Update vulnerabilities to use new Tool specification #438
Conversation
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferencesCodacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more |
src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java
Outdated
Show resolved
Hide resolved
src/main/java/org/cyclonedx/util/deserializer/VulnerabilityDeserializer.java
Show resolved
Hide resolved
| vulnerability.setProperties(properties); | ||
| } | ||
|
|
||
| if (node.has("tools")) { |
There was a problem hiding this comment.
what if it's an older version and has only the toolChoice?
There was a problem hiding this comment.
what if it's an older version and has only the toolChoice?
Looking at the docs, both the new and deprecated field has the same name Tools. Also the xsd only defines Tools not Tools and ToolChoice.
However looking at the docs, the field is of type Object, while the previous type was Array. For this reason I'm dropping the JacksonXmlElementWrapper annotation on the new type. See 691649c. Let me know if you think it should be added back.
There was a problem hiding this comment.
Get it, this if looks the same as the one in the metadata deserializer, I would have one method for both in a util classes or something
There was a problem hiding this comment.
Get it, this if looks the same as the one in the metadata deserializer, I would have one method for both in a util classes or something
👍 28e15c1
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
|
|
||
| @SuppressWarnings("unused") | ||
| public final class TimestampUtils { | ||
| private static final SimpleDateFormat DATE_FORMAT = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssX"); |
There was a problem hiding this comment.
I would rather not introduce this for some serializers only, I would update the test files instead, the reason for that is that some dates might have different formats, so maybe a future enhancement will be to update all the dates, there's already a CustomDateSerializer, so maybe you need to include that one for the values you are using?
|
@shaikhu new fields were introduced to the vulnerability class, so you might need to rebase and add them to the serializer you are creating |
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
According to the docs, since v1.5 the
Toolsformat has been deprecated and a new format recommended. While the entityMetadahas been updated to use the new format (new methodsetToolChoice),Vulnerabilityhas not. This PR adds a similar method toVulnerability.