trustification
diff --git a/‎nodes/DependencyAnalytics/Actions.spec.ts‎
Lines changed: 2 additions & 4 deletions b/‎nodes/DependencyAnalytics/Actions.spec.ts‎
Lines changed: 2 additions & 4 deletions
diff --git a/‎nodes/DependencyAnalytics/DependencyAnalytics.spec.ts‎
Lines changed: 2 additions & 1 deletion b/‎nodes/DependencyAnalytics/DependencyAnalytics.spec.ts‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎nodes/DependencyAnalytics/Utils.spec.ts‎
Lines changed: 23 additions & 29 deletions b/‎nodes/DependencyAnalytics/Utils.spec.ts‎
Lines changed: 23 additions & 29 deletions
diff --git a/‎nodes/DependencyAnalytics/actions/vulnerability.ts‎
Lines changed: 202 additions & 4 deletions b/‎nodes/DependencyAnalytics/actions/vulnerability.ts‎
Lines changed: 202 additions & 4 deletions
@@ -342,7 +342,7 @@ describe('Tests for actions/vulnerability.ts', () => {
         const parsedPurls = ['pkg:npm/[email protected]'];
         (parsePurls as jest.Mock).mockReturnValue(parsedPurls);
 
-        const fakeResult = { vulnerabilities: [{ id: 'CVE-2024-5678' }] };
+        const fakeResult = { advisories: [] };
         (authedRequest as jest.Mock).mockResolvedValue(fakeResult);
 
         const result = await vulnerability.analyze({ ctx, itemIndex: 0 });
@@ -415,13 +415,11 @@ describe('Tests for actions/vulnerability.ts', () => {
 
         const sbomResponse = { id: 'sbom-123' };
         const advisoryResponse = [{ id: 'ADV-1' }];
-
         (authedRequest as jest.Mock)
           .mockResolvedValueOnce(sbomResponse)
           .mockResolvedValueOnce(advisoryResponse);
 
         const result = await vulnerability.analyze({ ctx, itemIndex: 0 });
-
         expect(authedRequest).toHaveBeenNthCalledWith(
           1,
           ctx,
@@ -445,7 +443,7 @@ describe('Tests for actions/vulnerability.ts', () => {
           {
             json: {
               sbomId: 'sbom-123',
-              advisories: advisoryResponse,
+              advisories: [{ shaped: { id: 'ADV-1' } }],
             },
           },
         ]);
 
@@ -28,15 +28,16 @@ test('It contains all expected displayNames in properties', () => {
     'Operation',
     'Sorting',
     'Selected Fields',
+    'Selected Fields (Advisory)',
     'Operation',
     'Input Type',
     'PURLs',
     'SBOM SHA-256',
     'Sorting',
     'Selected Fields',
     'Operation',
+    'Sorting',
   ];
-
   expect(displayNames).toEqual(expectedDisplayNames);
 });
 
 
@@ -228,7 +228,7 @@ describe('Tests for simplify.ts', () => {
       severity: 'high',
       score: 9.1,
       cwe: 'CWE-79',
-      advisories: 2,
+      advisories: [{}, {}],
       reserved: false,
       withdrawn: false,
     });
@@ -244,7 +244,7 @@ describe('Tests for simplify.ts', () => {
       severity: null,
       score: null,
       cwe: null,
-      advisories: 0,
+      advisories: [],
       reserved: null,
       withdrawn: null,
     });
@@ -265,32 +265,30 @@ describe('Tests for simplify.ts', () => {
     };
     const result = simplifyAdvisory(item);
     expect(result).toEqual({
-      documentId: 'doc-1',
+      uuid: null,
       identifier: 'ADV-001',
+      document_id: 'doc-1',
       title: 'Advisory title',
-      issuer: 'SecurityTeam',
-      published: '2024-01-01',
-      modified: '2024-01-02',
-      severity: 'medium',
-      score: 5.4,
+      sha256: null,
       size: 1234,
-      ingested: '2024-02-01',
+      average_severity: 'medium',
+      average_score: 5.4,
+      vulnerabilities: [],
     });
   });
 
   test('It should handle missing issuer and optional fields', () => {
     const result = simplifyAdvisory({ identifier: 'ADV-002' });
     expect(result).toMatchObject({
-      documentId: null,
+      uuid: null,
       identifier: 'ADV-002',
+      document_id: null,
       title: null,
-      issuer: null,
-      published: null,
-      modified: null,
-      severity: null,
-      score: null,
+      sha256: null,
       size: null,
-      ingested: null,
+      average_severity: null,
+      average_score: null,
+      vulnerabilities: [],
     });
   });
 
