Examples with ComponentConcern com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern used on opensource projects

Search in sources :

Example 11 with ComponentConcern

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.

the class AbstractRuleViolationNotificationMessageExtractor method createBomComponentDetails.

private BomComponentDetails createBomComponentDetails(BlackDuckServicesFactory blackDuckServicesFactory, T notificationContent, ComponentVersionStatus componentVersionStatus) throws IntegrationException {
    BlackDuckApiClient blackDuckApiClient = blackDuckServicesFactory.getBlackDuckApiClient();
    BlackDuckMessageBomComponentDetailsCreator bomComponentDetailsCreator = detailsCreatorFactory.createBomComponentDetailsCreator(blackDuckServicesFactory);
    ComponentConcern policyConcern = policyComponentConcernCreator.fromPolicyInfo(notificationContent.getPolicyInfo(), itemOperation);
    try {
        ProjectVersionComponentVersionView bomComponent = blackDuckApiClient.getResponse(new HttpUrl(componentVersionStatus.getBomComponent()), ProjectVersionComponentVersionView.class);
        return bomComponentDetailsCreator.createBomComponentDetails(bomComponent, policyConcern, ComponentUpgradeGuidance.none(), List.of());
    } catch (IntegrationRestException e) {
        bomComponent404Handler.logIf404OrThrow(e, componentVersionStatus.getComponentName(), componentVersionStatus.getComponentVersionName());
        return bomComponentDetailsCreator.createMissingBomComponentDetails(componentVersionStatus.getComponentName(), createComponentUrl(componentVersionStatus), componentVersionStatus.getComponentVersionName(), createComponentVersionUrl(componentVersionStatus), List.of(policyConcern), ComponentUpgradeGuidance.none(), List.of());
    }
}
Also used : IntegrationRestException(com.synopsys.integration.rest.exception.IntegrationRestException) BlackDuckApiClient(com.synopsys.integration.blackduck.service.BlackDuckApiClient) BlackDuckMessageBomComponentDetailsCreator(com.synopsys.integration.alert.provider.blackduck.processor.message.service.BlackDuckMessageBomComponentDetailsCreator) ComponentConcern(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern) HttpUrl(com.synopsys.integration.rest.HttpUrl) ProjectVersionComponentVersionView(com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView)

Example 12 with ComponentConcern

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.

the class ComponentConcernConverter method createVulnerabilityConcernsForOperation.

private List<String> createVulnerabilityConcernsForOperation(String verb, List<ComponentConcern> vulnerabilityConcerns) {
    if (vulnerabilityConcerns.isEmpty()) {
        return List.of();
    }
    List<String> vulnerabilitiesForOperationSectionPieces = new LinkedList<>();
    vulnerabilitiesForOperationSectionPieces.add(String.format(TRIPLE_STRING_REPLACEMENT, formattedVulnerabilitiesString, verb, formattedColonSpace));
    ComponentConcernSeverity severity = ComponentConcernSeverity.BLOCKER;
    for (ComponentConcern vulnerabilityConcern : vulnerabilityConcerns) {
        ComponentConcernSeverity concernSeverity = vulnerabilityConcern.getSeverity();
        if (!severity.equals(concernSeverity)) {
            severity = concernSeverity;
            vulnerabilitiesForOperationSectionPieces.add(formatter.getLineSeparator());
            vulnerabilitiesForOperationSectionPieces.add(String.format("%s%s%s%s%s", formatter.getNonBreakingSpace(), formattedDash, formatter.getNonBreakingSpace(), formatter.encode(concernSeverity.getVulnerabilityLabel()), formattedColonSpace));
        }
        String vulnerabilityConcernString = createVulnerabilityConcernString(vulnerabilityConcern);
        vulnerabilitiesForOperationSectionPieces.add(vulnerabilityConcernString);
        vulnerabilitiesForOperationSectionPieces.add(formatter.getNonBreakingSpace());
    }
    vulnerabilitiesForOperationSectionPieces.add(formatter.getLineSeparator());
    return vulnerabilitiesForOperationSectionPieces;
}
Also used : ComponentConcernSeverity(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcernSeverity) ComponentConcern(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern) LinkedList(java.util.LinkedList)

Example 13 with ComponentConcern

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.

the class ProjectMessageConverterTest method createBomComponentDetails.

