hyades-apiserver/apiserver/src/main/java/org/dependencytrack/resources/v2/MetricsResource.java at f3e8527d4d723cb41a1f5612f1e78a32810a7067 · DependencyTrack/hyades-apiserver · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
/*
 * This file is part of Dependency-Track.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * SPDX-License-Identifier: Apache-2.0
 * Copyright (c) OWASP Foundation. All Rights Reserved.
 */
package org.dependencytrack.resources.v2;

import alpine.server.auth.PermissionRequired;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.ext.Provider;
import org.dependencytrack.api.v2.MetricsApi;
import org.dependencytrack.api.v2.model.ListVulnerabilityMetricsResponse;
import org.dependencytrack.api.v2.model.ListVulnerabilityMetricsResponseItem;
import org.dependencytrack.api.v2.model.PortfolioMetricsResponse;
import org.dependencytrack.auth.Permissions;
import org.dependencytrack.common.pagination.Page;
import org.dependencytrack.model.PortfolioMetrics;
import org.dependencytrack.persistence.jdbi.MetricsDao;
import org.dependencytrack.resources.AbstractApiResource;

import static org.dependencytrack.persistence.jdbi.JdbiFactory.inJdbiTransaction;
import static org.dependencytrack.persistence.jdbi.JdbiFactory.withJdbiHandle;

@Provider
public class MetricsResource extends AbstractApiResource implements MetricsApi {

    @Override
    @PermissionRequired(Permissions.Constants.VIEW_PORTFOLIO)
    public Response getPortfolioCurrentMetrics() {
        PortfolioMetrics metrics = withJdbiHandle(
                getAlpineRequest(),
                handle -> handle.attach(MetricsDao.class).getMostRecentPortfolioMetrics());
        final var response = PortfolioMetricsResponse.builder()
                .components(metrics.getComponents())
                .critical(metrics.getCritical())
                .findingsAudited(metrics.getFindingsAudited())
                .findingsTotal(metrics.getFindingsTotal())
                .findingsUnaudited(metrics.getFindingsUnaudited())
                .high(metrics.getHigh())
                .inheritedRiskScore(metrics.getInheritedRiskScore())
                .observedAt(metrics.getLastOccurrence().getTime())
                .low(metrics.getLow())
                .medium(metrics.getMedium())
                .policyViolationsAudited(metrics.getPolicyViolationsAudited())
                .policyViolationsFail(metrics.getPolicyViolationsFail())
                .policyViolationsInfo(metrics.getPolicyViolationsInfo())
                .policyViolationsLicenseAudited(metrics.getPolicyViolationsLicenseAudited())
                .policyViolationsLicenseTotal(metrics.getPolicyViolationsLicenseTotal())
                .policyViolationsLicenseUnaudited(metrics.getPolicyViolationsLicenseUnaudited())
                .policyViolationsOperationalAudited(metrics.getPolicyViolationsOperationalAudited())
                .policyViolationsOperationalTotal(metrics.getPolicyViolationsOperationalTotal())
                .policyViolationsOperationalUnaudited(metrics.getPolicyViolationsOperationalUnaudited())
                .policyViolationsSecurityAudited(metrics.getPolicyViolationsSecurityAudited())
                .policyViolationsSecurityTotal(metrics.getPolicyViolationsSecurityTotal())
                .policyViolationsSecurityUnaudited(metrics.getPolicyViolationsSecurityUnaudited())
                .policyViolationsTotal(metrics.getPolicyViolationsTotal())
                .policyViolationsUnaudited(metrics.getPolicyViolationsUnaudited())
                .policyViolationsWarn(metrics.getPolicyViolationsWarn())
                .projects(metrics.getProjects())
                .suppressed(metrics.getSuppressed())
                .unassigned(metrics.getUnassigned())
                .vulnerabilities(metrics.getVulnerabilities())
                .vulnerableComponents(metrics.getVulnerableComponents())
                .vulnerableProjects(metrics.getVulnerableProjects())
                .build();
        return Response.ok(response).build();
    }

    @Override
    @PermissionRequired(Permissions.Constants.VIEW_PORTFOLIO)
    public Response getVulnerabilityMetrics(Integer limit, String pageToken) {
        final Page<MetricsDao.ListVulnerabilityMetricsRow> metricsPage = inJdbiTransaction(
                getAlpineRequest(),
                handle -> handle.attach(MetricsDao.class).getVulnerabilityMetrics(limit, pageToken));

        final var response = ListVulnerabilityMetricsResponse.builder()
                .items(metricsPage.items().stream()
                        .<ListVulnerabilityMetricsResponseItem>map(
                                metricRow -> ListVulnerabilityMetricsResponseItem.builder()
                                        .year(metricRow.year())
                                        .month(metricRow.month())
                                        .count(metricRow.count())
                                        .observedAt(metricRow.measuredAt().getEpochSecond())
                                        .build())
                        .toList())
                .nextPageToken(metricsPage.nextPageToken())
                .total(convertTotalCount(metricsPage.totalCount()))
                .build();

        return Response.ok(response).build();
    }
}