqplib_0.7.0_1614004270013_0.097458798472281" + }, + "_hasShrinkwrap": false + }, + "0.7.1": { + "name": "amqplib", + "homepage": "http://squaremo.github.io/amqp.node/", + "main": "./channel_api.js", + "version": "0.7.1", + "description": "An AMQP 0-9-1 (e.g., RabbitMQ) library and client.", + "repository": { + "type": "git", + "url": "git+https://github.com/squaremo/amqp.node.git" + }, + "engines": { + "node": ">=0.8 <=15" + }, + "dependencies": { + "bitsyntax": "~0.1.0", + "bluebird": "^3.7.2", + "buffer-more-ints": "~1.0.0", + "readable-stream": "1.x >=1.1.9", + "safe-buffer": "~5.2.1", + "url-parse": "~1.5.1" + }, + "devDependencies": { + "claire": "0.4.1", + "istanbul": "0.1.x", + "mocha": "^3.5.3", + "uglify-js": "2.8.x" + }, + "scripts": { + "test": "make test", + "prepare": "make" + }, + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "license": "MIT", + "gitHead": "32aa2025a20200d0df861d5520bb263ba7b10523", + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "_id": "amqplib@0.7.1", + "_shasum": "1ac60934cbddb445bdc9c648310a0d232a53b3af", + "_from": ".", + "_npmVersion": "2.15.12", + "_nodeVersion": "11.1.0", + "_npmUser": { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + "dist": { + "shasum": "1ac60934cbddb445bdc9c648310a0d232a53b3af", + "tarball": "https://registry.npmjs.org/amqplib/-/amqplib-0.7.1.tgz", + "integrity": "sha512-KePK3tTOLGU4emTo+PwSDMbc123jrxo13FpRpim1LzJoSlQrIBB2/kMeCC40jK/Zb0olHGaABjLqXDsdK46iLA==", + "fileCount": 68, + "unpackedSize": 449192, + "npm-signature": "-----BEGIN PGP SIGNATURE-----\r\nVersion: OpenPGP.js v3.0.13\r\nComment: https://openpgpjs.org\r\n\r\nwsFcBAEBCAAQBQJgRdsoCRA9TVsSAnZWagAA+MgP/AigaN5KcFUsBxufNEL5\nm7n0NkY9D6HNT3B7Mv8SNPfloAlLB6oXVXjEtXSCJzexJXaOt0+3szSkg62e\nWHxkBBmL75U88vwYQuQ37B4EmNwf102MnUyYrFiAIPFhs8Yo07/py7nNqRWR\nSZThTGnY30ouvix0zEcqjrek0ZbCF0IZTj9H7Ru9fEGvsPDhrbL7wGBg7cCY\ngmTxdQu+ysbtioCrXi+zNyWvsXpE7Kfj79gYU4iuVV6aJylMs/5zStHq0K5b\noghPiAaJNHvv0fjIevBDdNBkykMNJOMEJzj7VGBgz/YKBnwuk6fqBshYBDTs\nEUbCMsxUTiJUyEKWX7gbAPf5LWAnkWrmF73CEZslBDzK5PqaYGdRarAuN9Qs\nf1QCET5K/iQSZMu+hxZwqrMk+ilOLsXzFi4NuhVqnHT00gTyUyr1bjbM9nsO\nOVmeQput5kLxLNx16FX4w3P7SSV6hqSTTW7BSY5j4Fn0BTH+5qFS9fBOKddC\nmdJ9EloaClw2jlwkqscZTHjv5/yDhUb6XuOZZ3Zg4AMV2fq1RFDaT9MOFf3X\n9JLHiYvUDcZg+v7ueNGx90U1FTtj1K1mX9gm1teuA1qjk8Achdvq40TPObIw\nX1ITjvh4Y6Q0TN7KLIZIZTpCK3zxOpOO7HF7/AjlUJt0HlCTHQ+wlnByQDD9\nLekq\r\n=BWxZ\r\n-----END PGP SIGNATURE-----\r\n" + }, + "directories": {}, + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" + }, + { + "name": "cressie176", + "email": "stephen.cresswell@gmail.com" + } + ], + "_npmOperationalInternal": { + "host": "s3://npm-registry-packages", + "tmp": "tmp/amqplib_0.7.1_1615190823512_0.14578457256946886" + }, + "_hasShrinkwrap": false + } + }, + "readme": "# AMQP 0-9-1 library and client for Node.JS\n\n[![Build Status](https://travis-ci.org/squaremo/amqp.node.png)](https://travis-ci.org/squaremo/amqp.node)\n\n npm install amqplib\n\n * [Change log][changelog]\n * [GitHub pages][gh-pages]\n * [API reference][gh-pages-apiref]\n * [Examples from RabbitMQ tutorials][tutes]\n\nA library for making AMQP 0-9-1 clients for Node.JS, and an AMQP 0-9-1\nclient for Node.JS v0.8-0.12, v4-v15, and the intervening io.js\nreleases.\n\nThis library does not implement [AMQP\n1.0](https://github.com/squaremo/amqp.node/issues/63) or [AMQP\n0-10](https://github.com/squaremo/amqp.node/issues/94).\n\nProject status:\n\n - Expected to work\n - Complete high-level and low-level APIs (i.e., all bits of the protocol)\n - Stable APIs\n - A fair few tests\n - Measured test coverage\n - Ports of the [RabbitMQ tutorials][rabbitmq-tutes] as [examples][tutes]\n - Used in production\n\nStill working on:\n\n - Getting to 100% (or very close to 100%) test coverage\n\n## Callback API example\n\n```javascript\nvar q = 'tasks';\n\nfunction bail(err) {\n console.error(err);\n process.exit(1);\n}\n\n// Publisher\nfunction publisher(conn) {\n conn.createChannel(on_open);\n function on_open(err, ch) {\n if (err != null) bail(err);\n ch.assertQueue(q);\n ch.sendToQueue(q, Buffer.from('something to do'));\n }\n}\n\n// Consumer\nfunction consumer(conn) {\n var ok = conn.createChannel(on_open);\n function on_open(err, ch) {\n if (err != null) bail(err);\n ch.assertQueue(q);\n ch.consume(q, function(msg) {\n if (msg !== null) {\n console.log(msg.content.toString());\n ch.ack(msg);\n }\n });\n }\n}\n\nrequire('amqplib/callback_api')\n .connect('amqp://localhost', function(err, conn) {\n if (err != null) bail(err);\n consumer(conn);\n publisher(conn);\n });\n```\n\n## Promise API example\n\n```javascript\nvar q = 'tasks';\n\nvar open = require('amqplib').connect('amqp://localhost');\n\n// Publisher\nopen.then(function(conn) {\n return conn.createChannel();\n}).then(function(ch) {\n return ch.assertQueue(q).then(function(ok) {\n return ch.sendToQueue(q, Buffer.from('something to do'));\n });\n}).catch(console.warn);\n\n// Consumer\nopen.then(function(conn) {\n return conn.createChannel();\n}).then(function(ch) {\n return ch.assertQueue(q).then(function(ok) {\n return ch.consume(q, function(msg) {\n if (msg !== null) {\n console.log(msg.content.toString());\n ch.ack(msg);\n }\n });\n });\n}).catch(console.warn);\n```\n\n## Running tests\n\n npm test\n\nTo run the tests RabbitMQ is required. Either install it with your package\nmanager, or use [docker][] to run a RabbitMQ instance.\n\n docker run -d --name amqp.test -p 5672:5672 rabbitmq\n\nIf prefer not to run RabbitMQ locally it is also possible to use a\ninstance of RabbitMQ hosted elsewhere. Use the `URL` environment\nvariable to configure a different amqp host to connect to. You may\nalso need to do this if docker is not on localhost; e.g., if it's\nrunning in docker-machine.\n\nOne public host is dev.rabbitmq.com:\n\n URL=amqp://dev.rabbitmq.com npm test\n\n**NB** You may experience test failures due to timeouts if using the\ndev.rabbitmq.com instance.\n\nYou can run it under different versions of Node.JS using [nave][]:\n\n nave use 0.8 npm test\n\nor run the tests on all supported versions of Node.JS in one go:\n\n make test-all-nodejs\n\n(which also needs `nave` installed, of course).\n\nLastly, setting the environment variable `LOG_ERRORS` will cause the\ntests to output error messages encountered, to the console; this is\nreally only useful for checking the kind and formatting of the errors.\n\n LOG_ERRORS=true npm test\n\n## Test coverage\n\n make coverage\n open file://`pwd`/coverage/lcov-report/index.html\n\n[gh-pages]: http://squaremo.github.com/amqp.node/\n[gh-pages-apiref]: http://squaremo.github.com/amqp.node/channel_api.html\n[nave]: https://github.com/isaacs/nave\n[tutes]: https://github.com/squaremo/amqp.node/tree/master/examples/tutorials\n[rabbitmq-tutes]: http://www.rabbitmq.com/getstarted.html\n[changelog]: https://github.com/squaremo/amqp.node/blob/master/CHANGELOG.md\n[docker]: https://www.docker.com/\n", + "maintainers": [ + { + "name": "squaremo", + "email": "mikeb@squaremobius.net" }, - "license": "MIT" + { + "name": "cressie176", + "email": "stephen.cresswell@gmail.com" + } + ], + "time": { + "modified": "2021-03-08T08:07:05.839Z", + "created": "2013-06-21T23:33:53.303Z", + "0.0.1": "2013-06-21T23:33:56.623Z", + "0.0.2": "2013-08-07T10:03:03.124Z", + "0.1.0": "2013-10-10T22:23:29.448Z", + "0.1.1": "2013-11-28T21:44:55.834Z", + "0.1.2": "2014-02-17T12:07:22.891Z", + "0.1.3": "2014-02-27T16:45:20.901Z", + "0.2.0": "2014-06-03T13:13:27.442Z", + "0.2.1": "2014-08-07T20:36:54.763Z", + "0.3.0": "2014-10-21T08:31:17.811Z", + "0.3.1": "2015-02-17T06:35:30.390Z", + "0.3.2": "2015-03-25T09:46:31.019Z", + "0.4.0": "2015-09-16T23:26:22.156Z", + "0.4.1": "2016-02-05T06:08:43.818Z", + "0.4.2": "2016-06-07T08:11:17.345Z", + "0.5.0": "2016-11-01T23:04:06.154Z", + "0.5.1": "2016-11-12T14:46:58.509Z", + "0.5.2": "2017-11-11T23:14:58.997Z", + "0.5.3": "2018-12-02T21:29:03.453Z", + "0.5.4": "2019-07-29T19:07:41.123Z", + "0.5.5": "2019-07-30T07:59:09.442Z", + "0.5.6": "2020-05-14T07:12:34.623Z", + "0.6.0": "2020-07-15T08:13:57.277Z", + "0.7.0": "2021-02-22T14:31:10.139Z", + "0.7.1": "2021-03-08T08:07:03.701Z" + }, + "author": { + "name": "Michael Bridgen", + "email": "mikeb@squaremobius.net" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/squaremo/amqp.node.git" + }, + "users": { + "djensen47": true, + "magomogo": true, + "nekinie": true, + "sherrman": true, + "olamedia": true, + "pihizi": true, + "mfarid": true, + "koslun": true, + "matteo.collina": true, + "goliatone": true, + "undertuga": true, + "fmoliveira": true, + "spiros.politis": true, + "bojand": true, + "lgh06": true, + "mdrobny": true, + "jonasfj": true, + "santihbc": true, + "rhyslbw": true, + "shanewholloway": true, + "moskalenko": true, + "antixrist": true, + "coolhanddev": true, + "qard": true, + "dmdnkv": true, + "beh01der": true, + "drdanryan": true, + "algonzo": true, + "sunggun": true, + "segen": true, + "kistoryg": true, + "dannluciano": true, + "sachacr": true, + "ma-ha": true, + "456wyc": true, + "zaxnode": true, + "ultimatik": true, + "strongwray": true, + "serge-nikitin": true, + "icerainnuaa": true, + "stevepsharpe": true, + "waleedmkasem": true, + "oleg_tsyba": true, + "danielpavelic": true, + "kulyk404": true, + "jamesbedont": true, + "kkho595": true, + "kkk123321": true, + "programmer.severson": true, + "htzhao200744": true, + "nuwaio": true, + "jbpionnier": true, + "nicknaso": true, + "pantheraleo": true, + "jonathas": true, + "bilalkaplan": true, + "selenasong": true, + "gurunate": true, + "mofier": true, + "itonyyo": true, + "hintss": true, + "mikroacse": true + }, + "readmeFilename": "README.md", + "homepage": "http://squaremo.github.io/amqp.node/", + "keywords": [ + "AMQP", + "AMQP 0-9-1", + "RabbitMQ" + ], + "bugs": { + "url": "https://github.com/squaremo/amqp.node/issues" + }, + "license": "MIT" } \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspDependencyCheck.json b/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspDependencyCheck.json index 0fc3a2dc5..6b723da51 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspDependencyCheck.json +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspDependencyCheck.json @@ -1,1032 +1,1032 @@ { - "reportSchema": "1.1", - "scanInfo": { - "engineVersion": "6.2.2", - "dataSource": [ + "reportSchema": "1.1", + "scanInfo": { + "engineVersion": "6.2.2", + "dataSource": [ + { + "name": "NVD CVE Checked", + "timestamp": "2021-07-28T15:08:24" + }, + { + "name": "NVD CVE Modified", + "timestamp": "2021-07-28T14:00:06" + }, + { + "name": "VersionCheckOn", + "timestamp": "2021-07-13T16:42:04" + } + ] + }, + "projectInfo": { + "name": "jackson-databind-2.9.1.jar", + "reportDate": "2021-07-28T13:26:57.202Z", + "credits": { + "NVD": "This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov", + "NPM": "This report may contain data retrieved from the NPM Public Advisories: https://www.npmjs.com/advisories", + "RETIREJS": "This report may contain data retrieved from the RetireJS community: https://retirejs.github.io/retire.js/", + "OSSINDEX": "This report may contain data retrieved from the Sonatype OSS Index: https://ossindex.sonatype.org" + } + }, + "dependencies": [ + { + "isVirtual": false, + "fileName": "jackson-databind-2.9.1.jar", + "filePath": "C:\\Users\\D067452\\eclipseWorkspace\\fosstars\\fosstars-rating-core\\.fosstars\\jars\\jackson-databind-2.9.1.jar", + "md5": "88d151266214f04685a7b5630cb3f55a", + "sha1": "716da1830a2043f18882fc036ec26eb32cbe5aff", + "sha256": "17b28ec21ae487bb9a0570b6c0ec66b2277d47546d4089c3a5a2b3e60054134c", + "description": "General data-binding functionality for Jackson: works on core streaming API", + "license": "http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", + "evidenceCollected": { + "vendorEvidence": [ + { + "type": "vendor", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "jackson-databind" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "databind" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "fasterxml" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "jackson" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "com.fasterxml.jackson.databind" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/github.com\/FasterXML\/jackson" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "com.fasterxml.jackson.core.jackson-databind" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "implementation-build-date", + "value": "2017-09-08 01:09:29+0000" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Vendor", + "value": "FasterXML" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Implementation-Vendor-Id", + "value": "com.fasterxml.jackson.core" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.7))\"" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "Manifest", + "name": "specification-vendor", + "value": "FasterXML" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "artifactid", + "value": "jackson-databind" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "fasterxml.jackson.core" + }, + { + "type": "vendor", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "jackson-databind" + }, + { + "type": "vendor", + "confidence": "LOW", + "source": "pom", + "name": "parent-artifactid", + "value": "jackson-bom" + }, + { + "type": "vendor", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "com.fasterxml.jackson" + }, + { + "type": "vendor", + "confidence": "HIGHEST", + "source": "pom", + "name": "url", + "value": "http:\/\/github.com\/FasterXML\/jackson" + } + ], + "productEvidence": [ + { + "type": "product", + "confidence": "HIGH", + "source": "file", + "name": "name", + "value": "jackson-databind" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "hint analyzer", + "name": "product", + "value": "java8" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "hint analyzer", + "name": "product", + "value": "modules" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "databind" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "fasterxml" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "jar", + "name": "package name", + "value": "jackson" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "automatic-module-name", + "value": "com.fasterxml.jackson.databind" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "bundle-docurl", + "value": "http:\/\/github.com\/FasterXML\/jackson" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "Bundle-Name", + "value": "jackson-databind" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "bundle-symbolicname", + "value": "com.fasterxml.jackson.core.jackson-databind" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "implementation-build-date", + "value": "2017-09-08 01:09:29+0000" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Title", + "value": "jackson-databind" + }, + { + "type": "product", + "confidence": "LOW", + "source": "Manifest", + "name": "require-capability", + "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.7))\"" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "Manifest", + "name": "specification-title", + "value": "jackson-databind" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "artifactid", + "value": "jackson-databind" + }, + { + "type": "product", + "confidence": "HIGHEST", + "source": "pom", + "name": "groupid", + "value": "fasterxml.jackson.core" + }, + { + "type": "product", + "confidence": "HIGH", + "source": "pom", + "name": "name", + "value": "jackson-databind" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-artifactid", + "value": "jackson-bom" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "parent-groupid", + "value": "com.fasterxml.jackson" + }, + { + "type": "product", + "confidence": "MEDIUM", + "source": "pom", + "name": "url", + "value": "http:\/\/github.com\/FasterXML\/jackson" + } + ], + "versionEvidence": [ + { + "type": "version", + "confidence": "HIGH", + "source": "file", + "name": "version", + "value": "2.9.1" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Bundle-Version", + "value": "2.9.1" + }, + { + "type": "version", + "confidence": "HIGH", + "source": "Manifest", + "name": "Implementation-Version", + "value": "2.9.1" + }, + { + "type": "version", + "confidence": "HIGHEST", + "source": "pom", + "name": "version", + "value": "2.9.1" + } + ] + }, + "packages": [ + { + "id": "pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.1", + "confidence": "HIGH", + "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.1?utm_source=dependency-check&utm_medium=integration&utm_content=6.2.2" + } + ], + "vulnerabilityIds": [ + { + "id": "cpe:2.3:a:fasterxml:jackson-databind:2.9.1:*:*:*:*:*:*:*", + "confidence": "HIGHEST", + "url": "https:\/\/nvd.nist.gov\/vuln\/search\/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.9.1" + }, + { + "id": "cpe:2.3:a:fasterxml:jackson-modules-java8:2.9.1:*:*:*:*:*:*:*", + "confidence": "LOW" + } + ], + "vulnerabilities": [ + { + "source": "NVD", + "name": "CVE-2017-17485", + "severity": "CRITICAL", + "cvssv2": { + "score": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authenticationr": "NONE", + "confidentialImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "severity": "HIGH", + "version": "2.0", + "exploitabilityScore": "10.0", + "impactScore": "6.4" + }, + "cvssv3": { + "baseScore": 9.8, + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "CRITICAL", + "exploitabilityScore": "3.9", + "impactScore": "5.9", + "version": "3.1" + }, + "cwes": [ + "CWE-502" + ], + "description": "FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.", + "notes": "", + "references": [ + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:3149", + "name": "RHSA-2019:3149" + }, + { + "source": "MISC", + "url": "https:\/\/www.oracle.com\/security-alerts\/cpuoct2020.html", + "name": "https:\/\/www.oracle.com\/security-alerts\/cpuoct2020.html" + }, + { + "source": "MISC", + "url": "https:\/\/github.com\/irsl\/jackson-rce-via-spel\/", + "name": "https:\/\/github.com\/irsl\/jackson-rce-via-spel\/" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:2858", + "name": "RHSA-2019:2858" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:0481", + "name": "RHSA-2018:0481" + }, + { + "source": "CONFIRM", + "url": "https:\/\/github.com\/FasterXML\/jackson-databind\/issues\/1855", + "name": "https:\/\/github.com\/FasterXML\/jackson-databind\/issues\/1855" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:0480", + "name": "RHSA-2018:0480" + }, + { + "source": "OSSINDEX", + "url": "https:\/\/ossindex.sonatype.org\/vulnerability\/b85a00e3-7d9b-49cf-9b19-b73f8ee60275?component-type=maven&component-name=com.fasterxml.jackson.core.jackson-databind&utm_source=dependency-check&utm_medium=integration&utm_content=6.2.2", + "name": "[CVE-2017-17485] Improper Control of Generation of Code (\"Code Injection\")" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:1447", + "name": "RHSA-2018:1447" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:1797", + "name": "RHSA-2019:1797" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:1448", + "name": "RHSA-2018:1448" + }, + { + "source": "CONFIRM", + "url": "https:\/\/support.hpe.com\/hpsc\/doc\/public\/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us", + "name": "https:\/\/support.hpe.com\/hpsc\/doc\/public\/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:1449", + "name": "RHSA-2018:1449" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:0342", + "name": "RHSA-2018:0342" + }, + { + "source": "CONFIRM", + "url": "https:\/\/security.netapp.com\/advisory\/ntap-20180201-0003\/", + "name": "https:\/\/security.netapp.com\/advisory\/ntap-20180201-0003\/" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:1782", + "name": "RHSA-2019:1782" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:0478", + "name": "RHSA-2018:0478" + }, + { + "source": "BUGTRAQ", + "url": "http:\/\/www.securityfocus.com\/archive\/1\/541652\/100\/0\/threaded", + "name": "20180109 CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:2930", + "name": "RHSA-2018:2930" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:0116", + "name": "RHSA-2018:0116" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:1450", + "name": "RHSA-2018:1450" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:3892", + "name": "RHSA-2019:3892" + }, { - "name": "NVD CVE Checked", - "timestamp": "2021-07-28T15:08:24" + "source": "DEBIAN", + "url": "https:\/\/www.debian.org\/security\/2018\/dsa-4114", + "name": "DSA-4114" }, { - "name": "NVD CVE Modified", - "timestamp": "2021-07-28T14:00:06" + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:0479", + "name": "RHSA-2018:0479" }, { - "name": "VersionCheckOn", - "timestamp": "2021-07-13T16:42:04" + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:1451", + "name": "RHSA-2018:1451" } - ] - }, - "projectInfo": { - "name": "jackson-databind-2.9.1.jar", - "reportDate": "2021-07-28T13:26:57.202Z", - "credits": { - "NVD": "This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov", - "NPM": "This report may contain data retrieved from the NPM Public Advisories: https://www.npmjs.com/advisories", - "RETIREJS": "This report may contain data retrieved from the RetireJS community: https://retirejs.github.io/retire.js/", - "OSSINDEX": "This report may contain data retrieved from the Sonatype OSS Index: https://ossindex.sonatype.org" - } - }, - "dependencies": [ + ], + "vulnerableSoftware": [ + { + "software": { + "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.0", + "versionEndExcluding": "2.6.7.3" + } + }, + { + "software": { + "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.7.0", + "versionEndExcluding": "2.7.9.2" + } + }, + { + "software": { + "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.8.0", + "versionEndExcluding": "2.8.11" + } + }, + { + "software": { + "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", + "vulnerabilityIdMatched": "true", + "versionStartIncluding": "2.9.0", + "versionEndExcluding": "2.9.4" + } + }, + { + "software": { + "id": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", + "versionStartIncluding": "11.0.0", + "versionEndIncluding": "11.60.3" + } + }, + { + "software": { + "id": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*" + } + } + ] + }, + { + "source": "NVD", + "name": "CVE-2018-1000873", + "severity": "MEDIUM", + "cvssv2": { + "score": 4.3, + "accessVector": "NETWORK", + "accessComplexity": "MEDIUM", + "authenticationr": "NONE", + "confidentialImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "PARTIAL", + "severity": "MEDIUM", + "version": "2.0", + "exploitabilityScore": "8.6", + "impactScore": "2.9", + "userInteractionRequired": "true" + }, + "cvssv3": { + "baseScore": 6.5, + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseSeverity": "MEDIUM", + "exploitabilityScore": "2.8", + "impactScore": "3.6", + "version": "3.1" + }, + "cwes": [ + "CWE-20" + ], + "description": "Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.", + "notes": "", + "references": [ + { + "source": "MISC", + "url": "https:\/\/www.oracle.com\/security-alerts\/cpuoct2020.html", + "name": "https:\/\/www.oracle.com\/security-alerts\/cpuoct2020.html" + }, + { + "source": "MISC", + "url": "https:\/\/github.com\/FasterXML\/jackson-modules-java8\/issues\/90", + "name": "https:\/\/github.com\/FasterXML\/jackson-modules-java8\/issues\/90" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", + "name": "[nifi-commits] 20191113 svn commit: r1869773 - \/nifi\/site\/trunk\/security.html" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E", + "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1" + }, + { + "source": "OSSINDEX", + "url": "https:\/\/ossindex.sonatype.org\/vulnerability\/292c11e9-cf66-4d76-aaf7-b63a091f8891?component-type=maven&component-name=com.fasterxml.jackson.core.jackson-databind&utm_source=dependency-check&utm_medium=integration&utm_content=6.2.2", + "name": "[CVE-2018-1000873] Improper Input Validation" + }, + { + "source": "MISC", + "url": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2019-5072832.html", + "name": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2019-5072832.html" + }, + { + "source": "MISC", + "url": "https:\/\/github.com\/FasterXML\/jackson-modules-java8\/pull\/87", + "name": "https:\/\/github.com\/FasterXML\/jackson-modules-java8\/pull\/87" + }, + { + "source": "MISC", + "url": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujul2019-5072835.html", + "name": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujul2019-5072835.html" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", + "name": "[nifi-commits] 20200123 svn commit: r1873083 - \/nifi\/site\/trunk\/security.html" + }, + { + "source": "CONFIRM", + "url": "https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1665601", + "name": "https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1665601" + }, + { + "source": "N\/A", + "url": "https:\/\/www.oracle.com\/security-alerts\/cpuapr2020.html", + "name": "N\/A" + }, + { + "source": "CONFIRM", + "url": "https:\/\/security.netapp.com\/advisory\/ntap-20200904-0004\/", + "name": "https:\/\/security.netapp.com\/advisory\/ntap-20200904-0004\/" + } + ], + "vulnerableSoftware": [ + { + "software": { + "id": "cpe:2.3:a:fasterxml:jackson-modules-java8:*:*:*:*:*:*:*:*", + "vulnerabilityIdMatched": "true", + "versionEndExcluding": "2.9.8" + } + }, + { + "software": { + "id": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", + "versionStartIncluding": "7.3" + } + }, + { + "software": { + "id": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", + "versionStartIncluding": "9.5" + } + }, + { + "software": { + "id": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "7.3" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:clusterware:12.1.0.2.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", + "versionEndExcluding": "11.2.0.3.23" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.2.0.1.0", + "versionEndExcluding": "12.2.0.1.19" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.9.4.0.0", + "versionEndExcluding": "13.9.4.2.1" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*", + "versionEndExcluding": "19.3.12" + } + } + ] + }, { - "isVirtual": false, - "fileName": "jackson-databind-2.9.1.jar", - "filePath": "C:\\Users\\D067452\\eclipseWorkspace\\fosstars\\fosstars-rating-core\\.fosstars\\jars\\jackson-databind-2.9.1.jar", - "md5": "88d151266214f04685a7b5630cb3f55a", - "sha1": "716da1830a2043f18882fc036ec26eb32cbe5aff", - "sha256": "17b28ec21ae487bb9a0570b6c0ec66b2277d47546d4089c3a5a2b3e60054134c", - "description": "General data-binding functionality for Jackson: works on core streaming API", - "license": "http:\/\/www.apache.org\/licenses\/LICENSE-2.0.txt", - "evidenceCollected": { - "vendorEvidence": [ - { - "type": "vendor", - "confidence": "HIGH", - "source": "file", - "name": "name", - "value": "jackson-databind" - }, - { - "type": "vendor", - "confidence": "HIGHEST", - "source": "jar", - "name": "package name", - "value": "databind" - }, - { - "type": "vendor", - "confidence": "HIGHEST", - "source": "jar", - "name": "package name", - "value": "fasterxml" - }, - { - "type": "vendor", - "confidence": "HIGHEST", - "source": "jar", - "name": "package name", - "value": "jackson" - }, - { - "type": "vendor", - "confidence": "MEDIUM", - "source": "Manifest", - "name": "automatic-module-name", - "value": "com.fasterxml.jackson.databind" - }, - { - "type": "vendor", - "confidence": "LOW", - "source": "Manifest", - "name": "bundle-docurl", - "value": "http:\/\/github.com\/FasterXML\/jackson" - }, - { - "type": "vendor", - "confidence": "MEDIUM", - "source": "Manifest", - "name": "bundle-symbolicname", - "value": "com.fasterxml.jackson.core.jackson-databind" - }, - { - "type": "vendor", - "confidence": "LOW", - "source": "Manifest", - "name": "implementation-build-date", - "value": "2017-09-08 01:09:29+0000" - }, - { - "type": "vendor", - "confidence": "HIGH", - "source": "Manifest", - "name": "Implementation-Vendor", - "value": "FasterXML" - }, - { - "type": "vendor", - "confidence": "MEDIUM", - "source": "Manifest", - "name": "Implementation-Vendor-Id", - "value": "com.fasterxml.jackson.core" - }, - { - "type": "vendor", - "confidence": "LOW", - "source": "Manifest", - "name": "require-capability", - "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.7))\"" - }, - { - "type": "vendor", - "confidence": "LOW", - "source": "Manifest", - "name": "specification-vendor", - "value": "FasterXML" - }, - { - "type": "vendor", - "confidence": "LOW", - "source": "pom", - "name": "artifactid", - "value": "jackson-databind" - }, - { - "type": "vendor", - "confidence": "HIGHEST", - "source": "pom", - "name": "groupid", - "value": "fasterxml.jackson.core" - }, - { - "type": "vendor", - "confidence": "HIGH", - "source": "pom", - "name": "name", - "value": "jackson-databind" - }, - { - "type": "vendor", - "confidence": "LOW", - "source": "pom", - "name": "parent-artifactid", - "value": "jackson-bom" - }, - { - "type": "vendor", - "confidence": "MEDIUM", - "source": "pom", - "name": "parent-groupid", - "value": "com.fasterxml.jackson" - }, - { - "type": "vendor", - "confidence": "HIGHEST", - "source": "pom", - "name": "url", - "value": "http:\/\/github.com\/FasterXML\/jackson" - } - ], - "productEvidence": [ - { - "type": "product", - "confidence": "HIGH", - "source": "file", - "name": "name", - "value": "jackson-databind" - }, - { - "type": "product", - "confidence": "HIGHEST", - "source": "hint analyzer", - "name": "product", - "value": "java8" - }, - { - "type": "product", - "confidence": "HIGHEST", - "source": "hint analyzer", - "name": "product", - "value": "modules" - }, - { - "type": "product", - "confidence": "HIGHEST", - "source": "jar", - "name": "package name", - "value": "databind" - }, - { - "type": "product", - "confidence": "HIGHEST", - "source": "jar", - "name": "package name", - "value": "fasterxml" - }, - { - "type": "product", - "confidence": "HIGHEST", - "source": "jar", - "name": "package name", - "value": "jackson" - }, - { - "type": "product", - "confidence": "MEDIUM", - "source": "Manifest", - "name": "automatic-module-name", - "value": "com.fasterxml.jackson.databind" - }, - { - "type": "product", - "confidence": "LOW", - "source": "Manifest", - "name": "bundle-docurl", - "value": "http:\/\/github.com\/FasterXML\/jackson" - }, - { - "type": "product", - "confidence": "MEDIUM", - "source": "Manifest", - "name": "Bundle-Name", - "value": "jackson-databind" - }, - { - "type": "product", - "confidence": "MEDIUM", - "source": "Manifest", - "name": "bundle-symbolicname", - "value": "com.fasterxml.jackson.core.jackson-databind" - }, - { - "type": "product", - "confidence": "LOW", - "source": "Manifest", - "name": "implementation-build-date", - "value": "2017-09-08 01:09:29+0000" - }, - { - "type": "product", - "confidence": "HIGH", - "source": "Manifest", - "name": "Implementation-Title", - "value": "jackson-databind" - }, - { - "type": "product", - "confidence": "LOW", - "source": "Manifest", - "name": "require-capability", - "value": "osgi.ee;filter:=\"(&(osgi.ee=JavaSE)(version=1.7))\"" - }, - { - "type": "product", - "confidence": "MEDIUM", - "source": "Manifest", - "name": "specification-title", - "value": "jackson-databind" - }, - { - "type": "product", - "confidence": "HIGHEST", - "source": "pom", - "name": "artifactid", - "value": "jackson-databind" - }, - { - "type": "product", - "confidence": "HIGHEST", - "source": "pom", - "name": "groupid", - "value": "fasterxml.jackson.core" - }, - { - "type": "product", - "confidence": "HIGH", - "source": "pom", - "name": "name", - "value": "jackson-databind" - }, - { - "type": "product", - "confidence": "MEDIUM", - "source": "pom", - "name": "parent-artifactid", - "value": "jackson-bom" - }, - { - "type": "product", - "confidence": "MEDIUM", - "source": "pom", - "name": "parent-groupid", - "value": "com.fasterxml.jackson" - }, - { - "type": "product", - "confidence": "MEDIUM", - "source": "pom", - "name": "url", - "value": "http:\/\/github.com\/FasterXML\/jackson" - } - ], - "versionEvidence": [ - { - "type": "version", - "confidence": "HIGH", - "source": "file", - "name": "version", - "value": "2.9.1" - }, - { - "type": "version", - "confidence": "HIGH", - "source": "Manifest", - "name": "Bundle-Version", - "value": "2.9.1" - }, - { - "type": "version", - "confidence": "HIGH", - "source": "Manifest", - "name": "Implementation-Version", - "value": "2.9.1" - }, - { - "type": "version", - "confidence": "HIGHEST", - "source": "pom", - "name": "version", - "value": "2.9.1" - } - ] - }, - "packages": [ - { - "id": "pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.1", - "confidence": "HIGH", - "url": "https:\/\/ossindex.sonatype.org\/component\/pkg:maven\/com.fasterxml.jackson.core\/jackson-databind@2.9.1?utm_source=dependency-check&utm_medium=integration&utm_content=6.2.2" - } - ], - "vulnerabilityIds": [ - { - "id": "cpe:2.3:a:fasterxml:jackson-databind:2.9.1:*:*:*:*:*:*:*", - "confidence": "HIGHEST", - "url": "https:\/\/nvd.nist.gov\/vuln\/search\/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.9.1" - }, - { - "id": "cpe:2.3:a:fasterxml:jackson-modules-java8:2.9.1:*:*:*:*:*:*:*", - "confidence": "LOW" - } - ], - "vulnerabilities": [ - { - "source": "NVD", - "name": "CVE-2017-17485", - "severity": "CRITICAL", - "cvssv2": { - "score": 7.5, - "accessVector": "NETWORK", - "accessComplexity": "LOW", - "authenticationr": "NONE", - "confidentialImpact": "PARTIAL", - "integrityImpact": "PARTIAL", - "availabilityImpact": "PARTIAL", - "severity": "HIGH", - "version": "2.0", - "exploitabilityScore": "10.0", - "impactScore": "6.4" - }, - "cvssv3": { - "baseScore": 9.8, - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseSeverity": "CRITICAL", - "exploitabilityScore": "3.9", - "impactScore": "5.9", - "version": "3.1" - }, - "cwes": [ - "CWE-502" - ], - "description": "FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.", - "notes": "", - "references": [ - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:3149", - "name": "RHSA-2019:3149" - }, - { - "source": "MISC", - "url": "https:\/\/www.oracle.com\/security-alerts\/cpuoct2020.html", - "name": "https:\/\/www.oracle.com\/security-alerts\/cpuoct2020.html" - }, - { - "source": "MISC", - "url": "https:\/\/github.com\/irsl\/jackson-rce-via-spel\/", - "name": "https:\/\/github.com\/irsl\/jackson-rce-via-spel\/" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:2858", - "name": "RHSA-2019:2858" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:0481", - "name": "RHSA-2018:0481" - }, - { - "source": "CONFIRM", - "url": "https:\/\/github.com\/FasterXML\/jackson-databind\/issues\/1855", - "name": "https:\/\/github.com\/FasterXML\/jackson-databind\/issues\/1855" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:0480", - "name": "RHSA-2018:0480" - }, - { - "source": "OSSINDEX", - "url": "https:\/\/ossindex.sonatype.org\/vulnerability\/b85a00e3-7d9b-49cf-9b19-b73f8ee60275?component-type=maven&component-name=com.fasterxml.jackson.core.jackson-databind&utm_source=dependency-check&utm_medium=integration&utm_content=6.2.2", - "name": "[CVE-2017-17485] Improper Control of Generation of Code (\"Code