org-metaeffekt · jfuegen-metaeffekt · Nov 22, 2024 · Nov 22, 2024 · Dec 14, 2024 · Dec 14, 2024
diff --git a/...es/ae-inventory-processor/src/main/java/org/metaeffekt/core/inventory/InventoryUtils.java b/...es/ae-inventory-processor/src/main/java/org/metaeffekt/core/inventory/InventoryUtils.java
@@ -392,4 +392,31 @@ public static Set<Artifact> getArtifactsForAsset(Inventory inventory, AssetMetaD
         return setOfArtifacts;
     }
 
+    public static Map<AssetMetaData, Set<Artifact>> buildAssetToArtifactMap(Inventory filteredInventory) {
+        final Map<AssetMetaData, Set<Artifact>> assetMetaDataToArtifactsMap = new HashMap<>();
+
+        // the report only operates on the specified assets (these may be filtered for the use case)
+        for (AssetMetaData assetMetaData : filteredInventory.getAssetMetaData()) {
+
+            final String assetId = assetMetaData.get(AssetMetaData.Attribute.ASSET_ID);
+
+            if (!StringUtils.isNotBlank(assetId)) continue;
+
+            // derive licenses from artifacts
+            for (Artifact artifact : filteredInventory.getArtifacts()) {
+                // skip all artifacts that do not belong to an asset
+                if (StringUtils.isNotBlank(artifact.get(assetId))) {
+                    assetMetaDataToArtifactsMap.computeIfAbsent(assetMetaData, c -> new HashSet<>()).add(artifact);
+                } else {
+                    // check via asset id; if artifact id matches asset id; add
+                    final String artifactAssetId = InventoryUtils.deriveAssetIdFromArtifact(artifact);
+                    if (assetId.equals(artifactAssetId)) {
+                        assetMetaDataToArtifactsMap.computeIfAbsent(assetMetaData, c -> new HashSet<>()).add(artifact);
+                    }
+                }
+            }
+        }
+        return assetMetaDataToArtifactsMap;
+    }
+
 }
diff --git a/...ntory-processor/src/main/java/org/metaeffekt/core/inventory/processor/model/Artifact.java b/...ntory-processor/src/main/java/org/metaeffekt/core/inventory/processor/model/Artifact.java
@@ -59,6 +59,7 @@ public enum Attribute implements AbstractModelBase.Attribute {
 
         // url of the project pages
         URL("URL"),
+        SOURCE_CODE_URL("Source Code URL"),
 
         // indicates whether the artifact is security relevant and needs to be upgraded asap
         SECURITY_RELEVANT("Security Relevance"),
@@ -76,16 +77,22 @@ public enum Attribute implements AbstractModelBase.Attribute {
         VERIFIED("Verified"),
         ERRORS("Errors"),
         HASH_SHA256("Hash (SHA-256)"),
+        HASH_SHA1("Hash (SHA1)"),
+        HASH_SHA512("Hash (SHA-512)"),
         PATH_IN_ASSET("Path in Asset"),
         VIRTUAL_ROOT_PATH("Virtual Root Path"),
         PURL("PURL"),
         COMPONENT_SOURCE_TYPE("Component Source Type"),
 
-        // FIXME: consolidate
         SOURCE("Source"),
+        ORGANIZATION("Organization"),
+        SUPPLIER("Supplier"),
+
+        ARCHIVE("Archive"),
+        STRUCTURED("Structured"),
+        EXECUTABLE("Executable");
+
 
-        // FIXME: consolidate
-        ORGANIZATION("Organization");
 
         private String key;
 

diff --git a/...-processor/src/main/java/org/metaeffekt/core/inventory/processor/model/AssetMetaData.java b/...-processor/src/main/java/org/metaeffekt/core/inventory/processor/model/AssetMetaData.java
@@ -53,7 +53,15 @@ public enum Attribute implements AbstractModelBase.Attribute {
         VERSION("Version"),
         ASSESSMENT_ID("Assessment Id"),
         ROLE("Role"),
-        ASSESSMENT("Assessment");
+        ASSESSMENT("Assessment"),
+        CHECKSUM("Checksum"),
+        HASH_SHA256("Hash (SHA-256)"),
+        HASH_SHA1("Hash (SHA1)"),
+        HASH_SHA512("Hash (SHA-512)"),
+        URL("URL"),
+        SOURCE_CODE_URL("Source Code URL"),
+        SUPPLIER("Supplier"),
+        TYPE("Type");
 
