Put package list (#37)

Allow clients to send a realistically large list of packages to query for CVEs

Fixes gardenlinux/glvd#99

api-examples/Get CVEs by Gardenlinux Version Packages PUT.bru

@@ -0,0 +1,15 @@
+meta {
+  name: Get CVEs by Gardenlinux Version Packages PUT
+  type: http
+  seq: 8
+}
+
+put {
+  url: {{schema_hostname_port}}/v1/cves/1592.0/packages
+  body: json
+  auth: none
+}
+
+body:json {
+  ["vim","bash","python3","curl"]
+}

src/docs/asciidoc/index.adoc

@@ -37,6 +37,17 @@ The expected response looks like this:
 
 include::{snippets}/getCveForPackages/http-response.adoc[]
 
+=== Get a list of CVEs for packages by distro via PUT
+
+This endpoint will give you all the CVE for a list of packages in a specified distro.
+Package names are provided in the request body in json-encoded form.
+
+include::{snippets}/getCveForPackagesPut/curl-request.adoc[]
+
+The expected response looks like this:
+
+include::{snippets}/getCveForPackagesPut/http-response.adoc[]
+
 === Get List of Packages
 
 Just gives you a list of packages in a given distribution.

src/main/java/io/gardenlinux/glvd/GlvdController.java

@@ -44,6 +44,20 @@ ResponseEntity<List<SourcePackageCve>> getCvePackages(
         return ResponseEntity.ok().body(cveForPackages);
     }
 
+    @PutMapping("/cves/{gardenlinuxVersion}/packages")
+    ResponseEntity<List<SourcePackageCve>> getCvePackagesxx(
+            @PathVariable final String gardenlinuxVersion,
+            @RequestBody final PackageList packages,
+            @RequestParam(defaultValue = "cveId") final String sortBy,
+            @RequestParam(defaultValue = "ASC") final String sortOrder,
+            @RequestParam(required = false) final String pageNumber,
+            @RequestParam(required = false) final String pageSize
+    ) {
+        var packageList = packages.toString();
+        var cveForPackages = glvdService.getCveForPackages(gardenlinuxVersion, packageList, new SortAndPageOptions(sortBy, sortOrder, pageNumber, pageSize));
+        return ResponseEntity.ok().body(cveForPackages);
+    }
+
     @GetMapping("/packages/{sourcePackage}")
     ResponseEntity<List<SourcePackageCve>> packageWithVulnerabilities(
             @PathVariable final String sourcePackage,

src/main/java/io/gardenlinux/glvd/PackageList.java

@@ -0,0 +1,24 @@
+package io.gardenlinux.glvd;
+
+import java.util.List;
+
+public class PackageList {
+
+    private List<String> packageNames;
+
+    public PackageList() {
+    }
+
+    public PackageList(List<String> packageNames) {
+        this.packageNames = packageNames;
+    }
+
+    public List<String> getPackageNames() {
+        return packageNames;
+    }
+
+    @Override
+    public String toString() {
+        return String.join(",", packageNames);
+    }
+}

src/test/java/io/gardenlinux/glvd/GlvdControllerTest.java

@@ -92,6 +92,28 @@ public void shouldReturnCvesForListOfPackages() {
                 .then().statusCode(HttpStatus.SC_OK);
     }
 
+    @Test
+    public void shouldReturnCvesForPutListOfPackages() {
+        var packageList = """
+                  {
+                  "packageNames": [
+                    "vim",
+                    "bash",
+                    "python3",
+                    "curl"
+                  ]
+                }""";
+
+        given(this.spec).accept("application/json")
+                .filter(document("getCveForPackagesPut",
+                        preprocessRequest(modifyUris().scheme("https").host("glvd.gardenlinux.io").removePort()),
+                        preprocessResponse(prettyPrint())))
+                .contentType("application/json")
+                .body(packageList)
+                .when().port(this.port).put("/v1/cves/1592.0/packages?pageNumber=4&pageSize=2")
+                .then().statusCode(HttpStatus.SC_OK);
+    }
+
     @Test
     public void shouldGetPackagesForDistro() {
         given(this.spec).accept("application/json")