Injection\")" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:1447", - "name": "RHSA-2018:1447" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:1797", - "name": "RHSA-2019:1797" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:1448", - "name": "RHSA-2018:1448" - }, - { - "source": "CONFIRM", - "url": "https:\/\/support.hpe.com\/hpsc\/doc\/public\/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us", - "name": "https:\/\/support.hpe.com\/hpsc\/doc\/public\/display?docLocale=en_US&docId=emr_na-hpesbhf03902en_us" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:1449", - "name": "RHSA-2018:1449" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:0342", - "name": "RHSA-2018:0342" - }, - { - "source": "CONFIRM", - "url": "https:\/\/security.netapp.com\/advisory\/ntap-20180201-0003\/", - "name": "https:\/\/security.netapp.com\/advisory\/ntap-20180201-0003\/" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:1782", - "name": "RHSA-2019:1782" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:0478", - "name": "RHSA-2018:0478" - }, - { - "source": "BUGTRAQ", - "url": "http:\/\/www.securityfocus.com\/archive\/1\/541652\/100\/0\/threaded", - "name": "20180109 CVE-2017-17485: one more way of rce in jackson-databind when defaultTyping+objects are used" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:2930", - "name": "RHSA-2018:2930" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:0116", - "name": "RHSA-2018:0116" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:1450", - "name": "RHSA-2018:1450" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:3892", - "name": "RHSA-2019:3892" - }, - { - "source": "DEBIAN", - "url": "https:\/\/www.debian.org\/security\/2018\/dsa-4114", - "name": "DSA-4114" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:0479", - "name": "RHSA-2018:0479" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2018:1451", - "name": "RHSA-2018:1451" - } - ], - "vulnerableSoftware": [ - { - "software": { - "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", - "versionStartIncluding": "2.6.0", - "versionEndExcluding": "2.6.7.3" - } - }, - { - "software": { - "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", - "versionStartIncluding": "2.7.0", - "versionEndExcluding": "2.7.9.2" - } - }, - { - "software": { - "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", - "versionStartIncluding": "2.8.0", - "versionEndExcluding": "2.8.11" - } - }, - { - "software": { - "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", - "vulnerabilityIdMatched": "true", - "versionStartIncluding": "2.9.0", - "versionEndExcluding": "2.9.4" - } - }, - { - "software": { - "id": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*", - "versionStartIncluding": "11.0.0", - "versionEndIncluding": "11.60.3" - } - }, - { - "software": { - "id": "cpe:2.3:a:netapp:e-series_santricity_web_services_proxy:-:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*" - } - } - ] - }, - { - "source": "NVD", - "name": "CVE-2018-1000873", - "severity": "MEDIUM", - "cvssv2": { - "score": 4.3, - "accessVector": "NETWORK", - "accessComplexity": "MEDIUM", - "authenticationr": "NONE", - "confidentialImpact": "NONE", - "integrityImpact": "NONE", - "availabilityImpact": "PARTIAL", - "severity": "MEDIUM", - "version": "2.0", - "exploitabilityScore": "8.6", - "impactScore": "2.9", - "userInteractionRequired": "true" - }, - "cvssv3": { - "baseScore": 6.5, - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseSeverity": "MEDIUM", - "exploitabilityScore": "2.8", - "impactScore": "3.6", - "version": "3.1" - }, - "cwes": [ - "CWE-20" - ], - "description": "Fasterxml Jackson version Before 2.9.8 contains a CWE-20: Improper Input Validation vulnerability in Jackson-Modules-Java8 that can result in Causes a denial-of-service (DoS). This attack appear to be exploitable via The victim deserializes malicious input, specifically very large values in the nanoseconds field of a time value. This vulnerability appears to have been fixed in 2.9.8.", - "notes": "", - "references": [ - { - "source": "MISC", - "url": "https:\/\/www.oracle.com\/security-alerts\/cpuoct2020.html", - "name": "https:\/\/www.oracle.com\/security-alerts\/cpuoct2020.html" - }, - { - "source": "MISC", - "url": "https:\/\/github.com\/FasterXML\/jackson-modules-java8\/issues\/90", - "name": "https:\/\/github.com\/FasterXML\/jackson-modules-java8\/issues\/90" - }, - { - "source": "MLIST", - "url": "https:\/\/lists.apache.org\/thread.html\/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" - }, - { - "source": "MLIST", - "url": "https:\/\/lists.apache.org\/thread.html\/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E", - "name": "[nifi-commits] 20191113 svn commit: r1869773 - \/nifi\/site\/trunk\/security.html" - }, - { - "source": "MLIST", - "url": "https:\/\/lists.apache.org\/thread.html\/ff8dcfe29377088ab655fda9d585dccd5b1f07fabd94ae84fd60a7f8@%3Ccommits.pulsar.apache.org%3E", - "name": "[pulsar-commits] 20190416 [GitHub] [pulsar] one70six opened a new issue #4057: Security Vulnerabilities - Black Duck Scan - Pulsar v.2.3.1" - }, - { - "source": "OSSINDEX", - "url": "https:\/\/ossindex.sonatype.org\/vulnerability\/292c11e9-cf66-4d76-aaf7-b63a091f8891?component-type=maven&component-name=com.fasterxml.jackson.core.jackson-databind&utm_source=dependency-check&utm_medium=integration&utm_content=6.2.2", - "name": "[CVE-2018-1000873] Improper Input Validation" - }, - { - "source": "MISC", - "url": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2019-5072832.html", - "name": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpuoct2019-5072832.html" - }, - { - "source": "MISC", - "url": "https:\/\/github.com\/FasterXML\/jackson-modules-java8\/pull\/87", - "name": "https:\/\/github.com\/FasterXML\/jackson-modules-java8\/pull\/87" - }, - { - "source": "MISC", - "url": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujul2019-5072835.html", - "name": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujul2019-5072835.html" - }, - { - "source": "MLIST", - "url": "https:\/\/lists.apache.org\/thread.html\/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" - }, - { - "source": "MLIST", - "url": "https:\/\/lists.apache.org\/thread.html\/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" - }, - { - "source": "MLIST", - "url": "https:\/\/lists.apache.org\/thread.html\/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E", - "name": "[nifi-commits] 20200123 svn commit: r1873083 - \/nifi\/site\/trunk\/security.html" - }, - { - "source": "CONFIRM", - "url": "https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1665601", - "name": "https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=1665601" - }, - { - "source": "N\/A", - "url": "https:\/\/www.oracle.com\/security-alerts\/cpuapr2020.html", - "name": "N\/A" - }, - { - "source": "CONFIRM", - "url": "https:\/\/security.netapp.com\/advisory\/ntap-20200904-0004\/", - "name": "https:\/\/security.netapp.com\/advisory\/ntap-20200904-0004\/" - } - ], - "vulnerableSoftware": [ - { - "software": { - "id": "cpe:2.3:a:fasterxml:jackson-modules-java8:*:*:*:*:*:*:*:*", - "vulnerabilityIdMatched": "true", - "versionEndExcluding": "2.9.8" - } - }, - { - "software": { - "id": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*", - "versionStartIncluding": "7.3" - } - }, - { - "software": { - "id": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*", - "versionStartIncluding": "9.5" - } - }, - { - "software": { - "id": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*", - "versionStartIncluding": "7.3" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:clusterware:12.1.0.2.0:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", - "versionEndExcluding": "11.2.0.3.23" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", - "versionStartIncluding": "12.2.0.1.0", - "versionEndExcluding": "12.2.0.1.19" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", - "versionStartIncluding": "13.9.4.0.0", - "versionEndExcluding": "13.9.4.2.1" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*", - "versionEndExcluding": "19.3.12" - } - } - ] - }, - { - "source": "NVD", - "name": "CVE-2018-11307", - "severity": "CRITICAL", - "cvssv2": { - "score": 7.5, - "accessVector": "NETWORK", - "accessComplexity": "LOW", - "authenticationr": "NONE", - "confidentialImpact": "PARTIAL", - "integrityImpact": "PARTIAL", - "availabilityImpact": "PARTIAL", - "severity": "HIGH", - "version": "2.0", - "exploitabilityScore": "10.0", - "impactScore": "6.4" - }, - "cvssv3": { - "baseScore": 9.8, - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseSeverity": "CRITICAL", - "exploitabilityScore": "3.9", - "impactScore": "5.9", - "version": "3.1" - }, - "cwes": [ - "CWE-502" - ], - "description": "An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.", - "notes": "", - "references": [ - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:3149", - "name": "RHSA-2019:3149" - }, - { - "source": "MISC", - "url": "https:\/\/www.oracle.com\/security-alerts\/cpuoct2020.html", - "name": "https:\/\/www.oracle.com\/security-alerts\/cpuoct2020.html" - }, - { - "source": "MISC", - "url": "https:\/\/medium.com\/@cowtowncoder\/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "name": "https:\/\/medium.com\/@cowtowncoder\/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" - }, - { - "source": "MLIST", - "url": "https:\/\/lists.apache.org\/thread.html\/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", - "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:1822", - "name": "RHSA-2019:1822" - }, - { - "source": "MLIST", - "url": "https:\/\/lists.apache.org\/thread.html\/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E", - "name": "[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0" - }, - { - "source": "MISC", - "url": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujul2019-5072835.html", - "name": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujul2019-5072835.html" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:3140", - "name": "RHSA-2019:3140" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:1823", - "name": "RHSA-2019:1823" - }, - { - "source": "MISC", - "url": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-7525", - "name": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-7525" - }, - { - "source": "CONFIRM", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:0782", - "name": "https:\/\/access.redhat.com\/errata\/RHSA-2019:0782" - }, - { - "source": "MISC", - "url": "https:\/\/github.com\/FasterXML\/jackson-databind\/issues\/2032", - "name": "https:\/\/github.com\/FasterXML\/jackson-databind\/issues\/2032" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:2858", - "name": "RHSA-2019:2858" - }, - { - "source": "MLIST", - "url": "https:\/\/lists.apache.org\/thread.html\/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", - "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:2804", - "name": "RHSA-2019:2804" - }, - { - "source": "MLIST", - "url": "https:\/\/lists.apache.org\/thread.html\/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", - "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:4037", - "name": "RHSA-2019:4037" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:3892", - "name": "RHSA-2019:3892" - }, - { - "source": "REDHAT", - "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:3002", - "name": "RHSA-2019:3002" - }, - { - "source": "MISC", - "url": "https:\/\/www.oracle.com\/security-alerts\/cpujan2020.html", - "name": "https:\/\/www.oracle.com\/security-alerts\/cpujan2020.html" - }, - { - "source": "N\/A", - "url": "https:\/\/www.oracle.com\/security-alerts\/cpuapr2020.html", - "name": "N\/A" - }, - { - "source": "OSSINDEX", - "url": "https:\/\/ossindex.sonatype.org\/vulnerability\/cc8066c6-7e9c-4f25-b44b-56861eb1673b?component-type=maven&component-name=com.fasterxml.jackson.core.jackson-databind&utm_source=dependency-check&utm_medium=integration&utm_content=6.2.2", - "name": "[CVE-2018-11307] An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use o..." - } - ], - "vulnerableSoftware": [ - { - "software": { - "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", - "versionStartIncluding": "2.6.0", - "versionEndExcluding": "2.6.7.3" - } - }, - { - "software": { - "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", - "versionStartIncluding": "2.7.0", - "versionEndExcluding": "2.7.9.4" - } - }, - { - "software": { - "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", - "versionStartIncluding": "2.8.0", - "versionEndExcluding": "2.8.11.2" - } - }, - { - "software": { - "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", - "vulnerabilityIdMatched": "true", - "versionStartIncluding": "2.9.0", - "versionEndExcluding": "2.9.5" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:clusterware:12.1.0.2.0:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.2.0:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", - "versionEndExcluding": "11.2.0.3.23" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", - "versionStartIncluding": "12.2.0.1.0", - "versionEndExcluding": "12.2.0.1.19" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", - "versionStartIncluding": "13.9.4.0.0", - "versionEndExcluding": "13.9.4.2.1" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*" - } - }, - { - "software": { - "id": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*" - } - } - ] - } - ] + "source": "NVD", + "name": "CVE-2018-11307", + "severity": "CRITICAL", + "cvssv2": { + "score": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authenticationr": "NONE", + "confidentialImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "severity": "HIGH", + "version": "2.0", + "exploitabilityScore": "10.0", + "impactScore": "6.4" + }, + "cvssv3": { + "baseScore": 9.8, + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseSeverity": "CRITICAL", + "exploitabilityScore": "3.9", + "impactScore": "5.9", + "version": "3.1" + }, + "cwes": [ + "CWE-502" + ], + "description": "An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.", + "notes": "", + "references": [ + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:3149", + "name": "RHSA-2019:3149" + }, + { + "source": "MISC", + "url": "https:\/\/www.oracle.com\/security-alerts\/cpuoct2020.html", + "name": "https:\/\/www.oracle.com\/security-alerts\/cpuoct2020.html" + }, + { + "source": "MISC", + "url": "https:\/\/medium.com\/@cowtowncoder\/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "name": "https:\/\/medium.com\/@cowtowncoder\/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", + "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:1822", + "name": "RHSA-2019:1822" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/7fcf88aff0d1deaa5c3c7be8d58c05ad7ad5da94b59065d8e7c50c5d@%3Cissues.lucene.apache.org%3E", + "name": "[lucene-issues] 20191004 [GitHub] [lucene-solr] marungo opened a new pull request #925: SOLR-13818: Upgrade jackson to 2.10.0" + }, + { + "source": "MISC", + "url": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujul2019-5072835.html", + "name": "https:\/\/www.oracle.com\/technetwork\/security-advisory\/cpujul2019-5072835.html" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:3140", + "name": "RHSA-2019:3140" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:1823", + "name": "RHSA-2019:1823" + }, + { + "source": "MISC", + "url": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-7525", + "name": "https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2017-7525" + }, + { + "source": "CONFIRM", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:0782", + "name": "https:\/\/access.redhat.com\/errata\/RHSA-2019:0782" + }, + { + "source": "MISC", + "url": "https:\/\/github.com\/FasterXML\/jackson-databind\/issues\/2032", + "name": "https:\/\/github.com\/FasterXML\/jackson-databind\/issues\/2032" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:2858", + "name": "RHSA-2019:2858" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", + "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:2804", + "name": "RHSA-2019:2804" + }, + { + "source": "MLIST", + "url": "https:\/\/lists.apache.org\/thread.html\/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", + "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:4037", + "name": "RHSA-2019:4037" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:3892", + "name": "RHSA-2019:3892" + }, + { + "source": "REDHAT", + "url": "https:\/\/access.redhat.com\/errata\/RHSA-2019:3002", + "name": "RHSA-2019:3002" + }, + { + "source": "MISC", + "url": "https:\/\/www.oracle.com\/security-alerts\/cpujan2020.html", + "name": "https:\/\/www.oracle.com\/security-alerts\/cpujan2020.html" + }, + { + "source": "N\/A", + "url": "https:\/\/www.oracle.com\/security-alerts\/cpuapr2020.html", + "name": "N\/A" + }, + { + "source": "OSSINDEX", + "url": "https:\/\/ossindex.sonatype.org\/vulnerability\/cc8066c6-7e9c-4f25-b44b-56861eb1673b?component-type=maven&component-name=com.fasterxml.jackson.core.jackson-databind&utm_source=dependency-check&utm_medium=integration&utm_content=6.2.2", + "name": "[CVE-2018-11307] An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use o..." + } + ], + "vulnerableSoftware": [ + { + "software": { + "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.0", + "versionEndExcluding": "2.6.7.3" + } + }, + { + "software": { + "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.7.0", + "versionEndExcluding": "2.7.9.4" + } + }, + { + "software": { + "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.8.0", + "versionEndExcluding": "2.8.11.2" + } + }, + { + "software": { + "id": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", + "vulnerabilityIdMatched": "true", + "versionStartIncluding": "2.9.0", + "versionEndExcluding": "2.9.5" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:clusterware:12.1.0.2.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.2.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", + "versionEndExcluding": "11.2.0.3.23" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.2.0.1.0", + "versionEndExcluding": "12.2.0.1.19" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.9.4.0.0", + "versionEndExcluding": "13.9.4.2.1" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*" + } + }, + { + "software": { + "id": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*" + } + } + ] } - ] + ] + } + ] } \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspNoDependencies.json b/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspNoDependencies.json index 3f52d506e..be5a2b440 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspNoDependencies.json +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/artifact/VulnerabilitiesFromOwaspNoDependencies.json @@ -1,30 +1,30 @@ { - "reportSchema": "1.1", - "scanInfo": { - "engineVersion": "6.2.2", - "dataSource": [ - { - "name": "NVD CVE Checked", - "timestamp": "2021-07-28T15:08:24" - }, - { - "name": "NVD CVE Modified", - "timestamp": "2021-07-28T14:00:06" - }, - { - "name": "VersionCheckOn", - "timestamp": "2021-07-13T16:42:04" - } - ] - }, - "projectInfo": { - "name": "jackson-databind-2.9.1.jar", - "reportDate": "2021-07-28T13:26:57.202Z", - "credits": { - "NVD": "This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov", - "NPM": "This report may contain data retrieved from the NPM Public Advisories: https://www.npmjs.com/advisories", - "RETIREJS": "This report may contain data retrieved from the RetireJS community: https://retirejs.github.io/retire.js/", - "OSSINDEX": "This report may contain data retrieved from the Sonatype OSS Index: https://ossindex.sonatype.org" - } + "reportSchema": "1.1", + "scanInfo": { + "engineVersion": "6.2.2", + "dataSource": [ + { + "name": "NVD CVE Checked", + "timestamp": "2021-07-28T15:08:24" + }, + { + "name": "NVD CVE Modified", + "timestamp": "2021-07-28T14:00:06" + }, + { + "name": "VersionCheckOn", + "timestamp": "2021-07-13T16:42:04" + } + ] + }, + "projectInfo": { + "name": "jackson-databind-2.9.1.jar", + "reportDate": "2021-07-28T13:26:57.202Z", + "credits": { + "NVD": "This report contains data retrieved from the National Vulnerability Database: http://nvd.nist.gov", + "NPM": "This report may contain data retrieved from the NPM Public Advisories: https://www.npmjs.com/advisories", + "RETIREJS": "This report may contain data retrieved from the RetireJS community: https://retirejs.github.io/retire.js/", + "OSSINDEX": "This report may contain data retrieved from the Sonatype OSS Index: https://ossindex.sonatype.org" } + } } \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenCheckStyleWithNoHttp.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenCheckStyleWithNoHttp.xml index 8e4c28de2..e02551416 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenCheckStyleWithNoHttp.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenCheckStyleWithNoHttp.xml @@ -1,47 +1,47 @@ - - 4.0.0 + 4.0.0 - sample - checkstyle - 0.1-SNAPSHOT - - UTF-8 - - - - - org.apache.maven.plugins - maven-checkstyle-plugin - 3.0.0 - - - com.puppycrawl.tools - checkstyle - 8.18 - - - io.spring.nohttp - nohttp-checkstyle - 0.0.4.RELEASE - - - - nohttp-checkstyle.xml - **/* - .git/**/*,target/**/* - ./ - - - - - check - - - - - - + sample + checkstyle + 0.1-SNAPSHOT + + UTF-8 + + + + + org.apache.maven.plugins + maven-checkstyle-plugin + 3.0.0 + + + com.puppycrawl.tools + checkstyle + 8.18 + + + io.spring.nohttp + nohttp-checkstyle + 0.0.4.RELEASE + + + + nohttp-checkstyle.xml + **/* + .git/**/*,target/**/* + ./ + + + + + check + + + + + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenCheckStyleWithNoHttpInProfilesBuild.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenCheckStyleWithNoHttpInProfilesBuild.xml index efaebb020..4fd1369ec 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenCheckStyleWithNoHttpInProfilesBuild.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenCheckStyleWithNoHttpInProfilesBuild.xml @@ -1,53 +1,53 @@ - - 4.0.0 + 4.0.0 - sample - checkstyle - 0.1-SNAPSHOT - - UTF-8 - + sample + checkstyle + 0.1-SNAPSHOT + + UTF-8 + - - - nohttp - - - - org.apache.maven.plugins - maven-checkstyle-plugin - 3.0.0 - - - com.puppycrawl.tools - checkstyle - 8.18 - - - io.spring.nohttp - nohttp-checkstyle - 0.0.4.RELEASE - - - - nohttp-checkstyle.xml - **/* - .git/**/*,target/**/* - ./ - - - - - check - - - - - - - - + + + nohttp + + + + org.apache.maven.plugins + maven-checkstyle-plugin + 3.0.0 + + + com.puppycrawl.tools + checkstyle + 8.18 + + + io.spring.nohttp + nohttp-checkstyle + 0.0.4.RELEASE + + + + nohttp-checkstyle.xml + **/* + .git/**/*,target/**/* + ./ + + + + + check + + + + + + + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenCheckStyleWithoutNoHttp.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenCheckStyleWithoutNoHttp.xml index 19f89828a..c5cefada5 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenCheckStyleWithoutNoHttp.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenCheckStyleWithoutNoHttp.xml @@ -1,39 +1,39 @@ - - 4.0.0 + 4.0.0 - sample - checkstyle - 0.1-SNAPSHOT - - UTF-8 - - - - - org.apache.maven.plugins - maven-checkstyle-plugin - 3.0.0 - - - com.puppycrawl.tools - checkstyle - 8.18 - - - - checkstyle.xml - - - - - check - - - - - - + sample + checkstyle + 0.1-SNAPSHOT + + UTF-8 + + + + + org.apache.maven.plugins + maven-checkstyle-plugin + 3.0.0 + + + com.puppycrawl.tools + checkstyle + 8.18 + + + + checkstyle.xml + + + + + check + + + + + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenPomWithMavenGPG.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenPomWithMavenGPG.xml index 45b36bb9f..4f328a491 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenPomWithMavenGPG.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenPomWithMavenGPG.xml @@ -1,24 +1,24 @@ - - - - org.apache.maven.plugins - maven-gpg-plugin - 1.6 - - - sign-artifacts - verify - - sign - - - ${gpg.keyname} - ${gpg.keyname} - - - - - - + + + + org.apache.maven.plugins + maven-gpg-plugin + 1.6 + + + sign-artifacts + verify + + sign + + + ${gpg.keyname} + ${gpg.keyname} + + + + + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenPomWithoutMavenGPG.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenPomWithoutMavenGPG.xml index 85c2c7a8e..04b7a5ad7 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenPomWithoutMavenGPG.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenPomWithoutMavenGPG.xml @@ -1,11 +1,11 @@ - - - - org.apache.maven.plugins - something-else - 1.6 - - - + + + + org.apache.maven.plugins + something-else + 1.6 + + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithFindSecBugs.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithFindSecBugs.xml index df565517c..19a8c69d6 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithFindSecBugs.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithFindSecBugs.xml @@ -1,23 +1,23 @@ - - - - com.github.spotbugs - spotbugs-maven-plugin - 3.1.12 - - Max - Low - true - + + - com.h3xstream.findsecbugs - findsecbugs-plugin - 1.9.0 + com.github.spotbugs + spotbugs-maven-plugin + 3.1.12 + + Max + Low + true + + + com.h3xstream.findsecbugs + findsecbugs-plugin + 1.9.0 + + + - - - - - + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithFindSecBugsInProfilesBuild.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithFindSecBugsInProfilesBuild.xml index 2912d13be..456bf45b1 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithFindSecBugsInProfilesBuild.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithFindSecBugsInProfilesBuild.xml @@ -1,28 +1,28 @@ - - - findsecbugs - - - - com.github.spotbugs - spotbugs-maven-plugin - 3.1.12 - - Max - Low - true - - - com.h3xstream.findsecbugs - findsecbugs-plugin - 1.9.0 - - - - - - - - + + + findsecbugs + + + + com.github.spotbugs + spotbugs-maven-plugin + 3.1.12 + + Max + Low + true + + + com.h3xstream.findsecbugs + findsecbugs-plugin + 1.9.0 + + + + + + + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInBuild.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInBuild.xml index 6f6105155..34c44798e 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInBuild.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInBuild.xml @@ -1,18 +1,18 @@ - - - - org.owasp - dependency-check-maven - 5.3.2 - - - - check - - - - - - + + + + org.owasp + dependency-check-maven + 5.3.2 + + + + check + + + + + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInBuildAndProfile.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInBuildAndProfile.xml index d15e501b6..e771ab02e 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInBuildAndProfile.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInBuildAndProfile.xml @@ -1,45 +1,45 @@ - - - dependency-check - + + + dependency-check + + + + org.owasp + dependency-check-maven + 5.3.2 + + 7 + + + + + check + + + + + + + + + - - org.owasp - dependency-check-maven - 5.3.2 - - 7 - - - - - check - - - - + + org.owasp + dependency-check-maven + 5.3.2 + + 6 + + + + + check + + + + - - - - - - - org.owasp - dependency-check-maven - 5.3.2 - - 6 - - - - - check - - - - - - + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInBuildPluginManagement.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInBuildPluginManagement.xml index a7e893da9..9580804bb 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInBuildPluginManagement.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInBuildPluginManagement.xml @@ -1,21 +1,21 @@ - - + + - - - - org.owasp - dependency-check-maven - 5.0.0-M2 - - ALL - true - true - false - - - - - + + + + org.owasp + dependency-check-maven + 5.0.0-M2 + + ALL + true + true + false + + + + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInProfilesBuild.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInProfilesBuild.xml index 7d1a76e5b..ae349f05b 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInProfilesBuild.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInProfilesBuild.xml @@ -1,32 +1,32 @@ - - - dependency-check - - - - org.owasp - dependency-check-maven - 5.3.2 - - 24 - 7 - true - true - false - true - owasp-dependency-check-suppressions.xml - - - - - check - - - - - - - - + + + dependency-check + + + + org.owasp + dependency-check-maven + 5.3.2 + + 24 + 7 + true + true + false + true + owasp-dependency-check-suppressions.xml + + + + + check + + + + + + + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInProfilesReporting.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInProfilesReporting.xml index 5363ad63a..93085ed2d 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInProfilesReporting.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInProfilesReporting.xml @@ -1,19 +1,19 @@ - - - dependency-check - - - - org.owasp - dependency-check-maven - 5.3.2 - - true - - - - - - + + + dependency-check + + + + org.owasp + dependency-check-maven + 5.3.2 + + true + + + + + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInReporting.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInReporting.xml index cddf997bb..88a395c6e 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInReporting.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspDependencyCheckInReporting.xml @@ -1,21 +1,21 @@ - - - - org.owasp - dependency-check-maven - 5.3.2 - - 1.3 - - - - - aggregate - - - - - - + + + + org.owasp + dependency-check-maven + 5.3.2 + + 1.3 + + + + + aggregate + + + + + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspEsapiInDefaultDependencies.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspEsapiInDefaultDependencies.xml index 22761ad48..b0b71a6b2 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspEsapiInDefaultDependencies.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspEsapiInDefaultDependencies.xml @@ -1,24 +1,24 @@ - - 4.0.0 + 4.0.0 - test - test - 0.1-SNAPSHOT + test + test + 0.1-SNAPSHOT - - - org.owasp - something - 1.2 - - - org.owasp.esapi - esapi - 2.2.1.0 - - + + + org.owasp + something + 1.2 + + + org.owasp.esapi + esapi + 2.2.1.0 + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspEsapiInProfiledDependencies.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspEsapiInProfiledDependencies.xml index d3dcad31d..1a0d1ece6 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspEsapiInProfiledDependencies.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspEsapiInProfiledDependencies.xml @@ -1,32 +1,32 @@ - - 4.0.0 + 4.0.0 - test - test - 0.1-SNAPSHOT + test + test + 0.1-SNAPSHOT - - - org.owasp - something - 2.2.1.0 - - - - - - test - + - org.owasp.esapi - esapi - 2.2.1.0 + org.owasp + something + 2.2.1.0 - - - + + + + + test + + + org.owasp.esapi + esapi + 2.2.1.0 + + + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspJavaEncoderInDefaultDependencies.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspJavaEncoderInDefaultDependencies.xml index 7b3b9c625..dce5580e8 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspJavaEncoderInDefaultDependencies.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspJavaEncoderInDefaultDependencies.xml @@ -1,23 +1,23 @@ - - 4.0.0 + 4.0.0 - test - test - 0.1-SNAPSHOT + test + test + 0.1-SNAPSHOT - - - org.owasp - something - 1.2 - - - org.owasp.encoder - encoder - - + + + org.owasp + something + 1.2 + + + org.owasp.encoder + encoder + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspJavaHtmlSanitizerInDefaultDependencies.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspJavaHtmlSanitizerInDefaultDependencies.xml index 68b9fb0e2..a39b1dec6 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspJavaHtmlSanitizerInDefaultDependencies.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithOwaspJavaHtmlSanitizerInDefaultDependencies.xml @@ -1,23 +1,23 @@ - - 4.0.0 + 4.0.0 - test - test - 0.1-SNAPSHOT + test + test + 0.1-SNAPSHOT - - - org.owasp - something - 1.2 - - - com.googlecode.owasp-java-html-sanitizer - owasp-java-html-sanitizer - - + + + org.owasp + something + 1.2 + + + com.googlecode.owasp-java-html-sanitizer + owasp-java-html-sanitizer + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithoutFindSecBugs.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithoutFindSecBugs.xml index bf7a0b085..1ee7c6cf8 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithoutFindSecBugs.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithoutFindSecBugs.xml @@ -1,23 +1,23 @@ - - - - com.github.spotbugs - spotbugs-maven-plugin - 3.1.12 - - Max - Low - true - + + - com.something.else - another-plugin - 1.9.0 + com.github.spotbugs + spotbugs-maven-plugin + 3.1.12 + + Max + Low + true + + + com.something.else + another-plugin + 1.9.0 + + + - - - - - + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithoutOwaspDependencyCheck.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithoutOwaspDependencyCheck.xml index ee8954402..04631c765 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithoutOwaspDependencyCheck.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithoutOwaspDependencyCheck.xml @@ -1,5 +1,5 @@ - - - + + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithoutOwaspEsapiDependency.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithoutOwaspEsapiDependency.xml index 39b63f8e3..56b426776 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithoutOwaspEsapiDependency.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/MavenWithoutOwaspEsapiDependency.xml @@ -1,28 +1,28 @@ - - 4.0.0 + 4.0.0 - test - test - 0.1-SNAPSHOT + test + test + 0.1-SNAPSHOT - - - org.owasp - something - 2.2.1.0 - - + + + org.owasp + something + 2.2.1.0 + + - - - test - + + + test + - - - + + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-multiple-jobs.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-multiple-jobs.yml index d5a00a47a..e14b11d35 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-multiple-jobs.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-multiple-jobs.yml @@ -1,7 +1,7 @@ name: "Bandit" on: push: - branches: [master] + branches: [ master ] schedule: - cron: '0 13 * * 3' jobs: @@ -20,6 +20,6 @@ jobs: - run: | python -m pip install --upgrade pip pip install -r requirements.txt - - run: | + - run: | mkdir -p reports bandit --format json --output reports/bandit-report.json --recursive test \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-no-bandit-run-but-uses-bandit.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-no-bandit-run-but-uses-bandit.yml index af2531621..c66eca3ed 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-no-bandit-run-but-uses-bandit.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-no-bandit-run-but-uses-bandit.yml @@ -1,7 +1,7 @@ name: "Bandit" on: push: - branches: [master] + branches: [ master ] pull_request: branches: [ master ] schedule: @@ -23,5 +23,5 @@ jobs: - run: | python -m pip install --upgrade pip pip install -r requirements.txt - - run: | + - run: | mkdir -p reports \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-no-bandit-run.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-no-bandit-run.yml index 5ea2af6a1..dcaa54df6 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-no-bandit-run.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-no-bandit-run.yml @@ -1,7 +1,7 @@ name: "Bandit" on: push: - branches: [master] + branches: [ master ] schedule: - cron: '0 13 * * 3' jobs: @@ -21,5 +21,5 @@ jobs: - run: | python -m pip install --upgrade pip pip install -r requirements.txt - - run: | + - run: | mkdir -p reports \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-run.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-run.yml index 739b4e708..09bf1a5f4 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-run.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/bandit-analysis-with-run.yml @@ -1,9 +1,9 @@ name: "Bandit" on: push: - branches: [master] + branches: [ master ] pull_request: - branches: [master] + branches: [ master ] schedule: - cron: '0 13 * * 3' jobs: diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/codeql-analysis-with-pr.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/codeql-analysis-with-pr.yml index df2146041..1335b14c8 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/codeql-analysis-with-pr.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/codeql-analysis-with-pr.yml @@ -2,9 +2,9 @@ name: "CodeQL" on: push: - branches: [master] + branches: [ master ] pull_request: - branches: [master] + branches: [ master ] schedule: - cron: '0 13 * * 3' @@ -16,7 +16,7 @@ jobs: strategy: fail-fast: false matrix: - language: ['java', 'cpp' ] + language: [ 'java', 'cpp' ] steps: - name: Checkout repository diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/codeql-analysis-without-pr.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/codeql-analysis-without-pr.yml index ee123ab69..12f056bb8 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/codeql-analysis-without-pr.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/codeql-analysis-without-pr.yml @@ -12,7 +12,7 @@ jobs: strategy: fail-fast: false matrix: - language: ['java' ] + language: [ 'java' ] steps: - name: Checkout repository diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-run-with-exclude-rules.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-run-with-exclude-rules.yml index 3f95d8fbd..f6116d618 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-run-with-exclude-rules.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-run-with-exclude-rules.yml @@ -10,16 +10,13 @@ jobs: sec: runs-on: ubuntu-latest steps: - - - name: Checkout + - name: Checkout uses: actions/checkout@v3 - - - name: Set up Go + - name: Set up Go uses: actions/setup-go@v3 with: go-version: '1.17.7' - - - name: Run Gosec Security Scanner + - name: Run Gosec Security Scanner # https://github.com/securego/gosec/issues/469 run: | export PATH=$PATH:$(go env GOPATH)/bin diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-run-with-include-rules.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-run-with-include-rules.yml index d5804f955..400e7fe99 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-run-with-include-rules.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-run-with-include-rules.yml @@ -10,16 +10,13 @@ jobs: sec: runs-on: ubuntu-latest steps: - - - name: Checkout + - name: Checkout uses: actions/checkout@v3 - - - name: Set up Go + - name: Set up Go uses: actions/setup-go@v3 with: go-version: '1.17.7' - - - name: Run Gosec Security Scanner + - name: Run Gosec Security Scanner # https://github.com/securego/gosec/issues/469 run: | export PATH=$PATH:$(go env GOPATH)/bin diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-run-without-rules.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-run-without-rules.yml index 7ebae53c9..c58f0becd 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-run-without-rules.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-run-without-rules.yml @@ -10,16 +10,13 @@ jobs: sec: runs-on: ubuntu-latest steps: - - - name: Checkout + - name: Checkout uses: actions/checkout@v3 - - - name: Set up Go + - name: Set up Go uses: actions/setup-go@v3 with: go-version: '1.17.7' - - - name: Run Gosec Security Scanner + - name: Run Gosec Security Scanner # https://github.com/securego/gosec/issues/469 run: | export PATH=$PATH:$(go env GOPATH)/bin diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-uses-without-with-key.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-uses-without-with-key.yml index b3c1974a3..c8d5ef489 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-uses-without-with-key.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-uses-without-with-key.yml @@ -1,4 +1,4 @@ -on: [push, pull_request] +on: [ push, pull_request ] name: Security jobs: Gosec: diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-multiple-jobs.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-multiple-jobs.yml index de181c322..877849b89 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-multiple-jobs.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-multiple-jobs.yml @@ -8,8 +8,8 @@ jobs: test: strategy: matrix: - go-version: [1.19.x] - platform: [ubuntu-latest] + go-version: [ 1.19.x ] + platform: [ ubuntu-latest ] runs-on: ${{ matrix.platform }} env: GO111MODULE: on diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-no-gosec-run.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-no-gosec-run.yml index 034e0c5d1..948266ff1 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-no-gosec-run.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-no-gosec-run.yml @@ -8,8 +8,8 @@ jobs: test: strategy: matrix: - go-version: [1.19.x] - platform: [ubuntu-latest] + go-version: [ 1.19.x ] + platform: [ ubuntu-latest ] runs-on: ${{ matrix.platform }} env: GO111MODULE: on diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-rules-in-different-step.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-rules-in-different-step.yml index f4c13f819..5a01d81fe 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-rules-in-different-step.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-rules-in-different-step.yml @@ -1,4 +1,4 @@ -on: [push] +on: [ push ] name: Security jobs: Gosec: diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-run.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-run.yml index 774e6ac1b..ce5c85863 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-run.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-run.yml @@ -10,16 +10,13 @@ jobs: sec: runs-on: ubuntu-latest steps: - - - name: Checkout + - name: Checkout uses: actions/checkout@v3 - - - name: Set up Go + - name: Set up Go uses: actions/setup-go@v3 with: go-version: '1.17.7' - - - name: Run Gosec Security Scanner + - name: Run Gosec Security Scanner # https://github.com/securego/gosec/issues/469 run: | export PATH=$PATH:$(go env GOPATH)/bin diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-uses.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-uses.yml index 854a1d570..0cdad2eac 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-uses.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/gosec-analysis-with-uses.yml @@ -1,4 +1,4 @@ -on: [push, pull_request] +on: [ push, pull_request ] name: Security jobs: Gosec: diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/mypy-analysis-with-pre-commit-hook.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/mypy-analysis-with-pre-commit-hook.yml index 0a9142e26..17bb43c9a 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/mypy-analysis-with-pre-commit-hook.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/mypy-analysis-with-pre-commit-hook.yml @@ -23,7 +23,7 @@ repos: rev: v0.941 hooks: - id: mypy - additional_dependencies: [types-all] + additional_dependencies: [ types-all ] - repo: https://github.com/peterdemin/pip-compile-multi rev: v2.4.1 hooks: @@ -39,7 +39,7 @@ repos: - id: debug-statements - id: end-of-file-fixer - id: trailing-whitespace - args: ["--markdown-linebreak-ext=md"] + args: [ "--markdown-linebreak-ext=md" ] - repo: https://github.com/psf/black rev: 22.3.0 hooks: @@ -49,11 +49,11 @@ repos: rev: v2.4.1 # Use the sha or tag you want to point at hooks: - id: prettier - args: ['--ignore-path=./superset-frontend/.prettierignore'] + args: [ '--ignore-path=./superset-frontend/.prettierignore' ] files: 'superset-frontend' # blacklist unsafe functions like make_url (see #19526) - repo: https://github.com/skorokithakis/blacklist-pre-commit-hook rev: e2f070289d8eddcaec0b580d3bde29437e7c8221 hooks: - id: blacklist - args: ["--blacklisted-names=make_url", "--ignore=tests/"] \ No newline at end of file + args: [ "--blacklisted-names=make_url", "--ignore=tests/" ] \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/mypy-analysis-with-prospector.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/mypy-analysis-with-prospector.yml index 528463c76..c3712c78a 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/mypy-analysis-with-prospector.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/mypy-analysis-with-prospector.yml @@ -1,7 +1,7 @@ repos: -- repo: https://github.com/PyCQA/prospector + - repo: https://github.com/PyCQA/prospector rev: 1.7.5 hooks: - - id: prospector + - id: prospector additional_dependencies: - - ".[with_pylint,with_mypy]" \ No newline at end of file + - ".[with_pylint,with_mypy]" \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/mypy-analysis-with-run.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/mypy-analysis-with-run.yml index 775b62452..c5df3e0c4 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/mypy-analysis-with-run.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/mypy-analysis-with-run.yml @@ -1,9 +1,9 @@ name: "Mypy" on: push: - branches: [master] + branches: [ master ] pull_request: - branches: [master] + branches: [ master ] schedule: - cron: '0 13 * * 3' jobs: diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/no-codeql-analysis.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/no-codeql-analysis.yml index fdd1ef78a..afb1848c7 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/no-codeql-analysis.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/no-codeql-analysis.yml @@ -2,9 +2,9 @@ name: "Build" on: push: - branches: [master] + branches: [ master ] pull_request: - branches: [master] + branches: [ master ] schedule: - cron: '0 13 * * 3' @@ -16,7 +16,7 @@ jobs: strategy: fail-fast: false matrix: - language: ['java', 'cpp' ] + language: [ 'java', 'cpp' ] steps: - name: Checkout repository diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-as-pre-commit-hook.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-as-pre-commit-hook.yml index 974f0da6e..21f2555fb 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-as-pre-commit-hook.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-as-pre-commit-hook.yml @@ -2,13 +2,13 @@ repos: - repo: https://github.com/pycqa/pylint rev: pylint-2.6.0 hooks: - - id: pylint - name: pylint - entry: pylint - language: system - types: [python] - args: - [ - "-rn", # Only display messages - "-sn", # Don't display the score - ] \ No newline at end of file + - id: pylint + name: pylint + entry: pylint + language: system + types: [ python ] + args: + [ + "-rn", # Only display messages + "-sn", # Don't display the score + ] \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-no-pylint-hook.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-no-pylint-hook.yml index f3a4235b9..c656bae66 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-no-pylint-hook.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-no-pylint-hook.yml @@ -2,13 +2,13 @@ repos: - repo: https://github.com/pycqa/test rev: test-2.6.0 hooks: - - id: test - name: test - entry: test - language: system - types: [python] - args: - [ - "-rn", # Only display messages - "-sn", # Don't display the score - ] \ No newline at end of file + - id: test + name: test + entry: test + language: system + types: [ python ] + args: + [ + "-rn", # Only display messages + "-sn", # Don't display the score + ] \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-multiple-jobs.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-multiple-jobs.yml index 2b3811b38..2ca71db4b 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-multiple-jobs.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-multiple-jobs.yml @@ -1,7 +1,7 @@ name: "Pylint" on: push: - branches: [master] + branches: [ master ] schedule: - cron: '0 13 * * 3' jobs: @@ -20,6 +20,6 @@ jobs: - run: | python -m pip install --upgrade pip pip install -r requirements.txt - - run: | + - run: | mkdir -p reports pylint -rn -d unused-variable fileName.py \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-no-pylint-run-but-uses-pylint.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-no-pylint-run-but-uses-pylint.yml index ea1721255..119cd0f24 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-no-pylint-run-but-uses-pylint.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-no-pylint-run-but-uses-pylint.yml @@ -1,7 +1,7 @@ name: "Pylint" on: push: - branches: [master] + branches: [ master ] pull_request: branches: [ master ] schedule: @@ -23,5 +23,5 @@ jobs: - run: | python -m pip install --upgrade pip pip install -r requirements.txt - - run: | + - run: | mkdir -p reports \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-no-pylint-run.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-no-pylint-run.yml index a8711da53..ed3a68681 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-no-pylint-run.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-no-pylint-run.yml @@ -1,7 +1,7 @@ name: "Pylint" on: push: - branches: [master] + branches: [ master ] schedule: - cron: '0 13 * * 3' jobs: @@ -21,5 +21,5 @@ jobs: - run: | python -m pip install --upgrade pip pip install -r requirements.txt - - run: | + - run: | mkdir -p reports \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-prospector.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-prospector.yml index 2f70c436c..3cd23675f 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-prospector.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-prospector.yml @@ -1,7 +1,7 @@ repos: -- repo: https://github.com/PyCQA/prospector + - repo: https://github.com/PyCQA/prospector rev: 1.7.5 hooks: - - id: prospector + - id: prospector additional_dependencies: - - ".[with_pylint,with_bandit]" \ No newline at end of file + - ".[with_pylint,with_bandit]" \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-pylint-in-entry.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-pylint-in-entry.yml index 9a9bae3af..e41b8b3b2 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-pylint-in-entry.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-pylint-in-entry.yml @@ -2,13 +2,13 @@ repos: - repo: https://github.com/pycqa/test rev: test-2.6.0 hooks: - - id: test - name: test - entry: pylint - language: system - types: [python] - args: - [ - "-rn", # Only display messages - "-sn", # Don't display the score - ] \ No newline at end of file + - id: test + name: test + entry: pylint + language: system + types: [ python ] + args: + [ + "-rn", # Only display messages + "-sn", # Don't display the score + ] \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-pylint-in-repo.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-pylint-in-repo.yml index 044ea0d4e..ca0473373 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-pylint-in-repo.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-pylint-in-repo.yml @@ -2,13 +2,13 @@ repos: - repo: https://github.com/pycqa/pylint rev: 2.6.0 hooks: - - id: test - name: test - entry: test - language: system - types: [python] - args: - [ - "-rn", # Only display messages - "-sn", # Don't display the score - ] \ No newline at end of file + - id: test + name: test + entry: test + language: system + types: [ python ] + args: + [ + "-rn", # Only display messages + "-sn", # Don't display the score + ] \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-pylint-in-rev.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-pylint-in-rev.yml index e7299ba23..41033c508 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-pylint-in-rev.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-pylint-in-rev.yml @@ -2,13 +2,13 @@ repos: - repo: https://github.com/pycqa/test rev: pylint-2.6.0 hooks: - - id: test - name: test - entry: test - language: system - types: [python] - args: - [ - "-rn", # Only display messages - "-sn", # Don't display the score - ] \ No newline at end of file + - id: test + name: test + entry: test + language: system + types: [ python ] + args: + [ + "-rn", # Only display messages + "-sn", # Don't display the score + ] \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-run.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-run.yml index 9ccaf8934..85e1a936d 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-run.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/data/github/pylint-analysis-with-run.yml @@ -1,9 +1,9 @@ name: "Pylint" on: push: - branches: [master] + branches: [ master ] pull_request: - branches: [master] + branches: [ master ] schedule: - cron: '0 13 * * 3' jobs: diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/maven/PomWithDependencies.xml b/src/test/resources/com/sap/oss/phosphor/fosstars/maven/PomWithDependencies.xml index 1035ea626..851df322e 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/maven/PomWithDependencies.xml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/maven/PomWithDependencies.xml @@ -1,30 +1,30 @@ - - 4.0.0 + 4.0.0 - sample - test - 0.1-SNAPSHOT + sample + test + 0.1-SNAPSHOT - - - test.group - dependency-in-default-section - - - - - - test - + - test.group - dependency-in-profile + test.group + dependency-in-default-section - - - + + + + + test + + + test.group + dependency-in-profile + + + + \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/rating/example/SecurityRatingExampleVerificationTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/rating/example/SecurityRatingExampleVerificationTestVectors.yml index ccf23b618..c7cb293de 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/rating/example/SecurityRatingExampleVerificationTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/rating/example/SecurityRatingExampleVerificationTestVectors.yml @@ -1,25 +1,25 @@ --- - values: - - type: "BooleanValue" - feature: - type: "SecurityReviewDoneExample" - name: "Security review status (example)" - flag: false - - type: "IntegerValue" - feature: - type: "NumberOfContributorsLastMonthExample" - name: "Number of contributors last month (example)" - number: 0 - - type: "BooleanValue" - feature: - type: "StaticCodeAnalysisDoneExample" - name: "Static code analysis status (example)" - flag: false - - type: "IntegerValue" - feature: - type: "NumberOfCommitsLastMonthExample" - name: "Number of commits last month (example)" - number: 0 + - type: "BooleanValue" + feature: + type: "SecurityReviewDoneExample" + name: "Security review status (example)" + flag: false + - type: "IntegerValue" + feature: + type: "NumberOfContributorsLastMonthExample" + name: "Number of contributors last month (example)" + number: 0 + - type: "BooleanValue" + feature: + type: "StaticCodeAnalysisDoneExample" + name: "Static code analysis status (example)" + flag: false + - type: "IntegerValue" + feature: + type: "NumberOfCommitsLastMonthExample" + name: "Number of commits last month (example)" + number: 0 expectedScore: type: "DoubleInterval" from: 0.0 @@ -29,30 +29,30 @@ openRight: false positiveInfinity: false expectedLabel: - - "SecurityRatingExample$SecurityLabelExample" - - "AWFUL" + - "SecurityRatingExample$SecurityLabelExample" + - "AWFUL" alias: "unknown" - values: - - type: "IntegerValue" - feature: - type: "NumberOfCommitsLastMonthExample" - name: "Number of commits last month (example)" - number: 7 - - type: "BooleanValue" - feature: - type: "SecurityReviewDoneExample" - name: "Security review status (example)" - flag: false - - type: "IntegerValue" - feature: - type: "NumberOfContributorsLastMonthExample" - name: "Number of contributors last month (example)" - number: 1 - - type: "BooleanValue" - feature: - type: "StaticCodeAnalysisDoneExample" - name: "Static code analysis status (example)" - flag: true + - type: "IntegerValue" + feature: + type: "NumberOfCommitsLastMonthExample" + name: "Number of commits last month (example)" + number: 7 + - type: "BooleanValue" + feature: + type: "SecurityReviewDoneExample" + name: "Security review status (example)" + flag: false + - type: "IntegerValue" + feature: + type: "NumberOfContributorsLastMonthExample" + name: "Number of contributors last month (example)" + number: 1 + - type: "BooleanValue" + feature: + type: "StaticCodeAnalysisDoneExample" + name: "Static code analysis status (example)" + flag: true expectedScore: type: "DoubleInterval" from: 1.0 @@ -62,30 +62,30 @@ openRight: false positiveInfinity: false expectedLabel: - - "SecurityRatingExample$SecurityLabelExample" - - "OKAY" + - "SecurityRatingExample$SecurityLabelExample" + - "OKAY" alias: "unknown" - values: - - type: "BooleanValue" - feature: - type: "SecurityReviewDoneExample" - name: "Security review status (example)" - flag: false - - type: "BooleanValue" - feature: - type: "StaticCodeAnalysisDoneExample" - name: "Static code analysis status (example)" - flag: false - - type: "IntegerValue" - feature: - type: "NumberOfCommitsLastMonthExample" - name: "Number of commits last month (example)" - number: 100 - - type: "IntegerValue" - feature: - type: "NumberOfContributorsLastMonthExample" - name: "Number of contributors last month (example)" - number: 20 + - type: "BooleanValue" + feature: + type: "SecurityReviewDoneExample" + name: "Security review status (example)" + flag: false + - type: "BooleanValue" + feature: + type: "StaticCodeAnalysisDoneExample" + name: "Static code analysis status (example)" + flag: false + - type: "IntegerValue" + feature: + type: "NumberOfCommitsLastMonthExample" + name: "Number of commits last month (example)" + number: 100 + - type: "IntegerValue" + feature: + type: "NumberOfContributorsLastMonthExample" + name: "Number of contributors last month (example)" + number: 20 expectedScore: type: "DoubleInterval" from: 1.0 @@ -95,30 +95,30 @@ openRight: false positiveInfinity: false expectedLabel: - - "SecurityRatingExample$SecurityLabelExample" - - "OKAY" + - "SecurityRatingExample$SecurityLabelExample" + - "OKAY" alias: "unknown" - values: - - type: "BooleanValue" - feature: - type: "StaticCodeAnalysisDoneExample" - name: "Static code analysis status (example)" - flag: false - - type: "IntegerValue" - feature: - type: "NumberOfCommitsLastMonthExample" - name: "Number of commits last month (example)" - number: 100 - - type: "BooleanValue" - feature: - type: "SecurityReviewDoneExample" - name: "Security review status (example)" - flag: true - - type: "IntegerValue" - feature: - type: "NumberOfContributorsLastMonthExample" - name: "Number of contributors last month (example)" - number: 20 + - type: "BooleanValue" + feature: + type: "StaticCodeAnalysisDoneExample" + name: "Static code analysis status (example)" + flag: false + - type: "IntegerValue" + feature: + type: "NumberOfCommitsLastMonthExample" + name: "Number of commits last month (example)" + number: 100 + - type: "BooleanValue" + feature: + type: "SecurityReviewDoneExample" + name: "Security review status (example)" + flag: true + - type: "IntegerValue" + feature: + type: "NumberOfContributorsLastMonthExample" + name: "Number of contributors last month (example)" + number: 20 expectedScore: type: "DoubleInterval" from: 5.0 @@ -128,30 +128,30 @@ openRight: false positiveInfinity: false expectedLabel: - - "SecurityRatingExample$SecurityLabelExample" - - "OKAY" + - "SecurityRatingExample$SecurityLabelExample" + - "OKAY" alias: "unknown" - values: - - type: "BooleanValue" - feature: - type: "SecurityReviewDoneExample" - name: "Security review status (example)" - flag: false - - type: "IntegerValue" - feature: - type: "NumberOfCommitsLastMonthExample" - name: "Number of commits last month (example)" - number: 100 - - type: "BooleanValue" - feature: - type: "StaticCodeAnalysisDoneExample" - name: "Static code analysis status (example)" - flag: true - - type: "IntegerValue" - feature: - type: "NumberOfContributorsLastMonthExample" - name: "Number of contributors last month (example)" - number: 20 + - type: "BooleanValue" + feature: + type: "SecurityReviewDoneExample" + name: "Security review status (example)" + flag: false + - type: "IntegerValue" + feature: + type: "NumberOfCommitsLastMonthExample" + name: "Number of commits last month (example)" + number: 100 + - type: "BooleanValue" + feature: + type: "StaticCodeAnalysisDoneExample" + name: "Static code analysis status (example)" + flag: true + - type: "IntegerValue" + feature: + type: "NumberOfContributorsLastMonthExample" + name: "Number of contributors last month (example)" + number: 20 expectedScore: type: "DoubleInterval" from: 5.0 @@ -161,30 +161,30 @@ openRight: false positiveInfinity: false expectedLabel: - - "SecurityRatingExample$SecurityLabelExample" - - "OKAY" + - "SecurityRatingExample$SecurityLabelExample" + - "OKAY" alias: "unknown" - values: - - type: "IntegerValue" - feature: - type: "NumberOfCommitsLastMonthExample" - name: "Number of commits last month (example)" - number: 100 - - type: "BooleanValue" - feature: - type: "SecurityReviewDoneExample" - name: "Security review status (example)" - flag: true - - type: "BooleanValue" - feature: - type: "StaticCodeAnalysisDoneExample" - name: "Static code analysis status (example)" - flag: true - - type: "IntegerValue" - feature: - type: "NumberOfContributorsLastMonthExample" - name: "Number of contributors last month (example)" - number: 20 + - type: "IntegerValue" + feature: + type: "NumberOfCommitsLastMonthExample" + name: "Number of commits last month (example)" + number: 100 + - type: "BooleanValue" + feature: + type: "SecurityReviewDoneExample" + name: "Security review status (example)" + flag: true + - type: "BooleanValue" + feature: + type: "StaticCodeAnalysisDoneExample" + name: "Static code analysis status (example)" + flag: true + - type: "IntegerValue" + feature: + type: "NumberOfContributorsLastMonthExample" + name: "Number of contributors last month (example)" + number: 20 expectedScore: type: "DoubleInterval" from: 9.0 @@ -194,6 +194,6 @@ openRight: false positiveInfinity: false expectedLabel: - - "SecurityRatingExample$SecurityLabelExample" - - "AWESOME" + - "SecurityRatingExample$SecurityLabelExample" + - "AWESOME" alias: "unknown" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/rating/oss/OssArtifactSecurityRatingTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/rating/oss/OssArtifactSecurityRatingTestVectors.yml index 415bdbfdc..eb3957b11 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/rating/oss/OssArtifactSecurityRatingTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/rating/oss/OssArtifactSecurityRatingTestVectors.yml @@ -245,7 +245,7 @@ defaults: feature: type: "SecurityReviewsFeature" name: "Security reviews for a project" - reviews: [] + reviews: [ ] - type: "IntegerValue" feature: type: "PositiveIntegerFeature" @@ -261,12 +261,12 @@ defaults: type: "VulnerabilitiesFeature" name: "Info about vulnerabilities in open-source project" vulnerabilities: - entries: + entries: - id: "VULN-123-1" cvss: type: "CVSS$V3" value: 9.0 - references: [] + references: [ ] resolution: "PATCHED" introduced: "2019-01-01" fixed: "2019-01-03" @@ -278,7 +278,7 @@ defaults: cvss: type: "CVSS$V3" value: 9.0 - references: [] + references: [ ] resolution: "PATCHED" introduced: "2019-01-01" fixed: "2019-01-03" @@ -290,7 +290,7 @@ defaults: cvss: type: "CVSS$V3" value: 7.0 - references: [] + references: [ ] resolution: "PATCHED" introduced: "2018-11-28" fixed: "2018-12-02" @@ -302,7 +302,7 @@ defaults: cvss: type: "CVSS$V3" value: 9.0 - references: [] + references: [ ] resolution: "UNPATCHED" introduced: "2019-01-01" published: "2019-01-03" @@ -422,7 +422,7 @@ elements: expectedUnknownScore: true alias: "all_unknown" -# Next: Good project security, good artifact security + # Next: Good project security, good artifact security - type: "StandardTestVector" values: - type: "VulnerabilitiesValue" @@ -435,7 +435,7 @@ elements: cvss: type: "CVSS$V3" value: 9.0 - references: [] + references: [ ] resolution: "PATCHED" introduced: "2019-01-01" fixed: "2019-01-03" @@ -469,7 +469,7 @@ elements: - "GOOD" alias: "all_good_default" -# Test vectors for: GOOD project security, BAD artifact security + # Test vectors for: GOOD project security, BAD artifact security - type: "StandardTestVector" values: - type: "VulnerabilitiesValue" @@ -482,7 +482,7 @@ elements: cvss: type: "CVSS$V3" value: 9.0 - references: [] + references: [ ] resolution: "PATCHED" introduced: "2019-01-01" fixed: "2019-01-03" @@ -494,7 +494,7 @@ elements: cvss: type: "CVSS$V3" value: 7.0 - references: [] + references: [ ] resolution: "PATCHED" introduced: "2018-11-28" fixed: "2018-12-02" @@ -515,7 +515,7 @@ elements: - "BAD" alias: "good_project_bad_artifact" -# Test vectors for: GOOD project security, UNKNOWN artifact security + # Test vectors for: GOOD project security, UNKNOWN artifact security - type: "StandardTestVector" values: - type: "ArtifactVersionValue" @@ -536,7 +536,7 @@ elements: cvss: type: "CVSS$V3" value: 9.0 - references: [] + references: [ ] resolution: "PATCHED" introduced: "2019-01-01" fixed: "2019-01-03" @@ -548,7 +548,7 @@ elements: cvss: type: "CVSS$V3" value: 7.0 - references: [] + references: [ ] resolution: "PATCHED" introduced: "2018-11-28" fixed: "2018-12-02" @@ -568,7 +568,7 @@ elements: expectedUnknownScore: true alias: "project_good_artifact_unknown" -# Test vectors for: MODERATE project security, GOOD artifact security + # Test vectors for: MODERATE project security, GOOD artifact security - type: "StandardTestVector" values: - type: "BooleanValue" @@ -611,7 +611,7 @@ elements: cvss: type: "CVSS$V3" value: 9.0 - references: [] + references: [ ] resolution: "PATCHED" introduced: "2020-01-01" fixed: "2020-01-03" @@ -698,7 +698,7 @@ elements: cvss: type: "CVSS$V3" value: 9.0 - references: [] + references: [ ] resolution: "UNPATCHED" introduced: "2019-01-01" published: "2019-01-03" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/rating/oss/OssSecurityRatingTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/rating/oss/OssSecurityRatingTestVectors.yml index 2b5cf0525..fdb6f56a5 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/rating/oss/OssSecurityRatingTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/rating/oss/OssSecurityRatingTestVectors.yml @@ -2,650 +2,650 @@ # default values for test vectors defaults: -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Dependabot" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Snyk" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - flag: false -- type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: - packageManagers: - - "MAVEN" -- type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "JAVA" -- type: "OwaspDependencyCheckUsageValue" - feature: - type: "OwaspDependencyCheckUsageFeature" - name: "How OWASP Dependency Check is used" - value: "NOT_USED" -- type: "OwaspDependencyCheckCvssThresholdValue" - feature: - type: "OwaspDependencyCheckCvssThreshold" - name: "A CVSS threshold for OWASP Dependency Check to fail the build" - number: 10.0 - specified: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses FindSecBugs" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses MemorySanitizer" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses UndefinedBehaviorSanitizer" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses AddressSanitizer" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is included to OSS-Fuzz project" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has a bug bounty program" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project signs artifacts" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses OWASP Enterprise Security API (ESAPI)" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses OWASP Java HTML Sanitizer" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses OWASP Java Encoder" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL scans" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL checks for commits" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs Bandit scans" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs Bandit scan checks for commits" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs GoSec scans" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs GoSec scans with rules" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs GoSec scan checks for commits" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has executable binaries" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs Mypy scans" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs Mypy scan checks for commits" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs Pylint scans" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs Pylint scan checks for commits" - flag: false -- type: "SecurityReviewsValue" - feature: - type: "SecurityReviewsFeature" - name: "Security reviews for a project" - reviews: [] -- type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of projects on GitHub that use an open source project" - number: 5 - -# test vectors -elements: -- type: "StandardTestVector" - values: - - type: "UnknownValue" + - type: "BooleanValue" feature: type: "BooleanFeature" name: "If a project uses Dependabot" - - type: "UnknownValue" + flag: false + - type: "BooleanValue" feature: type: "BooleanFeature" name: "If a project uses Snyk" - - type: "UnknownValue" + flag: false + - type: "BooleanValue" feature: type: "BooleanFeature" name: "If a project uses GitHub as the main development platform" - - type: "UnknownValue" + flag: false + - type: "PackageManagersValue" feature: type: "PackageManagersFeature" name: "A set of package managers" - - type: "UnknownValue" + packageManagers: + packageManagers: + - "MAVEN" + - type: "LanguagesValue" feature: type: "LanguagesFeature" name: "A set of programming languages" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Eclipse Foundation" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses signed commits" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security team" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses LGTM checks for commits" - - type: "UnknownValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of watchers for a GitHub repository" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security policy" - - type: "UnknownValue" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - - type: "UnknownValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of projects on GitHub that use an open source project" - - type: "UnknownValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of stars for a GitHub repository" - - type: "UnknownValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of contributors in the last three months" - - type: "UnknownValue" - feature: - type: "LgtmGradeFeature" - name: "The worst LGTM grade of a project" - - type: "UnknownValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of commits in the last three months" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Apache Foundation" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is supported by a company" - - type: "UnknownValue" + languages: + elements: + - "JAVA" + - type: "OwaspDependencyCheckUsageValue" feature: - type: "BooleanFeature" - name: "If a project uses nohttp tool" - - type: "UnknownValue" + type: "OwaspDependencyCheckUsageFeature" + name: "How OWASP Dependency Check is used" + value: "NOT_USED" + - type: "OwaspDependencyCheckCvssThresholdValue" feature: - type: "PackageManagersFeature" - name: "A set of package managers" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedLabel: - - "OssSecurityRating$SecurityLabel" - - "UNCLEAR" - alias: "all_unknown" - -# -- type: "StandardTestVector" - values: + type: "OwaspDependencyCheckCvssThreshold" + name: "A CVSS threshold for OWASP Dependency Check to fail the build" + number: 10.0 + specified: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project uses signed commits" + name: "If an open-source project uses FindSecBugs" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If an open-source project belongs to Apache Foundation" + name: "If an open-source project uses MemorySanitizer" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If an open-source project has a security team" + name: "If an open-source project uses UndefinedBehaviorSanitizer" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project uses LGTM checks for commits" + name: "If an open-source project uses AddressSanitizer" flag: false - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of watchers for a GitHub repository" - number: 0 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of stars for a GitHub repository" - number: 2 - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If an open-source project is supported by a company" + name: "If an open-source project is included to OSS-Fuzz project" flag: false - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "VULN-134-12" - cvss: - type: "CVSS$V3" - value: 9.5 - references: [] - resolution: "UNPATCHED" - introduced: null - fixed: null - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of contributors in the last three months" - number: 1 - - type: "UnknownValue" - feature: - type: "LgtmGradeFeature" - name: "The worst LGTM grade of a project" - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If an open-source project belongs to Eclipse Foundation" + name: "If a project has a bug bounty program" flag: false - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of commits in the last three months" - number: 5 - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If an open-source project has a security policy" + name: "If a project signs artifacts" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project uses nohttp tool" - flag: true - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: - packageManagers: - - "MAVEN" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 2.0 - openRight: false - positiveInfinity: false - expectedLabel: - - "OssSecurityRating$SecurityLabel" - - "BAD" - alias: "bad" - -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security policy" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Apache Foundation" + name: "If a project uses OWASP Enterprise Security API (ESAPI)" flag: false - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of watchers for a GitHub repository" - number: 5000 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of contributors in the last three months" - number: 50 - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project uses LGTM checks for commits" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security team" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is supported by a company" - flag: true - - type: "LgtmGradeValue" - feature: - type: "LgtmGradeFeature" - name: "The worst LGTM grade of a project" - value: "A+" - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of stars for a GitHub repository" - number: 15000 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of commits in the last three months" - number: 1000 - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "VULN-123-1" - cvss: - type: "CVSS$V3" - value: 9.0 - references: [] - resolution: "PATCHED" - introduced: "2019-01-01" - fixed: "2019-01-03" - - id: "VULN-124-2" - cvss: - type: "CVSS$V3" - value: 7.0 - references: [] - resolution: "PATCHED" - introduced: "2018-11-28" - fixed: "2018-12-02" - - id: "VULN-125-3" - cvss: - type: "CVSS$V3" - value: 3.0 - references: [] - resolution: "PATCHED" - introduced: "2017-07-04" - fixed: "2017-07-08" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Eclipse Foundation" + name: "If a project uses OWASP Java HTML Sanitizer" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project uses signed commits" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses nohttp tool" + name: "If a project uses OWASP Java Encoder" flag: false - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: - packageManagers: - - "GRADLE" - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "JAVA" - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If an open-source project uses FindSecBugs" - flag: true + name: "If a project runs CodeQL scans" + flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project uses OWASP Java Encoder" - flag: true - - type: "OwaspDependencyCheckUsageValue" - feature: - type: "OwaspDependencyCheckUsageFeature" - name: "How OWASP Dependency Check is used" - value: "MANDATORY" - - type: "OwaspDependencyCheckCvssThresholdValue" - feature: - type: "OwaspDependencyCheckCvssThreshold" - name: "A CVSS threshold for OWASP Dependency Check to fail the build" - number: 7.0 - specified: false - expectedScore: - type: "DoubleInterval" - from: 6.5 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: - - "OssSecurityRating$SecurityLabel" - - "GOOD" - alias: "good" - -- type: "StandardTestVector" - values: + name: "If a project runs CodeQL checks for commits" + flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If an open-source project has a security policy" + name: "If a project runs Bandit scans" flag: false - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of watchers for a GitHub repository" - number: 50 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of contributors in the last three months" - number: 3 - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project uses LGTM checks for commits" - flag: true + name: "If a project runs Bandit scan checks for commits" + flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If an open-source project has a security team" - flag: true + name: "If a project runs GoSec scans" + flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If an open-source project is supported by a company" - flag: true - - type: "LgtmGradeValue" - feature: - type: "LgtmGradeFeature" - name: "The worst LGTM grade of a project" - value: "A" - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of stars for a GitHub repository" - number: 1000 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of commits in the last three months" - number: 30 - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "VULN-123-1" - cvss: - type: "CVSS$V3" - value: 9.0 - references: [] - resolution: "PATCHED" - introduced: "2019-01-01" - fixed: "2019-01-03" - - id: "VULN-124-2" - cvss: - type: "CVSS$V3" - value: 7.0 - references: [] - resolution: "PATCHED" - introduced: "2018-11-28" - fixed: "2018-12-02" - - id: "VULN-125-3" - cvss: - type: "CVSS$V3" - value: 3.0 - references: [] - resolution: "PATCHED" - introduced: "2017-07-04" - fixed: "2017-07-08" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" + name: "If a project runs GoSec scans with rules" + flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If an open-source project belongs to Eclipse Foundation" + name: "If a project runs GoSec scan checks for commits" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project uses signed commits" + name: "If a project has executable binaries" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If an open-source project belongs to Apache Foundation" - flag: true + name: "If a project runs Mypy scans" + flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project uses nohttp tool" - flag: true - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: - packageManagers: - - "MAVEN" + name: "If a project runs Mypy scan checks for commits" + flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project runs CodeQL checks for commits" - flag: true + name: "If a project runs Pylint scans" + flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project runs CodeQL scans" - flag: true + name: "If a project runs Pylint scan checks for commits" + flag: false - type: "SecurityReviewsValue" feature: type: "SecurityReviewsFeature" name: "Security reviews for a project" - reviews: - - subject: - type: "GitHubProject" - name: "test" - url: "https://github.com/org/test" - organization: - type: "GitHubOrganization" - name: "org" - date: "2020-01-02" - expectedScore: - type: "DoubleInterval" - from: 3.5 - openLeft: false - negativeInfinity: false - to: 5.5 - openRight: false - positiveInfinity: false - expectedLabel: - - "OssSecurityRating$SecurityLabel" - - "MODERATE" - alias: "moderate" + reviews: [ ] + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of projects on GitHub that use an open source project" + number: 5 + +# test vectors +elements: + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses Dependabot" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses Snyk" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + - type: "UnknownValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + - type: "UnknownValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Eclipse Foundation" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses LGTM checks for commits" + - type: "UnknownValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of watchers for a GitHub repository" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + - type: "UnknownValue" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + - type: "UnknownValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of projects on GitHub that use an open source project" + - type: "UnknownValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of stars for a GitHub repository" + - type: "UnknownValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of contributors in the last three months" + - type: "UnknownValue" + feature: + type: "LgtmGradeFeature" + name: "The worst LGTM grade of a project" + - type: "UnknownValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of commits in the last three months" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Apache Foundation" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is supported by a company" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses nohttp tool" + - type: "UnknownValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedLabel: + - "OssSecurityRating$SecurityLabel" + - "UNCLEAR" + alias: "all_unknown" + + # + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Apache Foundation" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses LGTM checks for commits" + flag: false + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of watchers for a GitHub repository" + number: 0 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of stars for a GitHub repository" + number: 2 + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is supported by a company" + flag: false + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "VULN-134-12" + cvss: + type: "CVSS$V3" + value: 9.5 + references: [ ] + resolution: "UNPATCHED" + introduced: null + fixed: null + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of contributors in the last three months" + number: 1 + - type: "UnknownValue" + feature: + type: "LgtmGradeFeature" + name: "The worst LGTM grade of a project" + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Eclipse Foundation" + flag: false + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of commits in the last three months" + number: 5 + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses nohttp tool" + flag: true + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + packageManagers: + packageManagers: + - "MAVEN" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 2.0 + openRight: false + positiveInfinity: false + expectedLabel: + - "OssSecurityRating$SecurityLabel" + - "BAD" + alias: "bad" + + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Apache Foundation" + flag: false + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of watchers for a GitHub repository" + number: 5000 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of contributors in the last three months" + number: 50 + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses LGTM checks for commits" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is supported by a company" + flag: true + - type: "LgtmGradeValue" + feature: + type: "LgtmGradeFeature" + name: "The worst LGTM grade of a project" + value: "A+" + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of stars for a GitHub repository" + number: 15000 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of commits in the last three months" + number: 1000 + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "VULN-123-1" + cvss: + type: "CVSS$V3" + value: 9.0 + references: [ ] + resolution: "PATCHED" + introduced: "2019-01-01" + fixed: "2019-01-03" + - id: "VULN-124-2" + cvss: + type: "CVSS$V3" + value: 7.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-11-28" + fixed: "2018-12-02" + - id: "VULN-125-3" + cvss: + type: "CVSS$V3" + value: 3.0 + references: [ ] + resolution: "PATCHED" + introduced: "2017-07-04" + fixed: "2017-07-08" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Eclipse Foundation" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses nohttp tool" + flag: false + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + packageManagers: + packageManagers: + - "GRADLE" + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "JAVA" + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses FindSecBugs" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses OWASP Java Encoder" + flag: true + - type: "OwaspDependencyCheckUsageValue" + feature: + type: "OwaspDependencyCheckUsageFeature" + name: "How OWASP Dependency Check is used" + value: "MANDATORY" + - type: "OwaspDependencyCheckCvssThresholdValue" + feature: + type: "OwaspDependencyCheckCvssThreshold" + name: "A CVSS threshold for OWASP Dependency Check to fail the build" + number: 7.0 + specified: false + expectedScore: + type: "DoubleInterval" + from: 6.5 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: + - "OssSecurityRating$SecurityLabel" + - "GOOD" + alias: "good" + + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: false + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of watchers for a GitHub repository" + number: 50 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of contributors in the last three months" + number: 3 + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses LGTM checks for commits" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is supported by a company" + flag: true + - type: "LgtmGradeValue" + feature: + type: "LgtmGradeFeature" + name: "The worst LGTM grade of a project" + value: "A" + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of stars for a GitHub repository" + number: 1000 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of commits in the last three months" + number: 30 + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "VULN-123-1" + cvss: + type: "CVSS$V3" + value: 9.0 + references: [ ] + resolution: "PATCHED" + introduced: "2019-01-01" + fixed: "2019-01-03" + - id: "VULN-124-2" + cvss: + type: "CVSS$V3" + value: 7.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-11-28" + fixed: "2018-12-02" + - id: "VULN-125-3" + cvss: + type: "CVSS$V3" + value: 3.0 + references: [ ] + resolution: "PATCHED" + introduced: "2017-07-04" + fixed: "2017-07-08" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Eclipse Foundation" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Apache Foundation" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses nohttp tool" + flag: true + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + packageManagers: + packageManagers: + - "MAVEN" + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL checks for commits" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL scans" + flag: true + - type: "SecurityReviewsValue" + feature: + type: "SecurityReviewsFeature" + name: "Security reviews for a project" + reviews: + - subject: + type: "GitHubProject" + name: "test" + url: "https://github.com/org/test" + organization: + type: "GitHubOrganization" + name: "org" + date: "2020-01-02" + expectedScore: + type: "DoubleInterval" + from: 3.5 + openLeft: false + negativeInfinity: false + to: 5.5 + openRight: false + positiveInfinity: false + expectedLabel: + - "OssSecurityRating$SecurityLabel" + - "MODERATE" + alias: "moderate" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/CodeqlScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/CodeqlScoreTestVectors.yml index 49b772cc8..5405dccb2 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/CodeqlScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/CodeqlScoreTestVectors.yml @@ -1,153 +1,153 @@ --- defaults: -- type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "JAVA" -elements: -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL checks for commits" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL scans" - - type: "UnknownValue" + - type: "LanguagesValue" feature: type: "LanguagesFeature" name: "A set of programming languages" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - expectedUnknownScore: true - alias: "all_unknown" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL checks for commits" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL scans" - flag: false - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_1" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL checks for commits" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL scans" - flag: false - expectedScore: - type: "DoubleInterval" - from: 6.0 - openLeft: false - negativeInfinity: false - to: 8.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_2" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL checks for commits" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL scans" - flag: true - expectedScore: - type: "DoubleInterval" - from: 4.0 - openLeft: false - negativeInfinity: false - to: 6.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_3" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL checks for commits" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL scans" - flag: true - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_4" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL checks for commits" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL scans" - flag: false - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "OTHER" - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - expectedNotApplicableScore: true - alias: "test_vector_5" + languages: + elements: + - "JAVA" +elements: + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL checks for commits" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL scans" + - type: "UnknownValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + expectedUnknownScore: true + alias: "all_unknown" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL checks for commits" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL scans" + flag: false + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_1" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL checks for commits" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL scans" + flag: false + expectedScore: + type: "DoubleInterval" + from: 6.0 + openLeft: false + negativeInfinity: false + to: 8.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_2" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL checks for commits" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL scans" + flag: true + expectedScore: + type: "DoubleInterval" + from: 4.0 + openLeft: false + negativeInfinity: false + to: 6.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_3" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL checks for commits" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL scans" + flag: true + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_4" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL checks for commits" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL scans" + flag: false + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "OTHER" + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + expectedNotApplicableScore: true + alias: "test_vector_5" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/CommunityCommitmentScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/CommunityCommitmentScoreTestVectors.yml index 3018d8b0a..2608c2a52 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/CommunityCommitmentScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/CommunityCommitmentScoreTestVectors.yml @@ -1,190 +1,190 @@ --- -defaults: [] +defaults: [ ] elements: -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Eclipse Foundation" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Apache Foundation" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is supported by a company" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedUnknownScore: true - expectedLabel: null - alias: "all_unknown" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is supported by a company" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Apache Foundation" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Eclipse Foundation" - flag: false - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_1" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is supported by a company" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Eclipse Foundation" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Apache Foundation" - flag: true - expectedScore: - type: "DoubleInterval" - from: 5.0 - openLeft: false - negativeInfinity: false - to: 9.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_2" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Eclipse Foundation" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is supported by a company" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Apache Foundation" - flag: false - expectedScore: - type: "DoubleInterval" - from: 5.0 - openLeft: false - negativeInfinity: false - to: 9.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_3" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Apache Foundation" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is supported by a company" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Eclipse Foundation" - flag: false - expectedScore: - type: "DoubleInterval" - from: 6.0 - openLeft: false - negativeInfinity: false - to: 9.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_4" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is supported by a company" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Eclipse Foundation" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Apache Foundation" - flag: true - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_5" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Eclipse Foundation" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project belongs to Apache Foundation" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is supported by a company" - flag: true - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_6" + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Eclipse Foundation" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Apache Foundation" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is supported by a company" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedUnknownScore: true + expectedLabel: null + alias: "all_unknown" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is supported by a company" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Apache Foundation" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Eclipse Foundation" + flag: false + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_1" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is supported by a company" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Eclipse Foundation" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Apache Foundation" + flag: true + expectedScore: + type: "DoubleInterval" + from: 5.0 + openLeft: false + negativeInfinity: false + to: 9.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_2" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Eclipse Foundation" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is supported by a company" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Apache Foundation" + flag: false + expectedScore: + type: "DoubleInterval" + from: 5.0 + openLeft: false + negativeInfinity: false + to: 9.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_3" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Apache Foundation" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is supported by a company" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Eclipse Foundation" + flag: false + expectedScore: + type: "DoubleInterval" + from: 6.0 + openLeft: false + negativeInfinity: false + to: 9.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_4" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is supported by a company" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Eclipse Foundation" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Apache Foundation" + flag: true + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_5" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Eclipse Foundation" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project belongs to Apache Foundation" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is supported by a company" + flag: true + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_6" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/DependabotScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/DependabotScoreTestVectors.yml index b574d2ee6..90718c61a 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/DependabotScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/DependabotScoreTestVectors.yml @@ -1,152 +1,152 @@ --- # default values for test vectors -defaults: [] +defaults: [ ] # test vectors elements: -# all unknown -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses Dependabot" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - - type: "UnknownValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - - type: "UnknownValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedUnknownScore: true - expectedLabel: null - alias: "all_unknown" + # all unknown + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses Dependabot" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + - type: "UnknownValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + - type: "UnknownValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedUnknownScore: true + expectedLabel: null + alias: "all_unknown" -# very bad project -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Dependabot" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - flag: false - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: - packageManagers: - - "OTHER" - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "OTHER" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "very_bad" + # very bad project + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses Dependabot" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + flag: false + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + packageManagers: + packageManagers: + - "OTHER" + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "OTHER" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "very_bad" - # okay project -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Dependabot" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - flag: true - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: + # okay project + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses Dependabot" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + flag: true + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" packageManagers: - - "MAVEN" - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "JAVA" - expectedScore: - type: "DoubleInterval" - from: 5.0 - openLeft: false - negativeInfinity: false - to: 8.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "okay" + packageManagers: + - "MAVEN" + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "JAVA" + expectedScore: + type: "DoubleInterval" + from: 5.0 + openLeft: false + negativeInfinity: false + to: 8.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "okay" -# very good project -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Dependabot" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - flag: true - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: - packageManagers: - - "MAVEN" - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "JAVA" - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "very_good" + # very good project + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses Dependabot" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + flag: true + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + packageManagers: + packageManagers: + - "MAVEN" + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "JAVA" + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "very_good" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/DependencyScanScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/DependencyScanScoreTestVectors.yml index f3cb02c22..1927f3d23 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/DependencyScanScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/DependencyScanScoreTestVectors.yml @@ -2,252 +2,252 @@ # default values for test vectors defaults: -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Snyk" - flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses Snyk" + flag: false # test vectors elements: -# all unknown -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "OwaspDependencyCheckUsageFeature" - name: "How OWASP Dependency Check is used" - - type: "UnknownValue" - feature: - type: "OwaspDependencyCheckCvssThreshold" - name: "A CVSS threshold for OWASP Dependency Check to fail the build" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses Dependabot" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses Snyk" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - - type: "UnknownValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - - type: "UnknownValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedUnknownScore: true - expectedLabel: null - alias: "all_unknown" + # all unknown + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "OwaspDependencyCheckUsageFeature" + name: "How OWASP Dependency Check is used" + - type: "UnknownValue" + feature: + type: "OwaspDependencyCheckCvssThreshold" + name: "A CVSS threshold for OWASP Dependency Check to fail the build" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses Dependabot" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses Snyk" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + - type: "UnknownValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + - type: "UnknownValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedUnknownScore: true + expectedLabel: null + alias: "all_unknown" -# very bad project -- type: "StandardTestVector" - values: - - type: "OwaspDependencyCheckUsageValue" - feature: - type: "OwaspDependencyCheckUsageFeature" - name: "How OWASP Dependency Check is used" - value: "NOT_USED" - - type: "OwaspDependencyCheckCvssThresholdValue" - feature: - type: "OwaspDependencyCheckCvssThreshold" - name: "A CVSS threshold for OWASP Dependency Check to fail the build" - number: 10.0 - specified: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Dependabot" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - flag: false - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: - packageManagers: - - "OTHER" - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "OTHER" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "very_bad" + # very bad project + - type: "StandardTestVector" + values: + - type: "OwaspDependencyCheckUsageValue" + feature: + type: "OwaspDependencyCheckUsageFeature" + name: "How OWASP Dependency Check is used" + value: "NOT_USED" + - type: "OwaspDependencyCheckCvssThresholdValue" + feature: + type: "OwaspDependencyCheckCvssThreshold" + name: "A CVSS threshold for OWASP Dependency Check to fail the build" + number: 10.0 + specified: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses Dependabot" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + flag: false + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + packageManagers: + packageManagers: + - "OTHER" + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "OTHER" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "very_bad" -# okay project -- type: "StandardTestVector" - values: - - type: "OwaspDependencyCheckUsageValue" - feature: - type: "OwaspDependencyCheckUsageFeature" - name: "How OWASP Dependency Check is used" - value: "NOT_USED" - - type: "OwaspDependencyCheckCvssThresholdValue" - feature: - type: "OwaspDependencyCheckCvssThreshold" - name: "A CVSS threshold for OWASP Dependency Check to fail the build" - number: 10.0 - specified: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Dependabot" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - flag: true - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: + # okay project + - type: "StandardTestVector" + values: + - type: "OwaspDependencyCheckUsageValue" + feature: + type: "OwaspDependencyCheckUsageFeature" + name: "How OWASP Dependency Check is used" + value: "NOT_USED" + - type: "OwaspDependencyCheckCvssThresholdValue" + feature: + type: "OwaspDependencyCheckCvssThreshold" + name: "A CVSS threshold for OWASP Dependency Check to fail the build" + number: 10.0 + specified: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses Dependabot" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + flag: true + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" packageManagers: - - "MAVEN" - - "GOMODULES" - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "JAVA" - - "GO" - expectedScore: - type: "DoubleInterval" - from: 8.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "okay" + packageManagers: + - "MAVEN" + - "GOMODULES" + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "JAVA" + - "GO" + expectedScore: + type: "DoubleInterval" + from: 8.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "okay" -# very good project with owasp dependency check -- type: "StandardTestVector" - values: - - type: "OwaspDependencyCheckUsageValue" - feature: - type: "OwaspDependencyCheckUsageFeature" - name: "How OWASP Dependency Check is used" - value: "MANDATORY" - - type: "OwaspDependencyCheckCvssThresholdValue" - feature: - type: "OwaspDependencyCheckCvssThreshold" - name: "A CVSS threshold for OWASP Dependency Check to fail the build" - number: 3.0 - specified: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Dependabot" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - flag: true - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: - packageManagers: - - "MAVEN" - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "JAVA" - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "very_good_owasp" + # very good project with owasp dependency check + - type: "StandardTestVector" + values: + - type: "OwaspDependencyCheckUsageValue" + feature: + type: "OwaspDependencyCheckUsageFeature" + name: "How OWASP Dependency Check is used" + value: "MANDATORY" + - type: "OwaspDependencyCheckCvssThresholdValue" + feature: + type: "OwaspDependencyCheckCvssThreshold" + name: "A CVSS threshold for OWASP Dependency Check to fail the build" + number: 3.0 + specified: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses Dependabot" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + flag: true + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + packageManagers: + packageManagers: + - "MAVEN" + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "JAVA" + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "very_good_owasp" -# very good project with dependabot -- type: "StandardTestVector" - values: - - type: "OwaspDependencyCheckUsageValue" - feature: - type: "OwaspDependencyCheckUsageFeature" - name: "How OWASP Dependency Check is used" - value: "NOT_USED" - - type: "OwaspDependencyCheckCvssThresholdValue" - feature: - type: "OwaspDependencyCheckCvssThreshold" - name: "A CVSS threshold for OWASP Dependency Check to fail the build" - number: 10.0 - specified: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Dependabot" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - flag: true - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: + # very good project with dependabot + - type: "StandardTestVector" + values: + - type: "OwaspDependencyCheckUsageValue" + feature: + type: "OwaspDependencyCheckUsageFeature" + name: "How OWASP Dependency Check is used" + value: "NOT_USED" + - type: "OwaspDependencyCheckCvssThresholdValue" + feature: + type: "OwaspDependencyCheckCvssThreshold" + name: "A CVSS threshold for OWASP Dependency Check to fail the build" + number: 10.0 + specified: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses Dependabot" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + flag: true + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" packageManagers: - - "MAVEN" - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "JAVA" - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "very_good_dependabot" + packageManagers: + - "MAVEN" + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "JAVA" + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "very_good_dependabot" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/FindSecBugsScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/FindSecBugsScoreTestVectors.yml index 3376f2ee9..22d5fd971 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/FindSecBugsScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/FindSecBugsScoreTestVectors.yml @@ -1,5 +1,5 @@ --- -defaults: [] +defaults: [ ] elements: - type: "StandardTestVector" values: diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/FuzzingScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/FuzzingScoreTestVectors.yml index 61d7ec4f3..fd58ce069 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/FuzzingScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/FuzzingScoreTestVectors.yml @@ -1,222 +1,222 @@ --- -defaults: [] +defaults: [ ] elements: -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is included to OSS-Fuzz project" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedUnknownScore: true - expectedLabel: null - alias: "all_unknown" + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is included to OSS-Fuzz project" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedUnknownScore: true + expectedLabel: null + alias: "all_unknown" -- type: "StandardTestVector" - values: - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "JAVA" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is included to OSS-Fuzz project" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedLabel: null - expectedNotApplicableScore: true - alias: "java" + - type: "StandardTestVector" + values: + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "JAVA" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is included to OSS-Fuzz project" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedLabel: null + expectedNotApplicableScore: true + alias: "java" -- type: "StandardTestVector" - values: - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "PYTHON" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is included to OSS-Fuzz project" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedLabel: null - expectedNotApplicableScore: true - alias: "python" + - type: "StandardTestVector" + values: + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "PYTHON" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is included to OSS-Fuzz project" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedLabel: null + expectedNotApplicableScore: true + alias: "python" -- type: "StandardTestVector" - values: - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "CPP" - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is included to OSS-Fuzz project" - flag: false - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "cpp_not_fuzzed_in_oss_fuzz" + - type: "StandardTestVector" + values: + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "CPP" + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is included to OSS-Fuzz project" + flag: false + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "cpp_not_fuzzed_in_oss_fuzz" -- type: "StandardTestVector" - values: - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "CPP" - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is included to OSS-Fuzz project" - flag: true - expectedScore: - type: "DoubleInterval" - from: 9.9 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "cpp_fuzzed_in_oss_fuzz" + - type: "StandardTestVector" + values: + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "CPP" + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is included to OSS-Fuzz project" + flag: true + expectedScore: + type: "DoubleInterval" + from: 9.9 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "cpp_fuzzed_in_oss_fuzz" -- type: "StandardTestVector" - values: - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "CPP" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is included to OSS-Fuzz project" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "cpp_unknown" + - type: "StandardTestVector" + values: + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "CPP" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is included to OSS-Fuzz project" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "cpp_unknown" -- type: "StandardTestVector" - values: - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "C" - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is included to OSS-Fuzz project" - flag: false - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "c_not_fuzzed_in_oss_fuzz" + - type: "StandardTestVector" + values: + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "C" + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is included to OSS-Fuzz project" + flag: false + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "c_not_fuzzed_in_oss_fuzz" -- type: "StandardTestVector" - values: - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "C" - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is included to OSS-Fuzz project" - flag: true - expectedScore: - type: "DoubleInterval" - from: 9.9 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "c_fuzzed_in_oss_fuzz" + - type: "StandardTestVector" + values: + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "C" + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is included to OSS-Fuzz project" + flag: true + expectedScore: + type: "DoubleInterval" + from: 9.9 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "c_fuzzed_in_oss_fuzz" -- type: "StandardTestVector" - values: - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "C" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is included to OSS-Fuzz project" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "c_unknown" + - type: "StandardTestVector" + values: + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "C" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is included to OSS-Fuzz project" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "c_unknown" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/LgtmScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/LgtmScoreTestVectors.yml index f6234609a..9c4cf06fb 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/LgtmScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/LgtmScoreTestVectors.yml @@ -1,157 +1,157 @@ --- defaults: -- type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "JAVA" -elements: -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "LgtmGradeFeature" - name: "The worst LGTM grade of a project" - - type: "UnknownValue" + - type: "LanguagesValue" feature: type: "LanguagesFeature" name: "A set of programming languages" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - expectedUnknownScore: true - alias: "all_unknown" -- type: "StandardTestVector" - values: - - type: "LgtmGradeValue" - feature: - type: "LgtmGradeFeature" - name: "The worst LGTM grade of a project" - value: "E" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 2.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_1" -- type: "StandardTestVector" - values: - - type: "LgtmGradeValue" - feature: - type: "LgtmGradeFeature" - name: "The worst LGTM grade of a project" - value: "D" - expectedScore: - type: "DoubleInterval" - from: 1.0 - openLeft: false - negativeInfinity: false - to: 3.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_2" -- type: "StandardTestVector" - values: - - type: "LgtmGradeValue" - feature: - type: "LgtmGradeFeature" - name: "The worst LGTM grade of a project" - value: "C" - expectedScore: - type: "DoubleInterval" - from: 5.0 - openLeft: false - negativeInfinity: false - to: 7.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_3" -- type: "StandardTestVector" - values: - - type: "LgtmGradeValue" - feature: - type: "LgtmGradeFeature" - name: "The worst LGTM grade of a project" - value: "B" - expectedScore: - type: "DoubleInterval" - from: 7.0 - openLeft: false - negativeInfinity: false - to: 9.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_4" -- type: "StandardTestVector" - values: - - type: "LgtmGradeValue" - feature: - type: "LgtmGradeFeature" - name: "The worst LGTM grade of a project" - value: "A" - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_5" -- type: "StandardTestVector" - values: - - type: "LgtmGradeValue" - feature: - type: "LgtmGradeFeature" - name: "The worst LGTM grade of a project" - value: "A+" - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_6" -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "LgtmGradeFeature" - name: "The worst LGTM grade of a project" - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "OTHER" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - expectedNotApplicableScore: true - alias: "test_vector_7" + languages: + elements: + - "JAVA" +elements: + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "LgtmGradeFeature" + name: "The worst LGTM grade of a project" + - type: "UnknownValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + expectedUnknownScore: true + alias: "all_unknown" + - type: "StandardTestVector" + values: + - type: "LgtmGradeValue" + feature: + type: "LgtmGradeFeature" + name: "The worst LGTM grade of a project" + value: "E" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 2.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_1" + - type: "StandardTestVector" + values: + - type: "LgtmGradeValue" + feature: + type: "LgtmGradeFeature" + name: "The worst LGTM grade of a project" + value: "D" + expectedScore: + type: "DoubleInterval" + from: 1.0 + openLeft: false + negativeInfinity: false + to: 3.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_2" + - type: "StandardTestVector" + values: + - type: "LgtmGradeValue" + feature: + type: "LgtmGradeFeature" + name: "The worst LGTM grade of a project" + value: "C" + expectedScore: + type: "DoubleInterval" + from: 5.0 + openLeft: false + negativeInfinity: false + to: 7.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_3" + - type: "StandardTestVector" + values: + - type: "LgtmGradeValue" + feature: + type: "LgtmGradeFeature" + name: "The worst LGTM grade of a project" + value: "B" + expectedScore: + type: "DoubleInterval" + from: 7.0 + openLeft: false + negativeInfinity: false + to: 9.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_4" + - type: "StandardTestVector" + values: + - type: "LgtmGradeValue" + feature: + type: "LgtmGradeFeature" + name: "The worst LGTM grade of a project" + value: "A" + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_5" + - type: "StandardTestVector" + values: + - type: "LgtmGradeValue" + feature: + type: "LgtmGradeFeature" + name: "The worst LGTM grade of a project" + value: "A+" + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_6" + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "LgtmGradeFeature" + name: "The worst LGTM grade of a project" + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "OTHER" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + expectedNotApplicableScore: true + alias: "test_vector_7" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/MemorySafetyTestingScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/MemorySafetyTestingScoreTestVectors.yml index 845c05752..07b40fddd 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/MemorySafetyTestingScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/MemorySafetyTestingScoreTestVectors.yml @@ -1,273 +1,273 @@ --- -defaults: [] +defaults: [ ] elements: -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses AddressSanitizer" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses MemorySanitizer" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses UndefinedBehaviorSanitizer" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedUnknownScore: true - expectedLabel: null - alias: "all_unknown" + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses AddressSanitizer" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses MemorySanitizer" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses UndefinedBehaviorSanitizer" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedUnknownScore: true + expectedLabel: null + alias: "all_unknown" -- type: "StandardTestVector" - values: - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "JAVA" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses AddressSanitizer" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses MemorySanitizer" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses UndefinedBehaviorSanitizer" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedLabel: null - expectedNotApplicableScore: true - alias: "java" + - type: "StandardTestVector" + values: + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "JAVA" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses AddressSanitizer" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses MemorySanitizer" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses UndefinedBehaviorSanitizer" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedLabel: null + expectedNotApplicableScore: true + alias: "java" -- type: "StandardTestVector" - values: - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "PYTHON" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses AddressSanitizer" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses MemorySanitizer" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses UndefinedBehaviorSanitizer" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedLabel: null - expectedNotApplicableScore: true - alias: "python" + - type: "StandardTestVector" + values: + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "PYTHON" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses AddressSanitizer" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses MemorySanitizer" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses UndefinedBehaviorSanitizer" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedLabel: null + expectedNotApplicableScore: true + alias: "python" -- type: "StandardTestVector" - values: - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "CPP" - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses MemorySanitizer" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses UndefinedBehaviorSanitizer" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses AddressSanitizer" - flag: true - expectedScore: - type: "DoubleInterval" - from: 6.0 - openLeft: false - negativeInfinity: false - to: 8.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "address_sanitizer" + - type: "StandardTestVector" + values: + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "CPP" + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses MemorySanitizer" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses UndefinedBehaviorSanitizer" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses AddressSanitizer" + flag: true + expectedScore: + type: "DoubleInterval" + from: 6.0 + openLeft: false + negativeInfinity: false + to: 8.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "address_sanitizer" -- type: "StandardTestVector" - values: - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "CPP" - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses MemorySanitizer" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses UndefinedBehaviorSanitizer" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses AddressSanitizer" - flag: false - expectedScore: - type: "DoubleInterval" - from: 1.0 - openLeft: false - negativeInfinity: false - to: 3.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "memory_sanitizer" + - type: "StandardTestVector" + values: + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "CPP" + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses MemorySanitizer" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses UndefinedBehaviorSanitizer" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses AddressSanitizer" + flag: false + expectedScore: + type: "DoubleInterval" + from: 1.0 + openLeft: false + negativeInfinity: false + to: 3.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "memory_sanitizer" -- type: "StandardTestVector" - values: - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "C" - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses MemorySanitizer" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses UndefinedBehaviorSanitizer" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses AddressSanitizer" - flag: false - expectedScore: - type: "DoubleInterval" - from: 1.0 - openLeft: false - negativeInfinity: false - to: 3.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "undefined_behavior_sanitizer" + - type: "StandardTestVector" + values: + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "C" + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses MemorySanitizer" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses UndefinedBehaviorSanitizer" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses AddressSanitizer" + flag: false + expectedScore: + type: "DoubleInterval" + from: 1.0 + openLeft: false + negativeInfinity: false + to: 3.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "undefined_behavior_sanitizer" -- type: "StandardTestVector" - values: - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "CPP" - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses MemorySanitizer" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses UndefinedBehaviorSanitizer" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses AddressSanitizer" - flag: true - expectedScore: - type: "DoubleInterval" - from: 7.0 - openLeft: false - negativeInfinity: false - to: 9.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "address_and_memory_sanitizers" + - type: "StandardTestVector" + values: + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "CPP" + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses MemorySanitizer" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses UndefinedBehaviorSanitizer" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses AddressSanitizer" + flag: true + expectedScore: + type: "DoubleInterval" + from: 7.0 + openLeft: false + negativeInfinity: false + to: 9.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "address_and_memory_sanitizers" -- type: "StandardTestVector" - values: - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "CPP" - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses MemorySanitizer" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses UndefinedBehaviorSanitizer" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses AddressSanitizer" - flag: true - expectedScore: - type: "DoubleInterval" - from: 9.9 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "all" + - type: "StandardTestVector" + values: + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "CPP" + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses MemorySanitizer" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses UndefinedBehaviorSanitizer" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses AddressSanitizer" + flag: true + expectedScore: + type: "DoubleInterval" + from: 9.9 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "all" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/NoHttpToolScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/NoHttpToolScoreTestVectors.yml index f10d8dc91..a78a32b36 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/NoHttpToolScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/NoHttpToolScoreTestVectors.yml @@ -1,150 +1,150 @@ --- -defaults: [] +defaults: [ ] elements: -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses nohttp tool" - expectedScore: - type: "DoubleInterval" - from: 0.0 - to: 1.0 - openLeft: false - openRight: false - negativeInfinity: false - positiveInfinity: false - expectedUnknownScore: true - expectedLabel: null - alias: "all_unknown" - expectedNotApplicableScore: false + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses nohttp tool" + expectedScore: + type: "DoubleInterval" + from: 0.0 + to: 1.0 + openLeft: false + openRight: false + negativeInfinity: false + positiveInfinity: false + expectedUnknownScore: true + expectedLabel: null + alias: "all_unknown" + expectedNotApplicableScore: false -# uses nohttp -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses nohttp tool" - flag: true - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: + # uses nohttp + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses nohttp tool" + flag: true + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" packageManagers: - - "MAVEN" - expectedScore: - type: "DoubleInterval" - from: 9.0 - to: 10.0 - openLeft: false - openRight: false - negativeInfinity: false - positiveInfinity: false - expectedLabel: null - alias: "uses_nohttp" - expectedNotApplicableScore: false + packageManagers: + - "MAVEN" + expectedScore: + type: "DoubleInterval" + from: 9.0 + to: 10.0 + openLeft: false + openRight: false + negativeInfinity: false + positiveInfinity: false + expectedLabel: null + alias: "uses_nohttp" + expectedNotApplicableScore: false -# doesn't use nohttp -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses nohttp tool" - flag: false - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: + # doesn't use nohttp + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses nohttp tool" + flag: false + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" packageManagers: - - "GRADLE" - expectedScore: - type: "DoubleInterval" - from: 0.0 - to: 1.0 - openLeft: false - openRight: false - negativeInfinity: false - positiveInfinity: false - expectedLabel: null - alias: "does_not_use_nohttp" - expectedNotApplicableScore: false + packageManagers: + - "GRADLE" + expectedScore: + type: "DoubleInterval" + from: 0.0 + to: 1.0 + openLeft: false + openRight: false + negativeInfinity: false + positiveInfinity: false + expectedLabel: null + alias: "does_not_use_nohttp" + expectedNotApplicableScore: false -# doesn't know whether nohttp is used or not, but it may be used with Maven -- type: "StandardTestVector" - values: - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: + # doesn't know whether nohttp is used or not, but it may be used with Maven + - type: "StandardTestVector" + values: + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" packageManagers: - - "MAVEN" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses nohttp tool" - expectedScore: - type: "DoubleInterval" - from: 0.0 - to: 1.0 - openLeft: false - openRight: false - negativeInfinity: false - positiveInfinity: false - expectedLabel: null - alias: "unknown_but_maven" - expectedNotApplicableScore: false + packageManagers: + - "MAVEN" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses nohttp tool" + expectedScore: + type: "DoubleInterval" + from: 0.0 + to: 1.0 + openLeft: false + openRight: false + negativeInfinity: false + positiveInfinity: false + expectedLabel: null + alias: "unknown_but_maven" + expectedNotApplicableScore: false -# doesn't know whether nohttp is used or not, but it may be used with Gradle -- type: "StandardTestVector" - values: - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: + # doesn't know whether nohttp is used or not, but it may be used with Gradle + - type: "StandardTestVector" + values: + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" packageManagers: - - "GRADLE" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses nohttp tool" - expectedScore: - type: "DoubleInterval" - from: 0.0 - to: 1.0 - openLeft: false - openRight: false - negativeInfinity: false - positiveInfinity: false - expectedLabel: null - alias: "unknown_but_gradle" - expectedNotApplicableScore: false + packageManagers: + - "GRADLE" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses nohttp tool" + expectedScore: + type: "DoubleInterval" + from: 0.0 + to: 1.0 + openLeft: false + openRight: false + negativeInfinity: false + positiveInfinity: false + expectedLabel: null + alias: "unknown_but_gradle" + expectedNotApplicableScore: false -# doesn't know whether nohttp is used or not, but it may be used -- type: "StandardTestVector" - values: - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: + # doesn't know whether nohttp is used or not, but it may be used + - type: "StandardTestVector" + values: + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" packageManagers: - - "NPM" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses nohttp tool" - expectedScore: null - expectedLabel: null - alias: "unknown_but_unsupported_package_manager" - expectedNotApplicableScore: true \ No newline at end of file + packageManagers: + - "NPM" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses nohttp tool" + expectedScore: null + expectedLabel: null + alias: "unknown_but_unsupported_package_manager" + expectedNotApplicableScore: true \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/OssSecurityScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/OssSecurityScoreTestVectors.yml index 965a3e41c..c18be4c3b 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/OssSecurityScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/OssSecurityScoreTestVectors.yml @@ -1,5 +1,5 @@ --- -defaults: [] +defaults: [ ] elements: - type: "ScoreTestVector" values: diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/OwaspDependencyScanScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/OwaspDependencyScanScoreTestVectors.yml index 03e156a29..fa8d08884 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/OwaspDependencyScanScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/OwaspDependencyScanScoreTestVectors.yml @@ -1,162 +1,162 @@ --- # default values for test vectors -defaults: [] +defaults: [ ] # test vectors elements: -# all unknown -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "OwaspDependencyCheckUsageFeature" - name: "How OWASP Dependency Check is used" - - type: "UnknownValue" - feature: - type: "OwaspDependencyCheckCvssThreshold" - name: "A CVSS threshold for OWASP Dependency Check to fail the build" - - type: "UnknownValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedUnknownScore: true - expectedLabel: null - alias: "all_unknown" + # all unknown + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "OwaspDependencyCheckUsageFeature" + name: "How OWASP Dependency Check is used" + - type: "UnknownValue" + feature: + type: "OwaspDependencyCheckCvssThreshold" + name: "A CVSS threshold for OWASP Dependency Check to fail the build" + - type: "UnknownValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedUnknownScore: true + expectedLabel: null + alias: "all_unknown" -# very bad project -- type: "StandardTestVector" - values: - - type: "OwaspDependencyCheckUsageValue" - feature: - type: "OwaspDependencyCheckUsageFeature" - name: "How OWASP Dependency Check is used" - value: "NOT_USED" - - type: "OwaspDependencyCheckCvssThresholdValue" - feature: - type: "OwaspDependencyCheckCvssThreshold" - name: "A CVSS threshold for OWASP Dependency Check to fail the build" - number: 10.0 - specified: false - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: - packageManagers: - - "MAVEN" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "very_bad" + # very bad project + - type: "StandardTestVector" + values: + - type: "OwaspDependencyCheckUsageValue" + feature: + type: "OwaspDependencyCheckUsageFeature" + name: "How OWASP Dependency Check is used" + value: "NOT_USED" + - type: "OwaspDependencyCheckCvssThresholdValue" + feature: + type: "OwaspDependencyCheckCvssThreshold" + name: "A CVSS threshold for OWASP Dependency Check to fail the build" + number: 10.0 + specified: false + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + packageManagers: + packageManagers: + - "MAVEN" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "very_bad" -# moderate project -- type: "StandardTestVector" - values: - - type: "OwaspDependencyCheckUsageValue" - feature: - type: "OwaspDependencyCheckUsageFeature" - name: "How OWASP Dependency Check is used" - value: "OPTIONAL" - - type: "OwaspDependencyCheckCvssThresholdValue" - feature: - type: "OwaspDependencyCheckCvssThreshold" - name: "A CVSS threshold for OWASP Dependency Check to fail the build" - number: 3.0 - specified: true - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: - packageManagers: - - "GRADLE" - expectedScore: - type: "DoubleInterval" - from: 3.0 - openLeft: false - negativeInfinity: false - to: 6.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "moderate" + # moderate project + - type: "StandardTestVector" + values: + - type: "OwaspDependencyCheckUsageValue" + feature: + type: "OwaspDependencyCheckUsageFeature" + name: "How OWASP Dependency Check is used" + value: "OPTIONAL" + - type: "OwaspDependencyCheckCvssThresholdValue" + feature: + type: "OwaspDependencyCheckCvssThreshold" + name: "A CVSS threshold for OWASP Dependency Check to fail the build" + number: 3.0 + specified: true + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + packageManagers: + packageManagers: + - "GRADLE" + expectedScore: + type: "DoubleInterval" + from: 3.0 + openLeft: false + negativeInfinity: false + to: 6.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "moderate" -# good project -- type: "StandardTestVector" - values: - - type: "OwaspDependencyCheckUsageValue" - feature: - type: "OwaspDependencyCheckUsageFeature" - name: "How OWASP Dependency Check is used" - value: "MANDATORY" - - type: "OwaspDependencyCheckCvssThresholdValue" - feature: - type: "OwaspDependencyCheckCvssThreshold" - name: "A CVSS threshold for OWASP Dependency Check to fail the build" - number: 4.0 - specified: true - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: - packageManagers: - - "MAVEN" - expectedScore: - type: "DoubleInterval" - from: 7.0 - openLeft: false - negativeInfinity: false - to: 9.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "good" + # good project + - type: "StandardTestVector" + values: + - type: "OwaspDependencyCheckUsageValue" + feature: + type: "OwaspDependencyCheckUsageFeature" + name: "How OWASP Dependency Check is used" + value: "MANDATORY" + - type: "OwaspDependencyCheckCvssThresholdValue" + feature: + type: "OwaspDependencyCheckCvssThreshold" + name: "A CVSS threshold for OWASP Dependency Check to fail the build" + number: 4.0 + specified: true + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + packageManagers: + packageManagers: + - "MAVEN" + expectedScore: + type: "DoubleInterval" + from: 7.0 + openLeft: false + negativeInfinity: false + to: 9.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "good" -# very good project -- type: "StandardTestVector" - values: - - type: "OwaspDependencyCheckUsageValue" - feature: - type: "OwaspDependencyCheckUsageFeature" - name: "How OWASP Dependency Check is used" - value: "MANDATORY" - - type: "OwaspDependencyCheckCvssThresholdValue" - feature: - type: "OwaspDependencyCheckCvssThreshold" - name: "A CVSS threshold for OWASP Dependency Check to fail the build" - number: 1.0 - specified: true - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: - packageManagers: - - "GRADLE" - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "very_good" \ No newline at end of file + # very good project + - type: "StandardTestVector" + values: + - type: "OwaspDependencyCheckUsageValue" + feature: + type: "OwaspDependencyCheckUsageFeature" + name: "How OWASP Dependency Check is used" + value: "MANDATORY" + - type: "OwaspDependencyCheckCvssThresholdValue" + feature: + type: "OwaspDependencyCheckCvssThreshold" + name: "A CVSS threshold for OWASP Dependency Check to fail the build" + number: 1.0 + specified: true + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + packageManagers: + packageManagers: + - "GRADLE" + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "very_good" \ No newline at end of file diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectActivityScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectActivityScoreTestVectors.yml index e26a3f32a..b8da23b79 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectActivityScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectActivityScoreTestVectors.yml @@ -1,222 +1,222 @@ --- -defaults: [] +defaults: [ ] elements: -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of contributors in the last three months" - - type: "UnknownValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of commits in the last three months" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedLabel: null - expectedUnknownScore: true - alias: "all_unknown" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of commits in the last three months" - number: 0 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of contributors in the last three months" - number: 0 - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_1" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of contributors in the last three months" - number: 1 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of commits in the last three months" - number: 10 - expectedScore: - type: "DoubleInterval" - from: 1.0 - openLeft: false - negativeInfinity: false - to: 3.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_2" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of contributors in the last three months" - number: 1 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of commits in the last three months" - number: 40 - expectedScore: - type: "DoubleInterval" - from: 6.0 - openLeft: false - negativeInfinity: false - to: 7.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_3" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of contributors in the last three months" - number: 1 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of commits in the last three months" - number: 100 - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_4" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of contributors in the last three months" - number: 2 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of commits in the last three months" - number: 30 - expectedScore: - type: "DoubleInterval" - from: 3.0 - openLeft: false - negativeInfinity: false - to: 5.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_5" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of contributors in the last three months" - number: 3 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of commits in the last three months" - number: 30 - expectedScore: - type: "DoubleInterval" - from: 5.0 - openLeft: false - negativeInfinity: false - to: 6.5 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_6" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of contributors in the last three months" - number: 4 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of commits in the last three months" - number: 50 - expectedScore: - type: "DoubleInterval" - from: 8.0 - openLeft: false - negativeInfinity: false - to: 9.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_7" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of contributors in the last three months" - number: 6 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of commits in the last three months" - number: 50 - expectedScore: - type: "DoubleInterval" - from: 8.0 - openLeft: false - negativeInfinity: false - to: 9.5 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_8" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of contributors in the last three months" - number: 7 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of commits in the last three months" - number: 70 - expectedScore: - type: "DoubleInterval" - from: 9.5 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_9" + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of contributors in the last three months" + - type: "UnknownValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of commits in the last three months" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedLabel: null + expectedUnknownScore: true + alias: "all_unknown" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of commits in the last three months" + number: 0 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of contributors in the last three months" + number: 0 + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_1" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of contributors in the last three months" + number: 1 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of commits in the last three months" + number: 10 + expectedScore: + type: "DoubleInterval" + from: 1.0 + openLeft: false + negativeInfinity: false + to: 3.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_2" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of contributors in the last three months" + number: 1 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of commits in the last three months" + number: 40 + expectedScore: + type: "DoubleInterval" + from: 6.0 + openLeft: false + negativeInfinity: false + to: 7.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_3" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of contributors in the last three months" + number: 1 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of commits in the last three months" + number: 100 + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_4" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of contributors in the last three months" + number: 2 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of commits in the last three months" + number: 30 + expectedScore: + type: "DoubleInterval" + from: 3.0 + openLeft: false + negativeInfinity: false + to: 5.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_5" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of contributors in the last three months" + number: 3 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of commits in the last three months" + number: 30 + expectedScore: + type: "DoubleInterval" + from: 5.0 + openLeft: false + negativeInfinity: false + to: 6.5 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_6" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of contributors in the last three months" + number: 4 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of commits in the last three months" + number: 50 + expectedScore: + type: "DoubleInterval" + from: 8.0 + openLeft: false + negativeInfinity: false + to: 9.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_7" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of contributors in the last three months" + number: 6 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of commits in the last three months" + number: 50 + expectedScore: + type: "DoubleInterval" + from: 8.0 + openLeft: false + negativeInfinity: false + to: 9.5 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_8" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of contributors in the last three months" + number: 7 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of commits in the last three months" + number: 70 + expectedScore: + type: "DoubleInterval" + from: 9.5 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_9" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectPopularityScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectPopularityScoreTestVectors.yml index 8b8a7683a..b5bea857a 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectPopularityScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectPopularityScoreTestVectors.yml @@ -1,298 +1,298 @@ --- -defaults: [] +defaults: [ ] elements: -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of stars for a GitHub repository" - - type: "UnknownValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of watchers for a GitHub repository" - - type: "UnknownValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of projects on GitHub that use an open source project" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedUnknownScore: true - expectedLabel: null - alias: "all_unknown" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of stars for a GitHub repository" - number: 0 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of watchers for a GitHub repository" - number: 0 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of projects on GitHub that use an open source project" - number: 0 - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.5 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_1" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of stars for a GitHub repository" - number: 10 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of watchers for a GitHub repository" - number: 0 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of projects on GitHub that use an open source project" - number: 100 - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_2" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of stars for a GitHub repository" - number: 100 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of watchers for a GitHub repository" - number: 0 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of projects on GitHub that use an open source project" - number: 1000 - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 2.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_3" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of stars for a GitHub repository" - number: 1000 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of watchers for a GitHub repository" - number: 0 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of projects on GitHub that use an open source project" - number: 50 - expectedScore: - type: "DoubleInterval" - from: 1.0 - openLeft: false - negativeInfinity: false - to: 2.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_4" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of watchers for a GitHub repository" - number: 2 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of stars for a GitHub repository" - number: 10 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of projects on GitHub that use an open source project" - number: 15 - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_5" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of stars for a GitHub repository" - number: 100 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of watchers for a GitHub repository" - number: 10 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of projects on GitHub that use an open source project" - number: 800 - expectedScore: - type: "DoubleInterval" - from: 0.5 - openLeft: false - negativeInfinity: false - to: 1.5 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_6" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of watchers for a GitHub repository" - number: 20 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of stars for a GitHub repository" - number: 1000 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of projects on GitHub that use an open source project" - number: 5400 - expectedScore: - type: "DoubleInterval" - from: 4.5 - openLeft: false - negativeInfinity: false - to: 5.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_7" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of watchers for a GitHub repository" - number: 20 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of stars for a GitHub repository" - number: 5000 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of projects on GitHub that use an open source project" - number: 100 - expectedScore: - type: "DoubleInterval" - from: 5.0 - openLeft: false - negativeInfinity: false - to: 6.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_8" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of watchers for a GitHub repository" - number: 100 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of stars for a GitHub repository" - number: 5000 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of projects on GitHub that use an open source project" - number: 4000 - expectedScore: - type: "DoubleInterval" - from: 8.0 - openLeft: false - negativeInfinity: false - to: 9.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_9" -- type: "StandardTestVector" - values: - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of watchers for a GitHub repository" - number: 300 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of stars for a GitHub repository" - number: 20000 - - type: "IntegerValue" - feature: - type: "PositiveIntegerFeature" - name: "Number of projects on GitHub that use an open source project" - number: 5000 - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_10" + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of stars for a GitHub repository" + - type: "UnknownValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of watchers for a GitHub repository" + - type: "UnknownValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of projects on GitHub that use an open source project" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedUnknownScore: true + expectedLabel: null + alias: "all_unknown" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of stars for a GitHub repository" + number: 0 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of watchers for a GitHub repository" + number: 0 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of projects on GitHub that use an open source project" + number: 0 + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.5 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_1" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of stars for a GitHub repository" + number: 10 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of watchers for a GitHub repository" + number: 0 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of projects on GitHub that use an open source project" + number: 100 + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_2" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of stars for a GitHub repository" + number: 100 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of watchers for a GitHub repository" + number: 0 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of projects on GitHub that use an open source project" + number: 1000 + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 2.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_3" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of stars for a GitHub repository" + number: 1000 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of watchers for a GitHub repository" + number: 0 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of projects on GitHub that use an open source project" + number: 50 + expectedScore: + type: "DoubleInterval" + from: 1.0 + openLeft: false + negativeInfinity: false + to: 2.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_4" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of watchers for a GitHub repository" + number: 2 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of stars for a GitHub repository" + number: 10 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of projects on GitHub that use an open source project" + number: 15 + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_5" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of stars for a GitHub repository" + number: 100 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of watchers for a GitHub repository" + number: 10 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of projects on GitHub that use an open source project" + number: 800 + expectedScore: + type: "DoubleInterval" + from: 0.5 + openLeft: false + negativeInfinity: false + to: 1.5 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_6" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of watchers for a GitHub repository" + number: 20 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of stars for a GitHub repository" + number: 1000 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of projects on GitHub that use an open source project" + number: 5400 + expectedScore: + type: "DoubleInterval" + from: 4.5 + openLeft: false + negativeInfinity: false + to: 5.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_7" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of watchers for a GitHub repository" + number: 20 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of stars for a GitHub repository" + number: 5000 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of projects on GitHub that use an open source project" + number: 100 + expectedScore: + type: "DoubleInterval" + from: 5.0 + openLeft: false + negativeInfinity: false + to: 6.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_8" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of watchers for a GitHub repository" + number: 100 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of stars for a GitHub repository" + number: 5000 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of projects on GitHub that use an open source project" + number: 4000 + expectedScore: + type: "DoubleInterval" + from: 8.0 + openLeft: false + negativeInfinity: false + to: 9.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_9" + - type: "StandardTestVector" + values: + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of watchers for a GitHub repository" + number: 300 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of stars for a GitHub repository" + number: 20000 + - type: "IntegerValue" + feature: + type: "PositiveIntegerFeature" + name: "Number of projects on GitHub that use an open source project" + number: 5000 + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_10" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectSecurityAwarenessScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectSecurityAwarenessScoreTestVectors.yml index 37aed2815..3586b3ec1 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectSecurityAwarenessScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectSecurityAwarenessScoreTestVectors.yml @@ -1,672 +1,672 @@ --- defaults: -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Dependabot" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Snyk" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses FindSecBugs" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses MemorySanitizer" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses UndefinedBehaviorSanitizer" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses AddressSanitizer" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is included to OSS-Fuzz project" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses LGTM checks for commits" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses nohttp tool" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses OWASP Enterprise Security API (ESAPI)" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses OWASP Java HTML Sanitizer" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses OWASP Java Encoder" - flag: false -- type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has executable binaries" - flag: false -- type: "OwaspDependencyCheckUsageValue" - feature: - type: "OwaspDependencyCheckUsageFeature" - name: "How OWASP Dependency Check is used" - value: "NOT_USED" - -elements: -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security policy" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses signed commits" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security team" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project has a bug bounty program" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project signs artifacts" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 0.1 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "all_unknown" -- type: "StandardTestVector" - values: - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project uses signed commits" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security team" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security policy" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has a bug bounty program" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project signs artifacts" - flag: false - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "all_false" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security policy" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses signed commits" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security team" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has a bug bounty program" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project signs artifacts" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses MemorySanitizer" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses UndefinedBehaviorSanitizer" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses AddressSanitizer" - flag: true - expectedScore: - type: "DoubleInterval" - from: 6.0 - openLeft: false - negativeInfinity: false - to: 8.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_2" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security team" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security policy" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses signed commits" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has a bug bounty program" + name: "If a project uses Dependabot" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project signs artifacts" + name: "If a project uses Snyk" flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Dependabot" - flag: true - type: "BooleanValue" feature: type: "BooleanFeature" name: "If an open-source project uses FindSecBugs" - flag: true - expectedScore: - type: "DoubleInterval" - from: 5.0 - openLeft: false - negativeInfinity: false - to: 7.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_3" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses signed commits" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If an open-source project has a security team" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security policy" + name: "If an open-source project uses MemorySanitizer" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project has a bug bounty program" + name: "If an open-source project uses UndefinedBehaviorSanitizer" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project signs artifacts" + name: "If an open-source project uses AddressSanitizer" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" name: "If an open-source project is included to OSS-Fuzz project" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses LGTM checks for commits" - flag: true - expectedScore: - type: "DoubleInterval" - from: 4.0 - openLeft: false - negativeInfinity: false - to: 6.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_4" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security policy" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses signed commits" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security team" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has a bug bounty program" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project signs artifacts" - flag: false - expectedScore: - type: "DoubleInterval" - from: 1.0 - openLeft: false - negativeInfinity: false - to: 3.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_5" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security team" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If an open-source project has a security policy" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses signed commits" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has a bug bounty program" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project signs artifacts" + name: "If a project uses LGTM checks for commits" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" name: "If a project uses nohttp tool" - flag: true - expectedScore: - type: "DoubleInterval" - from: 1.0 - openLeft: false - negativeInfinity: false - to: 3.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_6" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security policy" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security team" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses signed commits" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has a bug bounty program" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project signs artifacts" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" name: "If a project uses OWASP Enterprise Security API (ESAPI)" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses OWASP Java HTML Sanitizer" - flag: true - expectedScore: - type: "DoubleInterval" - from: 4.0 - openLeft: false - negativeInfinity: false - to: 6.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_7" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security policy" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security team" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses signed commits" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has a bug bounty program" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project signs artifacts" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" name: "If a project uses OWASP Java HTML Sanitizer" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses OWASP Java Encoder" - flag: true - expectedScore: - type: "DoubleInterval" - from: 7.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_8" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security policy" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security team" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses signed commits" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has a bug bounty program" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project signs artifacts" - flag: false - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_9" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security team" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security policy" flag: false - type: "BooleanValue" feature: type: "BooleanFeature" - name: "If a project uses signed commits" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has a bug bounty program" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project signs artifacts" + name: "If a project uses OWASP Java Encoder" flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Dependabot" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses FindSecBugs" - flag: true - type: "BooleanValue" feature: type: "BooleanFeature" name: "If a project has executable binaries" - flag: true - expectedScore: - type: "DoubleInterval" - from: 3.0 - openLeft: false - negativeInfinity: false - to: 5.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_10" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security policy" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses signed commits" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security team" flag: false - - type: "BooleanValue" + - type: "OwaspDependencyCheckUsageValue" feature: - type: "BooleanFeature" - name: "If a project has a bug bounty program" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project signs artifacts" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has executable binaries" - flag: true - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_11" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security policy" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security team" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses signed commits" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has a bug bounty program" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project signs artifacts" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has executable binaries" - flag: true - expectedScore: - type: "DoubleInterval" - from: 6.0 - openLeft: false - negativeInfinity: false - to: 8.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_12" -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security policy" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If an open-source project has a security team" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses signed commits" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project has a bug bounty program" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project signs artifacts" - flag: true - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "all_true" + type: "OwaspDependencyCheckUsageFeature" + name: "How OWASP Dependency Check is used" + value: "NOT_USED" + +elements: + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project has a bug bounty program" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project signs artifacts" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 0.1 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "all_unknown" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has a bug bounty program" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project signs artifacts" + flag: false + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "all_false" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has a bug bounty program" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project signs artifacts" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses MemorySanitizer" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses UndefinedBehaviorSanitizer" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses AddressSanitizer" + flag: true + expectedScore: + type: "DoubleInterval" + from: 6.0 + openLeft: false + negativeInfinity: false + to: 8.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_2" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has a bug bounty program" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project signs artifacts" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses Dependabot" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses FindSecBugs" + flag: true + expectedScore: + type: "DoubleInterval" + from: 5.0 + openLeft: false + negativeInfinity: false + to: 7.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_3" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has a bug bounty program" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project signs artifacts" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is included to OSS-Fuzz project" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses LGTM checks for commits" + flag: true + expectedScore: + type: "DoubleInterval" + from: 4.0 + openLeft: false + negativeInfinity: false + to: 6.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_4" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has a bug bounty program" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project signs artifacts" + flag: false + expectedScore: + type: "DoubleInterval" + from: 1.0 + openLeft: false + negativeInfinity: false + to: 3.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_5" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has a bug bounty program" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project signs artifacts" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses nohttp tool" + flag: true + expectedScore: + type: "DoubleInterval" + from: 1.0 + openLeft: false + negativeInfinity: false + to: 3.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_6" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has a bug bounty program" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project signs artifacts" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses OWASP Enterprise Security API (ESAPI)" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses OWASP Java HTML Sanitizer" + flag: true + expectedScore: + type: "DoubleInterval" + from: 4.0 + openLeft: false + negativeInfinity: false + to: 6.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_7" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has a bug bounty program" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project signs artifacts" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses OWASP Java HTML Sanitizer" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses OWASP Java Encoder" + flag: true + expectedScore: + type: "DoubleInterval" + from: 7.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_8" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has a bug bounty program" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project signs artifacts" + flag: false + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_9" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has a bug bounty program" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project signs artifacts" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses Dependabot" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses FindSecBugs" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has executable binaries" + flag: true + expectedScore: + type: "DoubleInterval" + from: 3.0 + openLeft: false + negativeInfinity: false + to: 5.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_10" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has a bug bounty program" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project signs artifacts" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has executable binaries" + flag: true + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_11" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has a bug bounty program" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project signs artifacts" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has executable binaries" + flag: true + expectedScore: + type: "DoubleInterval" + from: 6.0 + openLeft: false + negativeInfinity: false + to: 8.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_12" + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security policy" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If an open-source project has a security team" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses signed commits" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project has a bug bounty program" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project signs artifacts" + flag: true + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "all_true" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectSecurityTestingScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectSecurityTestingScoreTestVectors.yml index 857086756..523e2a9ce 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectSecurityTestingScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/ProjectSecurityTestingScoreTestVectors.yml @@ -1,5 +1,5 @@ --- -defaults: [] +defaults: [ ] elements: - type: "ScoreTestVector" values: @@ -102,8 +102,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "CodeqlScore" @@ -120,8 +120,8 @@ elements: value: 0.0 weight: 1.0 confidence: 0.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -130,8 +130,8 @@ elements: value: 10.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "FuzzingScore" @@ -139,8 +139,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "FindSecBugsScore" @@ -148,8 +148,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "BanditScore" @@ -157,8 +157,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "GoSecScore" @@ -166,8 +166,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "PylintScore" @@ -175,8 +175,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "MyPyScore" @@ -184,8 +184,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] expectedScore: type: "DoubleInterval" from: 5.0 @@ -207,8 +207,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "CodeqlScore" @@ -225,8 +225,8 @@ elements: value: 6.0 weight: 1.0 confidence: 0.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "MemorySafetyTestingScore" @@ -234,8 +234,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -244,8 +244,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -254,8 +254,8 @@ elements: value: 10.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "BanditScore" @@ -263,8 +263,8 @@ elements: value: 6.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "GoSecScore" @@ -272,8 +272,8 @@ elements: value: 6.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "PylintScore" @@ -281,8 +281,8 @@ elements: value: 6.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "MyPyScore" @@ -290,8 +290,8 @@ elements: value: 6.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] expectedScore: type: "DoubleInterval" from: 5.0 @@ -322,8 +322,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "NoHttpToolScore" @@ -331,8 +331,8 @@ elements: value: 10.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "MemorySafetyTestingScore" @@ -340,8 +340,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "FuzzingScore" @@ -349,8 +349,8 @@ elements: value: 8.