Search in sources :

Example 1 with ComponentPolicy

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy in project hub-alert by blackducksoftware.

the class RuleViolationNotificationMessageExtractorTest method createBomComponentDetailsTest.

@Test
public void createBomComponentDetailsTest() throws IntegrationException {
    BlackDuckServicesFactory blackDuckServicesFactory = Mockito.mock(BlackDuckServicesFactory.class);
    BlackDuckApiClient blackDuckApiClient = Mockito.mock(BlackDuckApiClient.class);
    Mockito.when(blackDuckServicesFactory.getBlackDuckApiClient()).thenReturn(blackDuckApiClient);
    ProjectVersionComponentVersionView projectVersionComponentVersionView = createProjectVersionComponentVersionView();
    Mockito.when(blackDuckApiClient.getResponse(Mockito.any(), Mockito.eq(ProjectVersionComponentVersionView.class))).thenReturn(projectVersionComponentVersionView);
    ComponentPolicyRulesView componentPolicyRulesView = new ComponentPolicyRulesView();
    ResourceMetadata meta = new ResourceMetadata();
    meta.setHref(new HttpUrl(COMPONENT_POLICY_URL));
    componentPolicyRulesView.setMeta(meta);
    componentPolicyRulesView.setName(COMPONENT_POLICY.getPolicyName());
    componentPolicyRulesView.setSeverity(PolicyRuleSeverityType.BLOCKER);
    componentPolicyRulesView.setPolicyApprovalStatus(ProjectVersionComponentPolicyStatusType.IN_VIOLATION_OVERRIDDEN);
    Mockito.when(blackDuckApiClient.getAllResponses(Mockito.eq(projectVersionComponentVersionView.metaPolicyRulesLink()))).thenReturn(List.of(componentPolicyRulesView));
    PolicyRuleView policyRuleView = new PolicyRuleView();
    policyRuleView.setCategory(PolicyRuleCategoryType.UNCATEGORIZED);
    Mockito.when(blackDuckApiClient.getResponse(Mockito.any(), Mockito.eq(PolicyRuleView.class))).thenReturn(policyRuleView);
    RuleViolationUniquePolicyNotificationContent notificationContent = new RuleViolationUniquePolicyNotificationContent(PROJECT, PROJECT_VERSION, PROJECT_VERSION_URL, COMPONENT_VERSIONS_IN_VIOLATION, List.of(componentVersionStatus), policyInfo);
    List<BomComponentDetails> bomComponentDetailsList = extractor.createBomComponentDetails(notificationContent, blackDuckServicesFactory);
    assertEquals(1, bomComponentDetailsList.size());
    BomComponentDetails testBomComponentDetails = bomComponentDetailsList.get(0);
    assertEquals(COMPONENT, testBomComponentDetails.getComponent());
    assertTrue(testBomComponentDetails.getComponentVersion().isPresent());
    assertEquals(COMPONENT_VERSION.getValue(), testBomComponentDetails.getComponentVersion().get().getValue());
    assertEquals(LICENSE_DISPLAY, testBomComponentDetails.getLicense().getValue());
    assertEquals(UsageType.DYNAMICALLY_LINKED.prettyPrint(), testBomComponentDetails.getUsage());
    assertTrue(testBomComponentDetails.getAdditionalAttributes().isEmpty());
    assertEquals(1, testBomComponentDetails.getComponentConcerns().size());
    assertEquals(ItemOperation.ADD, testBomComponentDetails.getComponentConcerns().get(0).getOperation());
    ComponentUpgradeGuidance componentUpgradeGuidance = testBomComponentDetails.getComponentUpgradeGuidance();
    assertFalse(componentUpgradeGuidance.getLongTermUpgradeGuidance().isPresent());
    assertFalse(componentUpgradeGuidance.getShortTermUpgradeGuidance().isPresent());
    assertEquals(1, testBomComponentDetails.getRelevantPolicies().size());
    ComponentPolicy testComponentPolicy = testBomComponentDetails.getRelevantPolicies().get(0);
    assertTrue(testComponentPolicy.getCategory().isPresent());
    assertEquals(PolicyRuleCategoryType.UNCATEGORIZED.toString(), testComponentPolicy.getCategory().get());
}
Also used : ComponentPolicyRulesView(com.synopsys.integration.blackduck.api.generated.view.ComponentPolicyRulesView) ComponentUpgradeGuidance(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance) RuleViolationUniquePolicyNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.RuleViolationUniquePolicyNotificationContent) ComponentPolicy(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy) BlackDuckApiClient(com.synopsys.integration.blackduck.service.BlackDuckApiClient) PolicyRuleView(com.synopsys.integration.blackduck.api.generated.view.PolicyRuleView) BlackDuckServicesFactory(com.synopsys.integration.blackduck.service.BlackDuckServicesFactory) ResourceMetadata(com.synopsys.integration.blackduck.api.core.ResourceMetadata) HttpUrl(com.synopsys.integration.rest.HttpUrl) ProjectVersionComponentVersionView(com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails) Test(org.junit.jupiter.api.Test)

