From a08bef66716df93aa11d6e748298d66c79ec8d1b Mon Sep 17 00:00:00 2001
From: HugoRocha <hrocha97@gmail.com>
Date: Tue, 5 Jun 2018 09:51:35 +0100
Subject: [PATCH] Fixed vulnerabilities API bug.

---
 .../controllers/DependencyController.kt       | 36 +++++++++----------
 .../model/Artifacts.kt                        |  9 ++++-
 2 files changed, 25 insertions(+), 20 deletions(-)

diff --git a/src/main/kotlin/com/github/ptosda/projectvalidationmanager/controllers/DependencyController.kt b/src/main/kotlin/com/github/ptosda/projectvalidationmanager/controllers/DependencyController.kt
index 0a75134..637d491 100644
--- a/src/main/kotlin/com/github/ptosda/projectvalidationmanager/controllers/DependencyController.kt
+++ b/src/main/kotlin/com/github/ptosda/projectvalidationmanager/controllers/DependencyController.kt
@@ -50,26 +50,26 @@ class DependencyController(private val licenseService: LicenseService, private v
     @PostMapping("/vulnerabilities")
     fun getDependencyVulnerabilities(resp: HttpServletResponse,
                                      @PathVariable("manager") manager: String,
-                                     @RequestBody artifacts: ArrayList<Artifacts>) : ResponseEntity<ArrayList<VulnerabilitiesEvaluationOutput>>
+                                     @RequestBody artifacts: ArrayList<Artifacts>) : ResponseEntity<ArrayList<VulnerabilitiesEvaluationOutput?>>
     {
         val dependenciesCache = CachingConfig.getDependenciesCache()
-        val inCache = ArrayList<Artifacts>()
-        val vulnerabilities = ArrayList<VulnerabilitiesEvaluationOutput>()
+        val vulnerabilities = arrayOfNulls<VulnerabilitiesEvaluationOutput>(artifacts.size).toCollection(ArrayList())
 
-        artifacts.forEach {
-            val dependencyName = if(it.group != null) "${it.name}:${it.group}" else it.name
-            val cacheKey = "$manager:$dependencyName:${it.version}"
+        artifacts.forEachIndexed { index, artifact ->
+            val dependencyName = if(artifact.group != null) "${artifact.name}:${artifact.group}" else artifact.name
+            val cacheKey = "$manager:$dependencyName:${artifact.version}"
             val cacheEntry = dependenciesCache.get(cacheKey)
             if(cacheEntry?.vulnerabilities != null){
-                logger.info("The dependency {} already had its vulnerabilities in cache", "$dependencyName:${it.version}")
-                vulnerabilities.add(cacheEntry.vulnerabilities!!)
-                inCache.add(it)
+                logger.info("The dependency {} already had its vulnerabilities in cache", "$dependencyName:${artifact.version}")
+                vulnerabilities[index] = cacheEntry.vulnerabilities!!
+                artifact.inCache = true
             }
+            artifact.index = index
         }
 
-        artifacts.removeAll(inCache)
+        artifacts.removeIf { it.inCache }
         if(!artifacts.isEmpty()) {
-            logger.info("The are dependencies that need to search for vulnerabilities.")
+            logger.info("There are dependencies that need to search for vulnerabilities.")
             val vulnerabilitySearchResult = vulnerabilityService.getVulnerabilities(artifacts)
 
             if(vulnerabilitySearchResult == null) {
@@ -78,22 +78,20 @@ class DependencyController(private val licenseService: LicenseService, private v
             }
             else {
                 logger.info("The external API was successfully queried.")
-                vulnerabilities.addAll(vulnerabilitySearchResult)
 
-                vulnerabilitySearchResult.forEach {
-                    val cacheKey = "$manager:${it.title}:${it.mainVersion}"
+                vulnerabilitySearchResult.forEachIndexed { index, vulnerabilityEvaluation ->
+                    vulnerabilities[artifacts[index].index] = vulnerabilityEvaluation
+                    val cacheKey = "$manager:${vulnerabilityEvaluation.title}:${vulnerabilityEvaluation.mainVersion}"
                     val cacheEntry = dependenciesCache.get(cacheKey)
                     if (cacheEntry == null) {
                         logger.info("The dependency was not in cache and it will be added.")
-                        dependenciesCache.put(cacheKey, DependencyInfo(null, it))   // TODO check if this is needed
+                        dependenciesCache.put(cacheKey, DependencyInfo(null, vulnerabilityEvaluation))   // TODO check if this is needed
                     } else {
                         logger.info("The dependency was in cache and it vulnerability information will be updated.")
-                        cacheEntry.vulnerabilities = it
+                        cacheEntry.vulnerabilities = vulnerabilityEvaluation
                         dependenciesCache.put(cacheKey, cacheEntry)
                     }
-                }
-                logger.info("The vulnerabilities search was successfully completed.")
-                return ResponseEntity(vulnerabilities, HttpStatus.OK)
+                 }
             }
         }
         logger.info("The vulnerabilities search was successfully completed.")
diff --git a/src/main/kotlin/com/github/ptosda/projectvalidationmanager/model/Artifacts.kt b/src/main/kotlin/com/github/ptosda/projectvalidationmanager/model/Artifacts.kt
index 0303186..20a7970 100644
--- a/src/main/kotlin/com/github/ptosda/projectvalidationmanager/model/Artifacts.kt
+++ b/src/main/kotlin/com/github/ptosda/projectvalidationmanager/model/Artifacts.kt
@@ -1,5 +1,6 @@
 package com.github.ptosda.projectvalidationmanager.model
 
+import com.fasterxml.jackson.annotation.JsonIgnore
 import com.fasterxml.jackson.annotation.JsonInclude
 
 data class Artifacts(
@@ -8,5 +9,11 @@ data class Artifacts(
         val version: String,
 
         @JsonInclude(JsonInclude.Include.NON_NULL)
-        val group: String?
+        val group: String?,
+
+        @JsonIgnore
+        var index: Int,
+
+        @JsonIgnore
+        var inCache: Boolean
 )
\ No newline at end of file