Addressed PR comments

ChrisEdwards · ChrisEdwards · commit f7758ad23e11 · 2025-11-13T22:35:29.000-05:00
diff --git a/src/main/java/com/contrast/labs/ai/mcp/contrast/AssessService.java b/src/main/java/com/contrast/labs/ai/mcp/contrast/AssessService.java
@@ -213,18 +213,19 @@ public List<VulnLight> listVulnsByAppIdAndSessionMetadata(
             List<VulnLight> vulns =  listVulnsByAppId(appID);
             List<VulnLight> returnVulns = new ArrayList<>();
             for(VulnLight vuln : vulns) {
-                if(vuln.sessionMetadata()!=null) {
-                    for(SessionMetadata sm : vuln.sessionMetadata()) {
-                        for(MetadataItem metadataItem : sm.getMetadata()) {
-                            if(metadataItem.getDisplayLabel().equalsIgnoreCase(session_Metadata_Name) &&
-                                    metadataItem.getValue().equalsIgnoreCase(session_Metadata_Value)) {
-                                returnVulns.add(vuln);
-                                logger.debug("Found matching vulnerability with ID: {}", vuln.vulnID());
-                                break;
-                            }
-                        }
-                    }
+              if (vuln.sessionMetadata() == null) {
+                continue;
+              }
+              for (SessionMetadata sm : vuln.sessionMetadata()) {
+                for (MetadataItem metadataItem : sm.getMetadata()) {
+                  if (metadataItem.getDisplayLabel().equalsIgnoreCase(session_Metadata_Name) &&
+                      metadataItem.getValue().equalsIgnoreCase(session_Metadata_Value)) {
+                    returnVulns.add(vuln);
+                    logger.debug("Found matching vulnerability with ID: {}", vuln.vulnID());
+                    break;
+                  }
                 }
+              }
             }
             return returnVulns;
         } catch (Exception e) {
diff --git a/src/main/java/com/contrast/labs/ai/mcp/contrast/SCAService.java b/src/main/java/com/contrast/labs/ai/mcp/contrast/SCAService.java
@@ -64,7 +64,7 @@ public class SCAService {
 
     @Tool(name = "list_application_libraries", description = "Takes an application ID and returns the libraries used in the application. Use list_applications_with_name first to get the application ID from a name. Note: if class usage count is 0 the library is unlikely to be used")
     public List<LibraryExtended> getApplicationLibrariesByID(String appID) throws IOException {
-        if (appID == null || appID.isEmpty()) {
+        if (appID == null || appID.isBlank()) {
             throw new IllegalArgumentException("Application ID cannot be null or empty");
         }
         logger.info("Retrieving libraries for application id: {}", appID);
diff --git a/src/test/java/com/contrast/labs/ai/mcp/contrast/ADRServiceTest.java b/src/test/java/com/contrast/labs/ai/mcp/contrast/ADRServiceTest.java
@@ -19,6 +19,8 @@
 import com.contrast.labs.ai.mcp.contrast.data.PaginatedResponse;
 import com.contrast.labs.ai.mcp.contrast.sdkexstension.SDKExtension;
 import com.contrast.labs.ai.mcp.contrast.sdkexstension.SDKHelper;
+import com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData;
+import com.contrast.labs.ai.mcp.contrast.sdkexstension.data.Rule;
 import com.contrast.labs.ai.mcp.contrast.sdkexstension.data.adr.Attack;
 import com.contrast.labs.ai.mcp.contrast.sdkexstension.data.adr.AttacksFilterBody;
 import com.contrast.labs.ai.mcp.contrast.sdkexstension.data.adr.AttacksResponse;
@@ -545,15 +547,15 @@ void testGetAttacks_MultipleValidationErrors_CombinesErrors() throws Exception {
     @Test
     void testGetProtectDataByAppID_Success() throws Exception {
         // Given
-        com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData mockProtectData = createMockProtectData(3);
+        ProtectData mockProtectData = createMockProtectData(3);
 
         mockedSDKExtension = mockConstruction(SDKExtension.class, (mock, context) -> {
             when(mock.getProtectConfig(eq(TEST_ORG_ID), eq(TEST_APP_ID)))
                 .thenReturn(mockProtectData);
         });
 
