Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DRAFT: Issue #2737 - Fulfil NTIA minimum requirements #2867

Closed
wants to merge 3 commits into from
Closed

DRAFT: Issue #2737 - Fulfil NTIA minimum requirements #2867

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
f01000f
Updates per nscuro comments.
melba-lopez Sep 25, 2023
b1d0686
Updating JDBC Type to BLOB
melba-lopez Sep 27, 2023
e1d2641
Updating project.supplier JDBC Type to BLOB
melba-lopez Sep 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 22 additions & 1 deletion src/main/java/org/dependencytrack/model/Component.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,9 @@
import com.github.packageurl.MalformedPackageURLException;
import com.github.packageurl.PackageURL;
import org.apache.commons.lang3.StringUtils;
import org.cyclonedx.model.OrganizationalEntity;
import org.dependencytrack.model.validation.ValidSpdxExpression;
import org.dependencytrack.resources.v1.serializers.CustomPackageURLSerializer;

import javax.jdo.annotations.Column;
import javax.jdo.annotations.Element;
import javax.jdo.annotations.Extension;
Expand Down Expand Up @@ -116,6 +116,20 @@ public enum FetchGroup {
@Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The publisher may only contain printable characters")
private String publisher;

@Persistent /**Issue #2373, #2737 */
@Column(name = "MANUFACTURE", jdbcType = "BLOB")
@Serialized
@Size(max = 255)
@Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The manufacture may only contain printable characters")
private OrganizationalEntity manufacture;

@Persistent /**Issue #2373, #2737 */
@Column(name = "SUPPLIER", jdbcType = "BLOB")
@Serialized
@Size(max = 255)
@Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The supplier may only contain printable characters")
private OrganizationalEntity supplier;

@Persistent
@Column(name = "GROUP", jdbcType = "VARCHAR")
@Index(name = "COMPONENT_GROUP_IDX")
Expand Down Expand Up @@ -385,6 +399,13 @@ public void setPublisher(String publisher) {
this.publisher = publisher;
}

public OrganizationalEntity getSupplier() { /**Issue #2373, #2737 */
return supplier;
}

public void setSupplier(OrganizationalEntity supplier) {/**Issue #2373, #2737 */
this.supplier = supplier;
}
public String getGroup() {
return group;
}
Expand Down
15 changes: 15 additions & 0 deletions src/main/java/org/dependencytrack/model/Project.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@
@Persistent(name = "name"),
@Persistent(name = "author"),
@Persistent(name = "publisher"),
@Persistent(name = "supplier"),
@Persistent(name = "group"),
@Persistent(name = "name"),
@Persistent(name = "description"),
Expand Down Expand Up @@ -129,6 +130,12 @@ public enum FetchGroup {
@Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The publisher may only contain printable characters")
private String publisher;

@Persistent /**Issue #2373, #2737 */
@Column(name = "SUPPLIER", jdbcType = "BLOB")
@Size(max = 255)
@Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The supplier may only contain printable characters")
private OrganizationalEntity supplier;

@Persistent
@Column(name = "GROUP", jdbcType = "VARCHAR")
@Index(name = "PROJECT_GROUP_IDX")
Expand Down Expand Up @@ -285,6 +292,14 @@ public void setPublisher(String publisher) {
this.publisher = publisher;
}

public OrganizationalEntity getSupplier() {
return supplier;
}

public void setSupplier(OrganizationalEntity supplier) {
this.supplier = supplier;
}

public String getGroup() {
return group;
}
Expand Down
32 changes: 30 additions & 2 deletions src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@ public static List<Component> convertComponents(final QueryManager qm, final Bom
return components;
}

/**Convert from CycloneDX to DT */
@SuppressWarnings("deprecation")
public static Component convert(final QueryManager qm, final org.cyclonedx.model.Component cycloneDxComponent, final Project project) {
Component component = qm.matchSingleIdentity(project, new ComponentIdentity(cycloneDxComponent));
Expand All @@ -108,6 +109,7 @@ public static Component convert(final QueryManager qm, final org.cyclonedx.model
component.setAuthor(StringUtils.trimToNull(cycloneDxComponent.getAuthor()));
component.setBomRef(StringUtils.trimToNull(cycloneDxComponent.getBomRef()));
component.setPublisher(StringUtils.trimToNull(cycloneDxComponent.getPublisher()));
component.setSupplier(cycloneDxComponent.getSupplier());/**Issue #2373, #2737 */
component.setGroup(StringUtils.trimToNull(cycloneDxComponent.getGroup()));
component.setName(StringUtils.trimToNull(cycloneDxComponent.getName()));
component.setVersion(StringUtils.trimToNull(cycloneDxComponent.getVersion()));
Expand Down Expand Up @@ -242,7 +244,8 @@ else if (StringUtils.isNotBlank(cycloneLicense.getName()))
}
return component;
}


