Skip to content

Commit

Permalink
Mel issue 2737 (#38)
Browse files Browse the repository at this point in the history 
* Initial commit for addressing Issue DependencyTrack#2737

Signed-off-by: Melba Lopez <[email protected]>

* Adding supplier support with fix for organizational entity; addressing Issue DependencyTrack#2737

Signed-off-by: Melba Lopez <[email protected]>

* Added a persistent column for supplier, bom upload processing for supplier, still tweaking how to add supplier contact info; addressing Issue DependencyTrack#2737

Signed-off-by: Melba Lopez <[email protected]>

* Updates per nscuro comments.

Co-authored by: Melba Lopez <[email protected]>
Co-authored by: nscuro <[email protected]>

Signed-off-by: Melba Lopez <[email protected]>

* Update Component.java - missing ;
Signed-off-by: Melba Lopez <[email protected]>

* Update ModelConverter.java

Putting back code (mouse is acting up on me and accidentally deleted code)
Signed-off-by: Melba Lopez <[email protected]>

---------

Signed-off-by: Melba Lopez <[email protected]>
  • Loading branch information
@melba-lopez
melba-lopez authored Sep 24, 2023
1 parent 593ab00 commit 237d839
Show file tree
Hide file tree
Showing 5 changed files with 118 additions and 3 deletions.
23 changes: 22 additions & 1 deletion src/main/java/org/dependencytrack/model/Component.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,9 @@
import com.github.packageurl.MalformedPackageURLException;
import com.github.packageurl.PackageURL;
import org.apache.commons.lang3.StringUtils;
import org.cyclonedx.model.OrganizationalEntity;
import org.dependencytrack.model.validation.ValidSpdxExpression;
import org.dependencytrack.resources.v1.serializers.CustomPackageURLSerializer;

import javax.jdo.annotations.Column;
import javax.jdo.annotations.Element;
import javax.jdo.annotations.Extension;
Expand Down Expand Up @@ -116,6 +116,20 @@ public enum FetchGroup {
@Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The publisher may only contain printable characters")
private String publisher;

@Persistent /**Issue #2373, #2737 */
@Column(name = "MANUFACTURE", jdbcType = "VARCHAR")
@Serialized
@Size(max = 255)
@Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The manufacture may only contain printable characters")
private OrganizationalEntity manufacture;

@Persistent /**Issue #2373, #2737 */
@Column(name = "SUPPLIER", jdbcType = "VARCHAR")
@Serialized
@Size(max = 255)
@Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The supplier may only contain printable characters")
private OrganizationalEntity supplier;

@Persistent
@Column(name = "GROUP", jdbcType = "VARCHAR")
@Index(name = "COMPONENT_GROUP_IDX")
Expand Down Expand Up @@ -385,6 +399,13 @@ public void setPublisher(String publisher) {
this.publisher = publisher;
}

public OrganizationalEntity getSupplier() { /**Issue #2373, #2737 */
return supplier;
}

public void setSupplier(OrganizationalEntity supplier) {/**Issue #2373, #2737 */
this.supplier = supplier;
}
public String getGroup() {
return group;
}
Expand Down
15 changes: 15 additions & 0 deletions src/main/java/org/dependencytrack/model/Project.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@
@Persistent(name = "name"),
@Persistent(name = "author"),
@Persistent(name = "publisher"),
@Persistent(name = "supplier"),
@Persistent(name = "group"),
@Persistent(name = "name"),
@Persistent(name = "description"),
Expand Down Expand Up @@ -129,6 +130,12 @@ public enum FetchGroup {
@Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The publisher may only contain printable characters")
private String publisher;

@Persistent /**Issue #2373, #2737 */
@Column(name = "SUPPLIER", jdbcType = "VARCHAR")
@Size(max = 255)
@Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The supplier may only contain printable characters")
private OrganizationalEntity supplier;

@Persistent
@Column(name = "GROUP", jdbcType = "VARCHAR")
@Index(name = "PROJECT_GROUP_IDX")
Expand Down Expand Up @@ -285,6 +292,14 @@ public void setPublisher(String publisher) {
this.publisher = publisher;
}

public OrganizationalEntity getSupplier() {
return supplier;
}

public void setSupplier(OrganizationalEntity supplier) {
this.supplier = supplier;
}

public String getGroup() {
return group;
}
Expand Down
32 changes: 30 additions & 2 deletions src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@ public static List<Component> convertComponents(final QueryManager qm, final Bom
return components;
}

/**Convert from CycloneDX to DT */
@SuppressWarnings("deprecation")
public static Component convert(final QueryManager qm, final org.cyclonedx.model.Component cycloneDxComponent, final Project project) {
Component component = qm.matchSingleIdentity(project, new ComponentIdentity(cycloneDxComponent));
Expand All @@ -108,6 +109,7 @@ public static Component convert(final QueryManager qm, final org.cyclonedx.model
component.setAuthor(StringUtils.trimToNull(cycloneDxComponent.getAuthor()));
component.setBomRef(StringUtils.trimToNull(cycloneDxComponent.getBomRef()));
component.setPublisher(StringUtils.trimToNull(cycloneDxComponent.getPublisher()));
component.setSupplier(cycloneDxComponent.getSupplier());/**Issue #2373, #2737 */
component.setGroup(StringUtils.trimToNull(cycloneDxComponent.getGroup()));
component.setName(StringUtils.trimToNull(cycloneDxComponent.getName()));
component.setVersion(StringUtils.trimToNull(cycloneDxComponent.getVersion()));
Expand Down Expand Up @@ -242,7 +244,8 @@ else if (StringUtils.isNotBlank(cycloneLicense.getName()))
}
return component;
}


