Examples with IssueVulnerabilityDetails com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails used on opensource projects

Example 1 with IssueVulnerabilityDetails

use of com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails in project hub-alert by blackducksoftware.

the class AzureBoardsAlertIssuePropertiesManagerTest method verifyValidVulnIssuesAreCreated.

@Test
public void verifyValidVulnIssuesAreCreated() {
    AzureBoardsAlertIssuePropertiesManager azureBoardsAlertIssuePropertiesManager = new AzureBoardsAlertIssuePropertiesManager();
    LinkableItem providerConfig = new LinkableItem("providerConfigLabel", "providerConfigValue");
    ProviderDetails providerDetails = new ProviderDetails(1L, providerConfig);
    LinkableItem project = new LinkableItem("projectLabel", "projectValue");
    LinkableItem projectVersion = new LinkableItem("projectVersionLabel", "projectVersionValue");
    LinkableItem component = new LinkableItem("componentLabel", "componentValue");
    LinkableItem componentVersion = new LinkableItem("componentVersionLabel", "componentVersionValue");
    IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromSearchResults(component, componentVersion);
    IssueVulnerabilityDetails issueVulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(IssueVulnerabilityModel.fromComponentConcern(ComponentConcern.vulnerability(ItemOperation.ADD, "vulnerabilityId", ComponentConcernSeverity.CRITICAL, "vulnerabilityUrl"))), List.of(), List.of());
    ProjectIssueModel vulnerability = ProjectIssueModel.vulnerability(providerDetails, project, projectVersion, issueBomComponentDetails, issueVulnerabilityDetails);
    List<WorkItemElementOperationModel> workItemRequestCustomFieldOperations = azureBoardsAlertIssuePropertiesManager.createWorkItemRequestCustomFieldOperations(vulnerability);
    LinkableItem provider = providerDetails.getProvider();
    String providerKey = AzureBoardsSearchPropertiesUtils.createProviderKey(provider.getLabel(), provider.getUrl().orElse(null));
    assertValidContents(workItemRequestCustomFieldOperations, AzureCustomFieldManager.ALERT_PROVIDER_KEY_FIELD_REFERENCE_NAME, providerKey);
    assertValidContents(workItemRequestCustomFieldOperations, AzureCustomFieldManager.ALERT_CATEGORY_KEY_FIELD_REFERENCE_NAME, AzureBoardsAlertIssuePropertiesManager.CATEGORY_TYPE_VULNERABILITY_COMPATIBILITY_LABEL);
    String subTopicKey = AzureBoardsSearchPropertiesUtils.createNullableLinkableItemKey(vulnerability.getProjectVersion().orElse(null));
    assertValidContents(workItemRequestCustomFieldOperations, AzureCustomFieldManager.ALERT_SUB_TOPIC_KEY_FIELD_REFERENCE_NAME, subTopicKey);
}

Example 2 with IssueVulnerabilityDetails

use of com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails in project hub-alert by blackducksoftware.

the class ProjectIssueModelConverterTest method toIssueCommentModelWithEmptyVulnerabilitySeverityTest.

@Test
public void toIssueCommentModelWithEmptyVulnerabilitySeverityTest() {
    IssueVulnerabilityModel vuln1 = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-13579", "https://a-url");
    IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(), List.of(vuln1), List.of());
    ComponentVulnerabilities componentVulnerabilities = new ComponentVulnerabilities(List.of(), List.of(), List.of(), List.of());
    AbstractBomComponentDetails vulnerableBomComponentDetails = createBomComponentDetailsWithComponentVulnerabilities(componentVulnerabilities);
    IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromBomComponentDetails(vulnerableBomComponentDetails);
    ProjectIssueModel projectIssueModel = ProjectIssueModel.vulnerability(PROVIDER_DETAILS, PROJECT_ITEM, PROJECT_VERSION_ITEM, issueBomComponentDetails, vulnerabilityDetails);
    MockIssueTrackerMessageFormatter formatter = MockIssueTrackerMessageFormatter.withIntegerMaxValueLength();
    ProjectIssueModelConverter converter = new ProjectIssueModelConverter(formatter);
    IssueCommentModel<String> issueCommentModel = converter.toIssueCommentModel(EXISTING_ISSUE_DETAILS, projectIssueModel);
    assertEquals(1, issueCommentModel.getComments().size());
    String comments = issueCommentModel.getComments().get(0);
    assertTrue(comments.contains("None"), "Expected missing vulnerability severity to return Severity Status: None");
}

Example 3 with IssueVulnerabilityDetails

use of com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails in project hub-alert by blackducksoftware.

the class ProjectIssueModelConverterTest method toIssueCreationModelVulnerabilityTest.

