devonfw#103: more refinement

ignore cves list, remove some analyzers, more test for version ranges like >, some cpe vendors and products to updaters
MattesMrzik · Dec 14, 2023 · 81b8586 · 81b8586
1 parent ba694ab
commit 81b8586
Show file tree

Hide file tree

Showing 13 changed files with 502 additions and 124 deletions.
diff --git a/cli/src/main/java/com/devonfw/tools/ide/tool/ToolCommandlet.java b/cli/src/main/java/com/devonfw/tools/ide/tool/ToolCommandlet.java
@@ -204,7 +204,7 @@ protected VersionIdentifier securityRiskInteraction(VersionIdentifier configured
     // TODO oder doch eher sowas wie VersionIdentifier resolvedVersion = toolRepository.resolveVersion(this.tool,
     // edition, selectedVersion); sollte immer das selbe ergeben
 
-    if (!securityFile.contains(current)) {
+    if (!securityFile.contains(current, true, this.context)) {
       return configuredVersion;
     }
 
@@ -215,26 +215,26 @@ protected VersionIdentifier securityRiskInteraction(VersionIdentifier configured
 
     VersionIdentifier nextSafe = null;
     for (int i = currentVersionIndex - 1; i >= 0; i--) {
-      if (!securityFile.contains(allVersions.get(i))) {
+      if (!securityFile.contains(allVersions.get(i), true, this.context)) {
         nextSafe = allVersions.get(i);
         break;
       }
     }
     VersionIdentifier latestSafe = null;
     for (int i = 0; i < allVersions.size(); i++) {
-      if (!securityFile.contains(allVersions.get(i))) {
+      if (!securityFile.contains(allVersions.get(i), true, this.context)) {
         latestSafe = allVersions.get(i);
         break;
       }
     }
-    String cves = securityFile.getMatchingSecurityWarnings(current).stream().map(UrlSecurityWarning::cveName)
+    String cves = securityFile.getMatchingSecurityWarnings(current).stream().map(UrlSecurityWarning::getCveName)
         .collect(Collectors.joining(", "));
     String currentIsUnsafe = "Currently, version " + current + " of " + this.getName() + " is selected, "
         + "which is has one or more vulnerabilities:\n\n" + cves + "\n\n(See also " + securityFile.getPath() + ")\n\n";
 
     String stay = "stay with the current unsafe version (" + current + ")";
     String installLatestSafe = "install the latest safe version (" + latestSafe + ")";
-    String installSafeLatest = "install the (safe) latest version (" + latestSafe + ")";
+    String installSafeLatest = "install the (safe) latest version (" + latest + ")";
     String installNextSafe = "install the next safe version (" + nextSafe + ")";
     // I don't need to offer "install latest which is unsafe" as option since the user can set to the latest and choose
     // "stay"

diff --git a/cli/src/main/java/com/devonfw/tools/ide/tool/helm/HelmUrlUpdater.java b/cli/src/main/java/com/devonfw/tools/ide/tool/helm/HelmUrlUpdater.java
@@ -29,6 +29,18 @@ protected String getGithubOrganization() {
     return "helm";
   }
 
+  @Override
+  public String getCpeVendor() {
+
+    return "helm";
+  }
+
+  @Override
+  public String getCpeProduct() {
+
+    return "helm";
+  }
+
   @Override
   public String mapUrlVersionToCpeVersion(String version) {
 
@@ -55,5 +67,4 @@ protected String mapVersion(String version) {
     return super.mapVersion("v" + version);
   }
 
-
 }
diff --git a/cli/src/main/java/com/devonfw/tools/ide/tool/java/JavaUrlUpdater.java b/cli/src/main/java/com/devonfw/tools/ide/tool/java/JavaUrlUpdater.java
@@ -29,13 +29,13 @@ protected String mapVersion(String version) {
   @Override
   public String getCpeVendor() {
 
-     return "eclipse";
+    return "eclipse";
   }
 
   @Override
   public String getCpeProduct() {
 
-     return "temurin";
+    return "temurin";
   }
 
   @Override

diff --git a/cli/src/main/java/com/devonfw/tools/ide/tool/mvn/MvnUrlUpdater.java b/cli/src/main/java/com/devonfw/tools/ide/tool/mvn/MvnUrlUpdater.java
@@ -33,4 +33,17 @@ protected Pattern getVersionPattern() {
 
     return Pattern.compile("(\\d\\.\\d\\.\\d)");
   }
+
+  @Override
+  public String getCpeVendor() {
+
+    return "apache";
+  }
+
+  @Override
+  public String getCpeProduct() {
+
+    return "maven";
+  }
+
 }
diff --git a/cli/src/main/java/com/devonfw/tools/ide/tool/quarkus/QuarkusUrlUpdater.java b/cli/src/main/java/com/devonfw/tools/ide/tool/quarkus/QuarkusUrlUpdater.java
@@ -40,4 +40,22 @@ protected void addVersion(UrlVersion urlVersion) {
     }
   }
 
+  @Override
+  public String getCpeVendor() {
+
+    return "quarkus";
+  }
+
+  @Override
+  public String getCpeProduct() {
+
+    return "quarkus";
+  }
+
+  @Override
+  public String mapUrlVersionToCpeVersion(String version) {
+
+    return version.replaceAll("[^\\d.]", "");
+  }
+
 }
diff --git a/cli/src/main/java/com/devonfw/tools/ide/tool/terraform/TerraformUrlUpdater.java b/cli/src/main/java/com/devonfw/tools/ide/tool/terraform/TerraformUrlUpdater.java
@@ -8,7 +8,7 @@
  * {@link GithubUrlUpdater} for terraform.
  */
 public class TerraformUrlUpdater extends GithubUrlUpdater {
-  
+
   private static final VersionIdentifier MIN_MAC_ARM_VID = VersionIdentifier.of("1.1.0");
 
   @Override
@@ -42,4 +42,18 @@ protected void addVersion(UrlVersion urlVersion) {
     }
   }
 
+  @Override
+  public String getCpeVendor() {
+
+    return "hashicorp";
+  }
+
+  @Override
+  public String getCpeProduct() {
+
+    return "terraform";
+  }
+  // add matche cpe the the warning and print it in ide, to to wether the vul maybe oinly applies to the enterprise
+  // edition
+  // or can I filter this enterpsrise version by adding overriding the eidtion methiod with the normal edition string?
 }