Examples with ComponentVulnerabilities com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities used on opensource projects

Example 1 with ComponentVulnerabilities

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities in project hub-alert by blackducksoftware.

the class ProjectIssueModelConverterTest method toIssueCommentModelWithEmptyVulnerabilitySeverityTest.

@Test
public void toIssueCommentModelWithEmptyVulnerabilitySeverityTest() {
    IssueVulnerabilityModel vuln1 = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-13579", "https://a-url");
    IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(), List.of(vuln1), List.of());
    ComponentVulnerabilities componentVulnerabilities = new ComponentVulnerabilities(List.of(), List.of(), List.of(), List.of());
    AbstractBomComponentDetails vulnerableBomComponentDetails = createBomComponentDetailsWithComponentVulnerabilities(componentVulnerabilities);
    IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromBomComponentDetails(vulnerableBomComponentDetails);
    ProjectIssueModel projectIssueModel = ProjectIssueModel.vulnerability(PROVIDER_DETAILS, PROJECT_ITEM, PROJECT_VERSION_ITEM, issueBomComponentDetails, vulnerabilityDetails);
    MockIssueTrackerMessageFormatter formatter = MockIssueTrackerMessageFormatter.withIntegerMaxValueLength();
    ProjectIssueModelConverter converter = new ProjectIssueModelConverter(formatter);
    IssueCommentModel<String> issueCommentModel = converter.toIssueCommentModel(EXISTING_ISSUE_DETAILS, projectIssueModel);
    assertEquals(1, issueCommentModel.getComments().size());
    String comments = issueCommentModel.getComments().get(0);
    assertTrue(comments.contains("None"), "Expected missing vulnerability severity to return Severity Status: None");
}

Example 2 with ComponentVulnerabilities

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities in project hub-alert by blackducksoftware.

the class ProjectIssueModelConverterTest method toIssueCreationModelWithVulnerabilitySeverityTest.

@Test
public void toIssueCreationModelWithVulnerabilitySeverityTest() {
    MockIssueTrackerMessageFormatter formatter = MockIssueTrackerMessageFormatter.withIntegerMaxValueLength();
    ProjectIssueModelConverter converter = new ProjectIssueModelConverter(formatter);
    IssueVulnerabilityModel vuln = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-13579", "https://a-url");
    IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(), List.of(vuln), List.of());
    ComponentVulnerabilities componentVulnerabilities = new ComponentVulnerabilities(List.of(new LinkableItem("VulnerabilityCritical", "CVE-004")), List.of(new LinkableItem("VulnerabilityHigh", "CVE-005")), List.of(new LinkableItem("VulnerabilityMedium", "CVE-006")), List.of(new LinkableItem("VulnerabilityLow", "CVE-007")));
    AbstractBomComponentDetails vulnerableBomComponentDetails = createBomComponentDetailsWithComponentVulnerabilities(componentVulnerabilities);
    IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromBomComponentDetails(vulnerableBomComponentDetails);
    ProjectIssueModel projectIssueModel = ProjectIssueModel.vulnerability(PROVIDER_DETAILS, PROJECT_ITEM, PROJECT_VERSION_ITEM, issueBomComponentDetails, vulnerabilityDetails);
    IssueCreationModel issueCreationModel = converter.toIssueCreationModel(projectIssueModel, "jobName");
    assertTrue(issueCreationModel.getDescription().contains(ComponentConcernSeverity.CRITICAL.getVulnerabilityLabel()), "Expected highest vulnerability severity in the description to be CRITICAL");
}

Example 3 with ComponentVulnerabilities

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities in project hub-alert by blackducksoftware.

the class ProjectIssueModelConverterTest method toIssueCommentModelWithVulnerabilitySeverityTest.

@Test
public void toIssueCommentModelWithVulnerabilitySeverityTest() {
    IssueVulnerabilityModel vuln1 = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-13579", "https://a-url");
    IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(), List.of(vuln1), List.of());
    ComponentVulnerabilities componentVulnerabilities = new ComponentVulnerabilities(List.of(new LinkableItem("VulnerabilityCritical", "CVE-004")), List.of(new LinkableItem("VulnerabilityHigh", "CVE-005")), List.of(new LinkableItem("VulnerabilityMedium", "CVE-006")), List.of(new LinkableItem("VulnerabilityLow", "CVE-007")));
    AbstractBomComponentDetails vulnerableBomComponentDetails = createBomComponentDetailsWithComponentVulnerabilities(componentVulnerabilities);
    IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromBomComponentDetails(vulnerableBomComponentDetails);
    ProjectIssueModel projectIssueModel = ProjectIssueModel.vulnerability(PROVIDER_DETAILS, PROJECT_ITEM, PROJECT_VERSION_ITEM, issueBomComponentDetails, vulnerabilityDetails);
    MockIssueTrackerMessageFormatter formatter = MockIssueTrackerMessageFormatter.withIntegerMaxValueLength();
    ProjectIssueModelConverter converter = new ProjectIssueModelConverter(formatter);
    IssueCommentModel<String> issueCommentModel = converter.toIssueCommentModel(EXISTING_ISSUE_DETAILS, projectIssueModel);
    assertEquals(1, issueCommentModel.getComments().size());
    String comments = issueCommentModel.getComments().get(0);
    assertTrue(comments.contains(ComponentConcernSeverity.CRITICAL.getVulnerabilityLabel()), "Expected highest vulnerability severity in the comment to be CRITICAL");
}

