diff --git a/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle b/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle index 5dbcd03b..b19bde05 100644 --- a/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle +++ b/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle @@ -12,7 +12,7 @@ plugins { } group 'io.github.jeremylong' -version = '5.0.0' +version = '5.0.1' repositories { mavenCentral() diff --git a/open-vulnerability-clients/README.md b/open-vulnerability-clients/README.md index 868c38b5..91232409 100644 --- a/open-vulnerability-clients/README.md +++ b/open-vulnerability-clients/README.md @@ -39,14 +39,14 @@ See API usage examples in the [open-vulnerability-store](https://github.com/jere io.github.jeremylong open-vulnerability-clients - 5.0.0 + 5.0.1 ``` ### gradle ```groovy -implementation 'io.github.jeremylong:open-vulnerability-clients:5.0.0' +implementation 'io.github.jeremylong:open-vulnerability-clients:5.0.1' ``` ### api usage diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/DataFeed.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/DataFeed.java index bedb8494..1aeef058 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/DataFeed.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/DataFeed.java @@ -16,8 +16,6 @@ */ package io.github.jeremylong.openvulnerability.client; -import java.util.List; - public interface DataFeed { - public T download(); + T download(); } diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/PagedDataSource.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/PagedDataSource.java index caaa808d..0ba7e62a 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/PagedDataSource.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/PagedDataSource.java @@ -28,21 +28,21 @@ public interface PagedDataSource extends AutoCloseable, Iteratortrue if there are more records available; otherwise false. @@ -50,7 +50,7 @@ public interface PagedDataSource extends AutoCloseable, Iteratortrue if there are more records available; otherwise false. */ @Override - public boolean hasNext(); + boolean hasNext(); /** * Returns the next collection of vulnerability data. @@ -58,13 +58,13 @@ public interface PagedDataSource extends AutoCloseable, Iterator next(); + Collection next(); /** * Returns the latest updated date. * * @return the latest updated date */ - public ZonedDateTime getLastUpdated(); + ZonedDateTime getLastUpdated(); } diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/RecordDataSource.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/RecordDataSource.java index d9e961f7..131f9425 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/RecordDataSource.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/RecordDataSource.java @@ -21,13 +21,13 @@ import java.util.Iterator; /** - * A simple wrapper around a PagedDataSource that iterates over single objects rather then a page at a time. + * A simple wrapper around a PagedDataSource that iterates over single objects rather than a page at a time. * * @param the data type */ public class RecordDataSource implements AutoCloseable, Iterator { - private PagedDataSource source; + private final PagedDataSource source; private Iterator current; public RecordDataSource(PagedDataSource source) { diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssDataFeed.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssDataFeed.java index 67a0ea3e..5632a3d8 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssDataFeed.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssDataFeed.java @@ -34,7 +34,8 @@ */ public class EpssDataFeed implements DataFeed> { private final static String DEFAULT_LOCATION = "https://epss.cyentia.com/epss_scores-current.csv.gz"; - private String downloadUrl; + + private final String downloadUrl; public EpssDataFeed() { this.downloadUrl = DEFAULT_LOCATION; @@ -49,7 +50,7 @@ public List download() { List list = null; HttpGet request = new HttpGet(downloadUrl); SystemDefaultRoutePlanner planner = new SystemDefaultRoutePlanner(ProxySelector.getDefault()); - try (CloseableHttpClient client = HttpClientBuilder.create().setRoutePlanner(planner).build();) { + try (CloseableHttpClient client = HttpClientBuilder.create().setRoutePlanner(planner).build()) { list = client.execute(request, new EpssResponseHandler()); } catch (IOException e) { e.printStackTrace(); diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssException.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssException.java index e85dda50..924a7343 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssException.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssException.java @@ -22,6 +22,12 @@ * @author Jeremy Long */ public class EpssException extends RuntimeException { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 6042021783700299275L; + /** * Generate a new exception. * diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssItem.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssItem.java index d8cb4187..e78e0e3a 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssItem.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssItem.java @@ -16,10 +16,11 @@ */ package io.github.jeremylong.openvulnerability.client.epss; -import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.io.Serializable; + /** * Exploit Prediction Scoring System (EPSS) score. * @@ -27,7 +28,11 @@ */ @JsonPropertyOrder({"cve", "epss", "percentile"}) -public class EpssItem { +public class EpssItem implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 5043194930534860395L; @JsonProperty("cve") String cve; @JsonProperty("epss") diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssResponseHandler.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssResponseHandler.java index 6ef8d58b..40105667 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssResponseHandler.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/epss/EpssResponseHandler.java @@ -57,7 +57,7 @@ public List handleEntity(HttpEntity entity) throws IOException { } try { String[] data = line.split(","); - EpssItem score = new EpssItem(data[0], new Double(data[1]), new Double(data[2])); + EpssItem score = new EpssItem(data[0], Double.parseDouble(data[1]), Double.parseDouble((data[2]))); list.add(score); } catch (NumberFormatException | ArrayIndexOutOfBoundsException ex) { throw new EpssException("Unable to parse EPSS CSV", ex); diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/AbstractPageable.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/AbstractPageable.java index ca261255..1146f6ff 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/AbstractPageable.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/AbstractPageable.java @@ -20,9 +20,15 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; +import java.io.Serializable; + @JsonIgnoreProperties(ignoreUnknown = true) -public class AbstractPageable { +public class AbstractPageable implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 7420520124100919177L; @JsonProperty(value = "totalCount", access = JsonProperty.Access.WRITE_ONLY) private int totalCount; diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/CVSS.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/CVSS.java index 99437324..37ebff5b 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/CVSS.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/CVSS.java @@ -21,6 +21,7 @@ import com.fasterxml.jackson.annotation.JsonInclude.Include; import com.fasterxml.jackson.annotation.JsonProperty; +import java.io.Serializable; import java.util.Objects; /** @@ -32,8 +33,12 @@ */ @JsonInclude(Include.NON_NULL) @JsonIgnoreProperties(ignoreUnknown = true) -public class CVSS { +public class CVSS implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 7546185855105761759L; @JsonProperty("score") Double score; diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/CWE.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/CWE.java index 4e64224b..a6e2b096 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/CWE.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/CWE.java @@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.io.Serializable; import java.util.Objects; /** @@ -27,8 +28,12 @@ */ @JsonIgnoreProperties(ignoreUnknown = true) @JsonPropertyOrder({"cweId", "name", "description"}) -public class CWE { +public class CWE implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = -5061078131276736530L; @JsonProperty(value = "node", access = JsonProperty.Access.WRITE_ONLY) private CWERecord node; @@ -120,8 +125,12 @@ public int hashCode() { * */ @JsonIgnoreProperties(ignoreUnknown = true) - static class CWERecord { + static class CWERecord implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 8882754946152269822L; @JsonProperty("cweId") private String cweId; diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/CWEs.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/CWEs.java index 300414b3..27bb8c39 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/CWEs.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/CWEs.java @@ -20,11 +20,16 @@ import com.fasterxml.jackson.annotation.JsonProperty; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; +import java.io.Serializable; import java.util.List; import java.util.Objects; -public class CWEs extends AbstractPageable { +public class CWEs extends AbstractPageable implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 1810814451811673122L; @JsonProperty("edges") private List cwes; diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/GitHubSecurityAdvisoryClient.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/GitHubSecurityAdvisoryClient.java index 42e3525b..021f4de8 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/GitHubSecurityAdvisoryClient.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/GitHubSecurityAdvisoryClient.java @@ -112,11 +112,11 @@ public class GitHubSecurityAdvisoryClient implements PagedDataSource query(String json) { ObjectNode jsonObj = objectMapper.createObjectNode(); jsonObj.put("query", json); - String query = null; + String query; try { query = objectMapper.writeValueAsString(jsonObj); } catch (JsonProcessingException e) { - throw new GitHubSecurityAdvisoryException("Unable to convert template to quer", e); + throw new GitHubSecurityAdvisoryException("Unable to convert template to query", e); } SimpleRequestBuilder builder = SimpleRequestBuilder.post(endpoint); builder.addHeader("Authorization", "bearer " + githubToken); @@ -287,13 +287,11 @@ public boolean hasNext() { public Collection next() { try { Map data = buildGraphQLData(); - // after should be the endCursor of the previous request - leave out for the first request - // data.put("after","asdfadfasdfasfawefqwe"); if (firstCall) { firstCall = false; futureResponse = query(advistoriesTemplate.execute(data)); } - SimpleHttpResponse response = null; + SimpleHttpResponse response; response = futureResponse.get(); if (response.getCode() == 200) { String body = response.getBodyText(); @@ -333,7 +331,7 @@ public Collection next() { } private Map buildGraphQLData() { - Map data = new HashMap(); + Map data = new HashMap<>(); if (classifications != null) { data.put("classifications", classifications); } @@ -375,14 +373,14 @@ private ZonedDateTime findLastUpdated(ZonedDateTime lastUpdatedDate, List list) throws ExecutionException, InterruptedException { for (SecurityAdvisory sa : list) { if (sa.getCwes().getPageInfo().isHasNextPage() || sa.getCwes().getTotalCount() > 50) { - LOG.debug("Retrieiving additional CWEs for " + sa.getGhsaId()); + LOG.debug("Retrieving additional CWEs for " + sa.getGhsaId()); int count = 50; int max = sa.getCwes().getTotalCount(); String after = sa.getCwes().getPageInfo().getEndCursor(); @@ -397,7 +395,7 @@ private void ensureSubPages(List list) throws ExecutionExcepti } if (sa.getVulnerabilities().getPageInfo().isHasNextPage() || sa.getVulnerabilities().getTotalCount() > 100) { - LOG.debug("Retrieiving additional Vulnerabilities for " + sa.getGhsaId()); + LOG.debug("Retrieving additional Vulnerabilities for " + sa.getGhsaId()); int count = 100; int max = sa.getVulnerabilities().getTotalCount(); String after = sa.getVulnerabilities().getPageInfo().getEndCursor(); @@ -407,7 +405,7 @@ private void ensureSubPages(List list) throws ExecutionExcepti count += vulnerability.getEdges().size(); max = vulnerability.getTotalCount(); after = vulnerability.getPageInfo().getEndCursor(); - sa.getVulnerabilities().addAllVulnerabilties(vulnerability.getEdges()); + sa.getVulnerabilities().addAllVulnerabilities(vulnerability.getEdges()); } } } @@ -425,9 +423,9 @@ private void ensureSubPages(List list) throws ExecutionExcepti */ private SecurityAdvisoryResponse fetch(Template template, String ghsaId, String after) throws InterruptedException, ExecutionException { - SecurityAdvisoryResponse results = null; + SecurityAdvisoryResponse results; try { - Map data = new HashMap(); + Map data = new HashMap<>(); data.put("ghsaId", ghsaId); data.put("after", after); Future future = query(template.execute(data)); diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/GitHubSecurityAdvisoryClientBuilder.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/GitHubSecurityAdvisoryClientBuilder.java index e940e130..699a084d 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/GitHubSecurityAdvisoryClientBuilder.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/GitHubSecurityAdvisoryClientBuilder.java @@ -23,7 +23,7 @@ /** * Used to build an GitHub SecurityAdvisory GraphQL API client. As the GitHubSecurityAdvisoryClient client is - * autoclosable the builder should be used in a try with resources: + * autocloseable the builder should be used in a try with resources: * * 
  * try (GitHubSecurityAdvisoryClient api = GitHubSecurityAdvisoryClientBuilder.aGitHubSecurityAdvisoryClient()
diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/GitHubSecurityAdvisoryException.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/GitHubSecurityAdvisoryException.java
index e7099fda..409b28db 100644
--- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/GitHubSecurityAdvisoryException.java
+++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/GitHubSecurityAdvisoryException.java
@@ -22,6 +22,11 @@
  * @author Jeremy Long
  */
 public class GitHubSecurityAdvisoryException extends RuntimeException {
+    /**
+     * Serialization version UID.
+     */
+    private static final long serialVersionUID = -6615518803518244886L;
+
     /**
      * Generate a new exception.
      *
diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Identifier.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Identifier.java
index ef938e62..82c879fb 100644
--- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Identifier.java
+++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Identifier.java
@@ -20,6 +20,7 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 
+import java.io.Serializable;
 import java.util.Objects;
 
