[backend] feat: extract ContractOutputType business logic into handler classes (#4302)

Author: savacano28

openaev-api/src/main/java/io/openaev/importer/V1_DataImporter.java

@@ -1308,7 +1308,7 @@ private InjectorContract importInjectorContractFromStarterPack(JsonNode importNo
 
   public static ContractOutputType formatStringToContractOutputType(String value) {
     for (ContractOutputType type : ContractOutputType.values()) {
-      if (type.label.equalsIgnoreCase(value)) {
+      if (type.getLabel().equalsIgnoreCase(value)) {
         return type;
       }
     }

openaev-api/src/main/java/io/openaev/output_processor/AbstractOutputProcessor.java

@@ -0,0 +1,122 @@
+package io.openaev.output_processor;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import io.openaev.database.model.ContractOutputField;
+import io.openaev.database.model.ContractOutputTechnicalType;
+import io.openaev.database.model.ContractOutputType;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import lombok.extern.slf4j.Slf4j;
+
+/** Abstract base class providing common functionality for structured output processor handlers. */
+@Slf4j
+public abstract class AbstractOutputProcessor implements OutputProcessor {
+
+  protected final ContractOutputType type;
+  protected final ContractOutputTechnicalType technicalType;
+  protected final List<ContractOutputField> fields;
+  protected final boolean isFindingCompatible;
+
+  protected AbstractOutputProcessor(
+      ContractOutputType type,
+      ContractOutputTechnicalType technicalType,
+      List<ContractOutputField> fields,
+      boolean isFindingCompatible) {
+    this.type = type;
+    this.technicalType = technicalType;
+    this.fields = fields;
+    this.isFindingCompatible = isFindingCompatible;
+  }
+
+  @Override
+  public ContractOutputType getType() {
+    return type;
+  }
+
+  @Override
+  public ContractOutputTechnicalType getTechnicalType() {
+    return technicalType;
+  }
+
+  @Override
+  public List<ContractOutputField> getFields() {
+    return fields;
+  }
+
+  @Override
+  public boolean isFindingCompatible() {
+    return isFindingCompatible;
+  }
+
+  @Override
+  public boolean validate(JsonNode jsonNode) {
+    return jsonNode != null;
+  }
+
+  // FINDING METHODS
+  // Override these in handlers that support findings
+
+  /**
+   * Convert JSON node to finding value string. Override this method if handler supports findings.
+   * Default returns empty string with warning log.
+   */
+  @Override
+  public String toFindingValue(JsonNode jsonNode) {
+    log.warn("Handler {} does not implement toFindingValue, returning empty string", type);
+    return "";
+  }
+
+  /**
+   * Extract asset IDs from JSON node for finding linking. Override to provide custom logic, default
+   * returns empty list.
+   */
+  public List<String> toFindingAssets(JsonNode jsonNode) {
+    log.warn("Handler {} does not implement toFindingAssets, returning an empty list", type);
+    return Collections.emptyList();
+  }
+
+  /**
+   * Extract user IDs from JSON node for finding linking. Override to provide custom logic, default
+   * returns empty list.
+   */
+  public List<String> toFindingUsers(JsonNode jsonNode) {
+    log.warn("Handler {} does not implement toFindingUsers, returning an empty list", type);
+    return Collections.emptyList();
+  }
+
+  /**
+   * Extract team IDs from JSON node for finding linking. Override to provide custom logic, default
+   * returns empty list.
+   */
+  public List<String> toFindingTeams(JsonNode jsonNode) {
+    log.warn("Handler {} does not implement toFindingTeams, returning an empty list", type);
+    return Collections.emptyList();
+  }
+
+  // Utility methods
+  protected String buildString(@NotNull final JsonNode jsonNode) {
+    if (jsonNode.isArray()) {
+      List<String> values = new ArrayList<>();
+      for (JsonNode element : jsonNode) {
+        values.add(trimQuotes(element.asText()));
+      }
+      return String.join(" ", values);
+    }
+    return trimQuotes(jsonNode.asText());
+  }
+
+  protected String buildString(@NotNull final JsonNode jsonNode, @NotBlank final String key) {
+    JsonNode valueNode = jsonNode.get(key);
+    if (valueNode == null || valueNode.isNull()) {
+      return "";
+    }
+    return buildString(valueNode);
+  }
+
+  protected String trimQuotes(@NotBlank final String value) {
+    return value.replaceAll("^\"|\"$", "");
+  }
+}