Example 2 with ComponentPolicy

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy in project hub-alert by blackducksoftware.

the class BlackDuckComponentPolicyDetailsCreatorTest method toComponentPolicyVulnerabilityRuleTest.

@Test
public void toComponentPolicyVulnerabilityRuleTest() throws IntegrationException {
    PolicyRuleExpressionExpressionsView expression = new PolicyRuleExpressionExpressionsView();
    expression.setName(EXAMPLE_VULNERABILITY_EXPRESSION);
    BlackDuckApiClient blackDuckApiClient = Mockito.mock(BlackDuckApiClient.class);
    PolicyRuleExpressionView policyRuleExpression = new PolicyRuleExpressionView();
    policyRuleExpression.setExpressions(List.of(expression));
    BlackDuckComponentPolicyDetailsCreator policyDetailsCreator = new BlackDuckComponentPolicyDetailsCreator(POLICY_SEVERITY_CONVERTER, blackDuckApiClient);
    ComponentPolicyRulesView componentPolicyRulesView = new ComponentPolicyRulesView();
    componentPolicyRulesView.setName("vuln-test-policy");
    componentPolicyRulesView.setSeverity(PolicyRuleSeverityType.TRIVIAL);
    componentPolicyRulesView.setPolicyApprovalStatus(ProjectVersionComponentPolicyStatusType.IN_VIOLATION);
    componentPolicyRulesView.setExpression(policyRuleExpression);
    ResourceMetadata meta = new ResourceMetadata();
    meta.setHref(new HttpUrl("https://someUrl"));
    componentPolicyRulesView.setMeta(meta);
    PolicyRuleView policyRuleView = new PolicyRuleView();
    policyRuleView.setName(componentPolicyRulesView.getName());
    policyRuleView.setCategory(PolicyRuleCategoryType.UNCATEGORIZED);
    Mockito.when(blackDuckApiClient.getResponse(Mockito.any(), Mockito.any())).thenReturn(policyRuleView);
    ComponentPolicy componentPolicy = policyDetailsCreator.toComponentPolicy(componentPolicyRulesView);
    assertTrue(componentPolicy.isVulnerabilityPolicy(), "Expected a vulnerability policy");
}
Also used : PolicyRuleExpressionView(com.synopsys.integration.blackduck.api.generated.component.PolicyRuleExpressionView) BlackDuckComponentPolicyDetailsCreator(com.synopsys.integration.alert.provider.blackduck.processor.message.service.policy.BlackDuckComponentPolicyDetailsCreator) ComponentPolicyRulesView(com.synopsys.integration.blackduck.api.generated.view.ComponentPolicyRulesView) ComponentPolicy(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy) PolicyRuleExpressionExpressionsView(com.synopsys.integration.blackduck.api.generated.component.PolicyRuleExpressionExpressionsView) BlackDuckApiClient(com.synopsys.integration.blackduck.service.BlackDuckApiClient) PolicyRuleView(com.synopsys.integration.blackduck.api.generated.view.PolicyRuleView) ResourceMetadata(com.synopsys.integration.blackduck.api.core.ResourceMetadata) HttpUrl(com.synopsys.integration.rest.HttpUrl) Test(org.junit.jupiter.api.Test)

Example 3 with ComponentPolicy

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy in project hub-alert by blackducksoftware.

the class PolicyOverrideNotificationMessageExtractorTest method createBomComponentDetailsTest.

