Search in sources :

Example 1 with ComponentVulnerabilities

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities in project hub-alert by blackducksoftware.

the class ProjectIssueModelConverterTest method toIssueCommentModelWithEmptyVulnerabilitySeverityTest.

@Test
public void toIssueCommentModelWithEmptyVulnerabilitySeverityTest() {
    IssueVulnerabilityModel vuln1 = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-13579", "https://a-url");
    IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(), List.of(vuln1), List.of());
    ComponentVulnerabilities componentVulnerabilities = new ComponentVulnerabilities(List.of(), List.of(), List.of(), List.of());
    AbstractBomComponentDetails vulnerableBomComponentDetails = createBomComponentDetailsWithComponentVulnerabilities(componentVulnerabilities);
    IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromBomComponentDetails(vulnerableBomComponentDetails);
    ProjectIssueModel projectIssueModel = ProjectIssueModel.vulnerability(PROVIDER_DETAILS, PROJECT_ITEM, PROJECT_VERSION_ITEM, issueBomComponentDetails, vulnerabilityDetails);
    MockIssueTrackerMessageFormatter formatter = MockIssueTrackerMessageFormatter.withIntegerMaxValueLength();
    ProjectIssueModelConverter converter = new ProjectIssueModelConverter(formatter);
    IssueCommentModel<String> issueCommentModel = converter.toIssueCommentModel(EXISTING_ISSUE_DETAILS, projectIssueModel);
    assertEquals(1, issueCommentModel.getComments().size());
    String comments = issueCommentModel.getComments().get(0);
    assertTrue(comments.contains("None"), "Expected missing vulnerability severity to return Severity Status: None");
}
Also used : IssueVulnerabilityDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails) IssueBomComponentDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails) AbstractBomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.AbstractBomComponentDetails) IssueVulnerabilityModel(com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityModel) ProjectIssueModel(com.synopsys.integration.alert.api.channel.issue.model.ProjectIssueModel) ComponentVulnerabilities(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities) MockIssueTrackerMessageFormatter(com.synopsys.integration.alert.api.channel.issue.convert.mock.MockIssueTrackerMessageFormatter) Test(org.junit.jupiter.api.Test)

Example 2 with ComponentVulnerabilities

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities in project hub-alert by blackducksoftware.

the class ProjectIssueModelConverterTest method toIssueCreationModelWithVulnerabilitySeverityTest.

@Test
public void toIssueCreationModelWithVulnerabilitySeverityTest() {
    MockIssueTrackerMessageFormatter formatter = MockIssueTrackerMessageFormatter.withIntegerMaxValueLength();
    ProjectIssueModelConverter converter = new ProjectIssueModelConverter(formatter);
    IssueVulnerabilityModel vuln = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-13579", "https://a-url");
    IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(), List.of(vuln), List.of());
    ComponentVulnerabilities componentVulnerabilities = new ComponentVulnerabilities(List.of(new LinkableItem("VulnerabilityCritical", "CVE-004")), List.of(new LinkableItem("VulnerabilityHigh", "CVE-005")), List.of(new LinkableItem("VulnerabilityMedium", "CVE-006")), List.of(new LinkableItem("VulnerabilityLow", "CVE-007")));
    AbstractBomComponentDetails vulnerableBomComponentDetails = createBomComponentDetailsWithComponentVulnerabilities(componentVulnerabilities);
    IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromBomComponentDetails(vulnerableBomComponentDetails);
    ProjectIssueModel projectIssueModel = ProjectIssueModel.vulnerability(PROVIDER_DETAILS, PROJECT_ITEM, PROJECT_VERSION_ITEM, issueBomComponentDetails, vulnerabilityDetails);
    IssueCreationModel issueCreationModel = converter.toIssueCreationModel(projectIssueModel, "jobName");
    assertTrue(issueCreationModel.getDescription().contains(ComponentConcernSeverity.CRITICAL.getVulnerabilityLabel()), "Expected highest vulnerability severity in the description to be CRITICAL");
}
Also used : LinkableItem(com.synopsys.integration.alert.common.message.model.LinkableItem) IssueCreationModel(com.synopsys.integration.alert.api.channel.issue.model.IssueCreationModel) IssueVulnerabilityDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails) IssueBomComponentDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails) AbstractBomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.AbstractBomComponentDetails) IssueVulnerabilityModel(com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityModel) ProjectIssueModel(com.synopsys.integration.alert.api.channel.issue.model.ProjectIssueModel) MockIssueTrackerMessageFormatter(com.synopsys.integration.alert.api.channel.issue.convert.mock.MockIssueTrackerMessageFormatter) ComponentVulnerabilities(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities) Test(org.junit.jupiter.api.Test)

Example 3 with ComponentVulnerabilities

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities in project hub-alert by blackducksoftware.

the class ProjectIssueModelConverterTest method toIssueCommentModelWithVulnerabilitySeverityTest.

