From a4824c7fd0932a23c76c530d0a542718b6efd8fd Mon Sep 17 00:00:00 2001
From: Timo Pagel <github@timo-pagel.de>
Date: Mon, 29 Apr 2024 19:30:15 +0200
Subject: [PATCH 1/4] feat: add includes

---
 .../fellowship of the ring/gandalf.yaml       | 19 ++---
 activities/infrastructure/infrastructure.yaml | 18 +++++
 activities/infrastructure/team.yaml           | 38 ++++++++++
 activities/two towers/sauron.yaml             | 24 ++++--
 .../deserialization/ApplicationDirector.java  |  2 +-
 .../deserialization/YamlApplicationNodes.java | 14 +++-
 .../analyzer/deserialization/YamlScanner.java |  2 +-
 .../deserialization/YamlScannerIncludes.java  | 73 +++++++++++++++++++
 ...atePeriodWithSecurityRequirementsTest.java |  4 +-
 .../YamlApplicationNodesTest.java             |  3 +-
 .../YamlScannerIncludesTest.java              | 70 ++++++++++++++++++
 src/test/resources/include/application.yaml   |  5 ++
 src/test/resources/include/include1.yaml      |  1 +
 src/test/resources/include/include2.yaml      |  1 +
 .../include/includeWithActivities.yaml        |  2 +
 src/test/resources/include/nestedInclude.yaml |  4 +
 .../resources/include/nestedInclude2.yaml     |  1 +
 17 files changed, 254 insertions(+), 27 deletions(-)
 create mode 100644 activities/infrastructure/infrastructure.yaml
 create mode 100644 activities/infrastructure/team.yaml
 create mode 100644 src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludes.java
 create mode 100644 src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludesTest.java
 create mode 100644 src/test/resources/include/application.yaml
 create mode 100644 src/test/resources/include/include1.yaml
 create mode 100644 src/test/resources/include/include2.yaml
 create mode 100644 src/test/resources/include/includeWithActivities.yaml
 create mode 100644 src/test/resources/include/nestedInclude.yaml
 create mode 100644 src/test/resources/include/nestedInclude2.yaml

diff --git a/activities/fellowship of the ring/gandalf.yaml b/activities/fellowship of the ring/gandalf.yaml
index 7d78b14..9627d9a 100644
--- a/activities/fellowship of the ring/gandalf.yaml	
+++ b/activities/fellowship of the ring/gandalf.yaml	
@@ -5,21 +5,10 @@ settings:
   application: "gandalf" # e.g. from deployment
   team: "fellowship of the ring"
 
-# TODO optional fields results in null values in the output is good?
+includes:
+  - infrastructure/infrastructure.yaml
 
 activities:
-  Source Control Protection:
-    components:
-      - url: "https://test1.com"
-        date: 2023-01-01
-      - date: 2022-05-01
-        url: "https://test1.com"
-      - date: 2021-05-01
-        url: "https://test1.com"
-      - date: 2023-12-19
-        url: "https://test1.com"
-
-
   Conduction of simple threat modeling on technical level:
     components:
       - date: "2008-11-01"
@@ -42,4 +31,6 @@ activities:
         links:
           - title: "testtitle"
             url: "https://test1.com"
-
+  Reduction of the attack surface:
+    components:
+      - date: "2024-01-01"
diff --git a/activities/infrastructure/infrastructure.yaml b/activities/infrastructure/infrastructure.yaml
new file mode 100644
index 0000000..6af60b2
--- /dev/null
+++ b/activities/infrastructure/infrastructure.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: application
+settings:
+  desired level: Level 2
+  application: "kube"
+  team: "ops"
+
+activities:
+  Source Control Protection:
+    components:
+      - url: "https://test1.com"
+        date: 2023-01-01
+      - date: 2022-05-01
+        url: "https://test1.com"
+      - date: 2021-05-01
+        url: "https://test1.com"
+      - date: 2023-12-19
+        url: "https://test1.com"
diff --git a/activities/infrastructure/team.yaml b/activities/infrastructure/team.yaml
new file mode 100644
index 0000000..87adf50
--- /dev/null
+++ b/activities/infrastructure/team.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: team
+
+settings:
+  team: "ops"
+
+activities:
+  Security requirements:
+    components:
+      - url: "https://test1.com"
+        date: 2023-01-01
+      - date: 2022-05-01
+        url: "https://test1.com"
+      - date: 2021-05-01
+        url: "https://test1.com"
+      - date: 2023-12-19
+        url: "https://test1.com"
+
+  Data privacy requirements:
+    components:
+      - date: 2022-05-01
+      - date: 2021-05-01
+      - date: 2023-12-19
+
+  Security champion:
+    components:
+      - firstname: "Max"
+        lastname: "Mustermann"
+        date: "2020-11-01"
+
+  Security Training:
+    components:
+      - date: "2020-11-01"
+        people: 2
+        hours: 5
+      - date: "2023-11-01"
+        people: 2
+        hours: 5
diff --git a/activities/two towers/sauron.yaml b/activities/two towers/sauron.yaml
index 0609971..0faf974 100644
--- a/activities/two towers/sauron.yaml	
+++ b/activities/two towers/sauron.yaml	
@@ -7,21 +7,32 @@ settings:
   application: "sauron" # e.g. from deployment
   team: "two towers"
 
