Skip to content

Commit

Permalink
Address remaining Jackson usage inconsistencies
Browse files Browse the repository at this point in the history 
Signed-off-by: nscuro <[email protected]>
  • Loading branch information
@nscuro
nscuro committed Mar 27, 2023
1 parent 7470cb9 commit 6a4aa18
Show file tree
Hide file tree
Showing 11 changed files with 64 additions and 66 deletions.
2 changes: 1 addition & 1 deletion src/main/java/org/dependencytrack/integrations/kenna/KennaSecurityUploader.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ public void upload(final InputStream payload) {
try (CloseableHttpResponse response = HttpClientPool.getClient().execute(request)) {
if (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
final JsonNode root = Jackson.readHttpResponse(response);
if (root.get("success").asBoolean()) {
if (Jackson.optBoolean(root, "success")) {
LOGGER.debug("Successfully uploaded KDI");
return;
}
Expand Down
44 changes: 22 additions & 22 deletions src/main/java/org/dependencytrack/parser/github/graphql/GitHubSecurityAdvisoryParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,24 +65,24 @@ public PageableList parse(final JsonNode object) {
private GitHubSecurityAdvisory parseSecurityAdvisory(final JsonNode object) {
final GitHubSecurityAdvisory advisory = new GitHubSecurityAdvisory();
advisory.setDatabaseId(Jackson.optInt(object, "databaseId"));
advisory.setDescription(Jackson.optString(object,"description"));
advisory.setGhsaId(Jackson.optString(object,"ghsaId"));
advisory.setId(Jackson.optString(object,"id"));
advisory.setNotificationsPermalink(Jackson.optString(object,"notificationsPermalink"));
advisory.setOrigin(Jackson.optString(object,"origin"));
advisory.setPermalink(Jackson.optString(object,"permalink"));
advisory.setSeverity(Jackson.optString(object,"severity"));
advisory.setSummary(Jackson.optString(object,"summary"));
advisory.setPublishedAt(jsonStringToTimestamp(Jackson.optString(object,"publishedAt")));
advisory.setUpdatedAt(jsonStringToTimestamp(Jackson.optString(object,"updatedAt")));
advisory.setWithdrawnAt(jsonStringToTimestamp(Jackson.optString(object,"withdrawnAt")));
advisory.setDescription(Jackson.optString(object,"description", null));
advisory.setGhsaId(Jackson.optString(object,"ghsaId", null));
advisory.setId(Jackson.optString(object,"id", null));
advisory.setNotificationsPermalink(Jackson.optString(object,"notificationsPermalink", null));
advisory.setOrigin(Jackson.optString(object,"origin", null));
advisory.setPermalink(Jackson.optString(object,"permalink", null));
advisory.setSeverity(Jackson.optString(object,"severity", null));
advisory.setSummary(Jackson.optString(object,"summary", null));
advisory.setPublishedAt(jsonStringToTimestamp(Jackson.optString(object,"publishedAt", null)));
advisory.setUpdatedAt(jsonStringToTimestamp(Jackson.optString(object,"updatedAt", null)));
advisory.setWithdrawnAt(jsonStringToTimestamp(Jackson.optString(object,"withdrawnAt", null)));

final ArrayNode identifiers = Jackson.optArray(object,"identifiers");
if (identifiers != null) {
for (int i=0; i<identifiers.size(); i++) {
final JsonNode identifier = identifiers.get(i);
final String type = Jackson.optString(identifier,"type");
final String value = Jackson.optString(identifier,"value");
final String type = Jackson.optString(identifier,"type", null);
final String value = Jackson.optString(identifier,"value", null);
if (type != null && value != null) {
final Pair<String, String> pair = Pair.of(type, value);
advisory.addIdentifier(pair);
Expand All @@ -93,7 +93,7 @@ private GitHubSecurityAdvisory parseSecurityAdvisory(final JsonNode object) {
final ArrayNode references = Jackson.optArray(object,"references");
if (references != null) {
for (int i=0; i<references.size(); i++) {
final String url = (Jackson.optString(references.get(i), "url"));
final String url = Jackson.optString(references.get(i), "url", null);
if (url != null) {
advisory.addReference(url);
}
Expand All @@ -103,7 +103,7 @@ private GitHubSecurityAdvisory parseSecurityAdvisory(final JsonNode object) {
final JsonNode cvss = object.get("cvss");
if (cvss != null) {
advisory.setCvssScore(Jackson.optInt(cvss, "score"));
advisory.setCvssVector(Jackson.optString(cvss,"score"));
advisory.setCvssVector(Jackson.optString(cvss,"score", null));
}

