From 889cc382317feea4077e9a35e11397e78305e59a Mon Sep 17 00:00:00 2001
From: turbou <taka.shiozaki@contrastsecurity.com>
Date: Sun, 5 Feb 2023 19:38:00 +0900
Subject: [PATCH] =?UTF-8?q?=E5=8F=A4=E3=81=84=E3=82=BB=E3=83=83=E3=82=B7?=
 =?UTF-8?q?=E3=83=A7=E3=83=B3=E3=81=AE=E8=84=86=E5=BC=B1=E6=80=A7=E3=81=AB?=
 =?UTF-8?q?=E3=82=B3=E3=83=B3=E3=83=97=E3=83=A9=E3=82=A4=E3=82=A2=E3=83=B3?=
 =?UTF-8?q?=E3=82=B9=E3=83=9D=E3=83=AA=E3=82=B7=E3=83=BC=E3=81=8C=E5=89=B2?=
 =?UTF-8?q?=E3=82=8A=E5=BD=93=E3=81=A6=E3=82=89=E3=82=8C=E3=81=A6=E3=81=AA?=
 =?UTF-8?q?=E3=81=84=E4=BA=8B=E8=B1=A1=E3=81=AB=E5=AF=BE=E5=BF=9C=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../csvdltool/VulGetWithProgress.java         | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/src/main/java/com/contrastsecurity/csvdltool/VulGetWithProgress.java b/src/main/java/com/contrastsecurity/csvdltool/VulGetWithProgress.java
index 482a10a..5c0dae5 100644
--- a/src/main/java/com/contrastsecurity/csvdltool/VulGetWithProgress.java
+++ b/src/main/java/com/contrastsecurity/csvdltool/VulGetWithProgress.java
@@ -269,7 +269,7 @@ public void run() {
                 String appId = fullAppMap.get(appLabel).getAppId();
                 monitor.setTaskName(String.format("脆弱性の情報を取得...[%s] %s (%d/%d)", org.getName(), appName, appIdx, dstApps.size()));
                 // コンプライアンスポリシーの情報を取得
-                Map<String, List<Vulnerability>> securityStandardVulnMap = new HashMap<String, List<Vulnerability>>();
+                Map<String, List<String>> securityStandardVulnUuidMap = new HashMap<String, List<String>>();
                 if (validCompliancePolicy) {
                     SubProgressMonitor sub2_1Monitor = new SubProgressMonitor(sub2Monitor, 20);
                     Api filterSecurityStandardApi = new FilterSecurityStandardApi(this.shell, this.ps, org);
@@ -297,7 +297,7 @@ public void run() {
                             allVuls.addAll(tmpVuls);
                             traceByFilterIncompleteFlg = totalTraceByFilterCount > allVuls.size();
                         }
-                        securityStandardVulnMap.put(ssFilter.getLabel(), allVuls);
+                        securityStandardVulnUuidMap.put(ssFilter.getLabel(), allVuls.stream().map(Vulnerability::getUuid).collect(Collectors.toList()));
                         sub2_1Monitor.worked(1);
                     }
                 }
@@ -316,6 +316,11 @@ public void run() {
                                 continue;
                             }
                             traces.add(insertIdx, instance.getUuid());
+                            securityStandardVulnUuidMap.forEach((k, v) -> {
+                                if (v.contains(trace_id)) {
+                                    v.add(instance.getUuid());
+                                }
+                            });
                         }
                     }
                 }
@@ -504,14 +509,8 @@ public void run() {
                             case VUL_26:
                                 // ==================== 26. コンプライアンスポリシー ====================
                                 List<String> ssNameList = new ArrayList<String>();
-                                securityStandardVulnMap.forEach((k, v) -> {
-                                    boolean matchFlg = false;
-                                    for (Vulnerability vul : v) {
-                                        if (trace_id.equals(vul.getUuid())) {
-                                            matchFlg |= true;
-                                        }
-                                    }
-                                    if (matchFlg) {
+                                securityStandardVulnUuidMap.forEach((k, v) -> {
+                                    if (v.contains(trace_id)) {
                                         ssNameList.add(k);
                                     }
                                 });