fix: Make POJOs Seriializable (#82)

* fix: data objects should be serializable

* fix: code inspection suggestions from intellij

buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle

@@ -12,7 +12,7 @@ plugins {
 }
 
 group 'io.github.jeremylong'
-version = '5.0.0'
+version = '5.0.1'
 
 repositories {
     mavenCentral()

open-vulnerability-clients/README.md

@@ -39,14 +39,14 @@ See API usage examples in the [open-vulnerability-store](https://github.com/jere
 <dependency>
    <groupId>io.github.jeremylong</groupId>
    <artifactId>open-vulnerability-clients</artifactId>
-   <version>5.0.0</version>
+   <version>5.0.1</version>
 </dependency>
 ```
 
 ### gradle
 
 ```groovy
-implementation 'io.github.jeremylong:open-vulnerability-clients:5.0.0'
+implementation 'io.github.jeremylong:open-vulnerability-clients:5.0.1'
 ```
 
 ### api usage

open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/DataFeed.java

@@ -16,8 +16,6 @@
  */
 package io.github.jeremylong.openvulnerability.client;
 
-import java.util.List;
-
 public interface DataFeed<T> {
-    public T download();
+    T download();
 }

open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/PagedDataSource.java

@@ -28,43 +28,43 @@ public interface PagedDataSource<T> extends AutoCloseable, Iterator<Collection<T
      * @throws Exception thrown if there is a problem.
      */
     @Override
-    public void close() throws Exception;
+    void close() throws Exception;
 
     /**
      * Only available after the first call to `next()`; returns the total number of records that will be available.
      *
      * @return the total number of records that will be returned
      */
-    public int getTotalAvailable();
+    int getTotalAvailable();
 
     /**
      * Returns the last HTTP Status Code received.
      *
      * @return the last HTTP Status Code received.
      */
-    public int getLastStatusCode();
+    int getLastStatusCode();
 
     /**
      * Returns <code>true</code> if there are more records available; otherwise <code>false</code>.
      *
      * @return <code>true</code> if there are more records available; otherwise <code>false</code>.
      */
     @Override
-    public boolean hasNext();
+    boolean hasNext();
 
     /**
      * Returns the next collection of vulnerability data.
      *
      * @return a collection of vulnerability data.
      */
     @Override
-    public Collection<T> next();
+    Collection<T> next();
 
     /**
      * Returns the latest updated date.
      *
      * @return the latest updated date
      */
-    public ZonedDateTime getLastUpdated();
+    ZonedDateTime getLastUpdated();
 
 }

open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/RecordDataSource.java

@@ -21,13 +21,13 @@
 import java.util.Iterator;
 
 /**
- * A simple wrapper around a PagedDataSource that iterates over single objects rather then a page at a time.
+ * A simple wrapper around a PagedDataSource that iterates over single objects rather than a page at a time.
  *
  * @param <T> the data type
  */
 public class RecordDataSource<T> implements AutoCloseable, Iterator<T> {
 
-    private PagedDataSource<T> source;
+    private final PagedDataSource<T> source;
     private Iterator<T> current;
 
     public RecordDataSource(PagedDataSource<T> source) {

open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssDataFeed.java

@@ -34,7 +34,8 @@
  */
 public class EpssDataFeed implements DataFeed<List<EpssItem>> {
     private final static String DEFAULT_LOCATION = "https://epss.cyentia.com/epss_scores-current.csv.gz";
-    private String downloadUrl;
+
+    private final String downloadUrl;
 
     public EpssDataFeed() {
         this.downloadUrl = DEFAULT_LOCATION;
@@ -49,7 +50,7 @@ public List<EpssItem> download() {
         List<EpssItem> list = null;
         HttpGet request = new HttpGet(downloadUrl);
         SystemDefaultRoutePlanner planner = new SystemDefaultRoutePlanner(ProxySelector.getDefault());
-        try (CloseableHttpClient client = HttpClientBuilder.create().setRoutePlanner(planner).build();) {
+        try (CloseableHttpClient client = HttpClientBuilder.create().setRoutePlanner(planner).build()) {
             list = client.execute(request, new EpssResponseHandler());
         } catch (IOException e) {
             e.printStackTrace();

open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssException.java

@@ -22,6 +22,12 @@
  * @author Jeremy Long
  */
 public class EpssException extends RuntimeException {
+
+    /**
+     * Serialization version UID.
+     */
+    private static final long serialVersionUID = 6042021783700299275L;
+
     /**
      * Generate a new exception.
      *

open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssItem.java

@@ -16,18 +16,23 @@
  */
 package io.github.jeremylong.openvulnerability.client.epss;
 
-import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 
+import java.io.Serializable;
+
 /**
  * Exploit Prediction Scoring System (EPSS) score.
  *
  * @see <a href="https://www.first.org/epss/">https://www.first.org/epss/</a>
  */
 
 @JsonPropertyOrder({"cve", "epss", "percentile"})
-public class EpssItem {
+public class EpssItem implements Serializable {
+    /**
