Search in sources :

Example 1 with VulnerabilityUniqueProjectNotificationContent

use of com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent in project hub-alert by blackducksoftware.

the class VulnerabilityNotificationMessageExtractorTest method retrieveComponentVersionViewEmptyTest.

@Test
public void retrieveComponentVersionViewEmptyTest() throws IntegrationException {
    BlackDuckServicesFactory blackDuckServicesFactory = Mockito.mock(BlackDuckServicesFactory.class);
    BlackDuckApiClient blackDuckApiClient = Mockito.mock(BlackDuckApiClient.class);
    Mockito.when(blackDuckServicesFactory.getBlackDuckApiClient()).thenReturn(blackDuckApiClient);
    Mockito.doThrow(new IntegrationRestException(HttpMethod.GET, new HttpUrl("https://google.com"), HttpStatus.NOT_FOUND.value(), "httpStatusMessageTest", "httpResponseContentTest", "IntegrationRestExceptionForAlertTest")).when(blackDuckApiClient).getResponse(Mockito.any(), Mockito.eq(ProjectVersionComponentVersionView.class));
    Mockito.doThrow(new IntegrationRestException(HttpMethod.GET, new HttpUrl("https://google.com"), HttpStatus.NOT_FOUND.value(), "httpStatusMessageTest", "httpResponseContentTest", "IntegrationRestExceptionForAlertTest")).when(blackDuckApiClient).getResponse(Mockito.any(), Mockito.eq(ComponentVersionView.class));
    VulnerabilityUniqueProjectNotificationContent notificationContent = createVulnerabilityUniqueProjectNotificationContent();
    List<BomComponentDetails> bomComponentDetailsList = extractor.createBomComponentDetails(notificationContent, blackDuckServicesFactory);
    assertEquals(1, bomComponentDetailsList.size());
    BomComponentDetails testBomComponentDetails = bomComponentDetailsList.get(0);
    ComponentUpgradeGuidance componentUpgradeGuidance = testBomComponentDetails.getComponentUpgradeGuidance();
    assertFalse(componentUpgradeGuidance.getLongTermUpgradeGuidance().isPresent());
    assertFalse(componentUpgradeGuidance.getShortTermUpgradeGuidance().isPresent());
}
Also used : IntegrationRestException(com.synopsys.integration.rest.exception.IntegrationRestException) ComponentUpgradeGuidance(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance) BlackDuckApiClient(com.synopsys.integration.blackduck.service.BlackDuckApiClient) ProjectVersionComponentVersionView(com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView) ComponentVersionView(com.synopsys.integration.blackduck.api.generated.view.ComponentVersionView) VulnerabilityUniqueProjectNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent) BlackDuckServicesFactory(com.synopsys.integration.blackduck.service.BlackDuckServicesFactory) HttpUrl(com.synopsys.integration.rest.HttpUrl) ProjectVersionComponentVersionView(com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails) Test(org.junit.jupiter.api.Test)

Example 2 with VulnerabilityUniqueProjectNotificationContent

use of com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent in project hub-alert by blackducksoftware.

the class VulnerabilityNotificationMessageExtractorTest method createBomComponentDetailsMissingBomComponentTest.

