From 27b85df000deb28c41f4e119ed174a26fb348a08 Mon Sep 17 00:00:00 2001
From: Richard Bickert <rbt@mm-software.com>
Date: Wed, 15 Jan 2025 11:52:47 +0100
Subject: [PATCH] Add test case for ScheduledPolicyViolationsIdentified

Signed-off-by: Richard Bickert <rbt@mm-software.com>
---
 .../util/NotificationUtilTest.java            | 111 +++++++++++++++++-
 1 file changed, 109 insertions(+), 2 deletions(-)

diff --git a/src/test/java/org/dependencytrack/util/NotificationUtilTest.java b/src/test/java/org/dependencytrack/util/NotificationUtilTest.java
index 8e2fdd09f..c49387c82 100644
--- a/src/test/java/org/dependencytrack/util/NotificationUtilTest.java
+++ b/src/test/java/org/dependencytrack/util/NotificationUtilTest.java
@@ -10,20 +10,35 @@
 import org.apache.commons.collections4.map.LinkedMap;
 import org.dependencytrack.model.AnalysisState;
 import org.dependencytrack.model.Component;
+import org.dependencytrack.model.Policy;
+import org.dependencytrack.model.Policy.ViolationState;
+import org.dependencytrack.model.PolicyCondition;
+import org.dependencytrack.model.PolicyCondition.Operator;
+import org.dependencytrack.model.PolicyViolation;
+import org.dependencytrack.model.PolicyViolation.Type;
 import org.dependencytrack.model.Project;
 import org.dependencytrack.model.Severity;
 import org.dependencytrack.model.Tag;
+import org.dependencytrack.model.ViolationAnalysis;
+import org.dependencytrack.model.ViolationAnalysisState;
 import org.dependencytrack.model.Vulnerability;
+import org.dependencytrack.model.scheduled.policyviolations.PolicyViolationDetails;
+import org.dependencytrack.model.scheduled.policyviolations.PolicyViolationOverview;
+import org.dependencytrack.model.scheduled.policyviolations.PolicyViolationSummary;
+import org.dependencytrack.model.scheduled.policyviolations.PolicyViolationSummaryInfo;
 import org.dependencytrack.model.scheduled.vulnerabilities.VulnerabilityDetails;
 import org.dependencytrack.model.scheduled.vulnerabilities.VulnerabilityDetailsInfo;
 import org.dependencytrack.model.scheduled.vulnerabilities.VulnerabilityOverview;
 import org.dependencytrack.model.scheduled.vulnerabilities.VulnerabilitySummary;
 import org.dependencytrack.model.scheduled.vulnerabilities.VulnerabilitySummaryInfo;
 import org.dependencytrack.notification.vo.ScheduledNewVulnerabilitiesIdentified;
+import org.dependencytrack.notification.vo.ScheduledPolicyViolationsIdentified;
 import org.junit.Test;
 import org.junit.Assert;
 
 import jakarta.json.JsonObject;
+import java.time.Instant;
+import java.util.Date;
 
 public class NotificationUtilTest {
     
@@ -58,14 +73,12 @@ public void toJsonWithScheduledNewVulnerabilitiesIdentified() {
             new VulnerabilityDetails(mapVulnDetailInfos)
         );
         JsonObject json = NotificationUtil.toJson(vo);
-        System.out.println(json.toString());
         
         Assert.assertEquals(1, json.getJsonObject("overview").getInt("affectedProjectsCount"));
         Assert.assertEquals(1, json.getJsonObject("overview").getInt("newVulnerabilitiesCount"));
         Assert.assertEquals(1, json.getJsonObject("overview").getInt("affectedComponentsCount"));
         Assert.assertEquals(0, json.getJsonObject("overview").getInt("suppressedNewVulnerabilitiesCount"));
         Assert.assertEquals(1, json.getJsonObject("overview").getJsonObject("newVulnerabilitiesBySeverity").getInt("CRITICAL"));
-        Assert.assertEquals(0, json.getJsonObject("overview").getInt("suppressedNewVulnerabilitiesCount"));
 
         Assert.assertEquals(project.getUuid().toString(), json.getJsonObject("summary").getJsonArray("projectSummaries").getJsonObject(0).getJsonObject("project").getString("uuid"));
         Assert.assertEquals(project.getName(), json.getJsonObject("summary").getJsonArray("projectSummaries").getJsonObject(0).getJsonObject("project").getString("name"));
@@ -94,7 +107,60 @@ public void toJsonWithScheduledNewVulnerabilitiesIdentified() {
         Assert.assertEquals("Thu Jan 01 18:31:06 GMT 1970", json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("findings").getJsonObject(0).getString("attributedOn"));
         Assert.assertEquals(AnalysisState.EXPLOITABLE.name(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("findings").getJsonObject(0).getString("analysisState"));
         Assert.assertFalse(json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("findings").getJsonObject(0).getBoolean("suppressed"));
+    }
+
+    @Test
+    public void toJsonWithScheduledPolicyViolationsIdentified() {
+        final var project = createProject();
+        final var violation = createPolicyViolation();
+        final Map<PolicyViolation.Type, Integer> mapPolViolBySev = new EnumMap<>(PolicyViolation.Type.class);
+        final Map<Project, PolicyViolationSummaryInfo> mapPolViolSummInfos = new LinkedHashMap<>();
+        final Map<Project, List<PolicyViolation>> mapPolViolDetailInfos = new LinkedHashMap<>();
+
+        mapPolViolBySev.put(PolicyViolation.Type.LICENSE, 1);
+        mapPolViolSummInfos.put(project, new PolicyViolationSummaryInfo(mapPolViolBySev, mapPolViolBySev, new LinkedMap<>()));
+        mapPolViolDetailInfos.put(project, List.of(violation));
 
