guacsec
diff --git a/‎pom.xml‎
Lines changed: 1 addition & 0 deletions b/‎pom.xml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/main/java/com/redhat/exhort/integration/Constants.java‎
Lines changed: 10 additions & 4 deletions b/‎src/main/java/com/redhat/exhort/integration/Constants.java‎
Lines changed: 10 additions & 4 deletions
diff --git a/‎src/main/java/com/redhat/exhort/integration/backend/sbom/cyclonedx/CycloneDxParser.java‎
Lines changed: 0 additions & 2 deletions b/‎src/main/java/com/redhat/exhort/integration/backend/sbom/cyclonedx/CycloneDxParser.java‎
Lines changed: 0 additions & 2 deletions
diff --git a/‎src/main/java/com/redhat/exhort/integration/providers/ProviderResponseHandler.java‎
Lines changed: 28 additions & 1 deletion b/‎src/main/java/com/redhat/exhort/integration/providers/ProviderResponseHandler.java‎
Lines changed: 28 additions & 1 deletion
diff --git a/‎src/main/java/com/redhat/exhort/integration/providers/VulnerabilityProvider.java‎
Lines changed: 1 addition & 1 deletion b/‎src/main/java/com/redhat/exhort/integration/providers/VulnerabilityProvider.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/com/redhat/exhort/integration/providers/ossindex/OssIndexIntegration.java‎
Lines changed: 1 addition & 1 deletion b/‎src/main/java/com/redhat/exhort/integration/providers/ossindex/OssIndexIntegration.java‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/com/redhat/exhort/integration/providers/ossindex/OssIndexRequestBuilder.java‎
Lines changed: 2 additions & 1 deletion b/‎src/main/java/com/redhat/exhort/integration/providers/ossindex/OssIndexRequestBuilder.java‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/main/java/com/redhat/exhort/integration/providers/ossindex/OssIndexResponseHandler.java‎
Lines changed: 0 additions & 27 deletions b/‎src/main/java/com/redhat/exhort/integration/providers/ossindex/OssIndexResponseHandler.java‎
Lines changed: 0 additions & 27 deletions
diff --git a/‎src/main/java/com/redhat/exhort/integration/providers/osvnvd/OsvNvdResponseHandler.java‎
Lines changed: 0 additions & 5 deletions b/‎src/main/java/com/redhat/exhort/integration/providers/osvnvd/OsvNvdResponseHandler.java‎
Lines changed: 0 additions & 5 deletions
diff --git a/‎src/main/java/com/redhat/exhort/integration/providers/snyk/SnykIntegration.java‎
Lines changed: 31 additions & 17 deletions b/‎src/main/java/com/redhat/exhort/integration/providers/snyk/SnykIntegration.java‎
Lines changed: 31 additions & 17 deletions
@@ -214,6 +214,7 @@
       <groupId>net.sourceforge.htmlunit</groupId>
       <artifactId>htmlunit</artifactId>
       <version>${htmlunit.version}</version>
+      <scope>test</scope>
     </dependency>
   </dependencies>
   <build>
 
@@ -58,10 +58,16 @@ private Constants() {}
 
   public static final String HTTP_UNAUTHENTICATED = "Unauthenticated";
 
-  public static final String MAVEN_PKG_MANAGER = "maven";
-  public static final String NPM_PKG_MANAGER = "npm";
-  public static final String PYPI_PKG_MANAGER = "pypi";
-  public static final String GOLANG_PKG_MANAGER = "golang";
+  // PURL Types used in the application. See Snyk Supported PURL Types
+  public static final String MAVEN_PURL_TYPE = "maven";
+  public static final String NPM_PURL_TYPE = "npm";
+  public static final String PYPI_PURL_TYPE = "pypi";
+  public static final String GOLANG_PURL_TYPE = "golang";
+  public static final String DEB_PURL_TYPE = "deb";
+  public static final String NUGET_PURL_TYPE = "nuget";
+  public static final String GEM_PURL_TYPE = "gem";
+  public static final String COCOAPODS_PURL_TYPE = "cocoapods";
+  public static final String RPM_PURL_TYPE = "rpm";
 
   public static final String PKG_MANAGER_PROPERTY = "pkgManager";
   public static final String REQUEST_CONTENT_PROPERTY = "requestContent";
 
@@ -73,8 +73,6 @@ protected DependencyTree buildTree(InputStream input) {
           rootRef = new PackageRef(rootComponent.get().getPurl());
         } else if (componentPurls.containsKey(rootComponent.get().getBomRef())) {
           rootRef = componentPurls.get(rootComponent.get().getBomRef());
-        } else {
-          throw new IllegalStateException("Cannot retrieve the purl for the root component");
         }
       }
       return treeBuilder.dependencies(buildDependencies(bom, componentPurls, rootRef)).build();
 
