Examples with IssueBomComponentDetails com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails used on opensource projects

Example 1 with IssueBomComponentDetails

use of com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails in project hub-alert by blackducksoftware.

the class AzureBoardsProjectAndVersionIssueFinder method createProjectIssueModel.

private ProjectIssueModel createProjectIssueModel(ProviderDetails providerDetails, LinkableItem project, @Nullable LinkableItem nullableProjectVersion, WorkItemFieldsWrapper workItemFields) {
    AzureFieldDefinition<String> projectVersionFieldDef = AzureFieldDefinition.stringField(AzureCustomFieldManager.ALERT_SUB_TOPIC_KEY_FIELD_REFERENCE_NAME);
    AzureFieldDefinition<String> componentFieldDef = AzureFieldDefinition.stringField(AzureCustomFieldManager.ALERT_COMPONENT_KEY_FIELD_REFERENCE_NAME);
    AzureFieldDefinition<String> subComponentFieldDef = AzureFieldDefinition.stringField(AzureCustomFieldManager.ALERT_SUB_COMPONENT_KEY_FIELD_REFERENCE_NAME);
    LinkableItem projectVersion = Optional.ofNullable(nullableProjectVersion).orElse(AzureBoardsWorkItemExtractionUtils.extractLinkableItem(workItemFields, projectVersionFieldDef));
    LinkableItem component = AzureBoardsWorkItemExtractionUtils.extractLinkableItem(workItemFields, componentFieldDef);
    LinkableItem componentVersion = null;
    Optional<String> componentVersionField = workItemFields.getField(subComponentFieldDef);
    if (componentVersionField.isPresent()) {
        componentVersion = AzureBoardsWorkItemExtractionUtils.extractLinkableItem(componentVersionField.get());
    }
    IssueBomComponentDetails bomComponent = IssueBomComponentDetails.fromSearchResults(component, componentVersion);
    return ProjectIssueModel.bom(providerDetails, project, projectVersion, bomComponent);
}

Example 2 with IssueBomComponentDetails

use of com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails in project hub-alert by blackducksoftware.

the class AzureBoardsAlertIssuePropertiesManagerTest method verifyValidVulnIssuesAreCreated.

@Test
public void verifyValidVulnIssuesAreCreated() {
    AzureBoardsAlertIssuePropertiesManager azureBoardsAlertIssuePropertiesManager = new AzureBoardsAlertIssuePropertiesManager();
    LinkableItem providerConfig = new LinkableItem("providerConfigLabel", "providerConfigValue");
    ProviderDetails providerDetails = new ProviderDetails(1L, providerConfig);
    LinkableItem project = new LinkableItem("projectLabel", "projectValue");
    LinkableItem projectVersion = new LinkableItem("projectVersionLabel", "projectVersionValue");
    LinkableItem component = new LinkableItem("componentLabel", "componentValue");
    LinkableItem componentVersion = new LinkableItem("componentVersionLabel", "componentVersionValue");
    IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromSearchResults(component, componentVersion);
    IssueVulnerabilityDetails issueVulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(IssueVulnerabilityModel.fromComponentConcern(ComponentConcern.vulnerability(ItemOperation.ADD, "vulnerabilityId", ComponentConcernSeverity.CRITICAL, "vulnerabilityUrl"))), List.of(), List.of());
    ProjectIssueModel vulnerability = ProjectIssueModel.vulnerability(providerDetails, project, projectVersion, issueBomComponentDetails, issueVulnerabilityDetails);
    List<WorkItemElementOperationModel> workItemRequestCustomFieldOperations = azureBoardsAlertIssuePropertiesManager.createWorkItemRequestCustomFieldOperations(vulnerability);
    LinkableItem provider = providerDetails.getProvider();
    String providerKey = AzureBoardsSearchPropertiesUtils.createProviderKey(provider.getLabel(), provider.getUrl().orElse(null));
    assertValidContents(workItemRequestCustomFieldOperations, AzureCustomFieldManager.ALERT_PROVIDER_KEY_FIELD_REFERENCE_NAME, providerKey);
    assertValidContents(workItemRequestCustomFieldOperations, AzureCustomFieldManager.ALERT_CATEGORY_KEY_FIELD_REFERENCE_NAME, AzureBoardsAlertIssuePropertiesManager.CATEGORY_TYPE_VULNERABILITY_COMPATIBILITY_LABEL);
    String subTopicKey = AzureBoardsSearchPropertiesUtils.createNullableLinkableItemKey(vulnerability.getProjectVersion().orElse(null));
    assertValidContents(workItemRequestCustomFieldOperations, AzureCustomFieldManager.ALERT_SUB_TOPIC_KEY_FIELD_REFERENCE_NAME, subTopicKey);
}

