[backend] feat: refact processors

Author: savacano28

openaev-api/src/main/java/io/openaev/output_processor/AbstractOutputProcessor.java

@@ -63,9 +63,8 @@ public boolean validate(JsonNode jsonNode) {
    * Convert JSON node to finding value string. Override this method if handler supports findings.
    * Default returns empty string with warning log.
    */
-  @Override
   public String toFindingValue(JsonNode jsonNode) {
-    log.warn("Handler {} does not implement toFindingValue, returning empty string", type);
+    log.debug("Handler {} does not implement toFindingValue, returning empty string", type);
     return "";
   }
 
@@ -74,7 +73,7 @@ public String toFindingValue(JsonNode jsonNode) {
    * returns empty list.
    */
   public List<String> toFindingAssets(JsonNode jsonNode) {
-    log.warn("Handler {} does not implement toFindingAssets, returning an empty list", type);
+    log.debug("Handler {} does not implement toFindingAssets, returning an empty list", type);
     return Collections.emptyList();
   }
 
@@ -83,7 +82,7 @@ public List<String> toFindingAssets(JsonNode jsonNode) {
    * returns empty list.
    */
   public List<String> toFindingUsers(JsonNode jsonNode) {
-    log.warn("Handler {} does not implement toFindingUsers, returning an empty list", type);
+    log.debug("Handler {} does not implement toFindingUsers, returning an empty list", type);
     return Collections.emptyList();
   }
 
@@ -92,11 +91,20 @@ public List<String> toFindingUsers(JsonNode jsonNode) {
    * returns empty list.
    */
   public List<String> toFindingTeams(JsonNode jsonNode) {
-    log.warn("Handler {} does not implement toFindingTeams, returning an empty list", type);
+    log.debug("Handler {} does not implement toFindingTeams, returning an empty list", type);
     return Collections.emptyList();
   }
 
-  // Utility methods
+  // UTILITY methods
+  /**
+   * Builds a string representation from a JSON node.
+   *
+   * <p>If the node is an array, concatenates all elements (with quotes trimmed) separated by
+   * spaces. Otherwise, returns the node's text value with quotes trimmed.
+   *
+   * @param jsonNode the JSON node to process
+   * @return a string representation of the node's value(s)
+   */
   protected String buildString(@NotNull final JsonNode jsonNode) {
     if (jsonNode.isArray()) {
       List<String> values = new ArrayList<>();
@@ -108,6 +116,16 @@ protected String buildString(@NotNull final JsonNode jsonNode) {
     return trimQuotes(jsonNode.asText());
   }
 
+  /**
+   * Builds a string representation from a specific key in a JSON node.
+   *
+   * <p>If the key is missing or null, returns an empty string. Otherwise, delegates to {@link
+   * #buildString(JsonNode)}.
+   *
+   * @param jsonNode the JSON node to process
+   * @param key the key to extract
+   * @return a string representation of the value at the given key, or empty string if not present
+   */
   protected String buildString(@NotNull final JsonNode jsonNode, @NotBlank final String key) {
     JsonNode valueNode = jsonNode.get(key);
     if (valueNode == null || valueNode.isNull()) {
@@ -116,6 +134,12 @@ protected String buildString(@NotNull final JsonNode jsonNode, @NotBlank final S
     return buildString(valueNode);
   }
 
+  /**
+   * Removes leading and trailing quotes from a string value.
+   *
+   * @param value the string to trim
+   * @return the string without leading/trailing quotes
+   */
   protected String trimQuotes(@NotBlank final String value) {
     return value.replaceAll("^\"|\"$", "");
   }

openaev-api/src/main/java/io/openaev/output_processor/AssetOutputProcessor.java

@@ -1,7 +1,10 @@
 package io.openaev.output_processor;
 
+import com.fasterxml.jackson.databind.JsonNode;
 import io.openaev.database.model.ContractOutputTechnicalType;
 import io.openaev.database.model.ContractOutputType;
+import io.openaev.rest.inject.service.ContractOutputContext;
+import io.openaev.rest.inject.service.ExecutionProcessingContext;
 import java.util.List;
 import org.springframework.stereotype.Component;
 
@@ -11,4 +14,14 @@ public class AssetOutputProcessor extends AbstractOutputProcessor {
   public AssetOutputProcessor() {
     super(ContractOutputType.Asset, ContractOutputTechnicalType.Object, List.of(), false);
   }
+
+  @Override
+  public void process(
+      ExecutionProcessingContext ctx,
+      ContractOutputContext contractOutputContext,
+      JsonNode structuredOutputNode) {
+    // The current implementation of the AssetOutputProcessor does not generate findings, but it can
+    // be extended in the future to do so if needed.
+    // For now, it simply validates the input and does not perform any additional processing.
+  }
 }

openaev-api/src/main/java/io/openaev/output_processor/CVEOutputProcessor.java

@@ -4,6 +4,10 @@
 import io.openaev.database.model.ContractOutputField;
 import io.openaev.database.model.ContractOutputTechnicalType;
 import io.openaev.database.model.ContractOutputType;
+import io.openaev.rest.finding.FindingService;
+import io.openaev.rest.inject.service.ContractOutputContext;
+import io.openaev.rest.inject.service.ExecutionProcessingContext;
+import io.openaev.service.InjectExpectationService;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -17,7 +21,11 @@ public class CVEOutputProcessor extends AbstractOutputProcessor {
   private static final String HOST = "host";
   private static final String SEVERITY = "severity";
 
