From dce388d280a5cab8528203a0396545879dcc9ff0 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Fri, 24 Mar 2023 16:12:18 -0400
Subject: [PATCH] chore: prepare release (#46)

Cleanup and bump version.
---
 .github/workflows/gradle.yml                   |  4 +++-
 .../vuln.tools.java-common-conventions.gradle  |  2 +-
 .../ghsa/GitHubSecurityAdvisoryClient.java     |  3 +--
 .../ghsa/GitHubSecurityAdvisoryClientTest.java | 14 +++++++++++---
 .../io/github/jeremylong/nvdlib/NvdCveApi.java |  2 +-
 .../jeremylong/nvdlib/RateLimitedClient.java   |  1 -
 .../jeremylong/nvdlib/NvdCveApiTest.java       | 18 +++++++++++++++---
 7 files changed, 32 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
index 26c8aacd..2f76c05b 100644
--- a/.github/workflows/gradle.yml
+++ b/.github/workflows/gradle.yml
@@ -20,7 +20,9 @@ jobs:
         java-version: '11'
         distribution: 'temurin'
     - name: Run build
-      run: ./gradlew build
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: ./gradlew build --info
     - name: Archive test reports
       id: archive-logs
       if: always()
diff --git a/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle b/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle
index f83ab3fe..2524a774 100644
--- a/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle
+++ b/buildSrc/src/main/groovy/vuln.tools.java-common-conventions.gradle
@@ -12,7 +12,7 @@ plugins {
 }
 
 group 'io.github.jeremylong'
-version = '2.0.2'
+version = '2.0.3'
 
 repositories {
     mavenCentral()
diff --git a/gh-advisory-lib/src/main/java/io/github/jeremylong/ghsa/GitHubSecurityAdvisoryClient.java b/gh-advisory-lib/src/main/java/io/github/jeremylong/ghsa/GitHubSecurityAdvisoryClient.java
index b7813000..0e7cccd6 100644
--- a/gh-advisory-lib/src/main/java/io/github/jeremylong/ghsa/GitHubSecurityAdvisoryClient.java
+++ b/gh-advisory-lib/src/main/java/io/github/jeremylong/ghsa/GitHubSecurityAdvisoryClient.java
@@ -147,7 +147,6 @@ public GitHubSecurityAdvisoryClient(String githubToken, String endpoint) {
         advistoriesTemplate = loadMustacheTemplate(ADVISORIES_TEMPLATE);
         vulnerabilitiesTemplate = loadMustacheTemplate(VULNERABILITIES_TEMPLATE);
         cwesTemplate = loadMustacheTemplate(CWES_TEMPLATE);
-        // httpClient = HttpAsyncClients.createDefault();
         SystemDefaultRoutePlanner planner = new SystemDefaultRoutePlanner(ProxySelector.getDefault());
         httpClient = HttpAsyncClients.custom().setRoutePlanner(planner).build();
         httpClient.start();
@@ -296,6 +295,7 @@ public Collection<SecurityAdvisory> next() {
                 lastStatusCode = response.getCode();
                 String error = new String(response.getBodyBytes(), StandardCharsets.UTF_8);
                 LOG.error(error);
+                throw new GitHubSecurityAdvisoryException("GitHub GraphQL Returned Status Code: " + lastStatusCode);
             }
         } catch (InterruptedException e) {
             Thread.interrupted();
@@ -305,7 +305,6 @@ public Collection<SecurityAdvisory> next() {
             LOG.debug(e.getMessage(), e);
             throw new GitHubSecurityAdvisoryException(e);
         }
-        return null;
     }
 
     /**
diff --git a/gh-advisory-lib/src/test/java/io/github/jeremylong/ghsa/GitHubSecurityAdvisoryClientTest.java b/gh-advisory-lib/src/test/java/io/github/jeremylong/ghsa/GitHubSecurityAdvisoryClientTest.java
index e2139dea..516abd2a 100644
--- a/gh-advisory-lib/src/test/java/io/github/jeremylong/ghsa/GitHubSecurityAdvisoryClientTest.java
+++ b/gh-advisory-lib/src/test/java/io/github/jeremylong/ghsa/GitHubSecurityAdvisoryClientTest.java
@@ -18,6 +18,8 @@
 
 import org.junit.jupiter.api.Assumptions;
 import org.junit.jupiter.api.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import java.time.ZoneOffset;
 import java.time.ZonedDateTime;
@@ -28,10 +30,12 @@
 
 class GitHubSecurityAdvisoryClientTest {
 
+    private static final Logger LOG = LoggerFactory.getLogger(GitHubSecurityAdvisoryClientTest.class);
+
     ZonedDateTime retrieveLastUpdated() {
         // TODO implement a storage/retrieval mechanism for the last updated date.
 