 /**
@@ -31,8 +32,12 @@
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 @JsonPropertyOrder({"type", "value"})
-public class Identifier {
+public class Identifier implements Serializable {
 
+    /**
+     * Serialization version UID.
+     */
+    private static final long serialVersionUID = 2677992599612907844L;
     @JsonProperty("type")
     private String type;
 
diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Package.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Package.java
index 09bcb1ec..dbe8e961 100644
--- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Package.java
+++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Package.java
@@ -20,6 +20,7 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 
+import java.io.Serializable;
 import java.util.Objects;
 
 /**
@@ -31,8 +32,12 @@
  */
 @JsonIgnoreProperties(ignoreUnknown = true)
 @JsonPropertyOrder({"ecosystem", "name"})
-public class Package {
+public class Package implements Serializable {
 
+    /**
+     * Serialization version UID.
+     */
+    private static final long serialVersionUID = -2621050823818486600L;
     @JsonProperty("ecosystem")
     private String ecosystem;
 
diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/PackageVersion.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/PackageVersion.java
index ecebdd5f..55e95909 100644
--- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/PackageVersion.java
+++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/PackageVersion.java
@@ -20,6 +20,7 @@
 import com.fasterxml.jackson.annotation.JsonInclude.Include;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.io.Serializable;
 import java.util.Objects;
 