final JsonNode cwes = object.get("cwes");
Expand All @@ -115,7 +115,7 @@ private GitHubSecurityAdvisory parseSecurityAdvisory(final JsonNode object) {
if (edge != null) {
final JsonNode node = edge.get("node");
if (node != null) {
final String cweId = Jackson.optString(node,"cweId");
final String cweId = Jackson.optString(node,"cweId", null);
if (cweId != null) {
advisory.addCwe(cweId);
}
Expand Down Expand Up @@ -149,17 +149,17 @@ private List<GitHubVulnerability> parseVulnerabilities(final JsonNode object) {

private GitHubVulnerability parseVulnerability(final JsonNode object) {
final GitHubVulnerability vulnerability = new GitHubVulnerability();
vulnerability.setSeverity(Jackson.optString(object,"severity"));
vulnerability.setUpdatedAt(jsonStringToTimestamp(Jackson.optString(object,"updatedAt")));
vulnerability.setSeverity(Jackson.optString(object,"severity", null));
vulnerability.setUpdatedAt(jsonStringToTimestamp(Jackson.optString(object,"updatedAt", null)));
final JsonNode firstPatchedVersion = object.get("firstPatchedVersion");
if (firstPatchedVersion != null) {
vulnerability.setFirstPatchedVersionIdentifier(Jackson.optString(firstPatchedVersion,"identifier"));
vulnerability.setFirstPatchedVersionIdentifier(Jackson.optString(firstPatchedVersion,"identifier", null));
}
vulnerability.setVulnerableVersionRange(Jackson.optString(object,"vulnerableVersionRange"));
vulnerability.setVulnerableVersionRange(Jackson.optString(object,"vulnerableVersionRange", null));
final JsonNode packageObject = object.get("package");
if (packageObject != null) {
vulnerability.setPackageEcosystem(Jackson.optString(packageObject,"ecosystem"));
vulnerability.setPackageName(Jackson.optString(packageObject,"name"));
vulnerability.setPackageEcosystem(Jackson.optString(packageObject,"ecosystem", null));
vulnerability.setPackageName(Jackson.optString(packageObject,"name", null));
}
return vulnerability;
}
Expand Down
24 changes: 12 additions & 12 deletions src/main/java/org/dependencytrack/parser/ossindex/OssIndexParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,22 +61,22 @@ public List<ComponentReport> parse(final CloseableHttpResponse response) throws