+includes:
+  - infrastructure/infrastructure.yaml
+
 activities:
   Source Control Protection:
     components:
       - url: "https://test1.com"
         date: 2023-01-01
-      - date: 2022-10-01
+      - date: 2022-05-01
         url: "https://test1.com"
-      - date: 2000-01-01
+      - date: 2021-05-01
         url: "https://test1.com"
       - date: 2023-12-19
         url: "https://test1.com"
+
+  Defined build process:
+    components:
+      - url: "https://test1.com"
+        date: 2023-01-01
       - date: 2022-05-01
-        url: "https://test2.com"
+        url: "https://test1.com"
+      - date: 2021-05-01
+        url: "https://test1.com"
       - date: 2023-12-19
-        url: "https://test2.com"
+        url: "https://test1.com"
+
   Conduction of simple threat modeling on technical level:
     components:
       - date: "2009-11-01"
@@ -44,10 +55,7 @@ activities:
         links:
           - title: "testtitle"
             url: "https://test1.com"
-  Reduction of the attack surface:
-    components:
-      - date: "2023-01-01"
 #  sast:
 #    confirmation:
 #      - confirmed by: "Max Mustermann"
-#        confirmed date: "2020-01-01"
\ No newline at end of file
+#        confirmed date: "2020-01-01"
diff --git a/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/ApplicationDirector.java b/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/ApplicationDirector.java
index d0f533d..8e36aaf 100644
--- a/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/ApplicationDirector.java
+++ b/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/ApplicationDirector.java
@@ -80,7 +80,7 @@ private List<SkeletonActivity> getDeserializeSkeletons() throws IOException, Git
 
   private List<Application> getDeserializedApplications(List<SkeletonActivity> skeletonActivities) throws IOException, ClassNotFoundException, InstantiationException, IllegalAccessException, GitAPIException {
     List<Application> applications = new ArrayList<>();
-    YamlApplicationNodes yamlApplicationNodes = new YamlApplicationNodes();
+    YamlApplicationNodes yamlApplicationNodes = new YamlApplicationNodes(yamlScanner.getYamlApplicationFolderPath());
     HashMap<String, List<Activity>> teamActivities = new HashMap<>();
     for (File yamlApplicationFilePath : yamlScanner.getApplicationYamls()) {
       logger.info("yamlApplicationFilePath: " + yamlApplicationFilePath.getPath());
diff --git a/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlApplicationNodes.java b/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlApplicationNodes.java
index d6c4fe0..8ed6a74 100644
--- a/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlApplicationNodes.java
+++ b/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlApplicationNodes.java
@@ -4,6 +4,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.HashMap;
 
@@ -12,9 +13,15 @@ public class YamlApplicationNodes {
   // Key: Team name
   protected HashMap<String, ArrayList<JsonNode>> nodes;
 