Example 3 with IssueBomComponentDetails

use of com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails in project hub-alert by blackducksoftware.

the class AzureBoardsAlertIssuePropertiesManagerTest method verifyPolicyIssuesAreCreatedWithTruncatedPropertyValues.

@Test
public void verifyPolicyIssuesAreCreatedWithTruncatedPropertyValues() {
    AzureBoardsAlertIssuePropertiesManager azureBoardsAlertIssuePropertiesManager = new AzureBoardsAlertIssuePropertiesManager();
    LinkableItem providerConfig = new LinkableItem("providerConfigLabel", "providerConfigValue");
    ProviderDetails providerDetails = new ProviderDetails(1L, providerConfig);
    LinkableItem project = new LinkableItem("projectLabel", "projectValue");
    LinkableItem projectVersion = new LinkableItem("projectVersionLabel", StringUtils.repeat("projectVersionValue", 100));
    LinkableItem component = new LinkableItem("componentLabel", "componentValue");
    LinkableItem componentVersion = new LinkableItem("componentVersionLabel", "componentVersionValue");
    IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromSearchResults(component, componentVersion);
    IssuePolicyDetails issuePolicyDetails = new IssuePolicyDetails("policy", ItemOperation.ADD, ComponentConcernSeverity.CRITICAL);
    ProjectIssueModel policy = ProjectIssueModel.policy(providerDetails, project, projectVersion, issueBomComponentDetails, issuePolicyDetails);
    List<WorkItemElementOperationModel> workItemRequestCustomFieldOperations = azureBoardsAlertIssuePropertiesManager.createWorkItemRequestCustomFieldOperations(policy);
    LinkableItem provider = providerDetails.getProvider();
    String providerKey = AzureBoardsSearchPropertiesUtils.createProviderKey(provider.getLabel(), provider.getUrl().orElse(null));
    assertValidContents(workItemRequestCustomFieldOperations, AzureCustomFieldManager.ALERT_PROVIDER_KEY_FIELD_REFERENCE_NAME, providerKey);
    String additionalInfo = AzureBoardsAlertIssuePropertiesManager.POLICY_ADDITIONAL_KEY_COMPATIBILITY_LABEL + issuePolicyDetails.getName();
    assertValidContents(workItemRequestCustomFieldOperations, AzureCustomFieldManager.ALERT_ADDITIONAL_INFO_KEY_FIELD_REFERENCE_NAME, additionalInfo);
    assertValidContents(workItemRequestCustomFieldOperations, AzureCustomFieldManager.ALERT_CATEGORY_KEY_FIELD_REFERENCE_NAME, AzureBoardsAlertIssuePropertiesManager.CATEGORY_TYPE_POLICY_COMPATIBILITY_LABEL);
    // This should trim the contents of the linkableitem
    String subTopicKey = AzureBoardsSearchPropertiesUtils.createNullableLinkableItemKey(policy.getProjectVersion().orElse(null));
    assertValidContents(workItemRequestCustomFieldOperations, AzureCustomFieldManager.ALERT_SUB_TOPIC_KEY_FIELD_REFERENCE_NAME, subTopicKey);
    WorkItemElementOperationModel workItem = workItemRequestCustomFieldOperations.stream().filter(workItemElementOperationModel -> StringUtils.endsWith(workItemElementOperationModel.getPath(), AzureCustomFieldManager.ALERT_SUB_TOPIC_KEY_FIELD_REFERENCE_NAME)).findFirst().orElse(null);
    assertNotNull(workItem);
    Object workItemValue = workItem.getValue();
    assertEquals(subTopicKey, workItemValue);
    // Ensures that we don't push values that are larger than azure allows for custom fields
    assertEquals(256, workItemValue.toString().length());
}

