From 7ae31311fee85cfa62d2d81e64f34037d8403106 Mon Sep 17 00:00:00 2001 From: leec94 Date: Thu, 12 Oct 2023 11:08:11 -0400 Subject: [PATCH 1/9] melbas changes with some error fixes Signed-off-by: leec94 --- .../org/dependencytrack/model/Component.java | 22 +++++++- .../org/dependencytrack/model/Project.java | 15 ++++++ .../parser/cyclonedx/util/ModelConverter.java | 54 ++++++++++++++++++- .../tasks/BomUploadProcessingTaskTest.java | 7 +++ src/test/resources/bom-1.xml | 44 +++++++++++++++ 5 files changed, 139 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/dependencytrack/model/Component.java b/src/main/java/org/dependencytrack/model/Component.java index 2c3495ac67..8687fc8868 100644 --- a/src/main/java/org/dependencytrack/model/Component.java +++ b/src/main/java/org/dependencytrack/model/Component.java @@ -30,7 +30,6 @@ import org.apache.commons.lang3.StringUtils; import org.dependencytrack.model.validation.ValidSpdxExpression; import org.dependencytrack.resources.v1.serializers.CustomPackageURLSerializer; - import javax.jdo.annotations.Column; import javax.jdo.annotations.Element; import javax.jdo.annotations.Extension; @@ -116,6 +115,20 @@ public enum FetchGroup { @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The publisher may only contain printable characters") private String publisher; + @Persistent /**Issue #2373, #2737 */ + @Column(name = "MANUFACTURE", jdbcType = "VARCHAR") + @Serialized + @Size(max = 255) + @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The manufacture may only contain printable characters") + private OrganizationalEntity manufacture; + + @Persistent /**Issue #2373, #2737 */ + @Column(name = "SUPPLIER", jdbcType = "VARCHAR") + @Serialized + @Size(max = 255) + @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The supplier may only contain printable characters") + private OrganizationalEntity supplier; + @Persistent @Column(name = "GROUP", jdbcType = "VARCHAR") @Index(name = "COMPONENT_GROUP_IDX") @@ -385,6 +398,13 @@ public void setPublisher(String publisher) { this.publisher = publisher; } + public OrganizationalEntity getSupplier() { /**Issue #2373, #2737 */ + return supplier; + } + + public void setSupplier(OrganizationalEntity supplier) {/**Issue #2373, #2737 */ + this.supplier = supplier; + } public String getGroup() { return group; } diff --git a/src/main/java/org/dependencytrack/model/Project.java b/src/main/java/org/dependencytrack/model/Project.java index f52eb7301a..e0a5b2c0bf 100644 --- a/src/main/java/org/dependencytrack/model/Project.java +++ b/src/main/java/org/dependencytrack/model/Project.java @@ -72,6 +72,7 @@ @Persistent(name = "name"), @Persistent(name = "author"), @Persistent(name = "publisher"), + @Persistent(name = "supplier"), @Persistent(name = "group"), @Persistent(name = "name"), @Persistent(name = "description"), @@ -129,6 +130,12 @@ public enum FetchGroup { @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The publisher may only contain printable characters") private String publisher; + @Persistent /**Issue #2373, #2737 */ + @Column(name = "SUPPLIER", jdbcType = "VARCHAR") + @Size(max = 255) + @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The supplier may only contain printable characters") + private OrganizationalEntity supplier; + @Persistent @Column(name = "GROUP", jdbcType = "VARCHAR") @Index(name = "PROJECT_GROUP_IDX") @@ -285,6 +292,14 @@ public void setPublisher(String publisher) { this.publisher = publisher; } + public OrganizationalEntity getSupplier() { + return supplier; + } + + public void setSupplier(OrganizationalEntity supplier) { + this.supplier = supplier; + } + public String getGroup() { return group; } diff --git a/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java b/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java index 7375273718..1eaddb3892 100644 --- a/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java +++ b/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java @@ -98,6 +98,7 @@ public static List convertComponents(final QueryManager qm, final Bom return components; } + /**Convert from CycloneDX to DT */ @SuppressWarnings("deprecation") public static Component convert(final QueryManager qm, final org.cyclonedx.model.Component cycloneDxComponent, final Project project) { Component component = qm.matchSingleIdentity(project, new ComponentIdentity(cycloneDxComponent)); @@ -108,6 +109,29 @@ public static Component convert(final QueryManager qm, final org.cyclonedx.model component.setAuthor(StringUtils.trimToNull(cycloneDxComponent.getAuthor())); component.setBomRef(StringUtils.trimToNull(cycloneDxComponent.getBomRef())); component.setPublisher(StringUtils.trimToNull(cycloneDxComponent.getPublisher())); + + /**Issue #2373, #2737 */ + OrganizationalEntity deptrackOrgEntity = new OrganizationalEntity(); + deptrackOrgEntity.setName(cycloneDxComponent.getSupplier().getName()); + deptrackOrgEntity.setUrls(cycloneDxComponent.getSupplier().getUrls().toArray(new String[0])); + // to do convert contacts + // deptrackOrgEntity.setContacts(cycloneDxComponent.getSupplier().getContacts()); + + if (cycloneDxComponent.getSupplier().getContacts() != null) { + List contacts = new ArrayList<>(); + for (org.cyclonedx.model.OrganizationalContact organizationalContact: cycloneDxComponent.getSupplier().getContacts()) { + OrganizationalContact contact = new OrganizationalContact(); + contact.setName(organizationalContact.getName()); + contact.setEmail(organizationalContact.getEmail()); + contact.setPhone(organizationalContact.getPhone()); + contacts.add(contact); + } + deptrackOrgEntity.setContacts(contacts); + } else { + deptrackOrgEntity.setContacts(null); + } + component.setSupplier(deptrackOrgEntity);/**Issue #2373, #2737 */ + component.setGroup(StringUtils.trimToNull(cycloneDxComponent.getGroup())); component.setName(StringUtils.trimToNull(cycloneDxComponent.getName())); component.setVersion(StringUtils.trimToNull(cycloneDxComponent.getVersion())); @@ -242,7 +266,8 @@ else if (StringUtils.isNotBlank(cycloneLicense.getName())) } return component; } - + + /**Convert from DT to CycloneDX */ @SuppressWarnings("deprecation") public static org.cyclonedx.model.Component convert(final QueryManager qm, final Component component) { final org.cyclonedx.model.Component cycloneComponent = new org.cyclonedx.model.Component(); @@ -395,6 +420,31 @@ public static org.cyclonedx.model.Metadata createMetadata(final Project project) }); cycloneComponent.setExternalReferences(references); } + /*Issue #2737: Adding Supplier contact functionality */ + if (project.getSupplier() != null) { + org.cyclonedx.model.OrganizationalEntity supplier = new org.cyclonedx.model.OrganizationalEntity(); + supplier.setName(project.getSupplier().getName()); + + if (project.getSupplier().getUrls() != null) { + supplier.setUrls(Arrays.asList(project.getSupplier().getUrls())); + } else { + supplier.setUrls(null); + } + if (project.getSupplier().getContacts() != null) { + List contacts = new ArrayList<>(); + for (OrganizationalContact organizationalContact: project.getSupplier().getContacts()) { + org.cyclonedx.model.OrganizationalContact contact = new org.cyclonedx.model.OrganizationalContact(); + contact.setName(organizationalContact.getName()); + contact.setEmail(organizationalContact.getEmail()); + contact.setPhone(organizationalContact.getPhone()); + contacts.add(contact); + } + supplier.setContacts(contacts); + } + cycloneComponent.setSupplier(supplier); + } else { + cycloneComponent.setSupplier(null); + } metadata.setComponent(cycloneComponent); } return metadata; @@ -425,7 +475,7 @@ public static ServiceComponent convert(final QueryManager qm, final org.cycloned