From 64753ad098557f6dd9330a9fd64e5b39459af04f Mon Sep 17 00:00:00 2001
From: Jan-Niclas Struewer <j.n.struewer@gmail.com>
Date: Fri, 26 Jul 2024 16:44:15 +0200
Subject: [PATCH] refactor: - Moved data models for VulnerabilityDto.kt,
KpiKind.kt, and RawValueKpiCreateDto.kt to the model's library. - Created
KpiAdapter.kt as an interface for all tool adapter, transforming arbitrary
tool results into RawValueKpiCreateDto.kt - Created a CveAdapter.kt to
transform given VulnerabilityDto.kt into RawValueKpiCreateDto.kt. -
Refactored the KpiKind.kt functionality inside the new backend application to
retain its previous functionality without the need to move frontend specific
code into the library. We now use extension functions in the backend to
achieve the same functionality
---
.../iem/app/kpi/dto/KpiCalculationDto.kt | 3 +-
.../iem/app/kpi/dto/RawValueKpiCreateDto.kt | 17 --
.../iem/app/kpi/entity/KPIEntity.kt | 2 +-
.../iem/app/kpi/enumeration/KpiKind.kt | 274 ++++--------------
.../iem/app/kpi/service/KPIService.kt | 14 +-
.../dto/RawValueKpiCreateDtoExtension.kt | 15 +
.../repository/service/RepositoryService.kt | 3 +-
.../iem/app/tool/enumeration/ToolType.kt | 3 +-
.../iem/app/toolRun/service/ToolRunService.kt | 3 +-
.../iem/app/tools/ort/service/OrtService.kt | 2 +-
.../app/tools/ort/service/OrtServiceTest.kt | 3 +-
.../de/fraunhofer/iem/adapter/KpiAdapter.kt | 12 +
.../fraunhofer/iem/adapter/cve/CveAdapter.kt | 20 ++
.../iem/kpiCalculator/core/KpiCalculator.kt | 7 +
.../model/adapter}/VulnerabilityDto.kt | 2 +-
.../iem/kpiCalculator/model/kpi/KpiKind.kt | 28 ++
.../model/kpi/RawValueKpiCreateDto.kt | 3 +
17 files changed, 157 insertions(+), 254 deletions(-)
delete mode 100644 app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/dto/RawValueKpiCreateDto.kt
create mode 100644 app/backend/src/main/kotlin/de/fraunhofer/iem/app/repository/dto/RawValueKpiCreateDtoExtension.kt
create mode 100644 kpi-calculator/adapter/src/main/kotlin/de/fraunhofer/iem/adapter/KpiAdapter.kt
create mode 100644 kpi-calculator/adapter/src/main/kotlin/de/fraunhofer/iem/adapter/cve/CveAdapter.kt
create mode 100644 kpi-calculator/core/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/core/KpiCalculator.kt
rename {app/backend/src/main/kotlin/de/fraunhofer/iem/app/tools/ort/dto => kpi-calculator/model/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/model/adapter}/VulnerabilityDto.kt (65%)
create mode 100644 kpi-calculator/model/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/model/kpi/KpiKind.kt
create mode 100644 kpi-calculator/model/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/model/kpi/RawValueKpiCreateDto.kt
diff --git a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/dto/KpiCalculationDto.kt b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/dto/KpiCalculationDto.kt
index 0d3a7ae2..af8f7f74 100644
--- a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/dto/KpiCalculationDto.kt
+++ b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/dto/KpiCalculationDto.kt
@@ -1,7 +1,8 @@
package de.fraunhofer.iem.app.kpi.dto
-import de.fraunhofer.iem.app.kpi.enumeration.KpiKind
+import de.fraunhofer.iem.app.kpi.enumeration.toViewModel
import de.fraunhofer.iem.app.logger.getLogger
+import de.fraunhofer.iem.kpiCalculator.model.kpi.KpiKind
class KpiCalculationDto(
val kind: KpiKind,
diff --git a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/dto/RawValueKpiCreateDto.kt b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/dto/RawValueKpiCreateDto.kt
deleted file mode 100644
index cc91d6a1..00000000
--- a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/dto/RawValueKpiCreateDto.kt
+++ /dev/null
@@ -1,17 +0,0 @@
-package de.fraunhofer.iem.app.kpi.dto
-
-import de.fraunhofer.iem.app.kpi.enumeration.KpiKind
-import de.fraunhofer.iem.app.toolRun.entity.ToolRunEntity
-import java.sql.Timestamp
