Search in sources :

Example 6 with ComponentPolicy

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy in project hub-alert by blackducksoftware.

the class BomComponentDetailConverterTest method createBomComponentDetails.

private static AbstractBomComponentDetails createBomComponentDetails() {
    ComponentPolicy componentPolicy1 = new ComponentPolicy("A Black Duck Policy", ComponentConcernSeverity.MAJOR_HIGH, true, false, null, "Uncategorized");
    ComponentPolicy componentPolicy2 = new ComponentPolicy("A Different Black Duck Policy", ComponentConcernSeverity.UNSPECIFIED_UNKNOWN, false, true, null, "Uncategorized");
    LinkableItem shortTermUpgradeGuidance = new LinkableItem("Upgrade Guidance - Short Term", "1.0");
    LinkableItem longTermUpgradeGuidance = new LinkableItem("Upgrade Guidance - Long Term", "2.0");
    ComponentUpgradeGuidance componentUpgradeGuidance = new ComponentUpgradeGuidance(shortTermUpgradeGuidance, longTermUpgradeGuidance);
    LinkableItem attribute1 = new LinkableItem("Attribute", "Number 1");
    LinkableItem attribute2 = new LinkableItem("Attribute", "Number 2");
    return new AbstractBomComponentDetails(new LinkableItem("Component", "A BOM Component"), new LinkableItem("Component Version", "A BOM Component Version"), createComponentVulnerabilities(), List.of(componentPolicy1, componentPolicy2), new LinkableItem("License", "A Software License"), "Example Usage", componentUpgradeGuidance, List.of(attribute1, attribute2), "https://a-blackduck-url") {
    };
}
Also used : LinkableItem(com.synopsys.integration.alert.common.message.model.LinkableItem) AbstractBomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.AbstractBomComponentDetails) ComponentUpgradeGuidance(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance) ComponentPolicy(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy)

Example 7 with ComponentPolicy

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy in project hub-alert by blackducksoftware.

the class ProjectMessageConverterTest method createBomComponentDetails.

private static BomComponentDetails createBomComponentDetails() {
    ComponentPolicy componentPolicy1 = new ComponentPolicy("A component policy", ComponentConcernSeverity.UNSPECIFIED_UNKNOWN, true, false, null, "Uncategorized");
    ComponentPolicy componentPolicy2 = new ComponentPolicy("A different policy", ComponentConcernSeverity.MAJOR_HIGH, false, true, null, "Uncategorized");
    ComponentConcern policyConcern1 = ComponentConcern.policy(ItemOperation.DELETE, "A non-severe policy", "https://policy");
    ComponentConcern policyConcern2 = ComponentConcern.severePolicy(ItemOperation.ADD, "A severe policy", ComponentConcernSeverity.TRIVIAL_LOW, "https://severe-policy");
    ComponentConcern vulnerabilityConcern1 = createVulnerabilityConcern(ItemOperation.ADD, "CVE-123", ComponentConcernSeverity.CRITICAL);
    ComponentConcern vulnerabilityConcern2 = createVulnerabilityConcern(ItemOperation.UPDATE, "CVE-135", ComponentConcernSeverity.TRIVIAL_LOW);
    ComponentConcern vulnerabilityConcern3 = createVulnerabilityConcern(ItemOperation.DELETE, "CVE-246", ComponentConcernSeverity.MINOR_MEDIUM);
    LinkableItem shortTermUpgradeGuidance = new LinkableItem("Upgrade Guidance - Short Term", "1.0");
    LinkableItem longTermUpgradeGuidance = new LinkableItem("Upgrade Guidance - Long Term", "2.0");
    ComponentUpgradeGuidance componentUpgradeGuidance = new ComponentUpgradeGuidance(shortTermUpgradeGuidance, longTermUpgradeGuidance);
    ComponentConcern unknownVersionConcern1 = ComponentConcern.unknownComponentVersion(ItemOperation.ADD, "Component-Unknown-Version-01", ComponentConcernSeverity.CRITICAL, 0, "https://synopsys.com");
    ComponentConcern unknownVersionConcern2 = ComponentConcern.unknownComponentVersion(ItemOperation.ADD, "Component-Unknown-Version-01", ComponentConcernSeverity.MAJOR_HIGH, 1, "https://synopsys.com");
    ComponentConcern unknownVersionConcern3 = ComponentConcern.unknownComponentVersion(ItemOperation.ADD, "Component-Unknown-Version-01", ComponentConcernSeverity.MINOR_MEDIUM, 2, "https://synopsys.com");
    ComponentConcern unknownVersionConcern4 = ComponentConcern.unknownComponentVersion(ItemOperation.ADD, "Component-Unknown-Version-01", ComponentConcernSeverity.TRIVIAL_LOW, 3, "https://synopsys.com");
    LinkableItem attribute1 = new LinkableItem("Attribute", "The first attribute");
    LinkableItem attribute2 = new LinkableItem("Attribute Prime", "The second attribute");
    return new BomComponentDetails(new LinkableItem("Component", "The component"), new LinkableItem("Component Version", "The component version"), createComponentVulnerabilities(), List.of(componentPolicy1, componentPolicy2), List.of(policyConcern1, policyConcern2, vulnerabilityConcern1, vulnerabilityConcern2, vulnerabilityConcern3, unknownVersionConcern1, unknownVersionConcern2, unknownVersionConcern3, unknownVersionConcern4), new LinkableItem("License", "The software license name", "https://license-url"), "The usage of the component", componentUpgradeGuidance, List.of(attribute1, attribute2), "https://blackduck-issues-url");
}
Also used : LinkableItem(com.synopsys.integration.alert.common.message.model.LinkableItem) ComponentUpgradeGuidance(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance) ComponentPolicy(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy) ComponentConcern(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails)