         // When
-        com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData result =
+        ProtectData result =
             adrService.getProtectDataByAppID(TEST_APP_ID);
 
         // Then
@@ -565,15 +567,15 @@ void testGetProtectDataByAppID_Success() throws Exception {
     @Test
     void testGetProtectDataByAppID_WithRules() throws Exception {
         // Given
-        com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData mockProtectData = createMockProtectDataWithRules();
+        ProtectData mockProtectData = createMockProtectDataWithRules();
 
         mockedSDKExtension = mockConstruction(SDKExtension.class, (mock, context) -> {
             when(mock.getProtectConfig(eq(TEST_ORG_ID), eq(TEST_APP_ID)))
                 .thenReturn(mockProtectData);
         });
 
         // When
-        com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData result =
+        ProtectData result =
             adrService.getProtectDataByAppID(TEST_APP_ID);
 
         // Then
@@ -637,7 +639,7 @@ void testGetProtectDataByAppID_NoProtectDataReturned() throws Exception {
         });
 
         // When
-        com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData result =
+        ProtectData result =
             adrService.getProtectDataByAppID(TEST_APP_ID);
 
         // Then
@@ -647,8 +649,8 @@ void testGetProtectDataByAppID_NoProtectDataReturned() throws Exception {
     @Test
     void testGetProtectDataByAppID_EmptyRulesList() throws Exception {
         // Given - Protect enabled but no rules configured
-        com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData mockProtectData =
-            new com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData();
+        ProtectData mockProtectData =
+            new ProtectData();
         mockProtectData.setRules(new ArrayList<>());
 
         mockedSDKExtension = mockConstruction(SDKExtension.class, (mock, context) -> {
@@ -657,7 +659,7 @@ void testGetProtectDataByAppID_EmptyRulesList() throws Exception {
         });
 
         // When
-        com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData result =
+        ProtectData result =
             adrService.getProtectDataByAppID(TEST_APP_ID);
 
         // Then
@@ -668,19 +670,14 @@ void testGetProtectDataByAppID_EmptyRulesList() throws Exception {
 
     // ========== Helper Methods ==========
 
-    /**
-     * Creates mock AttacksResponse for testing
-     */
     private AttacksResponse createMockAttacksResponse(int count, Integer totalCount) {
         AttacksResponse response = new AttacksResponse();
         response.setAttacks(createMockAttacks(count));
         response.setCount(totalCount);
         return response;
     }
 
-    /**
-     * Creates mock Attack objects for testing
-     */
+
     private List<Attack> createMockAttacks(int count) {
         List<Attack> attacks = new ArrayList<>();
         long baseTime = System.currentTimeMillis();
@@ -703,17 +700,15 @@ private List<Attack> createMockAttacks(int count) {
         return attacks;
     }
 
-    /**
-     * Creates mock ProtectData for testing
-     */
-    private com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData createMockProtectData(int ruleCount) {
-        com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData protectData =
-            new com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData();
 
-        List<com.contrast.labs.ai.mcp.contrast.sdkexstension.data.Rule> rules = new ArrayList<>();
+    private ProtectData createMockProtectData(int ruleCount) {
+        ProtectData protectData =
+            new ProtectData();
+
+        List<Rule> rules = new ArrayList<>();
         for (int i = 0; i < ruleCount; i++) {
-            com.contrast.labs.ai.mcp.contrast.sdkexstension.data.Rule rule =
-                new com.contrast.labs.ai.mcp.contrast.sdkexstension.data.Rule();
+            Rule rule =
+                new Rule();
             rule.setName("protect-rule-" + i);
             rule.setProduction(i % 2 == 0 ? "block" : "monitor");
             rules.add(rule);
@@ -723,25 +718,23 @@ private com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData createM
         return protectData;
     }
 
-    /**
-     * Creates mock ProtectData with realistic rule configuration
-     */
-    private com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData createMockProtectDataWithRules() {
-        com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData protectData =
-            new com.contrast.labs.ai.mcp.contrast.sdkexstension.data.ProtectData();
 
