Search in sources :

Example 1 with VulnerabilityNotificationView

use of com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView in project hub-alert by blackducksoftware.

the class VulnerabilityNotificationDetailExtractor method extractDetailedContent.

@Override
public List<DetailedNotificationContent> extractDetailedContent(AlertNotificationModel alertNotificationModel, VulnerabilityNotificationView notificationView) {
    VulnerabilityNotificationContent notificationContent = notificationView.getContent();
    List<String> applicableSeverityTypes = new LinkedList<>(getApplicableSeverityTypes(notificationContent));
    // Separating this notification to be per project should fix a bug with alerts being sent about unrelated projects
    return notificationContent.getAffectedProjectVersions().stream().map(affectedProjectVersion -> new VulnerabilityUniqueProjectNotificationContent(notificationContent, affectedProjectVersion)).map(vulnerabilityUniqueProjectNotificationContent -> DetailedNotificationContent.vulnerability(// This leaves the AlertNotificationModel as the original but modifies the NotificationContent field
    alertNotificationModel, vulnerabilityUniqueProjectNotificationContent, vulnerabilityUniqueProjectNotificationContent.getAffectedProjectVersion().getProjectName(), vulnerabilityUniqueProjectNotificationContent.getAffectedProjectVersion().getProjectVersionName(), applicableSeverityTypes)).collect(Collectors.toList());
}
Also used : DetailedNotificationContent(com.synopsys.integration.alert.processor.api.detail.DetailedNotificationContent) AlertNotificationModel(com.synopsys.integration.alert.common.rest.model.AlertNotificationModel) VulnerabilityNotificationContent(com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent) VulnerabilitySeverityType(com.synopsys.integration.blackduck.api.generated.enumeration.VulnerabilitySeverityType) Set(java.util.Set) Autowired(org.springframework.beans.factory.annotation.Autowired) Collectors(java.util.stream.Collectors) StringUtils(org.apache.commons.lang3.StringUtils) HashSet(java.util.HashSet) List(java.util.List) Component(org.springframework.stereotype.Component) VulnerabilitySourceQualifiedId(com.synopsys.integration.blackduck.api.manual.component.VulnerabilitySourceQualifiedId) VulnerabilityUniqueProjectNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent) VulnerabilityNotificationView(com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView) LinkedList(java.util.LinkedList) NotificationDetailExtractor(com.synopsys.integration.alert.processor.api.detail.NotificationDetailExtractor) VulnerabilityNotificationContent(com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent) VulnerabilityUniqueProjectNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent) LinkedList(java.util.LinkedList)

Example 2 with VulnerabilityNotificationView

use of com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView in project hub-alert by blackducksoftware.

the class VulnerabilityNotificationDetailExtractorTest method verifyExtraction.

@Test
public void verifyExtraction() throws IOException {
    VulnerabilityNotificationView vulnerabilityNotificationView = getVulnerabilityNotificationView(VULNERABILITY_COMPLEX_JSON_PATH);
    VulnerabilityNotificationContent content = vulnerabilityNotificationView.getContent();
    VulnerabilityNotificationDetailExtractor vulnerabilityNotificationDetailExtractor = new VulnerabilityNotificationDetailExtractor();
    AlertNotificationModel alertNotificationModel = createAlertNotificationModel();
    List<DetailedNotificationContent> filterableNotificationWrappers = vulnerabilityNotificationDetailExtractor.extractDetailedContent(alertNotificationModel, vulnerabilityNotificationView);
    assertEquals(3, filterableNotificationWrappers.size());
    for (DetailedNotificationContent filterableNotificationWrapper : filterableNotificationWrappers) {
        NotificationContentWrapper notificationContentWrapper = filterableNotificationWrapper.getNotificationContentWrapper();
        assertEquals(NotificationType.VULNERABILITY.name(), notificationContentWrapper.extractNotificationType());
        // The Vuln extractor should return a different object structure
        assertNotEquals(content, notificationContentWrapper.getNotificationContent());
        assertEquals(3, filterableNotificationWrapper.getVulnerabilitySeverities().size());
        assertFalse(filterableNotificationWrapper.getVulnerabilitySeverities().contains(VulnerabilitySeverityType.CRITICAL.name()));
        assertTrue(filterableNotificationWrapper.getPolicyName().isEmpty(), "Expected no policy name to be present");
    }
}
Also used : AlertNotificationModel(com.synopsys.integration.alert.common.rest.model.AlertNotificationModel) VulnerabilityNotificationView(com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView) DetailedNotificationContent(com.synopsys.integration.alert.processor.api.detail.DetailedNotificationContent) VulnerabilityNotificationContent(com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent) NotificationContentWrapper(com.synopsys.integration.alert.processor.api.filter.NotificationContentWrapper) Test(org.junit.jupiter.api.Test)

Example 3 with VulnerabilityNotificationView

use of com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView in project hub-alert by blackducksoftware.

the class VulnerabilityNotificationDetailExtractorTest method allSeverityTypesApplyTest.

