Compose Metadata Analyzer: Refactor to support V2

Signed-off-by: Valentijn Scholten <[email protected]>

src/main/java/org/dependencytrack/tasks/repositories/AbstractMetaAnalyzer.java

@@ -18,9 +18,11 @@
  */
 package org.dependencytrack.tasks.repositories;
 
-import alpine.common.logging.Logger;
-import alpine.notification.Notification;
-import alpine.notification.NotificationLevel;
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+
 import org.apache.commons.lang3.StringUtils;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
@@ -33,10 +35,9 @@
 import org.dependencytrack.notification.NotificationScope;
 import org.dependencytrack.util.HttpUtil;
 
-import java.io.IOException;
-import java.net.URISyntaxException;
-import java.net.URLEncoder;
-import java.nio.charset.StandardCharsets;
+import alpine.common.logging.Logger;
+import alpine.notification.Notification;
+import alpine.notification.NotificationLevel;
 
 /**
  * Base abstract class that all IMetaAnalyzer implementations should likely extend.
@@ -90,6 +91,7 @@ protected void handleUnexpectedHttpResponse(final Logger logger, String url, fin
 
     protected void handleRequestException(final Logger logger, final Exception e) {
         logger.error("Request failure", e);
+        e.printStackTrace();
         Notification.dispatch(new Notification()
                 .scope(NotificationScope.SYSTEM)
                 .group(NotificationGroup.REPOSITORY)

src/main/java/org/dependencytrack/tasks/repositories/RepositoryMetaAnalyzerTask.java

@@ -18,14 +18,19 @@
  */
 package org.dependencytrack.tasks.repositories;
 
-import alpine.Config;
-import alpine.common.logging.Logger;
-import alpine.common.metrics.Metrics;
-import alpine.event.framework.Event;
-import alpine.event.framework.Subscriber;
-import alpine.model.ConfigProperty;
-import alpine.persistence.ScopedCustomization;
-import io.micrometer.core.instrument.Timer;
+import static org.dependencytrack.model.ConfigPropertyConstants.SCANNER_ANALYSIS_CACHE_VALIDITY_PERIOD;
+import static org.dependencytrack.util.PersistenceUtil.isUniqueConstraintViolation;
+
+import java.time.Instant;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.Callable;
+
+import javax.jdo.Query;
+
 import org.apache.commons.lang3.StringUtils;
 import org.dependencytrack.common.ConfigKey;
 import org.dependencytrack.event.RepositoryMetaEvent;
@@ -39,20 +44,17 @@
 import org.dependencytrack.util.DebugDataEncryption;
 import org.dependencytrack.util.PurlUtil;
 
+import alpine.Config;
+import alpine.common.logging.Logger;
+import alpine.common.metrics.Metrics;
+import alpine.event.framework.Event;
+import alpine.event.framework.Subscriber;
+import alpine.model.ConfigProperty;
+import alpine.persistence.ScopedCustomization;
+import io.micrometer.core.instrument.Timer;
 import jakarta.json.Json;
 import jakarta.json.JsonObject;
 import jakarta.json.JsonObjectBuilder;
-import javax.jdo.Query;
-import java.time.Instant;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.concurrent.Callable;
-
-import static org.dependencytrack.model.ConfigPropertyConstants.SCANNER_ANALYSIS_CACHE_VALIDITY_PERIOD;
-import static org.dependencytrack.util.PersistenceUtil.isUniqueConstraintViolation;
 
 public class RepositoryMetaAnalyzerTask implements Subscriber {
 
@@ -211,6 +213,7 @@ private void analyze(final QueryManager qm, final Component component, final IMe
 
                 if (StringUtils.trimToNull(model.getLatestVersion()) != null) {
                     // Resolution from repository was successful. Update meta model
+                    //FIXME What happens if multiple repositories return a metamodel result with different lastPublishedTimestamps?
                     final RepositoryMetaComponent metaComponent = new RepositoryMetaComponent();
                     metaComponent.setRepositoryType(repository.getType());
                     metaComponent.setNamespace(component.getPurl().getNamespace());

src/main/java/org/dependencytrack/util/ComponentVersion.java

@@ -18,16 +18,17 @@
  */
 package org.dependencytrack.util;
 
-import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.lang3.builder.HashCodeBuilder;
-
-import javax.annotation.concurrent.NotThreadSafe;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import javax.annotation.concurrent.NotThreadSafe;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.builder.HashCodeBuilder;
+
 /**
  * <p>
  * Simple object to track the parts of a version number. The parts are contained

src/main/java/org/dependencytrack/util/JsonUtil.java

@@ -23,6 +23,7 @@
 import java.math.BigInteger;
 import java.time.ZonedDateTime;
 import java.time.format.DateTimeParseException;
+import org.apache.commons.lang3.StringUtils;
 
 public final class JsonUtil {
 
@@ -70,4 +71,11 @@ public static ZonedDateTime jsonStringToTimestamp(final String s) {
         }
     }
 
+    public static boolean isBlankJson(final String jsonString) {
+        if (StringUtils.isBlank(jsonString) || jsonString.equalsIgnoreCase("{}")) {
+            return true;
+        }
+        return false;
+    }
+
 }