Vulnerability Findings API

Author: maddymanu

src/main/java/org/gitlab4j/api/Constants.java

@@ -308,6 +308,90 @@ public String toString() {
         }
     }
 
+    /** Enum to use for specifying the report_type when calling the vulnerability findings api. */
+    public enum VulnerabilityFindingReportType {
+
+        SAST, DAST, DEPENDENCY_SCANNING, CONTAINER_SCANNING;
+
+        private static JacksonJsonEnumHelper<VulnerabilityFindingReportType> enumHelper = new JacksonJsonEnumHelper<>(VulnerabilityFindingReportType.class);
+
+        @JsonCreator
+        public static VulnerabilityFindingReportType forValue(String value) { return enumHelper.forValue(value); }
+
+        @JsonValue
+        public String toValue() {
+            return (enumHelper.toString(this));
+        }
+
+        @Override
+        public String toString() {
+            return (enumHelper.toString(this));
+        }
+    }
+
+    /** Enum to use for specifying the scope when calling the vulnerability findings api. */
+    public enum VulnerabilityFindingScope {
+
+        ALL, DISMISSED;
+
+        private static JacksonJsonEnumHelper<VulnerabilityFindingScope> enumHelper = new JacksonJsonEnumHelper<>(VulnerabilityFindingScope.class);
+
+        @JsonCreator
+        public static VulnerabilityFindingScope forValue(String value) { return enumHelper.forValue(value); }
+
+        @JsonValue
+        public String toValue() {
+            return (enumHelper.toString(this));
+        }
+
+        @Override
+        public String toString() {
+            return (enumHelper.toString(this));
+        }
+    }
+
+    /** Enum to use for specifying the severity when calling the vulnerability findings api. */
+    public enum VulnerabilityFindingSeverity {
+
+        INFO, LOW, MEDIUM, HIGH, CRITICAL, UNKNOWN;
+
+        private static JacksonJsonEnumHelper<VulnerabilityFindingSeverity> enumHelper = new JacksonJsonEnumHelper<>(VulnerabilityFindingSeverity.class);
+
+        @JsonCreator
+        public static VulnerabilityFindingSeverity forValue(String value) { return enumHelper.forValue(value); }
+
+        @JsonValue
+        public String toValue() {
+            return (enumHelper.toString(this));
+        }
+
+        @Override
+        public String toString() {
+            return (enumHelper.toString(this));
+        }
+    }
+
+    /** Enum to use for specifying the confidence when calling the vulnerability findings api. */
+    public enum VulnerabilityFindingConfidence {
+
+        LOW, MEDIUM, HIGH, CONFIRMED, UNKNOWN, IGNORE, EXPERIMENTAL;
+
+        private static JacksonJsonEnumHelper<VulnerabilityFindingConfidence> enumHelper = new JacksonJsonEnumHelper<>(VulnerabilityFindingConfidence.class);
+
+        @JsonCreator
+        public static VulnerabilityFindingConfidence forValue(String value) { return enumHelper.forValue(value); }
+
+        @JsonValue
+        public String toValue() {
+            return (enumHelper.toString(this));
+        }
+
+        @Override
+        public String toString() {
+            return (enumHelper.toString(this));
+        }
+    }
+
     /** Enum to use for specifying the scope for getMergeRequests methods. */
     public enum MergeRequestScope {
 

src/main/java/org/gitlab4j/api/GitLabApi.java

@@ -92,6 +92,7 @@ public String getApiNamespace() {
     private TagsApi tagsApi;
     private TodosApi todosApi;
     private UserApi userApi;
+    private VulnerabilityFindingsApi vulnerabilityFindingsApi;
     private WikisApi wikisApi;
 
     /**
@@ -1617,6 +1618,23 @@ public UserApi getUserApi() {
         return (userApi);
     }
 
+    /**
+     * Gets the VulnerabilityFindingsApi instance owned by this GitLabApi instance. The VulnerabilityFindingsApi is used to perform all vulnerability scan related API calls.
+     *
+     * @return the VulnerabilityFindingsApi instance owned by this GitLabApi instance
+     */
+    public VulnerabilityFindingsApi getVulnerabilityFindingsApi() {
+        if (vulnerabilityFindingsApi == null) {
+            synchronized (this) {
+                if (vulnerabilityFindingsApi == null) {
+                    vulnerabilityFindingsApi = new VulnerabilityFindingsApi(this);
+                }
+            }
+        }
+
+        return vulnerabilityFindingsApi;
+    }
+
     /**
      * Gets the WikisApi instance owned by this GitLabApi instance. The WikisApi is used to perform all wiki related API calls.
      *

src/main/java/org/gitlab4j/api/VulnerabilityFindingsApi.java

@@ -0,0 +1,24 @@
+package org.gitlab4j.api;
+
+import org.gitlab4j.api.models.VulnerabilityFinding;
+import org.gitlab4j.api.models.VulnerabilityFindingFilter;
+
+import java.util.List;
+
+public class VulnerabilityFindingsApi extends AbstractApi {
+
+    public VulnerabilityFindingsApi(GitLabApi gitLabApi) {
+        super(gitLabApi);
+    }
+
+    public List<VulnerabilityFinding> getVulnerabilityFindings(Object projectId) throws GitLabApiException {
+        return getVulnerabilityFindings(projectId, null, getDefaultPerPage()).all();
+    }
+
+    public Pager<VulnerabilityFinding> getVulnerabilityFindings(Object projectIdOrPath, VulnerabilityFindingFilter filter, int itemsPerPage) throws GitLabApiException {
+        GitLabApiForm formData = (filter != null ? filter.getQueryParams() : new GitLabApiForm());
+
+        return (new Pager<VulnerabilityFinding>(this, VulnerabilityFinding.class, itemsPerPage, formData.asMap(), "projects",
+                getProjectIdOrPath(projectIdOrPath), "vulnerability_findings"));
+    }
+}

src/main/java/org/gitlab4j/api/models/VulnerabilityFinding.java

@@ -0,0 +1,58 @@
+package org.gitlab4j.api.models;
+
+import org.gitlab4j.api.Constants;
+import org.gitlab4j.api.utils.JacksonJson;
+
+public class VulnerabilityFinding {
+
+    private String id;
+    private String name;
+    private Constants.VulnerabilityFindingSeverity severity;
+    private Constants.VulnerabilityFindingConfidence confidence;
+    private Constants.VulnerabilityFindingReportType reportType;
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getId() {
+        return id;
+    }
+
+    public void setId(String id) {
+        this.id = id;
+    }
+
+    public Constants.VulnerabilityFindingReportType getReportType() {
+        return reportType;
+    }
+
+    public void setReportType(Constants.VulnerabilityFindingReportType reportType) {
+        this.reportType = reportType;
+    }
+
+    public Constants.VulnerabilityFindingSeverity getSeverity() {
+        return severity;
+    }
+
+    public void setSeverity(Constants.VulnerabilityFindingSeverity severity) {
+        this.severity = severity;
+    }
+
+    public Constants.VulnerabilityFindingConfidence getConfidence() {
+        return confidence;
+    }
+
+    public void setConfidence(Constants.VulnerabilityFindingConfidence confidence) {
+        this.confidence = confidence;
+    }
+
+    @Override
+    public String toString() {
+        return (JacksonJson.toJsonString(this));
+    }
+}

src/main/java/org/gitlab4j/api/models/VulnerabilityFindingFilter.java

@@ -0,0 +1,55 @@
+package org.gitlab4j.api.models;
+
+import java.util.List;
+import java.util.stream.Collectors;
+
+import org.gitlab4j.api.Constants;
+import org.gitlab4j.api.GitLabApiForm;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+/**
+ * This class is used to filter vulnerability findings when getting lists of them.
+ */
+public class VulnerabilityFindingFilter {
+
+    private List<Constants.VulnerabilityFindingReportType> reportTypes;
+    private List<Constants.VulnerabilityFindingSeverity> severity;
+    private List<Constants.VulnerabilityFindingConfidence> confidence;
+    private Constants.VulnerabilityFindingScope scope;
+
+
+    @JsonIgnore
+    public GitLabApiForm getQueryParams(int page, int perPage) {
+        return (getQueryParams()
+                .withParam(Constants.PAGE_PARAM, page)
+                .withParam(Constants.PER_PAGE_PARAM, perPage));
+    }
+
+
+    @JsonIgnore
+    public GitLabApiForm getQueryParams() {
+        return (new GitLabApiForm()
+                .withParam("report_type", (reportTypes != null ? String.join(",", reportTypes.stream().map(Constants.VulnerabilityFindingReportType::toString).collect(Collectors.toList())) : null))
+                .withParam("severity", (severity != null ? String.join(",", severity.stream().map(Constants.VulnerabilityFindingSeverity::toString).collect(Collectors.toList())) : null))
+                .withParam("confidence", (confidence != null ? String.join(",", confidence.stream().map(Constants.VulnerabilityFindingConfidence::toString).collect(Collectors.toList())) : null))
+                .withParam("scope", scope)
+        );
+    }
+
+    public void setReportTypes(List<Constants.VulnerabilityFindingReportType> reportTypes) {
+        this.reportTypes = reportTypes;
+    }
+
+    public void setSeverity(List<Constants.VulnerabilityFindingSeverity> severity) {
+        this.severity = severity;
+    }
+
+    public void setConfidence(List<Constants.VulnerabilityFindingConfidence> confidence) {
+        this.confidence = confidence;
+    }
+
+    public void setScope(Constants.VulnerabilityFindingScope scope) {
+        this.scope = scope;
+    }
+}