use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.
the class AbstractRuleViolationNotificationMessageExtractor method createBomComponentDetails.
private BomComponentDetails createBomComponentDetails(BlackDuckServicesFactory blackDuckServicesFactory, T notificationContent, ComponentVersionStatus componentVersionStatus) throws IntegrationException {
BlackDuckApiClient blackDuckApiClient = blackDuckServicesFactory.getBlackDuckApiClient();
BlackDuckMessageBomComponentDetailsCreator bomComponentDetailsCreator = detailsCreatorFactory.createBomComponentDetailsCreator(blackDuckServicesFactory);
ComponentConcern policyConcern = policyComponentConcernCreator.fromPolicyInfo(notificationContent.getPolicyInfo(), itemOperation);
try {
ProjectVersionComponentVersionView bomComponent = blackDuckApiClient.getResponse(new HttpUrl(componentVersionStatus.getBomComponent()), ProjectVersionComponentVersionView.class);
return bomComponentDetailsCreator.createBomComponentDetails(bomComponent, policyConcern, ComponentUpgradeGuidance.none(), List.of());
} catch (IntegrationRestException e) {
bomComponent404Handler.logIf404OrThrow(e, componentVersionStatus.getComponentName(), componentVersionStatus.getComponentVersionName());
return bomComponentDetailsCreator.createMissingBomComponentDetails(componentVersionStatus.getComponentName(), createComponentUrl(componentVersionStatus), componentVersionStatus.getComponentVersionName(), createComponentVersionUrl(componentVersionStatus), List.of(policyConcern), ComponentUpgradeGuidance.none(), List.of());
}
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.
the class ComponentConcernConverter method createVulnerabilityConcernsForOperation.
private List<String> createVulnerabilityConcernsForOperation(String verb, List<ComponentConcern> vulnerabilityConcerns) {
if (vulnerabilityConcerns.isEmpty()) {
return List.of();
}
List<String> vulnerabilitiesForOperationSectionPieces = new LinkedList<>();
vulnerabilitiesForOperationSectionPieces.add(String.format(TRIPLE_STRING_REPLACEMENT, formattedVulnerabilitiesString, verb, formattedColonSpace));
ComponentConcernSeverity severity = ComponentConcernSeverity.BLOCKER;
for (ComponentConcern vulnerabilityConcern : vulnerabilityConcerns) {
ComponentConcernSeverity concernSeverity = vulnerabilityConcern.getSeverity();
if (!severity.equals(concernSeverity)) {
severity = concernSeverity;
vulnerabilitiesForOperationSectionPieces.add(formatter.getLineSeparator());
vulnerabilitiesForOperationSectionPieces.add(String.format("%s%s%s%s%s", formatter.getNonBreakingSpace(), formattedDash, formatter.getNonBreakingSpace(), formatter.encode(concernSeverity.getVulnerabilityLabel()), formattedColonSpace));
}
String vulnerabilityConcernString = createVulnerabilityConcernString(vulnerabilityConcern);
vulnerabilitiesForOperationSectionPieces.add(vulnerabilityConcernString);
vulnerabilitiesForOperationSectionPieces.add(formatter.getNonBreakingSpace());
}
vulnerabilitiesForOperationSectionPieces.add(formatter.getLineSeparator());
return vulnerabilitiesForOperationSectionPieces;
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.
the class ProjectMessageConverterTest method createBomComponentDetails.
private static BomComponentDetails createBomComponentDetails() {
ComponentPolicy componentPolicy1 = new ComponentPolicy("A component policy", ComponentConcernSeverity.UNSPECIFIED_UNKNOWN, true, false, null, "Uncategorized");
ComponentPolicy componentPolicy2 = new ComponentPolicy("A different policy", ComponentConcernSeverity.MAJOR_HIGH, false, true, null, "Uncategorized");
ComponentConcern policyConcern1 = ComponentConcern.policy(ItemOperation.DELETE, "A non-severe policy", "https://policy");
ComponentConcern policyConcern2 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.TRIVIAL_LOW, "https://severe-policy");
ComponentConcern vulnerabilityConcern1 = createVulnerabilityConcern(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.CRITICAL);
ComponentConcern vulnerabilityConcern2 = createVulnerabilityConcern(ItemOperation.UPDATE, "CVE-135", ComponentConcernSeverity.TRIVIAL_LOW);
ComponentConcern vulnerabilityConcern3 = createVulnerabilityConcern(ItemOperation.DELETE, "CVE-246", ComponentConcernSeverity.MINOR_MEDIUM);
LinkableItem shortTermUpgradeGuidance = new LinkableItem("Upgrade Guidance - Short Term", "1.0");
LinkableItem longTermUpgradeGuidance = new LinkableItem("Upgrade Guidance - Long Term", "2.0");
ComponentUpgradeGuidance componentUpgradeGuidance = new ComponentUpgradeGuidance(shortTermUpgradeGuidance, longTermUpgradeGuidance);
ComponentConcern unknownVersionConcern1 = ComponentConcern.unknownComponentVersion(ItemOperation.ADD, "Component-Unknown-Version-01", ComponentConcernSeverity.CRITICAL, 0, "https://synopsys.com");
