Skip to content

Commit

Permalink
Fix component EXTERNAL_REFERENCES column mapping (#944)
Browse files Browse the repository at this point in the history
  • Loading branch information
@sahibamittal
sahibamittal authored Oct 3, 2024
1 parent 6232195 commit 61847b3
Show file tree
Hide file tree
Showing 4 changed files with 64 additions and 8 deletions.
3 changes: 3 additions & 0 deletions src/main/java/org/dependencytrack/persistence/jdbi/VulnerabilityDao.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,10 @@
import org.dependencytrack.model.Component;
import org.dependencytrack.model.Vulnerability;
import org.dependencytrack.model.VulnerableSoftware;
import org.dependencytrack.persistence.jdbi.mapping.ExternalReferenceMapper;
import org.dependencytrack.persistence.jdbi.mapping.VulnerabilityRowMapper;
import org.dependencytrack.persistence.jdbi.mapping.VulnerableSoftwareRowMapper;
import org.jdbi.v3.sqlobject.config.RegisterColumnMapper;
import org.jdbi.v3.sqlobject.config.RegisterConstructorMapper;
import org.jdbi.v3.sqlobject.config.RegisterFieldMapper;
import org.jdbi.v3.sqlobject.config.RegisterRowMapper;
Expand Down Expand Up @@ -394,6 +396,7 @@ SELECT DISTINCT ON ("V"."ID")
and "C"."PROJECT_ID" = :projectId
""")
@RegisterFieldMapper(Component.class)
@RegisterColumnMapper(ExternalReferenceMapper.class)
List<Component> getVulnerableComponents(@Bind long projectId, @Bind List<Long> vulnerabilityIds);

@SqlUpdate("""
Expand Down
40 changes: 40 additions & 0 deletions src/main/java/org/dependencytrack/persistence/jdbi/mapping/ExternalReferenceMapper.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
/*
* This file is part of Dependency-Track.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* SPDX-License-Identifier: Apache-2.0
* Copyright (c) OWASP Foundation. All Rights Reserved.
*/
package org.dependencytrack.persistence.jdbi.mapping;

import org.apache.commons.lang3.SerializationUtils;
import org.dependencytrack.model.ExternalReference;
import org.jdbi.v3.core.mapper.ColumnMapper;
import org.jdbi.v3.core.statement.StatementContext;

import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.List;

public class ExternalReferenceMapper implements ColumnMapper<List<ExternalReference>> {

@Override
public List<ExternalReference> map(ResultSet r, int columnNumber, StatementContext ctx) throws SQLException {
if (r.getBytes(columnNumber) == null) {
return new ArrayList<>();
}
return SerializationUtils.deserialize(r.getBytes(columnNumber));
}
}
7 changes: 7 additions & 0 deletions src/test/java/org/dependencytrack/persistence/VulnerabilityQueryManagerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
import org.dependencytrack.PersistenceCapableTest;
import org.dependencytrack.model.Component;
import org.dependencytrack.model.Epss;
import org.dependencytrack.model.ExternalReference;
import org.dependencytrack.model.Project;
import org.dependencytrack.model.Severity;
import org.dependencytrack.model.Vulnerability;
Expand Down Expand Up @@ -704,6 +705,10 @@ public void setupData() {
component.setProject(project);
component.setName("ABC");
component.setPurl("pkg:maven/org.acme/abc");
var extRef = new ExternalReference();
extRef.setType(org.cyclonedx.model.ExternalReference.Type.WEBSITE);
extRef.setUrl("www.test.com");
component.addExternalReference(extRef);
component.setVulnerabilities(List.of(vulnA, vulnB));

Component component2 = new Component();
Expand Down Expand Up @@ -750,11 +755,13 @@ public void getVulnerabilitiesByProjectTest() {
assertThat(vuln.getVulnId()).isEqualTo("INT-001");
assertThat(vuln.getEpssScore()).isEqualByComparingTo("1.2");
assertThat(vuln.getEpssPercentile()).isEqualByComparingTo("3.4");
assertThat(vuln.getComponents().size()).isEqualTo(2);
},
vuln -> {
assertThat(vuln.getVulnId()).isEqualTo("INT-002");
assertThat(vuln.getEpssScore()).isNull();
assertThat(vuln.getEpssPercentile()).isNull();
assertThat(vuln.getComponents().size()).isEqualTo(1);
}
);
}
Expand Down
22 changes: 14 additions & 8 deletions src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,7 @@ public void getVulnerabilitiesByComponentUuidIncludeSuppressedTest() {
}

