feat: support multi-source

Author: xieshenzh

build.gradle

@@ -63,7 +63,7 @@ dependencies {
 
     implementation 'org.kohsuke:github-api:1.314'
     implementation 'org.apache.commons:commons-compress:1.21'
-    implementation 'com.redhat.exhort:exhort-java-api:0.0.3-SNAPSHOT'
+    implementation 'com.redhat.exhort:exhort-java-api:1.0.0-SNAPSHOT'
     implementation 'com.github.ben-manes.caffeine:caffeine:3.1.8'
 
     testImplementation('junit:junit:4.13.1')

src/main/java/org/jboss/tools/intellij/componentanalysis/CAAnnotator.java

@@ -31,9 +31,7 @@
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 import java.util.stream.Collectors;
 
 public abstract class CAAnnotator extends ExternalAnnotator<CAAnnotator.Info, Map<Dependency, CAAnnotator.Result>> {
@@ -82,7 +80,7 @@ public abstract class CAAnnotator extends ExternalAnnotator<CAAnnotator.Info, Ma
             }
 
             LOG.info("Get vulnerability report from cache");
-            Map<Dependency, DependencyReport> reports = CAService.getReports(path);
+            Map<Dependency, Map<VulnerabilitySource, DependencyReport>> reports = CAService.getReports(path);
             return this.matchDependencies(info.getDependencies(), reports);
         }
 
@@ -94,38 +92,79 @@ public void apply(@NotNull PsiFile file, Map<Dependency, Result> annotationResul
         LOG.info("Annotate dependencies");
         annotationResult.forEach((key, value) -> {
             if (value != null) {
-                DependencyReport report = value.getReport();
+                Map<VulnerabilitySource, DependencyReport> reports = value.getReports();
                 List<PsiElement> elements = value.getElements();
-                if (report.getIssues() != null && !report.getIssues().isEmpty()
+                if (reports != null && !reports.isEmpty()
                         && elements != null && !elements.isEmpty()) {
-                    if (report.getRef() != null) {
-                        String d = getDependencyString(report.getRef().purl());
-                        int num = report.getIssues().size();
-                        String m = d + ", " + "Known security vulnerabilities: " + num + ", ";
-                        String t = "<html>" +
-                                "<p>" + d + "</p>" +
-                                "<p>Known security vulnerabilities: " + num + "</p>";
-
-                        if (report.getHighestVulnerability() != null && report.getHighestVulnerability().getSeverity() != null) {
-                            String severity = report.getHighestVulnerability().getSeverity().getValue();
-                            m += "Highest severity: " + severity + ", ";
-                            t += "<p>Highest severity: " + severity + "</p>";
-                        }
+                    Optional<DependencyReport> reportOptional = reports.values().stream()
+                            .filter(Objects::nonNull).findAny();
+
+                    if (reportOptional.isPresent() && reportOptional.get().getRef() != null) {
+                        String name = getDependencyString(reportOptional.get().getRef().purl());
+
+                        StringBuilder messageBuilder = new StringBuilder(name);
+                        StringBuilder tooltipBuilder = new StringBuilder("<html>").append("<p>").append(name).append("</p>");
+                        Map<VulnerabilitySource, DependencyReport> quickfixes = new HashMap<>();
+
+                        reports.forEach((source, report) -> {
+                            if (report.getIssues() != null && !report.getIssues().isEmpty()) {
+                                messageBuilder.append(System.lineSeparator());
+                                tooltipBuilder.append("<p/>");
 
