-
-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update vulnerabilities to use new Tool specification #438
base: master
Are you sure you want to change the base?
Conversation
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferencesCodacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more |
src/main/java/org/cyclonedx/model/vulnerability/Vulnerability.java
Outdated
Show resolved
Hide resolved
src/main/java/org/cyclonedx/util/deserializer/VulnerabilityDeserializer.java
Show resolved
Hide resolved
vulnerability.setProperties(properties); | ||
} | ||
|
||
if (node.has("tools")) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what if it's an older version and has only the toolChoice?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what if it's an older version and has only the toolChoice?
Looking at the docs, both the new and deprecated field has the same name Tools
. Also the xsd only defines Tools
not Tools
and ToolChoice
.
However looking at the docs, the field is of type Object
, while the previous type was Array
. For this reason I'm dropping the JacksonXmlElementWrapper
annotation on the new type. See 691649c. Let me know if you think it should be added back.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Get it, this if looks the same as the one in the metadata deserializer, I would have one method for both in a util classes or something
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Get it, this if looks the same as the one in the metadata deserializer, I would have one method for both in a util classes or something
👍 28e15c1
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
|
||
@SuppressWarnings("unused") | ||
public final class TimestampUtils { | ||
private static final SimpleDateFormat DATE_FORMAT = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssX"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would rather not introduce this for some serializers only, I would update the test files instead, the reason for that is that some dates might have different formats, so maybe a future enhancement will be to update all the dates, there's already a CustomDateSerializer, so maybe you need to include that one for the values you are using?
@shaikhu new fields were introduced to the vulnerability class, so you might need to rebase and add them to the serializer you are creating |
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
Signed-off-by: Usman Shaikh <shaikhu@gmail.com>
According to the docs, since v1.5 the
Tools
format has been deprecated and a new format recommended. While the entityMetada
has been updated to use the new format (new methodsetToolChoice
),Vulnerability
has not. This PR adds a similar method toVulnerability
.