@@ -77,6 +77,33 @@ public abstract class ProviderResponseHandler {
   public abstract ProviderResponse responseToIssues(
       byte[] response, String privateProviders, DependencyTree tree) throws IOException;
 
+  public ProviderResponse aggregateSplit(ProviderResponse oldExchange, ProviderResponse newExchange)
+      throws IOException {
+    if (oldExchange == null) {
+      return newExchange;
+    }
+    if (oldExchange.status() != null && !Boolean.TRUE.equals(oldExchange.status().getOk())) {
+      return oldExchange;
+    }
+    oldExchange
+        .issues()
+        .entrySet()
+        .forEach(
+            e -> {
+              var issues = newExchange.issues().get(e.getKey());
+              if (issues != null) {
+                e.getValue().addAll(issues);
+              }
+            });
+    newExchange.issues().keySet().stream()
+        .filter(k -> !oldExchange.issues().keySet().contains(k))
+        .forEach(
+            k -> {
+              oldExchange.issues().put(k, newExchange.issues().get(k));
+            });
+    return oldExchange;
+  }
+
   protected ProviderStatus defaultOkStatus(String provider) {
     return new ProviderStatus()
         .name(provider)
@@ -122,7 +149,7 @@ public void processResponseError(Exchange exchange) {
       LOGGER.warn("Unable to process request: {}", message, cause);
     } else if (cause instanceof IllegalArgumentException) {
       status.message(cause.getMessage()).code(422);
-      LOGGER.warn("Unable to process request to: {}", getProviderName(), exception);
+      LOGGER.debug("Unable to process request to: {}", getProviderName(), exception);
     } else {
       status
           .message(cause.getMessage())
 
@@ -76,7 +76,7 @@ public List<String> getProviderEndpoints(
         .map(
             p ->
                 switch (p) {
-                  case Constants.SNYK_PROVIDER -> "direct:snykDepGraph";
+                  case Constants.SNYK_PROVIDER -> "direct:snykScan";
                   case Constants.OSS_INDEX_PROVIDER -> "direct:ossIndexScan";
                   case Constants.OSV_NVD_PROVIDER -> "direct:osvNvdScan";
                   default -> throw new IllegalArgumentException("Unexpected provider: " + p);
 
@@ -89,7 +89,7 @@ public void configure() {
           .timeoutEnabled(true)
           .timeoutDuration(timeout)
         .end()
-        .setBody(constant(List.of(DependencyTree.getDefaultRoot(Constants.MAVEN_PKG_MANAGER))))
+        .setBody(constant(List.of(DependencyTree.getDefaultRoot(Constants.MAVEN_PURL_TYPE))))
         .transform().method(OssIndexRequestBuilder.class, "buildRequest")
         .process(this::processComponentRequest)
         .to(vertxHttp("{{api.ossindex.host}}"))
 
@@ -19,6 +19,7 @@
 package com.redhat.exhort.integration.providers.ossindex;
 
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.List;
 
 import org.apache.camel.Body;
@@ -59,7 +60,7 @@ public List<List<PackageRef>> split(DependencyTree tree) {
     return bulks;
   }
 
-  public boolean isEmpty(@Body List<List<PackageRef>> body) {
+  public boolean isEmpty(@Body Collection<List<PackageRef>> body) {
     return body == null || body.isEmpty();
   }
 
 
@@ -57,33 +57,6 @@ public class OssIndexResponseHandler extends ProviderResponseHandler {
 
   @Inject ObjectMapper mapper;
 
-  public ProviderResponse aggregateSplit(ProviderResponse oldExchange, ProviderResponse newExchange)
-      throws IOException {
-    if (oldExchange == null) {
-      return newExchange;
-    }
-    if (oldExchange.status() != null && !Boolean.TRUE.equals(oldExchange.status().getOk())) {
-      return oldExchange;
-    }
-    oldExchange
-        .issues()
-        .entrySet()
-        .forEach(
-            e -> {
-              var issues = newExchange.issues().get(e.getKey());
-              if (issues != null) {
-                e.getValue().addAll(issues);
-              }
-            });
-    newExchange.issues().keySet().stream()
-        .filter(k -> !oldExchange.issues().keySet().contains(k))
-        .forEach(
-            k -> {
-              oldExchange.issues().put(k, newExchange.issues().get(k));
-            });
-    return oldExchange;
-  }
-
   public ProviderResponse responseToIssues(
       @Body byte[] response,
       @ExchangeProperty(Constants.PROVIDER_PRIVATE_DATA_PROPERTY) String privateProviders,
 
@@ -27,8 +27,6 @@
 
 import org.apache.camel.Body;
 import org.apache.camel.ExchangeProperty;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -40,7 +38,6 @@
 import com.redhat.exhort.api.v4.SeverityUtils;
 import com.redhat.exhort.integration.Constants;
 import com.redhat.exhort.integration.providers.ProviderResponseHandler;
-import com.redhat.exhort.integration.providers.ossindex.OssIndexRequestBuilder;
 import com.redhat.exhort.model.CvssParser;
 import com.redhat.exhort.model.DependencyTree;
 import com.redhat.exhort.model.ProviderResponse;
@@ -54,8 +51,6 @@
 @RegisterForReflection
 public class OsvNvdResponseHandler extends ProviderResponseHandler {
 
