use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy in project hub-alert by blackducksoftware.
the class RuleViolationNotificationMessageExtractorTest method createBomComponentDetailsTest.
@Test
public void createBomComponentDetailsTest() throws IntegrationException {
BlackDuckServicesFactory blackDuckServicesFactory = Mockito.mock(BlackDuckServicesFactory.class);
BlackDuckApiClient blackDuckApiClient = Mockito.mock(BlackDuckApiClient.class);
Mockito.when(blackDuckServicesFactory.getBlackDuckApiClient()).thenReturn(blackDuckApiClient);
ProjectVersionComponentVersionView projectVersionComponentVersionView = createProjectVersionComponentVersionView();
Mockito.when(blackDuckApiClient.getResponse(Mockito.any(), Mockito.eq(ProjectVersionComponentVersionView.class))).thenReturn(projectVersionComponentVersionView);
ComponentPolicyRulesView componentPolicyRulesView = new ComponentPolicyRulesView();
ResourceMetadata meta = new ResourceMetadata();
meta.setHref(new HttpUrl(COMPONENT_POLICY_URL));
componentPolicyRulesView.setMeta(meta);
componentPolicyRulesView.setName(COMPONENT_POLICY.getPolicyName());
componentPolicyRulesView.setSeverity(PolicyRuleSeverityType.BLOCKER);
componentPolicyRulesView.setPolicyApprovalStatus(ProjectVersionComponentPolicyStatusType.IN_VIOLATION_OVERRIDDEN);
Mockito.when(blackDuckApiClient.getAllResponses(Mockito.eq(projectVersionComponentVersionView.metaPolicyRulesLink()))).thenReturn(List.of(componentPolicyRulesView));
PolicyRuleView policyRuleView = new PolicyRuleView();
policyRuleView.setCategory(PolicyRuleCategoryType.UNCATEGORIZED);
Mockito.when(blackDuckApiClient.getResponse(Mockito.any(), Mockito.eq(PolicyRuleView.class))).thenReturn(policyRuleView);
RuleViolationUniquePolicyNotificationContent notificationContent = new RuleViolationUniquePolicyNotificationContent(PROJECT, PROJECT_VERSION, PROJECT_VERSION_URL, COMPONENT_VERSIONS_IN_VIOLATION, List.of(componentVersionStatus), policyInfo);
List<BomComponentDetails> bomComponentDetailsList = extractor.createBomComponentDetails(notificationContent, blackDuckServicesFactory);
assertEquals(1, bomComponentDetailsList.size());
BomComponentDetails testBomComponentDetails = bomComponentDetailsList.get(0);
assertEquals(COMPONENT, testBomComponentDetails.getComponent());
assertTrue(testBomComponentDetails.getComponentVersion().isPresent());
assertEquals(COMPONENT_VERSION.getValue(), testBomComponentDetails.getComponentVersion().get().getValue());
assertEquals(LICENSE_DISPLAY, testBomComponentDetails.getLicense().getValue());
assertEquals(UsageType.DYNAMICALLY_LINKED.prettyPrint(), testBomComponentDetails.getUsage());
assertTrue(testBomComponentDetails.getAdditionalAttributes().isEmpty());
assertEquals(1, testBomComponentDetails.getComponentConcerns().size());
assertEquals(ItemOperation.ADD, testBomComponentDetails.getComponentConcerns().get(0).getOperation());
ComponentUpgradeGuidance componentUpgradeGuidance = testBomComponentDetails.getComponentUpgradeGuidance();
assertFalse(componentUpgradeGuidance.getLongTermUpgradeGuidance().isPresent());
assertFalse(componentUpgradeGuidance.getShortTermUpgradeGuidance().isPresent());
assertEquals(1, testBomComponentDetails.getRelevantPolicies().size());
ComponentPolicy testComponentPolicy = testBomComponentDetails.getRelevantPolicies().get(0);
assertTrue(testComponentPolicy.getCategory().isPresent());
assertEquals(PolicyRuleCategoryType.UNCATEGORIZED.toString(), testComponentPolicy.getCategory().get());
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy in project hub-alert by blackducksoftware.
the class BlackDuckComponentPolicyDetailsCreatorTest method toComponentPolicyVulnerabilityRuleTest.