+  protected String yamlBasePath = "";
+
   public YamlApplicationNodes() {
     this.nodes = new HashMap<String, ArrayList<JsonNode>>();
   }
+  public YamlApplicationNodes(String yamlBasePath) {
+    this.yamlBasePath = yamlBasePath;
+    this.nodes = new HashMap<String, ArrayList<JsonNode>>();
+  }
 
   public void addJsonNode(JsonNode node) {
     JsonNode settings = node.get("settings");
@@ -45,14 +52,19 @@ public ArrayList<JsonNode> getNodesForTeam(String team) {
     return allNodes;
   }
 
-  public ArrayList<JsonNode> getNodes(String team, String kind) {
+  public ArrayList<JsonNode> getNodes(String team, String kind) throws IOException {
     ArrayList<JsonNode> applicationNodes = new ArrayList<JsonNode>();
 
     for (JsonNode node : getNodesForTeam(team)) {
       if (node.get("kind").asText().equals(kind)) {
+        if(yamlBasePath != null && !yamlBasePath.isEmpty()) {
+          YamlScannerIncludes yamlScannerIncludes = new YamlScannerIncludes(node, yamlBasePath);
+          node = yamlScannerIncludes.getNode();
+        }
         applicationNodes.add(node);
       }
     }
+
     return applicationNodes;
   }
 }
diff --git a/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScanner.java b/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScanner.java
index 92c628c..dccabf7 100644
--- a/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScanner.java
+++ b/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScanner.java
@@ -143,7 +143,7 @@ private String getYamlSkeletonFilePath() {
     return yamlSkeletonFilePath;
   }
 
-  private String getYamlApplicationFolderPath() {
+  public String getYamlApplicationFolderPath() {
     logger.info("yamlApplicationFolderPath() " + yamlApplicationFolderPath);
     if (isGit()) {
       return yamlGitTargetPath + "/" + yamlApplicationFolderPath;
diff --git a/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludes.java b/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludes.java
new file mode 100644
index 0000000..71fe38b
--- /dev/null
+++ b/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludes.java
@@ -0,0 +1,73 @@
+package org.owasp.dsomm.metricca.analyzer.deserialization;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
+
+import java.io.File;
+import java.io.IOException;
+
+public class YamlScannerIncludes {
+  private ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
+  private String yamlBasePath;
+  private JsonNode applicationJsonNode;
+
+  public YamlScannerIncludes(JsonNode applicationJsonNode, String basePath) {
+    this.applicationJsonNode = applicationJsonNode;
+    this.yamlBasePath = basePath;
+  }
+
+  public JsonNode getNode() throws IOException {
+    processIncludes(applicationJsonNode);
+    return applicationJsonNode;
+  }
+
+  private void processIncludes(JsonNode node) throws IOException {
+    if (node.has("includes")) {
+      ArrayNode includesArray = (ArrayNode) node.get("includes");
+      for (JsonNode includeNode : includesArray) {
+        if (includeNode.isTextual()) {
+          String includePath = includeNode.asText();
+          File includeFile = new File(yamlBasePath + File.separator + includePath);
+          JsonNode includeContent = mapper.readTree(includeFile);
+          if (includeContent.has("includes")) {
