0.144.x Branch PR

inventory/pom.xml

@@ -11,7 +11,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-core-plugin-management-pom</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../poms/ae-core-plugin-management-pom</relativePath>
     </parent>
 

libraries/ae-common-kernel/pom.xml

@@ -13,7 +13,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-libraries</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

libraries/ae-container-control/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-libraries</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

libraries/ae-inspect-reader/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-libraries</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

libraries/ae-inventory-processor/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-libraries</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

libraries/ae-inventory-processor/src/main/java/org/metaeffekt/core/inventory/processor/report/model/aeaa/AeaaInventoryAttribute.java

@@ -17,6 +17,7 @@
 
 import org.metaeffekt.core.inventory.processor.model.AbstractModelBase;
 import org.metaeffekt.core.inventory.processor.report.model.aeaa.eol.export.AeaaExportedCycleState;
+import org.metaeffekt.core.inventory.processor.report.model.aeaa.score.AeaaCvssConditionAttributes;
 
 /**
  * Mirrors structure of <code>com.metaeffekt.artifact.analysis.vulnerability.enrichment.AeaaInventoryAttribute</code>
@@ -100,7 +101,15 @@ public enum AeaaInventoryAttribute implements AbstractModelBase.Attribute {
     ADVISOR_OSV_GHSA_REVIEWED_DATE("GHSA Reviewed Date"),
     NVD_EQUIVALENT("NVD Equivalent"),
     NVD_EQUIVALENT_ADVISORIES("NVD Equivalent Advisories"),
-    ;
+    /**
+     * Stores a JSON Object of arbitrary data which may be used to evaluate the applicability condition of CVSS vectors in {@code com.metaeffekt.mirror.contents.vulnerability.Vulnerability.isCvssVectorApplicable()}.
+     * <p>
+     * Currently known uses of this are:
+     * <ul>
+     *     <li> Stores the {@link AeaaInventoryAttribute#MS_PRODUCT_ID}s of referenced artifacts as a JSON Array using the {@link AeaaCvssConditionAttributes#MATCHES_ON_MS_PRODUCT_ID} key.</li>
+     * </ul>
+     */
+    CVSS_APPLICABILITY_CONDITION_ATTRIBUTES("CVSS Applicability Condition Attributes");
 
     private final String key;
 

libraries/ae-inventory-processor/src/main/java/org/metaeffekt/core/inventory/processor/report/model/aeaa/AeaaVulnerability.java

@@ -554,15 +554,23 @@ protected boolean isCvssVectorApplicable(JSONObject applicabilityCondition) {
             final List<String> findMsProductIds = ((JSONArray) findMsProductIdsObj).toList().stream().map(String::valueOf).collect(Collectors.toList());
             boolean foundMatchingArtifact = false;
 
-            for (Artifact artifact : this.getAffectedArtifactsByDefaultKey()) {
-                final String msProductId = artifact.get(AeaaInventoryAttribute.MS_PRODUCT_ID);
-                if (msProductId == null) {
-                    continue;
-                }
-                final List<String> artifactMsProductIds = Arrays.asList(msProductId.split(", "));
-                if (artifactMsProductIds.stream().anyMatch(findMsProductIds::contains)) {
+            final JSONArray msCvssApplicabilityConditionAttributes = getAdditionalCvssApplicabilityConditionAttributes().optJSONArray(AeaaCvssConditionAttributes.MATCHES_ON_MS_PRODUCT_ID);
+            if (msCvssApplicabilityConditionAttributes != null) {
+                if (msCvssApplicabilityConditionAttributes.toList().stream().map(Object::toString).anyMatch(findMsProductIds::contains)) {
                     foundMatchingArtifact = true;
-                    break;
+                }
+            }
+
+            if (!foundMatchingArtifact) {
+                for (Artifact artifact : this.getAffectedArtifactsByDefaultKey()) {
+                    String data = artifact.get(AeaaInventoryAttribute.MS_PRODUCT_ID);
+
+                    final Set<String> artifactMsProductIds = StringUtils.hasText(data) ? new HashSet<>(Arrays.asList(data.split(", ?"))) : new HashSet<>();
+
+                    if (artifactMsProductIds.stream().anyMatch(findMsProductIds::contains)) {
+                        foundMatchingArtifact = true;
+                        break;
+                    }
                 }
             }
 
@@ -578,6 +586,12 @@ protected boolean isCvssVectorApplicable(JSONObject applicabilityCondition) {
         return true;
     }
 
+    public JSONObject getAdditionalCvssApplicabilityConditionAttributes() {
+        final String cvssConditions = this.getAdditionalAttribute(AeaaInventoryAttribute.CVSS_APPLICABILITY_CONDITION_ATTRIBUTES);
+        if (StringUtils.isEmpty(cvssConditions)) return new JSONObject();
+        return new JSONObject(cvssConditions);
+    }
+
     public CvssSelectionResult selectEffectiveCvssVectors(CvssVectorSet cvssVectorSet, CvssSelector baseSelector, CvssSelector effectiveSelector, List<CvssScoreVersionSelectionPolicy> versionSelectionPolicy) {
         return new CvssSelectionResult(
                 cvssVectorSet,

libraries/ae-maven-kernel/pom.xml

@@ -11,7 +11,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-libraries</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

libraries/ae-security/pom.xml

@@ -12,7 +12,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-libraries</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

libraries/ae-system-analysis-scripts/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-libraries</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

libraries/ae-test-common/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-libraries</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
     </parent>
 
