Skip to content

Commit

Permalink
feat: provide functionality to transform TrivyV2Dtos into RawValueKpi…
Browse files Browse the repository at this point in the history 
…s. (#48)
  • Loading branch information
@janniclas
janniclas authored Dec 9, 2024
1 parent f2eb71e commit bf33263
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 1 deletion.
15 changes: 14 additions & 1 deletion adapter/src/main/kotlin/de/fraunhofer/iem/spha/adapter/tools/trivy/TrivyAdapter.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,14 @@ import io.github.oshai.kotlinlogging.KotlinLogging
import java.io.InputStream
import kotlin.math.max
import kotlinx.serialization.ExperimentalSerializationApi
import kotlinx.serialization.json.*
import kotlinx.serialization.json.Json
import kotlinx.serialization.json.JsonArray
import kotlinx.serialization.json.JsonElement
import kotlinx.serialization.json.JsonObject
import kotlinx.serialization.json.decodeFromJsonElement
import kotlinx.serialization.json.decodeFromStream
import kotlinx.serialization.json.intOrNull
import kotlinx.serialization.json.jsonPrimitive

object TrivyAdapter {

Expand All @@ -40,6 +47,12 @@ object TrivyAdapter {
return transformDataToKpi(listOf(data))
}

fun transformTrivyV2ToKpi(data: Collection<TrivyDtoV2>): Collection<AdapterResult> {
return CveAdapter.transformContainerVulnerabilityToKpi(
createVulnerabilitiesDto(data.flatMap { it.results.flatMap { it.vulnerabilities } })
)
}

@OptIn(ExperimentalSerializationApi::class)
fun dtoFromJson(jsonData: InputStream): TrivyDto {
val json = Json.decodeFromStream<JsonElement>(jsonData)
Expand Down
59 changes: 59 additions & 0 deletions adapter/src/test/kotlin/de/fraunhofer/iem/spha/adapter/tools/trivy/TrivyAdapterTest.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,12 @@

package de.fraunhofer.iem.spha.adapter.tools.trivy

import de.fraunhofer.iem.spha.adapter.AdapterResult
import de.fraunhofer.iem.spha.adapter.kpis.cve.CveAdapter
import de.fraunhofer.iem.spha.model.adapter.trivy.Result
import de.fraunhofer.iem.spha.model.adapter.trivy.TrivyDto
import de.fraunhofer.iem.spha.model.adapter.trivy.TrivyDtoV2
import de.fraunhofer.iem.spha.model.adapter.trivy.TrivyVulnerabilityDto
import de.fraunhofer.iem.spha.model.adapter.vulnerability.VulnerabilityDto
import io.mockk.mockkObject
import io.mockk.verify
Expand All @@ -19,6 +23,8 @@ import kotlin.io.path.Path
import kotlin.test.Test
import kotlin.test.assertEquals
import kotlin.test.assertTrue
import kotlinx.serialization.json.JsonObject
import kotlinx.serialization.json.JsonPrimitive
import org.junit.jupiter.api.assertDoesNotThrow
import org.junit.jupiter.api.assertThrows
import org.junit.jupiter.params.ParameterizedTest
Expand Down Expand Up @@ -63,6 +69,59 @@ class TrivyAdapterTest {
}
}

@Test
fun trivyV2DtoToRawValue() {

val trivyV2Dto =
TrivyDtoV2(
results =
listOf(
Result(
vulnerabilities =
listOf(
TrivyVulnerabilityDto(
cvss =
JsonObject(
content =
mapOf(
Pair(
"nvd",
JsonObject(
content =
mapOf(
Pair(
"V2Score",
JsonPrimitive(5.0),
),
Pair(
"V3Score",
JsonPrimitive(6.0),
),
)
),
)
)
),
vulnerabilityID = "ID",
installedVersion = "0.0.1",
pkgName = "TEST PACKAGE",
severity = "MEDIUM",
)
)
)
),
schemaVersion = 2,
)

val adapterResults = TrivyAdapter.transformTrivyV2ToKpi(listOf(trivyV2Dto))

assertEquals(1, adapterResults.size)
val result = adapterResults.first()

assert(result is AdapterResult.Success)
assertEquals(40, (result as AdapterResult.Success).rawValueKpi.score)
}

@Test
fun testResult1Dto() {
Files.newInputStream(Path("src/test/resources/trivy-result-v1.json")).use {
Expand Down

0 comments on commit bf33263

Please sign in to comment.