openaev-api/src/main/java/io/openaev/output_processor/AssetOutputProcessor.java

@@ -0,0 +1,14 @@
+package io.openaev.output_processor;
+
+import io.openaev.database.model.ContractOutputTechnicalType;
+import io.openaev.database.model.ContractOutputType;
+import java.util.List;
+import org.springframework.stereotype.Component;
+
+@Component
+public class AssetOutputProcessor extends AbstractOutputProcessor {
+
+  public AssetOutputProcessor() {
+    super(ContractOutputType.Asset, ContractOutputTechnicalType.Object, List.of(), false);
+  }
+}

openaev-api/src/main/java/io/openaev/output_processor/CVEOutputProcessor.java

@@ -0,0 +1,58 @@
+package io.openaev.output_processor;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import io.openaev.database.model.ContractOutputField;
+import io.openaev.database.model.ContractOutputTechnicalType;
+import io.openaev.database.model.ContractOutputType;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import org.springframework.stereotype.Component;
+
+@Component
+public class CVEOutputProcessor extends AbstractOutputProcessor {
+
+  private static final String ASSET_ID = "asset_id";
+  private static final String ID = "id";
+  private static final String HOST = "host";
+  private static final String SEVERITY = "severity";
+
+  public CVEOutputProcessor() {
+    super(
+        ContractOutputType.CVE,
+        ContractOutputTechnicalType.Object,
+        List.of(
+            new ContractOutputField(ASSET_ID, ContractOutputTechnicalType.Text, false),
+            new ContractOutputField(ID, ContractOutputTechnicalType.Text, true),
+            new ContractOutputField(HOST, ContractOutputTechnicalType.Text, true),
+            new ContractOutputField(SEVERITY, ContractOutputTechnicalType.Text, true)),
+        true);
+  }
+
+  @Override
+  public boolean validate(JsonNode jsonNode) {
+    return jsonNode.hasNonNull(ID) && jsonNode.hasNonNull(HOST) && jsonNode.hasNonNull(SEVERITY);
+  }
+
+  // Findings
+  @Override
+  public String toFindingValue(JsonNode jsonNode) {
+    return buildString(jsonNode, ID);
+  }
+
+  @Override
+  public List<String> toFindingAssets(JsonNode jsonNode) {
+    JsonNode assetIdNode = jsonNode.get(ASSET_ID);
+    if (assetIdNode == null) {
+      return Collections.emptyList();
+    }
+    if (assetIdNode.isArray()) {
+      List<String> result = new ArrayList<>();
+      for (JsonNode idNode : assetIdNode) {
+        result.add(idNode.asText());
+      }
+      return result;
+    }
+    return List.of(assetIdNode.asText());
+  }
+}

openaev-api/src/main/java/io/openaev/output_processor/CredentialsOutputProcessor.java

@@ -0,0 +1,37 @@
+package io.openaev.output_processor;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import io.openaev.database.model.ContractOutputField;
+import io.openaev.database.model.ContractOutputTechnicalType;
+import io.openaev.database.model.ContractOutputType;
+import java.util.List;
+import org.springframework.stereotype.Component;
+
+@Component
+public class CredentialsOutputProcessor extends AbstractOutputProcessor {
+
+  private static final String USERNAME = "username";
+  private static final String PASSWORD = "password";
+
+  public CredentialsOutputProcessor() {
+    super(
+        ContractOutputType.Credentials,
+        ContractOutputTechnicalType.Object,
+        List.of(
+            new ContractOutputField(USERNAME, ContractOutputTechnicalType.Text, true),
+            new ContractOutputField(PASSWORD, ContractOutputTechnicalType.Text, true)),
+        true);
+  }
+
+  @Override
+  public boolean validate(JsonNode jsonNode) {
+    return jsonNode.hasNonNull(USERNAME) && jsonNode.hasNonNull(PASSWORD);
+  }
+
+  @Override
+  public String toFindingValue(JsonNode jsonNode) {
+    String username = buildString(jsonNode, USERNAME);
+    String password = buildString(jsonNode, PASSWORD);
+    return username + ":" + password;
+  }
+}

openaev-api/src/main/java/io/openaev/output_processor/IPv4OutputProcessor.java

@@ -0,0 +1,28 @@
+package io.openaev.output_processor;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import io.openaev.database.model.ContractOutputTechnicalType;
+import io.openaev.database.model.ContractOutputType;
+import java.util.List;
+import org.apache.commons.validator.routines.InetAddressValidator;
+import org.springframework.stereotype.Component;
+
+@Component
+public class IPv4OutputProcessor extends AbstractOutputProcessor {
+
+  private static final InetAddressValidator VALIDATOR = InetAddressValidator.getInstance();
+
+  public IPv4OutputProcessor() {
+    super(ContractOutputType.IPv4, ContractOutputTechnicalType.Text, List.of(), true);
+  }
+
+  @Override
+  public boolean validate(JsonNode jsonNode) {
+    return VALIDATOR.isValidInet4Address(jsonNode.asText());
+  }
+
+  @Override
+  public String toFindingValue(JsonNode jsonNode) {
+    return buildString(jsonNode);
+  }
+}

