From 97dd5dfc59cdedafbffd47bc148b96f4c28278c4 Mon Sep 17 00:00:00 2001
From: Korbinian Singhammer <external.Korbinian.Singhammer2@bosch.io>
Date: Fri, 12 Mar 2021 12:09:16 -0500
Subject: [PATCH] VulnerabilityProvider: Add class that will represent each
 advisor

Signed-off-by: Korbinian Singhammer <external.Korbinian.Singhammer2@bosch.io>
---
 .../src/main/kotlin/VulnerabilityProvider.kt  | 81 +++++++++++++++++++
 1 file changed, 81 insertions(+)
 create mode 100644 advisor/src/main/kotlin/VulnerabilityProvider.kt

diff --git a/advisor/src/main/kotlin/VulnerabilityProvider.kt b/advisor/src/main/kotlin/VulnerabilityProvider.kt
new file mode 100644
index 0000000000000..426f9b188e015
--- /dev/null
+++ b/advisor/src/main/kotlin/VulnerabilityProvider.kt
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2020-2021 Bosch.IO GmbH
+ * Copyright (C) 2021 HERE Europe B.V.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * License-Filename: LICENSE
+ */
+
+package org.ossreviewtoolkit.advisor
+
+import java.time.Instant
+
+import org.ossreviewtoolkit.model.AdvisorDetails
+import org.ossreviewtoolkit.model.AdvisorResult
+import org.ossreviewtoolkit.model.AdvisorSummary
+import org.ossreviewtoolkit.model.Package
+import org.ossreviewtoolkit.model.createAndLogIssue
+import org.ossreviewtoolkit.utils.collectMessagesAsString
+import org.ossreviewtoolkit.utils.showStackTrace
+
+/**
+ * An abstract class that represents a service that can retrieve vulnerability information
+ * for a list of given [Package]s.
+ */
+abstract class VulnerabilityProvider(val providerName: String) {
+
+    /**
+     * For a given list of [Package]s, retrieve vulnerability information and return a map
+     * that associates each package with a list of [AdvisorResult]s. Needs to be implemented
+     * by child classes.
+     */
+    protected abstract suspend fun retrievePackageVulnerabilities(
+        packages: List<Package>
+    ): Map<Package, List<AdvisorResult>>
+
+    /**
+     * A generic method that creates a failed [AdvisorResult] for [Package]s if there was an issue
+     * during the retrieval of vulnerability information.
+     */
+    protected fun createFailedResults(
+        startTime: Instant,
+        packages: List<Package>,
+        t: Throwable
+    ): Map<Package, List<AdvisorResult>> {
+        val endTime = Instant.now()
+
+        t.showStackTrace()
+
+        val failedResults = listOf(
+            AdvisorResult(
+                vulnerabilities = emptyList(),
+                advisor = AdvisorDetails(providerName),
+                summary = AdvisorSummary(
+                    startTime = startTime,
+                    endTime = endTime,
+                    issues = listOf(
+                        createAndLogIssue(
+                            source = providerName,
+                            message = "Failed to retrieve security vulnerabilities from $providerName: " +
+                                    t.collectMessagesAsString()
+                        )
+                    )
+                )
+            )
+        )
+
+        return packages.associateWith { failedResults }
+    }
+}