redhat-developer
diff --git a/‎build.gradle‎
Lines changed: 1 addition & 1 deletion b/‎build.gradle‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎gradle.properties‎
Lines changed: 1 addition & 1 deletion b/‎gradle.properties‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/main/java/org/jboss/tools/intellij/componentanalysis/CAAnnotator.java‎
Lines changed: 91 additions & 36 deletions b/‎src/main/java/org/jboss/tools/intellij/componentanalysis/CAAnnotator.java‎
Lines changed: 91 additions & 36 deletions
diff --git a/‎src/main/java/org/jboss/tools/intellij/componentanalysis/CAIntentionAction.java‎
Lines changed: 127 additions & 29 deletions b/‎src/main/java/org/jboss/tools/intellij/componentanalysis/CAIntentionAction.java‎
Lines changed: 127 additions & 29 deletions
@@ -63,7 +63,7 @@ dependencies {
 
     implementation 'org.kohsuke:github-api:1.314'
     implementation 'org.apache.commons:commons-compress:1.21'
-    implementation 'com.redhat.exhort:exhort-java-api:0.0.3-SNAPSHOT'
+    implementation 'com.redhat.exhort:exhort-java-api:0.0.4-SNAPSHOT'
     implementation 'com.github.ben-manes.caffeine:caffeine:3.1.8'
 
     testImplementation('junit:junit:4.13.1')
 
@@ -1,4 +1,4 @@
 ideaVersion = 2021.1
-projectVersion=0.7.1-SNAPSHOT
+projectVersion=0.9.0-SNAPSHOT
 jetBrainsToken=invalid
 jetBrainsChannel=stable
@@ -31,9 +31,7 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 import java.util.stream.Collectors;
 
 public abstract class CAAnnotator extends ExternalAnnotator<CAAnnotator.Info, Map<Dependency, CAAnnotator.Result>> {
@@ -82,7 +80,7 @@ public abstract class CAAnnotator extends ExternalAnnotator<CAAnnotator.Info, Ma
             }
 
             LOG.info("Get vulnerability report from cache");
-            Map<Dependency, DependencyReport> reports = CAService.getReports(path);
+            Map<Dependency, Map<VulnerabilitySource, DependencyReport>> reports = CAService.getReports(path);
             return this.matchDependencies(info.getDependencies(), reports);
         }
 
@@ -94,39 +92,79 @@ public void apply(@NotNull PsiFile file, Map<Dependency, Result> annotationResul
         LOG.info("Annotate dependencies");
         annotationResult.forEach((key, value) -> {
             if (value != null) {
-                DependencyReport report = value.getReport();
+                Map<VulnerabilitySource, DependencyReport> reports = value.getReports();
                 List<PsiElement> elements = value.getElements();
-                if (report.getIssues() != null && !report.getIssues().isEmpty()
+                if (reports != null && !reports.isEmpty()
                         && elements != null && !elements.isEmpty()) {
-                    if (report.getRef() != null) {
-                        String d = getDependencyString(report.getRef().purl());
-                        int num = report.getIssues().size();
-                        String m = d + ", " + "Known security vulnerabilities: " + num + ", ";
-                        String t = "<html>" +
-                                "<p>" + d + "</p>" +
-                                "<p>Known security vulnerabilities: " + num + "</p>";
-
-                        if (report.getHighestVulnerability() != null && report.getHighestVulnerability().getSeverity() != null) {
-                            String severity = report.getHighestVulnerability().getSeverity().getValue();
-                            m += "Highest severity: " + severity + ", ";
-                            t += "<p>Highest severity: " + severity + "</p>";
-                        }
+                    Optional<DependencyReport> reportOptional = reports.values().stream()
+                            .filter(Objects::nonNull).findAny();
+
+                    if (reportOptional.isPresent() && reportOptional.get().getRef() != null) {
+                        String name = getDependencyString(reportOptional.get().getRef().purl());
+
+                        StringBuilder messageBuilder = new StringBuilder(name);
+                        StringBuilder tooltipBuilder = new StringBuilder("<html>").append("<p>").append(name).append("</p>");
+                        Map<VulnerabilitySource, DependencyReport> quickfixes = new HashMap<>();
+
+                        reports.forEach((source, report) -> {
+                            if (report.getIssues() != null && !report.getIssues().isEmpty()) {
+                                messageBuilder.append(System.lineSeparator());
+                                tooltipBuilder.append("<p/>");
 