 /**
@@ -30,8 +31,12 @@
  *
*/ @JsonInclude(Include.NON_NULL) -public class PackageVersion { +public class PackageVersion implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = -4943323442084443993L; @JsonProperty("identifier") java.lang.String identifier; diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/PageInfo.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/PageInfo.java index fa26dd84..fcc9bc70 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/PageInfo.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/PageInfo.java @@ -19,6 +19,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; +import java.io.Serializable; import java.util.Objects; /** @@ -29,8 +30,12 @@ * */ @JsonIgnoreProperties(ignoreUnknown = true) -public class PageInfo { +public class PageInfo implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 3732350657963712960L; @JsonProperty("edgeshasNextPage") private boolean hasNextPage; diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/RateLimit.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/RateLimit.java index d1a27dca..98851574 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/RateLimit.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/RateLimit.java @@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; +import java.io.Serializable; import java.time.ZonedDateTime; import java.util.Objects; @@ -31,8 +32,12 @@ * */ @JsonIgnoreProperties(ignoreUnknown = true) -public class RateLimit { +public class RateLimit implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 1073162886358976399L; @JsonProperty("limit") private int limit; @@ -47,7 +52,7 @@ public class RateLimit { private ZonedDateTime resetAt;// : 2023-02-11T14:04:20Z /** - * The maximum number of points the client is permitted to consume in a 60 minute window. + * The maximum number of points the client is permitted to consume in a 60-minute window. * * @return the limit. */ diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Reference.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Reference.java index 960ca146..3fee9eff 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Reference.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Reference.java @@ -19,6 +19,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; +import java.io.Serializable; import java.util.Objects; /** @@ -29,8 +30,12 @@ * */ @JsonIgnoreProperties(ignoreUnknown = true) -public class Reference { +public class Reference implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 1985278256776999313L; @JsonProperty("url") private String url; diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SecurityAdvisories.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SecurityAdvisories.java index 2b4fee77..c0882e13 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SecurityAdvisories.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SecurityAdvisories.java @@ -20,12 +20,17 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; +import java.io.Serializable; import java.util.List; import java.util.Objects; @JsonIgnoreProperties(ignoreUnknown = true) -public class SecurityAdvisories { +public class SecurityAdvisories implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = -7829868528353680425L; @JsonProperty(value = "data", access = JsonProperty.Access.WRITE_ONLY) private Data data; @@ -115,7 +120,11 @@ public int hashCode() { * Internal data object. */ @JsonIgnoreProperties(ignoreUnknown = true) - static class Data { + static class Data implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 4441909076655785290L; @JsonProperty("rateLimit") private RateLimit rateLimit; @JsonProperty("securityAdvisories") @@ -147,8 +156,12 @@ public int hashCode() { * internal security advisories. */ @JsonIgnoreProperties(ignoreUnknown = true) - static class Advisories extends AbstractPageable { + static class Advisories extends AbstractPageable implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 9126577085167634044L; @JsonProperty("nodes") private List nodes; diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SecurityAdvisory.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SecurityAdvisory.java index 2983fdf5..d6456e67 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SecurityAdvisory.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SecurityAdvisory.java @@ -22,6 +22,7 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; +import java.io.Serializable; import java.time.ZonedDateTime; import java.util.List; import java.util.Objects; @@ -30,7 +31,12 @@ @JsonPropertyOrder({"databaseId", "description", "ghsaId", "id", "identifiers", "notificationsPermalink", "origin", "permalink", "publishedAt", "references", "severity", "summary", "updatedAt", "vulnerabilities", "classification", "cvss", "cwes", "withdrawnAt"}) -public class SecurityAdvisory { +public class SecurityAdvisory implements Serializable { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = -2165773800065764867L; @JsonProperty("databaseId") private int databaseId; diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SecurityAdvisoryResponse.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SecurityAdvisoryResponse.java index 25746a74..ff60bec9 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SecurityAdvisoryResponse.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SecurityAdvisoryResponse.java @@ -19,6 +19,7 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonProperty; +import java.io.Serializable; import java.util.List; import java.util.Objects; @@ -26,7 +27,12 @@ * Internal class used to gather additional vulnerabilities if a security advisory has more than 100 entries. */ @JsonIgnoreProperties(ignoreUnknown = true) -class SecurityAdvisoryResponse { +class SecurityAdvisoryResponse implements Serializable { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 8674460088378561016L; @JsonProperty("data") private Data data; @@ -76,7 +82,13 @@ public int hashCode() { * Internal data object. */ @JsonIgnoreProperties(ignoreUnknown = true) - static class Data { + static class Data implements Serializable { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 2397807130637898816L; + @JsonProperty("rateLimit") private RateLimit rateLimit; @JsonProperty("securityAdvisory") @@ -107,7 +119,12 @@ public int hashCode() { * internal security advisories. */ @JsonIgnoreProperties(ignoreUnknown = true) - static class SecurityAdvisories { + static class SecurityAdvisories implements Serializable { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 8768713070922340781L; @JsonProperty("nodes") private List nodes; diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SimpleFutureResponse.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SimpleFutureResponse.java index 2df9d11d..f0e30f1a 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SimpleFutureResponse.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/SimpleFutureResponse.java @@ -32,8 +32,6 @@ class SimpleFutureResponse implements FutureCallback { @Override public void completed(SimpleHttpResponse result) { - // String response = result.getBodyText(); - // log.debug("response::{}", response); } @Override diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Vulnerabilities.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Vulnerabilities.java index d70915d6..4b4ea84c 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Vulnerabilities.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Vulnerabilities.java @@ -21,11 +21,17 @@ import com.fasterxml.jackson.annotation.JsonProperty; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; +import java.io.Serializable; import java.util.List; import java.util.Objects; @JsonIgnoreProperties(ignoreUnknown = true) -public class Vulnerabilities extends AbstractPageable { +public class Vulnerabilities extends AbstractPageable implements Serializable { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 8316863821743858477L; @JsonProperty("edges") private List vulnerabilities; @@ -37,7 +43,7 @@ public List getEdges() { return vulnerabilities; } - boolean addAllVulnerabilties(List v) { + boolean addAllVulnerabilities(List v) { return vulnerabilities.addAll(v); } diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Vulnerability.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Vulnerability.java index e20a67dc..2565ba2c 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Vulnerability.