+              processIncludes(includeContent);
+          }
+          mergeJsonNodes(node, includeContent);
+        }
+      }
+      ((ObjectNode) node).remove("includes");
+    }
+
+
+  }
+
+  private void mergeJsonNodes(JsonNode destinationNode, JsonNode sourceNode) {
+    if (destinationNode instanceof ObjectNode && sourceNode instanceof ObjectNode) {
+      ObjectNode destObjectNode = (ObjectNode) destinationNode;
+      ObjectNode srcObjectNode = (ObjectNode) sourceNode;
+
+      // Merge fields from source node to destination node
+      srcObjectNode.fieldNames().forEachRemaining(fieldName -> {
+        JsonNode srcFieldValue = srcObjectNode.get(fieldName);
+        JsonNode destFieldValue = destObjectNode.get(fieldName);
+
+        if (destFieldValue != null && destFieldValue.isObject() && srcFieldValue.isObject()) {
+          // Recursive deep merge for nested objects
+          mergeJsonNodes(destFieldValue, srcFieldValue);
+        } else {
+          // If the field exists in the destination node but not in the source node, or if the field is null in the destination
+          // and exists in the source node, or if the included YAML is overriding the including YAML, override the value in the destination
+          if (destFieldValue == null || (!destObjectNode.has(fieldName) && srcObjectNode.has(fieldName))) {
+            destObjectNode.set(fieldName, srcFieldValue);
+          }
+        }
+      });
+    } else {
+      throw new IllegalArgumentException("Both nodes must be ObjectNodes");
+    }
+  }
+
+}
diff --git a/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/DatePeriodWithSecurityRequirementsTest.java b/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/DatePeriodWithSecurityRequirementsTest.java
index acb3280..c8057c9 100644
--- a/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/DatePeriodWithSecurityRequirementsTest.java
+++ b/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/DatePeriodWithSecurityRequirementsTest.java
@@ -26,6 +26,8 @@ private UrlActivity getSecurityRequirementsActivity() throws GitAPIException, IO
     List<Application> actualApplications = applicationDirector.getApplications();
     for (Application application : actualApplications) {
       if (application.getName().equals("sauron")) {
+        Date date = ((UrlActivity) application.getActivities().get(0)).getDateComponents().get(0).getDate();
+        logger.error("date" + date);
         return (UrlActivity) application.getActivities().get(0);
       }
     }
@@ -75,4 +77,4 @@ public void testShowEndDateWithEndDateToShowForSingleDate() throws Exception {
     assertNotNull(endDateForExistingDate);
     assertTrue(endDateForExistingDate.getShowEndDate());
   }
-}
\ No newline at end of file
+}
diff --git a/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlApplicationNodesTest.java b/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlApplicationNodesTest.java
index 1dcc9c0..46c6e30 100644
--- a/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlApplicationNodesTest.java
+++ b/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlApplicationNodesTest.java
@@ -11,6 +11,7 @@
 import org.owasp.dsomm.metricca.analyzer.deserialization.YamlApplicationNodes;
 import org.springframework.test.util.ReflectionTestUtils;
 
