Search in sources :

Example 1 with AffectedProjectVersion

use of com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion in project hub-alert by blackducksoftware.

the class VulnerabilityUniqueProjectNotificationContentTest method getContentFromNotificationContentTest.

@Test
public void getContentFromNotificationContentTest() {
    String componentVersionOriginName = "Component Version Origin Name";
    String componentVersionOriginId = "Component Version Origin Id";
    AffectedProjectVersion affectedProjectVersion = new AffectedProjectVersion();
    affectedProjectVersion.setProjectName(PROJECT_NAME);
    affectedProjectVersion.setProjectVersionName(PROJECT_VERSION_NAME);
    affectedProjectVersion.setProjectVersion(PROJECT_VERSION_URL);
    VulnerabilityNotificationContent vulnerabilityNotificationContent = new VulnerabilityNotificationContent();
    vulnerabilityNotificationContent.setNewVulnerabilityCount(1);
    vulnerabilityNotificationContent.setUpdatedVulnerabilityCount(1);
    vulnerabilityNotificationContent.setDeletedVulnerabilityCount(1);
    vulnerabilityNotificationContent.setNewVulnerabilityIds(List.of(newVulnerabilityId));
    vulnerabilityNotificationContent.setUpdatedVulnerabilityIds(List.of(updatedVulnerabilityId));
    vulnerabilityNotificationContent.setDeletedVulnerabilityIds(List.of(deletedVulnerabilityId));
    vulnerabilityNotificationContent.setComponentVersion(COMPONENT_VERSION_URL);
    vulnerabilityNotificationContent.setComponentName(COMPONENT_NAME);
    vulnerabilityNotificationContent.setVersionName(VERSION_NAME);
    vulnerabilityNotificationContent.setComponentVersionOriginName(componentVersionOriginName);
    vulnerabilityNotificationContent.setAffectedProjectVersions(List.of(affectedProjectVersion));
    vulnerabilityNotificationContent.setComponentVersionOriginId(componentVersionOriginId);
    VulnerabilityUniqueProjectNotificationContent notificationContent = new VulnerabilityUniqueProjectNotificationContent(vulnerabilityNotificationContent, affectedProjectVersion);
    performAssertions(notificationContent, affectedProjectVersion);
}
Also used : AffectedProjectVersion(com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion) VulnerabilityNotificationContent(com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent) Test(org.junit.jupiter.api.Test)

Example 2 with AffectedProjectVersion

use of com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion in project hub-alert by blackducksoftware.

the class VulnerabilityUniqueProjectNotificationContentTest method getContentTest.

@Test
public void getContentTest() {
    AffectedProjectVersion affectedProjectVersion = new AffectedProjectVersion();
    affectedProjectVersion.setProjectName(PROJECT_NAME);
    affectedProjectVersion.setProjectVersionName(PROJECT_VERSION_NAME);
    affectedProjectVersion.setProjectVersion(PROJECT_VERSION_URL);
    VulnerabilityNotificationContent vulnerabilityNotificationContent = new VulnerabilityNotificationContent();
    VulnerabilityUniqueProjectNotificationContent notificationContent = new VulnerabilityUniqueProjectNotificationContent(vulnerabilityNotificationContent, affectedProjectVersion);
    notificationContent.setNewVulnerabilityIds(List.of(newVulnerabilityId));
    notificationContent.setUpdatedVulnerabilityIds(List.of(updatedVulnerabilityId));
    notificationContent.setDeletedVulnerabilityIds(List.of(deletedVulnerabilityId));
    notificationContent.setComponentVersion(COMPONENT_VERSION_URL);
    notificationContent.setComponentName(COMPONENT_NAME);
    notificationContent.setVersionName(VERSION_NAME);
    notificationContent.setAffectedProjectVersion(affectedProjectVersion);
    performAssertions(notificationContent, affectedProjectVersion);
}
Also used : AffectedProjectVersion(com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion) VulnerabilityNotificationContent(com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent) Test(org.junit.jupiter.api.Test)

Example 3 with AffectedProjectVersion

use of com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion in project hub-alert by blackducksoftware.

the class VulnerabilityNotificationMessageExtractor method createBomComponentDetails.