@Test
public void createBomComponentDetailsMissingBomComponentTest() throws IntegrationException {
    BlackDuckServicesFactory blackDuckServicesFactory = Mockito.mock(BlackDuckServicesFactory.class);
    BlackDuckApiClient blackDuckApiClient = Mockito.mock(BlackDuckApiClient.class);
    Mockito.when(blackDuckServicesFactory.getBlackDuckApiClient()).thenReturn(blackDuckApiClient);
    Mockito.doThrow(new IntegrationRestException(HttpMethod.GET, new HttpUrl("https://google.com"), HttpStatus.NOT_FOUND.value(), "httpStatusMessageTest", "httpResponseContentTest", "IntegrationRestExceptionForAlertTest")).when(blackDuckApiClient).getResponse(Mockito.any(), Mockito.eq(ProjectVersionComponentVersionView.class));
    ComponentVersionView componentVersionView = createComponentVersionView();
    Mockito.when(blackDuckApiClient.getResponse(Mockito.any(), Mockito.eq(ComponentVersionView.class))).thenReturn(componentVersionView);
    ComponentVersionUpgradeGuidanceView componentVersionUpgradeGuidanceView = createComponentVersionUpgradeGuidanceView();
    UrlSingleResponse<ComponentVersionUpgradeGuidanceView> urlSingleResponse = new UrlSingleResponse<>(new HttpUrl(UPGRADE_GUIDANCE_URL), ComponentVersionUpgradeGuidanceView.class);
    Mockito.when(blackDuckApiClient.getResponse(Mockito.eq(urlSingleResponse))).thenReturn(componentVersionUpgradeGuidanceView);
    VulnerabilityUniqueProjectNotificationContent notificationContent = createVulnerabilityUniqueProjectNotificationContent();
    List<BomComponentDetails> bomComponentDetailsList = extractor.createBomComponentDetails(notificationContent, blackDuckServicesFactory);
    assertEquals(1, bomComponentDetailsList.size());
    BomComponentDetails testBomComponentDetails = bomComponentDetailsList.get(0);
    assertEquals(COMPONENT, testBomComponentDetails.getComponent());
    assertTrue(testBomComponentDetails.getComponentVersion().isPresent());
    assertEquals(COMPONENT_VERSION.getValue(), testBomComponentDetails.getComponentVersion().get().getValue());
    assertTrue(testBomComponentDetails.getRelevantPolicies().isEmpty());
    assertEquals(BlackDuckMessageLabels.VALUE_UNKNOWN_LICENSE, testBomComponentDetails.getLicense().getValue());
    assertEquals(BlackDuckMessageLabels.VALUE_UNKNOWN_USAGE, testBomComponentDetails.getUsage());
    assertTrue(testBomComponentDetails.getAdditionalAttributes().isEmpty());
    assertEquals(3, testBomComponentDetails.getComponentConcerns().size());
    ComponentUpgradeGuidance componentUpgradeGuidance = testBomComponentDetails.getComponentUpgradeGuidance();
    assertTrue(componentUpgradeGuidance.getLongTermUpgradeGuidance().isPresent());
    assertTrue(componentUpgradeGuidance.getShortTermUpgradeGuidance().isPresent());
}
Also used : UrlSingleResponse(com.synopsys.integration.blackduck.api.core.response.UrlSingleResponse) IntegrationRestException(com.synopsys.integration.rest.exception.IntegrationRestException) BlackDuckApiClient(com.synopsys.integration.blackduck.service.BlackDuckApiClient) VulnerabilityUniqueProjectNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent) BlackDuckServicesFactory(com.synopsys.integration.blackduck.service.BlackDuckServicesFactory) HttpUrl(com.synopsys.integration.rest.HttpUrl) ComponentUpgradeGuidance(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance) ProjectVersionComponentVersionView(com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView) ComponentVersionView(com.synopsys.integration.blackduck.api.generated.view.ComponentVersionView) ComponentVersionUpgradeGuidanceView(com.synopsys.integration.blackduck.api.generated.response.ComponentVersionUpgradeGuidanceView) ProjectVersionComponentVersionView(com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails) Test(org.junit.jupiter.api.Test)

Example 3 with VulnerabilityUniqueProjectNotificationContent

use of com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent in project hub-alert by blackducksoftware.

the class VulnerabilityNotificationMessageExtractorTest method safelyRetrieveItemsEmptyTest.

@Test
public void safelyRetrieveItemsEmptyTest() throws IntegrationException {
    BlackDuckServicesFactory blackDuckServicesFactory = Mockito.mock(BlackDuckServicesFactory.class);
    BlackDuckApiClient blackDuckApiClient = Mockito.mock(BlackDuckApiClient.class);
    Mockito.when(blackDuckServicesFactory.getBlackDuckApiClient()).thenReturn(blackDuckApiClient);
    Mockito.doThrow(new IntegrationRestException(HttpMethod.GET, new HttpUrl("https://google.com"), HttpStatus.NOT_FOUND.value(), "httpStatusMessageTest", "httpResponseContentTest", "IntegrationRestExceptionForAlertTest")).when(blackDuckApiClient).getResponse(Mockito.any(), Mockito.eq(ProjectVersionComponentVersionView.class));
    ComponentVersionView componentVersionView = createComponentVersionView();
    Mockito.when(blackDuckApiClient.getResponse(Mockito.any(), Mockito.eq(ComponentVersionView.class))).thenReturn(componentVersionView);
    UrlSingleResponse<ComponentVersionUpgradeGuidanceView> urlSingleResponse = new UrlSingleResponse<>(new HttpUrl(UPGRADE_GUIDANCE_URL), ComponentVersionUpgradeGuidanceView.class);
    Mockito.doThrow(new IntegrationRestException(HttpMethod.GET, new HttpUrl("https://google.com"), HttpStatus.NOT_FOUND.value(), "httpStatusMessageTest", "httpResponseContentTest", "IntegrationRestExceptionForAlertTest")).when(blackDuckApiClient).getResponse(Mockito.eq(urlSingleResponse));
    VulnerabilityUniqueProjectNotificationContent notificationContent = createVulnerabilityUniqueProjectNotificationContent();
    List<BomComponentDetails> bomComponentDetailsList = extractor.createBomComponentDetails(notificationContent, blackDuckServicesFactory);
    assertEquals(1, bomComponentDetailsList.size());
    BomComponentDetails testBomComponentDetails = bomComponentDetailsList.get(0);
    ComponentUpgradeGuidance componentUpgradeGuidance = testBomComponentDetails.getComponentUpgradeGuidance();
    assertFalse(componentUpgradeGuidance.getLongTermUpgradeGuidance().isPresent());
    assertFalse(componentUpgradeGuidance.getShortTermUpgradeGuidance().isPresent());
}
Also used : UrlSingleResponse(com.synopsys.integration.blackduck.api.core.response.UrlSingleResponse) IntegrationRestException(com.synopsys.integration.rest.exception.IntegrationRestException) BlackDuckApiClient(com.synopsys.integration.blackduck.service.BlackDuckApiClient) VulnerabilityUniqueProjectNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent) BlackDuckServicesFactory(com.synopsys.integration.blackduck.service.BlackDuckServicesFactory) HttpUrl(com.synopsys.integration.rest.HttpUrl) ComponentUpgradeGuidance(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance) ProjectVersionComponentVersionView(com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView) ComponentVersionView(com.synopsys.integration.blackduck.api.generated.view.ComponentVersionView) ComponentVersionUpgradeGuidanceView(com.synopsys.integration.blackduck.api.generated.response.ComponentVersionUpgradeGuidanceView) ProjectVersionComponentVersionView(com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails) Test(org.junit.jupiter.api.Test)