service.setProject(project); } service.setBomRef(StringUtils.trimToNull(cycloneDxService.getBomRef())); - if (cycloneDxService.getProvider() != null) { + if (cycloneDxService.getProvider() != null) { OrganizationalEntity provider = new OrganizationalEntity();; provider.setName(cycloneDxService.getProvider().getName()); if (cycloneDxService.getProvider().getUrls() != null && cycloneDxService.getProvider().getUrls().size() > 0) { diff --git a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java index 5fabfc1f46..151840c827 100644 --- a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java @@ -141,6 +141,13 @@ public void informTest() throws Exception { assertThat(components).hasSize(1); final Component component = components.get(0); + + assertThat(component.getSupplier().getName()).isEqualTo("Foo Incorporated"); /*Issue #2373, #2737 - Adding support for Supplier*/ + assertThat(component.getSupplier().getUrls()).isEqualTo("https://foo.bar.com"); + assertThat(component.getSupplier().getContacts().get(0).getName()).isEqualTo("Foo Jr."); + assertThat(component.getSupplier().getContacts().get(0).getEmail()).isEqualTo("foojr@bar.com"); + assertThat(component.getSupplier().getContacts().get(0).getPhone()).isEqualTo("123-456-7890"); + assertThat(component.getAuthor()).isEqualTo("Sometimes this field is long because it is composed of a list of authors......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................"); assertThat(component.getPublisher()).isEqualTo("Example Incorporated"); assertThat(component.getGroup()).isEqualTo("com.example"); diff --git a/src/test/resources/bom-1.xml b/src/test/resources/bom-1.xml index 632bb199d1..e5ddcb27d8 100644 --- a/src/test/resources/bom-1.xml +++ b/src/test/resources/bom-1.xml @@ -2,6 +2,17 @@ + + Foo Incorporated + https://foo.bar.com + + + Foo Jr. + foojr@bar.com + 123-456-7890 + + + DependencyTrack Acme example @@ -19,10 +30,43 @@ + + Foo Incorporated + https://foo.bar.com + + + Foo Sr. + foo@bar.com + 800-123-4567 + + + + + Foo Incorporated + https://foo.bar.com + + + Foo Jr. + foojr@bar.com + 123-456-7890 + + + Sometimes this field is long because it is composed of a list of authors...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... + + Foo Incorporated + https://foo.bar.com + + + Foo Jr. + foojr@bar.com + 123-456-7890 + + + Example Incorporated com.example xmlutil From 4f187b37430987073bb035375c8edd3969681ceb Mon Sep 17 00:00:00 2001 From: leec94 Date: Fri, 13 Oct 2023 10:29:07 -0400 Subject: [PATCH 2/9] adding manufacturer assertions Signed-off-by: leec94 --- src/main/java/org/dependencytrack/model/Component.java | 9 +++++++++ .../tasks/BomUploadProcessingTaskTest.java | 7 +++++++ 2 files changed, 16 insertions(+) diff --git a/src/main/java/org/dependencytrack/model/Component.java b/src/main/java/org/dependencytrack/model/Component.java index 8687fc8868..7bd8c53f8c 100644 --- a/src/main/java/org/dependencytrack/model/Component.java +++ b/src/main/java/org/dependencytrack/model/Component.java @@ -405,6 +405,15 @@ public OrganizationalEntity getSupplier() { /**Issue #2373, #2737 */ public void setSupplier(OrganizationalEntity supplier) {/**Issue #2373, #2737 */ this.supplier = supplier; } + + public OrganizationalEntity getManufacturer() { /**Issue #2373, #2737 */ + return manufacture; + } + + public void setManufacturer(OrganizationalEntity manufacture) {/**Issue #2373, #2737 */ + this.manufacture = manufacture; + } + public String getGroup() { return group; } diff --git a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java index 151840c827..f8fdc9f7b2 100644 --- a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java @@ -147,6 +147,13 @@ public void informTest() throws Exception { assertThat(component.getSupplier().getContacts().get(0).getName()).isEqualTo("Foo