Skip to content

Commit

Permalink
Fix CPE not being imported from CycloneDX metadata.component
Browse files Browse the repository at this point in the history
Fixes DependencyTrack#4173

Signed-off-by: nscuro <[email protected]>
  • Loading branch information
nscuro committed Sep 25, 2024
1 parent feaa2df commit 397dd21
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,10 @@
import alpine.model.IConfigProperty.PropertyType;
import com.github.packageurl.MalformedPackageURLException;
import com.github.packageurl.PackageURL;
import jakarta.json.Json;
import jakarta.json.JsonArray;
import jakarta.json.JsonObject;
import jakarta.json.JsonValue;
import org.apache.commons.collections4.MultiValuedMap;
import org.apache.commons.collections4.multimap.HashSetValuedHashMap;
import org.apache.commons.lang3.StringUtils;
Expand Down Expand Up @@ -57,10 +61,6 @@
import org.dependencytrack.persistence.QueryManager;
import org.dependencytrack.util.VulnerabilityUtil;

import jakarta.json.Json;
import jakarta.json.JsonArray;
import jakarta.json.JsonObject;
import jakarta.json.JsonValue;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.Arrays;
Expand Down Expand Up @@ -124,6 +124,7 @@ public static Project convertToProject(final org.cyclonedx.model.Component cdxCo
project.setName(trimToNull(cdxComponent.getName()));
project.setVersion(trimToNull(cdxComponent.getVersion()));
project.setDescription(trimToNull(cdxComponent.getDescription()));
project.setCpe(trimToNull(cdxComponent.getCpe()));
project.setExternalReferences(convertExternalReferences(cdxComponent.getExternalReferences()));

List<OrganizationalContact> contacts = new ArrayList<>();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -335,6 +335,7 @@ private Project processProject(
// changed |= applyIfChanged(project, metadataComponent, Project::getVersion, project::setVersion);
// changed |= applyIfChanged(project, metadataComponent, Project::getDescription, project::setDescription);
hasChanged |= applyIfChanged(persistentProject, project, Project::getExternalReferences, persistentProject::setExternalReferences);
hasChanged |= applyIfChanged(persistentProject, project, Project::getCpe, persistentProject::setCpe);
hasChanged |= applyIfChanged(persistentProject, project, Project::getPurl, persistentProject::setPurl);
hasChanged |= applyIfChanged(persistentProject, project, Project::getSwidTagId, persistentProject::setSwidTagId);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,9 @@ public void informTest() throws Exception {

qm.getPersistenceManager().refresh(project);
assertThat(project.getClassifier()).isEqualTo(Classifier.APPLICATION);
assertThat(project.getCpe()).isEqualTo("cpe:2.3:a:acme:example:1.0.0:*:*:*:*:*:*:*");
assertThat(project.getPurl()).asString().isEqualTo("pkg:maven/com.acme/[email protected]");
assertThat(project.getSwidTagId()).isEqualTo("swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1");
assertThat(project.getLastBomImport()).isNotNull();
assertThat(project.getExternalReferences()).isNotNull();
assertThat(project.getExternalReferences()).hasSize(4);
Expand Down
5 changes: 5 additions & 0 deletions src/test/resources/unit/bom-1.xml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,11 @@
</supplier>
<publisher>DependencyTrack</publisher>
<name>Acme example</name>
<cpe>cpe:2.3:a:acme:example:1.0.0:*:*:*:*:*:*:*</cpe>
<purl>pkg:maven/com.acme/[email protected]</purl>
<swid tagId="swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1" name="Acme Application" version="9.1.1">
<text content-type="text/xml" encoding="base64">PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==</text>
</swid>
<externalReferences>
<reference type="build-system">
<url>https://acme.example</url>
Expand Down

0 comments on commit 397dd21

Please sign in to comment.