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/ghsa/Vulnerability.java @@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.io.Serializable; import java.time.ZonedDateTime; import java.util.Objects; @@ -32,8 +33,12 @@ */ @JsonIgnoreProperties(ignoreUnknown = true) @JsonPropertyOrder({"severity", "updatedAt", "firstPatchedVersion", "vulnerableVersionRange", "package"}) -public class Vulnerability { +public class Vulnerability implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = -7379296334249178368L; @JsonProperty(value = "node", access = JsonProperty.Access.WRITE_ONLY) private VulnerabilityRecord node; @@ -203,7 +208,13 @@ public int hashCode() { * */ @JsonIgnoreProperties(ignoreUnknown = true) - static class VulnerabilityRecord { + static class VulnerabilityRecord implements Serializable { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = -3820979074950827855L; + @JsonProperty("firstPatchedVersion") private PackageVersion firstPatchedVersion; diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevCatalog.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevCatalog.java index 8807315c..b623a587 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevCatalog.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevCatalog.java @@ -21,11 +21,17 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; +import java.io.Serializable; import java.time.ZonedDateTime; import java.util.List; @JsonPropertyOrder({"cve", "epss", "percentile"}) -public class KevCatalog { +public class KevCatalog implements Serializable { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 3682701556631237639L; @JsonProperty("vulnerabilities") List vulnerabilities; @JsonProperty("title") diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevDataFeed.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevDataFeed.java index 5a9b05aa..7e6458c5 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevDataFeed.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevDataFeed.java @@ -41,7 +41,7 @@ public class KevDataFeed implements DataFeed { * Jackson object mapper. */ private final ObjectMapper objectMapper; - private String downloadUrl; + private final String downloadUrl; public KevDataFeed() { this(DEFAULT_LOCATION); @@ -58,14 +58,13 @@ public KevCatalog download() { HttpGet request = new HttpGet(downloadUrl); SystemDefaultRoutePlanner planner = new SystemDefaultRoutePlanner(ProxySelector.getDefault()); String json; - try (CloseableHttpClient client = HttpClientBuilder.create().setRoutePlanner(planner).build();) { + try (CloseableHttpClient client = HttpClientBuilder.create().setRoutePlanner(planner).build()) { json = client.execute(request, new BasicHttpClientResponseHandler()); } catch (IOException e) { throw new KevException("Unable to download the Known Exploitable Vulnerability Catalog", e); } try { - KevCatalog response = objectMapper.readValue(json, KevCatalog.class); - return response; + return objectMapper.readValue(json, KevCatalog.class); } catch (JsonProcessingException e) { throw new KevException("Failed to parse JSON starting with: \"" + json.substring(0, 100) + "\"", e); } diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevException.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevException.java index f7b829d7..9ed23031 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevException.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevException.java @@ -22,6 +22,12 @@ * @author Jeremy Long */ public class KevException extends RuntimeException { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 154565603317514766L; + /** * Generate a new exception. * diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevItem.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevItem.java index e8585d3f..a4f93321 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevItem.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/kev/KevItem.java @@ -21,6 +21,7 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; +import java.io.Serializable; import java.util.Date; /** @@ -28,7 +29,12 @@ */ @JsonPropertyOrder({"cveID", "vendorProject", "product", "vulnerabilityName", "dateAdded", "shortDescription", "requiredAction", "dueDate", "notes"}) -public class KevItem { +public class KevItem implements Serializable { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = -7179717694761725798L; @JsonProperty("cveID") private String cveID; @JsonProperty("vendorProject") diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Config.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Config.java index 761a221a..5de8fcd7 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Config.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Config.java @@ -23,6 +23,7 @@ import com.fasterxml.jackson.annotation.JsonValue; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; +import java.io.Serializable; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -30,8 +31,12 @@ @JsonInclude(JsonInclude.Include.NON_NULL) @JsonPropertyOrder({"operator", "negate", "nodes"}) -public class Config { +public class Config implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = -6652299014788641511L; @JsonProperty("operator") private Operator operator; @JsonProperty("negate") diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CpeMatch.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CpeMatch.java index 9064ba22..77003e04 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CpeMatch.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CpeMatch.java @@ -20,6 +20,7 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.io.Serializable; import java.util.Objects; /** @@ -28,8 +29,12 @@ @JsonInclude(JsonInclude.Include.NON_NULL) @JsonPropertyOrder({"vulnerable", "criteria", "versionStartExcluding", "versionStartIncluding", "versionEndExcluding", "versionEndIncluding", "matchCriteriaId"}) -public class CpeMatch { +public class CpeMatch implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = -7954886227420487016L; /** * (Required) */ diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CveApiJson20.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CveApiJson20.java index 40497099..8a6d073c 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CveApiJson20.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CveApiJson20.java @@ -23,6 +23,7 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; +import java.io.Serializable; import java.time.ZonedDateTime; import java.util.List; import java.util.Objects; @@ -33,7 +34,12 @@ @JsonInclude(JsonInclude.Include.NON_NULL) @JsonPropertyOrder({"resultsPerPage", "startIndex", "totalResults", "format", "version", "timestamp", "vulnerabilities"}) -public class CveApiJson20 { +public class CveApiJson20 implements Serializable { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = -7123674591462255117L; /** * (Required) */ diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CveItem.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CveItem.java index f4300aeb..1e4bdce4 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CveItem.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CveItem.java @@ -23,6 +23,7 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; +import java.io.Serializable; import java.time.LocalDate; import java.time.ZonedDateTime; import java.util.List; @@ -33,8 +34,12 @@ "evaluatorSolution", "evaluatorImpact", "cisaExploitAdd", "cisaActionDue", "cisaRequiredAction", "cisaVulnerabilityName", "descriptions", "vendorComments", "metrics", "weaknesses", "configurations", "references"}) -public class CveItem { +public class CveItem implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = -3429894394769351686L; @JsonProperty("id") private String id; @JsonProperty("sourceIdentifier") diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV2.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV2.java index 5f477fbe..8063edee 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV2.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV2.java @@ -23,6 +23,7 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.annotation.JsonValue; +import java.io.Serializable; import java.util.HashMap; import java.util.Map; import java.util.Objects; @@ -30,7 +31,12 @@ @JsonInclude(JsonInclude.Include.NON_NULL) @JsonPropertyOrder({"source", "type", "cvssData", "baseSeverity", "exploitabilityScore", "impactScore", "acInsufInfo", "obtainAllPrivilege", "obtainUserPrivilege", "obtainOtherPrivilege", "userInteractionRequired"}) -public class CvssV2 { +public class CvssV2 implements Serializable { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 7595837336051753457L; public CvssV2() { } diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV2Data.