Example 4 with VulnerabilityUniqueProjectNotificationContent

use of com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent in project hub-alert by blackducksoftware.

the class VulnerabilityNotificationMessageExtractorTest method createBomComponentDetailsMissingOriginTest.

@Test
public void createBomComponentDetailsMissingOriginTest() throws IntegrationException {
    BlackDuckServicesFactory blackDuckServicesFactory = Mockito.mock(BlackDuckServicesFactory.class);
    BlackDuckApiClient blackDuckApiClient = Mockito.mock(BlackDuckApiClient.class);
    Mockito.when(blackDuckServicesFactory.getBlackDuckApiClient()).thenReturn(blackDuckApiClient);
    ProjectVersionComponentVersionView projectVersionComponentVersionView = createProjectVersionComponentVersionView(false);
    Mockito.when(blackDuckApiClient.getResponse(Mockito.any(), Mockito.eq(ProjectVersionComponentVersionView.class))).thenReturn(projectVersionComponentVersionView);
    ComponentVersionUpgradeGuidanceView componentVersionUpgradeGuidanceView = createComponentVersionUpgradeGuidanceView();
    // A UrlSingleResponse is needed to Mock the blackDuckApiClient in BlackDuckMessageComponentVersionUpgradeGuidanceService::requestUpgradeGuidanceItems
    UrlSingleResponse<ComponentVersionUpgradeGuidanceView> urlSingleResponse = new UrlSingleResponse<>(new HttpUrl(UPGRADE_GUIDANCE_URL), ComponentVersionUpgradeGuidanceView.class);
    Mockito.when(blackDuckApiClient.getResponse(Mockito.eq(urlSingleResponse))).thenReturn(componentVersionUpgradeGuidanceView);
    VulnerabilityUniqueProjectNotificationContent notificationContent = createVulnerabilityUniqueProjectNotificationContent();
    List<BomComponentDetails> bomComponentDetailsList = extractor.createBomComponentDetails(notificationContent, blackDuckServicesFactory);
    assertEquals(1, bomComponentDetailsList.size());
    BomComponentDetails testBomComponentDetails = bomComponentDetailsList.get(0);
    assertEquals(COMPONENT, testBomComponentDetails.getComponent());
    assertTrue(testBomComponentDetails.getComponentVersion().isPresent());
    assertEquals(COMPONENT_VERSION.getValue(), testBomComponentDetails.getComponentVersion().get().getValue());
    assertEquals(LICENSE_DISPLAY, testBomComponentDetails.getLicense().getValue());
    assertEquals(UsageType.DYNAMICALLY_LINKED.prettyPrint(), testBomComponentDetails.getUsage());
    assertTrue(testBomComponentDetails.getAdditionalAttributes().isEmpty());
    assertTrue(testBomComponentDetails.getRelevantPolicies().isEmpty());
    assertNotNull(testBomComponentDetails.getComponentVulnerabilities());
    assertEquals(3, testBomComponentDetails.getComponentConcerns().size());
    ComponentUpgradeGuidance componentUpgradeGuidance = testBomComponentDetails.getComponentUpgradeGuidance();
    assertTrue(componentUpgradeGuidance.getLongTermUpgradeGuidance().isEmpty());
    assertTrue(componentUpgradeGuidance.getShortTermUpgradeGuidance().isEmpty());
}
Also used : UrlSingleResponse(com.synopsys.integration.blackduck.api.core.response.UrlSingleResponse) ComponentUpgradeGuidance(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance) BlackDuckApiClient(com.synopsys.integration.blackduck.service.BlackDuckApiClient) VulnerabilityUniqueProjectNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent) BlackDuckServicesFactory(com.synopsys.integration.blackduck.service.BlackDuckServicesFactory) ComponentVersionUpgradeGuidanceView(com.synopsys.integration.blackduck.api.generated.response.ComponentVersionUpgradeGuidanceView) HttpUrl(com.synopsys.integration.rest.HttpUrl) ProjectVersionComponentVersionView(com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails) Test(org.junit.jupiter.api.Test)

Example 5 with VulnerabilityUniqueProjectNotificationContent

use of com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent in project hub-alert by blackducksoftware.

the class VulnerabilityNotificationDetailExtractor method extractDetailedContent.