-                        m += "Dependency Analytics Plugin [Powered by Snyk]";
-                        t += "<p>Dependency Analytics Plugin [Powered by <a href='https://snyk.io/'>Snyk</a>]</p>" +
-                                "</html>";
+                                if (source.getProvider().equals(source.getSource())) {
+                                    messageBuilder.append(source.getProvider())
+                                            .append(" vulnerability info: ");
+                                    tooltipBuilder.append("<p>")
+                                            .append(source.getProvider())
+                                            .append(" vulnerability info:</p>");
+                                } else {
+                                    messageBuilder.append(source.getSource())
+                                            .append(" (")
+                                            .append(source.getProvider())
+                                            .append(") vulnerability info: ");
+                                    tooltipBuilder.append("<p>")
+                                            .append(source.getSource())
+                                            .append(" (")
+                                            .append(source.getProvider())
+                                            .append(") vulnerability info:</p>");
+                                }
 
-                        String message = m;
-                        String tooltip = t;
+                                int num = report.getIssues().size();
+                                messageBuilder.append("Known security vulnerabilities: ")
+                                        .append(num);
+                                tooltipBuilder.append("<p>Known security vulnerabilities: ")
+                                        .append(num)
+                                        .append("</p>");
+
+                                if (report.getHighestVulnerability() != null && report.getHighestVulnerability().getSeverity() != null) {
+                                    String severity = report.getHighestVulnerability().getSeverity().getValue();
+                                    messageBuilder.append(", Highest severity: ")
+                                            .append(severity);
+                                    tooltipBuilder.append("<p>Highest severity: ")
+                                            .append(severity)
+                                            .append("</p>");
+                                }
+                            }
+
+                            if (CAIntentionAction.isQuickFixAvailable(report)) {
+                                quickfixes.put(source, report);
+                            }
+                        });
 
                         elements.forEach(e -> {
                             if (e != null) {
-                                AnnotationBuilder builder = holder
-                                        .newAnnotation(HighlightSeverity.ERROR, message)
-                                        .tooltip(tooltip)
-                                        .range(e)
-                                        .withFix(new CAIntentionAction());
-                                builder.create();
+                                if (!quickfixes.isEmpty() && this.isQuickFixApplicable(e)) {
+                                    quickfixes.forEach((source, report) ->{
+                                        AnnotationBuilder builder = holder
+                                                .newAnnotation(getHighlightSeverity(report), messageBuilder.toString())
+                                                .tooltip(tooltipBuilder.toString())
+                                                .range(e);
+                                        builder.withFix(new SAIntentionAction());
+                                            builder.withFix(this.createQuickFix(e, source, report));
+                                            builder.create();
+                                      }
+                                    );
+                                }
                             }
                         });
                     }
@@ -135,12 +173,29 @@ public void apply(@NotNull PsiFile file, Map<Dependency, Result> annotationResul
         });
     }
 
+    @NotNull
+    private static HighlightSeverity getHighlightSeverity(DependencyReport report) {
+        if(CAIntentionAction.thereAreNoIssues(report) && CAIntentionAction.thereIsRecommendation(report))
+        {
+            return HighlightSeverity.WEAK_WARNING;
+        }
+        else
+        {
+            return HighlightSeverity.ERROR;
+        }
+
+    }
+
     abstract protected String getInspectionShortName();
 
     abstract protected Map<Dependency, List<PsiElement>> getDependencies(PsiFile file);
 