@Test
public void createBomComponentDetailsTest() throws IntegrationException {
    BlackDuckServicesFactory blackDuckServicesFactory = Mockito.mock(BlackDuckServicesFactory.class);
    BlackDuckApiClient blackDuckApiClient = Mockito.mock(BlackDuckApiClient.class);
    Mockito.when(blackDuckServicesFactory.getBlackDuckApiClient()).thenReturn(blackDuckApiClient);
    ProjectVersionComponentVersionView projectVersionComponentVersionView = createProjectVersionComponentVersionView();
    Mockito.when(blackDuckApiClient.getResponse(Mockito.any(), Mockito.any())).thenReturn(projectVersionComponentVersionView);
    ComponentPolicyRulesView componentPolicyRulesView = new ComponentPolicyRulesView();
    ResourceMetadata meta = new ResourceMetadata();
    meta.setHref(new HttpUrl("https://someUrlPolicyRuleView"));
    componentPolicyRulesView.setMeta(meta);
    componentPolicyRulesView.setName(COMPONENT_POLICY.getPolicyName());
    componentPolicyRulesView.setSeverity(PolicyRuleSeverityType.BLOCKER);
    componentPolicyRulesView.setPolicyApprovalStatus(ProjectVersionComponentPolicyStatusType.IN_VIOLATION_OVERRIDDEN);
    Mockito.when(blackDuckApiClient.getAllResponses(Mockito.eq(projectVersionComponentVersionView.metaPolicyRulesLink()))).thenReturn(List.of(componentPolicyRulesView));
    PolicyRuleView policyRuleView = new PolicyRuleView();
    policyRuleView.setCategory(PolicyRuleCategoryType.UNCATEGORIZED);
    Mockito.when(blackDuckApiClient.getResponse(Mockito.eq(componentPolicyRulesView.getHref()), Mockito.any())).thenReturn(policyRuleView);
    List<BomComponentDetails> bomComponentDetailsList = extractor.createBomComponentDetails(policyOverrideUniquePolicyNotificationContent, blackDuckServicesFactory);
    assertEquals(1, bomComponentDetailsList.size());
    BomComponentDetails testBomComponentDetails = bomComponentDetailsList.get(0);
    assertEquals(COMPONENT, testBomComponentDetails.getComponent());
    assertEquals(1, testBomComponentDetails.getComponentConcerns().size());
    assertTrue(testBomComponentDetails.getComponentVersion().isPresent());
    assertEquals(COMPONENT_VERSION.getValue(), testBomComponentDetails.getComponentVersion().get().getValue());
    assertEquals(LICENSE_DISPLAY, testBomComponentDetails.getLicense().getValue());
    assertEquals(UsageType.DYNAMICALLY_LINKED.prettyPrint(), testBomComponentDetails.getUsage());
    assertEquals(1, testBomComponentDetails.getAdditionalAttributes().size());
    ComponentUpgradeGuidance componentUpgradeGuidance = testBomComponentDetails.getComponentUpgradeGuidance();
    assertFalse(componentUpgradeGuidance.getLongTermUpgradeGuidance().isPresent());
    assertFalse(componentUpgradeGuidance.getShortTermUpgradeGuidance().isPresent());
    assertEquals(1, testBomComponentDetails.getRelevantPolicies().size());
    ComponentPolicy testComponentPolicy = testBomComponentDetails.getRelevantPolicies().get(0);
    assertTrue(testComponentPolicy.getCategory().isPresent());
    assertEquals(PolicyRuleCategoryType.UNCATEGORIZED.toString(), testComponentPolicy.getCategory().get());
}
Also used : ComponentPolicyRulesView(com.synopsys.integration.blackduck.api.generated.view.ComponentPolicyRulesView) ComponentUpgradeGuidance(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance) ComponentPolicy(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy) BlackDuckApiClient(com.synopsys.integration.blackduck.service.BlackDuckApiClient) PolicyRuleView(com.synopsys.integration.blackduck.api.generated.view.PolicyRuleView) BlackDuckServicesFactory(com.synopsys.integration.blackduck.service.BlackDuckServicesFactory) ResourceMetadata(com.synopsys.integration.blackduck.api.core.ResourceMetadata) HttpUrl(com.synopsys.integration.rest.HttpUrl) ProjectVersionComponentVersionView(com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails) Test(org.junit.jupiter.api.Test)

Example 4 with ComponentPolicy

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy in project hub-alert by blackducksoftware.

the class BlackDuckComponentPolicyDetailsCreator method toComponentPolicy.

