Examples with ComponentConcern com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern used on opensource projects

Example 21 with ComponentConcern

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.

the class ProjectMessageToMessageContentGroupConversionUtils method convertToComponentItems.

private static List<ComponentItem> convertToComponentItems(BomComponentDetails bomComponent) {
    List<ComponentItem> componentItems = new LinkedList<>();
    for (ComponentConcern componentConcern : bomComponent.getComponentConcerns()) {
        ComponentItem.Builder componentItemBuilder = new ComponentItem.Builder();
        componentItemBuilder.applyOperation(componentConcern.getOperation());
        ComponentConcernType type = componentConcern.getType();
        String category = StringUtils.capitalize(StringUtils.lowerCase(type.name()));
        componentItemBuilder.applyCategory(category);
        componentItemBuilder.applyComponentData(bomComponent.getComponent());
        bomComponent.getComponentVersion().ifPresent(componentItemBuilder::applySubComponent);
        String categoryItemLabel = convertToCategoryLabel(type);
        LinkableItem categoryItem = new LinkableItem(categoryItemLabel, componentConcern.getName(), componentConcern.getUrl().orElse(null));
        componentItemBuilder.applyCategoryItem(categoryItem);
        String severity = componentConcern.getSeverity().name();
        componentItemBuilder.applyCategoryGroupingAttribute("Severity", severity);
        boolean collapseOnCategory = ComponentConcernType.VULNERABILITY.equals(type);
        componentItemBuilder.applyCollapseOnCategory(collapseOnCategory);
        List<LinkableItem> componentAttributes = new LinkedList<>();
        componentAttributes.add(bomComponent.getLicense());
        LinkableItem usageItem = new LinkableItem("Usage", bomComponent.getUsage());
        componentAttributes.add(usageItem);
        ComponentUpgradeGuidance upgradeGuidance = bomComponent.getComponentUpgradeGuidance();
        upgradeGuidance.getLongTermUpgradeGuidance().ifPresent(componentAttributes::add);
        upgradeGuidance.getShortTermUpgradeGuidance().ifPresent(componentAttributes::add);
        componentAttributes.addAll(bomComponent.getAdditionalAttributes());
        componentItemBuilder.applyAllComponentAttributes(componentAttributes);
        try {
            componentItems.add(componentItemBuilder.build());
        } catch (AlertException e) {
        // Ignored for feature parity
        }
    }
    return componentItems;
}

Example 22 with ComponentConcern

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.

the class ProjectMessageToIssueModelTransformerTest method convertToIssueModelsForVulnerabilitiesTest.

@Test
public void convertToIssueModelsForVulnerabilitiesTest() {
    LinkableItem vulnerabilityItem0 = createVulnerabilityItem("CVE-000");
    LinkableItem vulnerabilityItem7 = createVulnerabilityItem("CVE-007");
    ComponentConcern vulnConcern0 = ComponentConcern.vulnerability(ItemOperation.ADD, vulnerabilityItem0.getValue(), ComponentConcernSeverity.CRITICAL, vulnerabilityItem0.getUrl().orElse(null));
    ComponentConcern vulnConcern7 = ComponentConcern.vulnerability(ItemOperation.DELETE, vulnerabilityItem7.getValue(), ComponentConcernSeverity.MINOR_MEDIUM, vulnerabilityItem7.getUrl().orElse(null));
    BomComponentDetails bomComponentDetails = createBomComponentDetails(List.of(vulnConcern0, ComponentConcern.vulnerability(ItemOperation.UPDATE, VULNERABILITY_2.getValue(), ComponentConcernSeverity.MINOR_MEDIUM, VULNERABILITY_2.getUrl().orElse(null)), vulnConcern7));
    ProjectMessage projectMessage = ProjectMessage.componentConcern(PROVIDER_DETAILS, PROJECT, PROJECT_VERSION, List.of(bomComponentDetails));
    ProjectMessageToIssueModelTransformer modelTransformer = new ProjectMessageToIssueModelTransformer();
    List<ProjectIssueModel> vulnerabilityIssueModels = modelTransformer.convertToIssueModels(projectMessage);
    assertEquals(1, vulnerabilityIssueModels.size());
    ProjectIssueModel policyIssueModel = vulnerabilityIssueModels.get(0);
    assertRequiredDetails(policyIssueModel);
    Optional<IssueVulnerabilityDetails> optionalIssueVulnerabilityDetails = policyIssueModel.getVulnerabilityDetails();
    assertTrue(optionalIssueVulnerabilityDetails.isPresent(), "Expected vulnerability details to be present");
    IssueVulnerabilityDetails issueVulnerabilityDetails = optionalIssueVulnerabilityDetails.get();
    assertEquals(1, issueVulnerabilityDetails.getVulnerabilitiesAdded().size());
    assertEquals(1, issueVulnerabilityDetails.getVulnerabilitiesUpdated().size());
    assertEquals(1, issueVulnerabilityDetails.getVulnerabilitiesDeleted().size());
}

Example 23 with ComponentConcern

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.

the class ProjectMessageSummarizer method constructMessageDetails.