     <artifactId>ae-test-common</artifactId>

libraries/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-core-plugin-management-pom</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../poms/ae-core-plugin-management-pom</relativePath>
     </parent>
 

modules/ae-common-content/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-modules</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

modules/ae-commons-annotation/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-modules</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

modules/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-core-plugin-management-pom</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../poms/ae-core-plugin-management-pom</relativePath>
     </parent>
 

plugins/ae-api-compile-maven-plugin/pom.xml

@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-plugins</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

plugins/ae-api-publish-maven-plugin/pom.xml

@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-plugins</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

plugins/ae-artifact-publish-maven-plugin/pom.xml

@@ -8,7 +8,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-plugins</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

plugins/ae-dependency-analysis-plugin/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-plugins</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../</relativePath>
     </parent>
 

plugins/ae-inventory-maven-plugin/pom.xml

@@ -12,7 +12,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-plugins</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

plugins/ae-inventory-maven-plugin/src/it/TestPomReport/pom.xml

@@ -6,11 +6,11 @@
     <groupId>org.metaeffekt.core</groupId>
     <artifactId>test-pom-report</artifactId>
     <name>${project.artifactId}</name>
-    <version>0.144.2</version>
+    <version>0.144-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <properties>
-        <ae.core.version>0.144.2</ae.core.version>
+        <ae.core.version>0.144-SNAPSHOT</ae.core.version>
     </properties>
 
     <build>

plugins/ae-jira-maven-plugin/pom.xml

@@ -12,7 +12,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-plugins</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

plugins/ae-shell-script-assembler-plugin/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-plugins</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
     </parent>
 
     <artifactId>ae-shell-script-assembler-plugin</artifactId>

plugins/ae-version-maven-plugin/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-plugins</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

plugins/pom.xml

@@ -11,7 +11,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-core-plugin-management-pom</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../poms/ae-core-plugin-management-pom</relativePath>
     </parent>
 

pom.xml

@@ -7,7 +7,7 @@
     <groupId>org.metaeffekt.core</groupId>
     <artifactId>ae-core</artifactId>
     <name>metaeffekt-core</name>
-    <version>0.144.2</version>
+    <version>0.144-SNAPSHOT</version>
     <packaging>pom</packaging>
 
     <description>Core project with fundamental runtime and build support.</description>
@@ -54,7 +54,7 @@
 
         <ae.7zip.bundle.version>0.4.0</ae.7zip.bundle.version>
 
-        <ae.core.version>0.144.2</ae.core.version>
+        <ae.core.version>0.144-SNAPSHOT</ae.core.version>
         <ae.core.version_last>${ae.core.version}</ae.core.version_last>
 
         <artifact.inventory.version>${ae.core.version}</artifact.inventory.version>

poms/ae-core-dependency-management-pom/ae-core-modules-dependency-management-pom/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-core-dependency-management-pom</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

poms/ae-core-dependency-management-pom/ae-core-plugin-dependency-management-pom/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-core-dependency-management-pom</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

poms/ae-core-dependency-management-pom/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-core-poms</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

poms/ae-core-plugin-management-pom/pom.xml

@@ -11,14 +11,14 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-core-poms</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
     <properties>
         <header.copyright.year>2024</header.copyright.year>
 
-        <ae.core.version>0.144.2</ae.core.version>
+        <ae.core.version>0.144-SNAPSHOT</ae.core.version>
 
         <artifact.inventory.version>${ae.core.version}</artifact.inventory.version>
         <artifact.inventory.enabled>true</artifact.inventory.enabled>

poms/pom.xml

@@ -13,7 +13,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-core</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

tests/ae-aggregate-sources-module/pom.xml

@@ -11,7 +11,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-core-plugin-management-pom</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../../poms/ae-core-plugin-management-pom</relativePath>
     </parent>
 

tests/ae-attach-asset-metadata-test/pom.xml

@@ -10,7 +10,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-core-plugin-management-pom</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../../poms/ae-core-plugin-management-pom</relativePath>
     </parent>
 

tests/ae-container-validation/pom.xml

@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-core-plugin-management-pom</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../../poms/ae-core-plugin-management-pom</relativePath>
     </parent>
 

tests/ae-example-module/pom.xml

@@ -10,7 +10,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-core-plugin-management-pom</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../../poms/ae-core-plugin-management-pom</relativePath>
     </parent>
 

tests/ae-inventory-container-itest/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>org.metaeffekt.core</groupId>
         <artifactId>ae-core-plugin-management-pom</artifactId>
-        <version>0.144.2</version>
+        <version>0.144-SNAPSHOT</version>
         <relativePath>../../poms/ae-core-plugin-management-pom/pom.xml</relativePath>
     </parent>