feat: add manually imported data into report

[ruromero]

User description

Fix #571

---

PR Type

Enhancement, Tests

---

Description

• Add default "manual" source for manually imported data

• Handle missing importer labels gracefully with fallback

• Add test coverage for default source assignment

---

Diagram Walkthrough

flowchart LR
  A["Missing Importer Label"] -- "getSource method" --> B["Return DEFAULT_SOURCE"]
  C["Importer Label Present"] -- "getSource method" --> D["Return Importer Value"]
  B --> E["Issue with manual source"]
  D --> F["Issue with importer source"]

Loading

File Walkthrough

	Relevant files
Enhancement	TrustifyResponseHandler.java Add default source handling for manual imports                      src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandler.java Add DEFAULT_SOURCE constant set to "manual" Modify getSource() method to return default source when labels are null Add null check for importer value with fallback to default source +7/-2
Tests	TrustifyResponseHandlerTest.java Test default source for missing importer labels                    src/test/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandlerTest.java Add new test testResponseToIssuesWithDefaultSource() to verify default source assignment Test validates that issues without importer label receive "manual" as source Test covers the scenario with missing importer in labels object +54/-0

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🟡	🎫 #571 🟢 Vulnerability/advisory data without an importer label should be grouped under a generic source named manual. The response handler should not rely solely on the importer label to group vulnerability data; it must handle missing labels gracefully. ⚪ When vulnerability/advisory data is uploaded manually and lacks the labels.importer field, it must not be excluded from the report.
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Latest suggestions up to cc9536e

Category	Suggestion	Impact
Possible issue	Add null-safety guard Add a null check for the node parameter in the getSource method to prevent potential NullPointerException and return the default source instead. src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandler.java [224-231] private String getSource(JsonNode node) { + if (node == null || node.isNull()) { + return DEFAULT_SOURCE; + } var labels = node.get("labels"); var importer = JsonUtils.getTextValue(labels, "importer"); if (importer == null || importer.isBlank()) { return DEFAULT_SOURCE; } return importer; } Apply / Chat Suggestion importance[1-10]: 7 __ Why: The suggestion correctly identifies a potential NullPointerException and proposes a reasonable fix that enhances robustness, which is a good practice for handling external data.	Medium
More

---

Previous suggestions

Suggestions up to commit 826919c

Category	Suggestion	Impact
Possible issue	Fallback on blank importer In the getSource method, add a check for blank or empty importer strings to ensure they also fall back to the DEFAULT_SOURCE. src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandler.java [229-233] var importer = JsonUtils.getTextValue(labels, "importer"); -if (importer == null) { +if (importer == null || importer.isBlank()) { return DEFAULT_SOURCE; } return importer; Suggestion importance[1-10]: 6 __ Why: This suggestion correctly identifies a potential edge case where an empty or blank importer string would be considered a valid source. Adding an importer.isBlank() check improves the robustness of the getSource method.	Low
General	Remove redundant null check Remove the redundant null check for the labels variable, as the JsonUtils.getTextValue method already handles null inputs. src/main/java/io/github/guacsec/trustifyda/integration/providers/trustify/TrustifyResponseHandler.java [224-234] private String getSource(JsonNode node) { var labels = node.get("labels"); - if (labels == null) { - return DEFAULT_SOURCE; - } var importer = JsonUtils.getTextValue(labels, "importer"); if (importer == null) { return DEFAULT_SOURCE; } return importer; } Suggestion importance[1-10]: 4 __ Why: The suggestion correctly identifies that the initial null check for labels is redundant because JsonUtils.getTextValue already handles a null input, making the code simpler and more concise without changing behavior.	Low