use of com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView in project hub-alert by blackducksoftware.
the class VulnerabilityNotificationDetailExtractor method extractDetailedContent.
@Override
public List<DetailedNotificationContent> extractDetailedContent(AlertNotificationModel alertNotificationModel, VulnerabilityNotificationView notificationView) {
VulnerabilityNotificationContent notificationContent = notificationView.getContent();
List<String> applicableSeverityTypes = new LinkedList<>(getApplicableSeverityTypes(notificationContent));
// Separating this notification to be per project should fix a bug with alerts being sent about unrelated projects
return notificationContent.getAffectedProjectVersions().stream().map(affectedProjectVersion -> new VulnerabilityUniqueProjectNotificationContent(notificationContent, affectedProjectVersion)).map(vulnerabilityUniqueProjectNotificationContent -> DetailedNotificationContent.vulnerability(// This leaves the AlertNotificationModel as the original but modifies the NotificationContent field
alertNotificationModel, vulnerabilityUniqueProjectNotificationContent, vulnerabilityUniqueProjectNotificationContent.getAffectedProjectVersion().getProjectName(), vulnerabilityUniqueProjectNotificationContent.getAffectedProjectVersion().getProjectVersionName(), applicableSeverityTypes)).collect(Collectors.toList());
}
use of com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView in project hub-alert by blackducksoftware.
the class VulnerabilityNotificationDetailExtractorTest method verifyExtraction.
@Test
public void verifyExtraction() throws IOException {
VulnerabilityNotificationView vulnerabilityNotificationView = getVulnerabilityNotificationView(VULNERABILITY_COMPLEX_JSON_PATH);
VulnerabilityNotificationContent content = vulnerabilityNotificationView.getContent();
VulnerabilityNotificationDetailExtractor vulnerabilityNotificationDetailExtractor = new VulnerabilityNotificationDetailExtractor();
AlertNotificationModel alertNotificationModel = createAlertNotificationModel();
List<DetailedNotificationContent> filterableNotificationWrappers = vulnerabilityNotificationDetailExtractor.extractDetailedContent(alertNotificationModel, vulnerabilityNotificationView);
assertEquals(3, filterableNotificationWrappers.size());
for (DetailedNotificationContent filterableNotificationWrapper : filterableNotificationWrappers) {
NotificationContentWrapper notificationContentWrapper = filterableNotificationWrapper.getNotificationContentWrapper();
assertEquals(NotificationType.VULNERABILITY.name(), notificationContentWrapper.extractNotificationType());
// The Vuln extractor should return a different object structure
assertNotEquals(content, notificationContentWrapper.getNotificationContent());
assertEquals(3, filterableNotificationWrapper.getVulnerabilitySeverities().size());
assertFalse(filterableNotificationWrapper.getVulnerabilitySeverities().contains(VulnerabilitySeverityType.CRITICAL.name()));
assertTrue(filterableNotificationWrapper.getPolicyName().isEmpty(), "Expected no policy name to be present");
}
}
use of com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView in project hub-alert by blackducksoftware.
the class VulnerabilityNotificationDetailExtractorTest method allSeverityTypesApplyTest.
@Test
public void allSeverityTypesApplyTest() throws IOException {
VulnerabilityNotificationView vulnerabilityNotificationView = getVulnerabilityNotificationView(VULNERABILITY_SIMPLE_ALL_SEVERITY_JSON_PATH);
VulnerabilityNotificationDetailExtractor vulnerabilityNotificationDetailExtractor = new VulnerabilityNotificationDetailExtractor();
AlertNotificationModel alertNotificationModel = createAlertNotificationModel();
List<DetailedNotificationContent> filterableNotificationWrappers = vulnerabilityNotificationDetailExtractor.extractDetailedContent(alertNotificationModel, vulnerabilityNotificationView);
assertEquals(1, filterableNotificationWrappers.size());
DetailedNotificationContent detailedNotificationContent = filterableNotificationWrappers.get(0);
assertEquals(4, detailedNotificationContent.getVulnerabilitySeverities().size());
}
use of com.synopsys.integration.blackduck.api.manual.view.VulnerabilityNotificationView in project hub-alert by blackducksoftware.
the class VulnerabilityNotificationDetailExtractorTest method ensureLibraryModelMapsToVulnerabilityUniqueProjectNotificationContent.
@Test
public void ensureLibraryModelMapsToVulnerabilityUniqueProjectNotificationContent() throws IOException {
VulnerabilityNotificationView vulnerabilityNotificationView = getVulnerabilityNotificationView(VULNERABILITY_SIMPLE_JSON_PATH);
VulnerabilityNotificationContent content = vulnerabilityNotificationView.getContent();
AffectedProjectVersion affectedProjectVersion = content.getAffectedProjectVersions().get(0);
VulnerabilityUniqueProjectNotificationContent vulnerabilityUniqueProjectNotificationContent = new VulnerabilityUniqueProjectNotificationContent(content, affectedProjectVersion);
assertEquals("alert-test-project", vulnerabilityUniqueProjectNotificationContent.getAffectedProjectVersion().getProjectName());
assertEquals("Custom Component", vulnerabilityUniqueProjectNotificationContent.getComponentName());
assertEquals("1.0.0", vulnerabilityUniqueProjectNotificationContent.getVersionName());
assertEquals("https://a-hub-server.blackduck.com/api/components/7792be90-bfd2-42d7-ae19-66e051978675/versions/5a01d0b3-a6c4-469a-b9c8-c5769cffae78", vulnerabilityUniqueProjectNotificationContent.getComponentVersion());
VulnerabilitySourceQualifiedId newVuln = vulnerabilityUniqueProjectNotificationContent.getNewVulnerabilityIds().get(0);
VulnerabilitySourceQualifiedId updatedVuln = vulnerabilityUniqueProjectNotificationContent.getUpdatedVulnerabilityIds().get(0);
VulnerabilitySourceQualifiedId deletedVuln = vulnerabilityUniqueProjectNotificationContent.getDeletedVulnerabilityIds().get(0);
assertEquals(VulnerabilitySeverityType.LOW.name(), newVuln.getSeverity());
assertEquals("CVE-2018-0001", newVuln.getVulnerabilityId());
assertEquals(VulnerabilitySeverityType.HIGH.name(), updatedVuln.getSeverity());
assertEquals("CVE-2018-0002", updatedVuln.getVulnerabilityId());
assertEquals(VulnerabilitySeverityType.MEDIUM.name(), deletedVuln.getSeverity());
assertEquals("CVE-2018-0003", deletedVuln.getVulnerabilityId());
}
Aggregations