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.HashMap;
 
@@ -91,7 +92,7 @@ void shouldGetNodesForTeam() {
   }
 
   @Test
-  void testGetNodesForTeam() throws JsonProcessingException {
+  void testGetNodesForTeam() throws IOException {
     HashMap<String, ArrayList<JsonNode>> nodes = new HashMap<>();
     ArrayList<JsonNode> jsonNodes = new ArrayList<>();
     jsonNodes.add(objectMapper.readTree(jsonNodeString));
diff --git a/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludesTest.java b/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludesTest.java
new file mode 100644
index 0000000..4b2d877
--- /dev/null
+++ b/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludesTest.java
@@ -0,0 +1,70 @@
+package org.owasp.dsomm.metricca.analyzer.deserialization;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.junit.jupiter.api.Test;
+import java.nio.file.Paths;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+public class YamlScannerIncludesTest {
+
+  @Test
+  void testSingleNodeInclude() throws Exception {
+    // Arrange
+    String basePath = Paths.get("src", "test", "resources", "include").toString();
+    ObjectMapper objectMapper = new ObjectMapper();
+    JsonNode applicationJsonNode = objectMapper.readTree("{ \"key\": \"value\", \"includes\": [\"include1.yaml\"] }");
+    JsonNode expected = objectMapper.readTree("{ \"key\": \"value\", \"includedKey\": \"includedValue\" }");
+
+    // Act
+    YamlScannerIncludes yamlScannerIncludes = new YamlScannerIncludes(applicationJsonNode, basePath);
+    JsonNode result = yamlScannerIncludes.getNode();
+
+    // Assert
+    assertEquals(expected, result);
+  }
+
+  @Test
+  void testMultipleNodeInclude() throws Exception {
+    // Arrange
+    String basePath = Paths.get("src", "test", "resources", "include").toString();
+    ObjectMapper objectMapper = new ObjectMapper();
+    JsonNode applicationJsonNode = objectMapper.readTree("{ \"key\": \"value\", \"includes\": [\"include2.yaml\"] }");
+    JsonNode expected = objectMapper.readTree("{ \"key\": \"value\", \"includedKey2\": \"includedValue2\" }");
+
+    // Act
+    YamlScannerIncludes yamlScannerIncludes = new YamlScannerIncludes(applicationJsonNode, basePath);
+    JsonNode result = yamlScannerIncludes.getNode();
+
+    // Assert
+    assertEquals(expected, result);
+  }
+
+  @Test
+  void testNestedIncludes() throws Exception {
+    // Arrange
+    String basePath = Paths.get("src", "test", "resources", "include").toString();
+    ObjectMapper objectMapper = new ObjectMapper();
+    JsonNode applicationJsonNode = objectMapper.readTree("{ \"key\": \"value\", \"includes\": [\"nestedInclude.yaml\"] }");
+    JsonNode expected = objectMapper.readTree("{ \"key\": \"value\", \"includedKey1\": \"includedValue1\", \"nestedKey2\": \"nestedValue2\"}");
+    // Act
+    YamlScannerIncludes yamlScannerIncludes = new YamlScannerIncludes(applicationJsonNode, basePath);
+    JsonNode result = yamlScannerIncludes.getNode();
+
+    // Assert
+    assertEquals(expected, result);
+  }
+  @Test
+  void testIncludesWithActvities() throws Exception {
+    // Arrange
+    String basePath = Paths.get("src", "test", "resources", "include").toString();
+    ObjectMapper objectMapper = new ObjectMapper();
+    JsonNode applicationJsonNode = objectMapper.readTree("{ \"activities\": {\"key\": \"value\"}, \"includes\": [\"includeWithActivities.yaml\"]}");
+    JsonNode expected = objectMapper.readTree("{ \"activities\": {\"key\": \"value\", \"includedKey\": \"includedValue\"}}");
+    // Act
+    YamlScannerIncludes yamlScannerIncludes = new YamlScannerIncludes(applicationJsonNode, basePath);
+    JsonNode result = yamlScannerIncludes.getNode();
+
+    // Assert
+    assertEquals(expected, result);
+  }
+}
diff --git a/src/test/resources/include/application.yaml b/src/test/resources/include/application.yaml
new file mode 100644
index 0000000..d328efb
--- /dev/null
+++ b/src/test/resources/include/application.yaml
@@ -0,0 +1,5 @@
+includes:
+  - include1.yaml
+  - include2.yaml
+  - nestedInclude.yaml
+key: value
diff --git a/src/test/resources/include/include1.yaml b/src/test/resources/include/include1.yaml
new file mode 100644
index 0000000..639bafb
--- /dev/null
+++ b/src/test/resources/include/include1.yaml
@@ -0,0 +1 @@
+includedKey: includedValue
diff --git a/src/test/resources/include/include2.yaml b/src/test/resources/include/include2.yaml
new file mode 100644
index 0000000..b494136
--- /dev/null
+++ b/src/test/resources/include/include2.yaml
@@ -0,0 +1 @@
+includedKey2: includedValue2
diff --git a/src/test/resources/include/includeWithActivities.yaml b/src/test/resources/include/includeWithActivities.yaml
new file mode 100644
index 0000000..743ea90
--- /dev/null
+++ b/src/test/resources/include/includeWithActivities.yaml
@@ -0,0 +1,2 @@
+activities:
+  includedKey: includedValue
diff --git a/src/test/resources/include/nestedInclude.yaml b/src/test/resources/include/nestedInclude.yaml
new file mode 100644
index 0000000..c8b6767
--- /dev/null
+++ b/src/test/resources/include/nestedInclude.yaml
@@ -0,0 +1,4 @@
+key: toBeOverriden
+includedKey1: includedValue1
+includes:
+  - nestedInclude2.yaml
diff --git a/src/test/resources/include/nestedInclude2.yaml b/src/test/resources/include/nestedInclude2.yaml
new file mode 100644
index 0000000..d4e29eb
--- /dev/null
+++ b/src/test/resources/include/nestedInclude2.yaml
@@ -0,0 +1 @@
+nestedKey2: nestedValue2

