Vulnerability.kt

package com.depanalyzer.report

import com.depanalyzer.parser.Ecosystem

import com.fasterxml.jackson.annotation.JsonInclude

import com.fasterxml.jackson.annotation.JsonProperty

import java.time.Instant

enum class VulnerabilitySource {

    OSS_INDEX,

    NVD,

    BOTH,

    UNKNOWN

}

data class AffectedDependency(

    val groupId: String,

    val artifactId: String,

    val version: String,

    val ecosystem: Ecosystem = Ecosystem.MAVEN

)

@JsonInclude(JsonInclude.Include.NON_NULL)

data class Vulnerability(

    @JsonProperty("cveId")

    val cveId: String,

    val severity: VulnerabilitySeverity,

    val cvssScore: Double?,

    val description: String?,

    val affectedDependency: AffectedDependency,

    val source: VulnerabilitySource,

    val retrievedAt: Instant?,

    @JsonProperty("referenceUrl")

    val referenceUrl: String?

)

enum class VulnerabilitySeverity {

    CRITICAL, HIGH, MEDIUM, LOW, UNKNOWN;

    companion object {

        fun fromCvssScore(score: Double?): VulnerabilitySeverity {

            return when {

                score == null -> UNKNOWN

                score >= 9.0 -> CRITICAL

                score >= 7.0 -> HIGH

                score >= 4.0 -> MEDIUM

                score > 0 -> LOW

                else -> UNKNOWN

            }

        }

    }

}

Active mutators

• CONDITIONALS_BOUNDARY
• EMPTY_RETURNS
• FALSE_RETURNS
• INCREMENTS
• INVERT_NEGS
• MATH
• NEGATE_CONDITIONALS
• NULL_RETURNS
• PRIMITIVE_RETURNS
• TRUE_RETURNS
• VOID_METHOD_CALLS

Tests examined

• com.depanalyzer.report.VulnerabilityTest.[engine:junit-jupiter]/[class:com.depanalyzer.report.VulnerabilityTest]/[method:testCreateVulnerabilityWithMinimalFields()] (0 ms)
• com.depanalyzer.report.VulnerabilityTest.[engine:junit-jupiter]/[class:com.depanalyzer.report.VulnerabilityTest]/[method:testCreateVulnerabilityWithAllFields()] (0 ms)
• com.depanalyzer.report.VulnerabilityTest.[engine:junit-jupiter]/[class:com.depanalyzer.report.VulnerabilityTest]/[method:testJsonDeserializationWithNullFields()] (7 ms)
• com.depanalyzer.report.VulnerabilityTest.[engine:junit-jupiter]/[class:com.depanalyzer.report.VulnerabilityTest]/[method:testJsonSerializationExcludesNullFields()] (6 ms)
• com.depanalyzer.report.VulnerabilityTest.[engine:junit-jupiter]/[class:com.depanalyzer.report.VulnerabilityTest]/[method:testJsonDeserializationIgnoresUnknownProperties()] (9 ms)
• com.depanalyzer.report.VulnerabilityTest.[engine:junit-jupiter]/[class:com.depanalyzer.report.VulnerabilityTest]/[method:testJsonSerializationAllFields()] (8 ms)
• com.depanalyzer.report.VulnerabilityTest.[engine:junit-jupiter]/[class:com.depanalyzer.report.VulnerabilityTest]/[method:testVulnerabilitySourceEnumSerialization()] (15 ms)
• com.depanalyzer.report.VulnerabilityTest.[engine:junit-jupiter]/[class:com.depanalyzer.report.VulnerabilityTest]/[method:testJsonRoundtrip()] (224 ms)
• com.depanalyzer.report.VulnerabilityTest.[engine:junit-jupiter]/[class:com.depanalyzer.report.VulnerabilityTest]/[method:testJsonDeserializationAllFields()] (416 ms)
• com.depanalyzer.core.graph.ChainResolverTest.[engine:junit-jupiter]/[class:com.depanalyzer.core.graph.ChainResolverTest]/[method:handles circular references without infinite loops()] (0 ms)
• com.depanalyzer.core.graph.ChainResolverTest.[engine:junit-jupiter]/[class:com.depanalyzer.core.graph.ChainResolverTest]/[method:classifies direct vulnerabilities correctly()] (0 ms)
• com.depanalyzer.core.graph.ChainResolverTest.[engine:junit-jupiter]/[class:com.depanalyzer.core.graph.ChainResolverTest]/[method:deduplicates semantically identical chains()] (0 ms)
• com.depanalyzer.core.graph.ChainResolverTest.[engine:junit-jupiter]/[class:com.depanalyzer.core.graph.ChainResolverTest]/[method:resolves 4-level chain correctly()] (0 ms)
• com.depanalyzer.core.graph.ChainResolverTest.[engine:junit-jupiter]/[class:com.depanalyzer.core.graph.ChainResolverTest]/[method:handles diamond dependency with multiple paths()] (0 ms)
• com.depanalyzer.core.graph.ChainResolverTest.[engine:junit-jupiter]/[class:com.depanalyzer.core.graph.ChainResolverTest]/[method:chains include all necessary information for reporting()] (0 ms)
• com.depanalyzer.core.graph.ChainResolverTest.[engine:junit-jupiter]/[class:com.depanalyzer.core.graph.ChainResolverTest]/[method:marks shortest paths correctly()] (0 ms)
• com.depanalyzer.core.graph.ChainResolverTest.[engine:junit-jupiter]/[class:com.depanalyzer.core.graph.ChainResolverTest]/[method:resolves multiple paths to same vulnerable library()] (1 ms)
• com.depanalyzer.core.graph.ChainResolverTest.[engine:junit-jupiter]/[class:com.depanalyzer.core.graph.ChainResolverTest]/[method:resolves 3-level chain correctly()] (1 ms)
• com.depanalyzer.core.graph.ChainResolverTest.[engine:junit-jupiter]/[class:com.depanalyzer.core.graph.ChainResolverTest]/[method:resolves 2-level chain correctly()] (3 ms)
• com.depanalyzer.core.graph.ChainResolverTest.[engine:junit-jupiter]/[class:com.depanalyzer.core.graph.ChainResolverTest]/[method:handles multiple CVEs in single node()] (94 ms)
• com.depanalyzer.report.VulnerabilityTest.[engine:junit-jupiter]/[class:com.depanalyzer.report.VulnerabilityTest]/[method:testSeverityCalculationMedium()] (0 ms)
• com.depanalyzer.report.VulnerabilityTest.[engine:junit-jupiter]/[class:com.depanalyzer.report.VulnerabilityTest]/[method:testSeverityCalculationLow()] (0 ms)
• com.depanalyzer.report.VulnerabilityTest.[engine:junit-jupiter]/[class:com.depanalyzer.report.VulnerabilityTest]/[method:testSeverityCalculationZeroScore()] (0 ms)
• com.depanalyzer.report.VulnerabilityTest.[engine:junit-jupiter]/[class:com.depanalyzer.report.VulnerabilityTest]/[method:testSeverityCalculationHigh()] (0 ms)
• com.depanalyzer.report.VulnerabilityTest.[engine:junit-jupiter]/[class:com.depanalyzer.report.VulnerabilityTest]/[method:testSeverityCalculationUnknown()] (0 ms)
• com.depanalyzer.report.VulnerabilityTest.[engine:junit-jupiter]/[class:com.depanalyzer.report.VulnerabilityTest]/[method:testSeverityCalculationCritical()] (0 ms)