chore: prepare release (#46)

Cleanup and bump version.
jeremylong · Mar 24, 2023 · dce388d · dce388d
1 parent d62140b
commit dce388d
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 12 deletions.
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
@@ -20,7 +20,9 @@ jobs:
         java-version: '11'
         distribution: 'temurin'
     - name: Run build
-      run: ./gradlew build
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: ./gradlew build --info
     - name: Archive test reports
       id: archive-logs
       if: always()

diff --git a/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle b/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle
@@ -12,7 +12,7 @@ plugins {
 }
 
 group 'io.github.jeremylong'
-version = '2.0.2'
+version = '2.0.3'
 
 repositories {
     mavenCentral()

diff --git a/gh-advisory-lib/src/main/java/io/github/jeremylong/ghsa/GitHubSecurityAdvisoryClient.java b/gh-advisory-lib/src/main/java/io/github/jeremylong/ghsa/GitHubSecurityAdvisoryClient.java
@@ -147,7 +147,6 @@ public GitHubSecurityAdvisoryClient(String githubToken, String endpoint) {
         advistoriesTemplate = loadMustacheTemplate(ADVISORIES_TEMPLATE);
         vulnerabilitiesTemplate = loadMustacheTemplate(VULNERABILITIES_TEMPLATE);
         cwesTemplate = loadMustacheTemplate(CWES_TEMPLATE);
-        // httpClient = HttpAsyncClients.createDefault();
         SystemDefaultRoutePlanner planner = new SystemDefaultRoutePlanner(ProxySelector.getDefault());
         httpClient = HttpAsyncClients.custom().setRoutePlanner(planner).build();
         httpClient.start();
@@ -296,6 +295,7 @@ public Collection<SecurityAdvisory> next() {
                 lastStatusCode = response.getCode();
                 String error = new String(response.getBodyBytes(), StandardCharsets.UTF_8);
                 LOG.error(error);
+                throw new GitHubSecurityAdvisoryException("GitHub GraphQL Returned Status Code: " + lastStatusCode);
             }
         } catch (InterruptedException e) {
             Thread.interrupted();
@@ -305,7 +305,6 @@ public Collection<SecurityAdvisory> next() {
             LOG.debug(e.getMessage(), e);
             throw new GitHubSecurityAdvisoryException(e);
         }
-        return null;
     }
 
     /**

diff --git a/...dvisory-lib/src/test/java/io/github/jeremylong/ghsa/GitHubSecurityAdvisoryClientTest.java b/...dvisory-lib/src/test/java/io/github/jeremylong/ghsa/GitHubSecurityAdvisoryClientTest.java
@@ -18,6 +18,8 @@
 
 import org.junit.jupiter.api.Assumptions;
 import org.junit.jupiter.api.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.time.ZoneOffset;
 import java.time.ZonedDateTime;
@@ -28,10 +30,12 @@
 
 class GitHubSecurityAdvisoryClientTest {
 
+    private static final Logger LOG = LoggerFactory.getLogger(GitHubSecurityAdvisoryClientTest.class);
+
     ZonedDateTime retrieveLastUpdated() {
         // TODO implement a storage/retrieval mechanism for the last updated date.
 
-        return ZonedDateTime.now(ZoneOffset.UTC).minusDays(1);
+        return ZonedDateTime.now(ZoneOffset.UTC).minusDays(5);
     }
 
     void storeLastUpdated(ZonedDateTime lastUpdated) {
@@ -43,7 +47,8 @@ void testNext() throws Exception {
         String apiKey = System.getenv("GITHUB_TOKEN");
 
         Assumptions.assumeTrue(apiKey != null, "env GITHUB_TOKEN not found - skipping test");
-        Assumptions.assumeFalse(apiKey.startsWith("op:"), "env GITHUB_TOKEN not found - skipping test");
+        Assumptions.assumeFalse(apiKey.startsWith("op:"),
+                "env GITHUB_TOKEN found protected with 1password - skipping test");
 