@Test
public void toIssueCommentModelWithVulnerabilitySeverityTest() {
    IssueVulnerabilityModel vuln1 = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-13579", "https://a-url");
    IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(), List.of(vuln1), List.of());
    ComponentVulnerabilities componentVulnerabilities = new ComponentVulnerabilities(List.of(new LinkableItem("VulnerabilityCritical", "CVE-004")), List.of(new LinkableItem("VulnerabilityHigh", "CVE-005")), List.of(new LinkableItem("VulnerabilityMedium", "CVE-006")), List.of(new LinkableItem("VulnerabilityLow", "CVE-007")));
    AbstractBomComponentDetails vulnerableBomComponentDetails = createBomComponentDetailsWithComponentVulnerabilities(componentVulnerabilities);
    IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromBomComponentDetails(vulnerableBomComponentDetails);
    ProjectIssueModel projectIssueModel = ProjectIssueModel.vulnerability(PROVIDER_DETAILS, PROJECT_ITEM, PROJECT_VERSION_ITEM, issueBomComponentDetails, vulnerabilityDetails);
    MockIssueTrackerMessageFormatter formatter = MockIssueTrackerMessageFormatter.withIntegerMaxValueLength();
    ProjectIssueModelConverter converter = new ProjectIssueModelConverter(formatter);
    IssueCommentModel<String> issueCommentModel = converter.toIssueCommentModel(EXISTING_ISSUE_DETAILS, projectIssueModel);
    assertEquals(1, issueCommentModel.getComments().size());
    String comments = issueCommentModel.getComments().get(0);
    assertTrue(comments.contains(ComponentConcernSeverity.CRITICAL.getVulnerabilityLabel()), "Expected highest vulnerability severity in the comment to be CRITICAL");
}
Also used : LinkableItem(com.synopsys.integration.alert.common.message.model.LinkableItem) IssueVulnerabilityDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails) IssueBomComponentDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails) AbstractBomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.AbstractBomComponentDetails) IssueVulnerabilityModel(com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityModel) ProjectIssueModel(com.synopsys.integration.alert.api.channel.issue.model.ProjectIssueModel) ComponentVulnerabilities(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities) MockIssueTrackerMessageFormatter(com.synopsys.integration.alert.api.channel.issue.convert.mock.MockIssueTrackerMessageFormatter) Test(org.junit.jupiter.api.Test)

Example 4 with ComponentVulnerabilities

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities in project hub-alert by blackducksoftware.

the class ProjectMessageToIssueModelTransformer method createVulnerabilityProjectIssueModel.

private ProjectIssueModel createVulnerabilityProjectIssueModel(ProjectMessage projectMessage, IssueBomComponentDetails issueBomComponent, List<ComponentConcern> vulnerabilityConcerns) {
    List<IssueVulnerabilityModel> issueVulnerabilitiesAdded = new LinkedList<>();
    List<IssueVulnerabilityModel> issueVulnerabilitiesUpdated = new LinkedList<>();
    List<IssueVulnerabilityModel> issueVulnerabilitiesDeleted = new LinkedList<>();
    for (ComponentConcern vulnerabilityConcern : vulnerabilityConcerns) {
        IssueVulnerabilityModel issueVulnerabilityModel = IssueVulnerabilityModel.fromComponentConcern(vulnerabilityConcern);
        ItemOperation vulnOperation = vulnerabilityConcern.getOperation();
        if (ItemOperation.ADD.equals(vulnOperation)) {
            issueVulnerabilitiesAdded.add(issueVulnerabilityModel);
        } else if (ItemOperation.DELETE.equals(vulnOperation)) {
            issueVulnerabilitiesDeleted.add(issueVulnerabilityModel);
        } else {
            issueVulnerabilitiesUpdated.add(issueVulnerabilityModel);
        }
    }
    ComponentVulnerabilities componentVulnerabilities = issueBomComponent.getComponentVulnerabilities();
    IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(!componentVulnerabilities.hasVulnerabilities(), issueVulnerabilitiesAdded, issueVulnerabilitiesUpdated, issueVulnerabilitiesDeleted);
    return ProjectIssueModel.vulnerability(projectMessage.getProviderDetails(), projectMessage.getProject(), projectMessage.getProjectVersion().orElse(null), issueBomComponent, vulnerabilityDetails);
}
Also used : IssueVulnerabilityDetails(com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails) IssueVulnerabilityModel(com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityModel) ComponentConcern(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern) ItemOperation(com.synopsys.integration.alert.common.enumeration.ItemOperation) LinkedList(java.util.LinkedList) ComponentVulnerabilities(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities)

