From be3ec96d7b257b6c26e5f1b24febf5aef8ddda68 Mon Sep 17 00:00:00 2001 From: jan-vcapgemini Date: Thu, 22 Feb 2024 16:06:20 +0100 Subject: [PATCH] #103: some fixes fixed pom versions applied reformat --- cli/pom.xml | 2 - pom.xml | 17 +++++++ security/pom.xml | 51 ++++++++++++------- .../security/BuildSecurityJsonFiles.java | 30 ++++++----- 4 files changed, 65 insertions(+), 35 deletions(-) diff --git a/cli/pom.xml b/cli/pom.xml index 384dd94ab..03f342f93 100644 --- a/cli/pom.xml +++ b/cli/pom.xml @@ -58,12 +58,10 @@ org.slf4j slf4j-api - 2.0.3 ch.qos.logback logback-classic - 1.4.7 diff --git a/pom.xml b/pom.xml index 530986062..7322df841 100644 --- a/pom.xml +++ b/pom.xml @@ -20,15 +20,32 @@ IDEasy ${revision} 9.0.9 + 2.0.3 + 1.4.7 + + org.slf4j + slf4j-api + ${slf4j.version} + + + ch.qos.logback + logback-classic + ${logback.version} + org.owasp dependency-check-core ${owasp.version} + + com.devonfw.tools.IDEasy + ide-cli + ${revision} + diff --git a/security/pom.xml b/security/pom.xml index 70a25f8b1..7fbd5ee29 100644 --- a/security/pom.xml +++ b/security/pom.xml @@ -2,25 +2,38 @@ - 4.0.0 - - com.devonfw.tools.IDEasy.dev - ide - dev-SNAPSHOT - - - ide-security + 4.0.0 + + com.devonfw.tools.IDEasy.dev + ide + dev-SNAPSHOT + - - - - org.owasp - dependency-check-core - - - com.devonfw.tools.IDEasy - ide-cli - - + ide-security + + + 17 + + + + + + org.slf4j + slf4j-api + + + ch.qos.logback + logback-classic + + + org.owasp + dependency-check-core + + + com.devonfw.tools.IDEasy + ide-cli + compile + + \ No newline at end of file diff --git a/security/src/main/java/com/devonfw/tools/security/BuildSecurityJsonFiles.java b/security/src/main/java/com/devonfw/tools/security/BuildSecurityJsonFiles.java index 868eae377..5640adf4a 100644 --- a/security/src/main/java/com/devonfw/tools/security/BuildSecurityJsonFiles.java +++ b/security/src/main/java/com/devonfw/tools/security/BuildSecurityJsonFiles.java @@ -12,19 +12,6 @@ import java.util.Set; import java.util.stream.Collectors; -import com.devonfw.tools.ide.context.AbstractIdeContext; -import com.devonfw.tools.ide.context.IdeContext; -import com.devonfw.tools.ide.context.IdeContextConsole; -import com.devonfw.tools.ide.log.IdeLogLevel; -import com.devonfw.tools.ide.url.model.file.UrlSecurityJsonFile; -import com.devonfw.tools.ide.url.model.file.json.UrlSecurityWarning; -import com.devonfw.tools.ide.url.model.folder.UrlVersion; -import com.devonfw.tools.ide.url.updater.AbstractUrlUpdater; -import com.devonfw.tools.ide.url.updater.UpdateManager; -import com.devonfw.tools.ide.util.MapUtil; -import com.devonfw.tools.ide.version.BoundaryType; -import com.devonfw.tools.ide.version.VersionIdentifier; -import com.devonfw.tools.ide.version.VersionRange; import org.owasp.dependencycheck.Engine; import org.owasp.dependencycheck.analyzer.AbstractAnalyzer; import org.owasp.dependencycheck.analyzer.AnalysisPhase; @@ -55,6 +42,20 @@ import org.owasp.dependencycheck.utils.Pair; import org.owasp.dependencycheck.utils.Settings; +import com.devonfw.tools.ide.context.AbstractIdeContext; +import com.devonfw.tools.ide.context.IdeContext; +import com.devonfw.tools.ide.context.IdeContextConsole; +import com.devonfw.tools.ide.log.IdeLogLevel; +import com.devonfw.tools.ide.url.model.file.UrlSecurityJsonFile; +import com.devonfw.tools.ide.url.model.file.json.UrlSecurityWarning; +import com.devonfw.tools.ide.url.model.folder.UrlVersion; +import com.devonfw.tools.ide.url.updater.AbstractUrlUpdater; +import com.devonfw.tools.ide.url.updater.UpdateManager; +import com.devonfw.tools.ide.util.MapUtil; +import com.devonfw.tools.ide.version.BoundaryType; +import com.devonfw.tools.ide.version.VersionIdentifier; +import com.devonfw.tools.ide.version.VersionRange; + /** * This class is used to build the {@link UrlSecurityJsonFile} files for IDEasy. It scans the * {@link AbstractIdeContext#getUrlsPath() ide-url} folder for all tools, editions and versions and checks for @@ -85,6 +86,7 @@ public class BuildSecurityJsonFiles { private static BigDecimal minV3Severity = new BigDecimal("0.0"); private static final Set actuallyIgnoredCves = new HashSet<>(); + private static final IdeContext context = new IdeContextConsole(IdeLogLevel.INFO, null, false);; /** @@ -342,7 +344,7 @@ private static String getUrlVersion(String cpeVersion, Map cpeTo String urlVersion = null; if (cpeVersion != null) { - if (cpeToUrlVersion!= null && cpeToUrlVersion.containsKey(cpeVersion)) { + if (cpeToUrlVersion != null && cpeToUrlVersion.containsKey(cpeVersion)) { urlVersion = cpeToUrlVersion.get(cpeVersion); } else { urlVersion = urlUpdater.mapCpeVersionToUrlVersion(cpeVersion);