Skip to content

Commit

Permalink
Merge pull request #4381 from nscuro/backport-pr-4374
Browse files Browse the repository at this point in the history
  • Loading branch information
@nscuro
nscuro authored Nov 14, 2024
2 parents 86dc0c1 + ad8e422 commit 4a0a2b0
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 2 deletions.
4 changes: 2 additions & 2 deletions src/main/java/org/dependencytrack/resources/v1/ComponentResource.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -370,7 +370,7 @@ public Response createComponent(@Parameter(description = "The UUID of the projec
// Wait for RepositoryMetaEvent after VulnerabilityAnalysisEvent,
// as both might be needed in policy evaluation
.onSuccess(new RepositoryMetaEvent(List.of(component)))
.onSuccess(new PolicyEvaluationEvent(component))
.onSuccess(new PolicyEvaluationEvent(component).project(component.getProject()))
);
return Response.status(Response.Status.CREATED).entity(component).build();
}
Expand Down Expand Up @@ -479,7 +479,7 @@ public Response updateComponent(Component jsonComponent) {
// Wait for RepositoryMetaEvent after VulnerabilityAnalysisEvent,
// as both might be needed in policy evaluation
.onSuccess(new RepositoryMetaEvent(List.of(component)))
.onSuccess(new PolicyEvaluationEvent(component))
.onSuccess(new PolicyEvaluationEvent(component).project(component.getProject()))
);
return Response.ok(component).build();
} else {
Expand Down
45 changes: 45 additions & 0 deletions src/test/java/org/dependencytrack/tasks/PolicyEvaluationTaskTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
package org.dependencytrack.tasks;

import alpine.persistence.PaginatedResult;
import org.dependencytrack.PersistenceCapableTest;
import org.dependencytrack.event.PolicyEvaluationEvent;
import org.dependencytrack.model.Component;
import org.dependencytrack.model.Policy;
import org.dependencytrack.model.PolicyCondition;
import org.dependencytrack.model.Project;
import org.junit.Test;

import java.util.Collections;

import static org.assertj.core.api.Assertions.assertThat;

public class PolicyEvaluationTaskTest extends PersistenceCapableTest {

@Test
public void testPolicyEvaluationForSingleComponent() {
Project project = new Project();
project.setName("my-project");
project.setGroup("com.example");
project.setVersion("1.0.0");
qm.createProject(project, Collections.emptyList(), false);

Component component = new Component();
component.setGroup("com.example");
component.setName("my-component");
component.setVersion("1.0.0");
component.setPurl("pkg:maven/com.example/[email protected]");
component.setProject(project);
qm.createComponent(component, false);

// a policy that identifies the upper component and thus should be violated
Policy policy = qm.createPolicy("my-policy", Policy.Operator.ALL, Policy.ViolationState.FAIL);
qm.createPolicyCondition(policy, PolicyCondition.Subject.PACKAGE_URL, PolicyCondition.Operator.MATCHES, "pkg:maven/com.example/[email protected]");

PolicyEvaluationTask task = new PolicyEvaluationTask();
task.inform(new PolicyEvaluationEvent(component).project(project));

PaginatedResult policyViolations = qm.getPolicyViolations(project, false);
assertThat(policyViolations.getTotal()).isEqualTo(1);
}

}

0 comments on commit 4a0a2b0

Please sign in to comment.