-  public CVEOutputProcessor() {
+  private final FindingService findingService;
+  private final InjectExpectationService injectExpectationService;
+
+  public CVEOutputProcessor(
+      FindingService findingService, InjectExpectationService injectExpectationService) {
     super(
         ContractOutputType.CVE,
         ContractOutputTechnicalType.Object,
@@ -27,14 +35,33 @@ public CVEOutputProcessor() {
             new ContractOutputField(HOST, ContractOutputTechnicalType.Text, true),
             new ContractOutputField(SEVERITY, ContractOutputTechnicalType.Text, true)),
         true);
+    this.findingService = findingService;
+    this.injectExpectationService = injectExpectationService;
   }
 
   @Override
   public boolean validate(JsonNode jsonNode) {
     return jsonNode.hasNonNull(ID) && jsonNode.hasNonNull(HOST) && jsonNode.hasNonNull(SEVERITY);
   }
 
-  // Findings
+  @Override
+  public void process(
+      ExecutionProcessingContext executionContext,
+      ContractOutputContext contractOutputContext,
+      JsonNode structuredOutputNode) {
+    findingService.generateFindings(
+        executionContext,
+        contractOutputContext,
+        structuredOutputNode,
+        this::validate,
+        this::toFindingValue,
+        this::toFindingAssets,
+        this::toFindingTeams,
+        this::toFindingUsers);
+    injectExpectationService.matchesVulnerabilityExpectations(
+        executionContext, structuredOutputNode);
+  }
+
   @Override
   public String toFindingValue(JsonNode jsonNode) {
     return buildString(jsonNode, ID);

openaev-api/src/main/java/io/openaev/output_processor/CredentialsOutputProcessor.java

@@ -4,6 +4,9 @@
 import io.openaev.database.model.ContractOutputField;
 import io.openaev.database.model.ContractOutputTechnicalType;
 import io.openaev.database.model.ContractOutputType;
+import io.openaev.rest.finding.FindingService;
+import io.openaev.rest.inject.service.ContractOutputContext;
+import io.openaev.rest.inject.service.ExecutionProcessingContext;
 import java.util.List;
 import org.springframework.stereotype.Component;
 
@@ -13,21 +16,40 @@ public class CredentialsOutputProcessor extends AbstractOutputProcessor {
   private static final String USERNAME = "username";
   private static final String PASSWORD = "password";
 
-  public CredentialsOutputProcessor() {
+  private final FindingService findingService;
+
+  public CredentialsOutputProcessor(FindingService findingService) {
     super(
         ContractOutputType.Credentials,
         ContractOutputTechnicalType.Object,
         List.of(
             new ContractOutputField(USERNAME, ContractOutputTechnicalType.Text, true),
             new ContractOutputField(PASSWORD, ContractOutputTechnicalType.Text, true)),
         true);
+    this.findingService = findingService;
   }
 
   @Override
   public boolean validate(JsonNode jsonNode) {
     return jsonNode.hasNonNull(USERNAME) && jsonNode.hasNonNull(PASSWORD);
   }
 
+  @Override
+  public void process(
+      ExecutionProcessingContext executionContext,
+      ContractOutputContext contractOutputContext,
+      JsonNode structuredOutputNode) {
+    findingService.generateFindings(
+        executionContext,
+        contractOutputContext,
+        structuredOutputNode,
+        this::validate,
+        this::toFindingValue,
+        this::toFindingAssets,
+        this::toFindingTeams,
+        this::toFindingUsers);
+  }
+
   @Override
   public String toFindingValue(JsonNode jsonNode) {
     String username = buildString(jsonNode, USERNAME);

openaev-api/src/main/java/io/openaev/output_processor/IPv4OutputProcessor.java

@@ -3,6 +3,9 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import io.openaev.database.model.ContractOutputTechnicalType;
 import io.openaev.database.model.ContractOutputType;
+import io.openaev.rest.finding.FindingService;
+import io.openaev.rest.inject.service.ContractOutputContext;
+import io.openaev.rest.inject.service.ExecutionProcessingContext;
 import java.util.List;
 import org.apache.commons.validator.routines.InetAddressValidator;
 import org.springframework.stereotype.Component;
@@ -12,15 +15,34 @@ public class IPv4OutputProcessor extends AbstractOutputProcessor {
 
   private static final InetAddressValidator VALIDATOR = InetAddressValidator.getInstance();
 
-  public IPv4OutputProcessor() {
+  private final FindingService findingService;
+
+  public IPv4OutputProcessor(FindingService findingService) {
     super(ContractOutputType.IPv4, ContractOutputTechnicalType.Text, List.of(), true);
+    this.findingService = findingService;
   }
 
