Skip to content

Commit

Permalink
Add test case for ScheduledPolicyViolationsIdentified
Browse files Browse the repository at this point in the history 
Signed-off-by: Richard Bickert <[email protected]>
  • Loading branch information
@rbt-mm
rbt-mm committed Jan 15, 2025
1 parent 2f4a8cb commit 27b85df
Showing 1 changed file with 109 additions and 2 deletions.
111 changes: 109 additions & 2 deletions src/test/java/org/dependencytrack/util/NotificationUtilTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,20 +10,35 @@
import org.apache.commons.collections4.map.LinkedMap;
import org.dependencytrack.model.AnalysisState;
import org.dependencytrack.model.Component;
import org.dependencytrack.model.Policy;
import org.dependencytrack.model.Policy.ViolationState;
import org.dependencytrack.model.PolicyCondition;
import org.dependencytrack.model.PolicyCondition.Operator;
import org.dependencytrack.model.PolicyViolation;
import org.dependencytrack.model.PolicyViolation.Type;
import org.dependencytrack.model.Project;
import org.dependencytrack.model.Severity;
import org.dependencytrack.model.Tag;
import org.dependencytrack.model.ViolationAnalysis;
import org.dependencytrack.model.ViolationAnalysisState;
import org.dependencytrack.model.Vulnerability;
import org.dependencytrack.model.scheduled.policyviolations.PolicyViolationDetails;
import org.dependencytrack.model.scheduled.policyviolations.PolicyViolationOverview;
import org.dependencytrack.model.scheduled.policyviolations.PolicyViolationSummary;
import org.dependencytrack.model.scheduled.policyviolations.PolicyViolationSummaryInfo;
import org.dependencytrack.model.scheduled.vulnerabilities.VulnerabilityDetails;
import org.dependencytrack.model.scheduled.vulnerabilities.VulnerabilityDetailsInfo;
import org.dependencytrack.model.scheduled.vulnerabilities.VulnerabilityOverview;
import org.dependencytrack.model.scheduled.vulnerabilities.VulnerabilitySummary;
import org.dependencytrack.model.scheduled.vulnerabilities.VulnerabilitySummaryInfo;
import org.dependencytrack.notification.vo.ScheduledNewVulnerabilitiesIdentified;
import org.dependencytrack.notification.vo.ScheduledPolicyViolationsIdentified;
import org.junit.Test;
import org.junit.Assert;

import jakarta.json.JsonObject;
import java.time.Instant;
import java.util.Date;

public class NotificationUtilTest {

Expand Down Expand Up @@ -58,14 +73,12 @@ public void toJsonWithScheduledNewVulnerabilitiesIdentified() {
new VulnerabilityDetails(mapVulnDetailInfos)
);
JsonObject json = NotificationUtil.toJson(vo);
System.out.println(json.toString());

Assert.assertEquals(1, json.getJsonObject("overview").getInt("affectedProjectsCount"));
Assert.assertEquals(1, json.getJsonObject("overview").getInt("newVulnerabilitiesCount"));
Assert.assertEquals(1, json.getJsonObject("overview").getInt("affectedComponentsCount"));
Assert.assertEquals(0, json.getJsonObject("overview").getInt("suppressedNewVulnerabilitiesCount"));
Assert.assertEquals(1, json.getJsonObject("overview").getJsonObject("newVulnerabilitiesBySeverity").getInt("CRITICAL"));
Assert.assertEquals(0, json.getJsonObject("overview").getInt("suppressedNewVulnerabilitiesCount"));

Assert.assertEquals(project.getUuid().toString(), json.getJsonObject("summary").getJsonArray("projectSummaries").getJsonObject(0).getJsonObject("project").getString("uuid"));
Assert.assertEquals(project.getName(), json.getJsonObject("summary").getJsonArray("projectSummaries").getJsonObject(0).getJsonObject("project").getString("name"));
Expand Down Expand Up @@ -94,7 +107,60 @@ public void toJsonWithScheduledNewVulnerabilitiesIdentified() {
Assert.assertEquals("Thu Jan 01 18:31:06 GMT 1970", json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("findings").getJsonObject(0).getString("attributedOn"));
Assert.assertEquals(AnalysisState.EXPLOITABLE.name(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("findings").getJsonObject(0).getString("analysisState"));
Assert.assertFalse(json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("findings").getJsonObject(0).getBoolean("suppressed"));
}

@Test
public void toJsonWithScheduledPolicyViolationsIdentified() {
final var project = createProject();
final var violation = createPolicyViolation();
final Map<PolicyViolation.Type, Integer> mapPolViolBySev = new EnumMap<>(PolicyViolation.Type.class);
final Map<Project, PolicyViolationSummaryInfo> mapPolViolSummInfos = new LinkedHashMap<>();
final Map<Project, List<PolicyViolation>> mapPolViolDetailInfos = new LinkedHashMap<>();

mapPolViolBySev.put(PolicyViolation.Type.LICENSE, 1);
mapPolViolSummInfos.put(project, new PolicyViolationSummaryInfo(mapPolViolBySev, mapPolViolBySev, new LinkedMap<>()));
mapPolViolDetailInfos.put(project, List.of(violation));

final ScheduledPolicyViolationsIdentified vo = new ScheduledPolicyViolationsIdentified(
new PolicyViolationOverview(1, 1, mapPolViolBySev, 1, 0),
new PolicyViolationSummary(mapPolViolSummInfos),
new PolicyViolationDetails(mapPolViolDetailInfos)
);
JsonObject json = NotificationUtil.toJson(vo);

Assert.assertEquals(1, json.getJsonObject("overview").getInt("affectedProjectsCount"));
Assert.assertEquals(1, json.getJsonObject("overview").getInt("newViolationsCount"));
Assert.assertEquals(1, json.getJsonObject("overview").getInt("affectedComponentsCount"));
Assert.assertEquals(0, json.getJsonObject("overview").getInt("suppressedNewViolationsCount"));
Assert.assertEquals(1, json.getJsonObject("overview").getJsonObject("newViolationsByRiskType").getInt("LICENSE"));

Assert.assertEquals(project.getUuid().toString(), json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("project").getString("uuid"));
Assert.assertEquals(project.getName(), json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("project").getString("name"));
Assert.assertEquals(project.getVersion(), json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("project").getString("version"));
Assert.assertEquals(project.getDescription(), json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("project").getString("description"));
Assert.assertEquals(project.getPurl().toString(), json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("project").getString("purl"));
Assert.assertEquals("tag1,tag2", json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("project").getString("tags"));
Assert.assertEquals(1, json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("summary").getJsonObject("newViolationsByRiskType").getInt("LICENSE"));
Assert.assertEquals(1, json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("summary").getJsonObject("totalProjectViolationsByRiskType").getInt("LICENSE"));
Assert.assertTrue(json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("summary").getJsonObject("suppressedNewViolationsByRiskType").isEmpty());

Assert.assertEquals(project.getUuid().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonObject("project").getString("uuid"));
Assert.assertEquals(project.getName(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonObject("project").getString("name"));
Assert.assertEquals(project.getVersion(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonObject("project").getString("version"));
Assert.assertEquals(project.getDescription(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonObject("project").getString("description"));
Assert.assertEquals(project.getPurl().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonObject("project").getString("purl"));
Assert.assertEquals("tag1,tag2", json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonObject("project").getString("tags"));
Assert.assertEquals(violation.getComponent().getUuid().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("component").getString("uuid"));
Assert.assertEquals(violation.getComponent().getName(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("component").getString("name"));
Assert.assertEquals(violation.getComponent().getVersion(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("component").getString("version"));
Assert.assertEquals(violation.getUuid().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getString("uuid"));
Assert.assertEquals(violation.getType().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getString("type"));
Assert.assertEquals(violation.getPolicyCondition().getUuid().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getJsonObject("policyCondition").getString("uuid"));
Assert.assertEquals(violation.getPolicyCondition().getSubject().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getJsonObject("policyCondition").getString("subject"));
Assert.assertEquals(violation.getPolicyCondition().getOperator().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getJsonObject("policyCondition").getString("operator"));
Assert.assertEquals(violation.getPolicyCondition().getPolicy().getUuid().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getJsonObject("policyCondition").getJsonObject("policy").getString("uuid"));
Assert.assertEquals(violation.getPolicyCondition().getPolicy().getName(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getJsonObject("policyCondition").getJsonObject("policy").getString("name"));
Assert.assertEquals(violation.getPolicyCondition().getPolicy().getViolationState().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getJsonObject("policyCondition").getJsonObject("policy").getString("violationState"));
}

private static Component createComponent(final Project project) {
Expand Down Expand Up @@ -145,5 +211,46 @@ private static Vulnerability createVulnerability() {
vuln.setCwes(List.of(666, 777));
return vuln;
}

private static Policy createPolicy() {
final var policy = new Policy();
policy.setUuid(UUID.fromString("8d2f1ec1-3625-48c6-97c4-2a7553c7a376"));
policy.setViolationState(ViolationState.INFO);
policy.setName("policyName");
return policy;
}

private static ViolationAnalysis createViolationAnalysis() {
final var violationAnalysis = new ViolationAnalysis();
violationAnalysis.setViolationAnalysisState(ViolationAnalysisState.APPROVED);
violationAnalysis.setSuppressed(false);
return violationAnalysis;
}

private static PolicyCondition createPolicyCondition() {
final var policy = createPolicy();
final var policyCondition = new PolicyCondition();
policyCondition.setUuid(UUID.fromString("b029fce3-96f2-4c4a-9049-61070e9b6ea6"));
policyCondition.setPolicy(policy);
policyCondition.setSubject(PolicyCondition.Subject.AGE);
policyCondition.setOperator(Operator.NUMERIC_EQUAL);
return policyCondition;
}

private static PolicyViolation createPolicyViolation() {
final var project = createProject();
final var component = createComponent(project);
final var violation = new PolicyViolation();
final var violationAnalysis = createViolationAnalysis();
final var policyCondition = createPolicyCondition();

violation.setUuid(UUID.fromString("bf956a83-6013-4a69-9c76-857e2a8c8e45"));
violation.setPolicyCondition(policyCondition);
violation.setType(Type.LICENSE);
violation.setComponent(component);
violation.setTimestamp(Date.from(Instant.ofEpochSecond(66666, 666))); // Thu Jan 01 18:31:06 GMT 1970
violation.setAnalysis(violationAnalysis);
return violation;
}
}

0 comments on commit 27b85df

Please sign in to comment.