Merge pull request #4374 from fupgang/fix/4373

DependencyTrack · Nov 13, 2024 · 4a59915 · 4a59915
2 parents 3c265ed + dc48389
commit 4a59915
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 2 deletions.
diff --git a/src/main/java/org/dependencytrack/resources/v1/ComponentResource.java b/src/main/java/org/dependencytrack/resources/v1/ComponentResource.java
@@ -370,7 +370,7 @@ public Response createComponent(@Parameter(description = "The UUID of the projec
                 // Wait for RepositoryMetaEvent after VulnerabilityAnalysisEvent,
                 // as both might be needed in policy evaluation
                 .onSuccess(new RepositoryMetaEvent(List.of(component)))
-                .onSuccess(new PolicyEvaluationEvent(component))
+                .onSuccess(new PolicyEvaluationEvent(component).project(component.getProject()))
             );
             return Response.status(Response.Status.CREATED).entity(component).build();
         }
@@ -479,7 +479,7 @@ public Response updateComponent(Component jsonComponent) {
                     // Wait for RepositoryMetaEvent after VulnerabilityAnalysisEvent,
 // as both might be needed in policy evaluation
                     .onSuccess(new RepositoryMetaEvent(List.of(component)))
-                    .onSuccess(new PolicyEvaluationEvent(component))
+                    .onSuccess(new PolicyEvaluationEvent(component).project(component.getProject()))
                 );
                 return Response.ok(component).build();
             } else {

diff --git a/src/test/java/org/dependencytrack/tasks/PolicyEvaluationTaskTest.java b/src/test/java/org/dependencytrack/tasks/PolicyEvaluationTaskTest.java
@@ -0,0 +1,45 @@
+package org.dependencytrack.tasks;
+
+import alpine.persistence.PaginatedResult;
+import org.dependencytrack.PersistenceCapableTest;
+import org.dependencytrack.event.PolicyEvaluationEvent;
+import org.dependencytrack.model.Component;
+import org.dependencytrack.model.Policy;
+import org.dependencytrack.model.PolicyCondition;
+import org.dependencytrack.model.Project;
+import org.junit.Test;
+
+import java.util.Collections;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class PolicyEvaluationTaskTest extends PersistenceCapableTest {
+
+    @Test
+    public void testPolicyEvaluationForSingleComponent() {
+        Project project = new Project();
+        project.setName("my-project");
+        project.setGroup("com.example");
+        project.setVersion("1.0.0");
+        qm.createProject(project, Collections.emptyList(), false);
+
+        Component component = new Component();
+        component.setGroup("com.example");
+        component.setName("my-component");
+        component.setVersion("1.0.0");
+        component.setPurl("pkg:maven/com.example/[email protected]");
+        component.setProject(project);
+        qm.createComponent(component, false);
+
+        // a policy that identifies the upper component and thus should be violated
+        Policy policy = qm.createPolicy("my-policy", Policy.Operator.ALL, Policy.ViolationState.FAIL);
+        qm.createPolicyCondition(policy, PolicyCondition.Subject.PACKAGE_URL, PolicyCondition.Operator.MATCHES, "pkg:maven/com.example/[email protected]");
+
+        PolicyEvaluationTask task = new PolicyEvaluationTask();
+        task.inform(new PolicyEvaluationEvent(component).project(project));
+
+        PaginatedResult policyViolations = qm.getPolicyViolations(project, false);
+        assertThat(policyViolations.getTotal()).isEqualTo(1);
+    }
+
+}