From ec1f27e8ff488e613d139d3a8751fc393d104956 Mon Sep 17 00:00:00 2001
From: Timo Pagel <github@timo-pagel.de>
Date: Tue, 30 Apr 2024 07:04:56 +0200
Subject: [PATCH 2/4] chore: fix test data

---
 .../deserialization/DatePeriodWithSecurityRequirementsTest.java | 2 +-
 .../analyzer/deserialization/YamlScannerIncludesTest.java       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/DatePeriodWithSecurityRequirementsTest.java b/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/DatePeriodWithSecurityRequirementsTest.java
index c8057c9..eb9ef67 100644
--- a/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/DatePeriodWithSecurityRequirementsTest.java
+++ b/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/DatePeriodWithSecurityRequirementsTest.java
@@ -72,7 +72,7 @@ public void testShowEndDateWithEndDateToShowForSingleDate() throws Exception {
     SimpleDateFormat isoFormat = new SimpleDateFormat("yyyy-MM-dd");
     isoFormat.setTimeZone(TimeZone.getTimeZone("Etc/UTC"));
 
-    Date existingDate = isoFormat.parse("2000-01-01");
+    Date existingDate = isoFormat.parse("2023-12-19");
     DatePeriod endDateForExistingDate = activity.getThresholdDatePeriodMap().get("Level 1").getDatePeriodForDate(existingDate);
     assertNotNull(endDateForExistingDate);
     assertTrue(endDateForExistingDate.getShowEndDate());
diff --git a/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludesTest.java b/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludesTest.java
index 4b2d877..281721f 100644
--- a/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludesTest.java
+++ b/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludesTest.java
@@ -54,7 +54,7 @@ void testNestedIncludes() throws Exception {
     assertEquals(expected, result);
   }
   @Test
-  void testIncludesWithActvities() throws Exception {
+  void testIncludesWithActivities() throws Exception {
     // Arrange
     String basePath = Paths.get("src", "test", "resources", "include").toString();
     ObjectMapper objectMapper = new ObjectMapper();

From 6274dc87254aac99bbc9e815a11ed6f590ee1a61 Mon Sep 17 00:00:00 2001
From: Timo Pagel <github@timo-pagel.de>
Date: Tue, 30 Apr 2024 07:11:51 +0200
Subject: [PATCH 3/4] chore: beautify

---
 .../metricca/analyzer/deserialization/YamlScanner.java |  2 +-
 .../analyzer/deserialization/YamlScannerIncludes.java  | 10 ++++------
 .../exception/ApplicationNotFoundException.java        |  2 +-
 src/main/resources/application-debugging.properties    |  2 +-
 src/main/resources/application-heroku.properties       |  2 +-
 src/main/resources/application-prod.properties         |  2 +-
 .../DatePeriodWithSecurityRequirementsTest.java        |  2 --
 7 files changed, 9 insertions(+), 13 deletions(-)

diff --git a/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScanner.java b/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScanner.java
index dccabf7..2d211ae 100644
--- a/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScanner.java
+++ b/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScanner.java
@@ -144,7 +144,7 @@ private String getYamlSkeletonFilePath() {
   }
 
   public String getYamlApplicationFolderPath() {
-    logger.info("yamlApplicationFolderPath() " + yamlApplicationFolderPath);
+    logger.debug("yamlApplicationFolderPath() " + yamlApplicationFolderPath);
     if (isGit()) {
       return yamlGitTargetPath + "/" + yamlApplicationFolderPath;
     }
diff --git a/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludes.java b/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludes.java
index 71fe38b..975554a 100644
--- a/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludes.java
+++ b/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludes.java
@@ -10,9 +10,9 @@
 import java.io.IOException;
 