@Test
public void allSeverityTypesApplyTest() throws IOException {
    VulnerabilityNotificationView vulnerabilityNotificationView = getVulnerabilityNotificationView(VULNERABILITY_SIMPLE_ALL_SEVERITY_JSON_PATH);
    VulnerabilityNotificationDetailExtractor vulnerabilityNotificationDetailExtractor = new VulnerabilityNotificationDetailExtractor();
    AlertNotificationModel alertNotificationModel = createAlertNotificationModel();
    List<DetailedNotificationContent> filterableNotificationWrappers = vulnerabilityNotificationDetailExtractor.extractDetailedContent(alertNotificationModel, vulnerabilityNotificationView);
    assertEquals(1, filterableNotificationWrappers.size());
    DetailedNotificationContent detailedNotificationContent = filterableNotificationWrappers.get(0);
    assertEquals(4, detailedNotificationContent.getVulnerabilitySeverities().size());
}
Also used : AlertNotificationModel(com.synopsys.integration.alert.common.rest.model.AlertNotificationModel) VulnerabilityNotificationView(com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView) DetailedNotificationContent(com.synopsys.integration.alert.processor.api.detail.DetailedNotificationContent) Test(org.junit.jupiter.api.Test)

Example 4 with VulnerabilityNotificationView

use of com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView in project hub-alert by blackducksoftware.

the class VulnerabilityNotificationDetailExtractorTest method ensureLibraryModelMapsToVulnerabilityUniqueProjectNotificationContent.

@Test
public void ensureLibraryModelMapsToVulnerabilityUniqueProjectNotificationContent() throws IOException {
    VulnerabilityNotificationView vulnerabilityNotificationView = getVulnerabilityNotificationView(VULNERABILITY_SIMPLE_JSON_PATH);
    VulnerabilityNotificationContent content = vulnerabilityNotificationView.getContent();
    AffectedProjectVersion affectedProjectVersion = content.getAffectedProjectVersions().get(0);
    VulnerabilityUniqueProjectNotificationContent vulnerabilityUniqueProjectNotificationContent = new VulnerabilityUniqueProjectNotificationContent(content, affectedProjectVersion);
    assertEquals("alert-test-project", vulnerabilityUniqueProjectNotificationContent.getAffectedProjectVersion().getProjectName());
    assertEquals("Custom Component", vulnerabilityUniqueProjectNotificationContent.getComponentName());
    assertEquals("1.0.0", vulnerabilityUniqueProjectNotificationContent.getVersionName());
    assertEquals("https://a-hub-server.blackduck.com/api/components/7792be90-bfd2-42d7-ae19-66e051978675/versions/5a01d0b3-a6c4-469a-b9c8-c5769cffae78", vulnerabilityUniqueProjectNotificationContent.getComponentVersion());
    VulnerabilitySourceQualifiedId newVuln = vulnerabilityUniqueProjectNotificationContent.getNewVulnerabilityIds().get(0);
    VulnerabilitySourceQualifiedId updatedVuln = vulnerabilityUniqueProjectNotificationContent.getUpdatedVulnerabilityIds().get(0);
    VulnerabilitySourceQualifiedId deletedVuln = vulnerabilityUniqueProjectNotificationContent.getDeletedVulnerabilityIds().get(0);
    assertEquals(VulnerabilitySeverityType.LOW.name(), newVuln.getSeverity());
    assertEquals("CVE-2018-0001", newVuln.getVulnerabilityId());
    assertEquals(VulnerabilitySeverityType.HIGH.name(), updatedVuln.getSeverity());
    assertEquals("CVE-2018-0002", updatedVuln.getVulnerabilityId());
    assertEquals(VulnerabilitySeverityType.MEDIUM.name(), deletedVuln.getSeverity());
    assertEquals("CVE-2018-0003", deletedVuln.getVulnerabilityId());
}
Also used : VulnerabilityNotificationView(com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView) VulnerabilitySourceQualifiedId(com.synopsys.integration.blackduck.api.manual.component.VulnerabilitySourceQualifiedId) AffectedProjectVersion(com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion) VulnerabilityNotificationContent(com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent) VulnerabilityUniqueProjectNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent) Test(org.junit.jupiter.api.Test)

Aggregations

VulnerabilityNotificationView (com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView)4 AlertNotificationModel (com.synopsys.integration.alert.common.rest.model.AlertNotificationModel)3 DetailedNotificationContent (com.synopsys.integration.alert.processor.api.detail.DetailedNotificationContent)3 VulnerabilityNotificationContent (com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent)3 Test (org.junit.jupiter.api.Test)3 VulnerabilityUniqueProjectNotificationContent (com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent)2 VulnerabilitySourceQualifiedId (com.synopsys.integration.blackduck.api.manual.component.VulnerabilitySourceQualifiedId)2 NotificationDetailExtractor (com.synopsys.integration.alert.processor.api.detail.NotificationDetailExtractor)1 NotificationContentWrapper (com.synopsys.integration.alert.processor.api.filter.NotificationContentWrapper)1 VulnerabilitySeverityType (com.synopsys.integration.blackduck.api.generated.enumeration.VulnerabilitySeverityType)1 AffectedProjectVersion (com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion)1 HashSet (java.util.HashSet)1 LinkedList (java.util.LinkedList)1 List (java.util.List)1 Set (java.util.Set)1 Collectors (java.util.stream.Collectors)1 StringUtils (org.apache.commons.lang3.StringUtils)1 Autowired (org.springframework.beans.factory.annotation.Autowired)1 Component (org.springframework.stereotype.Component)1