@Override
protected List<BomComponentDetails> createBomComponentDetails(VulnerabilityUniqueProjectNotificationContent notificationContent, BlackDuckServicesFactory blackDuckServicesFactory) throws IntegrationException {
    BlackDuckApiClient blackDuckApiClient = blackDuckServicesFactory.getBlackDuckApiClient();
    BlackDuckMessageBomComponentDetailsCreator bomComponentDetailsCreator = detailsCreatorFactory.createBomComponentDetailsCreator(blackDuckServicesFactory);
    AffectedProjectVersion affectedProjectVersion = notificationContent.getAffectedProjectVersion();
    String bomComponentUrl = affectedProjectVersion.getBomComponent();
    List<ComponentConcern> componentConcerns = createComponentConcerns(notificationContent);
    BomComponentDetails bomComponentDetails;
    try {
        ProjectVersionComponentVersionView bomComponent = blackDuckApiClient.getResponse(new HttpUrl(bomComponentUrl), ProjectVersionComponentVersionView.class);
        ComponentUpgradeGuidance componentUpgradeGuidance = createComponentUpgradeGuidance(blackDuckApiClient, bomComponent);
        bomComponentDetails = bomComponentDetailsCreator.createBomComponentDetails(bomComponent, componentConcerns, componentUpgradeGuidance, List.of());
    } catch (IntegrationRestException e) {
        bomComponent404Handler.logIf404OrThrow(e, notificationContent.getComponentName(), notificationContent.getVersionName());
        ComponentUpgradeGuidance componentUpgradeGuidance = createComponentUpgradeGuidance(blackDuckApiClient, notificationContent);
        bomComponentDetails = bomComponentDetailsCreator.createMissingBomComponentDetailsForVulnerability(notificationContent.getComponentName(), bomComponentUrl, notificationContent.getVersionName(), componentConcerns, componentUpgradeGuidance, List.of());
    }
    return List.of(bomComponentDetails);
}
Also used : IntegrationRestException(com.synopsys.integration.rest.exception.IntegrationRestException) AffectedProjectVersion(com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion) ComponentUpgradeGuidance(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance) BlackDuckApiClient(com.synopsys.integration.blackduck.service.BlackDuckApiClient) BlackDuckMessageBomComponentDetailsCreator(com.synopsys.integration.alert.provider.blackduck.processor.message.service.BlackDuckMessageBomComponentDetailsCreator) ComponentConcern(com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern) HttpUrl(com.synopsys.integration.rest.HttpUrl) BomComponentDetails(com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails) ProjectVersionComponentVersionView(com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView)

Example 4 with AffectedProjectVersion

use of com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion in project hub-alert by blackducksoftware.

the class ProcessingJobAccessorTestIT method createVulnerabilityUniqueProjectNotificationContent.

private VulnerabilityUniqueProjectNotificationContent createVulnerabilityUniqueProjectNotificationContent(String projectName) {
    AffectedProjectVersion affectedProjectVersion = new AffectedProjectVersion();
    affectedProjectVersion.setProjectName(projectName);
    return new VulnerabilityUniqueProjectNotificationContent(new VulnerabilityNotificationContent(), affectedProjectVersion);
}
Also used : AffectedProjectVersion(com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion) VulnerabilityUniqueProjectNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent) VulnerabilityNotificationContent(com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent)

Example 5 with AffectedProjectVersion

use of com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion in project hub-alert by blackducksoftware.

the class VulnerabilityNotificationMessageExtractorTest method createVulnerabilityUniqueProjectNotificationContent.