@@ -329,13 +327,11 @@ describe('Tests for simplify.ts', () => {
       };
 
       const result = simplifyOne('vulnerability', vulnObj);
-
       expect(result).toHaveProperty('identifier', 'CVE-2024-1234');
       expect(result).toHaveProperty('title', 'Test Vulnerability');
       expect(result).toHaveProperty('severity', 'critical');
       expect(result).toHaveProperty('score', 9.8);
       expect(result).toHaveProperty('cwe', 'CWE-79');
-      expect(result).toHaveProperty('advisories', 3);
     });
 
     test('It should call simplifyAdvisory when resource is advisory', () => {
@@ -350,13 +346,11 @@ describe('Tests for simplify.ts', () => {
       };
 
       const result = simplifyOne('advisory', advisoryObj);
-
-      expect(result).toHaveProperty('documentId', 'doc-123');
+      expect(result).toHaveProperty('document_id', 'doc-123');
       expect(result).toHaveProperty('identifier', 'RHSA-2024-0001');
       expect(result).toHaveProperty('title', 'Security Advisory');
-      expect(result).toHaveProperty('issuer', 'Red Hat');
-      expect(result).toHaveProperty('severity', 'high');
-      expect(result).toHaveProperty('score', 7.5);
+      expect(result).toHaveProperty('average_severity', 'high');
+      expect(result).toHaveProperty('average_score', 7.5);
       expect(result).toHaveProperty('size', 5000);
     });
 
@@ -371,18 +365,18 @@ describe('Tests for simplify.ts', () => {
 
     test('It should handle empty objects for vulnerability resource', () => {
       const result = simplifyOne('vulnerability', {});
-
       expect(result).toHaveProperty('identifier', null);
       expect(result).toHaveProperty('title', null);
-      expect(result).toHaveProperty('advisories', 0);
+      expect(result).toHaveProperty('advisories', []);
     });
 
     test('It should handle empty objects for advisory resource', () => {
       const result = simplifyOne('advisory', {});
-
-      expect(result).toHaveProperty('documentId', null);
+      expect(result).toHaveProperty('document_id', null);
       expect(result).toHaveProperty('identifier', null);
-      expect(result).toHaveProperty('issuer', null);
+      expect(result).toHaveProperty('average_severity', null);
+      expect(result).toHaveProperty('average_score', null);
+      expect(result).toHaveProperty('vulnerabilities', []);
     });
   });
 });
@@ -447,7 +441,7 @@ describe('Tests for http.ts', () => {
       getNodeParameter: jest.fn().mockReturnValue('clientCredentials'),
     };
     const result = chooseCredential(mockCtx as any, 1);
-    expect(result).toBe('trustifyClientOAuth2Api');
+    expect(result).toBe('trustifyClientCredsOAuth2Api');
   });
 
   test('It should simulate authedRequest call', async () => {
 
@@ -69,8 +69,148 @@ export async function analyze({ ctx, itemIndex }: { ctx: IExecuteFunctions; item
     };
 
