foss-vuln-tracker/molerat/src/main/java/it/unitn/molerat/repos/trackers/vuln/DeletionVulnerabilityEvidenceTracker.java

package it.unitn.molerat.repos.trackers.vuln;

import it.unitn.molerat.evidence.Changes;
import it.unitn.molerat.evidence.VulnerabilityEvidence;
import it.unitn.molerat.repos.wrappers.RepoWrapper;

import java.util.HashSet;
import java.util.Map;
import java.util.Set;

public class DeletionVulnerabilityEvidenceTracker extends VulnerabilityEvidenceTracker {

    public DeletionVulnerabilityEvidenceTracker(RepoWrapper wrapper, String fixedRev) throws Exception {
       super(wrapper, fixedRev);
    }

    @Override
    protected Set<VulnerabilityEvidence> getInitialVulnerabilityEvidence(Changes changes) throws Exception {
        return this.recordVulnerabilityEvidence(changes.getDeletions(), changes);
    }

    @Override
    protected Set<VulnerabilityEvidence> getVulnerabilityEvidence(String currentEvidenceCommit, String previousEvidenceCommit, Set<Changes> changes) throws Exception {
        Set<VulnerabilityEvidence> newEvidences = new HashSet<>();
        Set<VulnerabilityEvidence> previousEvidences = getEvidences(previousEvidenceCommit);

        Set<VulnerabilityEvidence> changedEvidence = new HashSet<>();
        Set<Changes> changesToProcess = new HashSet<>();
        Set<VulnerabilityEvidence> stillEvidence = new HashSet<>();

        // filter non-Java files
        changes = filterNonJavaChanges(changes);

        if (previousEvidences == null) {
            return newEvidences;
        }

        for (VulnerabilityEvidence previousEvidence : previousEvidences) {
            for (Changes change : changes )  {
				// The file has been just renamed
				if (change.wasRenamed()) {
					if (change.getRenamedTo().equals(previousEvidence.getPath())) {
						previousEvidence.setPath(change.getPath());
					}
				}
                // The file has been changed
                else if (previousEvidence.getPath().equals(change.getPath())) {
                    changedEvidence.add(previousEvidence);
                    changesToProcess.add(change);
                }
            }
        }

        stillEvidence.addAll(previousEvidences);
        stillEvidence.removeAll(changedEvidence);

        // "Refresh" the molerat.evidence when a file was not changed
        for (VulnerabilityEvidence e : stillEvidence) {
            VulnerabilityEvidence newEvidence = new VulnerabilityEvidence(
                    e.getPath(),
                    currentEvidenceCommit,
                    e.getContainer(),
                    e.getLineNumber(),
                    e.getLineContents()
            );
            newEvidences.add(newEvidence);
        }

        ////////////////////////////////////////////////////////////////////////////////////////////////////////////////
        // "Triage" the molerat.evidence when a file was changed
        for (Changes change : changesToProcess) {
            Set<VulnerabilityEvidence> retain = new HashSet<>();
            for (VulnerabilityEvidence e : changedEvidence) {
                if (e.getPath().equals(change.getPath())) {
                    retain.add(e);
                }
            }
            Map<Integer, String> linesToKeep = this.updateChangedLines(
                    change.getPath(),
                    change.getLeftRevision(),
                    change.getRightRevision(),
                    retain,
                    change
            );
            if (linesToKeep != null) {
                newEvidences.addAll(this.recordVulnerabilityEvidence(linesToKeep, change));
            }
        }
		////////////////////////////////////////////////////////////////////////////////////////////////////////////////
        return newEvidences;
    }
}