public ComponentPolicy toComponentPolicy(ComponentPolicyRulesView componentPolicyRulesView) {
    ComponentConcernSeverity componentConcernSeverity = policySeverityConverter.toComponentConcernSeverity(componentPolicyRulesView.getSeverity().name());
    boolean overridden = ProjectVersionComponentPolicyStatusType.IN_VIOLATION_OVERRIDDEN.equals(componentPolicyRulesView.getPolicyApprovalStatus());
    boolean vulnerabilityPolicy = isVulnerabilityPolicy(componentPolicyRulesView);
    Optional<PolicyRuleView> policyRuleView = retrievePolicyRuleView(componentPolicyRulesView.getHref());
    String category = policyRuleView.map(PolicyRuleView::getCategory).map(PolicyRuleCategoryType::name).orElse(null);
    return new ComponentPolicy(componentPolicyRulesView.getName(), componentConcernSeverity, overridden, vulnerabilityPolicy, componentPolicyRulesView.getDescription(), category);
}
Also used : ComponentConcernSeverity(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcernSeverity) ComponentPolicy(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy) PolicyRuleView(com.synopsys.integration.blackduck.api.generated.view.PolicyRuleView)

Example 5 with ComponentPolicy

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy in project hub-alert by blackducksoftware.

the class JiraIssueCreator method createCustomFieldReplacementValues.

protected MessageReplacementValues createCustomFieldReplacementValues(ProjectIssueModel alertIssueSource) {
    IssueBomComponentDetails bomComponent = alertIssueSource.getBomComponentDetails();
    ComponentUpgradeGuidance upgradeGuidance = bomComponent.getComponentUpgradeGuidance();
    Optional<String> severity = Optional.empty();
    Optional<String> policyCategory = Optional.empty();
    Optional<IssuePolicyDetails> issuePolicyDetails = alertIssueSource.getPolicyDetails();
    Optional<IssueVulnerabilityDetails> vulnerabilityDetails = alertIssueSource.getVulnerabilityDetails();
    if (issuePolicyDetails.isPresent()) {
        IssuePolicyDetails policyDetails = issuePolicyDetails.get();
        severity = Optional.ofNullable(policyDetails.getSeverity().getPolicyLabel());
        policyCategory = bomComponent.getRelevantPolicies().stream().filter(policy -> policyDetails.getName().equals(policy.getPolicyName())).findAny().flatMap(ComponentPolicy::getCategory);
    }
    if (vulnerabilityDetails.isPresent()) {
        severity = vulnerabilityDetails.get().getHighestSeverityAddedOrUpdated();
    }
    return new MessageReplacementValues.Builder(alertIssueSource.getProvider().getLabel(), alertIssueSource.getProject().getValue()).projectVersionName(alertIssueSource.getProjectVersion().map(LinkableItem::getValue).orElse(MessageReplacementValues.DEFAULT_NOTIFICATION_REPLACEMENT_VALUE)).componentName(bomComponent.getComponent().getValue()).componentVersionName(bomComponent.getComponentVersion().map(LinkableItem::getValue).orElse(MessageReplacementValues.DEFAULT_NOTIFICATION_REPLACEMENT_VALUE)).componentUsage(bomComponent.getUsage()).componentLicense(bomComponent.getLicense().getValue()).severity(severity.orElse(MessageReplacementValues.DEFAULT_NOTIFICATION_REPLACEMENT_VALUE)).policyCategory(policyCategory.orElse(MessageReplacementValues.DEFAULT_NOTIFICATION_REPLACEMENT_VALUE)).shortTermUpgradeGuidance(upgradeGuidance.getShortTermUpgradeGuidance().map(LinkableItem::getValue).orElse(MessageReplacementValues.DEFAULT_NOTIFICATION_REPLACEMENT_VALUE)).longTermUpgradeGuidance(upgradeGuidance.getLongTermUpgradeGuidance().map(LinkableItem::getValue).orElse(MessageReplacementValues.DEFAULT_NOTIFICATION_REPLACEMENT_VALUE)).build();
}
Also used : IntegrationException(com.synopsys.integration.exception.IntegrationException) MessageReplacementValues(com.synopsys.integration.alert.api.channel.jira.distribution.custom.MessageReplacementValues) ComponentConcernType(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcernType) ExistingIssueDetails(com.synopsys.integration.alert.api.channel.issue.search.ExistingIssueDetails) StringUtils(org.apache.commons.lang3.StringUtils) IssuePolicyDetails(com.synopsys.integration.alert.api.channel.issue.model.IssuePolicyDetails) IssueResponseModel(com.synopsys.integration.jira.common.model.response.IssueResponseModel) IssueVulnerabilityDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails) JiraIssueSearchProperties(com.synopsys.integration.alert.api.channel.jira.JiraIssueSearchProperties) AlertRuntimeException(com.synopsys.integration.alert.api.common.model.exception.AlertRuntimeException) ComponentPolicy(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy) IssueCreationResponseModel(com.synopsys.integration.jira.common.model.response.IssueCreationResponseModel) IssueCategoryRetriever(com.synopsys.integration.alert.api.channel.issue.search.IssueCategoryRetriever) ComponentUpgradeGuidance(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance) IssueStatus(com.synopsys.integration.alert.api.channel.issue.search.enumeration.IssueStatus) IssueTrackerIssueCommenter(com.synopsys.integration.alert.api.channel.issue.send.IssueTrackerIssueCommenter) JiraPreconditionNotMetException(com.synopsys.integration.jira.common.exception.JiraPreconditionNotMetException) JiraIssueAlertPropertiesUrlCorrector(com.synopsys.integration.alert.api.channel.jira.distribution.search.JiraIssueAlertPropertiesUrlCorrector) JiraIssueAlertPropertiesManager(com.synopsys.integration.alert.api.channel.jira.distribution.search.JiraIssueAlertPropertiesManager) JiraErrorMessageUtility(com.synopsys.integration.alert.api.channel.jira.distribution.JiraErrorMessageUtility) IssueCategory(com.synopsys.integration.alert.api.channel.issue.search.enumeration.IssueCategory) LinkableItem(com.synopsys.integration.alert.common.message.model.LinkableItem) IssueFieldsComponent(com.synopsys.integration.jira.common.model.components.IssueFieldsComponent) IssueCreationModel(com.synopsys.integration.alert.api.channel.issue.model.IssueCreationModel) AlertException(com.synopsys.integration.alert.api.common.model.exception.AlertException) IssueTrackerIssueCreator(com.synopsys.integration.alert.api.channel.issue.send.IssueTrackerIssueCreator) IntegrationRestException(com.synopsys.integration.rest.exception.IntegrationRestException) Optional(java.util.Optional) JiraIssueSearchPropertyStringCompatibilityUtils(com.synopsys.integration.alert.api.channel.jira.distribution.search.JiraIssueSearchPropertyStringCompatibilityUtils) ProjectIssueModel(com.synopsys.integration.alert.api.channel.issue.model.ProjectIssueModel) IssueTrackerCallbackInfoCreator(com.synopsys.integration.alert.api.channel.issue.callback.IssueTrackerCallbackInfoCreator) JiraCallbackUtils(com.synopsys.integration.alert.api.channel.jira.util.JiraCallbackUtils) IssueBomComponentDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails) IssueTrackerChannelKey(com.synopsys.integration.alert.descriptor.api.model.IssueTrackerChannelKey) LinkableItem(com.synopsys.integration.alert.common.message.model.LinkableItem) IssueBomComponentDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails) IssueVulnerabilityDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails) ComponentUpgradeGuidance(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance) IssuePolicyDetails(com.synopsys.integration.alert.api.channel.issue.model.IssuePolicyDetails)