private static BomComponentDetails createBomComponentDetails() {
    ComponentPolicy componentPolicy1 = new ComponentPolicy("A component policy", ComponentConcernSeverity.UNSPECIFIED_UNKNOWN, true, false, null, "Uncategorized");
    ComponentPolicy componentPolicy2 = new ComponentPolicy("A different policy", ComponentConcernSeverity.MAJOR_HIGH, false, true, null, "Uncategorized");
    ComponentConcern policyConcern1 = ComponentConcern.policy(ItemOperation.DELETE, "A non-severe policy", "https://policy");
    ComponentConcern policyConcern2 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.TRIVIAL_LOW, "https://severe-policy");
    ComponentConcern vulnerabilityConcern1 = createVulnerabilityConcern(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.CRITICAL);
    ComponentConcern vulnerabilityConcern2 = createVulnerabilityConcern(ItemOperation.UPDATE, "CVE-135", ComponentConcernSeverity.TRIVIAL_LOW);
    ComponentConcern vulnerabilityConcern3 = createVulnerabilityConcern(ItemOperation.DELETE, "CVE-246", ComponentConcernSeverity.MINOR_MEDIUM);
    LinkableItem shortTermUpgradeGuidance = new LinkableItem("Upgrade Guidance - Short Term", "1.0");
    LinkableItem longTermUpgradeGuidance = new LinkableItem("Upgrade Guidance - Long Term", "2.0");
    ComponentUpgradeGuidance componentUpgradeGuidance = new ComponentUpgradeGuidance(shortTermUpgradeGuidance, longTermUpgradeGuidance);
    ComponentConcern unknownVersionConcern1 = ComponentConcern.unknownComponentVersion(ItemOperation.ADD, "Component-Unknown-Version-01", ComponentConcernSeverity.CRITICAL, 0, "https://synopsys.com");
    ComponentConcern unknownVersionConcern2 = ComponentConcern.unknownComponentVersion(ItemOperation.ADD, "Component-Unknown-Version-01", ComponentConcernSeverity.MAJOR_HIGH, 1, "https://synopsys.com");
    ComponentConcern unknownVersionConcern3 = ComponentConcern.unknownComponentVersion(ItemOperation.ADD, "Component-Unknown-Version-01", ComponentConcernSeverity.MINOR_MEDIUM, 2, "https://synopsys.com");
    ComponentConcern unknownVersionConcern4 = ComponentConcern.unknownComponentVersion(ItemOperation.ADD, "Component-Unknown-Version-01", ComponentConcernSeverity.TRIVIAL_LOW, 3, "https://synopsys.com");
    LinkableItem attribute1 = new LinkableItem("Attribute", "The first attribute");
    LinkableItem attribute2 = new LinkableItem("Attribute Prime", "The second attribute");
    return new BomComponentDetails(new LinkableItem("Component", "The component"), new LinkableItem("Component Version", "The component version"), createComponentVulnerabilities(), List.of(componentPolicy1, componentPolicy2), List.of(policyConcern1, policyConcern2, vulnerabilityConcern1, vulnerabilityConcern2, vulnerabilityConcern3, unknownVersionConcern1, unknownVersionConcern2, unknownVersionConcern3, unknownVersionConcern4), new LinkableItem("License", "The software license name", "https://license-url"), "The usage of the component", componentUpgradeGuidance, List.of(attribute1, attribute2), "https://blackduck-issues-url");
}
Also used : LinkableItem(com.synopsys.integration.alert.common.message.model.LinkableItem) ComponentUpgradeGuidance(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance) ComponentPolicy(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy) ComponentConcern(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails)

Example 14 with ComponentConcern

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.

the class ProjectMessageToIssueModelTransformer method convertToIssueModels.

private List<ProjectIssueModel> convertToIssueModels(ProjectMessage projectMessage, IssueBomComponentDetails issueBomComponent, List<ComponentConcern> componentConcerns) {
    List<ComponentConcern> policyConcerns = new LinkedList<>();
    List<ComponentConcern> vulnerabilityConcerns = new LinkedList<>();
    List<ComponentConcern> estimatedRiskConcerns = new LinkedList<>();
    for (ComponentConcern componentConcern : componentConcerns) {
        if (ComponentConcernType.POLICY.equals(componentConcern.getType())) {
            policyConcerns.add(componentConcern);
        } else if (ComponentConcernType.UNKNOWN_VERSION.equals(componentConcern.getType())) {
            estimatedRiskConcerns.add(componentConcern);
        } else {
            vulnerabilityConcerns.add(componentConcern);
        }
    }
    List<ProjectIssueModel> projectIssueModels = new LinkedList<>();
    policyConcerns.stream().map(concern -> createPolicyProjectIssueModel(projectMessage, issueBomComponent, concern)).forEach(projectIssueModels::add);
    if (!vulnerabilityConcerns.isEmpty()) {
        ProjectIssueModel vulnerabilityProjectIssueModel = createVulnerabilityProjectIssueModel(projectMessage, issueBomComponent, vulnerabilityConcerns);
        projectIssueModels.add(vulnerabilityProjectIssueModel);
    }
    if (!estimatedRiskConcerns.isEmpty()) {
        ProjectIssueModel estimatedRiskProjectIssueModel = createEstimatedRiskProjectIssueModel(projectMessage, issueBomComponent, estimatedRiskConcerns);
        projectIssueModels.add(estimatedRiskProjectIssueModel);
    }
    return projectIssueModels;
}
Also used : ComponentConcernType(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcernType) ComponentVulnerabilities(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities) ProjectMessage(com.synopsys.integration.alert.processor.api.extract.model.project.ProjectMessage) IssueComponentUnknownVersionDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueComponentUnknownVersionDetails) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails) IssuePolicyDetails(com.synopsys.integration.alert.api.channel.issue.model.IssuePolicyDetails) List(java.util.List) Component(org.springframework.stereotype.Component) IssueEstimatedRiskModel(com.synopsys.integration.alert.api.channel.issue.model.IssueEstimatedRiskModel) IssueVulnerabilityDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails) ComponentConcern(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern) ItemOperation(com.synopsys.integration.alert.common.enumeration.ItemOperation) LinkedList(java.util.LinkedList) IssueVulnerabilityModel(com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityModel) ProjectIssueModel(com.synopsys.integration.alert.api.channel.issue.model.ProjectIssueModel) IssueBomComponentDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails) ProjectIssueModel(com.synopsys.integration.alert.api.channel.issue.model.ProjectIssueModel) ComponentConcern(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern) LinkedList(java.util.LinkedList)