+     * Serialization version UID.
+     */
+    private static final long serialVersionUID = 5043194930534860395L;
     @JsonProperty("cve")
     String cve;
     @JsonProperty("epss")

open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssResponseHandler.java

@@ -57,7 +57,7 @@ public List<EpssItem> handleEntity(HttpEntity entity) throws IOException {
                 }
                 try {
                     String[] data = line.split(",");
-                    EpssItem score = new EpssItem(data[0], new Double(data[1]), new Double(data[2]));
+                    EpssItem score = new EpssItem(data[0], Double.parseDouble(data[1]), Double.parseDouble((data[2])));
                     list.add(score);
                 } catch (NumberFormatException | ArrayIndexOutOfBoundsException ex) {
                     throw new EpssException("Unable to parse EPSS CSV", ex);

open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/AbstractPageable.java

@@ -20,9 +20,15 @@
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serializable;
+
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class AbstractPageable {
+public class AbstractPageable implements Serializable {
 
+    /**
+     * Serialization version UID.
+     */
+    private static final long serialVersionUID = 7420520124100919177L;
     @JsonProperty(value = "totalCount", access = JsonProperty.Access.WRITE_ONLY)
     private int totalCount;
 

open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/CVSS.java

@@ -21,6 +21,7 @@
 import com.fasterxml.jackson.annotation.JsonInclude.Include;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serializable;
 import java.util.Objects;
 
 /**
@@ -32,8 +33,12 @@
  */
 @JsonInclude(Include.NON_NULL)
 @JsonIgnoreProperties(ignoreUnknown = true)
-public class CVSS {
+public class CVSS implements Serializable {
 
+    /**
+     * Serialization version UID.
+     */
+    private static final long serialVersionUID = 7546185855105761759L;
     @JsonProperty("score")
     Double score;
 

open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/CWE.java

@@ -20,15 +20,20 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 
+import java.io.Serializable;
 import java.util.Objects;
 
 /**
  * Common weakness enumeration.
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 @JsonPropertyOrder({"cweId", "name", "description"})
-public class CWE {
+public class CWE implements Serializable {
 
+    /**
+     * Serialization version UID.
+     */
+    private static final long serialVersionUID = -5061078131276736530L;
     @JsonProperty(value = "node", access = JsonProperty.Access.WRITE_ONLY)
     private CWERecord node;
 
@@ -120,8 +125,12 @@ public int hashCode() {
      * </pre>
      */
     @JsonIgnoreProperties(ignoreUnknown = true)
-    static class CWERecord {
+    static class CWERecord implements Serializable {
 
+        /**
+         * Serialization version UID.
+         */
+        private static final long serialVersionUID = 8882754946152269822L;
         @JsonProperty("cweId")
         private String cweId;
 

open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/CWEs.java

@@ -20,11 +20,16 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 
+import java.io.Serializable;
 import java.util.List;
 import java.util.Objects;
 
-public class CWEs extends AbstractPageable {
+public class CWEs extends AbstractPageable implements Serializable {
 
+    /**
+     * Serialization version UID.
+     */
+    private static final long serialVersionUID = 1810814451811673122L;
     @JsonProperty("edges")
     private List<CWE> cwes;
 

open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/GitHubSecurityAdvisoryClient.java

@@ -112,11 +112,11 @@ public class GitHubSecurityAdvisoryClient implements PagedDataSource<SecurityAdv
     /**
      * The GitHub GraphQL endpoint.
      */
-    private String endpoint;
+    private final String endpoint;
     /**
      * The GitHub Access Token.
      */
-    private String githubToken;
+    private final String githubToken;
     /**
      * The classification of the advisory ("GENERAL", "MALWARE")
      */
@@ -171,7 +171,7 @@ public GitHubSecurityAdvisoryClient(String githubToken, String endpoint) {
      * @return the mustache template.
      */
     private Template loadMustacheTemplate(String resourceName) {
-        String template = null;
+        String template;
         try (InputStream is = getClass().getClassLoader().getResourceAsStream(resourceName);
                 InputStreamReader isr = new InputStreamReader(is, StandardCharsets.UTF_8);
                 BufferedReader reader = new BufferedReader(isr)) {
@@ -221,11 +221,11 @@ public void setPublishedSinceFilter(ZonedDateTime utcPublishedSinceFilter) {
     private Future<SimpleHttpResponse> query(String json) {
         ObjectNode jsonObj = objectMapper.createObjectNode();
         jsonObj.put("query", json);
-        String query = null;
+        String query;
         try {
             query = objectMapper.writeValueAsString(jsonObj);
         } catch (JsonProcessingException e) {
-            throw new GitHubSecurityAdvisoryException("Unable to convert template to quer", e);
