feat(rest): API to get vulnerability tracking status

Signed-off-by: Keerthi B L <[email protected]> feat(rest): API to get vulnerability tracking status Signed-off-by: Keerthi B L <[email protected]>
eclipse-sw360 · Aug 23, 2023 · 16dae1a · 16dae1a
1 parent 165d56d
commit 16dae1a
Show file tree

Hide file tree

Showing 4 changed files with 85 additions and 1 deletion.
diff --git a/rest/resource-server/src/docs/asciidoc/vulnerabilities.adoc b/rest/resource-server/src/docs/asciidoc/vulnerabilities.adoc
@@ -125,4 +125,12 @@ A `DELETE` request to delete a release vulnerability relation
 include::{snippets}/should_document_delete_release_vulnerability_relation/curl-request.adoc[]
 
 ===== Example response
-include::{snippets}/should_document_delete_release_vulnerability_relation/http-response.adoc[]
+include::{snippets}/should_document_delete_release_vulnerability_relation/http-response.adoc[]
+
+[[resources-vulnerabilitie-get-status]]
+==== Get a vulnerability tracking status
+
+A `GET` request will get vulnerability tracking status.
+
+===== Example request
+include::{snippets}/should_document_get_vulnerabilities_tracking_status/curl-request.adoc[]
diff --git a/...n/java/org/eclipse/sw360/rest/resourceserver/vulnerability/Sw360VulnerabilityService.java b/...n/java/org/eclipse/sw360/rest/resourceserver/vulnerability/Sw360VulnerabilityService.java
@@ -22,6 +22,9 @@
 import org.eclipse.sw360.datahandler.common.SW360Utils;
 import org.eclipse.sw360.datahandler.thrift.RequestStatus;
 import org.eclipse.sw360.datahandler.thrift.SW360Exception;
+import org.eclipse.sw360.datahandler.thrift.ThriftClients;
+import org.eclipse.sw360.datahandler.thrift.components.ReleaseClearingStatusData;
+import org.eclipse.sw360.datahandler.thrift.projects.ProjectService;
 import org.eclipse.sw360.datahandler.thrift.users.User;
 import org.eclipse.sw360.datahandler.thrift.vulnerabilities.CVEReference;
 import org.eclipse.sw360.datahandler.thrift.vulnerabilities.ProjectVulnerabilityRating;
@@ -306,4 +309,10 @@ public ObjectMapper getObjectMapper() {
     public enum VulnerabilityOperation {
         CREATE, UPDATE, DELETE;
     }
+
+    public List<ReleaseClearingStatusData> getReleaseClearingStatusesWithAccessibility(User user, String projectId)
+            throws TException {
+        ProjectService.Iface sw360ProjectClient = new ThriftClients().makeProjectClient();
+        return sw360ProjectClient.getReleaseClearingStatusesWithAccessibility(projectId, user);
+    }
 }
diff --git a/...ain/java/org/eclipse/sw360/rest/resourceserver/vulnerability/VulnerabilityController.java b/...ain/java/org/eclipse/sw360/rest/resourceserver/vulnerability/VulnerabilityController.java
@@ -15,6 +15,7 @@
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 
+import java.io.IOException;
 import java.net.URI;
 import java.util.Map;
 import java.util.Objects;
@@ -23,6 +24,7 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 
+import javax.servlet.http.HttpServletResponse;
 import javax.websocket.server.PathParam;
 
 import org.apache.thrift.TException;
@@ -32,6 +34,7 @@
 import org.eclipse.sw360.datahandler.thrift.RequestStatus;
 import org.eclipse.sw360.datahandler.thrift.SW360Exception;
 import org.eclipse.sw360.datahandler.thrift.components.Release;
+import org.eclipse.sw360.datahandler.thrift.components.ReleaseClearingStatusData;
 import org.eclipse.sw360.datahandler.thrift.users.RequestedAction;
 import org.eclipse.sw360.datahandler.thrift.users.User;
 import org.eclipse.sw360.datahandler.thrift.vulnerabilities.ReleaseVulnerabilityRelation;
@@ -56,17 +59,20 @@
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
 
 import java.util.ArrayList;
 import java.util.List;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.gson.JsonObject;
 
 import static org.eclipse.sw360.datahandler.permissions.PermissionUtils.makePermission;
 import static org.springframework.hateoas.server.mvc.WebMvcLinkBuilder.linkTo;
@@ -359,4 +365,38 @@ private Set<Release> getReleaseRelationsInfo(Vulnerability vulnerability, User u
 