+    abstract protected CAIntentionAction createQuickFix(PsiElement element, VulnerabilitySource source, DependencyReport report);
+
+    abstract protected boolean isQuickFixApplicable(PsiElement element);
+
     private Map<Dependency, Result> matchDependencies(Map<Dependency, List<PsiElement>> dependencies,
-                                                      Map<Dependency, DependencyReport> reports) {
+                                                      Map<Dependency, Map<VulnerabilitySource, DependencyReport>> reports) {
         if (dependencies != null && !dependencies.isEmpty()
                 && reports != null && !reports.isEmpty()) {
             return dependencies.entrySet()
@@ -217,19 +272,19 @@ public Map<Dependency, List<PsiElement>> getDependencies() {
 
     public static class Result {
         List<PsiElement> elements;
-        DependencyReport report;
+        Map<VulnerabilitySource, DependencyReport> reports;
 
-        public Result(List<PsiElement> elements, DependencyReport report) {
+        public Result(List<PsiElement> elements, Map<VulnerabilitySource, DependencyReport> reports) {
             this.elements = elements;
-            this.report = report;
+            this.reports = reports;
         }
 
         public List<PsiElement> getElements() {
             return elements;
         }
 
-        public DependencyReport getReport() {
-            return report;
+        public Map<VulnerabilitySource, DependencyReport> getReports() {
+            return reports;
         }
     }
 }
@@ -11,62 +11,160 @@
 
 package org.jboss.tools.intellij.componentanalysis;
 
-import com.google.gson.JsonObject;
+import com.intellij.codeInsight.intention.FileModifier;
 import com.intellij.codeInsight.intention.IntentionAction;
 import com.intellij.codeInspection.util.IntentionFamilyName;
 import com.intellij.codeInspection.util.IntentionName;
 import com.intellij.openapi.editor.Editor;
-import com.intellij.openapi.fileEditor.FileEditorManager;
 import com.intellij.openapi.project.Project;
-import com.intellij.openapi.vfs.VirtualFile;
+import com.intellij.psi.PsiElement;
 import com.intellij.psi.PsiFile;
+import com.intellij.psi.util.PsiTreeUtil;
 import com.intellij.util.IncorrectOperationException;
-import org.jboss.tools.intellij.stackanalysis.SaUtils;
+import com.redhat.exhort.api.DependencyReport;
+import com.redhat.exhort.api.Issue;
 import org.jetbrains.annotations.NotNull;
+import org.jetbrains.annotations.Nullable;
 
-import java.io.IOException;
+import java.util.Optional;
+
+public abstract class CAIntentionAction implements IntentionAction {
+
+    protected @SafeFieldForPreview PsiElement element;
+    protected @SafeFieldForPreview VulnerabilitySource source;
+    protected @SafeFieldForPreview DependencyReport report;
+
+    protected CAIntentionAction(PsiElement element, VulnerabilitySource source, DependencyReport report) {
+        this.element = element;
+        this.source = source;
+        this.report = report;
+    }
 
-public class CAIntentionAction implements IntentionAction {
     @Override
     public @IntentionName @NotNull String getText() {
-        return "Detailed Vulnerability Report";
+        return getQuickFixText(this.source, this.report);
     }
 
     @Override
     public @NotNull @IntentionFamilyName String getFamilyName() {
-        return "Maven";
+        return "RHDA";
     }
 
     @Override
-    public boolean isAvailable(@NotNull Project project, Editor editor, PsiFile file) {
-        if (file == null) {
-            return false;
-        }
-        return "pom.xml".equals(file.getName())
-                || "package.json".equals(file.getName())
-                || "go.mod".equals(file.getName())
-                || "requirements.txt".equals(file.getName());
+    public void invoke(@NotNull Project project, Editor editor, PsiFile file) throws IncorrectOperationException {
+        this.updateVersion(project, editor, file, getRecommendedVersion(this.report));
     }
 