Jr."); assertThat(component.getSupplier().getContacts().get(0).getEmail()).isEqualTo("foojr@bar.com"); assertThat(component.getSupplier().getContacts().get(0).getPhone()).isEqualTo("123-456-7890"); + + assertThat(component.getManufacturer().getName()).isEqualTo("Foo Incorporated"); + assertThat(component.getManufacturer().getUrls()).isEqualTo("https://foo.bar.com"); + assertThat(component.getManufacturer().getContacts().get(0).getName()).isEqualTo("Foo Sr."); + assertThat(component.getManufacturer().getContacts().get(0).getEmail()).isEqualTo("foo@bar.com"); + assertThat(component.getManufacturer().getContacts().get(0).getPhone()).isEqualTo("800-123-4567"); + assertThat(component.getAuthor()).isEqualTo("Sometimes this field is long because it is composed of a list of authors......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................"); assertThat(component.getPublisher()).isEqualTo("Example Incorporated"); From 0bd31e25cc44ee07e8ebab2084984ee3083b8a0b Mon Sep 17 00:00:00 2001 From: leec94 Date: Mon, 23 Oct 2023 17:18:24 -0400 Subject: [PATCH 3/9] fix varchar error Signed-off-by: leec94 --- src/main/java/org/dependencytrack/model/Component.java | 4 ++-- src/main/java/org/dependencytrack/model/Project.java | 8 +++++++- .../tasks/BomUploadProcessingTaskTest.java | 3 +-- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/dependencytrack/model/Component.java b/src/main/java/org/dependencytrack/model/Component.java index 7bd8c53f8c..c39ad11f96 100644 --- a/src/main/java/org/dependencytrack/model/Component.java +++ b/src/main/java/org/dependencytrack/model/Component.java @@ -116,14 +116,14 @@ public enum FetchGroup { private String publisher; @Persistent /**Issue #2373, #2737 */ - @Column(name = "MANUFACTURE", jdbcType = "VARCHAR") + @Column(name = "MANUFACTURE") @Serialized @Size(max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The manufacture may only contain printable characters") private OrganizationalEntity manufacture; @Persistent /**Issue #2373, #2737 */ - @Column(name = "SUPPLIER", jdbcType = "VARCHAR") + @Column(name = "SUPPLIER") @Serialized @Size(max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The supplier may only contain printable characters") diff --git a/src/main/java/org/dependencytrack/model/Project.java b/src/main/java/org/dependencytrack/model/Project.java index e0a5b2c0bf..461c73901f 100644 --- a/src/main/java/org/dependencytrack/model/Project.java +++ b/src/main/java/org/dependencytrack/model/Project.java @@ -131,11 +131,17 @@ public enum FetchGroup { private String publisher; @Persistent /**Issue #2373, #2737 */ - @Column(name = "SUPPLIER", jdbcType = "VARCHAR") + @Column(name = "SUPPLIER") @Size(max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The supplier may only contain printable characters") private OrganizationalEntity supplier; + @Persistent /**Issue #2373, #2737 */ + @Column(name = "MANUFACTURE") + @Size(max = 255) + @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The manufacturer may only contain printable characters") + private OrganizationalEntity manufacture; + @Persistent @Column(name = "GROUP", jdbcType = "VARCHAR") @Index(name = "PROJECT_GROUP_IDX") diff --git a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java index f8fdc9f7b2..48ce43750a 100644 --- a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java @@ -143,8 +143,7 @@ public void informTest() throws Exception { final Component component = components.get(0); assertThat(component.getSupplier().getName()).isEqualTo("Foo Incorporated"); /*Issue #2373, #2737 - Adding support for Supplier*/ - assertThat(component.getSupplier().getUrls()).isEqualTo("https://foo.bar.com"); - assertThat(component.getSupplier().getContacts().get(0).getName()).isEqualTo("Foo Jr."); + assertThat(component.getSupplier().getUrls()[0]).isEqualTo("https://foo.bar.com"); assertThat(component.getSupplier().getContacts().get(0).getEmail()).isEqualTo("foojr@bar.com"); assertThat(component.getSupplier().getContacts().get(0).getPhone()).isEqualTo("123-456-7890"); From