From c1f2ddcb56e77d9b5184f4315926a18a8d917af5 Mon Sep 17 00:00:00 2001 From: Sahiba Mittal Date: Mon, 11 Nov 2024 15:27:28 +0000 Subject: [PATCH 1/4] fix component author mapping --- .../persistence/jdbi/VulnerabilityDao.java | 2 + .../mapping/OrganizationalContactMapper.java | 40 +++++++++++++++++++ .../VulnerabilityQueryManagerTest.java | 5 +++ 3 files changed, 47 insertions(+) create mode 100644 src/main/java/org/dependencytrack/persistence/jdbi/mapping/OrganizationalContactMapper.java diff --git a/src/main/java/org/dependencytrack/persistence/jdbi/VulnerabilityDao.java b/src/main/java/org/dependencytrack/persistence/jdbi/VulnerabilityDao.java index 96f6afda8..fef7fef82 100644 --- a/src/main/java/org/dependencytrack/persistence/jdbi/VulnerabilityDao.java +++ b/src/main/java/org/dependencytrack/persistence/jdbi/VulnerabilityDao.java @@ -22,6 +22,7 @@ import org.dependencytrack.model.Vulnerability; import org.dependencytrack.model.VulnerableSoftware; import org.dependencytrack.persistence.jdbi.mapping.ExternalReferenceMapper; +import org.dependencytrack.persistence.jdbi.mapping.OrganizationalContactMapper; import org.dependencytrack.persistence.jdbi.mapping.VulnerabilityRowMapper; import org.dependencytrack.persistence.jdbi.mapping.VulnerableSoftwareRowMapper; import org.jdbi.v3.sqlobject.config.RegisterColumnMapper; @@ -396,6 +397,7 @@ SELECT DISTINCT ON ("V"."ID") and "C"."PROJECT_ID" = :projectId """) @RegisterFieldMapper(Component.class) + @RegisterColumnMapper(OrganizationalContactMapper.class) @RegisterColumnMapper(ExternalReferenceMapper.class) List getVulnerableComponents(@Bind long projectId, @Bind List vulnerabilityIds); diff --git a/src/main/java/org/dependencytrack/persistence/jdbi/mapping/OrganizationalContactMapper.java b/src/main/java/org/dependencytrack/persistence/jdbi/mapping/OrganizationalContactMapper.java new file mode 100644 index 000000000..2ab66adf1 --- /dev/null +++ b/src/main/java/org/dependencytrack/persistence/jdbi/mapping/OrganizationalContactMapper.java @@ -0,0 +1,40 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.dependencytrack.persistence.jdbi.mapping; + +import org.dependencytrack.model.OrganizationalContact; +import org.dependencytrack.persistence.converter.OrganizationalContactsJsonConverter; +import org.jdbi.v3.core.mapper.ColumnMapper; +import org.jdbi.v3.core.statement.StatementContext; + +import java.sql.ResultSet; +import java.sql.SQLException; +import java.util.ArrayList; +import java.util.List; + +public class OrganizationalContactMapper implements ColumnMapper> { + + @Override + public List map(ResultSet r, int columnNumber, StatementContext ctx) throws SQLException { + if (r.getBytes(columnNumber) == null) { + return new ArrayList<>(); + } + return new OrganizationalContactsJsonConverter().convertToAttribute(r.getString(columnNumber)); + } +} diff --git a/src/test/java/org/dependencytrack/persistence/VulnerabilityQueryManagerTest.java b/src/test/java/org/dependencytrack/persistence/VulnerabilityQueryManagerTest.java index 67c98aadc..542096c82 100644 --- a/src/test/java/org/dependencytrack/persistence/VulnerabilityQueryManagerTest.java +++ b/src/test/java/org/dependencytrack/persistence/VulnerabilityQueryManagerTest.java @@ -24,6 +24,7 @@ import org.dependencytrack.model.Component; import org.dependencytrack.model.Epss; import org.dependencytrack.model.ExternalReference; +import org.dependencytrack.model.OrganizationalContact; import org.dependencytrack.model.Project; import org.dependencytrack.model.Severity; import org.dependencytrack.model.Vulnerability; @@ -709,6 +710,10 @@ public void setupData() { extRef.setType(org.cyclonedx.model.ExternalReference.Type.WEBSITE); extRef.setUrl("www.test.com"); component.addExternalReference(extRef); + var author = new OrganizationalContact(); + author.setName("author"); + component.setAuthors(List.of(author)); + component.setVulnerabilities(List.of(vulnA, vulnB)); Component component2 = new Component(); From da7c45e518b772125da1b9655eecb1d3452a6f51 Mon Sep 17 00:00:00 2001 From: Sahiba Mittal Date: Mon, 11 Nov 2024 16:07:41 +0000 Subject: [PATCH 2/4] Update VulnerabilityResourceTest.java --- .../v1/VulnerabilityResourceTest.java | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java b/src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java index f9f6adc70..b88bfeef1 100644 --- a/src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java +++ b/src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java @@ -209,7 +209,8 @@ public void getVulnerabilitiesByProjectTest() { "uuid": "${json-unit.any-string}", "expandDependencyGraph": false, "isInternal": false, - "externalReferences":[] + "externalReferences":[], + "authors":[] } ], "uuid": "${json-unit.any-string}", @@ -238,7 +239,8 @@ public void getVulnerabilitiesByProjectTest() { "uuid": "${json-unit.any-string}", "expandDependencyGraph": false, "isInternal": false, - "externalReferences":[] + "externalReferences":[], + "authors":[] } ], "uuid": "${json-unit.any-string}", @@ -271,7 +273,8 @@ public void getVulnerabilitiesByProjectTest() { "uuid": "${json-unit.any-string}", "expandDependencyGraph": false, "isInternal": false, - "externalReferences":[] + "externalReferences":[], + "authors":[] } ], "uuid": "${json-unit.any-string}", @@ -294,7 +297,8 @@ public void getVulnerabilitiesByProjectTest() { "uuid": "${json-unit.any-string}", "expandDependencyGraph": false, "isInternal": false, - "externalReferences":[] + "externalReferences":[], + "authors":[] } ], "uuid": "${json-unit.any-string}", @@ -343,7 +347,8 @@ public void getVulnerabilitiesByProjectIncludeProjectSuppressedTest() { "uuid": "${json-unit.any-string}", "expandDependencyGraph": false, "isInternal": false, - "externalReferences":[] + "externalReferences":[], + "authors":[] } ], "uuid": "${json-unit.any-string}", @@ -366,7 +371,8 @@ public void getVulnerabilitiesByProjectIncludeProjectSuppressedTest() { "uuid": "${json-unit.any-string}", "expandDependencyGraph": false, "isInternal": false, - "externalReferences":[] + "externalReferences":[], + "authors":[] } ], "uuid": "${json-unit.any-string}", From 546d0903e0c3d0f76337be372f5e84639ad807cd Mon Sep 17 00:00:00 2001 From: Sahiba Mittal Date: Tue, 12 Nov 2024 09:12:45 +0000 Subject: [PATCH 3/4] remove extra null check --- .../mapping/OrganizationalContactMapper.java | 3 --- .../v1/VulnerabilityResourceTest.java | 18 ++++++------------ 2 files changed, 6 insertions(+), 15 deletions(-) diff --git a/src/main/java/org/dependencytrack/persistence/jdbi/mapping/OrganizationalContactMapper.java b/src/main/java/org/dependencytrack/persistence/jdbi/mapping/OrganizationalContactMapper.java index 2ab66adf1..6813f18b0 100644 --- a/src/main/java/org/dependencytrack/persistence/jdbi/mapping/OrganizationalContactMapper.java +++ b/src/main/java/org/dependencytrack/persistence/jdbi/mapping/OrganizationalContactMapper.java @@ -32,9 +32,6 @@ public class OrganizationalContactMapper implements ColumnMapper map(ResultSet r, int columnNumber, StatementContext ctx) throws SQLException { - if (r.getBytes(columnNumber) == null) { - return new ArrayList<>(); - } return new OrganizationalContactsJsonConverter().convertToAttribute(r.getString(columnNumber)); } } diff --git a/src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java b/src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java index b88bfeef1..f9f6adc70 100644 --- a/src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java +++ b/src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java @@ -209,8 +209,7 @@ public void getVulnerabilitiesByProjectTest() { "uuid": "${json-unit.any-string}", "expandDependencyGraph": false, "isInternal": false, - "externalReferences":[], - "authors":[] + "externalReferences":[] } ], "uuid": "${json-unit.any-string}", @@ -239,8 +238,7 @@ public void getVulnerabilitiesByProjectTest() { "uuid": "${json-unit.any-string}", "expandDependencyGraph": false, "isInternal": false, - "externalReferences":[], - "authors":[] + "externalReferences":[] } ], "uuid": "${json-unit.any-string}", @@ -273,8 +271,7 @@ public void getVulnerabilitiesByProjectTest() { "uuid": "${json-unit.any-string}", "expandDependencyGraph": false, "isInternal": false, - "externalReferences":[], - "authors":[] + "externalReferences":[] } ], "uuid": "${json-unit.any-string}", @@ -297,8 +294,7 @@ public void getVulnerabilitiesByProjectTest() { "uuid": "${json-unit.any-string}", "expandDependencyGraph": false, "isInternal": false, - "externalReferences":[], - "authors":[] + "externalReferences":[] } ], "uuid": "${json-unit.any-string}", @@ -347,8 +343,7 @@ public void getVulnerabilitiesByProjectIncludeProjectSuppressedTest() { "uuid": "${json-unit.any-string}", "expandDependencyGraph": false, "isInternal": false, - "externalReferences":[], - "authors":[] + "externalReferences":[] } ], "uuid": "${json-unit.any-string}", @@ -371,8 +366,7 @@ public void getVulnerabilitiesByProjectIncludeProjectSuppressedTest() { "uuid": "${json-unit.any-string}", "expandDependencyGraph": false, "isInternal": false, - "externalReferences":[], - "authors":[] + "externalReferences":[] } ], "uuid": "${json-unit.any-string}", From c7164395437669e0a568eb9bb054b3c1cafe72c6 Mon Sep 17 00:00:00 2001 From: Sahiba Mittal Date: Tue, 12 Nov 2024 09:22:27 +0000 Subject: [PATCH 4/4] Update OrganizationalContactMapper.java --- .../persistence/jdbi/mapping/OrganizationalContactMapper.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/java/org/dependencytrack/persistence/jdbi/mapping/OrganizationalContactMapper.java b/src/main/java/org/dependencytrack/persistence/jdbi/mapping/OrganizationalContactMapper.java index 6813f18b0..1ceb50a23 100644 --- a/src/main/java/org/dependencytrack/persistence/jdbi/mapping/OrganizationalContactMapper.java +++ b/src/main/java/org/dependencytrack/persistence/jdbi/mapping/OrganizationalContactMapper.java @@ -25,7 +25,6 @@ import java.sql.ResultSet; import java.sql.SQLException; -import java.util.ArrayList; import java.util.List; public class OrganizationalContactMapper implements ColumnMapper> {