Integrity analysis should happen only integrity data is present

Signed-off-by: vithikashukla <[email protected]>
DependencyTrack · Oct 30, 2023 · 18801d4 · 18801d4
1 parent a1ebb13
commit 18801d4
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 19 deletions.
diff --git a/src/main/java/org/dependencytrack/event/kafka/componentmeta/IntegrityCheck.java b/src/main/java/org/dependencytrack/event/kafka/componentmeta/IntegrityCheck.java
@@ -29,16 +29,11 @@ public static void performIntegrityCheck(final IntegrityMetaComponent integrityM
             LOGGER.debug("Integrity check is disabled");
             return;
         }
+
         //if integritymeta is in result with hashses but component uuid is not present, result has integrity data for existing
         // components. Get components from database and perform integrity check
-        if (result.hasIntegrityMeta() && StringUtils.isBlank(result.getComponent().getUuid())) {
-            if(integrityMetaComponent != null) {
-                List<Component> componentList = qm.getComponentsByPurl(result.getComponent().getPurl());
-                for(Component component : componentList) {
-                    LOGGER.debug("calculate integrity for component : " + component.getUuid());
-                    calculateIntegrityResult(integrityMetaComponent, component, qm);
-                }
-            }
+        if (StringUtils.isBlank(result.getComponent().getUuid())) {
+            integrityAnalysisOfExistingComponents(integrityMetaComponent, result, qm);
             return;
         }
         //check if the object is not null
@@ -50,6 +45,19 @@ public static void performIntegrityCheck(final IntegrityMetaComponent integrityM
         calculateIntegrityResult(integrityMetaComponent, component, qm);
     }
 
+    private static void integrityAnalysisOfExistingComponents(final IntegrityMetaComponent integrityMetaComponent, final AnalysisResult result, final QueryManager qm) {
+        //if integritymeta is in result with hashses but component uuid is not present, result has integrity data for existing
+        // components. Get components from database and perform integrity check
+
+        if (integrityMetaComponent != null) {
+            List<Component> componentList = qm.getComponentsByPurl(result.getComponent().getPurl());
+            for (Component component : componentList) {
+                LOGGER.debug("calculate integrity for component : " + component.getUuid());
+                calculateIntegrityResult(integrityMetaComponent, component, qm);
+            }
+        }
+    }
+
     private static IntegrityMatchStatus checkHash(String metadataHash, String componentHash) {
         if (StringUtils.isBlank(metadataHash) && StringUtils.isBlank(componentHash)) {
             return COMPONENT_MISSING_HASH_AND_MATCH_UNKNOWN;
@@ -67,7 +75,7 @@ private static void calculateIntegrityResult(final IntegrityMetaComponent integr
         //if integritymetacomponent is  null, try to get it from db
         //it could be that integrity metadata is already in db
         IntegrityMetaComponent metadata = integrityMetaComponent == null ? qm.getIntegrityMetaComponent(component.getPurl().toString()) : integrityMetaComponent;
-        if(metadata == null) {
+        if (metadata == null) {
             LOGGER.info("Integrity metadata is null in result and db. Cannot perform integrity analysis");
             return;
         }
@@ -101,7 +109,7 @@ private static IntegrityMatchStatus calculateIntegrityCheckStatus(IntegrityMatch
         } else if ((md5Status == HASH_MATCH_UNKNOWN || md5Status == COMPONENT_MISSING_HASH_AND_MATCH_UNKNOWN)
                 && (sha1Status == HASH_MATCH_UNKNOWN || sha1Status == COMPONENT_MISSING_HASH_AND_MATCH_UNKNOWN)
                 && (sha256Status == HASH_MATCH_UNKNOWN || sha256Status == COMPONENT_MISSING_HASH_AND_MATCH_UNKNOWN)
-                && (sha512Status == HASH_MATCH_UNKNOWN || sha512Status == COMPONENT_MISSING_HASH_AND_MATCH_UNKNOWN))  {
+                && (sha512Status == HASH_MATCH_UNKNOWN || sha512Status == COMPONENT_MISSING_HASH_AND_MATCH_UNKNOWN)) {
             return HASH_MATCH_UNKNOWN;
         } else if (md5Status == HASH_MATCH_PASSED || sha1Status == HASH_MATCH_PASSED || sha256Status == HASH_MATCH_PASSED || sha512Status == HASH_MATCH_PASSED) {
             return HASH_MATCH_PASSED;

diff --git a/src/main/java/org/dependencytrack/event/kafka/processor/RepositoryMetaResultProcessor.java b/src/main/java/org/dependencytrack/event/kafka/processor/RepositoryMetaResultProcessor.java
@@ -45,7 +45,9 @@ public void process(final Record<String, AnalysisResult> record) {
         try (final var qm = new QueryManager()) {
             synchronizeRepositoryMetadata(qm, record);
             IntegrityMetaComponent integrityMetaComponent = synchronizeIntegrityMetadata(qm, record);
-            performIntegrityCheck(integrityMetaComponent, record.value(), qm);
+            if(integrityMetaComponent != null) {
+                performIntegrityCheck(integrityMetaComponent, record.value(), qm);
+            }
         } catch (Exception e) {
             LOGGER.error("An unexpected error occurred while processing record %s".formatted(record), e);
         } finally {

diff --git a/...est/java/org/dependencytrack/event/kafka/processor/RepositoryMetaResultProcessorTest.java b/...est/java/org/dependencytrack/event/kafka/processor/RepositoryMetaResultProcessorTest.java
@@ -275,7 +275,7 @@ public void testIntegrityCheckWhenComponentHashIsMissing() {
     }
 
     @Test
-    public void testIntegrityCheckWithDataInDb() {
+    public void testIntegrityAnalysisWillNotBePerformedIfNoIntegrityDataInResult() {
         // Create an active project with one component.
         final var projectA = qm.createProject("acme-app-a", null, "1.0.0", null, null, null, true, false);
         final var componentProjectA = new Component();
@@ -309,13 +309,7 @@ public void testIntegrityCheckWithDataInDb() {
         inputTopic.pipeInput(new TestRecord<>("pkg:maven/foo/[email protected]", result, Instant.now()));
 
         IntegrityAnalysis analysis = qm.getIntegrityAnalysisByComponentUuid(c.getUuid());
-        assertThat(analysis.getIntegrityCheckStatus()).isEqualTo(IntegrityMatchStatus.HASH_MATCH_PASSED);
-        assertThat(analysis.getMd5HashMatchStatus()).isEqualTo(IntegrityMatchStatus.HASH_MATCH_PASSED);
-        assertThat(analysis.getSha1HashMatchStatus()).isEqualTo(IntegrityMatchStatus.HASH_MATCH_PASSED);
-        assertThat(analysis.getSha256HashMatchStatus()).isEqualTo(IntegrityMatchStatus.COMPONENT_MISSING_HASH_AND_MATCH_UNKNOWN);
-        assertThat(analysis.getSha512HashMatchStatus()).isEqualTo(IntegrityMatchStatus.COMPONENT_MISSING_HASH_AND_MATCH_UNKNOWN);
-        assertThat(analysis.getUpdatedAt()).isNotNull();
-        assertThat(analysis.getComponent().getPurl().toString()).isEqualTo("pkg:maven/foo/[email protected]");
+        assertThat(analysis).isNull();
     }
 
     @Test