feat: refactor tc integration and ignore Affected

Signed-off-by: Ruben Romero Montes <[email protected]>

Author: ruromero

pom.xml

@@ -48,7 +48,7 @@
     <deploy-plugin.version>3.1.1</deploy-plugin.version>
 
     <!-- Dependencies -->
-    <exhort-api.version>1.0.2</exhort-api.version>
+    <exhort-api.version>1.0.3</exhort-api.version>
     <sentry.version>1.7.27</sentry.version>
     <cyclonedx.version>8.0.3</cyclonedx.version>
     <spdx.version>1.1.7</spdx.version>

src/main/java/com/redhat/exhort/api/converter/AnalysisReportV3Converter.java

@@ -99,7 +99,9 @@ private static DependencyReport getReport(com.redhat.exhort.api.v4.DependencyRep
             .recommendation(d.getRecommendation())
             .issues(issues)
             .remediations(getRemediations(d.getIssues()));
-    d.getTransitive().forEach(t -> dep.addTransitiveItem(getTransitive(t)));
+    if (d.getTransitive() != null) {
+      d.getTransitive().forEach(t -> dep.addTransitiveItem(getTransitive(t)));
+    }
     return dep;
   }
 
@@ -119,6 +121,9 @@ private static TransitiveDependencyReport getTransitive(
   }
 
   private static Issue getIssue(com.redhat.exhort.api.v4.Issue i) {
+    if (i == null) {
+      return null;
+    }
     return new Issue()
         .cves(i.getCves())
         .id(i.getId())
@@ -133,14 +138,17 @@ private static Issue getIssue(com.redhat.exhort.api.v4.Issue i) {
   private static Map<String, Remediation> getRemediations(
       List<com.redhat.exhort.api.v4.Issue> issues) {
     Map<String, Remediation> remediations = new HashMap<>();
+    if (issues == null) {
+      return Collections.emptyMap();
+    }
     issues.forEach(
         i -> {
           if (i.getRemediation() != null && i.getRemediation().getTrustedContent() != null) {
             var tc = i.getRemediation().getTrustedContent();
             var r =
                 new Remediation()
                     .issueRef(i.getId())
-                    .mavenPackage(tc.getPackage())
+                    .mavenPackage(tc.getRef())
                     .productStatus(tc.getStatus());
             i.getCves().forEach(cve -> remediations.put(i.getId(), r));
           }

src/main/java/com/redhat/exhort/integration/Constants.java

@@ -52,6 +52,7 @@ private Constants() {}
 
   public static final String SNYK_PROVIDER = "snyk";
   public static final String OSS_INDEX_PROVIDER = "oss-index";
+  public static final String TRUSTED_CONTENT_PROVIDER = "trusted-content";
   public static final String UNKNOWN_PROVIDER = "unknown";
 
   public static final String HTTP_UNAUTHENTICATED = "Unauthenticated";

src/main/java/com/redhat/exhort/integration/backend/ExhortIntegration.java

@@ -131,7 +131,7 @@ public void configure() {
       .process(this::processAnalysisRequest)
       .to(direct("findVulnerabilities"))
       .transform().method(ProviderAggregationStrategy.class, "toReport")
-      .enrich(direct("recommendationsTrustedContent"), tcResponseAggregation)
+      .enrich(direct("recommendTrustedContent"), tcResponseAggregation)
       .to(direct("report"))
       .to(seda("analyticsTrackAnalysis"))
       .process(this::cleanUpHeaders);

src/main/java/com/redhat/exhort/integration/providers/ProviderResponseHandler.java

@@ -301,7 +301,7 @@ private void incrementCounter(
           }
           if (i.getRemediation() != null
               && i.getRemediation().getTrustedContent() != null
-              && i.getRemediation().getTrustedContent().getPackage() != null) {
+              && i.getRemediation().getTrustedContent().getRef() != null) {
             counter.remediations.incrementAndGet();
           }
         });

src/main/java/com/redhat/exhort/integration/providers/ossindex/OssIndexIntegration.java

@@ -53,48 +53,48 @@ public void configure() {
 
     // fmt:off
     from(direct("ossIndexScan"))
-        .routeId("ossIndexScan")
-        .transform(method(OssIndexRequestBuilder.class, "split"))
-        .choice()
+      .routeId("ossIndexScan")
+      .transform(method(OssIndexRequestBuilder.class, "split"))
+      .choice()
         .when(method(OssIndexRequestBuilder.class, "missingAuthHeaders"))
-        .setBody(method(OssIndexResponseHandler.class, "unauthenticatedResponse"))
+          .setBody(method(OssIndexResponseHandler.class, "unauthenticatedResponse"))
         .when(method(OssIndexRequestBuilder.class, "isEmpty"))
-        .setBody(method(OssIndexResponseHandler.class, "emptyResponse"))
-        .transform().method(OssIndexResponseHandler.class, "buildReport")
+          .setBody(method(OssIndexResponseHandler.class, "emptyResponse"))
+          .transform().method(OssIndexResponseHandler.class, "buildReport")
         .endChoice()
         .otherwise()
-        .to(direct("ossSplitReq"))
-        .transform().method(OssIndexResponseHandler.class, "buildReport");
+          .to(direct("ossSplitReq"))
+          .transform().method(OssIndexResponseHandler.class, "buildReport");
 
     from(direct("ossSplitReq"))
-        .routeId("ossSplitReq")
-        .split(body(), AggregationStrategies.beanAllowNull(OssIndexResponseHandler.class, "aggregateSplit"))
+      .routeId("ossSplitReq")
+      .split(body(), AggregationStrategies.beanAllowNull(OssIndexResponseHandler.class, "aggregateSplit"))
         .parallelProcessing()
-        .transform().method(OssIndexRequestBuilder.class, "buildRequest")
-        .process(this::processComponentRequest)
+          .transform().method(OssIndexRequestBuilder.class, "buildRequest")
+          .process(this::processComponentRequest)
         .circuitBreaker()
-        .faultToleranceConfiguration()
-        .timeoutEnabled(true)
-        .timeoutDuration(timeout)
-        .end()
-        .to(vertxHttp("{{api.ossindex.host}}"))
-        .transform(method(OssIndexResponseHandler.class, "responseToIssues"))
+          .faultToleranceConfiguration()
+            .timeoutEnabled(true)
+            .timeoutDuration(timeout)
+          .end()
+          .to(vertxHttp("{{api.ossindex.host}}"))
+          .transform(method(OssIndexResponseHandler.class, "responseToIssues"))
         .onFallback()
-        .process(responseHandler::processResponseError);
+          .process(responseHandler::processResponseError);
 
     from(direct("ossValidateCredentials"))
-        .routeId("ossValidateCredentials")
-        .circuitBreaker()
+      .routeId("ossValidateCredentials")
+      .circuitBreaker()
         .faultToleranceConfiguration()
-        .timeoutEnabled(true)
-        .timeoutDuration(timeout)
+          .timeoutEnabled(true)
+          .timeoutDuration(timeout)
         .end()
         .setBody(constant(List.of(DependencyTree.getDefaultRoot(Constants.MAVEN_PKG_MANAGER))))
         .transform().method(OssIndexRequestBuilder.class, "buildRequest")
         .process(this::processComponentRequest)
         .to(vertxHttp("{{api.ossindex.host}}"))
         .setBody(constant("Token validated successfully"))
-        .onFallback()
+      .onFallback()
         .process(responseHandler::processTokenFallBack);
     // fmt:on
   }