@Test
public void toComponentPolicyVulnerabilityRuleTest() throws IntegrationException {
PolicyRuleExpressionExpressionsView expression = new PolicyRuleExpressionExpressionsView();
expression.setName(EXAMPLE_VULNERABILITY_EXPRESSION);
BlackDuckApiClient blackDuckApiClient = Mockito.mock(BlackDuckApiClient.class);
PolicyRuleExpressionView policyRuleExpression = new PolicyRuleExpressionView();
policyRuleExpression.setExpressions(List.of(expression));
BlackDuckComponentPolicyDetailsCreator policyDetailsCreator = new BlackDuckComponentPolicyDetailsCreator(POLICY_SEVERITY_CONVERTER, blackDuckApiClient);
ComponentPolicyRulesView componentPolicyRulesView = new ComponentPolicyRulesView();
componentPolicyRulesView.setName("vuln-test-policy");
componentPolicyRulesView.setSeverity(PolicyRuleSeverityType.TRIVIAL);
componentPolicyRulesView.setPolicyApprovalStatus(ProjectVersionComponentPolicyStatusType.IN_VIOLATION);
componentPolicyRulesView.setExpression(policyRuleExpression);
ResourceMetadata meta = new ResourceMetadata();
meta.setHref(new HttpUrl("https://someUrl"));
componentPolicyRulesView.setMeta(meta);
PolicyRuleView policyRuleView = new PolicyRuleView();
policyRuleView.setName(componentPolicyRulesView.getName());
policyRuleView.setCategory(PolicyRuleCategoryType.UNCATEGORIZED);
Mockito.when(blackDuckApiClient.getResponse(Mockito.any(), Mockito.any())).thenReturn(policyRuleView);
ComponentPolicy componentPolicy = policyDetailsCreator.toComponentPolicy(componentPolicyRulesView);
assertTrue(componentPolicy.isVulnerabilityPolicy(), "Expected a vulnerability policy");
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy in project hub-alert by blackducksoftware.
the class PolicyOverrideNotificationMessageExtractorTest method createBomComponentDetailsTest.
@Test
public void createBomComponentDetailsTest() throws IntegrationException {
BlackDuckServicesFactory blackDuckServicesFactory = Mockito.mock(BlackDuckServicesFactory.class);
BlackDuckApiClient blackDuckApiClient = Mockito.mock(BlackDuckApiClient.class);
Mockito.when(blackDuckServicesFactory.getBlackDuckApiClient()).thenReturn(blackDuckApiClient);
ProjectVersionComponentVersionView projectVersionComponentVersionView = createProjectVersionComponentVersionView();
Mockito.when(blackDuckApiClient.getResponse(Mockito.any(), Mockito.any())).thenReturn(projectVersionComponentVersionView);
ComponentPolicyRulesView componentPolicyRulesView = new ComponentPolicyRulesView();
ResourceMetadata meta = new ResourceMetadata();
meta.setHref(new HttpUrl("https://someUrlPolicyRuleView"));
componentPolicyRulesView.setMeta(meta);
componentPolicyRulesView.setName(COMPONENT_POLICY.getPolicyName());
componentPolicyRulesView.setSeverity(PolicyRuleSeverityType.BLOCKER);
componentPolicyRulesView.setPolicyApprovalStatus(ProjectVersionComponentPolicyStatusType.IN_VIOLATION_OVERRIDDEN);
Mockito.when(blackDuckApiClient.getAllResponses(Mockito.eq(projectVersionComponentVersionView.metaPolicyRulesLink()))).thenReturn(List.of(componentPolicyRulesView));
PolicyRuleView policyRuleView = new PolicyRuleView();
policyRuleView.setCategory(PolicyRuleCategoryType.UNCATEGORIZED);
Mockito.when(blackDuckApiClient.getResponse(Mockito.eq(componentPolicyRulesView.getHref()), Mockito.any())).thenReturn(policyRuleView);
List<BomComponentDetails> bomComponentDetailsList = extractor.createBomComponentDetails(policyOverrideUniquePolicyNotificationContent, blackDuckServicesFactory);
assertEquals(1, bomComponentDetailsList.size());
BomComponentDetails testBomComponentDetails = bomComponentDetailsList.get(0);
assertEquals(COMPONENT, testBomComponentDetails.getComponent());
assertEquals(1, testBomComponentDetails.getComponentConcerns().size());
assertTrue(testBomComponentDetails.getComponentVersion().isPresent());
assertEquals(COMPONENT_VERSION.getValue(), testBomComponentDetails.getComponentVersion().get().getValue());
assertEquals(LICENSE_DISPLAY, testBomComponentDetails.getLicense().getValue());
assertEquals(UsageType.DYNAMICALLY_LINKED.prettyPrint(), testBomComponentDetails.getUsage());
assertEquals(1, testBomComponentDetails.getAdditionalAttributes().size());
ComponentUpgradeGuidance componentUpgradeGuidance = testBomComponentDetails.getComponentUpgradeGuidance();
assertFalse(componentUpgradeGuidance.getLongTermUpgradeGuidance().isPresent());
assertFalse(componentUpgradeGuidance.getShortTermUpgradeGuidance().isPresent());
assertEquals(1, testBomComponentDetails.getRelevantPolicies().size());
ComponentPolicy testComponentPolicy = testBomComponentDetails.getRelevantPolicies().get(0);
assertTrue(testComponentPolicy.getCategory().isPresent());
assertEquals(PolicyRuleCategoryType.UNCATEGORIZED.toString(), testComponentPolicy.getCategory().get());
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy in project hub-alert by blackducksoftware.
