From be3ec96d7b257b6c26e5f1b24febf5aef8ddda68 Mon Sep 17 00:00:00 2001
From: jan-vcapgemini <jan-vincent.hoelzle@capgemini.com>
Date: Thu, 22 Feb 2024 16:06:20 +0100
Subject: [PATCH] #103: some fixes fixed pom versions applied reformat

---
 cli/pom.xml                                   |  2 -
 pom.xml                                       | 17 +++++++
 security/pom.xml                              | 51 ++++++++++++-------
 .../security/BuildSecurityJsonFiles.java      | 30 ++++++-----
 4 files changed, 65 insertions(+), 35 deletions(-)

diff --git a/cli/pom.xml b/cli/pom.xml
index 384dd94ab..03f342f93 100644
--- a/cli/pom.xml
+++ b/cli/pom.xml
@@ -58,12 +58,10 @@
     <dependency>
       <groupId>org.slf4j</groupId>
       <artifactId>slf4j-api</artifactId>
-      <version>2.0.3</version>
     </dependency>
     <dependency>
       <groupId>ch.qos.logback</groupId>
       <artifactId>logback-classic</artifactId>
-      <version>1.4.7</version>
     </dependency>
     <!-- Needed for WireMock test support -->
     <dependency>
diff --git a/pom.xml b/pom.xml
index 530986062..7322df841 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,15 +20,32 @@
     <github.repository>IDEasy</github.repository>
     <ide_version>${revision}</ide_version>
     <owasp.version>9.0.9</owasp.version>
+    <slf4j.version>2.0.3</slf4j.version>
+    <logback.version>1.4.7</logback.version>
   </properties>
 
   <dependencyManagement>
     <dependencies>
+      <dependency>
+        <groupId>org.slf4j</groupId>
+        <artifactId>slf4j-api</artifactId>
+        <version>${slf4j.version}</version>
+      </dependency>
+      <dependency>
+        <groupId>ch.qos.logback</groupId>
+        <artifactId>logback-classic</artifactId>
+        <version>${logback.version}</version>
+      </dependency>
       <dependency>
         <groupId>org.owasp</groupId>
         <artifactId>dependency-check-core</artifactId>
         <version>${owasp.version}</version>
       </dependency>
+      <dependency>
+        <groupId>com.devonfw.tools.IDEasy</groupId>
+        <artifactId>ide-cli</artifactId>
+        <version>${revision}</version>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 
diff --git a/security/pom.xml b/security/pom.xml
index 70a25f8b1..7fbd5ee29 100644
--- a/security/pom.xml
+++ b/security/pom.xml
@@ -2,25 +2,38 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <parent>
-        <groupId>com.devonfw.tools.IDEasy.dev</groupId>
-        <artifactId>ide</artifactId>
-        <version>dev-SNAPSHOT</version>
-    </parent>
-    
-    <artifactId>ide-security</artifactId>
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>com.devonfw.tools.IDEasy.dev</groupId>
+    <artifactId>ide</artifactId>
+    <version>dev-SNAPSHOT</version>
+  </parent>
 
-    <dependencies>
-        <!-- Other configurations and properties -->
-        <dependency>
-            <groupId>org.owasp</groupId>
-            <artifactId>dependency-check-core</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>com.devonfw.tools.IDEasy</groupId>
-            <artifactId>ide-cli</artifactId>
-        </dependency>
-    </dependencies>
+  <artifactId>ide-security</artifactId>
+
+  <properties>
+    <java.version>17</java.version>
+  </properties>
+
+  <dependencies>
+    <!-- Other configurations and properties -->
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>ch.qos.logback</groupId>
+      <artifactId>logback-classic</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.owasp</groupId>
+      <artifactId>dependency-check-core</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.devonfw.tools.IDEasy</groupId>
+      <artifactId>ide-cli</artifactId>
+      <scope>compile</scope>
+    </dependency>
+  </dependencies>
 
