Merge pull request #570 from DependencyTrack/add-supplier-manufacture…

…r-support Add supplier manufacturer support
DependencyTrack · Feb 14, 2024 · 5f92596 · 5f92596
2 parents e98adda + eee4f11
commit 5f92596
Show file tree

Hide file tree

Showing 23 changed files with 934 additions and 88 deletions.
diff --git a/src/main/java/org/dependencytrack/model/Classifier.java b/src/main/java/org/dependencytrack/model/Classifier.java
@@ -32,5 +32,9 @@ public enum Classifier {
     OPERATING_SYSTEM,
     DEVICE,
     FIRMWARE,
-    FILE
+    FILE,
+    PLATFORM,
+    DEVICE_DRIVER,
+    MACHINE_LEARNING_MODEL,
+    DATA
 }
diff --git a/src/main/java/org/dependencytrack/model/Component.java b/src/main/java/org/dependencytrack/model/Component.java
@@ -29,9 +29,11 @@
 import com.github.packageurl.PackageURL;
 import org.apache.commons.lang3.StringUtils;
 import org.dependencytrack.model.validation.ValidSpdxExpression;
+import org.dependencytrack.persistence.converter.OrganizationalEntityJsonConverter;
 import org.dependencytrack.resources.v1.serializers.CustomPackageURLSerializer;
 
 import javax.jdo.annotations.Column;
+import javax.jdo.annotations.Convert;
 import javax.jdo.annotations.Element;
 import javax.jdo.annotations.Extension;
 import javax.jdo.annotations.FetchGroup;
@@ -120,6 +122,11 @@ public enum FetchGroup {
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The publisher may only contain printable characters")
     private String publisher;
 
+    @Persistent(defaultFetchGroup = "true")
+    @Convert(OrganizationalEntityJsonConverter.class)
+    @Column(name = "SUPPLIER", jdbcType = "CLOB", allowsNull = "true")
+    private OrganizationalEntity supplier;
+
     @Persistent
     @Column(name = "GROUP", jdbcType = "VARCHAR")
     @Index(name = "COMPONENT_GROUP_IDX")
@@ -393,6 +400,14 @@ public void setPublisher(String publisher) {
         this.publisher = publisher;
     }
 
+    public OrganizationalEntity getSupplier() {
+        return supplier;
+    }
+
+    public void setSupplier(OrganizationalEntity supplier) {
+        this.supplier = supplier;
+    }
+
     public String getGroup() {
         return group;
     }

diff --git a/src/main/java/org/dependencytrack/model/OrganizationalContact.java b/src/main/java/org/dependencytrack/model/OrganizationalContact.java
@@ -23,6 +23,7 @@
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 
 import java.io.Serializable;
+import java.util.Objects;
 
 /**
  * Model class for tracking organizational contacts.
@@ -67,4 +68,17 @@ public String getPhone() {
     public void setPhone(String phone) {
         this.phone = phone;
     }
+
+    @Override
+    public boolean equals(final Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        final OrganizationalContact that = (OrganizationalContact) o;
+        return Objects.equals(name, that.name) && Objects.equals(email, that.email) && Objects.equals(phone, that.phone);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(name, email, phone);
+    }
 }
diff --git a/src/main/java/org/dependencytrack/model/OrganizationalEntity.java b/src/main/java/org/dependencytrack/model/OrganizationalEntity.java
@@ -25,7 +25,9 @@
 
 import java.io.Serializable;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.List;
+import java.util.Objects;
 
 /**
  * Model class for tracking organizational entities (provider, supplier, manufacturer, etc).
@@ -76,4 +78,19 @@ public void addContact(OrganizationalContact contact) {
     public void setContacts(List<OrganizationalContact> contacts) {
         this.contacts = contacts;
     }
+
+    @Override
+    public boolean equals(final Object o) {
+        if (this == o) return true;
+        if (o == null || getClass() != o.getClass()) return false;
+        final OrganizationalEntity that = (OrganizationalEntity) o;
+        return Objects.equals(name, that.name) && Arrays.equals(urls, that.urls) && Objects.equals(contacts, that.contacts);
+    }
+
+    @Override
+    public int hashCode() {
+        int result = Objects.hash(name, contacts);
+        result = 31 * result + Arrays.hashCode(urls);
+        return result;
+    }
 }
diff --git a/src/main/java/org/dependencytrack/model/Project.java b/src/main/java/org/dependencytrack/model/Project.java
@@ -31,9 +31,12 @@
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import com.github.packageurl.MalformedPackageURLException;
 import com.github.packageurl.PackageURL;
+import io.swagger.annotations.ApiModelProperty;
+import org.dependencytrack.persistence.converter.OrganizationalEntityJsonConverter;
 import org.dependencytrack.resources.v1.serializers.CustomPackageURLSerializer;
 
 import javax.jdo.annotations.Column;
+import javax.jdo.annotations.Convert;
 import javax.jdo.annotations.Element;
 import javax.jdo.annotations.Extension;
 import javax.jdo.annotations.FetchGroup;
@@ -86,7 +89,11 @@
                 @Persistent(name = "children"),
                 @Persistent(name = "properties"),
                 @Persistent(name = "tags"),
-                @Persistent(name = "accessTeams")
+                @Persistent(name = "accessTeams"),
+                @Persistent(name = "metadata")
+        }),
+        @FetchGroup(name = "METADATA", members = {
+                @Persistent(name = "metadata")
         }),
         @FetchGroup(name = "IDENTIFIERS", members = {
                 @Persistent(name = "id"),
@@ -122,6 +129,7 @@ public class Project implements Serializable {
      */
     public enum FetchGroup {
         ALL,
+        METADATA,
         IDENTIFIERS,
         METRICS_UPDATE,
         NOTIFICATION,
@@ -147,6 +155,16 @@ public enum FetchGroup {
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The publisher may only contain printable characters")
     private String publisher;
 
