From 4c1d59ae24ca60c29890accf2776ba3c497a2648 Mon Sep 17 00:00:00 2001 From: nscuro Date: Tue, 25 Jul 2023 19:03:13 +0200 Subject: [PATCH] Update Snyk API version to `2023-06-22` This changes the default version for new DT deployments, and updates the version for existing ones, **if the version has not been changed already**. `2023-06-22` is the most recent stable version according to apidocs.snyk.io. Tested and confirmed that it's working fine with DT's integration. Signed-off-by: nscuro --- .../model/ConfigPropertyConstants.java | 2 +- .../dependencytrack/upgrade/UpgradeItems.java | 1 + .../upgrade/v490/v490Updater.java | 65 +++++++++++++++++++ 3 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 src/main/java/org/dependencytrack/upgrade/v490/v490Updater.java diff --git a/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java b/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java index 7d37574c58..7cdd9a73a0 100644 --- a/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java +++ b/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java @@ -55,7 +55,7 @@ public enum ConfigPropertyConstants { SCANNER_SNYK_ALIAS_SYNC_ENABLED("scanner", "snyk.alias.sync.enabled", "false", PropertyType.BOOLEAN, "Flag to enable/disable alias synchronization for Snyk"), SCANNER_SNYK_API_TOKEN("scanner", "snyk.api.token", null, PropertyType.ENCRYPTEDSTRING, "The API token used for Snyk API authentication"), SCANNER_SNYK_ORG_ID("scanner", "snyk.org.id", null, PropertyType.STRING, "The Organization ID used for Snyk API access"), - SCANNER_SNYK_API_VERSION("scanner", "snyk.api.version", "2022-11-14", PropertyType.STRING, "Snyk API version"), + SCANNER_SNYK_API_VERSION("scanner", "snyk.api.version", "2023-06-22", PropertyType.STRING, "Snyk API version"), SCANNER_SNYK_CVSS_SOURCE("scanner", "snyk.cvss.source", "NVD", PropertyType.STRING, "Type of source to be prioritized for cvss calculation"), SCANNER_SNYK_BASE_URL("scanner", "snyk.base.url", "https://api.snyk.io", PropertyType.URL, "Base Url pointing to the hostname and path for Snyk analysis"), VULNERABILITY_SOURCE_NVD_ENABLED("vuln-source", "nvd.enabled", "true", PropertyType.BOOLEAN, "Flag to enable/disable National Vulnerability Database"), diff --git a/src/main/java/org/dependencytrack/upgrade/UpgradeItems.java b/src/main/java/org/dependencytrack/upgrade/UpgradeItems.java index 247185d7e7..16b602a1af 100644 --- a/src/main/java/org/dependencytrack/upgrade/UpgradeItems.java +++ b/src/main/java/org/dependencytrack/upgrade/UpgradeItems.java @@ -36,6 +36,7 @@ class UpgradeItems { UPGRADE_ITEMS.add(org.dependencytrack.upgrade.v463.v463Updater.class); UPGRADE_ITEMS.add(org.dependencytrack.upgrade.v470.v470Updater.class); UPGRADE_ITEMS.add(org.dependencytrack.upgrade.v480.v480Updater.class); + UPGRADE_ITEMS.add(org.dependencytrack.upgrade.v490.v490Updater.class); } static List> getUpgradeItems() { diff --git a/src/main/java/org/dependencytrack/upgrade/v490/v490Updater.java b/src/main/java/org/dependencytrack/upgrade/v490/v490Updater.java new file mode 100644 index 0000000000..5b4db59e09 --- /dev/null +++ b/src/main/java/org/dependencytrack/upgrade/v490/v490Updater.java @@ -0,0 +1,65 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) Steve Springett. All Rights Reserved. + */ +package org.dependencytrack.upgrade.v490; + +import alpine.common.logging.Logger; +import alpine.persistence.AlpineQueryManager; +import alpine.server.upgrade.AbstractUpgradeItem; + +import java.sql.Connection; +import java.sql.PreparedStatement; + +import static org.dependencytrack.model.ConfigPropertyConstants.SCANNER_SNYK_API_VERSION; + +public class v490Updater extends AbstractUpgradeItem { + + private static final Logger LOGGER = Logger.getLogger(v490Updater.class); + + @Override + public String getSchemaVersion() { + return "4.9.0"; + } + + @Override + public void executeUpgrade(final AlpineQueryManager qm, final Connection connection) throws Exception { + updateDefaultSnykApiVersion(connection); + } + + /** + * Update the Snyk API version from its previous default to a current and actively supported one. + * Only do so when the version has not been modified manually. + * + * @param connection The {@link Connection} to use for executing queries + * @throws Exception When executing a query failed + */ + private static void updateDefaultSnykApiVersion(final Connection connection) throws Exception { + LOGGER.info("Updating Snyk API version from 2022-11-14 to %s" + .formatted(SCANNER_SNYK_API_VERSION.getDefaultPropertyValue())); + try (final PreparedStatement ps = connection.prepareStatement(""" + UPDATE "CONFIGPROPERTY" SET "PROPERTYVALUE" = ? + WHERE "GROUPNAME" = 'scanner' + AND "PROPERTYNAME" = 'snyk.api.version' + AND "PROPERTYVALUE" = '2022-11-14' + """)) { + ps.setString(1, SCANNER_SNYK_API_VERSION.getDefaultPropertyValue()); + ps.executeUpdate(); + } + } + +}