Aggregations

ComponentPolicy (com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy)12 PolicyRuleView (com.synopsys.integration.blackduck.api.generated.view.PolicyRuleView)7 BomComponentDetails (com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails)6 ComponentUpgradeGuidance (com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance)6 ResourceMetadata (com.synopsys.integration.blackduck.api.core.ResourceMetadata)6 ComponentPolicyRulesView (com.synopsys.integration.blackduck.api.generated.view.ComponentPolicyRulesView)6 BlackDuckApiClient (com.synopsys.integration.blackduck.service.BlackDuckApiClient)6 HttpUrl (com.synopsys.integration.rest.HttpUrl)6 Test (org.junit.jupiter.api.Test)6 LinkableItem (com.synopsys.integration.alert.common.message.model.LinkableItem)5 BlackDuckComponentPolicyDetailsCreator (com.synopsys.integration.alert.provider.blackduck.processor.message.service.policy.BlackDuckComponentPolicyDetailsCreator)3 ProjectVersionComponentVersionView (com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView)3 BlackDuckServicesFactory (com.synopsys.integration.blackduck.service.BlackDuckServicesFactory)3 ComponentVulnerabilities (com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities)2 IssueTrackerCallbackInfoCreator (com.synopsys.integration.alert.api.channel.issue.callback.IssueTrackerCallbackInfoCreator)1 IssueBomComponentDetails (com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails)1 IssueCreationModel (com.synopsys.integration.alert.api.channel.issue.model.IssueCreationModel)1 IssuePolicyDetails (com.synopsys.integration.alert.api.channel.issue.model.IssuePolicyDetails)1 IssueVulnerabilityDetails (com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails)1 ProjectIssueModel (com.synopsys.integration.alert.api.channel.issue.model.ProjectIssueModel)1