fix: count unique transitive, direct and total independently

Signed-off-by: Ruben Romero Montes <[email protected]>

Author: ruromero

src/main/java/com/redhat/exhort/integration/providers/ProviderResponseHandler.java

@@ -26,6 +26,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
+import java.util.Set;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.stream.Collectors;
 
@@ -53,6 +54,7 @@
 import com.redhat.exhort.model.CvssScoreComparable.DependencyScoreComparator;
 import com.redhat.exhort.model.CvssScoreComparable.TransitiveScoreComparator;
 import com.redhat.exhort.model.DependencyTree;
+import com.redhat.exhort.model.DirectDependency;
 import com.redhat.exhort.model.ProviderResponse;
 import com.redhat.exhort.model.trustedcontent.IndexedRecommendation;
 import com.redhat.exhort.model.trustedcontent.TrustedContentResponse;
@@ -425,9 +427,21 @@ private SourceSummary buildSummary(
     var counter = new VulnerabilityCounter();
     var directRefs =
         tree.dependencies().keySet().stream().map(PackageRef::ref).collect(Collectors.toSet());
+    var transitiveRefs =
+        tree.dependencies().values().stream()
+            .map(DirectDependency::transitive)
+            .flatMap(Set::stream)
+            .map(PackageRef::ref)
+            .toList();
     issuesData
         .entrySet()
-        .forEach(e -> incrementCounter(e.getValue(), counter, directRefs.contains(e.getKey())));
+        .forEach(
+            e ->
+                incrementCounter(
+                    e.getValue(),
+                    counter,
+                    directRefs.contains(e.getKey()),
+                    transitiveRefs.contains(e.getKey())));
     Long recommendationsCount =
         sourceReport.stream().filter(s -> s.getRecommendation() != null).count();
     counter.recommendations.set(recommendationsCount.intValue());
@@ -436,7 +450,7 @@ private SourceSummary buildSummary(
   }
 
   private void incrementCounter(
-      List<Issue> issues, VulnerabilityCounter counter, boolean isDirect) {
+      List<Issue> issues, VulnerabilityCounter counter, boolean isDirect, boolean isTransitive) {
     if (!issues.isEmpty()) {
       counter.dependencies.incrementAndGet();
     }
@@ -453,6 +467,9 @@ private void incrementCounter(
           if (isDirect) {
             counter.direct.addAndGet(vulnerabilities);
           }
+          if (isTransitive) {
+            counter.transitive.addAndGet(vulnerabilities);
+          }
           if (i.getRemediation() != null
               && i.getRemediation().getTrustedContent() != null
               && i.getRemediation().getTrustedContent().getRef() != null) {
@@ -475,6 +492,7 @@ private int countVulnerabilities(Issue i) {
 
   private static final record VulnerabilityCounter(
       AtomicInteger total,
+      AtomicInteger transitive,
       AtomicInteger critical,
       AtomicInteger high,
       AtomicInteger medium,
@@ -496,6 +514,7 @@ private static final record VulnerabilityCounter(
           new AtomicInteger(),
           new AtomicInteger(),
           new AtomicInteger(),
+          new AtomicInteger(),
           new AtomicInteger());
     }
 
@@ -507,10 +526,9 @@ SourceSummary getSummary() {
           .medium(medium.get())
           .low(low.get())
           .direct(direct.get())
-          .transitive(total.get() - direct.get())
+          .transitive(transitive.get())
           .dependencies(dependencies.get())
           .remediations(remediations.get())
-          // Will be calculated later when TC recommendations will be added.
           .recommendations(recommendations.get())
           .unscanned(unscanned.get());
     }