-import java.time.Instant
-
-data class RawValueKpiCreateDto(val kind: KpiKind, val score: Int) {
- fun toDbObject(toolRun: ToolRunEntity): de.fraunhofer.iem.app.kpi.entity.KPIEntity {
- return de.fraunhofer.iem.app.kpi.entity.KPIEntity(
- kind = this.kind,
- score = this.score,
- createdAt = Timestamp.from(Instant.now()),
- toolRunEntity = toolRun
- )
- }
-}
diff --git a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/entity/KPIEntity.kt b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/entity/KPIEntity.kt
index f288d98f..97382493 100644
--- a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/entity/KPIEntity.kt
+++ b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/entity/KPIEntity.kt
@@ -1,9 +1,9 @@
package de.fraunhofer.iem.app.kpi.entity
import de.fraunhofer.iem.app.kpi.dto.KpiCalculationDto
-import de.fraunhofer.iem.app.kpi.enumeration.KpiKind
import de.fraunhofer.iem.app.kpi.strategy.RawValueKPICalculationStrategy
import de.fraunhofer.iem.app.toolRun.entity.ToolRunEntity
+import de.fraunhofer.iem.kpiCalculator.model.kpi.KpiKind
import jakarta.persistence.*
import org.hibernate.annotations.CurrentTimestamp
import org.hibernate.generator.EventType
diff --git a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/enumeration/KpiKind.kt b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/enumeration/KpiKind.kt
index 5ce7ddd6..176e0e33 100644
--- a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/enumeration/KpiKind.kt
+++ b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/enumeration/KpiKind.kt
@@ -2,16 +2,12 @@ package de.fraunhofer.iem.app.kpi.enumeration
import de.fraunhofer.iem.app.kpi.dto.KPITreeChildResponseDto
import de.fraunhofer.iem.app.kpi.dto.KPITreeResponseDto
+import de.fraunhofer.iem.kpiCalculator.model.kpi.KpiKind
-enum class KpiKind {
- // Raw Value KPIs
- CHECKED_IN_BINARIES {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
- return KPITreeResponseDto(
+fun KpiKind.toViewModel(value: Int, children: List<KPITreeChildResponseDto>, isEmpty: Boolean): KPITreeResponseDto {
+ return when (this.name) {
+ KpiKind.CHECKED_IN_BINARIES.name ->
+ KPITreeResponseDto(
value = value,
name = this.getName(),
description = "Used to assess the compliance to the OpenCoDE " +
@@ -19,18 +15,8 @@ enum class KpiKind {
children = children,
isEmpty = isEmpty
)
- }
- override fun getName(): String {
- return "No Checked in Binaries"
- }
- },
- NUMBER_OF_COMMITS {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.NUMBER_OF_COMMITS.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
@@ -38,19 +24,8 @@ enum class KpiKind {
children = children,
isEmpty = isEmpty
)
- }
- override fun getName(): String {
- return "Number of Commits"
- }
- },
- VULNERABILITY_SCORE {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
- // TODO: in order to provide more detailed information here we need to query the ORT api
+ KpiKind.VULNERABILITY_SCORE.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
@@ -60,18 +35,8 @@ enum class KpiKind {
children = children,
isEmpty = isEmpty
)
- }
- override fun getName(): String {
- return "Vulnerability Score"
- }
- },
- NUMBER_OF_SIGNED_COMMITS {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.NUMBER_OF_SIGNED_COMMITS.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
@@ -79,18 +44,8 @@ enum class KpiKind {
children = children,
isEmpty = isEmpty
)
- }
- override fun getName(): String {
- return "Number of Signed Commits"
- }
- },
- IS_DEFAULT_BRANCH_PROTECTED {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.IS_DEFAULT_BRANCH_PROTECTED.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
@@ -100,18 +55,8 @@ enum class KpiKind {
children = children,
isEmpty = isEmpty
)
- }
- override fun getName(): String {
- return "Default Branch Protection"
- }
- },
- SECRETS {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.SECRETS.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