Example 5 with ComponentVulnerabilities

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities in project hub-alert by blackducksoftware.

the class BlackDuckMessageBomComponentDetailsCreator method createBomComponentUnknownVersionDetails.

public BomComponentDetails createBomComponentUnknownVersionDetails(ProjectVersionComponentVersionView bomComponent, List<ComponentConcern> componentConcerns, ComponentUpgradeGuidance componentUpgradeGuidance, List<LinkableItem> additionalAttributes) throws IntegrationException {
    // FIXME using this query link only in a successful result and not in an unsuccessful result leads to inconsistent values in our custom fields which leads to inconsistent search results (bug).
    String componentQueryLink = BlackDuckMessageLinkUtils.createComponentQueryLink(bomComponent);
    LinkableItem component = new LinkableItem(BlackDuckMessageLabels.LABEL_COMPONENT, bomComponent.getComponentName(), componentQueryLink);
    LinkableItem componentVersion = new LinkableItem(BlackDuckMessageLabels.LABEL_COMPONENT_VERSION, COMPONENT_VERSION_UNKNOWN);
    ComponentVulnerabilities componentVulnerabilities = ComponentVulnerabilities.none();
    List<ComponentPolicy> componentPolicies = retrieveComponentPolicies(bomComponent, componentConcerns);
    LinkableItem licenseInfo = BlackDuckMessageAttributesUtils.extractLicense(bomComponent);
    String usageInfo = BlackDuckMessageAttributesUtils.extractUsage(bomComponent);
    String issuesUrl = BlackDuckMessageAttributesUtils.extractIssuesUrl(bomComponent).orElse(null);
    return new BomComponentDetails(component, componentVersion, componentVulnerabilities, componentPolicies, componentConcerns, licenseInfo, usageInfo, componentUpgradeGuidance, additionalAttributes, issuesUrl);
}
Also used : LinkableItem(com.synopsys.integration.alert.common.message.model.LinkableItem) ComponentPolicy(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy) ComponentVulnerabilities(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails)

Aggregations

ComponentVulnerabilities (com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities)12 LinkableItem (com.synopsys.integration.alert.common.message.model.LinkableItem)8 IssueVulnerabilityDetails (com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityDetails)5 Test (org.junit.jupiter.api.Test)5 IssueBomComponentDetails (com.synopsys.integration.alert.api.channel.issue.model.IssueBomComponentDetails)4 IssueVulnerabilityModel (com.synopsys.integration.alert.api.channel.issue.model.IssueVulnerabilityModel)4 ProjectIssueModel (com.synopsys.integration.alert.api.channel.issue.model.ProjectIssueModel)4 MockIssueTrackerMessageFormatter (com.synopsys.integration.alert.api.channel.issue.convert.mock.MockIssueTrackerMessageFormatter)3 AbstractBomComponentDetails (com.synopsys.integration.alert.processor.api.extract.model.project.AbstractBomComponentDetails)3 LinkedList (java.util.LinkedList)3 IssueCreationModel (com.synopsys.integration.alert.api.channel.issue.model.IssueCreationModel)2 ItemOperation (com.synopsys.integration.alert.common.enumeration.ItemOperation)2 BomComponentDetails (com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails)2 ComponentPolicy (com.synopsys.integration.alert.processor.api.extract.model.project.ComponentPolicy)2 BomComponentDetailConverter (com.synopsys.integration.alert.api.channel.convert.BomComponentDetailConverter)1 LinkableItemConverter (com.synopsys.integration.alert.api.channel.convert.LinkableItemConverter)1 IssueCommentModel (com.synopsys.integration.alert.api.channel.issue.model.IssueCommentModel)1 IssueComponentUnknownVersionDetails (com.synopsys.integration.alert.api.channel.issue.model.IssueComponentUnknownVersionDetails)1 IssuePolicyDetails (com.synopsys.integration.alert.api.channel.issue.model.IssuePolicyDetails)1 IssueTransitionModel (com.synopsys.integration.alert.api.channel.issue.model.IssueTransitionModel)1