private ComponentReport parse(final JsonNode object) {
final ComponentReport componentReport = new ComponentReport();
componentReport.setCoordinates(Jackson.optString(object, "coordinates"));
componentReport.setDescription(Jackson.optString(object, "description"));
componentReport.setReference(Jackson.optString(object, "references"));
final ArrayNode vulnerabilities = Jackson.optArray(object,"vulnerabilities");
componentReport.setCoordinates(Jackson.optString(object, "coordinates", null));
componentReport.setDescription(Jackson.optString(object, "description", null));
componentReport.setReference(Jackson.optString(object, "references", null));
final ArrayNode vulnerabilities = Jackson.optArray(object,"vulnerabilities", Jackson.newArray());
for (int i = 0; i < vulnerabilities.size(); i++) {
final JsonNode vulnObject = vulnerabilities.get(i);
final ComponentReportVulnerability vulnerability = new ComponentReportVulnerability();
vulnerability.setId(Jackson.optString(vulnObject, "id"));
vulnerability.setTitle(Jackson.optString(vulnObject, "title"));
vulnerability.setDescription(Jackson.optString(vulnObject, "description"));
vulnerability.setId(Jackson.optString(vulnObject, "id", null));
vulnerability.setTitle(Jackson.optString(vulnObject, "title", null));
vulnerability.setDescription(Jackson.optString(vulnObject, "description", null));
vulnerability.setCvssScore(Jackson.optDouble(vulnObject, "cvssScore"));
vulnerability.setCvssVector(Jackson.optString(vulnObject, "cvssVector"));
vulnerability.setCwe(Jackson.optString(vulnObject, "cwe"));
vulnerability.setCve(Jackson.optString(vulnObject, "cve"));
vulnerability.setReference(Jackson.optString(vulnObject, "reference"));
final ArrayNode externalRefsJSONArray = Jackson.optArray(vulnObject,"externalReferences");
vulnerability.setCvssVector(Jackson.optString(vulnObject, "cvssVector", null));
vulnerability.setCwe(Jackson.optString(vulnObject, "cwe", null));
vulnerability.setCve(Jackson.optString(vulnObject, "cve", null));
vulnerability.setReference(Jackson.optString(vulnObject, "reference", null));
final ArrayNode externalRefsJSONArray = Jackson.optArray(vulnObject,"externalReferences", Jackson.newArray());
final List<String> externalReferences = new ArrayList<>();
for (int j = 0; j < externalRefsJSONArray.size(); j++) {
externalReferences.add(externalRefsJSONArray.get(j).asText());
Expand Down
16 changes: 8 additions & 8 deletions src/main/java/org/dependencytrack/parser/osv/OsvAdvisoryParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -181,7 +181,7 @@ private List<OsvAffectedPackage> parseVersionRanges(JsonNode vulnerability, Json
for (int i = 0; i < rangeEvents.size(); i++) {
JsonNode event = rangeEvents.get(i);

final String introduced = Jackson.optString(event, "introduced");
final String introduced = Jackson.optString(event, "introduced", null);
if (introduced == null) {
// "introduced" is required for every range. But events are not guaranteed to be sorted,
// it's merely a recommendation by the OSV specification.
Expand All @@ -197,9 +197,9 @@ private List<OsvAffectedPackage> parseVersionRanges(JsonNode vulnerability, Json

if (i + 1 < rangeEvents.size()) {
event = rangeEvents.get(i + 1);
final String fixed = Jackson.optString(event, "fixed");
final String lastAffected = Jackson.optString(event, "last_affected");
final String limit = Jackson.optString(event, "limit");
final String fixed = Jackson.optString(event, "fixed", null);
final String lastAffected = Jackson.optString(event, "last_affected", null);
final String limit = Jackson.optString(event, "limit", null);