         GitHubSecurityAdvisoryClientBuilder builder = GitHubSecurityAdvisoryClientBuilder
                 .aGitHubSecurityAdvisoryClient().withApiKey(apiKey);
@@ -54,8 +59,11 @@ void testNext() throws Exception {
         }
         try (GitHubSecurityAdvisoryClient client = builder.build()) {
             if (client.hasNext()) {
-                Collection<SecurityAdvisory> result = client.next();
+                Collection<SecurityAdvisory> items = client.next();
                 // TODO do something useful with the SecurityAdvisories
+                for (SecurityAdvisory i : items) {
+                    System.out.println("Retrieved " + i.getGhsaId());
+                }
             }
             storeLastUpdated(client.getLastUpdated());
         }

diff --git a/nvd-lib/src/main/java/io/github/jeremylong/nvdlib/NvdCveApi.java b/nvd-lib/src/main/java/io/github/jeremylong/nvdlib/NvdCveApi.java
@@ -308,14 +308,14 @@ public Collection<DefCveItem> next() {
                 lastStatusCode = response.getCode();
                 LOG.debug("Status Code: {}", lastStatusCode);
                 LOG.debug("Response: {}", response.getBodyText());
+                throw new NvdApiException("NVD Returned Status Code: " + lastStatusCode);
             }
         } catch (InterruptedException e) {
             Thread.currentThread().interrupt();
             throw new NvdApiException(e);
         } catch (ExecutionException e) {
             throw new NvdApiException(e);
         }
-        return null;
     }
 
     @Override

diff --git a/nvd-lib/src/main/java/io/github/jeremylong/nvdlib/RateLimitedClient.java b/nvd-lib/src/main/java/io/github/jeremylong/nvdlib/RateLimitedClient.java
@@ -110,7 +110,6 @@ class RateLimitedClient implements AutoCloseable {
         this.meter = meter;
         this.delay = minimumDelay;
         LOG.debug("rate limited call delay: {}", delay);
-        // client = HttpAsyncClients.createDefault();
         SystemDefaultRoutePlanner planner = new SystemDefaultRoutePlanner(ProxySelector.getDefault());
         client = HttpAsyncClients.custom().setRoutePlanner(planner).build();
 

diff --git a/nvd-lib/src/test/java/io/github/jeremylong/nvdlib/NvdCveApiTest.java b/nvd-lib/src/test/java/io/github/jeremylong/nvdlib/NvdCveApiTest.java
@@ -17,19 +17,22 @@
 package io.github.jeremylong.nvdlib;
 
 import io.github.jeremylong.nvdlib.nvd.DefCveItem;
+import org.junit.jupiter.api.Assumptions;
 import org.junit.jupiter.api.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
-import java.time.LocalDateTime;
-import java.time.ZoneId;
 import java.time.ZoneOffset;
 import java.time.ZonedDateTime;
 import java.util.Collection;
 
 class NvdCveApiTest {
 
+    private static final Logger LOG = LoggerFactory.getLogger(NvdCveApiTest.class);
+
     ZonedDateTime retrieveLastUpdated() {
         // TODO implement a storage/retrieval mechanism.
-        return ZonedDateTime.now(ZoneOffset.UTC).minusDays(20);
+        return ZonedDateTime.now(ZoneOffset.UTC).minusDays(5);
     }
 
     void storeLasUpdated(ZonedDateTime lastUpdated) {
@@ -38,6 +41,12 @@ void storeLasUpdated(ZonedDateTime lastUpdated) {
 
     @Test
     public void update() {
+        String apiKey = System.getenv("NVD_API_KEY");
+        if (apiKey != null) {
+            Assumptions.assumeFalse(apiKey.startsWith("op:"),
+                    "env NVD_API_KEY found protected with 1password - skipping test");
+        }
+
         ZonedDateTime lastModifiedRequest = retrieveLastUpdated();
         NvdCveApiBuilder builder = NvdCveApiBuilder.aNvdCveApi();
         if (lastModifiedRequest != null) {
@@ -53,6 +62,9 @@ public void update() {
             if (api.hasNext()) {
                 Collection<DefCveItem> items = api.next();
                 // TODO do something with the items
+                for (DefCveItem i : items) {
+                   System.out.println("Retrieved " + i.getCve().getId());
+                }
             }
             lastModifiedRequest = api.getLastUpdated();
         } catch (Exception e) {