         return releaseList;
     }
+
+    @GetMapping(value = VULNERABILITIES_URL + "/trackingstatus" + "/{projectid}")
+    public void getVulnerabilitiesTrackingStatus(@PathVariable("projectid") String projectId,
+            HttpServletResponse response) throws TException, IOException {
+        List<JsonObject> resultJson = new ArrayList<>();
+        try {
+            User user = restControllerHelper.getSw360UserFromAuthentication();
+            List<ReleaseClearingStatusData> releaseClearingStatusList = vulnerabilityService
+                    .getReleaseClearingStatusesWithAccessibility(user, projectId);
+            releaseClearingStatusList.forEach(rel -> {
+                if (rel.getRelease() != null) {
+                    JsonObject jobj = new JsonObject();
+                    jobj.addProperty("releaseid", rel.getRelease().getId());
+                    jobj.addProperty("name", rel.getRelease().getName());
+                    jobj.addProperty("projectorigin", rel.getProjectNames());
+                    jobj.addProperty("svmtrackingstatus",
+                            null != rel.getRelease().getExternalIds() && !rel.getRelease().getExternalIds().equals("")
+                                    ? rel.getRelease().getExternalIds().get("svmComponentId")
+                                    : "");
+                    jobj.addProperty("shortstatus",
+                            null != rel.getRelease().getAdditionalData()
+                                    && !rel.getRelease().getAdditionalData().equals("")
+                                            ? rel.getRelease().getAdditionalData().get("svmShortStatus")
+                                            : "");
+                    jobj.addProperty("type", rel.getComponentType().toString());
+                    resultJson.add(jobj);
+                }
+            });
+            response.getWriter().write(resultJson.toString());
+        } catch (SW360Exception e) {
+            throw new TException(e.why);
+        }
+
+    }
 }
diff --git a/...r/src/test/java/org/eclipse/sw360/rest/resourceserver/restdocs/VulnerabilitySpecTest.java b/...r/src/test/java/org/eclipse/sw360/rest/resourceserver/restdocs/VulnerabilitySpecTest.java
@@ -14,6 +14,8 @@
 import org.eclipse.sw360.datahandler.thrift.VerificationState;
 import org.eclipse.sw360.datahandler.thrift.VerificationStateInfo;
 import org.eclipse.sw360.datahandler.thrift.components.Release;
+import org.eclipse.sw360.datahandler.thrift.projects.Project;
+import org.eclipse.sw360.datahandler.thrift.projects.ProjectType;
 import org.eclipse.sw360.datahandler.thrift.users.User;
 import org.eclipse.sw360.datahandler.thrift.users.UserGroup;
 import org.eclipse.sw360.datahandler.thrift.vulnerabilities.*;
@@ -41,6 +43,7 @@
 
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
@@ -87,6 +90,8 @@ public class VulnerabilitySpecTest extends TestRestDocsSpecBase {
 
     private ReleaseVulnerabilityRelation releaseVulnerabilityRelation;
 
+    private Project project;
+
     @Before
     public void before() throws TException {
         vulnerability = new Vulnerability();
@@ -205,6 +210,21 @@ public void before() throws TException {
         vulnerabilityDTO4.setTitle("Updated Title");
         vulnerabilityDTO4.setExternalId("98765");
 
+        project = new Project();
+        project.setId("376576");
+        project.setName("Emerald Web");
+        project.setProjectType(ProjectType.PRODUCT);
+        project.setVersion("1.0.2");
+        project.setDescription("Emerald Web provides a suite of components for Critical Infrastructures.");
+        project.setDomain("Hardware");
+        project.setCreatedOn("2016-12-15");
+        project.setCreatedBy("[email protected]");
+        project.setModerators(new HashSet<>(Arrays.asList("[email protected]", "[email protected]")));
+        project.setBusinessUnit("sw360 AR");
+        project.setExternalIds(Collections.singletonMap("mainline-id-project", "515432"));
+        project.setOwnerAccountingUnit("4822");
+        project.setOwnerCountry("DE");
+
         List<ReleaseVulnerabilityRelation> releaseRelation = new ArrayList<ReleaseVulnerabilityRelation>();
         VulnerabilityWithReleaseRelations vulnerabilityWithReleaseRelations = new VulnerabilityWithReleaseRelations(
                 vulnerability, releaseRelation);
@@ -479,4 +499,11 @@ public void should_document_create_release_vulnerability_relation() throws Excep
                                 fieldWithPath("usedNeedle").description("The used needle")
                         )));
     }
+    @Test
+    public void should_document_get_vulnerabilities_tracking_status() throws Exception {
+        String accessToken = TestHelper.getAccessToken(mockMvc, testUserId, testUserPassword);
+        mockMvc.perform(get("/api/vulnerabilities/trackingstatus/" + project.getId())
+                .header("Authorization", "Bearer " + accessToken).accept(MediaTypes.HAL_JSON))
+                .andExpect(status().isOk()).andDo(this.documentationHandler.document());
+    }
 }