+            throw new GitHubSecurityAdvisoryException("Unable to convert template to query", e);
         }
         SimpleRequestBuilder builder = SimpleRequestBuilder.post(endpoint);
         builder.addHeader("Authorization", "bearer " + githubToken);
@@ -287,13 +287,11 @@ public boolean hasNext() {
     public Collection<SecurityAdvisory> next() {
         try {
             Map<String, String> data = buildGraphQLData();
-            // after should be the endCursor of the previous request - leave out for the first request
-            // data.put("after","asdfadfasdfasfawefqwe");
             if (firstCall) {
                 firstCall = false;
                 futureResponse = query(advistoriesTemplate.execute(data));
             }
-            SimpleHttpResponse response = null;
+            SimpleHttpResponse response;
             response = futureResponse.get();
             if (response.getCode() == 200) {
                 String body = response.getBodyText();
@@ -333,7 +331,7 @@ public Collection<SecurityAdvisory> next() {
     }
 
     private Map<String, String> buildGraphQLData() {
-        Map<String, String> data = new HashMap<String, String>();
+        Map<String, String> data = new HashMap<>();
         if (classifications != null) {
             data.put("classifications", classifications);
         }
@@ -375,14 +373,14 @@ private ZonedDateTime findLastUpdated(ZonedDateTime lastUpdatedDate, List<Securi
     /**
      * Ensure that the CWE and Vulnerability lists have been completely fetched and requests any missing entries.
      *
-     * @param list the list of security advisories to validate and if necassary add CWE or vulnerability data.
+     * @param list the list of security advisories to validate and if necessary add CWE or vulnerability data.
      * @throws ExecutionException thrown if there is a problem.
      * @throws InterruptedException thrown if interrupted.
      */
     private void ensureSubPages(List<SecurityAdvisory> list) throws ExecutionException, InterruptedException {
         for (SecurityAdvisory sa : list) {
             if (sa.getCwes().getPageInfo().isHasNextPage() || sa.getCwes().getTotalCount() > 50) {
-                LOG.debug("Retrieiving additional CWEs for " + sa.getGhsaId());
+                LOG.debug("Retrieving additional CWEs for " + sa.getGhsaId());
                 int count = 50;
                 int max = sa.getCwes().getTotalCount();
                 String after = sa.getCwes().getPageInfo().getEndCursor();
@@ -397,7 +395,7 @@ private void ensureSubPages(List<SecurityAdvisory> list) throws ExecutionExcepti
             }
             if (sa.getVulnerabilities().getPageInfo().isHasNextPage()
                     || sa.getVulnerabilities().getTotalCount() > 100) {
-                LOG.debug("Retrieiving additional Vulnerabilities for " + sa.getGhsaId());
+                LOG.debug("Retrieving additional Vulnerabilities for " + sa.getGhsaId());
                 int count = 100;
                 int max = sa.getVulnerabilities().getTotalCount();
                 String after = sa.getVulnerabilities().getPageInfo().getEndCursor();
@@ -407,7 +405,7 @@ private void ensureSubPages(List<SecurityAdvisory> list) throws ExecutionExcepti
                     count += vulnerability.getEdges().size();
                     max = vulnerability.getTotalCount();
                     after = vulnerability.getPageInfo().getEndCursor();
-                    sa.getVulnerabilities().addAllVulnerabilties(vulnerability.getEdges());
+                    sa.getVulnerabilities().addAllVulnerabilities(vulnerability.getEdges());
                 }
             }
         }
@@ -425,9 +423,9 @@ private void ensureSubPages(List<SecurityAdvisory> list) throws ExecutionExcepti
      */
     private SecurityAdvisoryResponse fetch(Template template, String ghsaId, String after)
             throws InterruptedException, ExecutionException {
-        SecurityAdvisoryResponse results = null;
+        SecurityAdvisoryResponse results;
         try {
-            Map<String, String> data = new HashMap<String, String>();
+            Map<String, String> data = new HashMap<>();
             data.put("ghsaId", ghsaId);
             data.put("after", after);
             Future<SimpleHttpResponse> future = query(template.execute(data));

open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/GitHubSecurityAdvisoryClientBuilder.java

@@ -23,7 +23,7 @@
 
 /**
  * Used to build an GitHub SecurityAdvisory GraphQL API client. As the GitHubSecurityAdvisoryClient client is
- * autoclosable the builder should be used in a try with resources:
+ * autocloseable the builder should be used in a try with resources:
  *
  * <pre>
  * try (GitHubSecurityAdvisoryClient api = GitHubSecurityAdvisoryClientBuilder.aGitHubSecurityAdvisoryClient()

open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/GitHubSecurityAdvisoryException.java

@@ -22,6 +22,11 @@
  * @author Jeremy Long
  */
 public class GitHubSecurityAdvisoryException extends RuntimeException {
+    /**
+     * Serialization version UID.
+     */
+    private static final long serialVersionUID = -6615518803518244886L;
+
     /**
      * Generate a new exception.
      *