Example 15 with ComponentConcern

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.

the class ComponentUnknownVersionExtractor method createComponentConcerns.

private List<ComponentConcern> createComponentConcerns(ComponentUnknownVersionWithStatusNotificationContent notificationContent) {
    ComponentUnknownVersionStatus status = notificationContent.getStatus();
    String componentName = notificationContent.getComponentName();
    ItemOperation itemOperation = ComponentUnknownVersionStatus.REMOVED == status ? ItemOperation.DELETE : ItemOperation.ADD;
    ComponentConcern criticalCount = createComponentConcernWithCount(itemOperation, ComponentConcernSeverity.CRITICAL, notificationContent.getCriticalVulnerabilityCount(), componentName, notificationContent.getCriticalVulnerabilityVersionName(), notificationContent.getCriticalVulnerabilityVersion());
    ComponentConcern highCount = createComponentConcernWithCount(itemOperation, ComponentConcernSeverity.MAJOR_HIGH, notificationContent.getHighVulnerabilityCount(), componentName, notificationContent.getHighVulnerabilityVersionName(), notificationContent.getHighVulnerabilityVersion());
    ComponentConcern mediumCount = createComponentConcernWithCount(itemOperation, ComponentConcernSeverity.MINOR_MEDIUM, notificationContent.getMediumVulnerabilityCount(), componentName, notificationContent.getMediumVulnerabilityVersionName(), notificationContent.getMediumVulnerabilityVersion());
    ComponentConcern lowCount = createComponentConcernWithCount(itemOperation, ComponentConcernSeverity.TRIVIAL_LOW, notificationContent.getLowVulnerabilityCount(), componentName, notificationContent.getLowVulnerabilityVersionName(), notificationContent.getLowVulnerabilityVersion());
    return List.of(criticalCount, highCount, mediumCount, lowCount);
}
Also used : ComponentUnknownVersionStatus(com.synopsys.integration.blackduck.api.manual.enumeration.ComponentUnknownVersionStatus) ItemOperation(com.synopsys.integration.alert.common.enumeration.ItemOperation) ComponentConcern(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern)

Aggregations

ComponentConcern (com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern)24 BomComponentDetails (com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails)13 ProjectMessage (com.synopsys.integration.alert.processor.api.extract.model.project.ProjectMessage)9 LinkedList (java.util.LinkedList)9 Test (org.junit.jupiter.api.Test)7 ItemOperation (com.synopsys.integration.alert.common.enumeration.ItemOperation)6 LinkableItem (com.synopsys.integration.alert.common.message.model.LinkableItem)6 ProcessedProviderMessage (com.synopsys.integration.alert.processor.api.extract.model.ProcessedProviderMessage)5 SimpleMessage (com.synopsys.integration.alert.processor.api.extract.model.SimpleMessage)5 HttpUrl (com.synopsys.integration.rest.HttpUrl)5 IssueBomComponentDetails (com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails)4 ProjectIssueModel (com.synopsys.integration.alert.api.channel.issue.model.ProjectIssueModel)4 BlackDuckMessageBomComponentDetailsCreator (com.synopsys.integration.alert.provider.blackduck.processor.message.service.BlackDuckMessageBomComponentDetailsCreator)4 ProjectVersionComponentVersionView (com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView)4 BlackDuckApiClient (com.synopsys.integration.blackduck.service.BlackDuckApiClient)4 IntegrationRestException (com.synopsys.integration.rest.exception.IntegrationRestException)4 IssueComponentUnknownVersionDetails (com.synopsys.integration.alert.api.channel.issue.model.IssueComponentUnknownVersionDetails)3 IssueEstimatedRiskModel (com.synopsys.integration.alert.api.channel.issue.model.IssueEstimatedRiskModel)3 IssueVulnerabilityDetails (com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails)3 ComponentConcernType (com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcernType)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial