View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2019 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.dependency.naming;
19  
20  import com.github.packageurl.MalformedPackageURLException;
21  import org.apache.commons.lang3.builder.CompareToBuilder;
22  import org.jetbrains.annotations.NotNull;
23  import org.owasp.dependencycheck.dependency.Confidence;
24  import com.github.packageurl.PackageURL;
25  import com.github.packageurl.PackageURLBuilder;
26  import org.apache.commons.lang3.builder.EqualsBuilder;
27  import org.apache.commons.lang3.builder.HashCodeBuilder;
28  
29  /**
30   * The Package-URL Identifier implementation.
31   *
32   * @author Jeremy Long
33   */
34  public class PurlIdentifier implements Identifier {
35  
36      /**
37       * The serial version UID for serialization.
38       */
39      private static final long serialVersionUID = 8371122848306175579L;
40  
41      /**
42       * The PackageURL identifier.
43       */
44      private final PackageURL purl;
45      /**
46       * The confidence that this is the correct identifier.
47       */
48      private Confidence confidence;
49      /**
50       * The URL for the identifier.
51       */
52      private String url;
53      /**
54       * Notes about the vulnerability. Generally used for suppression
55       * information.
56       */
57      private String notes;
58  
59      /**
60       * Constructs a new Package-URL identifier.
61       *
62       * @param purl the Package-URL object
63       * @param confidence the confidence that the identifier is correct for the
64       * given dependency
65       */
66      public PurlIdentifier(PackageURL purl, Confidence confidence) {
67          this.purl = purl;
68          this.confidence = confidence;
69          this.url = null;
70      }
71  
72      /**
73       * Constructs a new Package-URL identifier.
74       *
75       * @param purl the Package-URL object
76       * @param url the URL for the identifier
77       * @param confidence the confidence that the identifier is correct for the
78       * given dependency
79       */
80      public PurlIdentifier(PackageURL purl, String url, Confidence confidence) {
81          this.purl = purl;
82          this.confidence = confidence;
83          this.url = url;
84      }
85  
86      /**
87       * Constructs a new Package-URL identifier.
88       *
89       * @param type the type of package-URL
90       * @param name the name
91       * @param version the version
92       * @param confidence the confidence that the identifier is correct for the
93       * given dependency
94       * @throws MalformedPackageURLException thrown if the type, name space,
95       * name, and version cannot be converted into a package-URL
96       */
97      public PurlIdentifier(String type, String name, String version, Confidence confidence) throws MalformedPackageURLException {
98          this.purl = PackageURLBuilder.aPackageURL().withType(type).withName(name)
99                  .withVersion(version).build();
100         this.confidence = confidence;
101     }
102 
103     /**
104      * Constructs a new Package-URL identifier.
105      *
106      * @param type the type of package-URL
107      * @param namespace the name space
108      * @param name the name
109      * @param version the version
110      * @param confidence the confidence that the identifier is correct for the
111      * given dependency
112      * @throws MalformedPackageURLException thrown if the type, name space,
113      * name, and version cannot be converted into a package-URL
114      */
115     public PurlIdentifier(String type, String namespace, String name, String version, Confidence confidence) throws MalformedPackageURLException {
116         this.purl = PackageURLBuilder.aPackageURL().withType(type).withNamespace(namespace).withName(name)
117                 .withVersion(version).build();
118         this.confidence = confidence;
119     }
120 
121     @Override
122     public Confidence getConfidence() {
123         return confidence;
124     }
125 
126     @Override
127     public String getNotes() {
128         return notes;
129     }
130 
131     @Override
132     public String getUrl() {
133         return url;
134     }
135 
136     /**
137      * {@inheritDoc}
138      */
139     @Override
140     public void setConfidence(Confidence confidence) {
141         this.confidence = confidence;
142     }
143 
144     /**
145      * {@inheritDoc}
146      */
147     @Override
148     public void setUrl(String url) {
149         this.url = url;
150     }
151 
152     @Override
153     public void setNotes(String notes) {
154         this.notes = notes;
155     }
156 
157     /**
158      * Returns the CPE 2.3 formatted string.
159      *
160      * @return the CPE 2.3 formatted string
161      */
162     @Override
163     public String toString() {
164         return purl.canonicalize();
165     }
166 
167     @Override
168     public String getValue() {
169         return purl.canonicalize();
170     }
171 
172     /**
173      * Returns the Package URL name space.
174      *
175      * @return the Package URL name space
176      */
177     public String getNamespace() {
178         return purl.getNamespace();
179     }
180 
181     /**
182      * Returns the Package URL name.
183      *
184      * @see com.github.packageurl.PackageURL#getName()
185      * @return the Package URL name.
186      */
187     public String getName() {
188         return purl.getName();
189     }
190 
191     /**
192      * Returns the Package URL version.
193      *
194      * @see com.github.packageurl.PackageURL#getVersion()
195      * @return the Package URL name.
196      */
197     public String getVersion() {
198         return purl.getVersion();
199     }
200 
201     /**
202      * Returns the GAV representation of the Package URL as utilized in gradle
203      * builds.
204      *
205      * @return the GAV representation of the Package URL
206      */
207     public String toGav() {
208         if (purl.getNamespace() != null && purl.getVersion() != null) {
209             return String.format("%s:%s:%s", purl.getNamespace(), purl.getName(), purl.getVersion());
210         }
211         return null;
212     }
213 
214     @Override
215     public int compareTo(@NotNull Identifier o) {
216         if (o instanceof PurlIdentifier) {
217             final PurlIdentifier other = (PurlIdentifier) o;
218             return new CompareToBuilder()
219                     //todo update package url implementation to implement compare..
220                     .append(this.purl.canonicalize(), other.purl.canonicalize())
221                     .append(this.url, other.getUrl())
222                     .append(this.confidence, other.getConfidence())
223                     .toComparison();
224 
225         }
226         return new CompareToBuilder()
227                 .append(this.toString(), o.toString())
228                 .append(this.url, o.getUrl())
229                 .append(this.confidence, o.getConfidence())
230                 .toComparison();
231     }
232 
233     @Override
234     public int hashCode() {
235         return new HashCodeBuilder(93, 187)
236                 .append(this.purl)
237                 .append(this.confidence)
238                 .append(this.url)
239                 .append(this.notes)
240                 .toHashCode();
241     }
242 
243     @Override
244     public boolean equals(Object obj) {
245         if (obj == null || !(obj instanceof PurlIdentifier)) {
246             return false;
247         }
248         if (this == obj) {
249             return true;
250         }
251         final PurlIdentifier other = (PurlIdentifier) obj;
252         return new EqualsBuilder().append(purl, other.purl)
253                 .append(this.confidence, other.confidence)
254                 .append(this.url, other.url)
255                 .append(this.notes, other.notes)
256                 .isEquals();
257     }
258 }