         private String key;
 

diff --git a/...ocessor/src/main/java/org/metaeffekt/core/inventory/processor/report/InventoryReport.java b/...ocessor/src/main/java/org/metaeffekt/core/inventory/processor/report/InventoryReport.java
@@ -584,7 +584,7 @@ protected boolean createReport(Inventory globalInventory, Inventory localInvento
         // write reports
         if (inventoryBomReportEnabled) {
             writeReports(projectInventory, filteredInventory, inventoryReportAdapters,
-                    deriveTemplateBaseDir(), TEMPLATE_GROUP_INVENTORY_REPORT_BOM, reportContext);
+                    TEMPLATES_BASE_DIR, TEMPLATE_GROUP_INVENTORY_REPORT_BOM, reportContext);
         }
 
         if (inventoryDiffReportEnabled) {
@@ -593,23 +593,23 @@ protected boolean createReport(Inventory globalInventory, Inventory localInvento
 
         if (inventoryVulnerabilityReportEnabled) {
             writeReports(projectInventory, filteredInventory, inventoryReportAdapters,
-                    deriveTemplateBaseDir(), TEMPLATE_GROUP_INVENTORY_REPORT_VULNERABILITY, reportContext);
+                    TEMPLATES_BASE_DIR, TEMPLATE_GROUP_INVENTORY_REPORT_VULNERABILITY, reportContext);
         }
 
         if (inventoryVulnerabilityReportSummaryEnabled) {
             writeReports(projectInventory, filteredInventory, inventoryReportAdapters,
-                    deriveTemplateBaseDir(), TEMPLATE_GROUP_INVENTORY_REPORT_VULNERABILITY_SUMMARY, reportContext);
+                    TEMPLATES_BASE_DIR, TEMPLATE_GROUP_INVENTORY_REPORT_VULNERABILITY_SUMMARY, reportContext);
         }
 
         if (inventoryVulnerabilityStatisticsReportEnabled) {
             writeReports(projectInventory, filteredInventory, inventoryReportAdapters,
-                    deriveTemplateBaseDir(), TEMPLATE_GROUP_INVENTORY_STATISTICS_VULNERABILITY, reportContext);
+                    TEMPLATES_BASE_DIR, TEMPLATE_GROUP_INVENTORY_STATISTICS_VULNERABILITY, reportContext);
         }
 
         // all vulnerability-related templates require to generate labels
         if (inventoryVulnerabilityReportEnabled || inventoryVulnerabilityStatisticsReportEnabled) {
             writeReports(projectInventory, filteredInventory, inventoryReportAdapters,
-                    deriveTemplateBaseDir(), TEMPLATE_GROUP_LABELS_VULNERABILITY_ASSESSMENT, reportContext);
+                    TEMPLATES_BASE_DIR, TEMPLATE_GROUP_LABELS_VULNERABILITY_ASSESSMENT, reportContext);
         }
 
         if (inventoryPomEnabled) {
@@ -619,12 +619,12 @@ protected boolean createReport(Inventory globalInventory, Inventory localInvento
 
         if (assetBomReportEnabled) {
             writeReports(projectInventory, filteredInventory, inventoryReportAdapters,
-                    deriveTemplateBaseDir(), TEMPLATE_GROUP_ASSET_REPORT_BOM, reportContext);
+                    TEMPLATES_BASE_DIR, TEMPLATE_GROUP_ASSET_REPORT_BOM, reportContext);
         }
 
         if (assessmentReportEnabled) {
             writeReports(projectInventory, filteredInventory, inventoryReportAdapters,
-                    deriveTemplateBaseDir(), TEMPLATE_GROUP_ASSESSMENT_REPORT, reportContext);
+                    TEMPLATES_BASE_DIR, TEMPLATE_GROUP_ASSESSMENT_REPORT, reportContext);
         }
 
         // evaluate licenses only for managed artifacts
@@ -707,10 +707,6 @@ private InventoryReportAdapters(AssetReportAdapter assetReportAdapter, Vulnerabi
         }
     }
 
-    private String deriveTemplateBaseDir() {
-        return TEMPLATES_BASE_DIR + SEPARATOR_SLASH + getTemplateLanguageSelector();
-    }
-
     protected void writeReports(Inventory projectInventory, Inventory filteredInventory, InventoryReportAdapters report,
                 String templateBaseDir, String templateGroup, ReportContext reportContext) throws IOException {
 
