depanalyzer/com.depanalyzer.repository

Package-level declarations

Types

data class ComponentReportResponse(val coordinates: String, val vulnerabilities: List<OssIndexVulnerability> = emptyList(), val reference: String? = null, val timestamp: Long? = null)

CpeMatch

data class CpeMatch(val vulnerable: Boolean, val criteria: String, val matchCriteriaId: String? = null, val versionStartIncluding: String? = null, val versionEndIncluding: String? = null, val versionStartExcluding: String? = null, val versionEndExcluding: String? = null)

CpeNode

data class CpeNode(val operator: String? = null, val negate: Boolean? = null, val cpeMatch: List<CpeMatch> = emptyList(), val children: List<CpeNode>? = null)

CveConfiguration

data class CveConfiguration(val nodes: List<CpeNode> = emptyList())

CveDescription

data class CveDescription(val lang: String, val value: String)

CveReference

data class CveReference(val url: String, val source: String? = null, val tags: List<String>? = null)

CveTag

data class CveTag(val sourceIdentifier: String? = null, val tags: List<String> = emptyList())

CveWeakness

data class CveWeakness(val source: String? = null, val type: String? = null, val description: List<CweDescription> = emptyList())

CvssDataV2

data class CvssDataV2(val version: String, val vectorString: String, val baseScore: Double, val baseSeverity: String? = null)

CvssDataV3

data class CvssDataV3(val version: String, val vectorString: String, val baseScore: Double, val baseSeverity: String? = null, val attackVector: String? = null, val attackComplexity: String? = null, val privilegesRequired: String? = null, val userInteraction: String? = null, val scope: String? = null, val confidentialityImpact: String? = null, val integrityImpact: String? = null, val availabilityImpact: String? = null)

CvssMetricV2

data class CvssMetricV2(val source: String? = null, val type: String? = null, val cvssData: CvssDataV2, val baseSeverity: String? = null, val exploitabilityScore: Double? = null, val impactScore: Double? = null)

CvssMetricV3

data class CvssMetricV3(val source: String? = null, val type: String? = null, val cvssData: CvssDataV3, val baseSeverity: String? = null, val exploitabilityScore: Double? = null, val impactScore: Double? = null)

CweDescription

data class CweDescription(val lang: String, val value: String)

MavenMetadata

data class MavenMetadata(val groupId: String? = null, val artifactId: String? = null, val versioning: MavenVersioning? = null)

MavenToCpeMapper

object MavenToCpeMapper

MavenVersioning

data class MavenVersioning(val latest: String? = null, val release: String? = null, val versions: MavenVersions? = null, val lastUpdated: String? = null)

MavenVersions

data class MavenVersions(val versionList: List<String> = emptyList())

NvdClient

class NvdClient(connectTimeoutSeconds: Long = 10, readTimeoutSeconds: Long = 20, apiKey: String? = System.getenv("NVD_API_KEY"), client: OkHttpClient = OkHttpClient.Builder() .connectTimeout(connectTimeoutSeconds, TimeUnit.SECONDS) .readTimeout(readTimeoutSeconds, TimeUnit.SECONDS) .build(), baseUrl: String = "https://services.nvd.nist.gov/rest/json/cves/2.0", requestDelayMs: Long = if (System.getenv("NVD_API_KEY") != null) 100 else 600)

NvdCve

data class NvdCve(val id: String, val sourceIdentifier: String? = null, val published: Instant? = null, val lastModified: Instant? = null, val vulnStatus: String? = null, val descriptions: List<CveDescription> = emptyList(), val metrics: NvdMetrics? = null, val weaknesses: List<CveWeakness>? = null, val configurations: List<CveConfiguration>? = null, val references: List<CveReference> = emptyList(), val vendorComments: List<VendorComment>? = null, val cveTags: List<CveTag>? = null)

NvdCveResponse

data class NvdCveResponse(val resultsPerPage: Int, val startIndex: Int, val totalResults: Int, val vulnerabilities: List<NvdVulnerability> = emptyList(), val format: String? = null, val version: String? = null, val timestamp: String? = null)

NvdMetrics

data class NvdMetrics(val cvssMetricV3: List<CvssMetricV3>? = null, val cvssMetricV2: List<CvssMetricV2>? = null)

NvdVulnerability

data class NvdVulnerability(val cve: NvdCve)

OssIndexClient

class OssIndexClient(connectTimeoutSeconds: Long = 15, readTimeoutSeconds: Long = 30, token: String? = null, client: OkHttpClient = OkHttpClient.Builder() .connectTimeout(connectTimeoutSeconds, TimeUnit.SECONDS) .readTimeout(readTimeoutSeconds, TimeUnit.SECONDS) .build(), baseUrl: HttpUrl = "https://api.guide.sonatype.com/".toHttpUrl())

OssIndexVulnerability

data class OssIndexVulnerability(val id: String, val title: String, val description: String? = null, val cvssScore: Double? = null, val reference: String? = null)

ProjectRepository

data class ProjectRepository(val id: String, val url: String, val releases: Boolean = true, val snapshots: Boolean = false, val username: String? = null, val password: String? = null)

RepositoryClient

class RepositoryClient(connectTimeoutSeconds: Long = 10, readTimeoutSeconds: Long = 10, trustedCredentialHosts: Set<String> = InputSafety.parseTrustedCredentialHosts(System.getenv(InputSafety.CREDENTIAL_HOST_ALLOWLIST_ENV)), client: OkHttpClient = OkHttpClient.Builder() .connectTimeout(connectTimeoutSeconds, TimeUnit.SECONDS) .readTimeout(readTimeoutSeconds, TimeUnit.SECONDS) .build())

VendorComment

data class VendorComment(val organization: String? = null, val comment: String? = null, val lastModified: String? = null)

VulnerabilityMerger

object VulnerabilityMerger

Functions

toVulnerability

fun OssIndexVulnerability.toVulnerability(affectedDependency: AffectedDependency, retrievedAt: Instant = Instant.now()): Vulnerability