if (fixed != null) {
affectedPackage.setUpperVersionRangeExcluding(fixed);
Expand All @@ -218,7 +218,7 @@ private List<OsvAffectedPackage> parseVersionRanges(JsonNode vulnerability, Json
if (databaseSpecific != null
&& affectedPackage.getUpperVersionRangeIncluding() == null
&& affectedPackage.getUpperVersionRangeExcluding() == null) {
final String lastAffectedRange = Jackson.optString(databaseSpecific, "last_known_affected_version_range");
final String lastAffectedRange = Jackson.optString(databaseSpecific, "last_known_affected_version_range", null);
if (lastAffectedRange != null) {
if (lastAffectedRange.startsWith("<=")) {
affectedPackage.setUpperVersionRangeIncluding(lastAffectedRange.replaceFirst("<=", "").trim());
Expand All @@ -241,9 +241,9 @@ private OsvAffectedPackage createAffectedPackage(JsonNode vulnerability) {
final JsonNode ecosystemSpecific = vulnerability.get("ecosystem_specific");
final JsonNode databaseSpecific = vulnerability.get("database_specific");
Severity ecosystemSeverity = parseEcosystemSeverity(ecosystemSpecific, databaseSpecific);
osvAffectedPackage.setPackageName(Jackson.optString(affectedPackageJson, "name"));
osvAffectedPackage.setPackageEcosystem(Jackson.optString(affectedPackageJson, "ecosystem"));
osvAffectedPackage.setPurl(Jackson.optString(affectedPackageJson, "purl"));
osvAffectedPackage.setPackageName(Jackson.optString(affectedPackageJson, "name", null));
osvAffectedPackage.setPackageEcosystem(Jackson.optString(affectedPackageJson, "ecosystem", null));
osvAffectedPackage.setPurl(Jackson.optString(affectedPackageJson, "purl", null));
osvAffectedPackage.setSeverity(ecosystemSeverity);
return osvAffectedPackage;
}
Expand Down
20 changes: 10 additions & 10 deletions src/main/java/org/dependencytrack/parser/snyk/SnykParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ public Vulnerability parse(ArrayNode data, QueryManager qm, String purl, int cou
vulnerability.setSource(Vulnerability.Source.SNYK);
// get the id of the data record (vulnerability)
final JsonNode dataNode = data.get(count);
vulnerability.setVulnId(Jackson.optString(dataNode, "id"));
vulnerability.setVulnId(Jackson.optString(dataNode, "id", null));
final JsonNode vulnAttributes = dataNode.get("attributes");
if (vulnAttributes != null && Jackson.optString(vulnAttributes, "type").equalsIgnoreCase("package_vulnerability")) {
// get the references of the data record (vulnerability)
Expand All @@ -71,10 +71,10 @@ public Vulnerability parse(ArrayNode data, QueryManager qm, String purl, int cou
vulnerability.setReferences(addReferences(slots));
}
}
vulnerability.setTitle(Jackson.optString(vulnAttributes,"title"));
vulnerability.setDescription(Jackson.optString(vulnAttributes,"description"));
vulnerability.setCreated(Date.from(jsonStringToTimestamp(Jackson.optString(vulnAttributes,"created_at")).toInstant()));
vulnerability.setUpdated(Date.from(jsonStringToTimestamp(Jackson.optString(vulnAttributes,"updated_at")).toInstant()));
vulnerability.setTitle(Jackson.optString(vulnAttributes,"title", null));
vulnerability.setDescription(Jackson.optString(vulnAttributes,"description", null));
vulnerability.setCreated(Date.from(jsonStringToTimestamp(Jackson.optString(vulnAttributes,"created_at", null)).toInstant()));
vulnerability.setUpdated(Date.from(jsonStringToTimestamp(Jackson.optString(vulnAttributes,"updated_at", null)).toInstant()));
final ArrayNode problems = Jackson.optArray(vulnAttributes, "problems");
if (problems != null) {
vulnerability.setAliases(computeAliases(vulnerability, qm, problems));
Expand Down Expand Up @@ -116,7 +116,7 @@ public Vulnerability parse(ArrayNode data, QueryManager qm, String purl, int cou
}

public List<SnykError> parseErrors(final JsonNode jsonResponse) {
if (jsonResponse == null || !jsonResponse.fields().hasNext()) {
if (jsonResponse == null) {
return Collections.emptyList();
}

Expand Down Expand Up @@ -178,7 +178,7 @@ else if (source.equalsIgnoreCase("GHSA")) {
public Vulnerability setCvssScore(ArrayNode cvssArray, Vulnerability vulnerability) {
JsonNode cvss = selectCvssObjectBasedOnSource(cvssArray);
if (cvss != null) {
String severity = Jackson.optString(cvss,"level");
String severity = Jackson.optString(cvss,"level", null);
if (severity != null) {
if (severity.equalsIgnoreCase("CRITICAL")) {
vulnerability.setSeverity(Severity.CRITICAL);
Expand All @@ -193,7 +193,7 @@ public Vulnerability setCvssScore(ArrayNode cvssArray, Vulnerability vulnerabili
}
}
vulnerability.setCvssV3Vector(Jackson.optString(cvss,"vector"));
final String cvssScore = Jackson.optString(cvss,"score");
final String cvssScore = Jackson.optString(cvss,"score", null);
if (cvssScore != null) {
vulnerability.setCvssV3BaseScore(BigDecimal.valueOf(Double.parseDouble(cvssScore)));
}
Expand All @@ -202,11 +202,11 @@ public Vulnerability setCvssScore(ArrayNode cvssArray, Vulnerability vulnerabili
}