Example 4 with IssueBomComponentDetails

use of com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails in project hub-alert by blackducksoftware.

the class ProjectIssueModelConverterTest method toIssueCommentModelWithEmptyVulnerabilitySeverityTest.

@Test
public void toIssueCommentModelWithEmptyVulnerabilitySeverityTest() {
    IssueVulnerabilityModel vuln1 = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-13579", "https://a-url");
    IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(), List.of(vuln1), List.of());
    ComponentVulnerabilities componentVulnerabilities = new ComponentVulnerabilities(List.of(), List.of(), List.of(), List.of());
    AbstractBomComponentDetails vulnerableBomComponentDetails = createBomComponentDetailsWithComponentVulnerabilities(componentVulnerabilities);
    IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromBomComponentDetails(vulnerableBomComponentDetails);
    ProjectIssueModel projectIssueModel = ProjectIssueModel.vulnerability(PROVIDER_DETAILS, PROJECT_ITEM, PROJECT_VERSION_ITEM, issueBomComponentDetails, vulnerabilityDetails);
    MockIssueTrackerMessageFormatter formatter = MockIssueTrackerMessageFormatter.withIntegerMaxValueLength();
    ProjectIssueModelConverter converter = new ProjectIssueModelConverter(formatter);
    IssueCommentModel<String> issueCommentModel = converter.toIssueCommentModel(EXISTING_ISSUE_DETAILS, projectIssueModel);
    assertEquals(1, issueCommentModel.getComments().size());
    String comments = issueCommentModel.getComments().get(0);
    assertTrue(comments.contains("None"), "Expected missing vulnerability severity to return Severity Status: None");
}

Example 5 with IssueBomComponentDetails

use of com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails in project hub-alert by blackducksoftware.

the class ProjectIssueModelConverterTest method toIssueCreationModelWithVulnerabilitySeverityTest.

@Test
public void toIssueCreationModelWithVulnerabilitySeverityTest() {
    MockIssueTrackerMessageFormatter formatter = MockIssueTrackerMessageFormatter.withIntegerMaxValueLength();
    ProjectIssueModelConverter converter = new ProjectIssueModelConverter(formatter);
    IssueVulnerabilityModel vuln = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-13579", "https://a-url");
    IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(), List.of(vuln), List.of());
    ComponentVulnerabilities componentVulnerabilities = new ComponentVulnerabilities(List.of(new LinkableItem("VulnerabilityCritical", "CVE-004")), List.of(new LinkableItem("VulnerabilityHigh", "CVE-005")), List.of(new LinkableItem("VulnerabilityMedium", "CVE-006")), List.of(new LinkableItem("VulnerabilityLow", "CVE-007")));
    AbstractBomComponentDetails vulnerableBomComponentDetails = createBomComponentDetailsWithComponentVulnerabilities(componentVulnerabilities);
    IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromBomComponentDetails(vulnerableBomComponentDetails);
    ProjectIssueModel projectIssueModel = ProjectIssueModel.vulnerability(PROVIDER_DETAILS, PROJECT_ITEM, PROJECT_VERSION_ITEM, issueBomComponentDetails, vulnerabilityDetails);
    IssueCreationModel issueCreationModel = converter.toIssueCreationModel(projectIssueModel, "jobName");
    assertTrue(issueCreationModel.getDescription().contains(ComponentConcernSeverity.CRITICAL.getVulnerabilityLabel()), "Expected highest vulnerability severity in the description to be CRITICAL");
}