use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities in project hub-alert by blackducksoftware.
the class ProjectIssueModelConverterTest method toIssueCommentModelWithEmptyVulnerabilitySeverityTest.
@Test
public void toIssueCommentModelWithEmptyVulnerabilitySeverityTest() {
IssueVulnerabilityModel vuln1 = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-13579", "https://a-url");
IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(), List.of(vuln1), List.of());
ComponentVulnerabilities componentVulnerabilities = new ComponentVulnerabilities(List.of(), List.of(), List.of(), List.of());
AbstractBomComponentDetails vulnerableBomComponentDetails = createBomComponentDetailsWithComponentVulnerabilities(componentVulnerabilities);
IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromBomComponentDetails(vulnerableBomComponentDetails);
ProjectIssueModel projectIssueModel = ProjectIssueModel.vulnerability(PROVIDER_DETAILS, PROJECT_ITEM, PROJECT_VERSION_ITEM, issueBomComponentDetails, vulnerabilityDetails);
MockIssueTrackerMessageFormatter formatter = MockIssueTrackerMessageFormatter.withIntegerMaxValueLength();
ProjectIssueModelConverter converter = new ProjectIssueModelConverter(formatter);
IssueCommentModel<String> issueCommentModel = converter.toIssueCommentModel(EXISTING_ISSUE_DETAILS, projectIssueModel);
assertEquals(1, issueCommentModel.getComments().size());
String comments = issueCommentModel.getComments().get(0);
assertTrue(comments.contains("None"), "Expected missing vulnerability severity to return Severity Status: None");
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities in project hub-alert by blackducksoftware.
the class ProjectIssueModelConverterTest method toIssueCreationModelWithVulnerabilitySeverityTest.
@Test
public void toIssueCreationModelWithVulnerabilitySeverityTest() {
MockIssueTrackerMessageFormatter formatter = MockIssueTrackerMessageFormatter.withIntegerMaxValueLength();
ProjectIssueModelConverter converter = new ProjectIssueModelConverter(formatter);
IssueVulnerabilityModel vuln = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-13579", "https://a-url");
IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(), List.of(vuln), List.of());
ComponentVulnerabilities componentVulnerabilities = new ComponentVulnerabilities(List.of(new LinkableItem("VulnerabilityCritical", "CVE-004")), List.of(new LinkableItem("VulnerabilityHigh", "CVE-005")), List.of(new LinkableItem("VulnerabilityMedium", "CVE-006")), List.of(new LinkableItem("VulnerabilityLow", "CVE-007")));
AbstractBomComponentDetails vulnerableBomComponentDetails = createBomComponentDetailsWithComponentVulnerabilities(componentVulnerabilities);
IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromBomComponentDetails(vulnerableBomComponentDetails);
ProjectIssueModel projectIssueModel = ProjectIssueModel.vulnerability(PROVIDER_DETAILS, PROJECT_ITEM, PROJECT_VERSION_ITEM, issueBomComponentDetails, vulnerabilityDetails);
IssueCreationModel issueCreationModel = converter.toIssueCreationModel(projectIssueModel, "jobName");
assertTrue(issueCreationModel.getDescription().contains(ComponentConcernSeverity.CRITICAL.getVulnerabilityLabel()), "Expected highest vulnerability severity in the description to be CRITICAL");
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities in project hub-alert by blackducksoftware.
the class ProjectIssueModelConverterTest method toIssueCommentModelWithVulnerabilitySeverityTest.
@Test
public void toIssueCommentModelWithVulnerabilitySeverityTest() {
IssueVulnerabilityModel vuln1 = createIssueVulnerability(ComponentConcernSeverity.MAJOR_HIGH, "CVE-13579", "https://a-url");
IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(false, List.of(), List.of(vuln1), List.of());
ComponentVulnerabilities componentVulnerabilities = new ComponentVulnerabilities(List.of(new LinkableItem("VulnerabilityCritical", "CVE-004")), List.of(new LinkableItem("VulnerabilityHigh", "CVE-005")), List.of(new LinkableItem("VulnerabilityMedium", "CVE-006")), List.of(new LinkableItem("VulnerabilityLow", "CVE-007")));
AbstractBomComponentDetails vulnerableBomComponentDetails = createBomComponentDetailsWithComponentVulnerabilities(componentVulnerabilities);
IssueBomComponentDetails issueBomComponentDetails = IssueBomComponentDetails.fromBomComponentDetails(vulnerableBomComponentDetails);
ProjectIssueModel projectIssueModel = ProjectIssueModel.vulnerability(PROVIDER_DETAILS, PROJECT_ITEM, PROJECT_VERSION_ITEM, issueBomComponentDetails, vulnerabilityDetails);
MockIssueTrackerMessageFormatter formatter = MockIssueTrackerMessageFormatter.withIntegerMaxValueLength();
ProjectIssueModelConverter converter = new ProjectIssueModelConverter(formatter);
IssueCommentModel<String> issueCommentModel = converter.toIssueCommentModel(EXISTING_ISSUE_DETAILS, projectIssueModel);
assertEquals(1, issueCommentModel.getComments().size());
String comments = issueCommentModel.getComments().get(0);
assertTrue(comments.contains(ComponentConcernSeverity.CRITICAL.getVulnerabilityLabel()), "Expected highest vulnerability severity in the comment to be CRITICAL");
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities in project hub-alert by blackducksoftware.