-        List<com.contrast.labs.ai.mcp.contrast.sdkexstension.data.Rule> rules = new ArrayList<>();
+    private ProtectData createMockProtectDataWithRules() {
+        ProtectData protectData =
+            new ProtectData();
+
+        List<Rule> rules = new ArrayList<>();
 
         // SQL Injection rule
-        com.contrast.labs.ai.mcp.contrast.sdkexstension.data.Rule sqlRule =
-            new com.contrast.labs.ai.mcp.contrast.sdkexstension.data.Rule();
+        Rule sqlRule =
+            new Rule();
         sqlRule.setName("sql-injection");
         sqlRule.setProduction("block");
         rules.add(sqlRule);
 
         // XSS rule
-        com.contrast.labs.ai.mcp.contrast.sdkexstension.data.Rule xssRule =
-            new com.contrast.labs.ai.mcp.contrast.sdkexstension.data.Rule();
+        Rule xssRule =
+            new Rule();
         xssRule.setName("xss-reflected");
         xssRule.setProduction("monitor");
         rules.add(xssRule);
diff --git a/src/test/java/com/contrast/labs/ai/mcp/contrast/SCAServiceTest.java b/src/test/java/com/contrast/labs/ai/mcp/contrast/SCAServiceTest.java
@@ -17,7 +17,9 @@
 
 import com.contrast.labs.ai.mcp.contrast.sdkexstension.SDKExtension;
 import com.contrast.labs.ai.mcp.contrast.sdkexstension.SDKHelper;
+import com.contrast.labs.ai.mcp.contrast.sdkexstension.data.App;
 import com.contrast.labs.ai.mcp.contrast.sdkexstension.data.CveData;
+import com.contrast.labs.ai.mcp.contrast.sdkexstension.data.Library;
 import com.contrast.labs.ai.mcp.contrast.sdkexstension.data.LibraryExtended;
 import com.contrastsecurity.sdk.ContrastSDK;
 import org.junit.jupiter.api.AfterEach;
@@ -360,21 +362,21 @@ private CveData createMockCveData() {
     private CveData createMockCveDataWithApps() {
         CveData cveData = new CveData();
 
-        var app = mock(com.contrast.labs.ai.mcp.contrast.sdkexstension.data.App.class);
+        var app = mock(App.class);
         when(app.getApp_id()).thenReturn(TEST_APP_ID);
         when(app.getName()).thenReturn("Test Application");
         when(app.getClassCount()).thenReturn(0);
 
-        var apps = new ArrayList<com.contrast.labs.ai.mcp.contrast.sdkexstension.data.App>();
+        var apps = new ArrayList<App>();
         apps.add(app);
         cveData.setApps(apps);
 
-        var lib = mock(com.contrast.labs.ai.mcp.contrast.sdkexstension.data.Library.class);
+        var lib = mock(Library.class);
         when(lib.getHash()).thenReturn("matching-hash-789");
         when(lib.getFile_name()).thenReturn("vulnerable-lib.jar");
         when(lib.getVersion()).thenReturn("1.0.0");
 
-        var libs = new ArrayList<com.contrast.labs.ai.mcp.contrast.sdkexstension.data.Library>();
+        var libs = new ArrayList<Library>();
         libs.add(lib);
         cveData.setLibraries(libs);
 

Original file line number	Diff line number	Diff line change
`@@ -64,7 +64,7 @@ public class SCAService {`
`64`	`64`
`65`	`65`	`@Tool(name = "list_application_libraries", description = "Takes an application ID and returns the libraries used in the application. Use list_applications_with_name first to get the application ID from a name. Note: if class usage count is 0 the library is unlikely to be used")`
`66`	`66`	`public List<LibraryExtended> getApplicationLibrariesByID(String appID) throws IOException {`
`67`		`- if (appID == null \|\| appID.isEmpty()) {`
	`67`	`+ if (appID == null \|\| appID.isBlank()) {`
`68`	`68`	`throw new IllegalArgumentException("Application ID cannot be null or empty");`
`69`	`69`	`}`
`70`	`70`	`logger.info("Retrieving libraries for application id: {}", appID);`