From 8d8b45a1374177aec282b87cf3bc3d8d3ee3c246 Mon Sep 17 00:00:00 2001 From: Nariman Abdullin Date: Mon, 31 Jul 2023 18:59:55 +0300 Subject: [PATCH] added examples on kotlin and java --- README.md | 206 +++++++++++++++++- .../kotlin/com/saveourtool/osv4k/OsvSchema.kt | 4 +- .../com/saveourtool/osv4k/GoExamples.java | 114 ++++++++++ .../osv4k/OsvSchemaJacksonJavaTestUtil.java | 10 +- .../com/saveourtool/osv4k/GoJacksonTest.kt | 90 +++++++- .../osv4k/OsvSchemaJacksonTestUtil.kt | 7 +- 6 files changed, 414 insertions(+), 17 deletions(-) create mode 100644 src/jvmTest/java/com/saveourtool/osv4k/GoExamples.java diff --git a/README.md b/README.md index bf28378..9908740 100644 --- a/README.md +++ b/README.md @@ -104,7 +104,7 @@ data class OsvSchema *Note #2*: there is alias `com.saveourtool.osv4k.RawOsvSchema` for `KotlinX Serialization` which uses `kotlinx.serialization.json.JsonObject` as raw type. ## Usage -### Kotlin using _Kotlinx Serialization_: +### Reading: Kotlin using _Kotlinx Serialization_: ```kotlin import com.saveourtool.osv4k.* @@ -119,7 +119,7 @@ fun readFromFile(pathToFile: Path) { } ``` -### Java using _Jackson Annotations_: +### Reading: Java using _Jackson Annotations_: ```java import com.fasterxml.jackson.databind.ObjectMapper; @@ -136,3 +136,205 @@ class Test { } } ``` + +### Generating: Kotlin using _KotlinX Serialization_: + +```kotlin + +@Serializable +data class GoImports( + val imports: List, +) + +@Serializable +data class GoImport( + val path: String, + val symbols: List, +) + +@Serializable +data class GoUrl( + val url: String, +) + +val osvSchema = OsvSchema( + schemaVersion = "1.3.1", + id = "GO-2020-0015", + modified = LocalDateTime(2023, 6, 12, 18, 45, 41), + published = LocalDateTime(2021, 4, 14, 20, 4, 52), + aliases = listOf("CVE-2020-14040", "GHSA-5rcv-m4m3-hfh7"), + summary = "Infinite loop when decoding some inputs in golang.org/x/text", + details = "An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to transform.String. If used to parse user supplied input, this may be used as a denial of service vector.", + affected = listOf( + Affected( + `package` = Package( + ecosystem = "Go", + name = "golang.org/x/text", + ), + ranges = listOf( + Range( + type = RangeType.SEMVER, + events = listOf( + Event(introduced = "0"), + Event(fixed = "0.3.3"), + ), + ), + ), + ecosystemSpecific = GoImports( + imports = listOf( + GoImport( + path = "golang.org/x/text/encoding/unicode", + symbols = listOf("bomOverride.Transform", "utf16Decoder.Transform"), + ), + GoImport( + path = "golang.org/x/text/transform", + symbols = listOf("String"), + ), + ), + ), + ) + ), + references = listOf( + Reference( + type = ReferenceType.FIX, + url = "https://go.dev/cl/238238", + ), + Reference( + type = ReferenceType.FIX, + url = "https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e", + ), + Reference( + type = ReferenceType.REPORT, + url = "https://go.dev/issue/39491", + ), + Reference( + type = ReferenceType.WEB, + url = "https://groups.google.com/g/golang-announce/c/bXVeAmGOqz0", + ), + ), + credits = listOf( + Credit(name = "@abacabadabacaba"), + Credit(name = "Anton Gyllenberg"), + ), + databaseSpecific = GoUrl(url = "https://pkg.go.dev/vuln/GO-2020-0015"), +) +``` + +### Generating: Java using _Jackson Annotations_ + +```java +package com.saveourtool.osv4k; + +import kotlinx.datetime.LocalDateTime; + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +public final class GoExamples { + private GoExamples() {} + + public static class GoImports { + private final List imports; + + public GoImports(List imports) { + this.imports = imports; + } + + public List getImports() { + return Collections.unmodifiableList(imports); + } + } + + public static class GoImport { + private final String path; + private final List symbols; + + public GoImport(String path, List symbols) { + this.path = path; + this.symbols = symbols; + } + + public String getPath() { + return path; + } + + public List getSymbols() { + return Collections.unmodifiableList(symbols); + } + } + + public static class GoUrl { + private final String url; + + public GoUrl(String url) { + this.url = url; + } + + public String getUrl() { + return url; + } + } + + public static OsvSchema go_2020_00115() { + return new OsvSchema( + "1.3.1", + "GO-2020-0015", + new LocalDateTime(2023, 6, 12, 18, 45, 41, 0), + new LocalDateTime(2021, 4, 14, 20, 4, 52, 0), + null, + Arrays.asList("CVE-2020-14040", "GHSA-5rcv-m4m3-hfh7"), + null, + "Infinite loop when decoding some inputs in golang.org/x/text", + "An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to transform.String. If used to parse user supplied input, this may be used as a denial of service vector.", + null, + Arrays.asList( + new Affected( + new Package( + "Go", + "golang.org/x/text", + null + ), + null, + Arrays.asList( + new Range<>( + RangeType.SEMVER, + null, + Arrays.asList( + new Event("0", null, null, null), + new Event(null, "0.3.3", null, null) + ), + null + ) + ), + null, + new GoImports( + Arrays.asList( + new GoImport( + "golang.org/x/text/encoding/unicode", + Arrays.asList("bomOverride.Transform", "utf16Decoder.Transform") + ), + new GoImport( + "golang.org/x/text/transform", + Arrays.asList("String") + ) + ) + ), + null + ) + ), + Arrays.asList( + new Reference(ReferenceType.FIX, "https://go.dev/cl/238238"), + new Reference(ReferenceType.FIX, "https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e" ), + new Reference(ReferenceType.REPORT, "https://go.dev/issue/39491"), + new Reference(ReferenceType.WEB, "https://groups.google.com/g/golang-announce/c/bXVeAmGOqz0") + ), + Arrays.asList( + new Credit("@abacabadabacaba", null, null), + new Credit("Anton Gyllenberg", null, null) + ), + new GoUrl("https://pkg.go.dev/vuln/GO-2020-0015") + ); + } +} +``` \ No newline at end of file diff --git a/src/commonMain/kotlin/com/saveourtool/osv4k/OsvSchema.kt b/src/commonMain/kotlin/com/saveourtool/osv4k/OsvSchema.kt index 357501e..42e0775 100644 --- a/src/commonMain/kotlin/com/saveourtool/osv4k/OsvSchema.kt +++ b/src/commonMain/kotlin/com/saveourtool/osv4k/OsvSchema.kt @@ -227,7 +227,7 @@ data class OsvSchema( defaultValue = "", access = JsonPropertyAccess.AUTO ) - val affected: List>? = null, + val affected: List>? = null, @JsonProperty( value = "references", namespace = "", @@ -286,7 +286,7 @@ data class OsvSchema( "BACKTICKS_PROHIBITED", "GENERIC_NAME" ) -data class Affected( +data class Affected( @JsonProperty( value = "package", namespace = "", diff --git a/src/jvmTest/java/com/saveourtool/osv4k/GoExamples.java b/src/jvmTest/java/com/saveourtool/osv4k/GoExamples.java new file mode 100644 index 0000000..04cd456 --- /dev/null +++ b/src/jvmTest/java/com/saveourtool/osv4k/GoExamples.java @@ -0,0 +1,114 @@ +package com.saveourtool.osv4k; + +import kotlinx.datetime.LocalDateTime; + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +public final class GoExamples { + private GoExamples() {} + + public static class GoImports { + private final List imports; + + public GoImports(List imports) { + this.imports = imports; + } + + public List getImports() { + return Collections.unmodifiableList(imports); + } + } + + public static class GoImport { + private final String path; + private final List symbols; + + public GoImport(String path, List symbols) { + this.path = path; + this.symbols = symbols; + } + + public String getPath() { + return path; + } + + public List getSymbols() { + return Collections.unmodifiableList(symbols); + } + } + + public static class GoUrl { + private final String url; + + public GoUrl(String url) { + this.url = url; + } + + public String getUrl() { + return url; + } + } + + public static OsvSchema go_2020_00115() { + return new OsvSchema( + "1.3.1", + "GO-2020-0015", + new LocalDateTime(2023, 6, 12, 18, 45, 41, 0), + new LocalDateTime(2021, 4, 14, 20, 4, 52, 0), + null, + Arrays.asList("CVE-2020-14040", "GHSA-5rcv-m4m3-hfh7"), + null, + "Infinite loop when decoding some inputs in golang.org/x/text", + "An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to transform.String. If used to parse user supplied input, this may be used as a denial of service vector.", + null, + Arrays.asList( + new Affected( + new Package( + "Go", + "golang.org/x/text", + null + ), + null, + Arrays.asList( + new Range<>( + RangeType.SEMVER, + null, + Arrays.asList( + new Event("0", null, null, null), + new Event(null, "0.3.3", null, null) + ), + null + ) + ), + null, + new GoImports( + Arrays.asList( + new GoImport( + "golang.org/x/text/encoding/unicode", + Arrays.asList("bomOverride.Transform", "utf16Decoder.Transform") + ), + new GoImport( + "golang.org/x/text/transform", + Arrays.asList("String") + ) + ) + ), + null + ) + ), + Arrays.asList( + new Reference(ReferenceType.FIX, "https://go.dev/cl/238238"), + new Reference(ReferenceType.FIX, "https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e" ), + new Reference(ReferenceType.REPORT, "https://go.dev/issue/39491"), + new Reference(ReferenceType.WEB, "https://groups.google.com/g/golang-announce/c/bXVeAmGOqz0") + ), + Arrays.asList( + new Credit("@abacabadabacaba", null, null), + new Credit("Anton Gyllenberg", null, null) + ), + new GoUrl("https://pkg.go.dev/vuln/GO-2020-0015") + ); + } +} diff --git a/src/jvmTest/java/com/saveourtool/osv4k/OsvSchemaJacksonJavaTestUtil.java b/src/jvmTest/java/com/saveourtool/osv4k/OsvSchemaJacksonJavaTestUtil.java index 6885575..7ec12c6 100644 --- a/src/jvmTest/java/com/saveourtool/osv4k/OsvSchemaJacksonJavaTestUtil.java +++ b/src/jvmTest/java/com/saveourtool/osv4k/OsvSchemaJacksonJavaTestUtil.java @@ -6,7 +6,6 @@ import com.fasterxml.jackson.databind.ObjectWriter; import org.intellij.lang.annotations.Language; -import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNotNull; @@ -22,13 +21,6 @@ static void doEncodeDecodeAndCompare( ) throws JsonProcessingException { final OsvSchema result = objectMapper.readValue(originalContent, OsvSchema.class); assertNotNull(result); - compareJsonContent(originalContent, prettyWriter.writeValueAsString(result)); - } - - private static void compareJsonContent( - final String contentExpected, - final String contentActual - ) throws JsonProcessingException { - assertEquals(objectMapper.readTree(contentExpected), objectMapper.readTree(contentActual)); + OsvSchemaJacksonTestUtil.INSTANCE.compareJsonContent(originalContent, prettyWriter.writeValueAsString(result)); } } \ No newline at end of file diff --git a/src/jvmTest/kotlin/com/saveourtool/osv4k/GoJacksonTest.kt b/src/jvmTest/kotlin/com/saveourtool/osv4k/GoJacksonTest.kt index 6ff2120..887caeb 100644 --- a/src/jvmTest/kotlin/com/saveourtool/osv4k/GoJacksonTest.kt +++ b/src/jvmTest/kotlin/com/saveourtool/osv4k/GoJacksonTest.kt @@ -6,14 +6,96 @@ package com.saveourtool.osv4k +import