     try {
-      const res = await authedRequest(ctx, credentialName, options);
-      return [{ json: res } as INodeExecutionData];
+      const res = (await authedRequest(ctx, credentialName, options)) as any;
+
+      const rules: SortRule[] = readSortRules(ctx, itemIndex, 'vulnerability');
+      const mode = ctx.getNodeParameter('outputMode', itemIndex, 'simplified') as
+        | 'simplified'
+        | 'raw'
+        | 'selected';
+
+      // Build enriched advisories with vulnerability fields and originating package (purl)
+      const enrichedAdvisories: any[] = [];
+
+      const isPlainObject = (v: any) => v && typeof v === 'object' && !Array.isArray(v);
+      if (isPlainObject(res)) {
+        // Prefer the map keyed by PURL shape: { [purl]: { details: [...] } }
+        for (const [pkgPurl, data] of Object.entries(res as Record<string, any>)) {
+          // Support both shapes:
+          // 1) { details: [...] }
+          // 2) [ { ...vulnerabilityDetail... }, ... ]
+          const details = Array.isArray(data)
+            ? (data as any[])
+            : Array.isArray((data as any)?.details)
+              ? (data as any).details
+              : [];
+          if (details.length === 0 && Array.isArray((data as any)?.advisories)) {
+            // Fallback: direct advisories array
+            for (const adv of (data as any).advisories as any[]) {
+              enrichedAdvisories.push({ ...adv, package: pkgPurl });
+            }
+          }
+          for (const d of details) {
+            const affected = (d as any)?.status?.affected;
+            if (Array.isArray(affected)) {
+              for (const adv of affected) {
+                // Merge advisory with vulnerability-level fields and the originating package
+                enrichedAdvisories.push({
+                  ...adv,
+                  package: pkgPurl,
+                  normative: (d as any)?.normative ?? (d as any)?.status?.normative ?? null,
+                  identifier: (d as any)?.identifier ?? adv?.identifier ?? null,
+                  title: (d as any)?.title ?? adv?.title ?? null,
+                  description: (d as any)?.description ?? null,
+                  reserved: (d as any)?.reserved ?? null,
+                  published: (d as any)?.published ?? adv?.published ?? null,
+                  modified: (d as any)?.modified ?? adv?.modified ?? null,
+                  withdrawn: (d as any)?.withdrawn ?? adv?.withdrawn ?? null,
+                  discovered: (d as any)?.discovered ?? null,
+                  released: (d as any)?.released ?? null,
+                  cwes: (d as any)?.cwes ?? adv?.cwes ?? null,
+                  status: (d as any)?.status ?? null,
+                });
+              }
+            }
+          }
+        }
+      } else {
+        // Fallback to previous generic flattening while trying to retain package
+        const buckets: any[] = Array.isArray(res)
+          ? res
+          : Array.isArray(res?.items)
+            ? res.items
+            : Array.isArray(res?.vulnerabilities)
+              ? res.vulnerabilities
+              : [res];
+
+        for (const bucket of buckets) {
+          if (bucket && typeof bucket === 'object') {
+            if (Array.isArray((bucket as any).advisories)) {
+              for (const adv of (bucket as any).advisories as any[]) {
+                const pkg = (adv as any)?.packages?.[0]?.purl ?? null;
+                enrichedAdvisories.push({ ...adv, package: pkg });
+              }
+              continue;
+            }
+            const candidates: any[] = [];
+            if (Array.isArray((bucket as any).details)) candidates.push(bucket);
+            for (const v of Object.values(bucket)) {
+              if (v && typeof v === 'object') candidates.push(v);
+            }
+            for (const cand of candidates) {
+              const details = Array.isArray((cand as any)?.details) ? (cand as any).details : [];
+              for (const d of details) {
+                const affected = (d as any)?.status?.affected;
+                if (Array.isArray(affected)) {
+                  for (const adv of affected) {
+                    const pkg =
+                      (d as any)?.status?.packages?.[0]?.purl ??
+                      (adv as any)?.packages?.[0]?.purl ??
+                      null;
+                    enrichedAdvisories.push({
+                      ...adv,
+                      package: pkg,
+                      normative: (d as any)?.normative ?? (d as any)?.status?.normative ?? null,
+                      identifier: (d as any)?.identifier ?? adv?.identifier ?? null,
+                      title: (d as any)?.title ?? adv?.title ?? null,
+                      description: (d as any)?.description ?? null,
+                      reserved: (d as any)?.reserved ?? null,
+                      published: (d as any)?.published ?? adv?.published ?? null,
+                      modified: (d as any)?.modified ?? adv?.modified ?? null,
+                      withdrawn: (d as any)?.withdrawn ?? adv?.withdrawn ?? null,
+                      discovered: (d as any)?.discovered ?? null,
+                      released: (d as any)?.released ?? null,
+                      cwes: (d as any)?.cwes ?? adv?.cwes ?? null,
+                      status: (d as any)?.status ?? null,
+                    });
+                  }
+                }
+              }
+            }
+          }
+        }
+      }
+
+      let out = enrichedAdvisories;
+
+      if (rules.length) out = [...out].sort((a, b) => multiCmp(a, b, rules));
+
+      const limit = (ctx.getNodeParameter('limit', itemIndex, 50) as number) || 50;
+      out = out.slice(0, limit);
+
+      // RAW mode: return flattened advisories under a consistent key
+      if (mode === 'raw') {
+        return [{ json: { advisories: out } } as INodeExecutionData];
+      }
+
+      // Simplified: project minimal advisory fields locally to avoid advisory-specific simplifier
+      if (mode === 'simplified') {
+        const simplified = out.map((a: any) => ({
+          uuid: a?.uuid ?? null,
+          normative: a?.normative ?? null,
+          identifier: a?.identifier ?? null,
+          document_id: a?.document_id ?? null,
+          package: a?.package ?? null,
+          title: a?.title ?? null,
+          description: a?.description ?? null,
+          score: a?.score ?? null,
+        }));
+        return [{ json: { advisories: simplified } } as INodeExecutionData];
+      }
+
+      // Selected: use generic advisory shaper
+      const finalItems = out.map((it) => shapeOutput(ctx, itemIndex, 'advisory', it));
+      return [{ json: { advisories: finalItems } } as INodeExecutionData];
     } catch (err: any) {
       if (ctx.continueOnFail()) {
         return [{ json: { message: err.message, request: { purls } } } as INodeExecutionData];
@@ -103,7 +243,65 @@ export async function analyze({ ctx, itemIndex }: { ctx: IExecuteFunctions; item
     returnFullResponse: false,
   };
 