-                        m += "Dependency Analytics Plugin [Powered by Snyk]";
-                        t += "<p>Dependency Analytics Plugin [Powered by <a href='https://snyk.io/'>Snyk</a>]</p>" +
-                                "</html>";
+                                if (source.getProvider().equals(source.getSource())) {
+                                    messageBuilder.append(source.getProvider())
+                                            .append(" vulnerability info: ");
+                                    tooltipBuilder.append("<p>")
+                                            .append(source.getProvider())
+                                            .append(" vulnerability info:</p>");
+                                } else {
+                                    messageBuilder.append(source.getSource())
+                                            .append(" (")
+                                            .append(source.getProvider())
+                                            .append(") vulnerability info: ");
+                                    tooltipBuilder.append("<p>")
+                                            .append(source.getSource())
+                                            .append(" (")
+                                            .append(source.getProvider())
+                                            .append(") vulnerability info:</p>");
+                                }
+
+                                int num = report.getIssues().size();
+                                messageBuilder.append("Known security vulnerabilities: ")
+                                        .append(num);
+                                tooltipBuilder.append("<p>Known security vulnerabilities: ")
+                                        .append(num)
+                                        .append("</p>");
+
+                                if (report.getHighestVulnerability() != null && report.getHighestVulnerability().getSeverity() != null) {
+                                    String severity = report.getHighestVulnerability().getSeverity().getValue();
+                                    messageBuilder.append(", Highest severity: ")
+                                            .append(severity);
+                                    tooltipBuilder.append("<p>Highest severity: ")
+                                            .append(severity)
+                                            .append("</p>");
+                                }
+                            }
 
-                        String message = m;
-                        String tooltip = t;
+                            if (CAIntentionAction.isQuickFixAvailable(report)) {
+                                quickfixes.put(source, report);
+                            }
+                        });
 
                         elements.forEach(e -> {
                             if (e != null) {
                                 AnnotationBuilder builder = holder
-                                        .newAnnotation(HighlightSeverity.ERROR, message)
-                                        .tooltip(tooltip)
-                                        .range(e)
-                                        .withFix(new CAIntentionAction());
+                                        .newAnnotation(HighlightSeverity.ERROR, messageBuilder.toString())
+                                        .tooltip(tooltipBuilder.toString())
+                                        .range(e);
+
+                                builder.withFix(new SAIntentionAction());
+
+                                if (!quickfixes.isEmpty() && this.isQuickFixApplicable(e)) {
+                                    quickfixes.forEach((source, report) ->
+                                            builder.withFix(this.createQuickFix(e, source, report)));
+                                }
+
                                 builder.create();
                             }
                         });
@@ -139,8 +178,12 @@ public void apply(@NotNull PsiFile file, Map<Dependency, Result> annotationResul
 
     abstract protected Map<Dependency, List<PsiElement>> getDependencies(PsiFile file);
 
+    abstract protected CAIntentionAction createQuickFix(PsiElement element, VulnerabilitySource source, DependencyReport report);
+
+    abstract protected boolean isQuickFixApplicable(PsiElement element);
+
     private Map<Dependency, Result> matchDependencies(Map<Dependency, List<PsiElement>> dependencies,
-                                                      Map<Dependency, DependencyReport> reports) {
+                                                      Map<Dependency, Map<VulnerabilitySource, DependencyReport>> reports) {
         if (dependencies != null && !dependencies.isEmpty()
                 && reports != null && !reports.isEmpty()) {
             return dependencies.entrySet()
@@ -217,19 +260,19 @@ public Map<Dependency, List<PsiElement>> getDependencies() {
 
     public static class Result {
         List<PsiElement> elements;
-        DependencyReport report;
+        Map<VulnerabilitySource, DependencyReport> reports;
 
-        public Result(List<PsiElement> elements, DependencyReport report) {
+        public Result(List<PsiElement> elements, Map<VulnerabilitySource, DependencyReport> reports) {
             this.elements = elements;
-            this.report = report;
+            this.reports = reports;
         }
 
         public List<PsiElement> getElements() {
             return elements;
         }
 
-        public DependencyReport getReport() {
-            return report;
+        public Map<VulnerabilitySource, DependencyReport> getReports() {
+            return reports;
         }
     }
 }

src/main/java/org/jboss/tools/intellij/componentanalysis/CAIntentionAction.java

@@ -11,62 +11,73 @@
 
 package org.jboss.tools.intellij.componentanalysis;
 