com.saveourtool.osv4k.OsvSchemaJacksonTestUtil.compareJsonContent import com.saveourtool.osv4k.OsvSchemaJacksonTestUtil.doEncodeDecodeAndCompare +import kotlinx.datetime.LocalDateTime +import kotlinx.serialization.Serializable +import kotlinx.serialization.encodeToString +import kotlinx.serialization.json.Json import kotlin.test.Test +@Serializable +data class GoImports( + val imports: List, +) + +@Serializable +data class GoImport( + val path: String, + val symbols: List, +) + +@Serializable +data class GoUrl( + val url: String, +) + class GoJacksonTest { @Test fun `GO-2020-0015`() { - doEncodeDecodeAndCompare( - """ + val osvSchema = OsvSchema( + schemaVersion = "1.3.1", + id = "GO-2020-0015", + modified = LocalDateTime(2023, 6, 12, 18, 45, 41), + published = LocalDateTime(2021, 4, 14, 20, 4, 52), + aliases = listOf("CVE-2020-14040", "GHSA-5rcv-m4m3-hfh7"), + summary = "Infinite loop when decoding some inputs in golang.org/x/text", + details = "An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to transform.String. If used to parse user supplied input, this may be used as a denial of service vector.", + affected = listOf( + Affected( + `package` = Package( + ecosystem = "Go", + name = "golang.org/x/text", + ), + ranges = listOf( + Range( + type = RangeType.SEMVER, + events = listOf( + Event(introduced = "0"), + Event(fixed = "0.3.3"), + ), + ), + ), + ecosystemSpecific = GoImports( + imports = listOf( + GoImport( + path = "golang.org/x/text/encoding/unicode", + symbols = listOf("bomOverride.Transform", "utf16Decoder.Transform"), + ), + GoImport( + path = "golang.org/x/text/transform", + symbols = listOf("String"), + ), + ), + ), + ) + ), + references = listOf( + Reference( + type = ReferenceType.FIX, + url = "https://go.dev/cl/238238", + ), + Reference( + type = ReferenceType.FIX, + url = "https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e", + ), + Reference( + type = ReferenceType.REPORT, + url = "https://go.dev/issue/39491", + ), + Reference( + type = ReferenceType.WEB, + url = "https://groups.google.com/g/golang-announce/c/bXVeAmGOqz0", + ), + ), + credits = listOf( + Credit(name = "@abacabadabacaba"), + Credit(name = "Anton Gyllenberg"), + ), + databaseSpecific = GoUrl(url = "https://pkg.go.dev/vuln/GO-2020-0015"), + ) + + val testedContent = """ { "schema_version": "1.3.1", "id": "GO-2020-0015", @@ -94,7 +176,9 @@ class GoJacksonTest { } } """.trimIndent() - ) + compareJsonContent(testedContent, Json.encodeToString(osvSchema)) + compareJsonContent(testedContent, OsvSchemaJacksonTestUtil.encode(GoExamples.go_2020_00115())) + doEncodeDecodeAndCompare(testedContent) } @Test diff --git a/src/jvmTest/kotlin/com/saveourtool/osv4k/OsvSchemaJacksonTestUtil.kt b/src/jvmTest/kotlin/com/saveourtool/osv4k/OsvSchemaJacksonTestUtil.kt index 1a8f757..45fa3dc 100644 --- a/src/jvmTest/kotlin/com/saveourtool/osv4k/OsvSchemaJacksonTestUtil.kt +++ b/src/jvmTest/kotlin/com/saveourtool/osv4k/OsvSchemaJacksonTestUtil.kt @@ -1,5 +1,6 @@ package com.saveourtool.osv4k +import com.fasterxml.jackson.core.JsonProcessingException import com.fasterxml.jackson.databind.ObjectMapper import org.intellij.lang.annotations.Language import kotlin.test.assertEquals @@ -24,10 +25,14 @@ object OsvSchemaJacksonTestUtil { OsvSchemaJavaTestUtil.doEncodeDecodeAndCompare(originalContent) } - private fun compareJsonContent( + fun compareJsonContent( contentExpected: String, contentActual: String, ) { assertEquals(objectMapper.readTree(contentExpected), objectMapper.readTree(contentActual)) } + + fun encode( + value: T + ): String = objectMapper.writeValueAsString(value) }