-  const advisories = await authedRequest(ctx, credentialName, advOpts);
+  const advisories = (await authedRequest(ctx, credentialName, advOpts)) as any;
+
+  const rules: SortRule[] = readSortRules(ctx, itemIndex, 'vulnerability');
+  let out = advisories;
+  if (Array.isArray(advisories) && rules.length) {
+    out = [...advisories].sort((a, b) => multiCmp(a, b, rules));
+  }
+
+  const limit = (ctx.getNodeParameter('limit', itemIndex, 50) as number) || 50;
+  if (Array.isArray(out)) out = out.slice(0, limit);
+
+  const mode = ctx.getNodeParameter('outputMode', itemIndex, 'simplified') as
+    | 'simplified'
+    | 'raw'
+    | 'selected';
+
+  // RAW mode: return advisories as-is under a consistent key
+  if (mode === 'raw') {
+    return [
+      { json: { sbomId, advisories: Array.isArray(out) ? out : [out] } } as INodeExecutionData,
+    ];
+  }
+
+  // Simplified mode: custom sbom-sha advisory projection per user requirements
+  if (mode === 'simplified') {
+    const simplified = (Array.isArray(out) ? out : [out]).map((item: any) => {
+      const toScores = (scores: any) => (Array.isArray(scores) ? scores : null);
+      const statusArr = Array.isArray(item?.status)
+        ? item.status.map((s: any) => ({
+            normative: s?.normative ?? null,
+            identifier: item?.identifier ?? null,
+            title: s?.title ?? null,
+            description: s?.description ?? null,
+            averageSeverity: s?.average_severity ?? null,
+            averageScore: s?.average_score ?? null,
+            status: s?.status ?? null,
+            packages: s?.packages ?? null,
+            score: toScores(item?.scores) ?? toScores(s?.scores),
+          }))
+        : [];
+      return {
+        uuid: item?.uuid ?? null,
+        identifier: item?.identifier ?? null,
+        title: item?.title ?? null,
+        status: statusArr,
+      };
+    });
+
+    return [{ json: { sbomId, advisories: simplified } } as INodeExecutionData];
+  }
+
+  // Selected fields mode: reuse normal advisory shaping
+  const shaped = Array.isArray(out)
+    ? out.map((it: any) => shapeOutput(ctx, itemIndex, 'advisory', it))
+    : shapeOutput(ctx, itemIndex, 'advisory', out);
 
-  return [{ json: { sbomId, advisories } } as INodeExecutionData];
+  return [
+    {
+      json: { sbomId, advisories: Array.isArray(shaped) ? shaped : [shaped] },
+    } as INodeExecutionData,
+  ];
 }