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV2Data.java index 1346903d..fa77253f 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV2Data.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV2Data.java @@ -23,6 +23,7 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.annotation.JsonValue; +import java.io.Serializable; import java.util.HashMap; import java.util.Map; import java.util.Objects; @@ -35,7 +36,13 @@ "confidentialityImpact", "integrityImpact", "availabilityImpact", "baseScore", "exploitability", "remediationLevel", "reportConfidence", "temporalScore", "collateralDamagePotential", "targetDistribution", "confidentialityRequirement", "integrityRequirement", "availabilityRequirement", "environmentalScore"}) -public class CvssV2Data { +public class CvssV2Data implements Serializable { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = -3488320581980953116L; + public CvssV2Data() { } diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV3.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV3.java index c4a26765..a8d6b96b 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV3.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV3.java @@ -23,13 +23,20 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.annotation.JsonValue; +import java.io.Serializable; import java.util.HashMap; import java.util.Map; import java.util.Objects; @JsonInclude(JsonInclude.Include.NON_NULL) @JsonPropertyOrder({"source", "type", "cvssData", "exploitabilityScore", "impactScore"}) -public class CvssV3 { +public class CvssV3 implements Serializable { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 3239377501678853019L; + public CvssV3() { } @@ -151,55 +158,55 @@ public String toString() { } if (cvssData.getRemediationLevel() != null && cvssData.getRemediationLevel() != CvssV3Data.RemediationLevelType.NOT_DEFINED) { - sb.append("/RL:").append(cvssData.getRemediationLevel().value().substring(0, 1)); + sb.append("/RL:").append(cvssData.getRemediationLevel().value().charAt(0)); } if (cvssData.getReportConfidence() != null && cvssData.getReportConfidence() != CvssV3Data.ConfidenceType.NOT_DEFINED) { - sb.append("/RC:").append(cvssData.getReportConfidence().value().substring(0, 1)); + sb.append("/RC:").append(cvssData.getReportConfidence().value().charAt(0)); } if (cvssData.getConfidentialityRequirement() != null && cvssData.getConfidentialityRequirement() != CvssV3Data.CiaRequirementType.NOT_DEFINED) { - sb.append("/CR:").append(cvssData.getConfidentialityRequirement().value().substring(0, 1)); + sb.append("/CR:").append(cvssData.getConfidentialityRequirement().value().charAt(0)); } if (cvssData.getIntegrityRequirement() != null && cvssData.getIntegrityRequirement() != CvssV3Data.CiaRequirementType.NOT_DEFINED) { - sb.append("/IR:").append(cvssData.getIntegrityRequirement().value().substring(0, 1)); + sb.append("/IR:").append(cvssData.getIntegrityRequirement().value().charAt(0)); } if (cvssData.getAvailabilityRequirement() != null && cvssData.getAvailabilityRequirement() != CvssV3Data.CiaRequirementType.NOT_DEFINED) { - sb.append("/AR:").append(cvssData.getAvailabilityRequirement().value().substring(0, 1)); + sb.append("/AR:").append(cvssData.getAvailabilityRequirement().value().charAt(0)); } if (cvssData.getModifiedAttackVector() != null && cvssData.getModifiedAttackVector() != CvssV3Data.ModifiedAttackVectorType.NOT_DEFINED) { - sb.append("/MAV:").append(cvssData.getModifiedAttackVector().value().substring(0, 1)); + sb.append("/MAV:").append(cvssData.getModifiedAttackVector().value().charAt(0)); } if (cvssData.getModifiedAttackComplexity() != null && cvssData.getModifiedAttackComplexity() != CvssV3Data.ModifiedAttackComplexityType.NOT_DEFINED) { - sb.append("/MAC:").append(cvssData.getModifiedAttackComplexity().value().substring(0, 1)); + sb.append("/MAC:").append(cvssData.getModifiedAttackComplexity().value().charAt(0)); } if (cvssData.getModifiedPrivilegesRequired() != null && cvssData.getModifiedPrivilegesRequired() != CvssV3Data.ModifiedPrivilegesRequiredType.NOT_DEFINED) { - sb.append("/MPR:").append(cvssData.getModifiedPrivilegesRequired().value().substring(0, 1)); + sb.append("/MPR:").append(cvssData.getModifiedPrivilegesRequired().value().charAt(0)); } if (cvssData.getModifiedUserInteraction() != null && cvssData.getModifiedUserInteraction() != CvssV3Data.ModifiedUserInteractionType.NOT_DEFINED) { - sb.append("/MUI:").append(cvssData.getModifiedUserInteraction().value().substring(0, 1)); + sb.append("/MUI:").append(cvssData.getModifiedUserInteraction().value().charAt(0)); } if (cvssData.getModifiedScope() != null && cvssData.getModifiedScope() != CvssV3Data.ModifiedScopeType.NOT_DEFINED) { - sb.append("/MS:").append(cvssData.getModifiedScope().value().substring(0, 1)); + sb.append("/MS:").append(cvssData.getModifiedScope().value().charAt(0)); } if (cvssData.getModifiedConfidentialityImpact() != null && cvssData.getModifiedConfidentialityImpact() != CvssV3Data.ModifiedCiaType.NOT_DEFINED) { - sb.append("/MC:").append(cvssData.getModifiedConfidentialityImpact().value().substring(0, 1)); + sb.append("/MC:").append(cvssData.getModifiedConfidentialityImpact().value().charAt(0)); } if (cvssData.getModifiedIntegrityImpact() != null && cvssData.getModifiedIntegrityImpact() != CvssV3Data.ModifiedCiaType.NOT_DEFINED) { - sb.append("/MI:").append(cvssData.getModifiedIntegrityImpact().value().substring(0, 1)); + sb.append("/MI:").append(cvssData.getModifiedIntegrityImpact().value().charAt(0)); } if (cvssData.getModifiedAvailabilityImpact() != null && cvssData.getModifiedAvailabilityImpact() != CvssV3Data.ModifiedCiaType.NOT_DEFINED) { - sb.append("/MA:").append(cvssData.getModifiedAvailabilityImpact().value().substring(0, 1)); + sb.append("/MA:").append(cvssData.getModifiedAvailabilityImpact().value().charAt(0)); } return sb.toString(); } diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV3Data.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV3Data.java index 24898f33..33e2b1a8 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV3Data.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/CvssV3Data.java @@ -23,6 +23,7 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import com.fasterxml.jackson.annotation.JsonValue; +import java.io.Serializable; import java.util.HashMap; import java.util.Map; import java.util.Objects; @@ -38,7 +39,13 @@ "modifiedAttackVector", "modifiedAttackComplexity", "modifiedPrivilegesRequired", "modifiedUserInteraction", "modifiedScope", "modifiedConfidentialityImpact", "modifiedIntegrityImpact", "modifiedAvailabilityImpact", "environmentalScore", "environmentalSeverity"}) -public class CvssV3Data { +public class CvssV3Data implements Serializable { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 8537782209754450697L; + public CvssV3Data() { } diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/DefCveItem.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/DefCveItem.java index f296882b..da2af45b 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/DefCveItem.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/DefCveItem.java @@ -20,12 +20,17 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.io.Serializable; import java.util.Objects; @JsonInclude(JsonInclude.Include.NON_NULL) @JsonPropertyOrder({"cve"}) -public class DefCveItem { +public class DefCveItem implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 8372992609837009849L; /** * (Required) */ diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/LangString.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/LangString.java index 6a81b0e6..1004d19c 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/LangString.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/LangString.java @@ -20,12 +20,17 @@ import com.fasterxml.jackson.annotation.JsonProperty; import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import java.io.Serializable; import java.util.Objects; @JsonInclude(JsonInclude.Include.NON_NULL) @JsonPropertyOrder({"lang", "value"}) -public class LangString { +public class LangString implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 691162195898166591L; /** * (Required) */ diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Metrics.