From ad8e42294e96b66004a801863133a0d7e72db5c8 Mon Sep 17 00:00:00 2001 From: fupgang <75629871+fupgang@users.noreply.github.com> Date: Wed, 13 Nov 2024 17:48:20 +0100 Subject: [PATCH] fixes #4373 Signed-off-by: fupgang <75629871+fupgang@users.noreply.github.com> --- .../resources/v1/ComponentResource.java | 4 +- .../tasks/PolicyEvaluationTaskTest.java | 45 +++++++++++++++++++ 2 files changed, 47 insertions(+), 2 deletions(-) create mode 100644 src/test/java/org/dependencytrack/tasks/PolicyEvaluationTaskTest.java diff --git a/src/main/java/org/dependencytrack/resources/v1/ComponentResource.java b/src/main/java/org/dependencytrack/resources/v1/ComponentResource.java index eaff272e25..d3075a0208 100644 --- a/src/main/java/org/dependencytrack/resources/v1/ComponentResource.java +++ b/src/main/java/org/dependencytrack/resources/v1/ComponentResource.java @@ -370,7 +370,7 @@ public Response createComponent(@Parameter(description = "The UUID of the projec // Wait for RepositoryMetaEvent after VulnerabilityAnalysisEvent, // as both might be needed in policy evaluation .onSuccess(new RepositoryMetaEvent(List.of(component))) - .onSuccess(new PolicyEvaluationEvent(component)) + .onSuccess(new PolicyEvaluationEvent(component).project(component.getProject())) ); return Response.status(Response.Status.CREATED).entity(component).build(); } @@ -479,7 +479,7 @@ public Response updateComponent(Component jsonComponent) { // Wait for RepositoryMetaEvent after VulnerabilityAnalysisEvent, // as both might be needed in policy evaluation .onSuccess(new RepositoryMetaEvent(List.of(component))) - .onSuccess(new PolicyEvaluationEvent(component)) + .onSuccess(new PolicyEvaluationEvent(component).project(component.getProject())) ); return Response.ok(component).build(); } else { diff --git a/src/test/java/org/dependencytrack/tasks/PolicyEvaluationTaskTest.java b/src/test/java/org/dependencytrack/tasks/PolicyEvaluationTaskTest.java new file mode 100644 index 0000000000..112db336d4 --- /dev/null +++ b/src/test/java/org/dependencytrack/tasks/PolicyEvaluationTaskTest.java @@ -0,0 +1,45 @@ +package org.dependencytrack.tasks; + +import alpine.persistence.PaginatedResult; +import org.dependencytrack.PersistenceCapableTest; +import org.dependencytrack.event.PolicyEvaluationEvent; +import org.dependencytrack.model.Component; +import org.dependencytrack.model.Policy; +import org.dependencytrack.model.PolicyCondition; +import org.dependencytrack.model.Project; +import org.junit.Test; + +import java.util.Collections; + +import static org.assertj.core.api.Assertions.assertThat; + +public class PolicyEvaluationTaskTest extends PersistenceCapableTest { + + @Test + public void testPolicyEvaluationForSingleComponent() { + Project project = new Project(); + project.setName("my-project"); + project.setGroup("com.example"); + project.setVersion("1.0.0"); + qm.createProject(project, Collections.emptyList(), false); + + Component component = new Component(); + component.setGroup("com.example"); + component.setName("my-component"); + component.setVersion("1.0.0"); + component.setPurl("pkg:maven/com.example/my-component@1.0.0"); + component.setProject(project); + qm.createComponent(component, false); + + // a policy that identifies the upper component and thus should be violated + Policy policy = qm.createPolicy("my-policy", Policy.Operator.ALL, Policy.ViolationState.FAIL); + qm.createPolicyCondition(policy, PolicyCondition.Subject.PACKAGE_URL, PolicyCondition.Operator.MATCHES, "pkg:maven/com.example/my-component@1.0.0"); + + PolicyEvaluationTask task = new PolicyEvaluationTask(); + task.inform(new PolicyEvaluationEvent(component).project(project)); + + PaginatedResult policyViolations = qm.getPolicyViolations(project, false); + assertThat(policyViolations.getTotal()).isEqualTo(1); + } + +}