-    @Override
-    public void invoke(@NotNull Project project, Editor editor, PsiFile file) throws IncorrectOperationException {
-        SaUtils saUtils = new SaUtils();
-        VirtualFile vf = file.getVirtualFile();
-
-        if (vf != null) {
-            JsonObject manifestDetails = saUtils.performSA(vf);
-            if (manifestDetails != null) {
-                try {
-                    saUtils.openCustomEditor(FileEditorManager.getInstance(project), manifestDetails);
-                } catch (IOException ex) {
-                    throw new RuntimeException(ex);
+    private String getRecommendationsRepo(DependencyReport dependency) {
+        String repo=null;
+        if(thereAreNoIssues(dependency))
+        {
+            if(thereIsRecommendation(dependency))
+                repo = dependency.getRecommendation().purl().getQualifiers().get("repository_url");
+        }
+        else
+        {
+            Optional<Issue> issue = dependency.getIssues().stream().findFirst();
+            if(issue.isPresent())
+            {
+                if(thereIsTcRemediation(dependency)) {
+                    repo =  issue.get().getRemediation().getTrustedContent().getRef().version();
                 }
             }
+
         }
+        return repo;
     }
 
     @Override
     public boolean startInWriteAction() {
-        return false;
+        return true;
+    }
+
+    @Override
+    public @Nullable FileModifier getFileModifierForPreview(@NotNull PsiFile target) {
+        return this.createCAIntentionActionInCopy(PsiTreeUtil.findSameElementInCopy(this.element, target));
+    }
+
+    protected abstract void updateVersion(@NotNull Project project, Editor editor, PsiFile file, String version);
+
+    protected abstract @Nullable FileModifier createCAIntentionActionInCopy(PsiElement element);
+
+    //TODO
+    private static @NotNull String getRecommendedVersion(DependencyReport dependency) {
+        String version=null;
+        if(thereAreNoIssues(dependency))
+        {
+            if(thereIsRecommendation(dependency))
+            version = dependency.getRecommendation().version();
+        }
+        else
+        {
+            Optional<Issue> issue = dependency.getIssues().stream().findFirst();
+            if(issue.isPresent())
+            {
+                if(thereIsTcRemediation(dependency)) {
+                   version =  issue.get().getRemediation().getTrustedContent().getRef().version();
+                }
+            }
+
+        }
+       return version;
+    }
+
+    private static boolean thereIsTcRemediation(DependencyReport dependency) {
+        Optional<Issue> issue = dependency.getIssues().stream().filter(iss -> iss.getRemediation().getTrustedContent() != null).findFirst();
+        if(issue.isPresent()) {
+            return issue.get().getRemediation().getTrustedContent() != null;
+        }
+        else
+        {
+            return false;
+        }
+    }
+
+    static boolean thereIsRecommendation(DependencyReport dependency) {
+        return dependency.getRecommendation() != null && !dependency.getRecommendation().version().trim().equals("");
+    }
+
+    static boolean thereAreNoIssues(DependencyReport dependency) {
+        return dependency.getIssues() == null || dependency.getIssues().size() == 0;
+    }
+
+    //TODO
+    private static @NotNull String getQuickFixText(VulnerabilitySource source, DependencyReport dependency) {
+        String text="";
+        if(thereAreNoIssues(dependency) && thereIsRecommendation(dependency))
+        {
+            text = "Quick-Fix suggestion - apply redhat Recommended version";
+        }
+        else
+        {
+            if(thereIsTcRemediation(dependency))
+            {
+                text = "Quick-Fix suggestion - apply redhat remediation version";
+            }
+        }
+        return text;
+    }
+
+    //TODO
+    static boolean isQuickFixAvailable(DependencyReport dependency) {
+        boolean result=false;
+        if(thereAreNoIssues(dependency))
+        {
+            if(thereIsRecommendation(dependency))
+            {
+                result = true;
+            }
+        }
+        else
+        {
+            if(thereIsTcRemediation(dependency))
+            {
+                result = true;
+            }
+        }
+     return result;
     }
 }