openaev-api/src/main/java/io/openaev/output_processor/IPv6OutputProcessor.java

@@ -0,0 +1,28 @@
+package io.openaev.output_processor;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import io.openaev.database.model.ContractOutputTechnicalType;
+import io.openaev.database.model.ContractOutputType;
+import java.util.List;
+import org.apache.commons.validator.routines.InetAddressValidator;
+import org.springframework.stereotype.Component;
+
+@Component
+public class IPv6OutputProcessor extends AbstractOutputProcessor {
+
+  private static final InetAddressValidator VALIDATOR = InetAddressValidator.getInstance();
+
+  public IPv6OutputProcessor() {
+    super(ContractOutputType.IPv6, ContractOutputTechnicalType.Text, List.of(), true);
+  }
+
+  @Override
+  public boolean validate(JsonNode jsonNode) {
+    return VALIDATOR.isValidInet6Address(jsonNode.asText());
+  }
+
+  @Override
+  public String toFindingValue(JsonNode jsonNode) {
+    return buildString(jsonNode);
+  }
+}

openaev-api/src/main/java/io/openaev/output_processor/NumberOutputProcessor.java

@@ -0,0 +1,20 @@
+package io.openaev.output_processor;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import io.openaev.database.model.ContractOutputTechnicalType;
+import io.openaev.database.model.ContractOutputType;
+import java.util.List;
+import org.springframework.stereotype.Component;
+
+@Component
+public class NumberOutputProcessor extends AbstractOutputProcessor {
+
+  public NumberOutputProcessor() {
+    super(ContractOutputType.Number, ContractOutputTechnicalType.Number, List.of(), true);
+  }
+
+  @Override
+  public String toFindingValue(JsonNode jsonNode) {
+    return buildString(jsonNode);
+  }
+}

openaev-api/src/main/java/io/openaev/output_processor/OutputProcessor.java

@@ -0,0 +1,39 @@
+package io.openaev.output_processor;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import io.openaev.database.model.ContractOutputField;
+import io.openaev.database.model.ContractOutputTechnicalType;
+import io.openaev.database.model.ContractOutputType;
+import java.util.List;
+
+/**
+ * Handler interface for processing structured outputs in different contexts. Implementations of
+ * this interface will define how to validate and process structured outputs based on their type and
+ * technical type, as well as the contexts they support.
+ */
+public interface OutputProcessor {
+
+  /** Get the type (matches ContractOutputType enum) */
+  ContractOutputType getType();
+
+  /** Get the technical type (matches ContractOutputTechnicalType enum) */
+  ContractOutputTechnicalType getTechnicalType();
+
+  /** Get fields */
+  List<ContractOutputField> getFields();
+
+  /** Is finding compatible */
+  boolean isFindingCompatible();
+
+  /** Validate that the JSON node is correctly formatted for this type */
+  boolean validate(JsonNode jsonNode);
+
+  // FINDING methods
+  String toFindingValue(JsonNode jsonNode);
+
+  List<String> toFindingAssets(JsonNode jsonNode);
+
+  List<String> toFindingUsers(JsonNode jsonNode);
+
+  List<String> toFindingTeams(JsonNode jsonNode);
+}

openaev-api/src/main/java/io/openaev/output_processor/OutputProcessorFactory.java

@@ -0,0 +1,31 @@
+package io.openaev.output_processor;
+
+import io.openaev.database.model.ContractOutputType;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+import org.springframework.stereotype.Component;
+
+@Component
+public class OutputProcessorFactory {
+
+  private final Map<ContractOutputType, OutputProcessor> outputProcessorHandlerMap;
+
+  public OutputProcessorFactory(List<OutputProcessor> handlers) {
+    this.outputProcessorHandlerMap =
+        handlers.stream().collect(Collectors.toMap(OutputProcessor::getType, Function.identity()));
+  }
+
+  public OutputProcessor getHandler(ContractOutputType type) {
+    return Optional.ofNullable(outputProcessorHandlerMap.get(type))
+        .orElseThrow(
+            () ->
+                new IllegalArgumentException(
+                    "No handler found for type: "
+                        + type
+                        + ". Available types: "
+                        + outputProcessorHandlerMap.keySet()));
+  }
+}