   @Override
   public boolean validate(JsonNode jsonNode) {
     return VALIDATOR.isValidInet4Address(jsonNode.asText());
   }
 
+  @Override
+  public void process(
+      ExecutionProcessingContext executionContext,
+      ContractOutputContext contractOutputContext,
+      JsonNode structuredOutputNode) {
+    findingService.generateFindings(
+        executionContext,
+        contractOutputContext,
+        structuredOutputNode,
+        this::validate,
+        this::toFindingValue,
+        this::toFindingAssets,
+        this::toFindingTeams,
+        this::toFindingUsers);
+  }
+
   @Override
   public String toFindingValue(JsonNode jsonNode) {
     return buildString(jsonNode);

openaev-api/src/main/java/io/openaev/output_processor/IPv6OutputProcessor.java

@@ -3,6 +3,9 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import io.openaev.database.model.ContractOutputTechnicalType;
 import io.openaev.database.model.ContractOutputType;
+import io.openaev.rest.finding.FindingService;
+import io.openaev.rest.inject.service.ContractOutputContext;
+import io.openaev.rest.inject.service.ExecutionProcessingContext;
 import java.util.List;
 import org.apache.commons.validator.routines.InetAddressValidator;
 import org.springframework.stereotype.Component;
@@ -12,15 +15,34 @@ public class IPv6OutputProcessor extends AbstractOutputProcessor {
 
   private static final InetAddressValidator VALIDATOR = InetAddressValidator.getInstance();
 
-  public IPv6OutputProcessor() {
+  private final FindingService findingService;
+
+  public IPv6OutputProcessor(FindingService findingService) {
     super(ContractOutputType.IPv6, ContractOutputTechnicalType.Text, List.of(), true);
+    this.findingService = findingService;
   }
 
   @Override
   public boolean validate(JsonNode jsonNode) {
     return VALIDATOR.isValidInet6Address(jsonNode.asText());
   }
 
+  @Override
+  public void process(
+      ExecutionProcessingContext executionContext,
+      ContractOutputContext contractOutputContext,
+      JsonNode structuredOutputNode) {
+    findingService.generateFindings(
+        executionContext,
+        contractOutputContext,
+        structuredOutputNode,
+        this::validate,
+        this::toFindingValue,
+        this::toFindingAssets,
+        this::toFindingTeams,
+        this::toFindingUsers);
+  }
+
   @Override
   public String toFindingValue(JsonNode jsonNode) {
     return buildString(jsonNode);

openaev-api/src/main/java/io/openaev/output_processor/NumberOutputProcessor.java

@@ -3,18 +3,40 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import io.openaev.database.model.ContractOutputTechnicalType;
 import io.openaev.database.model.ContractOutputType;
+import io.openaev.rest.finding.FindingService;
+import io.openaev.rest.inject.service.ContractOutputContext;
+import io.openaev.rest.inject.service.ExecutionProcessingContext;
 import java.util.List;
 import org.springframework.stereotype.Component;
 
 @Component
 public class NumberOutputProcessor extends AbstractOutputProcessor {
 
-  public NumberOutputProcessor() {
+  private final FindingService findingService;
+
+  public NumberOutputProcessor(FindingService findingService) {
     super(ContractOutputType.Number, ContractOutputTechnicalType.Number, List.of(), true);
+    this.findingService = findingService;
   }
 
   @Override
   public String toFindingValue(JsonNode jsonNode) {
     return buildString(jsonNode);
   }
+
+  @Override
+  public void process(
+      ExecutionProcessingContext executionContext,
+      ContractOutputContext contractOutputContext,
+      JsonNode structuredOutputNode) {
+    findingService.generateFindings(
+        executionContext,
+        contractOutputContext,
+        structuredOutputNode,
+        this::validate,
+        this::toFindingValue,
+        this::toFindingAssets,
+        this::toFindingTeams,
+        this::toFindingUsers);
+  }
 }

openaev-api/src/main/java/io/openaev/output_processor/OutputProcessor.java

@@ -4,6 +4,8 @@
 import io.openaev.database.model.ContractOutputField;
 import io.openaev.database.model.ContractOutputTechnicalType;
 import io.openaev.database.model.ContractOutputType;
+import io.openaev.rest.inject.service.ContractOutputContext;
+import io.openaev.rest.inject.service.ExecutionProcessingContext;
 import java.util.List;
 
 /**
@@ -28,12 +30,11 @@ public interface OutputProcessor {
   /** Validate that the JSON node is correctly formatted for this type */
   boolean validate(JsonNode jsonNode);
 
-  // FINDING methods
-  String toFindingValue(JsonNode jsonNode);
-
-  List<String> toFindingAssets(JsonNode jsonNode);
-
-  List<String> toFindingUsers(JsonNode jsonNode);
-
-  List<String> toFindingTeams(JsonNode jsonNode);
+  /**
+   * Process a set of operations like generating findings, matching expectations and process assets.
+   */
+  void process(
+      ExecutionProcessingContext ctx,
+      ContractOutputContext contractOutputContext,
+      JsonNode structuredOutputNode);
 }