/**Convert from DT to CycloneDX */
@SuppressWarnings("deprecation")
public static org.cyclonedx.model.Component convert(final QueryManager qm, final Component component) {
final org.cyclonedx.model.Component cycloneComponent = new org.cyclonedx.model.Component();
Expand Down Expand Up @@ -395,6 +398,31 @@ public static org.cyclonedx.model.Metadata createMetadata(final Project project)
});
cycloneComponent.setExternalReferences(references);
}
/*Issue #2737: Adding Supplier contact functionality */
if (project.getSupplier() != null) {
OrganizationalEntity supplier = new OrganizationalEntity();
supplier.setName(project.getSupplier().getName());

if (project.getSupplier().getUrls() != null) {
supplier.setUrls(project.getSupplier().getUrls());
} else {
supplier.setUrls(null);
}
if (project.getSupplier().getContacts() != null) {
List<OrganizationalContact> contacts = new ArrayList<>();
for (OrganizationalContact organizationalContact: project.getSupplier().getContacts()) {
OrganizationalContact contact = new OrganizationalContact();
contact.setName(organizationalContact.getName());
contact.setEmail(organizationalContact.getEmail());
contact.setPhone(organizationalContact.getPhone());
contacts.add(contact);
}
supplier.setContacts(contacts);
}
cycloneComponent.setSupplier(supplier);
} else {
cycloneComponent.setSupplier(null);
}
metadata.setComponent(cycloneComponent);
}
return metadata;
Expand Down Expand Up @@ -425,7 +453,7 @@ public static ServiceComponent convert(final QueryManager qm, final org.cycloned
service.setProject(project);
}
service.setBomRef(StringUtils.trimToNull(cycloneDxService.getBomRef()));
if (cycloneDxService.getProvider() != null) {
if (cycloneDxService.getProvider() != null) {
OrganizationalEntity provider = new OrganizationalEntity();;
provider.setName(cycloneDxService.getProvider().getName());
if (cycloneDxService.getProvider().getUrls() != null && cycloneDxService.getProvider().getUrls().size() > 0) {
Expand Down
7 changes: 7 additions & 0 deletions src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,13 @@ public void informTest() throws Exception {
assertThat(components).hasSize(1);

final Component component = components.get(0);

assertThat(component.getSupplier().getName()).isEqualTo("Foo Incorporated"); /*Issue #2373, #2737 - Adding support for Supplier*/
assertThat(component.getSupplier().getUrls()).isEqualTo("https://foo.bar.com");
assertThat(component.getSupplier().getContacts().get(0).getName()).isEqualTo("Foo Jr.");
assertThat(component.getSupplier().getContacts().get(0).getEmail()).isEqualTo("[email protected]");
assertThat(component.getSupplier().getContacts().get(0).getPhone()).isEqualTo("123-456-7890");

assertThat(component.getAuthor()).isEqualTo("Sometimes this field is long because it is composed of a list of authors......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................");
assertThat(component.getPublisher()).isEqualTo("Example Incorporated");
assertThat(component.getGroup()).isEqualTo("com.example");
Expand Down
44 changes: 44 additions & 0 deletions src/test/resources/bom-1.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,17 @@
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" version="1">
<metadata>
<component type="application" bom-ref="acme">
<supplier>
<name>Foo Incorporated</name>
<url>https://foo.bar.com</url>
<contact>
<contact>
<name>Foo Jr.</name>
<email>[email protected]</email>
<phone>123-456-7890</phone>
</contact>
</contact>
</supplier>
<publisher>DependencyTrack</publisher>
<name>Acme example</name>
<externalReferences>
Expand All @@ -19,10 +30,43 @@
</reference>
</externalReferences>
</component>
<manufacture>
<name>Foo Incorporated</name>
<url>https://foo.bar.com</url>
<contact>
<contact>
<name>Foo Sr.</name>
<email>[email protected]</email>
<phone>800-123-4567</phone>
</contact>
</contact>
</manufacture>
<supplier>
<name>Foo Incorporated</name>
<url>https://foo.bar.com</url>
<contact>
<contact>
<name>Foo Jr.</name>
<email>[email protected]</email>
<phone>123-456-7890</phone>
</contact>
</contact>
</supplier>
</metadata>
<components>
<component type="application">
<author>Sometimes this field is long because it is composed of a list of authors......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................</author>
<supplier>
<name>Foo Incorporated</name>
<url>https://foo.bar.com</url>
<contact>
<contact>
<name>Foo Jr.</name>
<email>[email protected]</email>
<phone>123-456-7890</phone>
</contact>
</contact>
</supplier>
<publisher>Example Incorporated</publisher>
<group>com.example</group>
<name>xmlutil</name>
Expand Down

0 comments on commit 237d839

Please sign in to comment.