Example 4 with ComponentVulnerabilities

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities in project hub-alert by blackducksoftware.

the class ProjectMessageToIssueModelTransformer method createVulnerabilityProjectIssueModel.

private ProjectIssueModel createVulnerabilityProjectIssueModel(ProjectMessage projectMessage, IssueBomComponentDetails issueBomComponent, List<ComponentConcern> vulnerabilityConcerns) {
    List<IssueVulnerabilityModel> issueVulnerabilitiesAdded = new LinkedList<>();
    List<IssueVulnerabilityModel> issueVulnerabilitiesUpdated = new LinkedList<>();
    List<IssueVulnerabilityModel> issueVulnerabilitiesDeleted = new LinkedList<>();
    for (ComponentConcern vulnerabilityConcern : vulnerabilityConcerns) {
        IssueVulnerabilityModel issueVulnerabilityModel = IssueVulnerabilityModel.fromComponentConcern(vulnerabilityConcern);
        ItemOperation vulnOperation = vulnerabilityConcern.getOperation();
        if (ItemOperation.ADD.equals(vulnOperation)) {
            issueVulnerabilitiesAdded.add(issueVulnerabilityModel);
        } else if (ItemOperation.DELETE.equals(vulnOperation)) {
            issueVulnerabilitiesDeleted.add(issueVulnerabilityModel);
        } else {
            issueVulnerabilitiesUpdated.add(issueVulnerabilityModel);
        }
    }
    ComponentVulnerabilities componentVulnerabilities = issueBomComponent.getComponentVulnerabilities();
    IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(!componentVulnerabilities.hasVulnerabilities(), issueVulnerabilitiesAdded, issueVulnerabilitiesUpdated, issueVulnerabilitiesDeleted);
    return ProjectIssueModel.vulnerability(projectMessage.getProviderDetails(), projectMessage.getProject(), projectMessage.getProjectVersion().orElse(null), issueBomComponent, vulnerabilityDetails);
}

Example 5 with ComponentVulnerabilities

use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities in project hub-alert by blackducksoftware.

the class BlackDuckMessageBomComponentDetailsCreator method createBomComponentUnknownVersionDetails.

public BomComponentDetails createBomComponentUnknownVersionDetails(ProjectVersionComponentVersionView bomComponent, List<ComponentConcern> componentConcerns, ComponentUpgradeGuidance componentUpgradeGuidance, List<LinkableItem> additionalAttributes) throws IntegrationException {
    // FIXME using this query link only in a successful result and not in an unsuccessful result leads to inconsistent values in our custom fields which leads to inconsistent search results (bug).
    String componentQueryLink = BlackDuckMessageLinkUtils.createComponentQueryLink(bomComponent);
    LinkableItem component = new LinkableItem(BlackDuckMessageLabels.LABEL_COMPONENT, bomComponent.getComponentName(), componentQueryLink);
    LinkableItem componentVersion = new LinkableItem(BlackDuckMessageLabels.LABEL_COMPONENT_VERSION, COMPONENT_VERSION_UNKNOWN);
    ComponentVulnerabilities componentVulnerabilities = ComponentVulnerabilities.none();
    List<ComponentPolicy> componentPolicies = retrieveComponentPolicies(bomComponent, componentConcerns);
    LinkableItem licenseInfo = BlackDuckMessageAttributesUtils.extractLicense(bomComponent);
    String usageInfo = BlackDuckMessageAttributesUtils.extractUsage(bomComponent);
    String issuesUrl = BlackDuckMessageAttributesUtils.extractIssuesUrl(bomComponent).orElse(null);
    return new BomComponentDetails(component, componentVersion, componentVulnerabilities, componentPolicies, componentConcerns, licenseInfo, usageInfo, componentUpgradeGuidance, additionalAttributes, issuesUrl);
}