@@ -749,6 +745,9 @@ private void produceDita(Inventory projectInventory, Inventory filteredInventory
         final Template template = velocityEngine.getTemplate(templateResourcePath);
         final StringWriter sw = new StringWriter();
         final VelocityContext context = new VelocityContext();
+        final ReportUtils reportUtils = new ReportUtils();
+        reportUtils.setLang(templateLanguageSelector);
+        reportUtils.setContext(context);
 
         // regarding the report we only use the filtered inventory for the time being
         context.put("inventory", filteredInventory);
@@ -759,7 +758,7 @@ private void produceDita(Inventory projectInventory, Inventory filteredInventory
         context.put("report", this);
         context.put("StringEscapeUtils", org.apache.commons.lang.StringEscapeUtils.class);
         context.put("RegExUtils", RegExUtils.class);
-        context.put("utils", new ReportUtils());
+        context.put("utils", reportUtils);
 
         context.put("Double", Double.class);
         context.put("Float", Float.class);
@@ -993,7 +992,7 @@ protected void writeDiffReport(Inventory referenceInventory, Inventory projectIn
                 new AssessmentReportAdapter(baseFilteredInventory, securityPolicy),
                 new InventoryReportAdapter(baseFilteredInventory));
 
-        writeReports(baseFilteredInventory, filteredInventory, inventoryReportAdapters, deriveTemplateBaseDir(), TEMPLATE_GROUP_INVENTORY_REPORT_DIFF, reportContext);
+        writeReports(baseFilteredInventory, filteredInventory, inventoryReportAdapters, TEMPLATES_BASE_DIR, TEMPLATE_GROUP_INVENTORY_REPORT_DIFF, reportContext);
     }
 
     /**

diff --git a/...y-processor/src/main/java/org/metaeffekt/core/inventory/processor/report/ReportUtils.java b/...y-processor/src/main/java/org/metaeffekt/core/inventory/processor/report/ReportUtils.java
@@ -15,17 +15,50 @@
  */
 package org.metaeffekt.core.inventory.processor.report;
 
+import lombok.Setter;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.Velocity;
+import org.apache.xmlbeans.impl.schema.PathResourceLoader;
 import org.metaeffekt.core.inventory.InventoryUtils;
 import org.metaeffekt.core.inventory.processor.model.Artifact;
 import org.metaeffekt.core.inventory.processor.model.AssetMetaData;
 import org.metaeffekt.core.inventory.processor.model.Inventory;
 
+import java.io.*;
 import java.util.*;
 import java.util.stream.Collectors;
 
 public class ReportUtils {
 
+    @Setter
+    private VelocityContext context;
+
+    private Properties languageProperties;
+
+    /**
+     * It is recommended to use Locale.getLanguage().toString() as those abbreviations are used in the
+     * getLanguagePropertyFile() method and as the property file names.
+     */
+    private String lang;
+
+    public void setLang(String lang) {
+        this.lang = lang;
+        Properties props = new Properties();
+        InputStream inputStream = this.getClass()
+                .getClassLoader()
+                .getResourceAsStream("META-INF/templates/lang/" + lang + ".properties");
+
+        try {
+            if (inputStream != null) {
+                props.load(inputStream);
+                languageProperties = props;
+            }
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
     public boolean isEmpty(String value) {
         return !StringUtils.isNotBlank(value);
     }
@@ -70,8 +103,26 @@ public Set<AssetMetaData> getAssetsForArtifacts(List<Artifact> artifacts, Invent
             }
         }
 
-        // return empty set
+
         return Collections.emptySet();
     }
 
+    public String getText(String key) {
+        String value = languageProperties.get(key).toString();
+        if (StringUtils.isNotBlank(value)) {
+            return evaluate(value);
+        }
+        return "";
+    }
+
+    // TODO: Manually evaluate how expensive this operation is compared to previous report iterations.
+    public String evaluate(String template) {
+        StringWriter writer = new StringWriter();
+        try {
+            Velocity.evaluate(context, writer, "TemplateEval", new StringReader(template));
+        } catch ( Exception e ) {
+            throw new RuntimeException(e);
+        }
+        return writer.toString();
+    }
 }
diff --git a/...ocessor/src/main/java/org/metaeffekt/core/inventory/processor/report/model/AssetData.java b/...ocessor/src/main/java/org/metaeffekt/core/inventory/processor/report/model/AssetData.java
@@ -56,7 +56,7 @@ public class AssetData {
     public static AssetData fromInventory(Inventory filteredInventory) {
         AssetData assetData = new AssetData();
 