the class ProjectMessageToIssueModelTransformer method createVulnerabilityProjectIssueModel.
private ProjectIssueModel createVulnerabilityProjectIssueModel(ProjectMessage projectMessage, IssueBomComponentDetails issueBomComponent, List<ComponentConcern> vulnerabilityConcerns) {
List<IssueVulnerabilityModel> issueVulnerabilitiesAdded = new LinkedList<>();
List<IssueVulnerabilityModel> issueVulnerabilitiesUpdated = new LinkedList<>();
List<IssueVulnerabilityModel> issueVulnerabilitiesDeleted = new LinkedList<>();
for (ComponentConcern vulnerabilityConcern : vulnerabilityConcerns) {
IssueVulnerabilityModel issueVulnerabilityModel = IssueVulnerabilityModel.fromComponentConcern(vulnerabilityConcern);
ItemOperation vulnOperation = vulnerabilityConcern.getOperation();
if (ItemOperation.ADD.equals(vulnOperation)) {
issueVulnerabilitiesAdded.add(issueVulnerabilityModel);
} else if (ItemOperation.DELETE.equals(vulnOperation)) {
issueVulnerabilitiesDeleted.add(issueVulnerabilityModel);
} else {
issueVulnerabilitiesUpdated.add(issueVulnerabilityModel);
}
}
ComponentVulnerabilities componentVulnerabilities = issueBomComponent.getComponentVulnerabilities();
IssueVulnerabilityDetails vulnerabilityDetails = new IssueVulnerabilityDetails(!componentVulnerabilities.hasVulnerabilities(), issueVulnerabilitiesAdded, issueVulnerabilitiesUpdated, issueVulnerabilitiesDeleted);
return ProjectIssueModel.vulnerability(projectMessage.getProviderDetails(), projectMessage.getProject(), projectMessage.getProjectVersion().orElse(null), issueBomComponent, vulnerabilityDetails);
}
use of com.synopsys.integration.alert.processor.api.extract.model.project.ComponentVulnerabilities in project hub-alert by blackducksoftware.
the class BlackDuckMessageBomComponentDetailsCreator method createBomComponentUnknownVersionDetails.
public BomComponentDetails createBomComponentUnknownVersionDetails(ProjectVersionComponentVersionView bomComponent, List<ComponentConcern> componentConcerns, ComponentUpgradeGuidance componentUpgradeGuidance, List<LinkableItem> additionalAttributes) throws IntegrationException {
// FIXME using this query link only in a successful result and not in an unsuccessful result leads to inconsistent values in our custom fields which leads to inconsistent search results (bug).
String componentQueryLink = BlackDuckMessageLinkUtils.createComponentQueryLink(bomComponent);
LinkableItem component = new LinkableItem(BlackDuckMessageLabels.LABEL_COMPONENT, bomComponent.getComponentName(), componentQueryLink);
LinkableItem componentVersion = new LinkableItem(BlackDuckMessageLabels.LABEL_COMPONENT_VERSION, COMPONENT_VERSION_UNKNOWN);
ComponentVulnerabilities componentVulnerabilities = ComponentVulnerabilities.none();
List<ComponentPolicy> componentPolicies = retrieveComponentPolicies(bomComponent, componentConcerns);
LinkableItem licenseInfo = BlackDuckMessageAttributesUtils.extractLicense(bomComponent);
String usageInfo = BlackDuckMessageAttributesUtils.extractUsage(bomComponent);
String issuesUrl = BlackDuckMessageAttributesUtils.extractIssuesUrl(bomComponent).orElse(null);
return new BomComponentDetails(component, componentVersion, componentVulnerabilities, componentPolicies, componentConcerns, licenseInfo, usageInfo, componentUpgradeGuidance, additionalAttributes, issuesUrl);
}
Aggregations