Example 8 with ComponentPolicy

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy in project hub-alert by blackducksoftware.

the class BlackDuckMessageBomComponentDetailsCreator method createBomComponentUnknownVersionDetails.

public BomComponentDetails createBomComponentUnknownVersionDetails(ProjectVersionComponentVersionView bomComponent, List<ComponentConcern> componentConcerns, ComponentUpgradeGuidance componentUpgradeGuidance, List<LinkableItem> additionalAttributes) throws IntegrationException {
    // FIXME using this query link only in a successful result and not in an unsuccessful result leads to inconsistent values in our custom fields which leads to inconsistent search results (bug).
    String componentQueryLink = BlackDuckMessageLinkUtils.createComponentQueryLink(bomComponent);
    LinkableItem component = new LinkableItem(BlackDuckMessageLabels.LABEL_COMPONENT, bomComponent.getComponentName(), componentQueryLink);
    LinkableItem componentVersion = new LinkableItem(BlackDuckMessageLabels.LABEL_COMPONENT_VERSION, COMPONENT_VERSION_UNKNOWN);
    ComponentVulnerabilities componentVulnerabilities = ComponentVulnerabilities.none();
    List<ComponentPolicy> componentPolicies = retrieveComponentPolicies(bomComponent, componentConcerns);
    LinkableItem licenseInfo = BlackDuckMessageAttributesUtils.extractLicense(bomComponent);
    String usageInfo = BlackDuckMessageAttributesUtils.extractUsage(bomComponent);
    String issuesUrl = BlackDuckMessageAttributesUtils.extractIssuesUrl(bomComponent).orElse(null);
    return new BomComponentDetails(component, componentVersion, componentVulnerabilities, componentPolicies, componentConcerns, licenseInfo, usageInfo, componentUpgradeGuidance, additionalAttributes, issuesUrl);
}
Also used : LinkableItem(com.synopsys.integration.alert.common.message.model.LinkableItem) ComponentPolicy(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy) ComponentVulnerabilities(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails)

Example 9 with ComponentPolicy

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy in project hub-alert by blackducksoftware.

the class BlackDuckMessageBomComponentDetailsCreator method createBomComponentDetails.