-        final Map<AssetMetaData, Set<Artifact>> assetMetaDataToArtifactsMap = assetData.buildAssetToArtifactMap(filteredInventory);
+        final Map<AssetMetaData, Set<Artifact>> assetMetaDataToArtifactsMap = InventoryUtils.buildAssetToArtifactMap(filteredInventory);
 
         assetData.insertData(filteredInventory, assetMetaDataToArtifactsMap);
 
@@ -148,34 +148,6 @@ private String evaluateRepresentedAs(String associatedLicense, LicenseData licen
         return representedAs;
     }
 
-    private Map<AssetMetaData, Set<Artifact>> buildAssetToArtifactMap(Inventory filteredInventory) {
-        final Map<AssetMetaData, Set<Artifact>> assetMetaDataToArtifactsMap = new HashMap<>();
-
-        // the report only operates on the specified assets (these may be filtered for the use case)
-        for (AssetMetaData assetMetaData : filteredInventory.getAssetMetaData()) {
-
-            final String assetId = assetMetaData.get(AssetMetaData.Attribute.ASSET_ID);
-
-            if (!StringUtils.isNotBlank(assetId)) continue;
-
-            // derive licenses from artifacts
-            for (Artifact artifact : filteredInventory.getArtifacts()) {
-                // skip all artifacts that do not belong to an asset
-                final boolean containedInAsset = StringUtils.isNotBlank(artifact.get(assetId));
-                if (containedInAsset) {
-                    assetMetaDataToArtifactsMap.computeIfAbsent(assetMetaData, c -> new HashSet<>()).add(artifact);
-                } else {
-                    // check via asset id; if artifact id matches asset id; add
-                    final String artifactAssetId = InventoryUtils.deriveAssetIdFromArtifact(artifact);
-                    if (assetId.equals(artifactAssetId)) {
-                        assetMetaDataToArtifactsMap.computeIfAbsent(assetMetaData, c -> new HashSet<>()).add(artifact);
-                    }
-                }
-            }
-        }
-        return assetMetaDataToArtifactsMap;
-    }
-
     private AssetLicenseData createAssetLicenseData(AssetMetaData assetMetaData, Set<String> assetAssociatedLicenses) {
         final String assetId = assetMetaData.get(AssetMetaData.Attribute.ASSET_ID);
         final String assetName = assetMetaData.getAlternatives("Name", "Machine Tag", "Repository", "Repo");

diff --git a/...nnex-bookmap/map_annex-bookmap.ditamap.vt → ...nnex-bookmap/map_annex-bookmap.ditamap.vt b/...nnex-bookmap/map_annex-bookmap.ditamap.vt → ...nnex-bookmap/map_annex-bookmap.ditamap.vt
diff --git a/...ssment-report/macros/assessment-report.vm → ...ssment-report/macros/assessment-report.vm b/...ssment-report/macros/assessment-report.vm → ...ssment-report/macros/assessment-report.vm
@@ -14,7 +14,7 @@
 #set ($assetGroupDisplayName = $group.assetGroupDisplayName)
 #set ($assetGroupAsXmlId = $group.assetGroupAsXmlId)
 <table id="${id}-${assetGroupAsXmlId}">
-    <title>Asset Group <i>$assetGroupDisplayName</i></title>
+    <title>$utils.getText("general.short.asset-group") <i>$assetGroupDisplayName</i></title>
     <tgroup cols="8">
         <colspec colname="COLSPEC0" colnum="1" colwidth="27*"/>
         <colspec colname="COLSPEC1" colnum="2" colwidth="11*"/>
@@ -26,14 +26,14 @@
         <colspec colname="COLSPEC7" colnum="8" colwidth="9*"/>
         <thead>
         <row>
-            <entry colname="COLSPEC0" valign="middle"><p>Asset Name</p></entry>
+            <entry colname="COLSPEC0" valign="middle"><p>$utils.getText("general.short.asset-name")</p></entry>
             <entry colname="COLSPEC1" valign="middle">#labelRef("Critical")</entry>
             <entry colname="COLSPEC2" valign="middle">#labelRef("High")</entry>
             <entry colname="COLSPEC3" valign="middle">#labelRef("Medium")</entry>
             <entry colname="COLSPEC4" valign="middle">#labelRef("Low")</entry>
             <entry colname="COLSPEC5" valign="middle">#labelRef("None")</entry>
-            <entry colname="COLSPEC6" valign="middle"><p>Total</p></entry>
-            <entry colname="COLSPEC7" valign="middle"><p>Assessed</p></entry>
+            <entry colname="COLSPEC6" valign="middle"><p>$utils.getText("general.short.total")</p></entry>
+            <entry colname="COLSPEC7" valign="middle"><p>$utils.getText("general.short.assessed")</p></entry>
         </row>
         </thead>
 