/**Convert from DT to CycloneDX */
@SuppressWarnings("deprecation")
public static org.cyclonedx.model.Component convert(final QueryManager qm, final Component component) {
final org.cyclonedx.model.Component cycloneComponent = new org.cyclonedx.model.Component();
Expand Down Expand Up @@ -395,6 +398,31 @@ public static org.cyclonedx.model.Metadata createMetadata(final Project project)
});
cycloneComponent.setExternalReferences(references);
}
/*Issue #2737: Adding Supplier contact functionality */
if (project.getSupplier() != null) {
org.cyclonedx.model.OrganizationalEntity supplier = new org.cyclonedx.model.OrganizationalEntity();
supplier.setName(project.getSupplier().getName());

if (project.getSupplier().getUrls() != null) {
supplier.setUrls(Arrays.asList(project.getSupplier().getUrls()));
} else {
supplier.setUrls(null);
}
if (project.getSupplier().getContacts() != null) {
List<org.cyclonedx.model.OrganizationalContact> contacts = new ArrayList<>();
for (OrganizationalContact organizationalContact: project.getSupplier().getContacts()) {
org.cyclonedx.model.OrganizationalContact contact = new org.cyclonedx.model.OrganizationalContact();
contact.setName(organizationalContact.getName());
contact.setEmail(organizationalContact.getEmail());
contact.setPhone(organizationalContact.getPhone());
contacts.add(contact);
}
supplier.setContacts(contacts);
}
cycloneComponent.setSupplier(supplier);
} else {
cycloneComponent.setSupplier(null);
}
metadata.setComponent(cycloneComponent);
}
return metadata;
Expand Down Expand Up @@ -425,7 +453,7 @@ public static ServiceComponent convert(final QueryManager qm, final org.cycloned
service.setProject(project);
}
service.setBomRef(StringUtils.trimToNull(cycloneDxService.getBomRef()));
if (cycloneDxService.getProvider() != null) {
if (cycloneDxService.getProvider() != null) {
OrganizationalEntity provider = new OrganizationalEntity();;
provider.setName(cycloneDxService.getProvider().getName());
if (cycloneDxService.getProvider().getUrls() != null && cycloneDxService.getProvider().getUrls().size() > 0) {
Expand Down
7 changes: 7 additions & 0 deletions src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,13 @@ public void informTest() throws Exception {
assertThat(components).hasSize(1);

final Component component = components.get(0);

assertThat(component.getSupplier().getName()).isEqualTo("Foo Incorporated"); /*Issue #2373, #2737 - Adding support for Supplier*/
assertThat(component.getSupplier().getUrls()).isEqualTo("https://foo.bar.com");
assertThat(component.getSupplier().getContacts().get(0).getName()).isEqualTo("Foo Jr.");
assertThat(component.getSupplier().getContacts().get(0).getEmail()).isEqualTo("[email protected]");
assertThat(component.getSupplier().getContacts().get(0).getPhone()).isEqualTo("123-456-7890");

assertThat(component.getAuthor()).isEqualTo("Sometimes this field is long because it is composed of a list of authors......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................");
assertThat(component.getPublisher()).isEqualTo("Example Incorporated");
assertThat(component.getGroup()).isEqualTo("com.example");
Expand Down
44 changes: 44 additions & 0 deletions src/test/resources/bom-1.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,17 @@
<bom xmlns="http://cyclonedx.org/schema/bom/1.4" version="1">
<metadata>
<component type="application" bom-ref="acme">
<supplier>
<name>Foo Incorporated</name>
<url>https://foo.bar.com</url>
<contact>
<contact>
<name>Foo Jr.</name>
<email>[email protected]</email>
<phone>123-456-7890</phone>
</contact>
</contact>
</supplier>
<publisher>DependencyTrack</publisher>
<name>Acme example</name>
<externalReferences>
Expand All @@ -19,10 +30,43 @@
</reference>
</externalReferences>
</component>
<manufacture>
<name>Foo Incorporated</name>
<url>https://foo.bar.com</url>
<contact>
<contact>
<name>Foo Sr.</name>
<email>[email protected]</email>
<phone>800-123-4567</phone>
</contact>
</contact>
</manufacture>
<supplier>
<name>Foo Incorporated</name>
<url>https://foo.bar.com</url>
<contact>
<contact>
<name>Foo Jr.</name>
<email>[email protected]</email>
<phone>123-456-7890</phone>
</contact>
</contact>
</supplier>
</metadata>
<components>
<component type="application">
<author>Sometimes this field is long because it is composed of a list of authors......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................</author>
<supplier>
<name>Foo Incorporated</name>
<url>https://foo.bar.com</url>
<contact>
<contact>
<name>Foo Jr.</name>
<email>[email protected]</email>
<phone>123-456-7890</phone>
</contact>
</contact>
</supplier>
<publisher>Example Incorporated</publisher>
<group>com.example</group>
<name>xmlutil</name>
Expand Down
Loading