private List<LinkableItem> constructMessageDetails(ProjectMessage projectMessage) {
    List<LinkableItem> details = new LinkedList<>();
    details.add(projectMessage.getProject());
    projectMessage.getProjectVersion().ifPresent(details::add);
    Map<ComponentConcernSummaryGrouping, Integer> groupedConcernCounts = new LinkedHashMap<>();
    for (BomComponentDetails bomComponent : projectMessage.getBomComponents()) {
        for (ComponentConcern concern : bomComponent.getComponentConcerns()) {
            ComponentConcernSummaryGrouping concernKey = new ComponentConcernSummaryGrouping(concern.getType(), concern.getOperation(), concern.getSeverity());
            int currentCount = groupedConcernCounts.getOrDefault(concernKey, 0);
            Number concernNumericValue = concern.getNumericValue();
            int concernCount = (concernNumericValue != null) ? concernNumericValue.intValue() : 1;
            groupedConcernCounts.put(concernKey, currentCount + concernCount);
        }
    }
    Map<ComponentConcernSummaryGrouping, Integer> sortedGroupedConcernCountsBySeverity = groupedConcernCounts.entrySet().stream().sorted(Map.Entry.comparingByKey(ComponentConcernSummaryGrouping.getComparator())).collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue, // Merge operation is equivalent to Map::putIfAbsent
    (old, newIgnored) -> old, LinkedHashMap::new));
    for (Map.Entry<ComponentConcernSummaryGrouping, Integer> groupedConcernCount : sortedGroupedConcernCountsBySeverity.entrySet()) {
        ComponentConcernSummaryGrouping concernGrouping = groupedConcernCount.getKey();
        String severityLabel = ComponentConcernType.POLICY.equals(concernGrouping.type) ? concernGrouping.severity.getPolicyLabel() : concernGrouping.severity.getVulnerabilityLabel();
        String stateTypeString = convertToUppercasePlural(concernGrouping.type);
        String stateAdjective = convertToAdjective(concernGrouping.type, concernGrouping.operation);
        String label = String.format("(%s) %s %s count", severityLabel, stateTypeString, stateAdjective);
        LinkableItem concernDetail = new LinkableItem(label, groupedConcernCount.getValue().toString());
        concernDetail.setNumericValueFlag(true);
        details.add(concernDetail);
    }
    return details;
}

Example 24 with ComponentConcern

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern in project hub-alert by blackducksoftware.

the class ProjectMessageSummarizerTest method summarizeComponentUpdateTest.

@Test
public void summarizeComponentUpdateTest() {
    ComponentConcern policyConcern = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.TRIVIAL_LOW, "https://severe-policy");
    ComponentConcern vulnerabilityConcern1 = ComponentConcern.vulnerability(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.CRITICAL, "https://vuln-rul");
    ComponentConcern vulnerabilityConcern2 = ComponentConcern.vulnerability(ItemOperation.UPDATE, "CVE-135", ComponentConcernSeverity.TRIVIAL_LOW, "https://vuln-rul");
    ComponentConcern vulnerabilityConcern3 = ComponentConcern.vulnerability(ItemOperation.DELETE, "CVE-246", ComponentConcernSeverity.MINOR_MEDIUM, "https://vuln-rul");
    BomComponentDetails bomComponentDetails = createBomComponentDetails(List.of(policyConcern, vulnerabilityConcern1, vulnerabilityConcern2, vulnerabilityConcern3));
    ProjectMessage projectMessage = ProjectMessage.componentUpdate(providerDetails, commonProject, commonProjectVersion, List.of(bomComponentDetails));
    ProcessedProviderMessage<ProjectMessage> processedProviderMessage = new ProcessedProviderMessage<>(Set.of(1L), projectMessage);
    ProcessedProviderMessage<SimpleMessage> summarizedSimpleMessage = projectMessageSummarizer.summarize(processedProviderMessage);
    SimpleMessage simpleMessage = summarizedSimpleMessage.getProviderMessage();
    printSimpleMessage(simpleMessage);
    testProjectStatus(simpleMessage);
    testComponentStatus(simpleMessage);
    assertEquals(6, simpleMessage.getDetails().size());
    assertTrue(doesLabelExist(simpleMessage.getDetails(), policyConcern.getSeverity().getPolicyLabel(), "Policies", ProjectMessageSummarizer.OP_PARTICIPLE_VIOLATED));
    assertTrue(doesLabelExist(simpleMessage.getDetails(), vulnerabilityConcern1.getSeverity().getVulnerabilityLabel(), "Vulnerabilities", ProjectMessageSummarizer.OP_PARTICIPLE_ADDED));
    assertTrue(doesLabelExist(simpleMessage.getDetails(), vulnerabilityConcern2.getSeverity().getVulnerabilityLabel(), "Vulnerabilities", ProjectMessageSummarizer.OP_PARTICIPLE_UPDATED));
    assertTrue(doesLabelExist(simpleMessage.getDetails(), vulnerabilityConcern3.getSeverity().getVulnerabilityLabel(), "Vulnerabilities", ProjectMessageSummarizer.OP_PARTICIPLE_DELETED));
    assertTrue(simpleMessage.getDescription().contains("updates"));
}