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "FindSecBugsScore" @@ -358,8 +358,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -368,8 +368,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "GoSecScore" @@ -377,8 +377,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "PylintScore" @@ -386,8 +386,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "MyPyScore" @@ -395,8 +395,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] expectedScore: type: "DoubleInterval" from: 5.0 @@ -427,8 +427,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "NoHttpToolScore" @@ -436,8 +436,8 @@ elements: value: 10.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "MemorySafetyTestingScore" @@ -445,8 +445,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "FuzzingScore" @@ -454,8 +454,8 @@ elements: value: 8.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "FindSecBugsScore" @@ -463,8 +463,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "BanditScore" @@ -472,8 +472,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -482,8 +482,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -492,8 +492,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -502,8 +502,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false expectedScore: type: "DoubleInterval" @@ -535,8 +535,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "NoHttpToolScore" @@ -544,8 +544,8 @@ elements: value: 10.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "MemorySafetyTestingScore" @@ -553,8 +553,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "FuzzingScore" @@ -562,8 +562,8 @@ elements: value: 8.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "FindSecBugsScore" @@ -571,8 +571,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "BanditScore" @@ -580,8 +580,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -590,8 +590,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -600,8 +600,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -610,8 +610,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false expectedScore: type: "DoubleInterval" @@ -643,8 +643,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "NoHttpToolScore" @@ -652,8 +652,8 @@ elements: value: 10.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "MemorySafetyTestingScore" @@ -661,8 +661,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "FuzzingScore" @@ -670,8 +670,8 @@ elements: value: 8.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "FindSecBugsScore" @@ -679,8 +679,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "BanditScore" @@ -688,8 +688,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -698,8 +698,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -708,8 +708,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -718,8 +718,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false expectedScore: type: "DoubleInterval" @@ -731,7 +731,7 @@ elements: positiveInfinity: false expectedLabel: null alias: "pylint_not_applicable" - + # MyPyScore is N/A - type: "StandardTestVector" values: @@ -751,8 +751,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "NoHttpToolScore" @@ -760,8 +760,8 @@ elements: value: 10.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "MemorySafetyTestingScore" @@ -769,8 +769,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "FuzzingScore" @@ -778,8 +778,8 @@ elements: value: 8.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "FindSecBugsScore" @@ -787,8 +787,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] - type: "ScoreValue" score: type: "BanditScore" @@ -796,8 +796,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -806,8 +806,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -816,8 +816,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -826,8 +826,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true expectedScore: type: "DoubleInterval" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/SecurityReviewScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/SecurityReviewScoreTestVectors.yml index 3f5cc6ecb..457af6926 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/SecurityReviewScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/SecurityReviewScoreTestVectors.yml @@ -1,5 +1,5 @@ --- -defaults: [] +defaults: [ ] elements: - type: "StandardTestVector" values: @@ -24,7 +24,7 @@ elements: feature: type: "SecurityReviewsFeature" name: "Security reviews for a project" - reviews: [] + reviews: [ ] expectedScore: type: "DoubleInterval" from: 0.0 diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/SnykDependencyScanScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/SnykDependencyScanScoreTestVectors.yml index 5e041a657..537de72c3 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/SnykDependencyScanScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/SnykDependencyScanScoreTestVectors.yml @@ -1,152 +1,152 @@ --- # default values for test vectors -defaults: [] +defaults: [ ] # test vectors elements: -# all unknown -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses Snyk" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - - type: "UnknownValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - - type: "UnknownValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedUnknownScore: true - expectedLabel: null - alias: "all_unknown" + # all unknown + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses Snyk" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + - type: "UnknownValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + - type: "UnknownValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedUnknownScore: true + expectedLabel: null + alias: "all_unknown" -# very bad project -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Snyk" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - flag: false - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: - packageManagers: - - "OTHER" - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "OTHER" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "very_bad" + # very bad project + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses Snyk" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + flag: false + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + packageManagers: + packageManagers: + - "OTHER" + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "OTHER" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "very_bad" - # okay project -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Snyk" - flag: false - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - flag: true - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: + # okay project + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses Snyk" + flag: false + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + flag: true + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" packageManagers: - - "MAVEN" - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "JAVA" - expectedScore: - type: "DoubleInterval" - from: 5.0 - openLeft: false - negativeInfinity: false - to: 8.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "okay" + packageManagers: + - "MAVEN" + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "JAVA" + expectedScore: + type: "DoubleInterval" + from: 5.0 + openLeft: false + negativeInfinity: false + to: 8.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "okay" -# very good project -- type: "StandardTestVector" - values: - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses Snyk" - flag: true - - type: "BooleanValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - flag: true - - type: "PackageManagersValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - packageManagers: - packageManagers: - - "MAVEN" - - type: "LanguagesValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - languages: - elements: - - "JAVA" - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "very_good" + # very good project + - type: "StandardTestVector" + values: + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses Snyk" + flag: true + - type: "BooleanValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + flag: true + - type: "PackageManagersValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + packageManagers: + packageManagers: + - "MAVEN" + - type: "LanguagesValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + languages: + elements: + - "JAVA" + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "very_good" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/StaticAnalysisScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/StaticAnalysisScoreTestVectors.yml index ad0e8df3c..88c3bf634 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/StaticAnalysisScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/StaticAnalysisScoreTestVectors.yml @@ -1,5 +1,5 @@ --- -defaults: [] +defaults: [ ] elements: - type: "ScoreTestVector" values: @@ -96,8 +96,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -106,8 +106,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -116,8 +116,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -126,8 +126,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -136,8 +136,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true expectedScore: type: "DoubleInterval" @@ -188,8 +188,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -198,8 +198,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -208,8 +208,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -218,8 +218,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -228,8 +228,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false expectedScore: type: "DoubleInterval" @@ -261,8 +261,8 @@ elements: value: 4.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -271,8 +271,8 @@ elements: value: 0.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -281,8 +281,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -291,8 +291,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -301,8 +301,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false expectedScore: type: "DoubleInterval" @@ -324,8 +324,8 @@ elements: value: 6.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -334,8 +334,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -364,8 +364,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -374,8 +374,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false expectedScore: type: "DoubleInterval" @@ -397,8 +397,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -407,8 +407,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -437,8 +437,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -447,8 +447,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false expectedScore: type: "DoubleInterval" @@ -470,8 +470,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -480,8 +480,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -510,8 +510,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -520,8 +520,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false expectedScore: type: "DoubleInterval" @@ -543,8 +543,8 @@ elements: value: 5.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -553,8 +553,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true - type: "ScoreValue" score: @@ -583,8 +583,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: false - type: "ScoreValue" score: @@ -593,8 +593,8 @@ elements: value: 3.0 weight: 1.0 confidence: 10.0 - usedValues: [] - explanation: [] + usedValues: [ ] + explanation: [ ] isNotApplicable: true expectedScore: type: "DoubleInterval" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/UnpatchedVulnerabilitiesScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/UnpatchedVulnerabilitiesScoreTestVectors.yml index 7cfc2dbea..3c08ccfc3 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/UnpatchedVulnerabilitiesScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/UnpatchedVulnerabilitiesScoreTestVectors.yml @@ -1,260 +1,260 @@ --- -defaults: [] +defaults: [ ] elements: -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedUnknownScore: true - expectedLabel: null - alias: "all_unknown" -- type: "StandardTestVector" - values: - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: [] - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 8.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_1" -- type: "StandardTestVector" - values: - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "VULN-123-1" - cvss: - type: "CVSS$V3" - value: 9.0 - references: [] - resolution: "PATCHED" - introduced: "2019-01-01" - fixed: "2019-02-03" - - id: "VULN-124-2" - cvss: - type: "CVSS$V3" - value: 7.0 - references: [] - resolution: "PATCHED" - introduced: "2018-11-01" - fixed: "2018-12-02" - - id: "VULN-125-3" - cvss: - type: "CVSS$V3" - value: 3.0 - references: [] - resolution: "PATCHED" - introduced: "2017-07-04" - fixed: "2017-08-08" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_2" -- type: "StandardTestVector" - values: - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "VULN-126-4" - cvss: - type: "CVSS$V3" - value: 1.0 - references: [] - resolution: "UNPATCHED" - introduced: null - fixed: null - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 7.0 - openLeft: false - negativeInfinity: false - to: 9.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_3" -- type: "StandardTestVector" - values: - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "VULN-127-5" - cvss: - type: "CVSS$V3" - value: 5.0 - references: [] - resolution: "UNPATCHED" - introduced: null - fixed: null - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 6.0 - openLeft: false - negativeInfinity: false - to: 8.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_4" -- type: "StandardTestVector" - values: - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "VULN-128-6" - cvss: - type: "CVSS$V3" - value: 9.5 - references: [] - resolution: "UNPATCHED" - introduced: null - fixed: null - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 1.0 - openLeft: false - negativeInfinity: false - to: 3.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_5" -- type: "StandardTestVector" - values: - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "VULN-130-8" - cvss: - type: "CVSS$V3" - value: 2.0 - references: [] - resolution: "UNPATCHED" - introduced: null - fixed: null - - id: "VULN-129-7" - cvss: - type: "CVSS$V3" - value: 1.0 - references: [] - resolution: "UNPATCHED" - introduced: null - fixed: null - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 5.0 - openLeft: false - negativeInfinity: false - to: 8.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_6" -- type: "StandardTestVector" - values: - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "VULN-131-9" - cvss: - type: "CVSS$V3" - value: 5.0 - references: [] - resolution: "UNPATCHED" - introduced: null - fixed: null - - id: "VULN-132-10" - cvss: - type: "CVSS$V3" - value: 6.0 - references: [] - resolution: "UNPATCHED" - introduced: null - fixed: null - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 1.0 - openLeft: false - negativeInfinity: false - to: 3.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_7" -- type: "StandardTestVector" - values: - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "VULN-133-11" - cvss: - type: "CVSS$V3" - value: 9.0 - references: [] - resolution: "UNPATCHED" - introduced: null - fixed: null - - id: "VULN-134-12" - cvss: - type: "CVSS$V3" - value: 10.0 - references: [] - resolution: "UNPATCHED" - introduced: null - fixed: null - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_8" + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedUnknownScore: true + expectedLabel: null + alias: "all_unknown" + - type: "StandardTestVector" + values: + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: [ ] + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 8.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_1" + - type: "StandardTestVector" + values: + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "VULN-123-1" + cvss: + type: "CVSS$V3" + value: 9.0 + references: [ ] + resolution: "PATCHED" + introduced: "2019-01-01" + fixed: "2019-02-03" + - id: "VULN-124-2" + cvss: + type: "CVSS$V3" + value: 7.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-11-01" + fixed: "2018-12-02" + - id: "VULN-125-3" + cvss: + type: "CVSS$V3" + value: 3.0 + references: [ ] + resolution: "PATCHED" + introduced: "2017-07-04" + fixed: "2017-08-08" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_2" + - type: "StandardTestVector" + values: + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "VULN-126-4" + cvss: + type: "CVSS$V3" + value: 1.0 + references: [ ] + resolution: "UNPATCHED" + introduced: null + fixed: null + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 7.0 + openLeft: false + negativeInfinity: false + to: 9.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_3" + - type: "StandardTestVector" + values: + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "VULN-127-5" + cvss: + type: "CVSS$V3" + value: 5.0 + references: [ ] + resolution: "UNPATCHED" + introduced: null + fixed: null + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 6.0 + openLeft: false + negativeInfinity: false + to: 8.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_4" + - type: "StandardTestVector" + values: + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "VULN-128-6" + cvss: + type: "CVSS$V3" + value: 9.5 + references: [ ] + resolution: "UNPATCHED" + introduced: null + fixed: null + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 1.0 + openLeft: false + negativeInfinity: false + to: 3.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_5" + - type: "StandardTestVector" + values: + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "VULN-130-8" + cvss: + type: "CVSS$V3" + value: 2.0 + references: [ ] + resolution: "UNPATCHED" + introduced: null + fixed: null + - id: "VULN-129-7" + cvss: + type: "CVSS$V3" + value: 1.0 + references: [ ] + resolution: "UNPATCHED" + introduced: null + fixed: null + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 5.0 + openLeft: false + negativeInfinity: false + to: 8.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_6" + - type: "StandardTestVector" + values: + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "VULN-131-9" + cvss: + type: "CVSS$V3" + value: 5.0 + references: [ ] + resolution: "UNPATCHED" + introduced: null + fixed: null + - id: "VULN-132-10" + cvss: + type: "CVSS$V3" + value: 6.0 + references: [ ] + resolution: "UNPATCHED" + introduced: null + fixed: null + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 1.0 + openLeft: false + negativeInfinity: false + to: 3.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_7" + - type: "StandardTestVector" + values: + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "VULN-133-11" + cvss: + type: "CVSS$V3" + value: 9.0 + references: [ ] + resolution: "UNPATCHED" + introduced: null + fixed: null + - id: "VULN-134-12" + cvss: + type: "CVSS$V3" + value: 10.0 + references: [ ] + resolution: "UNPATCHED" + introduced: null + fixed: null + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_8" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityDiscoveryAndSecurityTestingScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityDiscoveryAndSecurityTestingScoreTestVectors.yml index 74128af16..272ca2ae7 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityDiscoveryAndSecurityTestingScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityDiscoveryAndSecurityTestingScoreTestVectors.yml @@ -1,461 +1,461 @@ --- -defaults: [] +defaults: [ ] elements: -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL scans" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses LGTM checks for commits" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses Dependabot" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses Snyk" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses AddressSanitizer" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses MemorySanitizer" - - type: "UnknownValue" - feature: - type: "OwaspDependencyCheckUsageFeature" - name: "How OWASP Dependency Check is used" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses nohttp tool" - - type: "UnknownValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses FindSecBugs" - - type: "UnknownValue" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is included to OSS-Fuzz project" - - type: "UnknownValue" - feature: - type: "OwaspDependencyCheckCvssThreshold" - name: "A CVSS threshold for OWASP Dependency Check to fail the build" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses UndefinedBehaviorSanitizer" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL checks for commits" - - type: "UnknownValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - - type: "UnknownValue" - feature: - type: "LgtmGradeFeature" - name: "The worst LGTM grade of a project" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs Bandit scans" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs Bandit scan checks for commits" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs GoSec scans" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs GoSec scans with rules" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs GoSec scan checks for commits" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs Pylint scans" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs Pylint scan checks for commits" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs Mypy scans" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs Mypy scan checks for commits" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "all_unknown" - expectedUnknownScore: true - expectedNotApplicableScore: false -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL scans" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses LGTM checks for commits" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses Dependabot" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses Snyk" - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "CVE-01" - cvss: null - references: [] - resolution: "UNKNOWN" - introduced: null - fixed: null - published: "2018-03-03" - - id: "CVE-02" - cvss: null - references: [] - resolution: "UNKNOWN" - introduced: null - fixed: null - published: "2020-10-28" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses GitHub as the main development platform" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses AddressSanitizer" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses MemorySanitizer" - - type: "UnknownValue" - feature: - type: "OwaspDependencyCheckUsageFeature" - name: "How OWASP Dependency Check is used" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project uses nohttp tool" - - type: "UnknownValue" - feature: - type: "LanguagesFeature" - name: "A set of programming languages" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses FindSecBugs" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project is included to OSS-Fuzz project" - - type: "UnknownValue" - feature: - type: "OwaspDependencyCheckCvssThreshold" - name: "A CVSS threshold for OWASP Dependency Check to fail the build" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If an open-source project uses UndefinedBehaviorSanitizer" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs CodeQL checks for commits" - - type: "UnknownValue" - feature: - type: "PackageManagersFeature" - name: "A set of package managers" - - type: "UnknownValue" - feature: - type: "LgtmGradeFeature" - name: "The worst LGTM grade of a project" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs Bandit scans" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs Bandit scan checks for commits" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs GoSec scans" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs GoSec scans with rules" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs GoSec scan checks for commits" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs Pylint scans" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs Pylint scan checks for commits" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs Mypy scans" - - type: "UnknownValue" - feature: - type: "BooleanFeature" - name: "If a project runs Mypy scan checks for commits" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "unknown security testing" - expectedUnknownScore: false - expectedNotApplicableScore: false -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - - type: "TestScoreValue" - score: "ProjectSecurityTestingScore" - value: 5.0 - unknown: false - notApplicable: false - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "unknown vulnerabilities" - expectedUnknownScore: false - expectedNotApplicableScore: false -- type: "StandardTestVector" - values: - - type: "TestScoreValue" - score: "ProjectSecurityTestingScore" - value: 0.0 - unknown: false - notApplicable: true - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "CVE-01" - cvss: null - references: [] - resolution: "UNKNOWN" - introduced: null - fixed: null - published: "2018-03-03" - - id: "CVE-02" - cvss: null - references: [] - resolution: "UNKNOWN" - introduced: null - fixed: null - published: "2020-10-28" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: null - expectedLabel: null - alias: "security testing not applicable" - expectedUnknownScore: false - expectedNotApplicableScore: true -- type: "StandardTestVector" - values: - - type: "TestScoreValue" - score: "ProjectSecurityTestingScore" - value: 1.0 - unknown: false - notApplicable: false - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "CVE-01" - cvss: null - references: [] - resolution: "UNKNOWN" - introduced: null - fixed: null - published: "2021-03-03" - - id: "CVE-02" - cvss: null - references: [] - resolution: "UNKNOWN" - introduced: null - fixed: null - published: "2022-10-28" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "bad testing and recent vulnerabilities" - expectedUnknownScore: false - expectedNotApplicableScore: false -- type: "StandardTestVector" - values: - - type: "TestScoreValue" - score: "ProjectSecurityTestingScore" - value: 1.0 - unknown: false - notApplicable: false - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "CVE-01" - cvss: null - references: [] - resolution: "UNKNOWN" - introduced: null - fixed: null - published: "2018-03-03" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 1.0 - openLeft: false - negativeInfinity: false - to: 3.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "bad testing and no recent vulnerabilities" - expectedUnknownScore: false - expectedNotApplicableScore: false -- type: "StandardTestVector" - values: - - type: "TestScoreValue" - score: "ProjectSecurityTestingScore" - value: 9.0 - unknown: false - notApplicable: false - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "CVE-01" - cvss: null - references: [] - resolution: "UNKNOWN" - introduced: null - fixed: null - published: "2020-03-03" - - id: "CVE-02" - cvss: null - references: [] - resolution: "UNKNOWN" - introduced: null - fixed: null - published: "2022-10-28" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 7.0 - openLeft: false - negativeInfinity: false - to: 9.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "good testing and recent vulnerabilities" - expectedUnknownScore: false - expectedNotApplicableScore: false -- type: "StandardTestVector" - values: - - type: "TestScoreValue" - score: "ProjectSecurityTestingScore" - value: 9.0 - unknown: false - notApplicable: false - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "CVE-01" - cvss: null - references: [] - resolution: "UNKNOWN" - introduced: null - fixed: null - published: "2018-03-03" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "good testing and no recent vulnerabilities" - expectedUnknownScore: false - expectedNotApplicableScore: false + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL scans" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses LGTM checks for commits" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses Dependabot" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses Snyk" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses AddressSanitizer" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses MemorySanitizer" + - type: "UnknownValue" + feature: + type: "OwaspDependencyCheckUsageFeature" + name: "How OWASP Dependency Check is used" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses nohttp tool" + - type: "UnknownValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses FindSecBugs" + - type: "UnknownValue" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is included to OSS-Fuzz project" + - type: "UnknownValue" + feature: + type: "OwaspDependencyCheckCvssThreshold" + name: "A CVSS threshold for OWASP Dependency Check to fail the build" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses UndefinedBehaviorSanitizer" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL checks for commits" + - type: "UnknownValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + - type: "UnknownValue" + feature: + type: "LgtmGradeFeature" + name: "The worst LGTM grade of a project" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs Bandit scans" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs Bandit scan checks for commits" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs GoSec scans" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs GoSec scans with rules" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs GoSec scan checks for commits" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs Pylint scans" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs Pylint scan checks for commits" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs Mypy scans" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs Mypy scan checks for commits" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "all_unknown" + expectedUnknownScore: true + expectedNotApplicableScore: false + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL scans" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses LGTM checks for commits" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses Dependabot" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses Snyk" + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "CVE-01" + cvss: null + references: [ ] + resolution: "UNKNOWN" + introduced: null + fixed: null + published: "2018-03-03" + - id: "CVE-02" + cvss: null + references: [ ] + resolution: "UNKNOWN" + introduced: null + fixed: null + published: "2020-10-28" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses GitHub as the main development platform" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses AddressSanitizer" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses MemorySanitizer" + - type: "UnknownValue" + feature: + type: "OwaspDependencyCheckUsageFeature" + name: "How OWASP Dependency Check is used" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project uses nohttp tool" + - type: "UnknownValue" + feature: + type: "LanguagesFeature" + name: "A set of programming languages" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses FindSecBugs" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project is included to OSS-Fuzz project" + - type: "UnknownValue" + feature: + type: "OwaspDependencyCheckCvssThreshold" + name: "A CVSS threshold for OWASP Dependency Check to fail the build" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If an open-source project uses UndefinedBehaviorSanitizer" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs CodeQL checks for commits" + - type: "UnknownValue" + feature: + type: "PackageManagersFeature" + name: "A set of package managers" + - type: "UnknownValue" + feature: + type: "LgtmGradeFeature" + name: "The worst LGTM grade of a project" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs Bandit scans" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs Bandit scan checks for commits" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs GoSec scans" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs GoSec scans with rules" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs GoSec scan checks for commits" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs Pylint scans" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs Pylint scan checks for commits" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs Mypy scans" + - type: "UnknownValue" + feature: + type: "BooleanFeature" + name: "If a project runs Mypy scan checks for commits" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "unknown security testing" + expectedUnknownScore: false + expectedNotApplicableScore: false + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + - type: "TestScoreValue" + score: "ProjectSecurityTestingScore" + value: 5.0 + unknown: false + notApplicable: false + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "unknown vulnerabilities" + expectedUnknownScore: false + expectedNotApplicableScore: false + - type: "StandardTestVector" + values: + - type: "TestScoreValue" + score: "ProjectSecurityTestingScore" + value: 0.0 + unknown: false + notApplicable: true + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "CVE-01" + cvss: null + references: [ ] + resolution: "UNKNOWN" + introduced: null + fixed: null + published: "2018-03-03" + - id: "CVE-02" + cvss: null + references: [ ] + resolution: "UNKNOWN" + introduced: null + fixed: null + published: "2020-10-28" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: null + expectedLabel: null + alias: "security testing not applicable" + expectedUnknownScore: false + expectedNotApplicableScore: true + - type: "StandardTestVector" + values: + - type: "TestScoreValue" + score: "ProjectSecurityTestingScore" + value: 1.0 + unknown: false + notApplicable: false + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "CVE-01" + cvss: null + references: [ ] + resolution: "UNKNOWN" + introduced: null + fixed: null + published: "2021-03-03" + - id: "CVE-02" + cvss: null + references: [ ] + resolution: "UNKNOWN" + introduced: null + fixed: null + published: "2022-10-28" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "bad testing and recent vulnerabilities" + expectedUnknownScore: false + expectedNotApplicableScore: false + - type: "StandardTestVector" + values: + - type: "TestScoreValue" + score: "ProjectSecurityTestingScore" + value: 1.0 + unknown: false + notApplicable: false + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "CVE-01" + cvss: null + references: [ ] + resolution: "UNKNOWN" + introduced: null + fixed: null + published: "2018-03-03" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 1.0 + openLeft: false + negativeInfinity: false + to: 3.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "bad testing and no recent vulnerabilities" + expectedUnknownScore: false + expectedNotApplicableScore: false + - type: "StandardTestVector" + values: + - type: "TestScoreValue" + score: "ProjectSecurityTestingScore" + value: 9.0 + unknown: false + notApplicable: false + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "CVE-01" + cvss: null + references: [ ] + resolution: "UNKNOWN" + introduced: null + fixed: null + published: "2020-03-03" + - id: "CVE-02" + cvss: null + references: [ ] + resolution: "UNKNOWN" + introduced: null + fixed: null + published: "2022-10-28" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 7.0 + openLeft: false + negativeInfinity: false + to: 9.