@@ -123,18 +68,8 @@ enum class KpiKind {
children = children,
isEmpty = isEmpty
)
- }
- override fun getName(): String {
- return "Public Secrets"
- }
- },
- SAST_USAGE {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.SAST_USAGE.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
@@ -142,18 +77,8 @@ enum class KpiKind {
children = children,
isEmpty = isEmpty
)
- }
- override fun getName(): String {
- return "SAST Usage"
- }
- },
- COMMENTS_IN_CODE {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.COMMENTS_IN_CODE.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
@@ -162,18 +87,8 @@ enum class KpiKind {
children = children,
isEmpty = isEmpty
)
- }
- override fun getName(): String {
- return "Comments in Code"
- }
- },
- DOCUMENTATION_INFRASTRUCTURE {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.DOCUMENTATION_INFRASTRUCTURE.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
@@ -185,20 +100,8 @@ enum class KpiKind {
children = children,
isEmpty = isEmpty
)
- }
-
- override fun getName(): String {
- return "Existence of Documentation Infrastructure"
- }
- },
- // Calculated KPIs
- SIGNED_COMMITS_RATIO {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.SIGNED_COMMITS_RATIO.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
@@ -209,18 +112,8 @@ enum class KpiKind {
children = children,
isEmpty = isEmpty
)
- }
- override fun getName(): String {
- return "Commit Signature Ratio"
- }
- },
- INTERNAL_QUALITY {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.INTERNAL_QUALITY.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
@@ -230,18 +123,8 @@ enum class KpiKind {
isEmpty = isEmpty,
order = 3
)
- }
- override fun getName(): String {
- return "Internal Quality"
- }
- },
- EXTERNAL_QUALITY {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.EXTERNAL_QUALITY.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
@@ -252,18 +135,8 @@ enum class KpiKind {
isEmpty = isEmpty,
order = 3
)
- }
- override fun getName(): String {
- return "External Quality"
- }
- },
- PROCESS_COMPLIANCE {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.PROCESS_COMPLIANCE.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
@@ -274,18 +147,8 @@ enum class KpiKind {
isEmpty = isEmpty,
order = 4
)
- }
- override fun getName(): String {
- return "Process Compliance Score"
- }
- },
- PROCESS_TRANSPARENCY {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.PROCESS_TRANSPARENCY.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
@@ -297,18 +160,8 @@ enum class KpiKind {
isEmpty = isEmpty,
order = 5
)
- }
- override fun getName(): String {
- return "Process Transparency Score"
- }
- },
- SECURITY {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.SECURITY.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
@@ -319,18 +172,8 @@ enum class KpiKind {
isEmpty = isEmpty,
order = 2
)
- }
- override fun getName(): String {
- return "Security Score"
- }
- },
- MAXIMAL_VULNERABILITY {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.MAXIMAL_VULNERABILITY.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
@@ -345,60 +188,57 @@ enum class KpiKind {
children = children,
isEmpty = isEmpty
)
- }
- override fun getName(): String {
- return "Maximal Dependency Vulnerability"
- }
- },
- DOCUMENTATION {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.ROOT.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
- description = "This score describes the approximated availability of documentation in the repository.",
+ description = "Assesses the project resp. the provided software in the aspects of" +
+ " maturity (based on quality, security and usability aspects) as well as development process.",
+ isRoot = true,
children = children,
isEmpty = isEmpty
)
- }
-
- override fun getName(): String {
- return "Documentation"
- }
- },
- // ROOT
- ROOT {
