Merge pull request #3179 from nscuro/supplier-manufacturer-corrections

Supplier and manufacturer corrections
DependencyTrack · Nov 28, 2023 · 065e483 · 065e483
2 parents 81e3b92 + b5a0bbf
commit 065e483
Show file tree

Hide file tree

Showing 22 changed files with 871 additions and 238 deletions.
diff --git a/src/main/java/org/dependencytrack/model/Classifier.java b/src/main/java/org/dependencytrack/model/Classifier.java
@@ -32,5 +32,9 @@ public enum Classifier {
     OPERATING_SYSTEM,
     DEVICE,
     FIRMWARE,
-    FILE
+    FILE,
+    PLATFORM,
+    DEVICE_DRIVER,
+    MACHINE_LEARNING_MODEL,
+    DATA
 }
diff --git a/src/main/java/org/dependencytrack/model/Component.java b/src/main/java/org/dependencytrack/model/Component.java
@@ -29,8 +29,11 @@
 import com.github.packageurl.PackageURL;
 import org.apache.commons.lang3.StringUtils;
 import org.dependencytrack.model.validation.ValidSpdxExpression;
+import org.dependencytrack.persistence.converter.OrganizationalEntityJsonConverter;
 import org.dependencytrack.resources.v1.serializers.CustomPackageURLSerializer;
+
 import javax.jdo.annotations.Column;
+import javax.jdo.annotations.Convert;
 import javax.jdo.annotations.Element;
 import javax.jdo.annotations.Extension;
 import javax.jdo.annotations.FetchGroup;
@@ -53,8 +56,8 @@
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
-import java.util.UUID;
 import java.util.Set;
+import java.util.UUID;
 
 /**
  * Model class for tracking individual components.
@@ -115,18 +118,9 @@ public enum FetchGroup {
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The publisher may only contain printable characters")
     private String publisher;
 
-    @Persistent /**Issue #2373, #2737 */
-    @Column(name = "MANUFACTURE", allowsNull = "true")
-    @Serialized
-    @Size(max = 255)
-    @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The manufacture may only contain printable characters")
-    private OrganizationalEntity manufacture;
-
-    @Persistent /**Issue #2373, #2737 */
-    @Column(name = "SUPPLIER", allowsNull = "true")
-    @Serialized
-    @Size(max = 255)
-    @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The supplier may only contain printable characters")
+    @Persistent(defaultFetchGroup = "true")
+    @Convert(OrganizationalEntityJsonConverter.class)
+    @Column(name = "SUPPLIER", jdbcType = "CLOB", allowsNull = "true")
     private OrganizationalEntity supplier;
 
     @Persistent
@@ -398,22 +392,14 @@ public void setPublisher(String publisher) {
         this.publisher = publisher;
     }
 
-    public OrganizationalEntity getSupplier() { /**Issue #2373, #2737 */
+    public OrganizationalEntity getSupplier() {
         return supplier;
     }
 
-    public void setSupplier(OrganizationalEntity supplier) {/**Issue #2373, #2737 */
+    public void setSupplier(OrganizationalEntity supplier) {
         this.supplier = supplier;
     }
 
-    public OrganizationalEntity getManufacturer() { /**Issue #2373, #2737 */
-        return manufacture;
-    }
-
-    public void setManufacturer(OrganizationalEntity manufacture) {/**Issue #2373, #2737 */
-        this.manufacture = manufacture;
-    }
-
     public String getGroup() {
         return group;
     }

diff --git a/src/main/java/org/dependencytrack/model/OrganizationalContact.java b/src/main/java/org/dependencytrack/model/OrganizationalContact.java
@@ -23,6 +23,7 @@
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 
 import java.io.Serializable;
+import java.util.Objects;
 
 /**
  * Model class for tracking organizational contacts.
@@ -67,4 +68,18 @@ public String getPhone() {
     public void setPhone(String phone) {
         this.phone = phone;
     }
+
+    @Override
+    public boolean equals(final Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        final OrganizationalContact that = (OrganizationalContact) o;
+        return Objects.equals(name, that.name) && Objects.equals(email, that.email) && Objects.equals(phone, that.phone);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(name, email, phone);
+    }
+
 }
diff --git a/src/main/java/org/dependencytrack/model/OrganizationalEntity.java b/src/main/java/org/dependencytrack/model/OrganizationalEntity.java
@@ -25,7 +25,9 @@
 
 import java.io.Serializable;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
+import java.util.Objects;
 