eef19421a82e0692f5c5cb4b0e4775fb504603df Mon Sep 17 00:00:00 2001 From: leec94 Date: Tue, 24 Oct 2023 11:38:58 -0400 Subject: [PATCH 4/9] fix format for contact Signed-off-by: leec94 --- src/test/resources/bom-1.xml | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/src/test/resources/bom-1.xml b/src/test/resources/bom-1.xml index e5ddcb27d8..a5a8f0ca1d 100644 --- a/src/test/resources/bom-1.xml +++ b/src/test/resources/bom-1.xml @@ -6,11 +6,9 @@ Foo Incorporated https://foo.bar.com - - Foo Jr. - foojr@bar.com - 123-456-7890 - + Foo Jr. + foojr@bar.com + 123-456-7890 DependencyTrack @@ -34,22 +32,18 @@ Foo Incorporated https://foo.bar.com - - Foo Sr. - foo@bar.com - 800-123-4567 - + Foo Sr. + foo@bar.com + 800-123-4567 Foo Incorporated https://foo.bar.com - - Foo Jr. - foojr@bar.com - 123-456-7890 - + Foo Jr. + foojr@bar.com + 123-456-7890 @@ -60,11 +54,9 @@ Foo Incorporated https://foo.bar.com - - Foo Jr. - foojr@bar.com - 123-456-7890 - + Foo Jr. + foojr@bar.com + 123-456-7890 Example Incorporated From c5efe320405f16efdb160fe66aff69d5a62b6771 Mon Sep 17 00:00:00 2001 From: leec94 Date: Tue, 24 Oct 2023 13:45:45 -0400 Subject: [PATCH 5/9] passes test Signed-off-by: leec94 --- .../org/dependencytrack/model/Project.java | 9 ++++++++ .../tasks/BomUploadProcessingTask.java | 22 +++++++++++++++++++ .../tasks/BomUploadProcessingTaskTest.java | 10 ++++----- 3 files changed, 36 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/dependencytrack/model/Project.java b/src/main/java/org/dependencytrack/model/Project.java index 461c73901f..53802b454d 100644 --- a/src/main/java/org/dependencytrack/model/Project.java +++ b/src/main/java/org/dependencytrack/model/Project.java @@ -306,6 +306,15 @@ public void setSupplier(OrganizationalEntity supplier) { this.supplier = supplier; } + public OrganizationalEntity getManufacturer() { /**Issue #2373, #2737 */ + return manufacture; + } + + public void setManufacturer(OrganizationalEntity manufacture) {/**Issue #2373, #2737 */ + this.manufacture = manufacture; + } + + public String getGroup() { return group; } diff --git a/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java b/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java index 553dfb9b60..69620b4852 100644 --- a/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java +++ b/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java @@ -34,6 +34,8 @@ import org.dependencytrack.model.Classifier; import org.dependencytrack.model.Component; import org.dependencytrack.model.ConfigPropertyConstants; +import org.dependencytrack.model.OrganizationalEntity; +import org.dependencytrack.model.OrganizationalContact; import org.dependencytrack.model.Project; import org.dependencytrack.model.ServiceComponent; import org.dependencytrack.notification.NotificationConstants; @@ -120,6 +122,26 @@ public void inform(final Event e) { serialNumnber = (cycloneDxBom.getSerialNumber() != null) ? cycloneDxBom.getSerialNumber().replaceFirst("urn:uuid:", "") : null; components = ModelConverter.convertComponents(qm, cycloneDxBom, project); services = ModelConverter.convertServices(qm, cycloneDxBom, project); + /**Issue #2373, #2737 */ + if (cycloneDxBom.getMetadata().getManufacture() != null) { + OrganizationalEntity manufacturer = new OrganizationalEntity(); + manufacturer.setName(cycloneDxBom.getMetadata().getManufacture().getName()); + manufacturer.setUrls(cycloneDxBom.getMetadata().getManufacture().getUrls().toArray(new String[0])); + if (cycloneDxBom.getMetadata().getManufacture().getContacts() != null){ + List contacts = new ArrayList<>(); + for (org.cyclonedx.model.OrganizationalContact organizationalContact: cycloneDxBom.getMetadata().getManufacture().getContacts()) { + OrganizationalContact contact = new