-  private static final Logger LOGGER = LoggerFactory.getLogger(OssIndexRequestBuilder.class);
-
   @Inject ObjectMapper mapper;
 
   @Override
 
@@ -20,6 +20,7 @@
 
 import org.apache.camel.Exchange;
 import org.apache.camel.Message;
+import org.apache.camel.builder.AggregationStrategies;
 import org.apache.camel.builder.endpoint.EndpointRouteBuilder;
 import org.eclipse.microprofile.config.inject.ConfigProperty;
 
@@ -51,27 +52,40 @@ public class SnykIntegration extends EndpointRouteBuilder {
   public void configure() {
 
     // fmt:off
-    from(direct("snykDepGraph"))
-      .routeId("snykDepGraph")
+    onException(IllegalArgumentException.class)
+      .routeId("snykIllegalArgumentException")
+      .useOriginalMessage()
+      .handled(true)
+      .process(responseHandler::processResponseError);
+
+    from(direct("snykScan"))
+      .routeId("snykScan")
       .process(this::setAuthToken)
-      .circuitBreaker()
-          .faultToleranceConfiguration()
-          .timeoutEnabled(true)
-          .timeoutDuration(timeout)
-        .end()
-        .process(SnykRequestBuilder::validate)
-        .transform().method(SnykRequestBuilder.class, "fromDiGraph")
-        .process(this::processDepGraphRequest)
-        .to(direct("snykRequest"))
-      .onFallback()
-        .process(responseHandler::processResponseError)
-      .end()
-        .transform().method(SnykResponseHandler.class, "buildReport");
+      .transform(method(SnykRequestBuilder.class, "splitByPkgManager"))
+      .choice()
+        .when(method(SnykRequestBuilder.class, "isEmpty"))
+          .setBody(method(SnykResponseHandler.class, "emptyResponse"))
+          .setBody(method(SnykResponseHandler.class, "buildReport"))
+        .otherwise()
+          .to(direct("snykRequest"))
+          .transform().method(SnykResponseHandler.class, "buildReport");
 
     from(direct("snykRequest"))
       .routeId("snykRequest")
-      .to(vertxHttp("{{api.snyk.host}}"))
-      .transform().method(SnykResponseHandler.class, "responseToIssues");
+      .split(body(), AggregationStrategies.beanAllowNull(SnykResponseHandler.class, "aggregateSplit"))
+        .parallelProcessing()
+          .circuitBreaker()
+            .faultToleranceConfiguration()
+            .timeoutEnabled(true)
+            .timeoutDuration(timeout)
+          .end()
+          .process(SnykRequestBuilder::validate)
+          .transform().method(SnykRequestBuilder.class, "buildRequest")
+          .process(this::processDepGraphRequest)
+        .to(vertxHttp("{{api.snyk.host}}"))
+        .transform(method(SnykResponseHandler.class, "responseToIssues"))
+      .onFallback()
+        .process(responseHandler::processResponseError);
 
     from(direct("snykValidateToken"))
       .routeId("snykValidateToken")
Original file line number	Diff line number	Diff line change
`@@ -73,8 +73,6 @@ protected DependencyTree buildTree(InputStream input) {`
`73`	`73`	`rootRef = new PackageRef(rootComponent.get().getPurl());`
`74`	`74`	`} else if (componentPurls.containsKey(rootComponent.get().getBomRef())) {`
`75`	`75`	`rootRef = componentPurls.get(rootComponent.get().getBomRef());`
`76`		`- } else {`
`77`		`- throw new IllegalStateException("Cannot retrieve the purl for the root component");`
`78`	`76`	`}`
`79`	`77`	`}`
`80`	`78`	`return treeBuilder.dependencies(buildDependencies(bom, componentPurls, rootRef)).build();`
Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@`
`19`	`19`	`package com.redhat.exhort.integration.providers.ossindex;`
`20`	`20`
`21`	`21`	`import java.util.ArrayList;`
	`22`	`+import java.util.Collection;`
`22`	`23`	`import java.util.List;`
`23`	`24`
`24`	`25`	`import org.apache.camel.Body;`
`@@ -59,7 +60,7 @@ public List<List<PackageRef>> split(DependencyTree tree) {`
`59`	`60`	`return bulks;`
`60`	`61`	`}`
`61`	`62`
`62`		`- public boolean isEmpty(@Body List<List<PackageRef>> body) {`
	`63`	`+ public boolean isEmpty(@Body Collection<List<PackageRef>> body) {`
`63`	`64`	`return body == null \|\| body.isEmpty();`
`64`	`65`	`}`
`65`	`66`