 /**
  * Model class for tracking organizational entities (provider, supplier, manufacturer, etc).
@@ -76,4 +78,20 @@ public void addContact(OrganizationalContact contact) {
     public void setContacts(List<OrganizationalContact> contacts) {
         this.contacts = contacts;
     }
+
+    @Override
+    public boolean equals(final Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        final OrganizationalEntity that = (OrganizationalEntity) o;
+        return Objects.equals(name, that.name) && Arrays.equals(urls, that.urls) && Objects.equals(contacts, that.contacts);
+    }
+
+    @Override
+    public int hashCode() {
+        int result = Objects.hash(name, contacts);
+        result = 31 * result + Arrays.hashCode(urls);
+        return result;
+    }
+
 }
diff --git a/src/main/java/org/dependencytrack/model/Project.java b/src/main/java/org/dependencytrack/model/Project.java
@@ -31,8 +31,12 @@
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import com.github.packageurl.MalformedPackageURLException;
 import com.github.packageurl.PackageURL;
+import io.swagger.annotations.ApiModelProperty;
+import org.dependencytrack.persistence.converter.OrganizationalEntityJsonConverter;
 import org.dependencytrack.resources.v1.serializers.CustomPackageURLSerializer;
+
 import javax.jdo.annotations.Column;
+import javax.jdo.annotations.Convert;
 import javax.jdo.annotations.Element;
 import javax.jdo.annotations.Extension;
 import javax.jdo.annotations.FetchGroup;
@@ -86,7 +90,11 @@
                 @Persistent(name = "children"),
                 @Persistent(name = "properties"),
                 @Persistent(name = "tags"),
-                @Persistent(name = "accessTeams")
+                @Persistent(name = "accessTeams"),
+                @Persistent(name = "metadata")
+        }),
+        @FetchGroup(name = "METADATA", members = {
+                @Persistent(name = "metadata")
         }),
         @FetchGroup(name = "METRICS_UPDATE", members = {
                 @Persistent(name = "id"),
@@ -107,6 +115,7 @@ public class Project implements Serializable {
      */
     public enum FetchGroup {
         ALL,
+        METADATA,
         METRICS_UPDATE,
         PARENT
     }
@@ -130,17 +139,15 @@ public enum FetchGroup {
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The publisher may only contain printable characters")
     private String publisher;
 
-    @Persistent /**Issue #2373, #2737 */
-    @Column(name = "SUPPLIER", allowsNull = "true")
-    @Size(max = 255)
-    @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The supplier may only contain printable characters")
-    private OrganizationalEntity supplier;
+    @Persistent(defaultFetchGroup = "true")
+    @Convert(OrganizationalEntityJsonConverter.class)
+    @Column(name = "MANUFACTURER", jdbcType = "CLOB", allowsNull = "true")
+    private OrganizationalEntity manufacturer;
 
-    @Persistent /**Issue #2373, #2737 */
-    @Column(name = "MANUFACTURE", allowsNull = "true")
-    @Size(max = 255)
-    @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The manufacturer may only contain printable characters")
-    private OrganizationalEntity manufacture;
+    @Persistent(defaultFetchGroup = "true")
+    @Convert(OrganizationalEntityJsonConverter.class)
+    @Column(name = "SUPPLIER", jdbcType = "CLOB", allowsNull = "true")
+    private OrganizationalEntity supplier;
 
     @Persistent
     @Column(name = "GROUP", jdbcType = "VARCHAR")
@@ -270,6 +277,10 @@ public enum FetchGroup {
     @Serialized
     private List<ExternalReference> externalReferences;
 
+    @Persistent(mappedBy = "project")
+    @ApiModelProperty(accessMode = ApiModelProperty.AccessMode.READ_ONLY)
+    private ProjectMetadata metadata;
+
     private transient ProjectMetrics metrics;
     private transient List<ProjectVersion> versions;
     private transient List<Component> dependencyGraph;
@@ -298,23 +309,22 @@ public void setPublisher(String publisher) {
         this.publisher = publisher;
     }
 