public BomComponentDetails createBomComponentDetails(ProjectVersionComponentVersionView bomComponent, List<ComponentConcern> componentConcerns, ComponentUpgradeGuidance componentUpgradeGuidance, List<LinkableItem> additionalAttributes) throws IntegrationException {
    LinkableItem component;
    LinkableItem componentVersion = null;
    // FIXME using this query link only in a successful result and not in an unsuccessful result leads to inconsistent values in our custom fields which leads to inconsistent search results (bug).
    String componentQueryLink = BlackDuckMessageLinkUtils.createComponentQueryLink(bomComponent);
    String componentVersionUrl = bomComponent.getComponentVersion();
    if (StringUtils.isNotBlank(componentVersionUrl)) {
        component = new LinkableItem(BlackDuckMessageLabels.LABEL_COMPONENT, bomComponent.getComponentName());
        componentVersion = new LinkableItem(BlackDuckMessageLabels.LABEL_COMPONENT_VERSION, bomComponent.getComponentVersionName(), componentQueryLink);
    } else {
        component = new LinkableItem(BlackDuckMessageLabels.LABEL_COMPONENT, bomComponent.getComponentName(), componentQueryLink);
    }
    ComponentVulnerabilities componentVulnerabilities = retrieveComponentVulnerabilities(bomComponent);
    List<ComponentPolicy> componentPolicies = retrieveComponentPolicies(bomComponent, componentConcerns);
    LinkableItem licenseInfo = BlackDuckMessageAttributesUtils.extractLicense(bomComponent);
    String usageInfo = BlackDuckMessageAttributesUtils.extractUsage(bomComponent);
    String issuesUrl = BlackDuckMessageAttributesUtils.extractIssuesUrl(bomComponent).orElse(null);
    return new BomComponentDetails(component, componentVersion, componentVulnerabilities, componentPolicies, componentConcerns, licenseInfo, usageInfo, componentUpgradeGuidance, additionalAttributes, issuesUrl);
}
Also used : LinkableItem(com.synopsys.integration.alert.common.message.model.LinkableItem) ComponentPolicy(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy) ComponentVulnerabilities(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails)

Example 10 with ComponentPolicy

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy in project hub-alert by blackducksoftware.

the class RuleViolationClearedNotificationMessageExtractorTest method createBomComponentDetailsTest.