@Test
public void toIssueCreationModelVulnerabilityTest() {
    IssueVulnerabilityModel vuln1 = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-13579", "https://a-url");
    IssueVulnerabilityModel vuln2 = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-24680", "https://a-url");
    IssueVulnerabilityModel vuln3 = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-235711", "https://a-url");
    IssueVulnerabilityModel vuln4 = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-112358", "https://a-url");
    IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(), List.of(vuln1), List.of(vuln2, vuln3, vuln4));
    ProjectIssueModel projectIssueModel = ProjectIssueModel.vulnerability(PROVIDER_DETAILS, PROJECT_ITEM, PROJECT_VERSION_ITEM, ISSUE_BOM_COMPONENT_DETAILS, vulnerabilityDetails);
    IssueCreationModel issueCreationModel = basicIssueCreationModelTest(projectIssueModel);
    assertTrue(issueCreationModel.getTitle().contains(vuln1.getVulnerability().getLabel()), "Expected vulnerability label to be present in the title");
}

Example 4 with IssueVulnerabilityDetails

use of com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails in project hub-alert by blackducksoftware.

the class ProjectIssueModelConverterTest method toIssueCreationModelWithVulnerabilitySeverityTest.

@Test
public void toIssueCreationModelWithVulnerabilitySeverityTest() {
    MockIssueTrackerMessageFormatter formatter = MockIssueTrackerMessageFormatter.withIntegerMaxValueLength();
    ProjectIssueModelConverter converter = new ProjectIssueModelConverter(formatter);
    IssueVulnerabilityModel vuln = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-13579", "https://a-url");
    IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(), List.of(vuln), List.of());
    ComponentVulnerabilities componentVulnerabilities = new ComponentVulnerabilities(List.of(new LinkableItem("VulnerabilityCritical", "CVE-004")), List.of(new LinkableItem("VulnerabilityHigh", "CVE-005")), List.of(new LinkableItem("VulnerabilityMedium", "CVE-006")), List.of(new LinkableItem("VulnerabilityLow", "CVE-007")));
    AbstractBomComponentDetails vulnerableBomComponentDetails = createBomComponentDetailsWithComponentVulnerabilities(componentVulnerabilities);
    IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromBomComponentDetails(vulnerableBomComponentDetails);
    ProjectIssueModel projectIssueModel = ProjectIssueModel.vulnerability(PROVIDER_DETAILS, PROJECT_ITEM, PROJECT_VERSION_ITEM, issueBomComponentDetails, vulnerabilityDetails);
    IssueCreationModel issueCreationModel = converter.toIssueCreationModel(projectIssueModel, "jobName");
    assertTrue(issueCreationModel.getDescription().contains(ComponentConcernSeverity.CRITICAL.getVulnerabilityLabel()), "Expected highest vulnerability severity in the description to be CRITICAL");
}

Example 5 with IssueVulnerabilityDetails

use of com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails in project hub-alert by blackducksoftware.

the class ProjectIssueModelConverterTest method toIssueCommentModelWithVulnerabilitySeverityTest.

@Test
public void toIssueCommentModelWithVulnerabilitySeverityTest() {
    IssueVulnerabilityModel vuln1 = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-13579", "https://a-url");
    IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(), List.of(vuln1), List.of());
    ComponentVulnerabilities componentVulnerabilities = new ComponentVulnerabilities(List.of(new LinkableItem("VulnerabilityCritical", "CVE-004")), List.of(new LinkableItem("VulnerabilityHigh", "CVE-005")), List.of(new LinkableItem("VulnerabilityMedium", "CVE-006")), List.of(new LinkableItem("VulnerabilityLow", "CVE-007")));
    AbstractBomComponentDetails vulnerableBomComponentDetails = createBomComponentDetailsWithComponentVulnerabilities(componentVulnerabilities);
    IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromBomComponentDetails(vulnerableBomComponentDetails);
    ProjectIssueModel projectIssueModel = ProjectIssueModel.vulnerability(PROVIDER_DETAILS, PROJECT_ITEM, PROJECT_VERSION_ITEM, issueBomComponentDetails, vulnerabilityDetails);
    MockIssueTrackerMessageFormatter formatter = MockIssueTrackerMessageFormatter.withIntegerMaxValueLength();
    ProjectIssueModelConverter converter = new ProjectIssueModelConverter(formatter);
    IssueCommentModel<String> issueCommentModel = converter.toIssueCommentModel(EXISTING_ISSUE_DETAILS, projectIssueModel);
    assertEquals(1, issueCommentModel.getComments().size());
    String comments = issueCommentModel.getComments().get(0);
    assertTrue(comments.contains(ComponentConcernSeverity.CRITICAL.getVulnerabilityLabel()), "Expected highest vulnerability severity in the comment to be CRITICAL");
}