@Override
public List<DetailedNotificationContent> extractDetailedContent(AlertNotificationModel alertNotificationModel, VulnerabilityNotificationView notificationView) {
    VulnerabilityNotificationContent notificationContent = notificationView.getContent();
    List<String> applicableSeverityTypes = new LinkedList<>(getApplicableSeverityTypes(notificationContent));
    // Separating this notification to be per project should fix a bug with alerts being sent about unrelated projects
    return notificationContent.getAffectedProjectVersions().stream().map(affectedProjectVersion -> new VulnerabilityUniqueProjectNotificationContent(notificationContent, affectedProjectVersion)).map(vulnerabilityUniqueProjectNotificationContent -> DetailedNotificationContent.vulnerability(// This leaves the AlertNotificationModel as the original but modifies the NotificationContent field
    alertNotificationModel, vulnerabilityUniqueProjectNotificationContent, vulnerabilityUniqueProjectNotificationContent.getAffectedProjectVersion().getProjectName(), vulnerabilityUniqueProjectNotificationContent.getAffectedProjectVersion().getProjectVersionName(), applicableSeverityTypes)).collect(Collectors.toList());
}
Also used : DetailedNotificationContent(com.synopsys.integration.alert.processor.api.detail.DetailedNotificationContent) AlertNotificationModel(com.synopsys.integration.alert.common.rest.model.AlertNotificationModel) VulnerabilityNotificationContent(com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent) VulnerabilitySeverityType(com.synopsys.integration.blackduck.api.generated.enumeration.VulnerabilitySeverityType) Set(java.util.Set) Autowired(org.springframework.beans.factory.annotation.Autowired) Collectors(java.util.stream.Collectors) StringUtils(org.apache.commons.lang3.StringUtils) HashSet(java.util.HashSet) List(java.util.List) Component(org.springframework.stereotype.Component) VulnerabilitySourceQualifiedId(com.synopsys.integration.blackduck.api.manual.component.VulnerabilitySourceQualifiedId) VulnerabilityUniqueProjectNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent) VulnerabilityNotificationView(com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView) LinkedList(java.util.LinkedList) NotificationDetailExtractor(com.synopsys.integration.alert.processor.api.detail.NotificationDetailExtractor) VulnerabilityNotificationContent(com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent) VulnerabilityUniqueProjectNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent) LinkedList(java.util.LinkedList)

Aggregations

VulnerabilityUniqueProjectNotificationContent (com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent)11 Test (org.junit.jupiter.api.Test)6 BomComponentDetails (com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails)5 ComponentUpgradeGuidance (com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance)5 ProjectVersionComponentVersionView (com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView)5 VulnerabilityNotificationContent (com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent)5 BlackDuckApiClient (com.synopsys.integration.blackduck.service.BlackDuckApiClient)5 BlackDuckServicesFactory (com.synopsys.integration.blackduck.service.BlackDuckServicesFactory)5 HttpUrl (com.synopsys.integration.rest.HttpUrl)5 UrlSingleResponse (com.synopsys.integration.blackduck.api.core.response.UrlSingleResponse)4 ComponentVersionUpgradeGuidanceView (com.synopsys.integration.blackduck.api.generated.response.ComponentVersionUpgradeGuidanceView)4 AffectedProjectVersion (com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion)4 ComponentVersionView (com.synopsys.integration.blackduck.api.generated.view.ComponentVersionView)3 VulnerabilitySourceQualifiedId (com.synopsys.integration.blackduck.api.manual.component.VulnerabilitySourceQualifiedId)3 IntegrationRestException (com.synopsys.integration.rest.exception.IntegrationRestException)3 DetailedNotificationContent (com.synopsys.integration.alert.processor.api.detail.DetailedNotificationContent)2 VulnerabilityNotificationView (com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView)2 AlertNotificationModel (com.synopsys.integration.alert.common.rest.model.AlertNotificationModel)1 NotificationDetailExtractor (com.synopsys.integration.alert.processor.api.detail.NotificationDetailExtractor)1 VulnerabilitySeverityType (com.synopsys.integration.blackduck.api.generated.enumeration.VulnerabilitySeverityType)1