 public class YamlScannerIncludes {
-  private ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
-  private String yamlBasePath;
-  private JsonNode applicationJsonNode;
+  private final ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
+  private final String yamlBasePath;
+  private final JsonNode applicationJsonNode;
 
   public YamlScannerIncludes(JsonNode applicationJsonNode, String basePath) {
     this.applicationJsonNode = applicationJsonNode;
@@ -45,9 +45,7 @@ private void processIncludes(JsonNode node) throws IOException {
   }
 
   private void mergeJsonNodes(JsonNode destinationNode, JsonNode sourceNode) {
-    if (destinationNode instanceof ObjectNode && sourceNode instanceof ObjectNode) {
-      ObjectNode destObjectNode = (ObjectNode) destinationNode;
-      ObjectNode srcObjectNode = (ObjectNode) sourceNode;
+    if (destinationNode instanceof ObjectNode destObjectNode && sourceNode instanceof ObjectNode srcObjectNode) {
 
       // Merge fields from source node to destination node
       srcObjectNode.fieldNames().forEachRemaining(fieldName -> {
diff --git a/src/main/java/org/owasp/dsomm/metricca/analyzer/exception/ApplicationNotFoundException.java b/src/main/java/org/owasp/dsomm/metricca/analyzer/exception/ApplicationNotFoundException.java
index 969b4b5..fd3c755 100644
--- a/src/main/java/org/owasp/dsomm/metricca/analyzer/exception/ApplicationNotFoundException.java
+++ b/src/main/java/org/owasp/dsomm/metricca/analyzer/exception/ApplicationNotFoundException.java
@@ -7,7 +7,7 @@ public ApplicationNotFoundException(String applicationName, String teamName) {
     this.teamName = teamName;
   }
 
-  private String teamName;
+  private final String teamName;
   private String applicationName;
 
   public String getApplicationName() {
diff --git a/src/main/resources/application-debugging.properties b/src/main/resources/application-debugging.properties
index a357351..512dd09 100644
--- a/src/main/resources/application-debugging.properties
+++ b/src/main/resources/application-debugging.properties
@@ -1,4 +1,4 @@
 logging.level.root=INFO
 metricCA.resource.path=/app/resources
-spring.config.import: ${metricCA.resource.path}/application-prod.properties
+spring.config.import= ${metricCA.resource.path}/application-prod.properties
 logging.level.org.eclipse.jgit=DEBUG
diff --git a/src/main/resources/application-heroku.properties b/src/main/resources/application-heroku.properties
index beb8298..320f1de 100644
--- a/src/main/resources/application-heroku.properties
+++ b/src/main/resources/application-heroku.properties
@@ -1,2 +1,2 @@
 metricCA.resource.path=/app/src/main/resources/
-spring.config.import: ${metricCA.resource.path}/application-prod.properties
+spring.config.import= ${metricCA.resource.path}/application-prod.properties
diff --git a/src/main/resources/application-prod.properties b/src/main/resources/application-prod.properties
index db49300..b5fcf80 100644
--- a/src/main/resources/application-prod.properties
+++ b/src/main/resources/application-prod.properties
@@ -1,7 +1,7 @@
 logging.level.org.owasp=${LOGGING_LEVEL_OWASP}
 metricCA.git.targetPath=/tmp/metricCA
 metricCA.resource.path=${RESOURCE_PATH}
-spring.config.import: ${metricCA.resource.path}/application.properties
+spring.config.import= ${metricCA.resource.path}/application.properties
 metricCA.application.path=${metricCA.git.targetPath}/activities
 metricCA.teams.path=${metricCA.git.targetPath}/teams.yaml
 # only internal http://metric-analyzer:8080
diff --git a/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/DatePeriodWithSecurityRequirementsTest.java b/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/DatePeriodWithSecurityRequirementsTest.java
index eb9ef67..4e1b061 100644
--- a/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/DatePeriodWithSecurityRequirementsTest.java
+++ b/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/DatePeriodWithSecurityRequirementsTest.java
@@ -26,8 +26,6 @@ private UrlActivity getSecurityRequirementsActivity() throws GitAPIException, IO
     List<Application> actualApplications = applicationDirector.getApplications();
     for (Application application : actualApplications) {
       if (application.getName().equals("sauron")) {
-        Date date = ((UrlActivity) application.getActivities().get(0)).getDateComponents().get(0).getDate();
-        logger.error("date" + date);
         return (UrlActivity) application.getActivities().get(0);
       }
     }