-    public OrganizationalEntity getSupplier() {
-        return supplier;
+    public OrganizationalEntity getManufacturer() {
+        return manufacturer;
     }
 
-    public void setSupplier(OrganizationalEntity supplier) {
-        this.supplier = supplier;
+    public void setManufacturer(final OrganizationalEntity manufacturer) {
+        this.manufacturer = manufacturer;
     }
 
-    public OrganizationalEntity getManufacturer() { /**Issue #2373, #2737 */
-        return manufacture;
+    public OrganizationalEntity getSupplier() {
+        return supplier;
     }
 
-    public void setManufacturer(OrganizationalEntity manufacture) {/**Issue #2373, #2737 */
-        this.manufacture = manufacture;
+    public void setSupplier(OrganizationalEntity supplier) {
+        this.supplier = supplier;
     }
 
-
     public String getGroup() {
         return group;
     }
@@ -511,6 +521,14 @@ public void addAccessTeam(Team accessTeam) {
         this.accessTeams.add(accessTeam);
     }
 
+    public ProjectMetadata getMetadata() {
+        return metadata;
+    }
+
+    public void setMetadata(final ProjectMetadata metadata) {
+        this.metadata = metadata;
+    }
+
     @JsonIgnore
     public List<Component> getDependencyGraph() {
         return dependencyGraph;

diff --git a/src/main/java/org/dependencytrack/model/ProjectMetadata.java b/src/main/java/org/dependencytrack/model/ProjectMetadata.java
@@ -0,0 +1,101 @@
+/*
+ * This file is part of Dependency-Track.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) Steve Springett. All Rights Reserved.
+ */
+package org.dependencytrack.model;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonInclude.Include;
+import org.dependencytrack.persistence.converter.OrganizationalContactsJsonConverter;
+import org.dependencytrack.persistence.converter.OrganizationalEntityJsonConverter;
+
+import javax.jdo.annotations.Column;
+import javax.jdo.annotations.Convert;
+import javax.jdo.annotations.IdGeneratorStrategy;
+import javax.jdo.annotations.PersistenceCapable;
+import javax.jdo.annotations.Persistent;
+import javax.jdo.annotations.PrimaryKey;
+import javax.jdo.annotations.Unique;
+import java.util.List;
+
+/**
+ * Metadata that relates to, but does not directly describe, a {@link Project}.
+ * <p>
+ * In CycloneDX terms, {@link ProjectMetadata} represents data from the {@code metadata} node
+ * of a BOM (except {@code metadata.component}, which represents a {@link Project} in Dependency-Track).
+ *
+ * @since 4.10.0
+ */
+@PersistenceCapable(table = "PROJECT_METADATA")
+@JsonInclude(Include.NON_NULL)
+public class ProjectMetadata {
+
+    @PrimaryKey
+    @Persistent(valueStrategy = IdGeneratorStrategy.NATIVE)
+    @JsonIgnore
+    private long id;
+
+    @Persistent
+    @Unique(name = "PROJECT_METADATA_PROJECT_ID_IDX")
+    @Column(name = "PROJECT_ID", allowsNull = "false")
+    @JsonIgnore
+    private Project project;
+
+    @Persistent(defaultFetchGroup = "true")
+    @Convert(OrganizationalEntityJsonConverter.class)
+    @Column(name = "SUPPLIER", jdbcType = "CLOB", allowsNull = "true")
+    private OrganizationalEntity supplier;
+
+    @Persistent(defaultFetchGroup = "true")
+    @Convert(OrganizationalContactsJsonConverter.class)
+    @Column(name = "AUTHORS", jdbcType = "CLOB", allowsNull = "true")
+    private List<OrganizationalContact> authors;
+
+    public long getId() {
+        return id;
+    }
+
+    public void setId(final long id) {
+        this.id = id;
+    }
+
+    public Project getProject() {
+        return project;
+    }
+
+    public void setProject(final Project project) {
+        this.project = project;
+    }
+
+    public OrganizationalEntity getSupplier() {
+        return supplier;
+    }
+
+    public void setSupplier(final OrganizationalEntity supplier) {
+        this.supplier = supplier;
+    }
+
+    public List<OrganizationalContact> getAuthors() {
+        return authors;
+    }
+
+    public void setAuthors(final List<OrganizationalContact> authors) {
+        this.authors = authors;
+    }
+
+}