public String addReferences(JsonNode slots) {
final ArrayNode links = Jackson.optArray(slots, "references");
final ArrayNode links = Jackson.optArray(slots, "references", Jackson.newArray());
final StringBuilder sb = new StringBuilder();
for (int linkCount = 0; linkCount < links.size(); linkCount++) {
final JsonNode link = links.get(linkCount);
String reference = Jackson.optString(link,"url");
String reference = Jackson.optString(link,"url", null);
if (reference != null) {
sb.append("* [").append(reference).append("](").append(reference).append(")\n");
}
Expand Down
5 changes: 2 additions & 3 deletions src/main/java/org/dependencytrack/policy/ComponentHashPolicyEvaluator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@

import java.util.ArrayList;
import java.util.List;
import java.util.Optional;

/**
* Evaluates a components HASH against a policy.
Expand Down Expand Up @@ -69,8 +68,8 @@ private Hash extractHashValues(PolicyCondition condition) {
}
final JsonNode def = Jackson.readString(condition.getValue());
return new Hash(
Optional.ofNullable(def.get("algorithm")).map(JsonNode::asText).orElse(null),
Optional.ofNullable(def.get("value")).map(JsonNode::asText).orElse(null)
Jackson.optString(def, "algorithm", null),
Jackson.optString(def, "value", null)
);
}

Expand Down
7 changes: 3 additions & 4 deletions src/main/java/org/dependencytrack/policy/CoordinatesPolicyEvaluator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@

import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

Expand Down Expand Up @@ -152,9 +151,9 @@ private Coordinates parseCoordinatesDefinition(final PolicyCondition condition)
}
final JsonNode def = Jackson.readString(condition.getValue());
return new Coordinates(
Optional.ofNullable(def.get("group")).map(JsonNode::asText).orElse(null),
Optional.ofNullable(def.get("name")).map(JsonNode::asText).orElse(null),
Optional.ofNullable(def.get("version")).map(JsonNode::asText).orElse(null)
Jackson.optString(def, "group", null),
Jackson.optString(def, "name", null),
Jackson.optString(def, "version", null)
);
}

Expand Down
4 changes: 2 additions & 2 deletions src/main/java/org/dependencytrack/tasks/repositories/HexMetaAnalyzer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,9 +88,9 @@ public MetaModel analyze(final Component component) {
if (releasesArray != null && releasesArray.size() > 0) {
// The first one in the array is always the latest version
final JsonNode release = releasesArray.get(0);
final String latest = Jackson.optString(release, "version");
final String latest = Jackson.optString(release, "version", null);
meta.setLatestVersion(latest);
final String insertedAt = Jackson.optString(release, "inserted_at");
final String insertedAt = Jackson.optString(release, "inserted_at", null);
if (insertedAt != null) {
final DateFormat dateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
try {
Expand Down
2 changes: 1 addition & 1 deletion src/main/java/org/dependencytrack/tasks/repositories/NpmMetaAnalyzer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ public MetaModel analyze(final Component component) {
if (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
JsonNode jsonObject = Jackson.readHttpResponse(response);
if (jsonObject != null) {
final String latest = Jackson.optString(jsonObject, "latest");
final String latest = Jackson.optString(jsonObject, "latest", null);
if (latest != null) {
meta.setLatestVersion(latest);
}
Expand Down
Loading

0 comments on commit 6a4aa18

Please sign in to comment.