+    @Persistent(defaultFetchGroup = "true")
+    @Convert(OrganizationalEntityJsonConverter.class)
+    @Column(name = "MANUFACTURER", jdbcType = "CLOB", allowsNull = "true")
+    private OrganizationalEntity manufacturer;
+
+    @Persistent(defaultFetchGroup = "true")
+    @Convert(OrganizationalEntityJsonConverter.class)
+    @Column(name = "SUPPLIER", jdbcType = "CLOB", allowsNull = "true")
+    private OrganizationalEntity supplier;
+
     @Persistent
     @Column(name = "GROUP", jdbcType = "VARCHAR")
     @Index(name = "PROJECT_GROUP_IDX")
@@ -275,6 +293,10 @@ public enum FetchGroup {
     @Serialized
     private List<ExternalReference> externalReferences;
 
+    @Persistent(mappedBy = "project")
+    @ApiModelProperty(accessMode = ApiModelProperty.AccessMode.READ_ONLY)
+    private ProjectMetadata metadata;
+
     private transient ProjectMetrics metrics;
 
     private transient List<ProjectVersion> versions;
@@ -305,6 +327,22 @@ public void setPublisher(String publisher) {
         this.publisher = publisher;
     }
 
+    public OrganizationalEntity getManufacturer() {
+        return manufacturer;
+    }
+
+    public void setManufacturer(final OrganizationalEntity manufacturer) {
+        this.manufacturer = manufacturer;
+    }
+
+    public OrganizationalEntity getSupplier() {
+        return supplier;
+    }
+
+    public void setSupplier(OrganizationalEntity supplier) {
+        this.supplier = supplier;
+    }
+
     public String getGroup() {
         return group;
     }
@@ -501,6 +539,14 @@ public void addAccessTeam(Team accessTeam) {
         this.accessTeams.add(accessTeam);
     }
 
+    public ProjectMetadata getMetadata() {
+        return metadata;
+    }
+
+    public void setMetadata(final ProjectMetadata metadata) {
+        this.metadata = metadata;
+    }
+
     @JsonIgnore
     public List<Component> getDependencyGraph() {
         return dependencyGraph;

diff --git a/src/main/java/org/dependencytrack/model/ProjectMetadata.java b/src/main/java/org/dependencytrack/model/ProjectMetadata.java
@@ -0,0 +1,101 @@
+/*
+ * This file is part of Dependency-Track.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) Steve Springett. All Rights Reserved.
+ */
+package org.dependencytrack.model;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonInclude.Include;
+import org.dependencytrack.persistence.converter.OrganizationalContactsJsonConverter;
+import org.dependencytrack.persistence.converter.OrganizationalEntityJsonConverter;
+
+import javax.jdo.annotations.Column;
+import javax.jdo.annotations.Convert;
+import javax.jdo.annotations.IdGeneratorStrategy;
+import javax.jdo.annotations.PersistenceCapable;
+import javax.jdo.annotations.Persistent;
+import javax.jdo.annotations.PrimaryKey;
+import javax.jdo.annotations.Unique;
+import java.util.List;
+
+/**
+ * Metadata that relates to, but does not directly describe, a {@link Project}.
+ * <p>
+ * In CycloneDX terms, {@link ProjectMetadata} represents data from the {@code metadata} node
+ * of a BOM (except {@code metadata.component}, which represents a {@link Project} in Dependency-Track).
+ *
+ * @since 4.10.0
+ */
+@PersistenceCapable(table = "PROJECT_METADATA")
+@JsonInclude(Include.NON_NULL)
+public class ProjectMetadata {
+
+    @PrimaryKey
+    @Persistent(valueStrategy = IdGeneratorStrategy.NATIVE)
+    @JsonIgnore
+    private long id;
+
+    @Persistent
+    @Unique(name = "PROJECT_METADATA_PROJECT_ID_IDX")
+    @Column(name = "PROJECT_ID", allowsNull = "false")
+    @JsonIgnore
+    private Project project;
+
+    @Persistent(defaultFetchGroup = "true")
+    @Convert(OrganizationalEntityJsonConverter.class)
+    @Column(name = "SUPPLIER", jdbcType = "CLOB", allowsNull = "true")
+    private OrganizationalEntity supplier;
+
+    @Persistent(defaultFetchGroup = "true")
+    @Convert(OrganizationalContactsJsonConverter.class)
+    @Column(name = "AUTHORS", jdbcType = "CLOB", allowsNull = "true")
+    private List<OrganizationalContact> authors;
+
+    public long getId() {
+        return id;
+    }
+
+    public void setId(final long id) {
+        this.id = id;
+    }
+
+    public Project getProject() {
+        return project;
+    }
+
+    public void setProject(final Project project) {
+        this.project = project;
+    }
+
+    public OrganizationalEntity getSupplier() {
+        return supplier;
+    }
+
+    public void setSupplier(final OrganizationalEntity supplier) {
+        this.supplier = supplier;
+    }
+
+    public List<OrganizationalContact> getAuthors() {
+        return authors;
+    }
+
+    public void setAuthors(final List<OrganizationalContact> authors) {
+        this.authors = authors;
+    }
+
+}