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Metrics.java index 08c3f2d4..80fe99cf 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Metrics.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Metrics.java @@ -22,6 +22,7 @@ import com.fasterxml.jackson.annotation.JsonPropertyOrder; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; +import java.io.Serializable; import java.util.List; import java.util.Objects; @@ -30,8 +31,12 @@ */ @JsonInclude(JsonInclude.Include.NON_NULL) @JsonPropertyOrder({"cvssMetricV31", "cvssMetricV30", "cvssMetricV2"}) -public class Metrics { +public class Metrics implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 2506888424662802743L; /** * CVSS V3.1 score. */ diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Node.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Node.java index 8e0b9531..b6038feb 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Node.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Node.java @@ -23,6 +23,7 @@ import com.fasterxml.jackson.annotation.JsonValue; import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; +import java.io.Serializable; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -33,8 +34,12 @@ */ @JsonInclude(JsonInclude.Include.NON_NULL) @JsonPropertyOrder({"operator", "negate", "cpeMatch"}) -public class Node { +public class Node implements Serializable { + /** + * Serialization version UID. + */ + private static final long serialVersionUID = 3573822908057141798L; /** * (Required) */ diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdApiException.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdApiException.java index 0f3d03f0..5af1ea43 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdApiException.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdApiException.java @@ -22,6 +22,12 @@ * @author Jeremy Long */ public class NvdApiException extends RuntimeException { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = -6730557637335641024L; + /** * Generate a new exception. * diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdApiRetryExceededException.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdApiRetryExceededException.java index 38b24478..d5bcba70 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdApiRetryExceededException.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdApiRetryExceededException.java @@ -22,6 +22,12 @@ * @author Jeremy Long */ public class NvdApiRetryExceededException extends RuntimeException { + + /** + * Serialization version UID. + */ + private static final long serialVersionUID = -8352647741306381271L; + /** * Generate a new exception. * diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java index c754e367..0807b78a 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClient.java @@ -82,10 +82,6 @@ public class NvdCveClient implements PagedDataSource { */ private final ObjectMapper objectMapper; - /** - * The rate meter to limit traffic to the NVD API. - */ - private RateMeter meter; /** * The rate limited HTTP client for calling the NVD APIs. */ @@ -93,12 +89,12 @@ public class NvdCveClient implements PagedDataSource { /** * The list of future responses. */ - private List> futures = new ArrayList<>(); + private final List> futures = new ArrayList<>(); /** * The map of indexes to retrieve from the NVD and their retry count. This is used to retry when failures have * occurred on a single index. */ - private Map indexesToRetrieve = new HashMap<>(); + private final Map indexesToRetrieve = new HashMap<>(); /** * Flag indicating if the first call has been made. */ @@ -114,7 +110,7 @@ public class NvdCveClient implements PagedDataSource { /** * The maximum number of pages to retrieve from the NVD API. */ - private int maxPageCount; + private final int maxPageCount; /** * A list of filters to apply to the request. */ @@ -160,12 +156,14 @@ public class NvdCveClient implements PagedDataSource { threadCount = 1; } this.maxPageCount = maxPageCount; - // configure the rate limit slightly higher then the published limits: + // configure the rate limit slightly higher than the published limits: // https://nvd.nist.gov/developers/start-here (see Rate Limits) + + RateMeter meter; if (apiKey == null) { if (threadCount > 1) { LOG.warn( - "No api key provided; as such the thread count has been reset to 1 instead of the requestsed {}", + "No api key provided; as such the thread count has been reset to 1 instead of the requested {}", threadCount); threadCount = 1; } @@ -274,7 +272,7 @@ public boolean hasNext() { return true; } if (futures.isEmpty() && !indexesToRetrieve.isEmpty()) { - queueUnsuccesful(); + queueUnsuccessful(); } return !futures.isEmpty(); } @@ -292,8 +290,8 @@ public Collection next() { if (firstCall) { futures.add(callApi(0, 0)); } - String json = ""; - RateLimitedCall call = null; + String json; + RateLimitedCall call; try { call = getCompletedFuture(); SimpleHttpResponse response = call.getResponse(); @@ -311,9 +309,6 @@ public Collection next() { this.indexesToRetrieve.remove(call.getStartIndex()); } catch (JsonProcessingException e) { return next(); - // throw new NvdApiException("Failed to parse JSON starting with: \"" + json.substring(0, 100) + - // "\"", - // e); } this.totalAvailable = current.getTotalResults(); lastUpdated = findLastUpdated(lastUpdated, current.getVulnerabilities()); @@ -322,7 +317,7 @@ public Collection next() { queueCalls(); } if (futures.isEmpty() && !indexesToRetrieve.isEmpty()) { - queueUnsuccesful(); + queueUnsuccessful(); } return current.getVulnerabilities(); } else { @@ -386,15 +381,16 @@ private RateLimitedCall getCompletedFuture() throws InterruptedException, Execut return null; } - private void queueUnsuccesful() { + private void queueUnsuccessful() { int clientIndex = 0; for (Map.Entry i : indexesToRetrieve.entrySet()) { if (i.getValue() > 5) { throw new NvdApiRetryExceededException("NVD Update Failed: attempted to retrieve starting index " + i.getKey() + " from the NVD unsuccessfully five times."); } - i.setValue(i.getValue().intValue() + 1); + i.setValue(i.getValue() + 1); futures.add(callApi(clientIndex, i.getKey())); + clientIndex += 1; if (clientIndex >= clients.size()) { clientIndex = 0; } diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClientBuilder.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClientBuilder.java index 8c965283..c631e11d 100644 --- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClientBuilder.java +++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/NvdCveClientBuilder.java @@ -27,7 +27,7 @@ import java.util.List; /** - * Used to build an NVD CVE API client. As the NvdCveClient client is autoclosable the builder should be used in a try + * Used to build an NVD CVE API client. As the NvdCveClient client is autocloseable the builder should be used in a try * with resources: * * 
@@ -344,7 +344,7 @@ public enum VersionType {
      */
     public enum Filter {
         /**
-         * Returns the vulnerabilties associated with a specific CPE.
+         * Returns the vulnerabilities associated with a specific CPE.
          *
          * 
          * cpeName=cpe:2.3:a:apache:log4j:2.0:*:*:*:*:*:*:*
@@ -404,7 +404,7 @@ public enum Filter {
          */
         KEYWORD_EXACT_MATCH,
         /**
-         * Returns vulnerabilities where all of the keywords are in the description.
+         * Returns vulnerabilities where all the keywords are in the description.
          *
          * 
          * keywordSearch = words
diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/RateLimitedCall.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/RateLimitedCall.java
index c56c0276..effaee41 100644
--- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/RateLimitedCall.java
+++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/RateLimitedCall.java
@@ -20,9 +20,9 @@
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 
 public class RateLimitedCall {
-    private SimpleHttpResponse response;
-    private int clientIndex;
-    private int startIndex;
+    private final SimpleHttpResponse response;
+    private final int clientIndex;
+    private final int startIndex;
 
