Filter fixable

.gitignore

@@ -32,3 +32,6 @@ buildNumber.properties
 **/out/
 **/.idea_modules/
 *.iml
+
+
+src/it/.DS_Store

src/it/non-fixable-issues-module/pom.xml

@@ -0,0 +1,47 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+
+ <groupId>io.snyk.example</groupId>
+ <artifactId>non-fixable-issues-module</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ <packaging>jar</packaging>
+
+ <name>non fixable issues module</name>
+
+ <properties>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>2.0</version>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>io.snyk</groupId>
+ <artifactId>snyk-maven-plugin</artifactId>
+ <version>${snyk.maven.plugin.version}</version>
+ <executions>
+ <execution>
+ <phase>test</phase>
+ <goals>
+ <goal>test</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <apiToken>${env.SNYK_API_TOKEN}</apiToken>
+ <endpoint>${env.SNYK_API_ENDPOINT}</endpoint>
+ <failOnSeverity>low</failOnSeverity>
+ <onlyFailFixable>true</onlyFailFixable>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+</project>

src/it/non-fixable-issues-module/verify.bsh

@@ -0,0 +1,14 @@
+/*
+ * verifying that the non-fixable-issues-module integration test runs as expected
+ */
+
+import java.io.*;
+import org.codehaus.plexus.util.*;
+
+String log = FileUtils.fileRead( new File( basedir, "build.log" ) );
+
+if(!log.contains("/SNYK-JAVA-COMMONSHTTPCLIENT-31660")) {
+ throw new Exception("Missing Vulnerability 'SNYK-JAVA-COMMONSHTTPCLIENT-31660' ");
+}
+
+return true;

src/main/java/io/snyk/maven/plugins/SnykTest.java

@@ -79,6 +79,9 @@ public class SnykTest extends AbstractMojo {
  @Parameter
  private boolean failOnAuthError = false;
 
+ @Parameter
+ private boolean onlyFailFixable = false;
+
  @Parameter(property = "snyk.skip")
  private boolean skip;
 
@@ -262,15 +265,17 @@ private void processVulns(JSONObject responseJson) throws MojoFailureException {
  HashSet<String> vulnIdSet = new HashSet<String>();
 
  JSONArray vulns = (JSONArray)responseJson.get("vulnerabilities");
- int highestSeverity = SEVERITY_LOW;
+ int highestSeverity = Integer.MIN_VALUE;
 
  Iterator<JSONObject> iterator = vulns.iterator();
  while (iterator.hasNext()) {
  JSONObject vuln = iterator.next();
  vulnIdSet.add((String)vuln.get("id"));
  Integer severityInt = severityMap.get(vuln.get("severity"));
- if(severityInt != null && severityInt > highestSeverity) {
- highestSeverity = severityInt;
+ if (!onlyFailFixable || (onlyFailFixable && isIssueFixable(vuln))) {
+ if (severityInt != null && severityInt > highestSeverity) {
+ highestSeverity = severityInt;
+ }
  }
  printVuln(vuln);
  }
@@ -292,6 +297,17 @@ private void processVulns(JSONObject responseJson) throws MojoFailureException {
  }
  }
 
+ private boolean isIssueFixable(JSONObject vuln) {
+ boolean upgradable =
+ (vuln.get("isUpgradable") != null && (boolean) vuln.get("isUpgradable"));
+ boolean fixable = false;
+ if (vuln.get("fixedIn") != null) {
+ JSONArray fixedIn = (JSONArray) vuln.get("fixedIn");
+ fixable = (!fixedIn.isEmpty());
+ }
+ return upgradable || fixable;
+ }
+
  /**
  * print a single vuln to the build log
  * @param vuln a JSON object containing a single vuln