OrganizationalContact(); + contact.setName(organizationalContact.getName()); + contact.setEmail(organizationalContact.getEmail()); + contact.setPhone(organizationalContact.getPhone()); + contacts.add(contact); + } + manufacturer.setContacts(contacts); + } else { + manufacturer.setContacts(null); + } + project.setManufacturer(manufacturer); + } } else { LOGGER.warn("A CycloneDX BOM was uploaded but accepting CycloneDX BOMs is disabled. Aborting"); return; diff --git a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java index 48ce43750a..f5d11683f0 100644 --- a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java @@ -147,11 +147,11 @@ public void informTest() throws Exception { assertThat(component.getSupplier().getContacts().get(0).getEmail()).isEqualTo("foojr@bar.com"); assertThat(component.getSupplier().getContacts().get(0).getPhone()).isEqualTo("123-456-7890"); - assertThat(component.getManufacturer().getName()).isEqualTo("Foo Incorporated"); - assertThat(component.getManufacturer().getUrls()).isEqualTo("https://foo.bar.com"); - assertThat(component.getManufacturer().getContacts().get(0).getName()).isEqualTo("Foo Sr."); - assertThat(component.getManufacturer().getContacts().get(0).getEmail()).isEqualTo("foo@bar.com"); - assertThat(component.getManufacturer().getContacts().get(0).getPhone()).isEqualTo("800-123-4567"); + assertThat(project.getManufacturer().getName()).isEqualTo("Foo Incorporated"); + assertThat(project.getManufacturer().getUrls()[0]).isEqualTo("https://foo.bar.com"); + assertThat(project.getManufacturer().getContacts().get(0).getName()).isEqualTo("Foo Sr."); + assertThat(project.getManufacturer().getContacts().get(0).getEmail()).isEqualTo("foo@bar.com"); + assertThat(project.getManufacturer().getContacts().get(0).getPhone()).isEqualTo("800-123-4567"); assertThat(component.getAuthor()).isEqualTo("Sometimes this field is long because it is composed of a list of authors......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................"); From 2b3652390f71af37f5bb04ecacd1afd3238d81f6 Mon Sep 17 00:00:00 2001 From: leec94 Date: Tue, 24 Oct 2023 14:39:05 -0400 Subject: [PATCH 6/9] formatting Signed-off-by: leec94 --- .../dependencytrack/parser/cyclonedx/util/ModelConverter.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java b/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java index 1eaddb3892..969aff9998 100644 --- a/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java +++ b/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java @@ -475,7 +475,7 @@ public static ServiceComponent convert(final QueryManager qm, final org.cycloned service.setProject(project); } service.setBomRef(StringUtils.trimToNull(cycloneDxService.getBomRef())); - if (cycloneDxService.getProvider() != null) { + if (cycloneDxService.getProvider() != null) { OrganizationalEntity provider = new OrganizationalEntity();; provider.setName(cycloneDxService.getProvider().getName()); if (cycloneDxService.getProvider().getUrls() != null && cycloneDxService.getProvider().getUrls().size() > 0) { From 073dd262263bbecc6baaab119e8d23121ab91d02 Mon Sep 17 00:00:00 2001 From: leec94 Date: Thu, 26 Oct 2023 12:09:38 -0400 Subject: [PATCH 7/9] account for no supplier Signed-off-by: leec94 --- .../parser/cyclonedx/util/ModelConverter.java | 39 ++++++++++--------- .../tasks/BomUploadProcessingTask.java | 2 +- 2 files changed, 22 insertions(+), 19 deletions(-) diff --git a/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java b/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java index 969aff9998..7958832102 100644 --- a/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java +++ b/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java @@ -111,26 +111,29 @@ public static Component convert(final QueryManager qm, final org.cyclonedx.model component.setPublisher(StringUtils.trimToNull(cycloneDxComponent.getPublisher())); /**Issue #2373, #2737 */ - OrganizationalEntity deptrackOrgEntity = new OrganizationalEntity(); - deptrackOrgEntity.setName(cycloneDxComponent.getSupplier().getName()); - deptrackOrgEntity.setUrls(cycloneDxComponent.getSupplier().getUrls().toArray(new String[0])); - // to do convert contacts - // deptrackOrgEntity.setContacts(cycloneDxComponent.getSupplier().getContacts()); + if (cycloneDxComponent.getSupplier() != null) { + OrganizationalEntity deptrackOrgEntity = new OrganizationalEntity(); + deptrackOrgEntity.setName(cycloneDxComponent.getSupplier().getName()); + deptrackOrgEntity.setUrls(cycloneDxComponent.getSupplier().getUrls().toArray(new String[0])); + // to do convert contacts + // deptrackOrgEntity.setContacts(cycloneDxComponent.getSupplier().getContacts()); - if (cycloneDxComponent.getSupplier().getContacts() != null) { - List contacts = new ArrayList<>(); - for (org.cyclonedx.model.OrganizationalContact organizationalContact: cycloneDxComponent.getSupplier().getContacts()) { - OrganizationalContact contact = new OrganizationalContact(); - contact.setName(organizationalContact.getName()); - contact.setEmail(organizationalContact.getEmail()); - contact.setPhone(organizationalContact.getPhone()); - contacts.add(contact); + if (cycloneDxComponent.getSupplier().getContacts() != null) { + List contacts = new ArrayList<>(); + for (org.cyclonedx.model.OrganizationalContact organizationalContact: cycloneDxComponent.getSupplier().getContacts()) { + OrganizationalContact contact = new OrganizationalContact(); + contact.setName(organizationalContact.getName()); + contact.setEmail(organizationalContact.getEmail()); + contact.setPhone(organizationalContact.getPhone()); + contacts.add(contact); + } + deptrackOrgEntity.setContacts(contacts); + } else { + deptrackOrgEntity.setContacts(null); } - deptrackOrgEntity.setContacts(contacts); - } else { - deptrackOrgEntity.setContacts(null); - } - component.setSupplier(deptrackOrgEntity);/**Issue #2373, #2737 */ + component.setSupplier(deptrackOrgEntity); + } /**Issue #2373, #2737 */ + component.setGroup(StringUtils.trimToNull(cycloneDxComponent.getGroup())); component.setName(StringUtils.trimToNull(cycloneDxComponent.getName())); diff --git a/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java b/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java index 69620b4852..1e53d6644c 100644 --- a/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java +++ b/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java @@ -141,7 +141,7 @@ public void inform(final Event e) { manufacturer.setContacts(null); } project.setManufacturer(manufacturer); - } + } /**Issue #2373, #2737 */ } else { LOGGER.warn("A CycloneDX BOM was uploaded but accepting CycloneDX BOMs is disabled. Aborting"); return; From 3475520b35a42fc0f2796a9607b71506cc1e2083 Mon Sep 17 00:00:00 2001 From: leec94 Date: Thu, 26 Oct 2023 12:17:34 -0400 Subject: [PATCH 8/9] account for no metadata Signed-off-by: leec94 --- .../tasks/BomUploadProcessingTask.java | 37 ++++++++++--------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java b/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java index 1e53d6644c..38ef7d7fe5 100644 --- a/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java +++ b/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java @@ -123,25 +123,28 @@ public void inform(final Event e) { components = ModelConverter.convertComponents(qm, cycloneDxBom, project); services = ModelConverter.convertServices(qm, cycloneDxBom, project); /**Issue #2373, #2737 */ - if (cycloneDxBom.getMetadata().getManufacture() != null) { - OrganizationalEntity manufacturer = new OrganizationalEntity(); - manufacturer.setName(cycloneDxBom.getMetadata().getManufacture().getName()); - manufacturer.setUrls(cycloneDxBom.getMetadata().getManufacture().getUrls().toArray(new String[0])); - if (cycloneDxBom.getMetadata().getManufacture().getContacts() != null){ - List contacts = new ArrayList<>(); - for (org.cyclonedx.model.OrganizationalContact organizationalContact: cycloneDxBom.getMetadata().getManufacture().getContacts()) { - OrganizationalContact contact = new OrganizationalContact(); - contact.setName(organizationalContact.getName()); - contact.setEmail(organizationalContact.getEmail()); - contact.setPhone(organizationalContact.getPhone()); - contacts.add(contact); + if (cycloneDxBom.getMetadata() != null) { + if (cycloneDxBom.getMetadata().getManufacture() != null) { + OrganizationalEntity manufacturer = new OrganizationalEntity(); + manufacturer.setName(cycloneDxBom.getMetadata().getManufacture().getName()); + manufacturer.setUrls(cycloneDxBom.getMetadata().getManufacture().getUrls().toArray(new String[0])); + if (cycloneDxBom.getMetadata().getManufacture().getContacts() != null){ + List contacts = new ArrayList<>(); + for (org.cyclonedx.model.OrganizationalContact organizationalContact: cycloneDxBom.getMetadata().getManufacture().getContacts()) { + OrganizationalContact contact = new OrganizationalContact(); + contact.setName(organizationalContact.getName()); + contact.setEmail(organizationalContact.getEmail()); + contact.setPhone(organizationalContact.getPhone()); + contacts.add(contact); + } + manufacturer.setContacts(contacts); + } else { + manufacturer.setContacts(null); } - manufacturer.setContacts(contacts); - } else { - manufacturer.setContacts(null); - } - project.setManufacturer(manufacturer); + project.setManufacturer(manufacturer); + } } /**Issue #2373, #2737 */ + } else { LOGGER.warn("A CycloneDX BOM was uploaded but accepting CycloneDX BOMs is disabled. Aborting"); return; From 07eeb8bdd4da7bdcf567dbaa8142499871272d74 Mon Sep 17 00:00:00 2001 From: leec94 Date: Wed, 1 Nov 2023 11:14:32 -0400 Subject: [PATCH 9/9] allow new columns to be nullable Signed-off-by: leec94 --- src/main/java/org/dependencytrack/model/Component.java | 4 ++-- src/main/java/org/dependencytrack/model/Project.java | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/dependencytrack/model/Component.java b/src/main/java/org/dependencytrack/model/Component.java index c39ad11f96..90379169a3 100644 --- a/src/main/java/org/dependencytrack/model/Component.java +++ b/src/main/java/org/dependencytrack/model/Component.java @@ -116,14 +116,14 @@ public enum FetchGroup { private String publisher; @Persistent /**Issue #2373, #2737 */ - @Column(name = "MANUFACTURE") + @Column(name = "MANUFACTURE", allowsNull = "true") @Serialized @Size(max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The manufacture may only contain printable characters") private OrganizationalEntity manufacture; @Persistent /**Issue #2373, #2737 */ - @Column(name = "SUPPLIER") + @Column(name = "SUPPLIER", allowsNull = "true") @Serialized @Size(max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The supplier may only contain printable characters") diff --git a/src/main/java/org/dependencytrack/model/Project.java b/src/main/java/org/dependencytrack/model/Project.java index 53802b454d..286c1fcf95 100644 --- a/src/main/java/org/dependencytrack/model/Project.java +++ b/src/main/java/org/dependencytrack/model/Project.java @@ -131,13 +131,13 @@ public enum FetchGroup { private String publisher; @Persistent /**Issue #2373, #2737 */ - @Column(name = "SUPPLIER") + @Column(name = "SUPPLIER", allowsNull = "true") @Size(max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The supplier may only contain printable characters") private OrganizationalEntity supplier; @Persistent /**Issue #2373, #2737 */ - @Column(name = "MANUFACTURE") + @Column(name = "MANUFACTURE", allowsNull = "true") @Size(max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The manufacturer may only contain printable characters") private OrganizationalEntity manufacture;