     @SuppressFBWarnings(value = {"EI_EXPOSE_REP",
             "EI_EXPOSE_REP2"}, justification = "I prefer to suppress these FindBugs warnings")
diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/RateLimitedClient.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/RateLimitedClient.java
index cbe7b8a9..cfa61630 100644
--- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/RateLimitedClient.java
+++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/RateLimitedClient.java
@@ -20,18 +20,11 @@
 import org.apache.hc.client5.http.async.methods.SimpleHttpResponse;
 import org.apache.hc.client5.http.impl.async.CloseableHttpAsyncClient;
 import org.apache.hc.client5.http.impl.async.HttpAsyncClients;
-import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManager;
-import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
 import org.apache.hc.client5.http.impl.routing.SystemDefaultRoutePlanner;
-import org.apache.hc.client5.http.ssl.ClientTlsStrategyBuilder;
 import org.apache.hc.core5.concurrent.FutureCallback;
-import org.apache.hc.core5.function.Factory;
-import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
-import org.apache.hc.core5.reactor.ssl.TlsDetails;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.net.ssl.SSLEngine;
 import java.net.ProxySelector;
 import java.time.LocalTime;
 import java.time.ZonedDateTime;
@@ -51,9 +44,9 @@
  * The two mechanisms may appear redundant - but each have its purpose in making the calls as fast as can be done while
  * being kind to the endpoint. If one is calling an endpoint, such as the NVD vulnerability API which is limited to 5
  * calls in 30 seconds without an API Key, to retrieve 4 page of data as quickly as possible you could set a smaller
- * delay and still keep the Rate Meter to limit to 5 calls per 30 secnods. However, if you are retrieiving a large
- * number of pages you would want the delay to be slightly under the time period divided by the allowed number of calls
- * (e.g., if we allowed 5 calls over 30 seconds we would use 30/5=6 seconds).
+ * delay and still keep the Rate Meter to limit to 5 calls per 30 seconds. However, if you are retrieving a large number
+ * of pages you would want the delay to be slightly under the time period divided by the allowed number of calls (e.g.,
+ * if we allowed 5 calls over 30 seconds we would use 30/5=6 seconds).
  */
 class RateLimitedClient implements AutoCloseable {
 