private VulnerabilityUniqueProjectNotificationContent createVulnerabilityUniqueProjectNotificationContent() {
    AffectedProjectVersion affectedProjectVersion = new AffectedProjectVersion();
    affectedProjectVersion.setProjectName(PROJECT);
    affectedProjectVersion.setProjectVersionName(PROJECT_VERSION);
    affectedProjectVersion.setProjectVersion(PROJECT_VERSION_URL);
    affectedProjectVersion.setComponentIssueUrl(COMPONENT_URL);
    affectedProjectVersion.setBomComponent(COMPONENT_URL);
    VulnerabilitySourceQualifiedId vulnerabilityNew = new VulnerabilitySourceQualifiedId();
    vulnerabilityNew.setSeverity(VulnerabilitySeverityType.CRITICAL.name());
    vulnerabilityNew.setVulnerability(VULNERABILITY_URL);
    VulnerabilitySourceQualifiedId vulnerabilityUpdated = new VulnerabilitySourceQualifiedId();
    vulnerabilityUpdated.setVulnerability(VULNERABILITY_URL);
    VulnerabilitySourceQualifiedId vulnerabilityDeleted = new VulnerabilitySourceQualifiedId();
    vulnerabilityDeleted.setSeverity(VulnerabilitySeverityType.LOW.name());
    vulnerabilityDeleted.setVulnerability(VULNERABILITY_URL);
    VulnerabilityNotificationContent vulnerabilityNotificationContent = new VulnerabilityNotificationContent();
    vulnerabilityNotificationContent.setAffectedProjectVersions(List.of(affectedProjectVersion));
    vulnerabilityNotificationContent.setComponentName(COMPONENT.getValue());
    vulnerabilityNotificationContent.setVersionName(COMPONENT_VERSION.getValue());
    vulnerabilityNotificationContent.setNewVulnerabilityCount(1);
    vulnerabilityNotificationContent.setNewVulnerabilityIds(List.of(vulnerabilityNew));
    vulnerabilityNotificationContent.setUpdatedVulnerabilityCount(1);
    vulnerabilityNotificationContent.setUpdatedVulnerabilityIds(List.of(vulnerabilityUpdated));
    vulnerabilityNotificationContent.setDeletedVulnerabilityCount(1);
    vulnerabilityNotificationContent.setDeletedVulnerabilityIds(List.of(vulnerabilityDeleted));
    VulnerabilityUniqueProjectNotificationContent notificationContent = new VulnerabilityUniqueProjectNotificationContent(vulnerabilityNotificationContent, affectedProjectVersion);
    notificationContent.setComponentVersion(COMPONENT_VERSION_URL);
    return notificationContent;
}
Also used : VulnerabilitySourceQualifiedId(com.synopsys.integration.blackduck.api.manual.component.VulnerabilitySourceQualifiedId) AffectedProjectVersion(com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion) VulnerabilityNotificationContent(com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent) VulnerabilityUniqueProjectNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent)

Aggregations

AffectedProjectVersion (com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion)8 VulnerabilityNotificationContent (com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent)6 VulnerabilityUniqueProjectNotificationContent (com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent)4 Test (org.junit.jupiter.api.Test)3 VulnerabilitySourceQualifiedId (com.synopsys.integration.blackduck.api.manual.component.VulnerabilitySourceQualifiedId)2 BomComponentDetails (com.synopsys.integration.alert.processor.api.extract.model.project.BomComponentDetails)1 ComponentConcern (com.synopsys.integration.alert.processor.api.extract.model.project.ComponentConcern)1 ComponentUpgradeGuidance (com.synopsys.integration.alert.processor.api.extract.model.project.ComponentUpgradeGuidance)1 BlackDuckMessageBomComponentDetailsCreator (com.synopsys.integration.alert.provider.blackduck.processor.message.service.BlackDuckMessageBomComponentDetailsCreator)1 ProjectVersionComponentVersionView (com.synopsys.integration.blackduck.api.generated.view.ProjectVersionComponentVersionView)1 VulnerabilityNotificationView (com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView)1 BlackDuckApiClient (com.synopsys.integration.blackduck.service.BlackDuckApiClient)1 HttpUrl (com.synopsys.integration.rest.HttpUrl)1 IntegrationRestException (com.synopsys.integration.rest.exception.IntegrationRestException)1