the class BlackDuckComponentPolicyDetailsCreator method toComponentPolicy.
public ComponentPolicy toComponentPolicy(ComponentPolicyRulesView componentPolicyRulesView) {
ComponentConcernSeverity componentConcernSeverity = policySeverityConverter.toComponentConcernSeverity(componentPolicyRulesView.getSeverity().name());
boolean overridden = ProjectVersionComponentPolicyStatusType.IN_VIOLATION_OVERRIDDEN.equals(componentPolicyRulesView.getPolicyApprovalStatus());
boolean vulnerabilityPolicy = isVulnerabilityPolicy(componentPolicyRulesView);
Optional<PolicyRuleView> policyRuleView = retrievePolicyRuleView(componentPolicyRulesView.getHref());
String category = policyRuleView.map(PolicyRuleView::getCategory).map(PolicyRuleCategoryType::name).orElse(null);
return new ComponentPolicy(componentPolicyRulesView.getName(), componentConcernSeverity, overridden, vulnerabilityPolicy, componentPolicyRulesView.getDescription(), category);
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy in project hub-alert by blackducksoftware.
the class JiraIssueCreator method createCustomFieldReplacementValues.
protected MessageReplacementValues createCustomFieldReplacementValues(ProjectIssueModel alertIssueSource) {
IssueBomComponentDetails bomComponent = alertIssueSource.getBomComponentDetails();
ComponentUpgradeGuidance upgradeGuidance = bomComponent.getComponentUpgradeGuidance();
Optional<String> severity = Optional.empty();
Optional<String> policyCategory = Optional.empty();
Optional<IssuePolicyDetails> issuePolicyDetails = alertIssueSource.getPolicyDetails();
Optional<IssueVulnerabilityDetails> vulnerabilityDetails = alertIssueSource.getVulnerabilityDetails();
if (issuePolicyDetails.isPresent()) {
IssuePolicyDetails policyDetails = issuePolicyDetails.get();
severity = Optional.ofNullable(policyDetails.getSeverity().getPolicyLabel());
policyCategory = bomComponent.getRelevantPolicies().stream().filter(policy -> policyDetails.getName().equals(policy.getPolicyName())).findAny().flatMap(ComponentPolicy::getCategory);
}
if (vulnerabilityDetails.isPresent()) {
severity = vulnerabilityDetails.get().getHighestSeverityAddedOrUpdated();
}
return new MessageReplacementValues.Builder(alertIssueSource.getProvider().getLabel(), alertIssueSource.getProject().getValue()).projectVersionName(alertIssueSource.getProjectVersion().map(LinkableItem::getValue).orElse(MessageReplacementValues.DEFAULT_NOTIFICATION_REPLACEMENT_VALUE)).componentName(bomComponent.getComponent().getValue()).componentVersionName(bomComponent.getComponentVersion().map(LinkableItem::getValue).orElse(MessageReplacementValues.DEFAULT_NOTIFICATION_REPLACEMENT_VALUE)).componentUsage(bomComponent.getUsage()).componentLicense(bomComponent.getLicense().getValue()).severity(severity.orElse(MessageReplacementValues.DEFAULT_NOTIFICATION_REPLACEMENT_VALUE)).policyCategory(policyCategory.orElse(MessageReplacementValues.DEFAULT_NOTIFICATION_REPLACEMENT_VALUE)).shortTermUpgradeGuidance(upgradeGuidance.getShortTermUpgradeGuidance().map(LinkableItem::getValue).orElse(MessageReplacementValues.DEFAULT_NOTIFICATION_REPLACEMENT_VALUE)).longTermUpgradeGuidance(upgradeGuidance.getLongTermUpgradeGuidance().map(LinkableItem::getValue).orElse(MessageReplacementValues.DEFAULT_NOTIFICATION_REPLACEMENT_VALUE)).build();
}
Aggregations