@@ -66,7 +59,7 @@ class RateLimitedClient implements AutoCloseable {
      */
     private final CloseableHttpAsyncClient client;
     /**
-     * Executor service for asynch implementation.
+     * Executor service for async implementation.
      */
     private final ExecutorService executor = Executors.newSingleThreadExecutor();
     /**
@@ -76,11 +69,11 @@ class RateLimitedClient implements AutoCloseable {
     /**
      * The minimum delay in milliseconds between API calls.
      */
-    private long delay = 0;
+    private long delay;
     /**
      * Rate limiting meter.
      */
-    private RateMeter meter;
+    private final RateMeter meter;
 
     /**
      * Construct a rate limited client without a delay or limiters.
@@ -156,9 +149,7 @@ void setDelay(long milliseconds) {
      * @return the future response
      */
     Future execute(SimpleHttpRequest request, int clientIndex, int startIndex) {
-        return executor.submit(() -> {
-            return delayedExecute(request, clientIndex, startIndex);
-        });
+        return executor.submit(() -> delayedExecute(request, clientIndex, startIndex));
     }
 
     /**
@@ -201,7 +192,7 @@ private RateLimitedCall delayedExecute(SimpleHttpRequest request, int clientInde
     /**
      * Future response.
      */
-    class SimpleFutureResponse implements FutureCallback {
+    static class SimpleFutureResponse implements FutureCallback {
         /**
          * Reference to the logger.
          */
@@ -209,8 +200,6 @@ class SimpleFutureResponse implements FutureCallback {
 
         @Override
         public void completed(SimpleHttpResponse result) {
-            // String response = result.getBodyText();
-            // log.debug("response::{}", response);
         }
 
         @Override
diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Reference.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Reference.java
index bc47112e..136ff9e8 100644
--- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Reference.java
+++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Reference.java
@@ -21,13 +21,18 @@
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 
+import java.io.Serializable;
 import java.util.List;
 import java.util.Objects;
 
 @JsonInclude(JsonInclude.Include.NON_NULL)
 @JsonPropertyOrder({"url", "source", "tags"})
-public class Reference {
+public class Reference implements Serializable {
 
+    /**
+     * Serialization version UID.
+     */
+    private static final long serialVersionUID = -224192309845772254L;
     /**
      * (Required)
      */
diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/VendorComment.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/VendorComment.java
index dcd0db85..0d041c48 100644
--- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/VendorComment.java
+++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/VendorComment.java
@@ -21,13 +21,18 @@
 import com.fasterxml.jackson.annotation.JsonProperty;
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 
+import java.io.Serializable;
 import java.time.ZonedDateTime;
 import java.util.Objects;
 
 @JsonInclude(JsonInclude.Include.NON_NULL)
 @JsonPropertyOrder({"organization", "comment", "lastModified"})
-public class VendorComment {
+public class VendorComment implements Serializable {
 
+    /**
+     * Serialization version UID.
+     */
+    private static final long serialVersionUID = -5866678952379674377L;
     /**
      * (Required)
      */
@@ -42,8 +47,8 @@ public class VendorComment {
      * (Required)
      */
     @JsonProperty("lastModified")
-    // the below format is a hack work around due to some poorly formated dates in the NVD data, the getter corrects the
-    // serizlized format
+    // the below format is a hack/workaround due to some poorly formatted dates in the NVD data, the getter corrects the
+    // serialized format
     @JsonFormat(pattern = "uuuu-MM-dd'T'HH:mm:ss[.[SSSSSSSSS][SSSSSSSS][SSSSSSS][SSSSSS][SSSSS][SSSS][SSS][SS][S]]", timezone = "UTC")
     private ZonedDateTime lastModified;
 
diff --git a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Weakness.java b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Weakness.java
index 220fcb06..532950f9 100644
--- a/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Weakness.java
+++ b/open-vulnerability-clients/src/main/java/io/github/jeremylong/openvulnerability/client/nvd/Weakness.java
@@ -21,13 +21,18 @@
 import com.fasterxml.jackson.annotation.JsonPropertyOrder;
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 
+import java.io.Serializable;
 import java.util.List;
 import java.util.Objects;
 
 @JsonInclude(JsonInclude.Include.NON_NULL)
 @JsonPropertyOrder({"source", "type", "description"})
-public class Weakness {
+public class Weakness implements Serializable {
 
+    /**
+     * Serialization version UID.
+     */
+    private static final long serialVersionUID = -6330752220797574809L;
     /**
      * (Required)
      */
diff --git a/vulnz/README.md b/vulnz/README.md
index 5d33d61b..f5b3d4fa 100644
--- a/vulnz/README.md
+++ b/vulnz/README.md
@@ -54,7 +54,7 @@ export JAVA_OPTS="-Xmx2g"
 Alternatively, run the CLI using the `-Xmx2g` argument:
 
 ```bash
-java -Xmx2g -jar ./vulnz-5.0.0.jar
+java -Xmx2g -jar ./vulnz-5.0.1.jar
 ```
 
 ### Creating the Cache
@@ -71,7 +71,7 @@ for file in *.json; do gzip -k "${file}"; done
 Alternatively, without using the above install command:
 
 ```bash
-./vulnz-5.0.0.jar cve --cache --directory ./cache
+./vulnz-5.0.1.jar cve --cache --directory ./cache
 cd cache
 for file in *.json; do gzip -k "${file}"; done 
 ```