Move vuln policy schema to resources (#482)

Non-Java files are not included in the final JAR, unless they're placed in `resources`. The schema file was not. This caused the file to be accessible in local testing, but not in the final Docker container.

Also named the schema and test files more explicitly as to not confuse it with other policy types.

Signed-off-by: nscuro <[email protected]>

src/test/java/org/dependencytrack/policy/validation/PolicySchemaValidationTest.java

@@ -9,57 +9,44 @@
 import com.networknt.schema.ValidationMessage;
 import org.junit.Test;
 
-import java.io.File;
 import java.io.IOException;
-import java.net.URI;
+import java.nio.charset.StandardCharsets;
 import java.util.Set;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.Assert.assertTrue;
+import static org.testcontainers.shaded.org.apache.commons.io.IOUtils.resourceToString;
 
 public class PolicySchemaValidationTest {
 
     @Test
     public void testValidPolicyYamlWithSchema() throws IOException {
         ObjectMapper objMapper = new ObjectMapper(new YAMLFactory());
-        final File jsonSchemaFile = new File("src/main/java/org/dependencytrack/policy/validation/policySchema.json");
-        final URI uri = jsonSchemaFile.toURI();
-        final File yamlFile = new File("src/test/resources/policy/policyValid.yaml");
+        final String jsonSchemaContent = resourceToString("/schema/vulnerability-policy-v1.schema.json", StandardCharsets.UTF_8);
+        final String policyContent = resourceToString("/unit/policy/vulnerability-policy-v1-valid.yaml", StandardCharsets.UTF_8);
         JsonSchemaFactory factory = JsonSchemaFactory.builder(JsonSchemaFactory.getInstance(SpecVersion.VersionFlag.V202012)).objectMapper(objMapper).build();
-        JsonSchema schema = factory.getSchema(uri);
-        JsonNode jsonNode = objMapper.readTree(yamlFile);
+        JsonSchema schema = factory.getSchema(jsonSchemaContent);
+        JsonNode jsonNode = objMapper.readTree(policyContent);
         Set<ValidationMessage> validateMsg = schema.validate(jsonNode);
         assertTrue(validateMsg.isEmpty());
     }
 
     @Test
     public void testInvalidPolicyYamlWithSchema() throws IOException {
         ObjectMapper objMapper = new ObjectMapper(new YAMLFactory());
-        final File jsonSchemaFile = new File("src/main/java/org/dependencytrack/policy/validation/policySchema.json");
-        final URI uri = jsonSchemaFile.toURI();
-        final File yamlFile = new File("src/test/resources/policy/policyInvalid.yaml");
+        final String jsonSchemaContent = resourceToString("/schema/vulnerability-policy-v1.schema.json", StandardCharsets.UTF_8);
+        final String policyContent = resourceToString("/unit/policy/vulnerability-policy-v1-invalid.yaml", StandardCharsets.UTF_8);
         JsonSchemaFactory factory = JsonSchemaFactory.builder(JsonSchemaFactory.getInstance(SpecVersion.VersionFlag.V202012)).objectMapper(objMapper).build();
-        JsonSchema schema = factory.getSchema(uri);
-        JsonNode jsonNode = objMapper.readTree(yamlFile);
+        JsonSchema schema = factory.getSchema(jsonSchemaContent);
+        JsonNode jsonNode = objMapper.readTree(policyContent);
         Set<ValidationMessage> validateMsg = schema.validate(jsonNode);
         assertThat(validateMsg.size()).isEqualTo(5);
         assertThat(validateMsg).satisfiesExactlyInAnyOrder(
-                error -> {
-                    assertThat(error.getMessage()).isEqualTo("$.created: 2023-11-22T06:06Z is an invalid date-time");
-                },
-                error -> {
-                    assertThat(error.getMessage()).isEqualTo("$.analysis.justification: does not have a value in the enumeration [CODE_NOT_PRESENT, CODE_NOT_REACHABLE, REQUIRES_CONFIGURATION, REQUIRES_DEPENDENCY, REQUIRES_ENVIRONMENT, PROTECTED_BY_COMPILER, PROTECTED_AT_RUNTIME, PROTECTED_AT_PERIMETER, PROTECTED_BY_MITIGATING_CONTROL]");
-                },
-                error -> {
-                    assertThat(error.getMessage()).isEqualTo("$.ratings[0].severity: does not have a value in the enumeration [CRITICAL, HIGH, MEDIUM, LOW, INFO, UNASSIGNED]");
-                    },
-                error -> {
-                    assertThat(error.getMessage()).contains("$.ratings[0].vector: does not match the regex pattern");
-                },
-                error -> {
-                    assertThat(error.getMessage()).isEqualTo("$.ratings[0].score: string found, number expected");
-                }
-
+                error -> assertThat(error.getMessage()).isEqualTo("$.created: 2023-11-22T06:06Z is an invalid date-time"),
+                error -> assertThat(error.getMessage()).isEqualTo("$.analysis.justification: does not have a value in the enumeration [CODE_NOT_PRESENT, CODE_NOT_REACHABLE, REQUIRES_CONFIGURATION, REQUIRES_DEPENDENCY, REQUIRES_ENVIRONMENT, PROTECTED_BY_COMPILER, PROTECTED_AT_RUNTIME, PROTECTED_AT_PERIMETER, PROTECTED_BY_MITIGATING_CONTROL]"),
+                error -> assertThat(error.getMessage()).isEqualTo("$.ratings[0].severity: does not have a value in the enumeration [CRITICAL, HIGH, MEDIUM, LOW, INFO, UNASSIGNED]"),
+                error -> assertThat(error.getMessage()).contains("$.ratings[0].vector: does not match the regex pattern"),
+                error -> assertThat(error.getMessage()).isEqualTo("$.ratings[0].score: string found, number expected")
         );
     }
 }