-import com.google.gson.JsonObject;
+import com.intellij.codeInsight.intention.FileModifier;
 import com.intellij.codeInsight.intention.IntentionAction;
 import com.intellij.codeInspection.util.IntentionFamilyName;
 import com.intellij.codeInspection.util.IntentionName;
 import com.intellij.openapi.editor.Editor;
-import com.intellij.openapi.fileEditor.FileEditorManager;
 import com.intellij.openapi.project.Project;
-import com.intellij.openapi.vfs.VirtualFile;
+import com.intellij.psi.PsiElement;
 import com.intellij.psi.PsiFile;
+import com.intellij.psi.util.PsiTreeUtil;
 import com.intellij.util.IncorrectOperationException;
-import org.jboss.tools.intellij.stackanalysis.SaUtils;
+import com.redhat.exhort.api.DependencyReport;
 import org.jetbrains.annotations.NotNull;
+import org.jetbrains.annotations.Nullable;
 
-import java.io.IOException;
+public abstract class CAIntentionAction implements IntentionAction {
+
+    protected @SafeFieldForPreview PsiElement element;
+    protected @SafeFieldForPreview VulnerabilitySource source;
+    protected @SafeFieldForPreview DependencyReport report;
+
+    protected CAIntentionAction(PsiElement element, VulnerabilitySource source, DependencyReport report) {
+        this.element = element;
+        this.source = source;
+        this.report = report;
+    }
 
-public class CAIntentionAction implements IntentionAction {
     @Override
     public @IntentionName @NotNull String getText() {
-        return "Detailed Vulnerability Report";
+        return getQuickFixText(this.source, this.report);
     }
 
     @Override
     public @NotNull @IntentionFamilyName String getFamilyName() {
-        return "Maven";
+        return "RHDA";
     }
 
     @Override
-    public boolean isAvailable(@NotNull Project project, Editor editor, PsiFile file) {
-        if (file == null) {
-            return false;
-        }
-        return "pom.xml".equals(file.getName())
-                || "package.json".equals(file.getName())
-                || "go.mod".equals(file.getName())
-                || "requirements.txt".equals(file.getName());
+    public void invoke(@NotNull Project project, Editor editor, PsiFile file) throws IncorrectOperationException {
+        this.updateVersion(project, editor, file, getRecommendedVersion(this.report));
     }
 
     @Override
-    public void invoke(@NotNull Project project, Editor editor, PsiFile file) throws IncorrectOperationException {
-        SaUtils saUtils = new SaUtils();
-        VirtualFile vf = file.getVirtualFile();
-
-        if (vf != null) {
-            JsonObject manifestDetails = saUtils.performSA(vf);
-            if (manifestDetails != null) {
-                try {
-                    saUtils.openCustomEditor(FileEditorManager.getInstance(project), manifestDetails);
-                } catch (IOException ex) {
-                    throw new RuntimeException(ex);
-                }
-            }
-        }
+    public boolean startInWriteAction() {
+        return true;
     }
 
     @Override
-    public boolean startInWriteAction() {
-        return false;
+    public @Nullable FileModifier getFileModifierForPreview(@NotNull PsiFile target) {
+        return this.createCAIntentionActionInCopy(PsiTreeUtil.findSameElementInCopy(this.element, target));
+    }
+
+    protected abstract void updateVersion(@NotNull Project project, Editor editor, PsiFile file, String version);
+
+    protected abstract @Nullable FileModifier createCAIntentionActionInCopy(PsiElement element);
+
+    //TODO
+    private static @NotNull String getRecommendedVersion(DependencyReport report) {
+        return "123";
+    }
+
+    //TODO
+    private static @NotNull String getQuickFixText(VulnerabilitySource source, DependencyReport report) {
+        return "test";
+    }
+
+    //TODO
+    static boolean isQuickFixAvailable(DependencyReport report) {
+        return true;
     }
 }