- override fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto {
+ KpiKind.DOCUMENTATION.name ->
return KPITreeResponseDto(
value = value,
name = this.getName(),
- description = "Assesses the project resp. the provided software in the aspects of" +
- " maturity (based on quality, security and usability aspects) as well as development process.",
- isRoot = true,
+ description = "This score describes the approximated availability of documentation in the repository.",
children = children,
isEmpty = isEmpty
)
- }
-
- override fun getName(): String {
- return "Project Score"
- }
- };
- abstract fun toViewModel(
- value: Int,
- children: List<KPITreeChildResponseDto>,
- isEmpty: Boolean
- ): KPITreeResponseDto
+ else -> KPITreeResponseDto(
+ value = 0,
+ this.getName(),
+ description = "Unknown KPI",
+ children = emptyList(),
+ isEmpty = true
+ )
+ }
+}
- abstract fun getName(): String
+fun KpiKind.getName(): String {
+ return when (this.name) {
+ KpiKind.ROOT.name -> "Project Health Score"
+ KpiKind.PROCESS_COMPLIANCE.name -> "Process Compliance Score"
+ KpiKind.DOCUMENTATION.name -> "Documentation"
+ KpiKind.CHECKED_IN_BINARIES.name -> "No Checked in Binaries"
+ KpiKind.INTERNAL_QUALITY.name -> "Internal Quality"
+ KpiKind.NUMBER_OF_COMMITS.name -> "Number of Commits"
+ KpiKind.MAXIMAL_VULNERABILITY.name -> "Maximal Dependency Vulnerability Score"
+ KpiKind.SECURITY.name -> "Security Score"
+ KpiKind.VULNERABILITY_SCORE.name -> "Vulnerability Score"
+ KpiKind.PROCESS_TRANSPARENCY.name -> "Process Transparency Score"
+ KpiKind.NUMBER_OF_SIGNED_COMMITS.name -> "Number of Signed Commits"
+ KpiKind.COMMENTS_IN_CODE.name -> "Comments in Code"
+ KpiKind.DOCUMENTATION_INFRASTRUCTURE.name -> "Existence of Documentation Infrastructure"
+ KpiKind.IS_DEFAULT_BRANCH_PROTECTED.name -> "Default Branch Protection"
+ KpiKind.SECRETS.name -> "Public Secrets"
+ KpiKind.SIGNED_COMMITS_RATIO.name -> "Commit Signature Ratio"
+ KpiKind.EXTERNAL_QUALITY.name -> "External Quality"
+ KpiKind.SAST_USAGE.name -> "SAST Usage"
+ else -> "Unknown KPI"
+ }
}
diff --git a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/service/KPIService.kt b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/service/KPIService.kt
index 35e64833..3a2a843e 100644
--- a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/service/KPIService.kt
+++ b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/kpi/service/KPIService.kt
@@ -3,8 +3,6 @@ package de.fraunhofer.iem.app.kpi.service
import de.fraunhofer.iem.app.kpi.dto.KPITreeChildResponseDto
import de.fraunhofer.iem.app.kpi.dto.KPITreeResponseDto
import de.fraunhofer.iem.app.kpi.dto.KpiCalculationDto
-import de.fraunhofer.iem.app.kpi.dto.RawValueKpiCreateDto
-import de.fraunhofer.iem.app.kpi.enumeration.KpiKind
import de.fraunhofer.iem.app.kpi.strategy.AggregationKPICalculationStrategy
import de.fraunhofer.iem.app.kpi.strategy.MaximumKPICalculationStrategy
import de.fraunhofer.iem.app.kpi.strategy.RatioKPICalculationStrategy
@@ -12,7 +10,8 @@ import de.fraunhofer.iem.app.logger.getLogger
import de.fraunhofer.iem.app.repository.dto.RepositoryDetailsDto
import de.fraunhofer.iem.app.tools.occmd.enumeration.Checks
import de.fraunhofer.iem.app.tools.occmd.json.RawResultJson
-import de.fraunhofer.iem.app.tools.ort.dto.VulnerabilityDto
+import de.fraunhofer.iem.kpiCalculator.model.kpi.KpiKind
+import de.fraunhofer.iem.kpiCalculator.model.kpi.RawValueKpiCreateDto
import org.springframework.stereotype.Service
@Service
@@ -106,15 +105,6 @@ class KPIService {
return kpis
}
- fun calculateVulnerabilityKpis(vulnerabilityDtos: List<VulnerabilityDto>): List<RawValueKpiCreateDto> {
- return vulnerabilityDtos.map {
- RawValueKpiCreateDto(
- kind = KpiKind.VULNERABILITY_SCORE,
- score = (it.severity * 10).toInt()
- )
- }
- }
-
/**
* Creates a named map of RepositoryCreateDtos, based upon the provided repository details.
