#36 Use Map instead of MultiValueMap as options type

During the last refactorings we wondered why MultiValueMaps are used for options.
The original developer has no clue, why he used it.

First we encountered the problem that the value generic type was untyped
Object, which is bad due to type confusion bugs. So we changed it to
String, since all values are somehow converted to Strings in the end (its HTTP).

This resulted in a compile error, when adding these options to the request
body because of type erasure problems (Type<String> is not the same as
Type<Object>).

So we changed the addition of options to the request body by looping over the
options and add them explicitly. This change resulted in a runtime error on
HTTP request:

  org.springframework.http.converter.HttpMessageNotWritableException:
  Could not write request: no suitable HttpMessageConverter found for request
  type [java.util.ArrayList]

The reason for this is that values in a MultiValueMap may be a single value or
multiple values (which will be a List of values). Before our change this worked
by accident because nobody added multiple values. That's my assumption

Since we do not need multiple values under the same key I change the API to
a simple Map<String,String>.

Signed-off-by: Sven Strittmatter <sven.strittmatter@iteratec.com>

Author: Weltraumschaf

src/main/java/io/securecodebox/persistence/defectdojo/service/DefaultImportScanService.java

@@ -35,6 +35,7 @@
 
 import java.nio.charset.StandardCharsets;
 import java.util.List;
+import java.util.Map;
 
 /*
  * https://defectdojo.security.iteratec.dev/api/v2/oa3/swagger-ui/#operations-tag-import-scan
@@ -62,23 +63,23 @@ class DefaultImportScanService implements ImportScanService {
     }
 
     @Override
-    public ImportScanResponse importScan(ScanFile scanFile, long engagementId, long lead, String currentDate, ScanType scanType, long testType, MultiValueMap<String, String> options) {
-        options.add("engagement", Long.toString(engagementId));
+    public ImportScanResponse importScan(ScanFile scanFile, long engagementId, long lead, String currentDate, ScanType scanType, long testType, Map<String, String> options) {
+        options.put("engagement", Long.toString(engagementId));
 
         return this.createFindings(scanFile, "import-scan", lead, currentDate, scanType, testType, options);
     }
 
     @Override
-    public ImportScanResponse reimportScan(ScanFile scanFile, long testId, long lead, String currentDate, ScanType scanType, long testType, MultiValueMap<String, String> options) {
-        options.add("test", Long.toString(testId));
+    public ImportScanResponse reimportScan(ScanFile scanFile, long testId, long lead, String currentDate, ScanType scanType, long testType, Map<String, String> options) {
+        options.put("test", Long.toString(testId));
 
         return this.createFindings(scanFile, "reimport-scan", lead, currentDate, scanType, testType, options);
     }
 
     /*
      * Before version 1.5.4. testName (in DefectDojo _test_type_) must be defectDojoScanName, afterward, you can have something else.
      */
-    private ImportScanResponse createFindings(ScanFile scanFile, String endpoint, long lead, String currentDate, ScanType scanType, long testType, MultiValueMap<String, String> options) {
+    private ImportScanResponse createFindings(ScanFile scanFile, String endpoint, long lead, String currentDate, ScanType scanType, long testType, Map<String, String> options) {
         final var headers = createDefectDojoAuthorizationHeaders();
         // We use multipart because we send two "parts" in the request body:
         // 1. generic info as key=value&key=value...

src/main/java/io/securecodebox/persistence/defectdojo/service/ImportScanService.java

@@ -11,8 +11,9 @@
 import io.securecodebox.persistence.defectdojo.models.ScanFile;
 import lombok.Data;
 import lombok.Getter;
-import org.springframework.util.LinkedMultiValueMap;
-import org.springframework.util.MultiValueMap;
+
+import java.util.HashMap;
+import java.util.Map;
 
 /**
  * Service to re/import findings into DefectDojo
@@ -29,16 +30,16 @@ static ImportScanService createDefault(final DefectDojoConfig config) {
     }
 
     default ImportScanResponse importScan(ScanFile scanFile, long engagementId, long lead, String currentDate, ScanType scanType, long testType) {
-        return this.importScan(scanFile, engagementId, lead, currentDate, scanType, testType, new LinkedMultiValueMap<>());
+        return this.importScan(scanFile, engagementId, lead, currentDate, scanType, testType, new HashMap<>());
     }
 
-    ImportScanResponse importScan(ScanFile scanFile, long engagementId, long lead, String currentDate, ScanType scanType, long testType, MultiValueMap<String, String> options);
+    ImportScanResponse importScan(ScanFile scanFile, long engagementId, long lead, String currentDate, ScanType scanType, long testType, Map<String, String> options);
 
     default ImportScanResponse reimportScan(ScanFile scanFile, long testId, long lead, String currentDate, ScanType scanType, long testType) {
-        return this.reimportScan(scanFile, testId, lead, currentDate, scanType, testType, new LinkedMultiValueMap<>());
+        return this.reimportScan(scanFile, testId, lead, currentDate, scanType, testType, new HashMap<>());
     }
 
-    ImportScanResponse reimportScan(ScanFile scanFile, long testId, long lead, String currentDate, ScanType scanType, long testType, MultiValueMap<String, String> options);
+    ImportScanResponse reimportScan(ScanFile scanFile, long testId, long lead, String currentDate, ScanType scanType, long testType, Map<String, String> options);
 
     @Data
     class ImportScanResponse {