search

devonfw / ide

Tool to automate setup and update of development environment (esp. for Java projects).
Apache License 2.0
33 stars 102 forks source link

Fix intellij edition urls folder and edition name conflict for CVE's #1378

Open jan-vcapgemini opened 4 months ago

jan-vcapgemini commented 4 months ago

Expected behavior

As an intellij urls user I expect that the edition folder name is community. Currently we use intellij as the folder name for the edition of intellij and getEdition returns community, only to get the correct edition from the json of Jetbrains for determining the version for the edition.

This results in a name clash within a check for url updaters, as folder names in urls do not fit to the edition name in this special case. I've created an ugly workaround for this in my current PR, as using just the getCpeEdition method could result in possible other naming clashes with the CVE database.

Actual behavior

/**
   * Retrieves the {@link AbstractUrlUpdater updater} that matches the given tool and edition.
   *
   * @param tool the tool to retrieve the updater for.
   * @param edition the edition to retrieve the updater for.
   * @return the {@link AbstractUrlUpdater updater} that matches the given tool and edition.
   */
  public AbstractUrlUpdater retrieveUrlUpdater(String tool, String edition) {

    for (AbstractUrlUpdater updater : updaters) {
      if (updater.getTool().equals(tool) && updater.getEdition().equals(edition)) {
        return updater;
      }
    }
    return null;
  }

Here getEdition() will yield: "community" but the provided edition will be "intellij" as the folder name for the edition in urls was changed from "community" to "intellij".

vs

/**
   * Retrieves the {@link AbstractUrlUpdater updater} that matches the given tool and edition.
   *
   * @param tool the tool to retrieve the updater for.
   * @param edition the edition to retrieve the updater for.
   * @return the {@link AbstractUrlUpdater updater} that matches the given tool and edition.
   */
  public AbstractUrlUpdater retrieveUrlUpdater(String tool, String edition) {

    for (AbstractUrlUpdater updater : updaters) {
      if (updater.getTool().equals(tool) && updater.getCpeEdition().equals(edition)) {
        return updater;
      }
    }
    return null;
  }

Here the getCpeEdition would not fit as it might have to be changed for other tools.

Steps to reproduce (bug) / Use Case of feature request (enhancement)

  1. See example and TODO in code.

Related/Dependent Issues

Comments/Hints:

Affected version:

hohwille commented 3 months ago

As an intellij urls user I expect that the edition folder name is community. Currently we use intellij as the folder name for the edition of intellij and getEdition returns community, only to get the correct edition from the json of Jetbrains for determining the version for the edition.

This issue is a simple missunderstanding. For editions there was an explicit design decision to end the hacks and quirks with tool specific edition defaults and align the forever to get consistency: https://github.com/devonfw/ide/issues/1088

So in other words: For every tool «tool» there is always an edition with the same name «tool» and that is the default. The only excuse is docker where the docker edition is DockerDesktop what requires a license so the default is rancher.

There is no bug in IDEasy yet about this. The bug is in the new PR #CVE https://github.com/devonfw/ide-urls/tree/master/intellij