* This method only returns raw KPIs.
diff --git a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/repository/dto/RawValueKpiCreateDtoExtension.kt b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/repository/dto/RawValueKpiCreateDtoExtension.kt
new file mode 100644
index 00000000..572e43b0
--- /dev/null
+++ b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/repository/dto/RawValueKpiCreateDtoExtension.kt
@@ -0,0 +1,15 @@
+package de.fraunhofer.iem.app.repository.dto
+
+import de.fraunhofer.iem.app.toolRun.entity.ToolRunEntity
+import de.fraunhofer.iem.kpiCalculator.model.kpi.RawValueKpiCreateDto
+import java.sql.Timestamp
+import java.time.Instant
+
+fun RawValueKpiCreateDto.toDbObject(toolRun: ToolRunEntity): de.fraunhofer.iem.app.kpi.entity.KPIEntity {
+ return de.fraunhofer.iem.app.kpi.entity.KPIEntity(
+ kind = this.kind,
+ score = this.score,
+ createdAt = Timestamp.from(Instant.now()),
+ toolRunEntity = toolRun
+ )
+}
diff --git a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/repository/service/RepositoryService.kt b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/repository/service/RepositoryService.kt
index a05c2e45..d76b1962 100644
--- a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/repository/service/RepositoryService.kt
+++ b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/repository/service/RepositoryService.kt
@@ -1,10 +1,10 @@
package de.fraunhofer.iem.app.repository.service
import de.fraunhofer.iem.app.gitlab.service.OpenCodeGitlabApi
-import de.fraunhofer.iem.app.kpi.dto.RawValueKpiCreateDto
import de.fraunhofer.iem.app.logger.getLogger
import de.fraunhofer.iem.app.repository.dto.RepositoryConsentDto
import de.fraunhofer.iem.app.repository.dto.RepositoryCreateDto
+import de.fraunhofer.iem.app.repository.dto.toDbObject
import de.fraunhofer.iem.app.repository.entity.RepositoryEntity
import de.fraunhofer.iem.app.repository.repository.RepositoryRepository
import de.fraunhofer.iem.app.tool.dto.CreateToolDto
@@ -13,6 +13,7 @@ import de.fraunhofer.iem.app.toolRun.dto.ToolRunDto
import de.fraunhofer.iem.app.toolRun.entity.LanguageEntity
import de.fraunhofer.iem.app.toolRun.entity.ToolRunEntity
import de.fraunhofer.iem.app.toolRun.repository.ToolRunRepository
+import de.fraunhofer.iem.kpiCalculator.model.kpi.RawValueKpiCreateDto
import org.springframework.stereotype.Service
import org.springframework.transaction.annotation.Propagation
import org.springframework.transaction.annotation.Transactional
diff --git a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/tool/enumeration/ToolType.kt b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/tool/enumeration/ToolType.kt
index e9cde5a2..330d15c8 100644
--- a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/tool/enumeration/ToolType.kt
+++ b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/tool/enumeration/ToolType.kt
@@ -1,7 +1,8 @@
package de.fraunhofer.iem.app.tool.enumeration
-import de.fraunhofer.iem.app.kpi.enumeration.KpiKind
+import de.fraunhofer.iem.app.kpi.enumeration.getName
import de.fraunhofer.iem.app.tool.dto.ToolDto
+import de.fraunhofer.iem.kpiCalculator.model.kpi.KpiKind
enum class ToolType {
ORT {
diff --git a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/toolRun/service/ToolRunService.kt b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/toolRun/service/ToolRunService.kt
index 3338ccac..56ae463f 100644
--- a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/toolRun/service/ToolRunService.kt
+++ b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/toolRun/service/ToolRunService.kt
