@@ -28,6 +29,10 @@ * @author Thomas Fürer - tfuerer.javanet@gmail.com */ public class TrivyParser extends IssueParser { + private static final String TRIVY_VULNARBILITY_LEVEL_TAG_CRITICAL = "critcal"; + private static final String TRIVY_VULNARBILITY_LEVEL_TAG_HIGH = "high"; + private static final String TRIVY_VULNARBILITY_LEVEL_TAG_MEDIUM = "medium"; + private static final String TRIVY_VULNARBILITY_LEVEL_TAG_LOW = "low"; private static final long serialVersionUID = 1L; @Override @@ -59,14 +64,15 @@ private Issue convertToIssue(final JSONObject vulneratbility) { .build(); } + @SuppressFBWarnings("IMPROPER_UNICODE") private Severity mapSeverity(final String string) { - if ("low".equalsIgnoreCase(string)) { + if (TRIVY_VULNARBILITY_LEVEL_TAG_LOW.equalsIgnoreCase(string)) { return Severity.WARNING_LOW; } - else if ("medium".equalsIgnoreCase(string)) { + else if (TRIVY_VULNARBILITY_LEVEL_TAG_MEDIUM.equalsIgnoreCase(string)) { return Severity.WARNING_NORMAL; } - else if ("high".equalsIgnoreCase(string) || "critcal".equalsIgnoreCase(string)) { + else if (TRIVY_VULNARBILITY_LEVEL_TAG_HIGH.equalsIgnoreCase(string) || TRIVY_VULNARBILITY_LEVEL_TAG_CRITICAL.equalsIgnoreCase(string)) { return Severity.WARNING_HIGH; } else { diff --git a/src/test/java/edu/hm/hafner/analysis/parser/TrivyParser.java b/src/test/java/edu/hm/hafner/analysis/parser/TrivyParser.java deleted file mode 100644 index ac6f16b54..000000000 --- a/src/test/java/edu/hm/hafner/analysis/parser/TrivyParser.java +++ /dev/null @@ -1,77 +0,0 @@ -package edu.hm.hafner.analysis.parser; - -import java.io.IOException; -import java.io.Reader; -import java.text.MessageFormat; - -import org.json.JSONArray; -import org.json.JSONObject; -import org.json.JSONTokener; - -import edu.hm.hafner.analysis.Issue; -import edu.hm.hafner.analysis.IssueBuilder; -import edu.hm.hafner.analysis.IssueParser; -import edu.hm.hafner.analysis.ParsingCanceledException; -import edu.hm.hafner.analysis.ParsingException; -import edu.hm.hafner.analysis.ReaderFactory; -import edu.hm.hafner.analysis.Report; -import edu.hm.hafner.analysis.Severity; - -public class TrivyParser extends IssueParser { - private static final long serialVersionUID = 1L; - - @Override - public Report parse(ReaderFactory readerFactory) throws ParsingException, ParsingCanceledException { - final Report report = new Report(); - - try (Reader reader = readerFactory.create()) { - final JSONArray jsonReport = (JSONArray)new JSONTokener(reader).nextValue(); - - final JSONArray vulnatbilites = ((JSONObject)jsonReport.get(0)).getJSONArray("Vulnerabilities"); - for (Object vulnatbility : vulnatbilites ) { - report.add(convertToIssue((JSONObject)vulnatbility)); - } - } catch (IOException e) { - throw new ParsingException(e); - } - - return report; - } - - private Issue convertToIssue(JSONObject vulnatbility) { - return new IssueBuilder() - .setFileName(vulnatbility.getString("PkgName")) - .setCategory(vulnatbility.getString("SeveritySource")) - .setSeverity(mapSeverity(vulnatbility.getString("Severity"))) - .setType(vulnatbility.getString("VulnerabilityID")) - .setMessage(vulnatbility.optString("Title", "UNKNOWN")) - .setDescription(formatDescription(vulnatbility)) - .build(); - } - - private Severity mapSeverity(String string) { - if ("low".equalsIgnoreCase(string)) { - return Severity.WARNING_LOW; - } else if ("medium".equalsIgnoreCase(string)) { - return Severity.WARNING_NORMAL; - } else if ("high".equalsIgnoreCase(string) || "critcal".equalsIgnoreCase(string)) { - return Severity.WARNING_HIGH; - } else { - return Severity.WARNING_HIGH; - } - } - - private String formatDescription(JSONObject vulnatbility) { - return new StringBuilder() - .append(MessageFormat.format("
") - .append(vulnatbility.getString("Description")) - .append("
") - .toString(); - } - -}