Change vulnerability statement merging to include base_cpe.

fasten-project · Dec 12, 2022 · 010ff53 · 010ff53
1 parent 1e80074
commit 010ff53
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/src/main/java/eu/fasten/vulnerabilityproducer/utils/Vulnerability.java b/src/main/java/eu/fasten/vulnerabilityproducer/utils/Vulnerability.java
@@ -251,6 +251,7 @@ public void setExploits(HashSet<String> exploits) {
     public String toString() {
         return "Vulnerability{" +
                 "id='" + id + '\'' +
+                ", base_cpe=" + baseCpe +
                 ", purls=" + purls +
                 ", first_patched=" + firstPatchedPurls +
                 ", scoreCVSS2=" + scoreCVSS2 +
@@ -296,6 +297,12 @@ public void merge(Vulnerability v2) {
                 this.setDescription(v2.getDescription());
             }
         }
+        // Base CPE
+        if (this.baseCpe == null) {
+            if (v2.baseCpe != null) {
+                this.setBaseCpe(v2.baseCpe);
+            }
+        }
         // Severity
         if (this.severity == null) {
             if (v2.severity != null) {
@@ -355,6 +362,7 @@ public boolean equals(Object o) {
         if (o == null || getClass() != o.getClass()) return false;
         Vulnerability that = (Vulnerability) o;
         return id.equals(that.id) &&
+                Objects.equals(baseCpe, that.baseCpe) &&
                 Objects.equals(purls, that.purls) &&
                 Objects.equals(scoreCVSS2, that.scoreCVSS2) &&
                 Objects.equals(scoreCVSS3, that.scoreCVSS3) &&

diff --git a/src/test/java/eu/fasten/vulnerabilityproducer/VulnerabilityTest.java b/src/test/java/eu/fasten/vulnerabilityproducer/VulnerabilityTest.java
@@ -119,6 +119,7 @@ public void toJsonTest() {
     public void testMerge() {
         // Construct the first one
         Vulnerability v1 = new Vulnerability("test-id");
+        v1.setBaseCpe("base_cpe_test");
         v1.addPurl("pgk:pypi/[email protected]");
         v1.setPublishedDate("20/06/2020");
         v1.addReference("www.reference.com");
@@ -134,7 +135,9 @@ public void testMerge() {
         v2.setVectorCVSS3("7.4");
 
         v1.merge(v2);
+        assertEquals("base_cpe_test", v1.getBaseCpe());
         assertTrue(v1.getPurls().contains("pgk:pypi/[email protected]"));
+        assertTrue(v1.getPurls().contains("pgk:pypi/[email protected]"));
         assertTrue(v1.getReferences().contains("www.anotherreference.com"));
         assertTrue(v1.getPatchLinks().contains("www.patch.com"));
         assertEquals(v1.getSeverity(), Severity.CRITICAL);