@@ -1,5 +1,6 @@
package de.fraunhofer.iem.app.toolRun.service
+import de.fraunhofer.iem.adapter.cve.CveAdapter
import de.fraunhofer.iem.app.kpi.service.KPIService
import de.fraunhofer.iem.app.logger.getLogger
import de.fraunhofer.iem.app.repository.service.RepositoryService
@@ -66,7 +67,7 @@ class ToolRunService(
async {
val vulnerabilityDtos =
ortService.getOrtResults(projectId) // in the dev setup we get results for repo id 106
- Pair(ortService.getToolDto(), kpiService.calculateVulnerabilityKpis(vulnerabilityDtos))
+ Pair(ortService.getToolDto(), CveAdapter.transformDataToKpi(vulnerabilityDtos))
},
async {
diff --git a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/tools/ort/service/OrtService.kt b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/tools/ort/service/OrtService.kt
index 9d94ae7f..f9a4d8a5 100644
--- a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/tools/ort/service/OrtService.kt
+++ b/app/backend/src/main/kotlin/de/fraunhofer/iem/app/tools/ort/service/OrtService.kt
@@ -4,9 +4,9 @@ import de.fraunhofer.iem.app.configuration.OpenCodeApiProperties
import de.fraunhofer.iem.app.logger.getLogger
import de.fraunhofer.iem.app.tool.dto.CreateToolDto
import de.fraunhofer.iem.app.tool.enumeration.ToolType
-import de.fraunhofer.iem.app.tools.ort.dto.VulnerabilityDto
import de.fraunhofer.iem.app.tools.ort.json.ResultJson
import de.fraunhofer.iem.app.utilities.HttpClientWrapper
+import de.fraunhofer.iem.kpiCalculator.model.adapter.VulnerabilityDto
import io.ktor.client.call.*
import io.ktor.client.request.*
import io.ktor.client.statement.*
diff --git a/app/backend/src/test/kotlin/de/fraunhofer/iem/app/tools/ort/service/OrtServiceTest.kt b/app/backend/src/test/kotlin/de/fraunhofer/iem/app/tools/ort/service/OrtServiceTest.kt
index d522e818..651605aa 100644
--- a/app/backend/src/test/kotlin/de/fraunhofer/iem/app/tools/ort/service/OrtServiceTest.kt
+++ b/app/backend/src/test/kotlin/de/fraunhofer/iem/app/tools/ort/service/OrtServiceTest.kt
@@ -221,7 +221,8 @@ const val VALID_JSON = """{
class OrtServiceTest {
private fun createOrtService(mockEngine: MockEngine): OrtService {
- val openCodeApiProperties = OpenCodeApiProperties("testPath/", "/ort", authApiKey = "", auth = "")
+ val openCodeApiProperties =
+ OpenCodeApiProperties("testPath/", "/de/fraunhofer/iem/adapter/ort", authApiKey = "", auth = "")
val toolService = mockk<ToolService>()
every { toolService.findToolByName(CreateToolDto("ORT", ToolType.ORT)) } returns ToolEntity(
name = "ORT",
diff --git a/kpi-calculator/adapter/src/main/kotlin/de/fraunhofer/iem/adapter/KpiAdapter.kt b/kpi-calculator/adapter/src/main/kotlin/de/fraunhofer/iem/adapter/KpiAdapter.kt
new file mode 100644
index 00000000..262400c5
--- /dev/null
+++ b/kpi-calculator/adapter/src/main/kotlin/de/fraunhofer/iem/adapter/KpiAdapter.kt
@@ -0,0 +1,12 @@
+package de.fraunhofer.iem.adapter
+
+import de.fraunhofer.iem.kpiCalculator.model.kpi.KpiKind
+import de.fraunhofer.iem.kpiCalculator.model.kpi.RawValueKpiCreateDto
+
+
+interface KpiAdapter<T> {
+ val kpiKind: KpiKind
+
+ fun transformDataToKpi(data: List<T>): List<RawValueKpiCreateDto>
+ fun transformDataToKpi(data: T): List<RawValueKpiCreateDto> = transformDataToKpi(listOf(data))
+}
diff --git a/kpi-calculator/adapter/src/main/kotlin/de/fraunhofer/iem/adapter/cve/CveAdapter.kt b/kpi-calculator/adapter/src/main/kotlin/de/fraunhofer/iem/adapter/cve/CveAdapter.kt
new file mode 100644
index 00000000..74df6796
--- /dev/null