diff --git a/...urces/META-INF/templates/assessment-report/tpc_asset-assessment-overview-modified.dita.vt b/...urces/META-INF/templates/assessment-report/tpc_asset-assessment-overview-modified.dita.vt
@@ -0,0 +1,24 @@
+## load macros from other files
+#parse("META-INF/templates/labels-vulnerability-assessment/macros/labels.vm")
+#parse("META-INF/templates/assessment-report/macros/assessment-report.vm")
+##
+## main template content
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "http://docs.oasis-open.org/dita/v1.1/OS/dtd/topic.dtd">
+<topic id="tpc_asset-assessment-overview-modified-$reportContext.id">
+    <title>$reportContext.combinedTitle($utils.getText("assessment-report.short.effective-vuln-by-asset"), true)</title>
+##
+    #set($assets = $assessmentReportAdapter.getAssets())
+
+##
+
+    <body>
+        #if ($assets.isEmpty)
+        $utils.getText("general.assets-empty")
+        #else
+            <p>$utils.getText("assessment-report.vuln-table-descr")</p>
+            <p>$utils.getText("assessment-report.vuln-table-descr-modified")</p>
+            #assetAssessmentSummary("asset-assessment-summary-effective", $assets, true)
+        #end
+    </body>
+</topic>
diff --git a/...ces/META-INF/templates/assessment-report/tpc_asset-assessment-overview-unmodified.dita.vt b/...ces/META-INF/templates/assessment-report/tpc_asset-assessment-overview-unmodified.dita.vt
@@ -0,0 +1,24 @@
+## load macros from other files
+#parse("META-INF/templates/labels-vulnerability-assessment/macros/labels.vm")
+#parse("META-INF/templates/assessment-report/macros/assessment-report.vm")
+##
+## main template content
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "http://docs.oasis-open.org/dita/v1.1/OS/dtd/topic.dtd">
+<topic id="tpc_asset-assessment-overview-$reportContext.id">
+    <title>$reportContext.combinedTitle($utils.getText("assessment-report.short.associated-vuln-by-asset"), true)</title>
+##
+    #set($assets = $assessmentReportAdapter.getAssets())
+
+
+    ##
+    <body>
+        #if ($assets.isEmpty)
+            $utils.getText("general.assets-empty")
+        #else
+        <p>$utils.getText("assessment-report.vuln-table-descr")</p>
+        <p>$utils.getText("assessment-report.vuln-table-descr-unmodified")</p>
+            #assetAssessmentSummary("asset-assessment-summary-associated", $assets, false)
+        #end
+    </body>
+</topic>
diff --git a/...set-report-bom/asset-report.properties.vt → ...set-report-bom/asset-report.properties.vt b/...set-report-bom/asset-report.properties.vt → ...set-report-bom/asset-report.properties.vt
diff --git a/...rt-bom/macros/tpc_inventory-asset-info.vm → ...rt-bom/macros/tpc_inventory-asset-info.vm b/...rt-bom/macros/tpc_inventory-asset-info.vm → ...rt-bom/macros/tpc_inventory-asset-info.vm
@@ -4,9 +4,7 @@
 #macro(containedComponentsTable $artifacts)
     #if ($artifacts.size() > 0)
 
-    <p>
-        Listed below are all components containing vulnerabilities which are associated with this asset.
-    </p>
+    <p>$utils.getText("asset-report-bom.contained-components-table")</p>
 
         <table>
         <tgroup cols="3">
@@ -45,6 +43,6 @@
         </tgroup>
     </table>
     #else
-        There are no components contained in this asset.
+        $utils.getText("general.no-affected-components")
     #end
 #end