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "good testing and recent vulnerabilities" + expectedUnknownScore: false + expectedNotApplicableScore: false + - type: "StandardTestVector" + values: + - type: "TestScoreValue" + score: "ProjectSecurityTestingScore" + value: 9.0 + unknown: false + notApplicable: false + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "CVE-01" + cvss: null + references: [ ] + resolution: "UNKNOWN" + introduced: null + fixed: null + published: "2018-03-03" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "good testing and no recent vulnerabilities" + expectedUnknownScore: false + expectedNotApplicableScore: false diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityLifetimeScoreTestVectors.yml b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityLifetimeScoreTestVectors.yml index 554ed02d8..56cc27329 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityLifetimeScoreTestVectors.yml +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/model/score/oss/VulnerabilityLifetimeScoreTestVectors.yml @@ -1,528 +1,528 @@ --- -defaults: [] +defaults: [ ] elements: -- type: "StandardTestVector" - values: - - type: "UnknownValue" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 1.0 - openRight: false - positiveInfinity: false - expectedUnknownScore: true - expectedLabel: null - alias: "all_unknown" -- type: "StandardTestVector" - values: - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: [] - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "no_vulnerabilities" -- type: "StandardTestVector" - values: - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "VULN-123-1" - cvss: - version: "V3" - value: 10.0 - references: [] - resolution: "PATCHED" - introduced: "2019-01-01" - fixed: "2019-01-07" - - id: "VULN-124-2" - cvss: - version: "V3" - value: 9.0 - references: [] - resolution: "PATCHED" - introduced: "2018-02-01" - fixed: "2018-02-07" - - id: "VULN-130-8" - cvss: - version: "V3" - value: 3.0 - references: [] - resolution: "PATCHED" - introduced: "2017-01-01" - fixed: "2017-01-07" - - id: "VULN-125-3" - cvss: - version: "V3" - value: 8.0 - references: [] - resolution: "PATCHED" - introduced: "2017-03-01" - fixed: "2017-03-07" - - id: "VULN-131-9" - cvss: - version: "V3" - value: 2.0 - references: [] - resolution: "PATCHED" - introduced: "2016-02-01" - fixed: "2016-02-07" - - id: "VULN-132-10" - cvss: - version: "V3" - value: 1.0 - references: [] - resolution: "PATCHED" - introduced: "2015-03-01" - fixed: "2015-03-07" - - id: "VULN-126-4" - cvss: - version: "V3" - value: 7.0 - references: [] - resolution: "PATCHED" - introduced: "2016-04-01" - fixed: "2016-04-07" - - id: "VULN-127-5" - cvss: - version: "V3" - value: 6.0 - references: [] - resolution: "PATCHED" - introduced: "2015-05-01" - fixed: "2015-05-07" - - id: "VULN-128-6" - cvss: - version: "V3" - value: 5.0 - references: [] - resolution: "PATCHED" - introduced: "2019-06-01" - fixed: "2019-06-07" - - id: "VULN-129-7" - cvss: - version: "V3" - value: 4.0 - references: [] - resolution: "PATCHED" - introduced: "2018-07-01" - fixed: "2018-07-07" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 9.0 - openLeft: false - negativeInfinity: false - to: 10.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_3" -- type: "StandardTestVector" - values: - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "VULN-142-20" - cvss: - version: "V3" - value: 1.0 - references: [] - resolution: "PATCHED" - introduced: "2018-03-01" - fixed: "2018-04-01" - - id: "VULN-133-11" - cvss: - version: "V3" - value: 10.0 - references: [] - resolution: "PATCHED" - introduced: "2019-01-01" - fixed: "2019-02-01" - - id: "VULN-134-12" - cvss: - version: "V3" - value: 9.0 - references: [] - resolution: "PATCHED" - introduced: "2018-02-01" - fixed: "2018-03-01" - - id: "VULN-135-13" - cvss: - version: "V3" - value: 8.0 - references: [] - resolution: "PATCHED" - introduced: "2017-03-01" - fixed: "2017-04-01" - - id: "VULN-136-14" - cvss: - version: "V3" - value: 7.0 - references: [] - resolution: "PATCHED" - introduced: "2016-04-01" - fixed: "2016-05-01" - - id: "VULN-137-15" - cvss: - version: "V3" - value: 6.0 - references: [] - resolution: "PATCHED" - introduced: "2019-05-01" - fixed: "2019-06-01" - - id: "VULN-138-16" - cvss: - version: "V3" - value: 5.0 - references: [] - resolution: "PATCHED" - introduced: "2018-06-01" - fixed: "2018-07-01" - - id: "VULN-139-17" - cvss: - version: "V3" - value: 4.0 - references: [] - resolution: "PATCHED" - introduced: "2017-07-01" - fixed: "2017-08-01" - - id: "VULN-140-18" - cvss: - version: "V3" - value: 3.0 - references: [] - resolution: "PATCHED" - introduced: "2016-01-01" - fixed: "2016-02-01" - - id: "VULN-141-19" - cvss: - version: "V3" - value: 2.0 - references: [] - resolution: "PATCHED" - introduced: "2019-02-01" - fixed: "2019-03-01" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 7.0 - openLeft: false - negativeInfinity: false - to: 9.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_4" -- type: "StandardTestVector" - values: - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "VULN-152-30" - cvss: - version: "V3" - value: 1.0 - references: [] - resolution: "PATCHED" - introduced: "2018-03-01" - fixed: "2018-06-01" - - id: "VULN-143-21" - cvss: - version: "V3" - value: 10.0 - references: [] - resolution: "PATCHED" - introduced: "2019-01-01" - fixed: "2019-04-01" - - id: "VULN-144-22" - cvss: - version: "V3" - value: 9.0 - references: [] - resolution: "PATCHED" - introduced: "2018-02-01" - fixed: "2018-05-01" - - id: "VULN-145-23" - cvss: - version: "V3" - value: 8.0 - references: [] - resolution: "PATCHED" - introduced: "2017-03-01" - fixed: "2017-06-01" - - id: "VULN-146-24" - cvss: - version: "V3" - value: 7.0 - references: [] - resolution: "PATCHED" - introduced: "2016-04-01" - fixed: "2016-07-01" - - id: "VULN-147-25" - cvss: - version: "V3" - value: 6.0 - references: [] - resolution: "PATCHED" - introduced: "2019-05-01" - fixed: "2019-08-01" - - id: "VULN-148-26" - cvss: - version: "V3" - value: 5.0 - references: [] - resolution: "PATCHED" - introduced: "2018-06-01" - fixed: "2018-09-01" - - id: "VULN-149-27" - cvss: - version: "V3" - value: 4.0 - references: [] - resolution: "PATCHED" - introduced: "2017-07-01" - fixed: "2017-10-01" - - id: "VULN-150-28" - cvss: - version: "V3" - value: 3.0 - references: [] - resolution: "PATCHED" - introduced: "2016-01-01" - fixed: "2016-04-01" - - id: "VULN-151-29" - cvss: - version: "V3" - value: 2.0 - references: [] - resolution: "PATCHED" - introduced: "2019-02-01" - fixed: "2019-05-01" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 4.0 - openLeft: false - negativeInfinity: false - to: 6.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_5" -- type: "StandardTestVector" - values: - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "VULN-162-40" - cvss: - version: "V3" - value: 1.0 - references: [] - resolution: "PATCHED" - introduced: "2018-04-01" - fixed: "2018-10-01" - - id: "VULN-153-31" - cvss: - version: "V3" - value: 10.0 - references: [] - resolution: "PATCHED" - introduced: "2019-01-01" - fixed: "2019-07-01" - - id: "VULN-154-32" - cvss: - version: "V3" - value: 9.0 - references: [] - resolution: "PATCHED" - introduced: "2018-02-01" - fixed: "2018-08-01" - - id: "VULN-155-33" - cvss: - version: "V3" - value: 8.0 - references: [] - resolution: "PATCHED" - introduced: "2017-03-01" - fixed: "2017-09-01" - - id: "VULN-156-34" - cvss: - version: "V3" - value: 7.0 - references: [] - resolution: "PATCHED" - introduced: "2016-04-01" - fixed: "2016-10-01" - - id: "VULN-157-35" - cvss: - version: "V3" - value: 6.0 - references: [] - resolution: "PATCHED" - introduced: "2019-05-01" - fixed: "2019-11-01" - - id: "VULN-158-36" - cvss: - version: "V3" - value: 5.0 - references: [] - resolution: "PATCHED" - introduced: "2018-06-01" - fixed: "2018-12-01" - - id: "VULN-159-37" - cvss: - version: "V3" - value: 4.0 - references: [] - resolution: "PATCHED" - introduced: "2017-01-01" - fixed: "2017-07-01" - - id: "VULN-161-39" - cvss: - version: "V3" - value: 2.0 - references: [] - resolution: "PATCHED" - introduced: "2019-03-01" - fixed: "2019-09-01" - - id: "VULN-160-38" - cvss: - version: "V3" - value: 3.0 - references: [] - resolution: "PATCHED" - introduced: "2016-02-01" - fixed: "2016-08-01" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 1.0 - openLeft: false - negativeInfinity: false - to: 4.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_6" -- type: "StandardTestVector" - values: - - type: "VulnerabilitiesValue" - vulnerabilities: - entries: - - id: "VULN-163-41" - cvss: - version: "V3" - value: 10.0 - references: [] - resolution: "PATCHED" - introduced: "2019-01-01" - fixed: "2020-01-01" - - id: "VULN-164-42" - cvss: - version: "V3" - value: 9.0 - references: [] - resolution: "PATCHED" - introduced: "2018-02-01" - fixed: "2019-02-01" - - id: "VULN-165-43" - cvss: - version: "V3" - value: 8.0 - references: [] - resolution: "PATCHED" - introduced: "2017-03-01" - fixed: "2018-03-01" - - id: "VULN-166-44" - cvss: - version: "V3" - value: 7.0 - references: [] - resolution: "PATCHED" - introduced: "2015-04-01" - fixed: "2016-04-01" - - id: "VULN-167-45" - cvss: - version: "V3" - value: 6.0 - references: [] - resolution: "PATCHED" - introduced: "2016-05-01" - fixed: "2017-05-01" - - id: "VULN-168-46" - cvss: - version: "V3" - value: 5.0 - references: [] - resolution: "PATCHED" - introduced: "2016-06-01" - fixed: "2017-06-01" - - id: "VULN-169-47" - cvss: - version: "V3" - value: 4.0 - references: [] - resolution: "PATCHED" - introduced: "2018-07-01" - fixed: "2019-07-01" - - id: "VULN-171-49" - cvss: - version: "V3" - value: 2.0 - references: [] - resolution: "PATCHED" - introduced: "2016-02-01" - fixed: "2017-02-01" - - id: "VULN-170-48" - cvss: - version: "V3" - value: 3.0 - references: [] - resolution: "PATCHED" - introduced: "2017-01-01" - fixed: "2018-01-01" - - id: "VULN-172-50" - cvss: - version: "V3" - value: 1.0 - references: [] - resolution: "PATCHED" - introduced: "2018-03-01" - fixed: "2019-03-01" - feature: - type: "VulnerabilitiesFeature" - name: "Info about vulnerabilities in open-source project" - expectedScore: - type: "DoubleInterval" - from: 0.0 - openLeft: false - negativeInfinity: false - to: 2.0 - openRight: false - positiveInfinity: false - expectedLabel: null - alias: "test_vector_7" + - type: "StandardTestVector" + values: + - type: "UnknownValue" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 1.0 + openRight: false + positiveInfinity: false + expectedUnknownScore: true + expectedLabel: null + alias: "all_unknown" + - type: "StandardTestVector" + values: + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: [ ] + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "no_vulnerabilities" + - type: "StandardTestVector" + values: + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "VULN-123-1" + cvss: + version: "V3" + value: 10.0 + references: [ ] + resolution: "PATCHED" + introduced: "2019-01-01" + fixed: "2019-01-07" + - id: "VULN-124-2" + cvss: + version: "V3" + value: 9.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-02-01" + fixed: "2018-02-07" + - id: "VULN-130-8" + cvss: + version: "V3" + value: 3.0 + references: [ ] + resolution: "PATCHED" + introduced: "2017-01-01" + fixed: "2017-01-07" + - id: "VULN-125-3" + cvss: + version: "V3" + value: 8.0 + references: [ ] + resolution: "PATCHED" + introduced: "2017-03-01" + fixed: "2017-03-07" + - id: "VULN-131-9" + cvss: + version: "V3" + value: 2.0 + references: [ ] + resolution: "PATCHED" + introduced: "2016-02-01" + fixed: "2016-02-07" + - id: "VULN-132-10" + cvss: + version: "V3" + value: 1.0 + references: [ ] + resolution: "PATCHED" + introduced: "2015-03-01" + fixed: "2015-03-07" + - id: "VULN-126-4" + cvss: + version: "V3" + value: 7.0 + references: [ ] + resolution: "PATCHED" + introduced: "2016-04-01" + fixed: "2016-04-07" + - id: "VULN-127-5" + cvss: + version: "V3" + value: 6.0 + references: [ ] + resolution: "PATCHED" + introduced: "2015-05-01" + fixed: "2015-05-07" + - id: "VULN-128-6" + cvss: + version: "V3" + value: 5.0 + references: [ ] + resolution: "PATCHED" + introduced: "2019-06-01" + fixed: "2019-06-07" + - id: "VULN-129-7" + cvss: + version: "V3" + value: 4.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-07-01" + fixed: "2018-07-07" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 9.0 + openLeft: false + negativeInfinity: false + to: 10.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_3" + - type: "StandardTestVector" + values: + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "VULN-142-20" + cvss: + version: "V3" + value: 1.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-03-01" + fixed: "2018-04-01" + - id: "VULN-133-11" + cvss: + version: "V3" + value: 10.0 + references: [ ] + resolution: "PATCHED" + introduced: "2019-01-01" + fixed: "2019-02-01" + - id: "VULN-134-12" + cvss: + version: "V3" + value: 9.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-02-01" + fixed: "2018-03-01" + - id: "VULN-135-13" + cvss: + version: "V3" + value: 8.0 + references: [ ] + resolution: "PATCHED" + introduced: "2017-03-01" + fixed: "2017-04-01" + - id: "VULN-136-14" + cvss: + version: "V3" + value: 7.0 + references: [ ] + resolution: "PATCHED" + introduced: "2016-04-01" + fixed: "2016-05-01" + - id: "VULN-137-15" + cvss: + version: "V3" + value: 6.0 + references: [ ] + resolution: "PATCHED" + introduced: "2019-05-01" + fixed: "2019-06-01" + - id: "VULN-138-16" + cvss: + version: "V3" + value: 5.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-06-01" + fixed: "2018-07-01" + - id: "VULN-139-17" + cvss: + version: "V3" + value: 4.0 + references: [ ] + resolution: "PATCHED" + introduced: "2017-07-01" + fixed: "2017-08-01" + - id: "VULN-140-18" + cvss: + version: "V3" + value: 3.0 + references: [ ] + resolution: "PATCHED" + introduced: "2016-01-01" + fixed: "2016-02-01" + - id: "VULN-141-19" + cvss: + version: "V3" + value: 2.0 + references: [ ] + resolution: "PATCHED" + introduced: "2019-02-01" + fixed: "2019-03-01" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 7.0 + openLeft: false + negativeInfinity: false + to: 9.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_4" + - type: "StandardTestVector" + values: + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "VULN-152-30" + cvss: + version: "V3" + value: 1.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-03-01" + fixed: "2018-06-01" + - id: "VULN-143-21" + cvss: + version: "V3" + value: 10.0 + references: [ ] + resolution: "PATCHED" + introduced: "2019-01-01" + fixed: "2019-04-01" + - id: "VULN-144-22" + cvss: + version: "V3" + value: 9.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-02-01" + fixed: "2018-05-01" + - id: "VULN-145-23" + cvss: + version: "V3" + value: 8.0 + references: [ ] + resolution: "PATCHED" + introduced: "2017-03-01" + fixed: "2017-06-01" + - id: "VULN-146-24" + cvss: + version: "V3" + value: 7.0 + references: [ ] + resolution: "PATCHED" + introduced: "2016-04-01" + fixed: "2016-07-01" + - id: "VULN-147-25" + cvss: + version: "V3" + value: 6.0 + references: [ ] + resolution: "PATCHED" + introduced: "2019-05-01" + fixed: "2019-08-01" + - id: "VULN-148-26" + cvss: + version: "V3" + value: 5.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-06-01" + fixed: "2018-09-01" + - id: "VULN-149-27" + cvss: + version: "V3" + value: 4.0 + references: [ ] + resolution: "PATCHED" + introduced: "2017-07-01" + fixed: "2017-10-01" + - id: "VULN-150-28" + cvss: + version: "V3" + value: 3.0 + references: [ ] + resolution: "PATCHED" + introduced: "2016-01-01" + fixed: "2016-04-01" + - id: "VULN-151-29" + cvss: + version: "V3" + value: 2.0 + references: [ ] + resolution: "PATCHED" + introduced: "2019-02-01" + fixed: "2019-05-01" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 4.0 + openLeft: false + negativeInfinity: false + to: 6.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_5" + - type: "StandardTestVector" + values: + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "VULN-162-40" + cvss: + version: "V3" + value: 1.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-04-01" + fixed: "2018-10-01" + - id: "VULN-153-31" + cvss: + version: "V3" + value: 10.0 + references: [ ] + resolution: "PATCHED" + introduced: "2019-01-01" + fixed: "2019-07-01" + - id: "VULN-154-32" + cvss: + version: "V3" + value: 9.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-02-01" + fixed: "2018-08-01" + - id: "VULN-155-33" + cvss: + version: "V3" + value: 8.0 + references: [ ] + resolution: "PATCHED" + introduced: "2017-03-01" + fixed: "2017-09-01" + - id: "VULN-156-34" + cvss: + version: "V3" + value: 7.0 + references: [ ] + resolution: "PATCHED" + introduced: "2016-04-01" + fixed: "2016-10-01" + - id: "VULN-157-35" + cvss: + version: "V3" + value: 6.0 + references: [ ] + resolution: "PATCHED" + introduced: "2019-05-01" + fixed: "2019-11-01" + - id: "VULN-158-36" + cvss: + version: "V3" + value: 5.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-06-01" + fixed: "2018-12-01" + - id: "VULN-159-37" + cvss: + version: "V3" + value: 4.0 + references: [ ] + resolution: "PATCHED" + introduced: "2017-01-01" + fixed: "2017-07-01" + - id: "VULN-161-39" + cvss: + version: "V3" + value: 2.0 + references: [ ] + resolution: "PATCHED" + introduced: "2019-03-01" + fixed: "2019-09-01" + - id: "VULN-160-38" + cvss: + version: "V3" + value: 3.0 + references: [ ] + resolution: "PATCHED" + introduced: "2016-02-01" + fixed: "2016-08-01" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 1.0 + openLeft: false + negativeInfinity: false + to: 4.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_6" + - type: "StandardTestVector" + values: + - type: "VulnerabilitiesValue" + vulnerabilities: + entries: + - id: "VULN-163-41" + cvss: + version: "V3" + value: 10.0 + references: [ ] + resolution: "PATCHED" + introduced: "2019-01-01" + fixed: "2020-01-01" + - id: "VULN-164-42" + cvss: + version: "V3" + value: 9.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-02-01" + fixed: "2019-02-01" + - id: "VULN-165-43" + cvss: + version: "V3" + value: 8.0 + references: [ ] + resolution: "PATCHED" + introduced: "2017-03-01" + fixed: "2018-03-01" + - id: "VULN-166-44" + cvss: + version: "V3" + value: 7.0 + references: [ ] + resolution: "PATCHED" + introduced: "2015-04-01" + fixed: "2016-04-01" + - id: "VULN-167-45" + cvss: + version: "V3" + value: 6.0 + references: [ ] + resolution: "PATCHED" + introduced: "2016-05-01" + fixed: "2017-05-01" + - id: "VULN-168-46" + cvss: + version: "V3" + value: 5.0 + references: [ ] + resolution: "PATCHED" + introduced: "2016-06-01" + fixed: "2017-06-01" + - id: "VULN-169-47" + cvss: + version: "V3" + value: 4.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-07-01" + fixed: "2019-07-01" + - id: "VULN-171-49" + cvss: + version: "V3" + value: 2.0 + references: [ ] + resolution: "PATCHED" + introduced: "2016-02-01" + fixed: "2017-02-01" + - id: "VULN-170-48" + cvss: + version: "V3" + value: 3.0 + references: [ ] + resolution: "PATCHED" + introduced: "2017-01-01" + fixed: "2018-01-01" + - id: "VULN-172-50" + cvss: + version: "V3" + value: 1.0 + references: [ ] + resolution: "PATCHED" + introduced: "2018-03-01" + fixed: "2019-03-01" + feature: + type: "VulnerabilitiesFeature" + name: "Info about vulnerabilities in open-source project" + expectedScore: + type: "DoubleInterval" + from: 0.0 + openLeft: false + negativeInfinity: false + to: 2.0 + openRight: false + positiveInfinity: false + expectedLabel: null + alias: "test_vector_7" diff --git a/src/test/resources/com/sap/oss/phosphor/fosstars/nvd/NVD_part.json b/src/test/resources/com/sap/oss/phosphor/fosstars/nvd/NVD_part.json index 6d702108d..144b8fbd5 100644 --- a/src/test/resources/com/sap/oss/phosphor/fosstars/nvd/NVD_part.json +++ b/src/test/resources/com/sap/oss/phosphor/fosstars/nvd/NVD_part.json @@ -6,253 +6,307 @@ "CVE_data_timestamp": "2020-04-02T08:25Z", "CVE_Items": [ { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2020-9547", - "ASSIGNER" : "cve@mitre.org" + "cve": { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2020-9547", + "ASSIGNER": "cve@mitre.org" }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "en", - "value" : "CWE-502" - } ] - } ] + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ] }, - "references" : { - "reference_data" : [ { - "url" : "https://github.com/FasterXML/jackson-databind/issues/2634", - "name" : "https://github.com/FasterXML/jackson-databind/issues/2634", - "refsource" : "MISC", - "tags" : [ "Third Party Advisory" ] - }, { - "url" : "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E", - "name" : "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", - "refsource" : "MLIST", - "tags" : [ ] - }, { - "url" : "https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1@%3Cnotifications.zookeeper.apache.org%3E", - "name" : "https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1@%3Cnotifications.zookeeper.apache.org%3E", - "refsource" : "MISC", - "tags" : [ ] - }, { - "url" : "https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a@%3Cnotifications.zookeeper.apache.org%3E", - "name" : "https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a@%3Cnotifications.zookeeper.apache.org%3E", - "refsource" : "MISC", - "tags" : [ ] - }, { - "url" : "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E", - "name" : "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E", - "refsource" : "MISC", - "tags" : [ ] - }, { - "url" : "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E", - "name" : "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", - "refsource" : "MLIST", - "tags" : [ ] - }, { - "url" : "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E", - "name" : "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", - "refsource" : "MLIST", - "tags" : [ ] - }, { - "url" : "https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6@%3Cnotifications.zookeeper.apache.org%3E", - "name" : "https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6@%3Cnotifications.zookeeper.apache.org%3E", - "refsource" : "MISC", - "tags" : [ ] - }, { - "url" : "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E", - "name" : "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", - "refsource" : "MLIST", - "tags" : [ ] - }, { - "url" : "https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab@%3Cnotifications.zookeeper.apache.org%3E", - "name" : "https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab@%3Cnotifications.zookeeper.apache.org%3E", - "refsource" : "MISC", - "tags" : [ ] - }, { - "url" : "https://lists.apache.org/thread.html/rd0e958d6d5c5ee16efed73314cd0e445c8dbb4bdcc80fc9d1d6c11fc@%3Cdev.zookeeper.apache.org%3E", - "name" : "[zookeeper-dev] 20200307 Build failed in Jenkins: PreCommit-ZOOKEEPER-github-pr-build-maven #1898", - "refsource" : "MLIST", - "tags" : [ ] - }, { - "url" : "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E", - "name" : "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", - "refsource" : "MLIST", - "tags" : [ ] - }, { - "url" : "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E", - "name" : "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", - "refsource" : "MLIST", - "tags" : [ ] - }, { - "url" : "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E", - "name" : "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", - "refsource" : "MLIST", - "tags" : [ ] - }, { - "url" : "https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428@%3Cnotifications.zookeeper.apache.org%3E", - "name" : "https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428@%3Cnotifications.zookeeper.apache.org%3E", - "refsource" : "MISC", - "tags" : [ ] - }, { - "url" : "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html", - "name" : "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update", - "refsource" : "MLIST", - "tags" : [ ] - }, { - "url" : "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "name" : "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", - "refsource" : "MISC", - "tags" : [ "Third Party Advisory" ] - } ] + "references": { + "reference_data": [ + { + "url": "https://github.com/FasterXML/jackson-databind/issues/2634", + "name": "https://github.com/FasterXML/jackson-databind/issues/2634", + "refsource": "MISC", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E", + "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", + "refsource": "MLIST", + "tags": [] + }, + { + "url": "https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1@%3Cnotifications.zookeeper.apache.org%3E", + "name": "https://lists.apache.org/thread.html/r4accb2e0de9679174efd3d113a059bab71ff3ec53e882790d21c1cc1@%3Cnotifications.zookeeper.apache.org%3E", + "refsource": "MISC", + "tags": [] + }, + { + "url": "https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a@%3Cnotifications.zookeeper.apache.org%3E", + "name": "https://lists.apache.org/thread.html/r742ef70d126548dcf7de5be5779355c9d76a9aec71d7a9ef02c6398a@%3Cnotifications.zookeeper.apache.org%3E", + "refsource": "MISC", + "tags": [] + }, + { + "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E", + "name": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E", + "refsource": "MISC", + "tags": [] + }, + { + "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E", + "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", + "refsource": "MLIST", + "tags": [] + }, + { + "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E", + "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", + "refsource": "MLIST", + "tags": [] + }, + { + "url": "https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6@%3Cnotifications.zookeeper.apache.org%3E", + "name": "https://lists.apache.org/thread.html/ra3e90712f2d59f8cef03fa796f5adf163d32b81fe7b95385f21790e6@%3Cnotifications.zookeeper.apache.org%3E", + "refsource": "MISC", + "tags": [] + }, + { + "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E", + "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", + "refsource": "MLIST", + "tags": [] + }, + { + "url": "https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab@%3Cnotifications.zookeeper.apache.org%3E", + "name": "https://lists.apache.org/thread.html/rc0d5d0f72da1ed6fc5e438b1ddb3fa090c73006b55f873cf845375ab@%3Cnotifications.zookeeper.apache.org%3E", + "refsource": "MISC", + "tags": [] + }, + { + "url": "https://lists.apache.org/thread.html/rd0e958d6d5c5ee16efed73314cd0e445c8dbb4bdcc80fc9d1d6c11fc@%3Cdev.zookeeper.apache.org%3E", + "name": "[zookeeper-dev] 20200307 Build failed in Jenkins: PreCommit-ZOOKEEPER-github-pr-build-maven #1898", + "refsource": "MLIST", + "tags": [] + }, + { + "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E", + "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", + "refsource": "MLIST", + "tags": [] + }, + { + "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E", + "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", + "refsource": "MLIST", + "tags": [] + }, + { + "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E", + "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546", + "refsource": "MLIST", + "tags": [] + }, + { + "url": "https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428@%3Cnotifications.zookeeper.apache.org%3E", + "name": "https://lists.apache.org/thread.html/redbe4f1e21bf080f637cf9fbec47729750a2f443a919765360337428@%3Cnotifications.zookeeper.apache.org%3E", + "refsource": "MISC", + "tags": [] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html", + "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update", + "refsource": "MLIST", + "tags": [] + }, + { + "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062", + "refsource": "MISC", + "tags": [ + "Third Party Advisory" + ] + } + ] }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap)." - } ] + "description": { + "description_data": [ + { + "lang": "en", + "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap)." + } + ] } }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", - "versionStartIncluding" : "2.0.0", - "versionEndExcluding" : "2.9.10.4" - } ] - } ] + "configurations": { + "CVE_data_version": "4.0", + "nodes": [ + { + "operator": "OR", + "cpe_match": [ + { + "vulnerable": true, + "cpe23Uri": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "2.9.10.4" + } + ] + } + ] }, - "impact" : { - "baseMetricV3" : { - "cvssV3" : { - "version" : "3.1", - "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector" : "NETWORK", - "attackComplexity" : "LOW", - "privilegesRequired" : "NONE", - "userInteraction" : "NONE", - "scope" : "UNCHANGED", - "confidentialityImpact" : "HIGH", - "integrityImpact" : "HIGH", - "availabilityImpact" : "HIGH", - "baseScore" : 9.8, - "baseSeverity" : "CRITICAL" + "impact": { + "baseMetricV3": { + "cvssV3": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" }, - "exploitabilityScore" : 3.9, - "impactScore" : 5.9 + "exploitabilityScore": 3.9, + "impactScore": 5.9 }, - "baseMetricV2" : { - "cvssV2" : { - "version" : "2.0", - "vectorString" : "AV:N/AC:M/Au:N/C:P/I:P/A:P", - "accessVector" : "NETWORK", - "accessComplexity" : "MEDIUM", - "authentication" : "NONE", - "confidentialityImpact" : "PARTIAL", - "integrityImpact" : "PARTIAL", - "availabilityImpact" : "PARTIAL", - "baseScore" : 6.8 + "baseMetricV2": { + "cvssV2": { + "version": "2.0", + "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "MEDIUM", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.8 }, - "severity" : "MEDIUM", - "exploitabilityScore" : 8.6, - "impactScore" : 6.4, - "acInsufInfo" : false, - "obtainAllPrivilege" : false, - "obtainUserPrivilege" : false, - "obtainOtherPrivilege" : false, - "userInteractionRequired" : false + "severity": "MEDIUM", + "exploitabilityScore": 8.6, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false } }, - "publishedDate" : "2020-03-02T04:15Z", - "lastModifiedDate" : "2020-03-06T01:15Z" - }, { - "cve" : { - "data_type" : "CVE", - "data_format" : "MITRE", - "data_version" : "4.0", - "CVE_data_meta" : { - "ID" : "CVE-2014-0171", - "ASSIGNER" : "cve@mitre.org" + "publishedDate": "2020-03-02T04:15Z", + "lastModifiedDate": "2020-03-06T01:15Z" + }, + { + "cve": { + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2014-0171", + "ASSIGNER": "cve@mitre.org" }, - "problemtype" : { - "problemtype_data" : [ { - "description" : [ { - "lang" : "en", - "value" : "NVD-CWE-Other" - } ] - } ] + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ] }, - "references" : { - "reference_data" : [ { - "url" : "http://rhn.redhat.com/errata/RHSA-2015-0034.html", - "name" : "RHSA-2015:0034", - "refsource" : "REDHAT", - "tags" : [ "Vendor Advisory" ] - }, { - "url" : "https://issues.jboss.org/browse/TEIID-2911", - "name" : "https://issues.jboss.org/browse/TEIID-2911", - "refsource" : "CONFIRM", - "tags" : [ "Exploit" ] - } ] + "references": { + "reference_data": [ + { + "url": "http://rhn.redhat.com/errata/RHSA-2015-0034.html", + "name": "RHSA-2015:0034", + "refsource": "REDHAT", + "tags": [ + "Vendor Advisory" + ] + }, + { + "url": "https://issues.jboss.org/browse/TEIID-2911", + "name": "https://issues.jboss.org/browse/TEIID-2911", + "refsource": "CONFIRM", + "tags": [ + "Exploit" + ] + } + ] }, - "description" : { - "description_data" : [ { - "lang" : "en", - "value" : "XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint." - }, { - "lang" : "en", - "value" : "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')" - } ] + "description": { + "description_data": [ + { + "lang": "en", + "value": "XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint." + }, + { + "lang": "en", + "value": "CWE-611: Improper Restriction of XML External Entity Reference ('XXE')" + } + ] } }, - "configurations" : { - "CVE_data_version" : "4.0", - "nodes" : [ { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:redhat:jboss_data_virtualization:*:*:*:*:*:*:*:*", - "versionEndIncluding" : "6.0.0" - } ] - }, { - "operator" : "OR", - "cpe_match" : [ { - "vulnerable" : true, - "cpe23Uri" : "cpe:2.3:a:odata4j_project:odata4j:-:*:*:*:*:*:*:*" - } ] - } ] + "configurations": { + "CVE_data_version": "4.0", + "nodes": [ + { + "operator": "OR", + "cpe_match": [ + { + "vulnerable": true, + "cpe23Uri": "cpe:2.3:a:redhat:jboss_data_virtualization:*:*:*:*:*:*:*:*", + "versionEndIncluding": "6.0.0" + } + ] + }, + { + "operator": "OR", + "cpe_match": [ + { + "vulnerable": true, + "cpe23Uri": "cpe:2.3:a:odata4j_project:odata4j:-:*:*:*:*:*:*:*" + } + ] + } + ] }, - "impact" : { - "baseMetricV2" : { - "cvssV2" : { - "version" : "2.0", - "vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", - "accessVector" : "NETWORK", - "accessComplexity" : "LOW", - "authentication" : "NONE", - "confidentialityImpact" : "PARTIAL", - "integrityImpact" : "NONE", - "availabilityImpact" : "NONE", - "baseScore" : 5.0 + "impact": { + "baseMetricV2": { + "cvssV2": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0 }, - "severity" : "MEDIUM", - "exploitabilityScore" : 10.0, - "impactScore" : 2.9, - "obtainAllPrivilege" : false, - "obtainUserPrivilege" : false, - "obtainOtherPrivilege" : false, - "userInteractionRequired" : false + "severity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false } }, - "publishedDate" : "2015-01-15T15:59Z", - "lastModifiedDate" : "2020-03-26T19:33Z" + "publishedDate": "2015-01-15T15:59Z", + "lastModifiedDate": "2020-03-26T19:33Z" } ] } diff --git a/src/test/shell/tool/github/OssRulesOfPlayRatingMarkdownFormatter.config.yml b/src/test/shell/tool/github/OssRulesOfPlayRatingMarkdownFormatter.config.yml index cfde06fbb..43cc62ceb 100644 --- a/src/test/shell/tool/github/OssRulesOfPlayRatingMarkdownFormatter.config.yml +++ b/src/test/shell/tool/github/OssRulesOfPlayRatingMarkdownFormatter.config.yml @@ -17,7 +17,7 @@ ruleIds: rl-reuse_tool-2: If a project has a LICENSES folder with licenses rl-reuse_tool-3: If a project is registered in REUSE rl-reuse_tool-4: If a project is compliant with REUSE rules - rl-code_scan_alerts-2: If a project runs CodeQL checks for commits + rl-code_scan_alerts-2: If a project runs CodeQL checks for commits rl-code_scan_alerts-1: If a project runs CodeQL scans rl-security_policy-1: If an open-source project has a security policy rl-code_of_conduct_file-1: If a project has a code of conduct file diff --git a/src/test/shell/tool/github/README.md b/src/test/shell/tool/github/README.md index 2918afadd..72833e3cc 100644 --- a/src/test/shell/tool/github/README.md +++ b/src/test/shell/tool/github/README.md @@ -5,9 +5,9 @@ to make sure that the command-line tool works fine. Setup: -1. Build the project with `mvn clean package` command. -1. Get a token for GitHub. - You can create your personal token [here](https://github.com/settings/tokens). +1. Build the project with `mvn clean package` command. +1. Get a token for GitHub. + You can create your personal token [here](https://github.com/settings/tokens). Then, you can run the tests: diff --git a/src/test/shell/tool/github/test_project_security_with_pom.xml b/src/test/shell/tool/github/test_project_security_with_pom.xml index fdf6f2a32..2081b8b3e 100644 --- a/src/test/shell/tool/github/test_project_security_with_pom.xml +++ b/src/test/shell/tool/github/test_project_security_with_pom.xml @@ -1,30 +1,30 @@ - - 4.0.0 + 4.0.0 - com.test - test - 1.2.3-SNAPSHOT - jar + com.test + test + 1.2.3-SNAPSHOT + jar - - 2.12.4 - 1.132 - + + 2.12.4 + 1.132 + - - - com.fasterxml.jackson.core - jackson-databind - ${version.jackson} - - - org.kohsuke - github-api - ${version.github-api} - - + + + com.fasterxml.jackson.core + jackson-databind + ${version.jackson} + + + org.kohsuke + github-api + ${version.github-api} + +