+++ b/kpi-calculator/adapter/src/main/kotlin/de/fraunhofer/iem/adapter/cve/CveAdapter.kt
@@ -0,0 +1,20 @@
+package de.fraunhofer.iem.adapter.cve
+
+import de.fraunhofer.iem.adapter.KpiAdapter
+import de.fraunhofer.iem.kpiCalculator.model.adapter.VulnerabilityDto
+import de.fraunhofer.iem.kpiCalculator.model.kpi.KpiKind
+import de.fraunhofer.iem.kpiCalculator.model.kpi.RawValueKpiCreateDto
+
+object CveAdapter : KpiAdapter<VulnerabilityDto> {
+ override val kpiKind: KpiKind
+ get() = KpiKind.VULNERABILITY_SCORE
+
+ override fun transformDataToKpi(vulnerabilityDtos: List<VulnerabilityDto>): List<RawValueKpiCreateDto> {
+ return vulnerabilityDtos.map {
+ RawValueKpiCreateDto(
+ kind = kpiKind,
+ score = (it.severity * 10).toInt()
+ )
+ }
+ }
+}
diff --git a/kpi-calculator/core/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/core/KpiCalculator.kt b/kpi-calculator/core/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/core/KpiCalculator.kt
new file mode 100644
index 00000000..0d1d240a
--- /dev/null
+++ b/kpi-calculator/core/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/core/KpiCalculator.kt
@@ -0,0 +1,7 @@
+package de.fraunhofer.iem.kpiCalculator.core
+
+object KpiCalculator {
+ //XXX: Setup Logger
+
+
+}
diff --git a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/tools/ort/dto/VulnerabilityDto.kt b/kpi-calculator/model/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/model/adapter/VulnerabilityDto.kt
similarity index 65%
rename from app/backend/src/main/kotlin/de/fraunhofer/iem/app/tools/ort/dto/VulnerabilityDto.kt
rename to kpi-calculator/model/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/model/adapter/VulnerabilityDto.kt
index afde6721..d03226a1 100644
--- a/app/backend/src/main/kotlin/de/fraunhofer/iem/app/tools/ort/dto/VulnerabilityDto.kt
+++ b/kpi-calculator/model/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/model/adapter/VulnerabilityDto.kt
@@ -1,3 +1,3 @@
-package de.fraunhofer.iem.app.tools.ort.dto
+package de.fraunhofer.iem.kpiCalculator.model.adapter
data class VulnerabilityDto(val cveIdentifier: String, val packageName: String, val severity: Double)
diff --git a/kpi-calculator/model/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/model/kpi/KpiKind.kt b/kpi-calculator/model/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/model/kpi/KpiKind.kt
new file mode 100644
index 00000000..6b8eb5fd
--- /dev/null
+++ b/kpi-calculator/model/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/model/kpi/KpiKind.kt
@@ -0,0 +1,28 @@
+package de.fraunhofer.iem.kpiCalculator.model.kpi
+
+
+enum class KpiKind {
+ // Raw Value KPIs
+ CHECKED_IN_BINARIES,
+ NUMBER_OF_COMMITS,
+ VULNERABILITY_SCORE,
+ NUMBER_OF_SIGNED_COMMITS,
+ IS_DEFAULT_BRANCH_PROTECTED,
+ SECRETS,
+ SAST_USAGE,
+ COMMENTS_IN_CODE,
+ DOCUMENTATION_INFRASTRUCTURE,
+
+ // Calculated KPIs
+ SIGNED_COMMITS_RATIO,
+ INTERNAL_QUALITY,
+ EXTERNAL_QUALITY,
+ PROCESS_COMPLIANCE,
+ PROCESS_TRANSPARENCY,
+ SECURITY,
+ MAXIMAL_VULNERABILITY,
+ DOCUMENTATION,
+
+ // ROOT
+ ROOT
+}
diff --git a/kpi-calculator/model/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/model/kpi/RawValueKpiCreateDto.kt b/kpi-calculator/model/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/model/kpi/RawValueKpiCreateDto.kt
new file mode 100644
index 00000000..fe82d588
--- /dev/null
+++ b/kpi-calculator/model/src/main/kotlin/de/fraunhofer/iem/kpiCalculator/model/kpi/RawValueKpiCreateDto.kt
@@ -0,0 +1,3 @@
+package de.fraunhofer.iem.kpiCalculator.model.kpi
+
+data class RawValueKpiCreateDto(val kind: KpiKind, val score: Int)
--
GitLab