Example 1 with VulnerabilityNotificationView
use of com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView in project hub-alert by blackducksoftware.
the class VulnerabilityNotificationDetailExtractor method extractDetailedContent.
@Override
public List<DetailedNotificationContent> extractDetailedContent(AlertNotificationModel alertNotificationModel, VulnerabilityNotificationView notificationView) {
VulnerabilityNotificationContent notificationContent = notificationView.getContent();
List<String> applicableSeverityTypes = new LinkedList<>(getApplicableSeverityTypes(notificationContent));
// Separating this notification to be per project should fix a bug with alerts being sent about unrelated projects
return notificationContent.getAffectedProjectVersions().stream().map(affectedProjectVersion -> new VulnerabilityUniqueProjectNotificationContent(notificationContent, affectedProjectVersion)).map(vulnerabilityUniqueProjectNotificationContent -> DetailedNotificationContent.vulnerability(// This leaves the AlertNotificationModel as the original but modifies the NotificationContent field
alertNotificationModel, vulnerabilityUniqueProjectNotificationContent, vulnerabilityUniqueProjectNotificationContent.getAffectedProjectVersion().getProjectName(), vulnerabilityUniqueProjectNotificationContent.getAffectedProjectVersion().getProjectVersionName(), applicableSeverityTypes)).collect(Collectors.toList());
}
Also used :
DetailedNotificationContent(com.synopsys.integration.alert.processor.api.detail.DetailedNotificationContent)
AlertNotificationModel(com.synopsys.integration.alert.common.rest.model.AlertNotificationModel)
VulnerabilityNotificationContent(com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent)
VulnerabilitySeverityType(com.synopsys.integration.blackduck.api.generated.enumeration.VulnerabilitySeverityType)
Set(java.util.Set)
Autowired(org.springframework.beans.factory.annotation.Autowired)
Collectors(java.util.stream.Collectors)
StringUtils(org.apache.commons.lang3.StringUtils)
HashSet(java.util.HashSet)
List(java.util.List)
Component(org.springframework.stereotype.Component)
VulnerabilitySourceQualifiedId(com.synopsys.integration.blackduck.api.manual.component.VulnerabilitySourceQualifiedId)
VulnerabilityUniqueProjectNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent)
VulnerabilityNotificationView(com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView)
LinkedList(java.util.LinkedList)
NotificationDetailExtractor(com.synopsys.integration.alert.processor.api.detail.NotificationDetailExtractor)
VulnerabilityNotificationContent(com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent)
VulnerabilityUniqueProjectNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent)
LinkedList(java.util.LinkedList)
Example 2 with VulnerabilityNotificationView
use of com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView in project hub-alert by blackducksoftware.
the class VulnerabilityNotificationDetailExtractorTest method verifyExtraction.
@Test
public void verifyExtraction() throws IOException {
VulnerabilityNotificationView vulnerabilityNotificationView = getVulnerabilityNotificationView(VULNERABILITY_COMPLEX_JSON_PATH);
VulnerabilityNotificationContent content = vulnerabilityNotificationView.getContent();
VulnerabilityNotificationDetailExtractor vulnerabilityNotificationDetailExtractor = new VulnerabilityNotificationDetailExtractor();
AlertNotificationModel alertNotificationModel = createAlertNotificationModel();
List<DetailedNotificationContent> filterableNotificationWrappers = vulnerabilityNotificationDetailExtractor.extractDetailedContent(alertNotificationModel, vulnerabilityNotificationView);
assertEquals(3, filterableNotificationWrappers.size());
for (DetailedNotificationContent filterableNotificationWrapper : filterableNotificationWrappers) {
NotificationContentWrapper notificationContentWrapper = filterableNotificationWrapper.getNotificationContentWrapper();
assertEquals(NotificationType.VULNERABILITY.name(), notificationContentWrapper.extractNotificationType());
// The Vuln extractor should return a different object structure
assertNotEquals(content, notificationContentWrapper.getNotificationContent());
assertEquals(3, filterableNotificationWrapper.getVulnerabilitySeverities().size());
assertFalse(filterableNotificationWrapper.getVulnerabilitySeverities().contains(VulnerabilitySeverityType.CRITICAL.name()));
assertTrue(filterableNotificationWrapper.getPolicyName().isEmpty(), "Expected no policy name to be present");
}
}
Also used :
AlertNotificationModel(com.synopsys.integration.alert.common.rest.model.AlertNotificationModel)
VulnerabilityNotificationView(com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView)
DetailedNotificationContent(com.synopsys.integration.alert.processor.api.detail.DetailedNotificationContent)
VulnerabilityNotificationContent(com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent)
NotificationContentWrapper(com.synopsys.integration.alert.processor.api.filter.NotificationContentWrapper)
Test(org.junit.jupiter.api.Test)
Example 3 with VulnerabilityNotificationView
use of com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView in project hub-alert by blackducksoftware.
the class VulnerabilityNotificationDetailExtractorTest method allSeverityTypesApplyTest.