From 2d3256626ef3de72fa58f7934756bc4e72f62b13 Mon Sep 17 00:00:00 2001
From: Timo Pagel <github@timo-pagel.de>
Date: Tue, 30 Apr 2024 07:16:31 +0200
Subject: [PATCH 4/4] chore: beautify

---
 .../deserialization/YamlApplicationNodes.java | 29 ++++++++++---------
 .../YamlScannerIncludesTest.java              |  2 ++
 2 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlApplicationNodes.java b/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlApplicationNodes.java
index 8ed6a74..4c971d5 100644
--- a/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlApplicationNodes.java
+++ b/src/main/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlApplicationNodes.java
@@ -18,6 +18,7 @@ public class YamlApplicationNodes {
   public YamlApplicationNodes() {
     this.nodes = new HashMap<String, ArrayList<JsonNode>>();
   }
+
   public YamlApplicationNodes(String yamlBasePath) {
     this.yamlBasePath = yamlBasePath;
     this.nodes = new HashMap<String, ArrayList<JsonNode>>();
@@ -39,25 +40,12 @@ public HashMap<String, ArrayList<JsonNode>> getNodes() {
     return nodes;
   }
 
-  public ArrayList<JsonNode> getNodesForTeam(String team) {
-    ArrayList<JsonNode> allNodes = new ArrayList<JsonNode>();
-
-    for (JsonNode node : nodes.get(team)) {
-      JsonNode settings = node.get("settings");
-      String teamFromNode = settings.get("team").asText();
-      if (teamFromNode.equals(team)) {
-        allNodes.add(node);
-      }
-    }
-    return allNodes;
-  }
-
   public ArrayList<JsonNode> getNodes(String team, String kind) throws IOException {
     ArrayList<JsonNode> applicationNodes = new ArrayList<JsonNode>();
 
     for (JsonNode node : getNodesForTeam(team)) {
       if (node.get("kind").asText().equals(kind)) {
-        if(yamlBasePath != null && !yamlBasePath.isEmpty()) {
+        if (yamlBasePath != null && !yamlBasePath.isEmpty()) {
           YamlScannerIncludes yamlScannerIncludes = new YamlScannerIncludes(node, yamlBasePath);
           node = yamlScannerIncludes.getNode();
         }
@@ -67,4 +55,17 @@ public ArrayList<JsonNode> getNodes(String team, String kind) throws IOException
 
     return applicationNodes;
   }
+
+  public ArrayList<JsonNode> getNodesForTeam(String team) {
+    ArrayList<JsonNode> allNodes = new ArrayList<JsonNode>();
+
+    for (JsonNode node : nodes.get(team)) {
+      JsonNode settings = node.get("settings");
+      String teamFromNode = settings.get("team").asText();
+      if (teamFromNode.equals(team)) {
+        allNodes.add(node);
+      }
+    }
+    return allNodes;
+  }
 }
diff --git a/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludesTest.java b/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludesTest.java
index 281721f..e86333a 100644
--- a/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludesTest.java
+++ b/src/test/java/org/owasp/dsomm/metricca/analyzer/deserialization/YamlScannerIncludesTest.java
@@ -1,4 +1,5 @@
 package org.owasp.dsomm.metricca.analyzer.deserialization;
+
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.junit.jupiter.api.Test;
@@ -53,6 +54,7 @@ void testNestedIncludes() throws Exception {
     // Assert
     assertEquals(expected, result);
   }
+
   @Test
   void testIncludesWithActivities() throws Exception {
     // Arrange