@Test
public void createBomComponentDetailsTest() throws IntegrationException {
    BlackDuckServicesFactory blackDuckServicesFactory = Mockito.mock(BlackDuckServicesFactory.class);
    BlackDuckApiClient blackDuckApiClient = Mockito.mock(BlackDuckApiClient.class);
    Mockito.when(blackDuckServicesFactory.getBlackDuckApiClient()).thenReturn(blackDuckApiClient);
    ProjectVersionComponentVersionView projectVersionComponentVersionView = createProjectVersionComponentVersionView();
    Mockito.when(blackDuckApiClient.getResponse(Mockito.any(), Mockito.eq(ProjectVersionComponentVersionView.class))).thenReturn(projectVersionComponentVersionView);
    ComponentPolicyRulesView componentPolicyRulesView = new ComponentPolicyRulesView();
    ResourceMetadata meta = new ResourceMetadata();
    meta.setHref(new HttpUrl(COMPONENT_POLICY_URL));
    componentPolicyRulesView.setMeta(meta);
    componentPolicyRulesView.setName(COMPONENT_POLICY.getPolicyName());
    componentPolicyRulesView.setSeverity(PolicyRuleSeverityType.BLOCKER);
    componentPolicyRulesView.setPolicyApprovalStatus(ProjectVersionComponentPolicyStatusType.IN_VIOLATION_OVERRIDDEN);
    Mockito.when(blackDuckApiClient.getAllResponses(Mockito.eq(projectVersionComponentVersionView.metaPolicyRulesLink()))).thenReturn(List.of(componentPolicyRulesView));
    PolicyRuleView policyRuleView = new PolicyRuleView();
    policyRuleView.setCategory(PolicyRuleCategoryType.UNCATEGORIZED);
    Mockito.when(blackDuckApiClient.getResponse(Mockito.any(), Mockito.eq(PolicyRuleView.class))).thenReturn(policyRuleView);
    RuleViolationClearedUniquePolicyNotificationContent notificationContent = new RuleViolationClearedUniquePolicyNotificationContent(PROJECT, PROJECT_VERSION, PROJECT_VERSION_URL, COMPONENT_VERSIONS_CLEARED, List.of(componentVersionStatus), policyInfo);
    List<BomComponentDetails> bomComponentDetailsList = extractor.createBomComponentDetails(notificationContent, blackDuckServicesFactory);
    assertEquals(1, bomComponentDetailsList.size());
    BomComponentDetails testBomComponentDetails = bomComponentDetailsList.get(0);
    assertEquals(COMPONENT, testBomComponentDetails.getComponent());
    assertTrue(testBomComponentDetails.getComponentVersion().isPresent());
    assertEquals(COMPONENT_VERSION.getValue(), testBomComponentDetails.getComponentVersion().get().getValue());
    assertEquals(LICENSE_DISPLAY, testBomComponentDetails.getLicense().getValue());
    assertEquals(UsageType.DYNAMICALLY_LINKED.prettyPrint(), testBomComponentDetails.getUsage());
    assertTrue(testBomComponentDetails.getAdditionalAttributes().isEmpty());
    assertEquals(1, testBomComponentDetails.getComponentConcerns().size());
    assertEquals(ItemOperation.DELETE, testBomComponentDetails.getComponentConcerns().get(0).getOperation());
    ComponentUpgradeGuidance componentUpgradeGuidance = testBomComponentDetails.getComponentUpgradeGuidance();
    assertFalse(componentUpgradeGuidance.getLongTermUpgradeGuidance().isPresent());
    assertFalse(componentUpgradeGuidance.getShortTermUpgradeGuidance().isPresent());
    assertEquals(1, testBomComponentDetails.getRelevantPolicies().size());
    ComponentPolicy testComponentPolicy = testBomComponentDetails.getRelevantPolicies().get(0);
    assertTrue(testComponentPolicy.getCategory().isPresent());
    assertEquals(PolicyRuleCategoryType.UNCATEGORIZED.toString(), testComponentPolicy.getCategory().get());
}
Also used : ComponentPolicyRulesView(com.synopsys.integration.blackduck.api.generated.view.ComponentPolicyRulesView) ComponentUpgradeGuidance(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance) ComponentPolicy(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy) BlackDuckApiClient(com.synopsys.integration.blackduck.service.BlackDuckApiClient) PolicyRuleView(com.synopsys.integration.blackduck.api.generated.view.PolicyRuleView) BlackDuckServicesFactory(com.synopsys.integration.blackduck.service.BlackDuckServicesFactory) ResourceMetadata(com.synopsys.integration.blackduck.api.core.ResourceMetadata) HttpUrl(com.synopsys.integration.rest.HttpUrl) RuleViolationClearedUniquePolicyNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.RuleViolationClearedUniquePolicyNotificationContent) ProjectVersionComponentVersionView(com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails) Test(org.junit.jupiter.api.Test)

Aggregations

ComponentPolicy (com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy)12 PolicyRuleView (com.synopsys.integration.blackduck.api.generated.view.PolicyRuleView)7 BomComponentDetails (com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails)6 ComponentUpgradeGuidance (com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance)6 ResourceMetadata (com.synopsys.integration.blackduck.api.core.ResourceMetadata)6 ComponentPolicyRulesView (com.synopsys.integration.blackduck.api.generated.view.ComponentPolicyRulesView)6 BlackDuckApiClient (com.synopsys.integration.blackduck.service.BlackDuckApiClient)6 HttpUrl (com.synopsys.integration.rest.HttpUrl)6 Test (org.junit.jupiter.api.Test)6 LinkableItem (com.synopsys.integration.alert.common.message.model.LinkableItem)5 BlackDuckComponentPolicyDetailsCreator (com.synopsys.integration.alert.provider.blackduck.processor.message.service.policy.BlackDuckComponentPolicyDetailsCreator)3 ProjectVersionComponentVersionView (com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView)3 BlackDuckServicesFactory (com.synopsys.integration.blackduck.service.BlackDuckServicesFactory)3 ComponentVulnerabilities (com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities)2 IssueTrackerCallbackInfoCreator (com.synopsys.integration.alert.api.channel.issue.callback.IssueTrackerCallbackInfoCreator)1 IssueBomComponentDetails (com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails)1 IssueCreationModel (com.synopsys.integration.alert.api.channel.issue.model.IssueCreationModel)1 IssuePolicyDetails (com.synopsys.integration.alert.api.channel.issue.model.IssuePolicyDetails)1 IssueVulnerabilityDetails (com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails)1 ProjectIssueModel (com.synopsys.integration.alert.api.channel.issue.model.ProjectIssueModel)1