 </project>
\ No newline at end of file
diff --git a/security/src/main/java/com/devonfw/tools/security/BuildSecurityJsonFiles.java b/security/src/main/java/com/devonfw/tools/security/BuildSecurityJsonFiles.java
index 868eae377..5640adf4a 100644
--- a/security/src/main/java/com/devonfw/tools/security/BuildSecurityJsonFiles.java
+++ b/security/src/main/java/com/devonfw/tools/security/BuildSecurityJsonFiles.java
@@ -12,19 +12,6 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 
-import com.devonfw.tools.ide.context.AbstractIdeContext;
-import com.devonfw.tools.ide.context.IdeContext;
-import com.devonfw.tools.ide.context.IdeContextConsole;
-import com.devonfw.tools.ide.log.IdeLogLevel;
-import com.devonfw.tools.ide.url.model.file.UrlSecurityJsonFile;
-import com.devonfw.tools.ide.url.model.file.json.UrlSecurityWarning;
-import com.devonfw.tools.ide.url.model.folder.UrlVersion;
-import com.devonfw.tools.ide.url.updater.AbstractUrlUpdater;
-import com.devonfw.tools.ide.url.updater.UpdateManager;
-import com.devonfw.tools.ide.util.MapUtil;
-import com.devonfw.tools.ide.version.BoundaryType;
-import com.devonfw.tools.ide.version.VersionIdentifier;
-import com.devonfw.tools.ide.version.VersionRange;
 import org.owasp.dependencycheck.Engine;
 import org.owasp.dependencycheck.analyzer.AbstractAnalyzer;
 import org.owasp.dependencycheck.analyzer.AnalysisPhase;
@@ -55,6 +42,20 @@
 import org.owasp.dependencycheck.utils.Pair;
 import org.owasp.dependencycheck.utils.Settings;
 
+import com.devonfw.tools.ide.context.AbstractIdeContext;
+import com.devonfw.tools.ide.context.IdeContext;
+import com.devonfw.tools.ide.context.IdeContextConsole;
+import com.devonfw.tools.ide.log.IdeLogLevel;
+import com.devonfw.tools.ide.url.model.file.UrlSecurityJsonFile;
+import com.devonfw.tools.ide.url.model.file.json.UrlSecurityWarning;
+import com.devonfw.tools.ide.url.model.folder.UrlVersion;
+import com.devonfw.tools.ide.url.updater.AbstractUrlUpdater;
+import com.devonfw.tools.ide.url.updater.UpdateManager;
+import com.devonfw.tools.ide.util.MapUtil;
+import com.devonfw.tools.ide.version.BoundaryType;
+import com.devonfw.tools.ide.version.VersionIdentifier;
+import com.devonfw.tools.ide.version.VersionRange;
+
 /**
  * This class is used to build the {@link UrlSecurityJsonFile} files for IDEasy. It scans the
  * {@link AbstractIdeContext#getUrlsPath() ide-url} folder for all tools, editions and versions and checks for
@@ -85,6 +86,7 @@ public class BuildSecurityJsonFiles {
   private static BigDecimal minV3Severity = new BigDecimal("0.0");
 
   private static final Set<String> actuallyIgnoredCves = new HashSet<>();
+
   private static final IdeContext context = new IdeContextConsole(IdeLogLevel.INFO, null, false);;
 
   /**
@@ -342,7 +344,7 @@ private static String getUrlVersion(String cpeVersion, Map<String, String> cpeTo
 
     String urlVersion = null;
     if (cpeVersion != null) {
-      if (cpeToUrlVersion!= null && cpeToUrlVersion.containsKey(cpeVersion)) {
+      if (cpeToUrlVersion != null && cpeToUrlVersion.containsKey(cpeVersion)) {
         urlVersion = cpeToUrlVersion.get(cpeVersion);
       } else {
         urlVersion = urlUpdater.mapCpeVersionToUrlVersion(cpeVersion);