-        return ZonedDateTime.now(ZoneOffset.UTC).minusDays(1);
+        return ZonedDateTime.now(ZoneOffset.UTC).minusDays(5);
     }
 
     void storeLastUpdated(ZonedDateTime lastUpdated) {
@@ -43,7 +47,8 @@ void testNext() throws Exception {
         String apiKey = System.getenv("GITHUB_TOKEN");
 
         Assumptions.assumeTrue(apiKey != null, "env GITHUB_TOKEN not found - skipping test");
-        Assumptions.assumeFalse(apiKey.startsWith("op:"), "env GITHUB_TOKEN not found - skipping test");
+        Assumptions.assumeFalse(apiKey.startsWith("op:"),
+                "env GITHUB_TOKEN found protected with 1password - skipping test");
 
         GitHubSecurityAdvisoryClientBuilder builder = GitHubSecurityAdvisoryClientBuilder
                 .aGitHubSecurityAdvisoryClient().withApiKey(apiKey);
@@ -54,8 +59,11 @@ void testNext() throws Exception {
         }
         try (GitHubSecurityAdvisoryClient client = builder.build()) {
             if (client.hasNext()) {
-                Collection<SecurityAdvisory> result = client.next();
+                Collection<SecurityAdvisory> items = client.next();
                 // TODO do something useful with the SecurityAdvisories
+                for (SecurityAdvisory i : items) {
+                    System.out.println("Retrieved " + i.getGhsaId());
+                }
             }
             storeLastUpdated(client.getLastUpdated());
         }
diff --git a/nvd-lib/src/main/java/io/github/jeremylong/nvdlib/NvdCveApi.java b/nvd-lib/src/main/java/io/github/jeremylong/nvdlib/NvdCveApi.java
index c94f0fa0..244eeee7 100644
--- a/nvd-lib/src/main/java/io/github/jeremylong/nvdlib/NvdCveApi.java
+++ b/nvd-lib/src/main/java/io/github/jeremylong/nvdlib/NvdCveApi.java
@@ -308,6 +308,7 @@ public Collection<DefCveItem> next() {
                 lastStatusCode = response.getCode();
                 LOG.debug("Status Code: {}", lastStatusCode);
                 LOG.debug("Response: {}", response.getBodyText());
+                throw new NvdApiException("NVD Returned Status Code: " + lastStatusCode);
             }
         } catch (InterruptedException e) {
             Thread.currentThread().interrupt();
@@ -315,7 +316,6 @@ public Collection<DefCveItem> next() {
         } catch (ExecutionException e) {
             throw new NvdApiException(e);
         }
-        return null;
     }
 
     @Override
diff --git a/nvd-lib/src/main/java/io/github/jeremylong/nvdlib/RateLimitedClient.java b/nvd-lib/src/main/java/io/github/jeremylong/nvdlib/RateLimitedClient.java
index 4e2c9e92..e34d7cda 100644
--- a/nvd-lib/src/main/java/io/github/jeremylong/nvdlib/RateLimitedClient.java
+++ b/nvd-lib/src/main/java/io/github/jeremylong/nvdlib/RateLimitedClient.java
@@ -110,7 +110,6 @@ class RateLimitedClient implements AutoCloseable {
         this.meter = meter;
         this.delay = minimumDelay;
         LOG.debug("rate limited call delay: {}", delay);
-        // client = HttpAsyncClients.createDefault();
         SystemDefaultRoutePlanner planner = new SystemDefaultRoutePlanner(ProxySelector.getDefault());
         client = HttpAsyncClients.custom().setRoutePlanner(planner).build();
 
diff --git a/nvd-lib/src/test/java/io/github/jeremylong/nvdlib/NvdCveApiTest.java b/nvd-lib/src/test/java/io/github/jeremylong/nvdlib/NvdCveApiTest.java
index f8708056..7df14b3a 100644
--- a/nvd-lib/src/test/java/io/github/jeremylong/nvdlib/NvdCveApiTest.java
+++ b/nvd-lib/src/test/java/io/github/jeremylong/nvdlib/NvdCveApiTest.java
@@ -17,19 +17,22 @@
 package io.github.jeremylong.nvdlib;
 
 import io.github.jeremylong.nvdlib.nvd.DefCveItem;
+import org.junit.jupiter.api.Assumptions;
 import org.junit.jupiter.api.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
-import java.time.LocalDateTime;
-import java.time.ZoneId;
 import java.time.ZoneOffset;
 import java.time.ZonedDateTime;
 import java.util.Collection;
 
 class NvdCveApiTest {
 
+    private static final Logger LOG = LoggerFactory.getLogger(NvdCveApiTest.class);
+
     ZonedDateTime retrieveLastUpdated() {
         // TODO implement a storage/retrieval mechanism.
-        return ZonedDateTime.now(ZoneOffset.UTC).minusDays(20);
+        return ZonedDateTime.now(ZoneOffset.UTC).minusDays(5);
     }
 
     void storeLasUpdated(ZonedDateTime lastUpdated) {
@@ -38,6 +41,12 @@ void storeLasUpdated(ZonedDateTime lastUpdated) {
 
     @Test
     public void update() {
+        String apiKey = System.getenv("NVD_API_KEY");
+        if (apiKey != null) {
+            Assumptions.assumeFalse(apiKey.startsWith("op:"),
+                    "env NVD_API_KEY found protected with 1password - skipping test");
+        }
+
         ZonedDateTime lastModifiedRequest = retrieveLastUpdated();
         NvdCveApiBuilder builder = NvdCveApiBuilder.aNvdCveApi();
         if (lastModifiedRequest != null) {
@@ -53,6 +62,9 @@ public void update() {
             if (api.hasNext()) {
                 Collection<DefCveItem> items = api.next();
                 // TODO do something with the items
+                for (DefCveItem i : items) {
+                   System.out.println("Retrieved " + i.getCve().getId());
+                }
             }
             lastModifiedRequest = api.getLastUpdated();
         } catch (Exception e) {