ComponentConcern unknownVersionConcern2 = ComponentConcern.unknownComponentVersion(ItemOperation.ADD, "Component-Unknown-Version-01", ComponentConcernSeverity.MAJOR_HIGH, 1, "https://synopsys.com");
ComponentConcern unknownVersionConcern3 = ComponentConcern.unknownComponentVersion(ItemOperation.ADD, "Component-Unknown-Version-01", ComponentConcernSeverity.MINOR_MEDIUM, 2, "https://synopsys.com");
ComponentConcern unknownVersionConcern4 = ComponentConcern.unknownComponentVersion(ItemOperation.ADD, "Component-Unknown-Version-01", ComponentConcernSeverity.TRIVIAL_LOW, 3, "https://synopsys.com");
LinkableItem attribute1 = new LinkableItem("Attribute", "The first attribute");
LinkableItem attribute2 = new LinkableItem("Attribute Prime", "The second attribute");
return new BomComponentDetails(new LinkableItem("Component", "The component"), new LinkableItem("Component Version", "The component version"), createComponentVulnerabilities(), List.of(componentPolicy1, componentPolicy2), List.of(policyConcern1, policyConcern2, vulnerabilityConcern1, vulnerabilityConcern2, vulnerabilityConcern3, unknownVersionConcern1, unknownVersionConcern2, unknownVersionConcern3, unknownVersionConcern4), new LinkableItem("License", "The software license name", "https://license-url"), "The usage of the component", componentUpgradeGuidance, List.of(attribute1, attribute2), "https://blackduck-issues-url");
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.
the class ProjectMessageToIssueModelTransformer method convertToIssueModels.
private List<ProjectIssueModel> convertToIssueModels(ProjectMessage projectMessage, IssueBomComponentDetails issueBomComponent, List<ComponentConcern> componentConcerns) {
List<ComponentConcern> policyConcerns = new LinkedList<>();
List<ComponentConcern> vulnerabilityConcerns = new LinkedList<>();
List<ComponentConcern> estimatedRiskConcerns = new LinkedList<>();
for (ComponentConcern componentConcern : componentConcerns) {
if (ComponentConcernType.POLICY.equals(componentConcern.getType())) {
policyConcerns.add(componentConcern);
} else if (ComponentConcernType.UNKNOWN_VERSION.equals(componentConcern.getType())) {
estimatedRiskConcerns.add(componentConcern);
} else {
vulnerabilityConcerns.add(componentConcern);
}
}
List<ProjectIssueModel> projectIssueModels = new LinkedList<>();
policyConcerns.stream().map(concern -> createPolicyProjectIssueModel(projectMessage, issueBomComponent, concern)).forEach(projectIssueModels::add);
if (!vulnerabilityConcerns.isEmpty()) {
ProjectIssueModel vulnerabilityProjectIssueModel = createVulnerabilityProjectIssueModel(projectMessage, issueBomComponent, vulnerabilityConcerns);
projectIssueModels.add(vulnerabilityProjectIssueModel);
}
if (!estimatedRiskConcerns.isEmpty()) {
ProjectIssueModel estimatedRiskProjectIssueModel = createEstimatedRiskProjectIssueModel(projectMessage, issueBomComponent, estimatedRiskConcerns);
projectIssueModels.add(estimatedRiskProjectIssueModel);
}
return projectIssueModels;
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.
the class ComponentUnknownVersionExtractor method createComponentConcerns.
private List<ComponentConcern> createComponentConcerns(ComponentUnknownVersionWithStatusNotificationContent notificationContent) {
ComponentUnknownVersionStatus status = notificationContent.getStatus();
String componentName = notificationContent.getComponentName();
ItemOperation itemOperation = ComponentUnknownVersionStatus.REMOVED == status ? ItemOperation.DELETE : ItemOperation.ADD;
ComponentConcern criticalCount = createComponentConcernWithCount(itemOperation, ComponentConcernSeverity.CRITICAL, notificationContent.getCriticalVulnerabilityCount(), componentName, notificationContent.getCriticalVulnerabilityVersionName(), notificationContent.getCriticalVulnerabilityVersion());
ComponentConcern highCount = createComponentConcernWithCount(itemOperation, ComponentConcernSeverity.MAJOR_HIGH, notificationContent.getHighVulnerabilityCount(), componentName, notificationContent.getHighVulnerabilityVersionName(), notificationContent.getHighVulnerabilityVersion());
ComponentConcern mediumCount = createComponentConcernWithCount(itemOperation, ComponentConcernSeverity.MINOR_MEDIUM, notificationContent.getMediumVulnerabilityCount(), componentName, notificationContent.getMediumVulnerabilityVersionName(), notificationContent.getMediumVulnerabilityVersion());
ComponentConcern lowCount = createComponentConcernWithCount(itemOperation, ComponentConcernSeverity.TRIVIAL_LOW, notificationContent.getLowVulnerabilityCount(), componentName, notificationContent.getLowVulnerabilityVersionName(), notificationContent.getLowVulnerabilityVersion());
return List.of(criticalCount, highCount, mediumCount, lowCount);
}
Aggregations