@Test
public void getVulnerabilitiesByProjectTest() throws Exception {
public void getVulnerabilitiesByProjectTest() {
SampleData sampleData = new SampleData();
Response response = jersey.target(V1_VULNERABILITY + "/project/" + sampleData.p1.getUuid().toString()).request()
.header(X_API_KEY, apiKey)
Expand Down Expand Up @@ -208,7 +208,8 @@ public void getVulnerabilitiesByProjectTest() throws Exception {
"sha256": "47602d7dfe910ad941fea52e85e6e3f1c175434b0e6e261c31c766fe4c078a25",
"uuid": "${json-unit.any-string}",
"expandDependencyGraph": false,
"isInternal": false
"isInternal": false,
"externalReferences":[]
}
],
"uuid": "${json-unit.any-string}",
Expand Down Expand Up @@ -236,7 +237,8 @@ public void getVulnerabilitiesByProjectTest() throws Exception {
"sha256": "47602d7dfe910ad941fea52e85e6e3f1c175434b0e6e261c31c766fe4c078a25",
"uuid": "${json-unit.any-string}",
"expandDependencyGraph": false,
"isInternal": false
"isInternal": false,
"externalReferences":[]
}
],
"uuid": "${json-unit.any-string}",
Expand Down Expand Up @@ -268,7 +270,8 @@ public void getVulnerabilitiesByProjectTest() throws Exception {
"sha256": "418716b003fe0268b6521ef7acbed13f5ba491d593896d5deb2058c42d87002d",
"uuid": "${json-unit.any-string}",
"expandDependencyGraph": false,
"isInternal": false
"isInternal": false,
"externalReferences":[]
}
],
"uuid": "${json-unit.any-string}",
Expand All @@ -290,7 +293,8 @@ public void getVulnerabilitiesByProjectTest() throws Exception {
"sha256": "418716b003fe0268b6521ef7acbed13f5ba491d593896d5deb2058c42d87002d",
"uuid": "${json-unit.any-string}",
"expandDependencyGraph": false,
"isInternal": false
"isInternal": false,
"externalReferences":[]
}
],
"uuid": "${json-unit.any-string}",
Expand All @@ -303,7 +307,7 @@ public void getVulnerabilitiesByProjectTest() throws Exception {
}

@Test
public void getVulnerabilitiesByProjectIncludeProjectSuppressedTest() throws Exception {
public void getVulnerabilitiesByProjectIncludeProjectSuppressedTest() {
SampleData sampleData = new SampleData();
Response response = jersey.target(V1_VULNERABILITY + "/project/" + sampleData.p2.getUuid().toString())
.queryParam("suppressed", "true")
Expand Down Expand Up @@ -338,7 +342,8 @@ public void getVulnerabilitiesByProjectIncludeProjectSuppressedTest() throws Exc
"sha256": "418716b003fe0268b6521ef7acbed13f5ba491d593896d5deb2058c42d87002d",
"uuid": "${json-unit.any-string}",
"expandDependencyGraph": false,
"isInternal": false
"isInternal": false,
"externalReferences":[]
}
],
"uuid": "${json-unit.any-string}",
Expand All @@ -360,7 +365,8 @@ public void getVulnerabilitiesByProjectIncludeProjectSuppressedTest() throws Exc
"sha256": "418716b003fe0268b6521ef7acbed13f5ba491d593896d5deb2058c42d87002d",
"uuid": "${json-unit.any-string}",
"expandDependencyGraph": false,
"isInternal": false
"isInternal": false,
"externalReferences":[]
}
],
"uuid": "${json-unit.any-string}",
Expand Down

0 comments on commit 61847b3

Please sign in to comment.