@Test
public void allSeverityTypesApplyTest() throws IOException {
VulnerabilityNotificationView vulnerabilityNotificationView = getVulnerabilityNotificationView(VULNERABILITY_SIMPLE_ALL_SEVERITY_JSON_PATH);
VulnerabilityNotificationDetailExtractor vulnerabilityNotificationDetailExtractor = new VulnerabilityNotificationDetailExtractor();
AlertNotificationModel alertNotificationModel = createAlertNotificationModel();
List<DetailedNotificationContent> filterableNotificationWrappers = vulnerabilityNotificationDetailExtractor.extractDetailedContent(alertNotificationModel, vulnerabilityNotificationView);
assertEquals(1, filterableNotificationWrappers.size());
DetailedNotificationContent detailedNotificationContent = filterableNotificationWrappers.get(0);
assertEquals(4, detailedNotificationContent.getVulnerabilitySeverities().size());
}
Also used :
AlertNotificationModel(com.synopsys.integration.alert.common.rest.model.AlertNotificationModel)
VulnerabilityNotificationView(com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView)
DetailedNotificationContent(com.synopsys.integration.alert.processor.api.detail.DetailedNotificationContent)
Test(org.junit.jupiter.api.Test)
Example 4 with VulnerabilityNotificationView
use of com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView in project hub-alert by blackducksoftware.
the class VulnerabilityNotificationDetailExtractorTest method ensureLibraryModelMapsToVulnerabilityUniqueProjectNotificationContent.
@Test
public void ensureLibraryModelMapsToVulnerabilityUniqueProjectNotificationContent() throws IOException {
VulnerabilityNotificationView vulnerabilityNotificationView = getVulnerabilityNotificationView(VULNERABILITY_SIMPLE_JSON_PATH);
VulnerabilityNotificationContent content = vulnerabilityNotificationView.getContent();
AffectedProjectVersion affectedProjectVersion = content.getAffectedProjectVersions().get(0);
VulnerabilityUniqueProjectNotificationContent vulnerabilityUniqueProjectNotificationContent = new VulnerabilityUniqueProjectNotificationContent(content, affectedProjectVersion);
assertEquals("alert-test-project", vulnerabilityUniqueProjectNotificationContent.getAffectedProjectVersion().getProjectName());
assertEquals("Custom Component", vulnerabilityUniqueProjectNotificationContent.getComponentName());
assertEquals("1.0.0", vulnerabilityUniqueProjectNotificationContent.getVersionName());
assertEquals("https://a-hub-server.blackduck.com/api/components/7792be90-bfd2-42d7-ae19-66e051978675/versions/5a01d0b3-a6c4-469a-b9c8-c5769cffae78", vulnerabilityUniqueProjectNotificationContent.getComponentVersion());
VulnerabilitySourceQualifiedId newVuln = vulnerabilityUniqueProjectNotificationContent.getNewVulnerabilityIds().get(0);
VulnerabilitySourceQualifiedId updatedVuln = vulnerabilityUniqueProjectNotificationContent.getUpdatedVulnerabilityIds().get(0);
VulnerabilitySourceQualifiedId deletedVuln = vulnerabilityUniqueProjectNotificationContent.getDeletedVulnerabilityIds().get(0);
assertEquals(VulnerabilitySeverityType.LOW.name(), newVuln.getSeverity());
assertEquals("CVE-2018-0001", newVuln.getVulnerabilityId());
assertEquals(VulnerabilitySeverityType.HIGH.name(), updatedVuln.getSeverity());
assertEquals("CVE-2018-0002", updatedVuln.getVulnerabilityId());
assertEquals(VulnerabilitySeverityType.MEDIUM.name(), deletedVuln.getSeverity());
assertEquals("CVE-2018-0003", deletedVuln.getVulnerabilityId());
}
Also used :
VulnerabilityNotificationView(com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView)
VulnerabilitySourceQualifiedId(com.synopsys.integration.blackduck.api.manual.component.VulnerabilitySourceQualifiedId)
AffectedProjectVersion(com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion)
VulnerabilityNotificationContent(com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent)
VulnerabilityUniqueProjectNotificationContent(com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent)
Test(org.junit.jupiter.api.Test)
Aggregations
VulnerabilityNotificationView (com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView)4
AlertNotificationModel (com.synopsys.integration.alert.common.rest.model.AlertNotificationModel)3
DetailedNotificationContent (com.synopsys.integration.alert.processor.api.detail.DetailedNotificationContent)3
VulnerabilityNotificationContent (com.synopsys.integration.blackduck.api.manual.component.VulnerabilityNotificationContent)3
Test (org.junit.jupiter.api.Test)3
VulnerabilityUniqueProjectNotificationContent (com.synopsys.integration.alert.provider.blackduck.processor.model.VulnerabilityUniqueProjectNotificationContent)2
VulnerabilitySourceQualifiedId (com.synopsys.integration.blackduck.api.manual.component.VulnerabilitySourceQualifiedId)2
NotificationDetailExtractor (com.synopsys.integration.alert.processor.api.detail.NotificationDetailExtractor)1
NotificationContentWrapper (com.synopsys.integration.alert.processor.api.filter.NotificationContentWrapper)1
VulnerabilitySeverityType (com.synopsys.integration.blackduck.api.generated.enumeration.VulnerabilitySeverityType)1
AffectedProjectVersion (com.synopsys.integration.blackduck.api.manual.component.AffectedProjectVersion)1
HashSet (java.util.HashSet)1
LinkedList (java.util.LinkedList)1
List (java.util.List)1
Set (java.util.Set)1
Collectors (java.util.stream.Collectors)1
StringUtils (org.apache.commons.lang3.StringUtils)1
Autowired (org.springframework.beans.factory.annotation.Autowired)1
Component (org.springframework.stereotype.Component)1
