Skip to content

Commit

Permalink
devonfw#103: fixed bugs
Browse files Browse the repository at this point in the history
- fixed pom bug
- fixed bug in BuildSecurityJsonFiles due to moved method that was introduced in the merge of main into this branch
  • Loading branch information
MattesMrzik committed Jan 20, 2024
1 parent 9b28679 commit 1389057
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 10 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,11 @@ public void testSecurityRiskInteractionAllVersionAffectedBySingleWarning() {
// then save this also to stay
// extract method that calcs next safe, latest save
// and introduce var named latest and make it to *
assertThat(tool.securityRiskInteraction(VersionIdentifier.of("1"))).isEqualTo(VersionIdentifier.of("1"));

// the current version is safe, so no interaction needed and no answer is consumed
VersionIdentifier currentVersion = VersionIdentifier.of("1");
assertThat(tool.securityRiskInteraction(currentVersion)).isEqualTo(currentVersion);

// answer to the interaction is 1
assertThat(tool.securityRiskInteraction(VersionIdentifier.of("2"))).isEqualTo(VersionIdentifier.of("2"));
// answer to the interaction is 2
Expand Down
2 changes: 1 addition & 1 deletion security/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
<dependency>
<groupId>com.devonfw.tools.IDEasy</groupId>
<artifactId>ide-cli</artifactId>
<version>2024.01.001-SNAPSHOT</version>
<version>2024.02.001-alpha-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
</dependencies>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
import java.util.Set;
import java.util.stream.Collectors;

import com.devonfw.tools.ide.version.BoundaryType;
import org.owasp.dependencycheck.Engine;
import org.owasp.dependencycheck.analyzer.AbstractAnalyzer;
import org.owasp.dependencycheck.analyzer.AnalysisPhase;
Expand Down Expand Up @@ -295,16 +296,28 @@ public static VersionRange getVersionRangeFromInterval(String si, String se, Str
throw new IllegalStateException(
"Vulnerability has no interval of affected versions or single affected version.");
}
return VersionRange.of(s + VersionRange.getVersionSeparator() + s);
VersionIdentifier singleAffectedVersion = VersionIdentifier.of(s);
return new VersionRange(singleAffectedVersion, singleAffectedVersion, BoundaryType.OPEN);
}

String leftBoundary = se == null ? VersionRange.getStartIncludingPrefix() + Objects.toString(si, "")
: VersionRange.getStartExcludingPrefix() + se;
boolean leftExclusive = si == null;
boolean rightExclusive = ei == null;

String rightBoundary = ee == null ? Objects.toString(ei, "") + VersionRange.getEndIncludingSuffix()
: ee + VersionRange.getEndExcludingSuffix();
VersionIdentifier min = null;
if (si != null) {
min = VersionIdentifier.of(si);
} else if (se != null) {
min = VersionIdentifier.of(se);
}

VersionIdentifier max = null;
if (ei != null) {
max = VersionIdentifier.of(ei);
} else if (ee != null) {
max = VersionIdentifier.of(ee);
}

return VersionRange.of(leftBoundary + VersionRange.getVersionSeparator() + rightBoundary);
return new VersionRange(min, max, BoundaryType.of(leftExclusive, rightExclusive));
}

private static void printAffectedVersions(IdeContext context) {
Expand Down Expand Up @@ -333,14 +346,14 @@ private static void printAffectedVersions(IdeContext context) {
} else {
if (min != null) {
System.out.println("Tool " + tool.getName() + " with edition " + edition.getName() + " and versions "
+ new VersionRange(min, version, false, true) + " are affected by vulnerabilities.");
+ new VersionRange(min, version, BoundaryType.of(false, true)) + " are affected by vulnerabilities.");
min = null;
}
}
}
if (min != null) {
System.out.println("Tool " + tool.getName() + " with edition " + edition.getName() + " and versions "
+ new VersionRange(min, null, false, true) + " are affected by vulnerabilities.");
+ new VersionRange(min, null, BoundaryType.of(false, true)) + " are affected by vulnerabilities.");
}
}
}
Expand Down

0 comments on commit 1389057

Please sign in to comment.