+        final ScheduledPolicyViolationsIdentified vo = new ScheduledPolicyViolationsIdentified(
+            new PolicyViolationOverview(1, 1, mapPolViolBySev, 1, 0),
+            new PolicyViolationSummary(mapPolViolSummInfos),
+            new PolicyViolationDetails(mapPolViolDetailInfos)
+        );
+        JsonObject json = NotificationUtil.toJson(vo);
+
+        Assert.assertEquals(1, json.getJsonObject("overview").getInt("affectedProjectsCount"));
+        Assert.assertEquals(1, json.getJsonObject("overview").getInt("newViolationsCount"));
+        Assert.assertEquals(1, json.getJsonObject("overview").getInt("affectedComponentsCount"));
+        Assert.assertEquals(0, json.getJsonObject("overview").getInt("suppressedNewViolationsCount"));
+        Assert.assertEquals(1, json.getJsonObject("overview").getJsonObject("newViolationsByRiskType").getInt("LICENSE"));
+        
+        Assert.assertEquals(project.getUuid().toString(), json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("project").getString("uuid"));
+        Assert.assertEquals(project.getName(), json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("project").getString("name"));
+        Assert.assertEquals(project.getVersion(), json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("project").getString("version"));
+        Assert.assertEquals(project.getDescription(), json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("project").getString("description"));
+        Assert.assertEquals(project.getPurl().toString(), json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("project").getString("purl"));
+        Assert.assertEquals("tag1,tag2", json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("project").getString("tags"));
+        Assert.assertEquals(1, json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("summary").getJsonObject("newViolationsByRiskType").getInt("LICENSE"));
+        Assert.assertEquals(1, json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("summary").getJsonObject("totalProjectViolationsByRiskType").getInt("LICENSE"));
+        Assert.assertTrue(json.getJsonObject("summary").getJsonArray("affectedProjectSummaries").getJsonObject(0).getJsonObject("summary").getJsonObject("suppressedNewViolationsByRiskType").isEmpty());
+
+        Assert.assertEquals(project.getUuid().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonObject("project").getString("uuid"));
+        Assert.assertEquals(project.getName(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonObject("project").getString("name"));
+        Assert.assertEquals(project.getVersion(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonObject("project").getString("version"));
+        Assert.assertEquals(project.getDescription(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonObject("project").getString("description"));
+        Assert.assertEquals(project.getPurl().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonObject("project").getString("purl"));
+        Assert.assertEquals("tag1,tag2", json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonObject("project").getString("tags"));
+        Assert.assertEquals(violation.getComponent().getUuid().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("component").getString("uuid"));
+        Assert.assertEquals(violation.getComponent().getName(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("component").getString("name"));
+        Assert.assertEquals(violation.getComponent().getVersion(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("component").getString("version"));
+        Assert.assertEquals(violation.getUuid().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getString("uuid"));
+        Assert.assertEquals(violation.getType().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getString("type"));
+        Assert.assertEquals(violation.getPolicyCondition().getUuid().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getJsonObject("policyCondition").getString("uuid"));
+        Assert.assertEquals(violation.getPolicyCondition().getSubject().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getJsonObject("policyCondition").getString("subject"));
+        Assert.assertEquals(violation.getPolicyCondition().getOperator().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getJsonObject("policyCondition").getString("operator"));
+        Assert.assertEquals(violation.getPolicyCondition().getPolicy().getUuid().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getJsonObject("policyCondition").getJsonObject("policy").getString("uuid"));
+        Assert.assertEquals(violation.getPolicyCondition().getPolicy().getName(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getJsonObject("policyCondition").getJsonObject("policy").getString("name"));
+        Assert.assertEquals(violation.getPolicyCondition().getPolicy().getViolationState().toString(), json.getJsonObject("details").getJsonArray("projectDetails").getJsonObject(0).getJsonArray("violations").getJsonObject(0).getJsonObject("violation").getJsonObject("policyCondition").getJsonObject("policy").getString("violationState"));
     }
 
     private static Component createComponent(final Project project) {
@@ -145,5 +211,46 @@ private static Vulnerability createVulnerability() {
         vuln.setCwes(List.of(666, 777));
         return vuln;
     }
+
+    private static Policy createPolicy() {
+        final var policy = new Policy();
+        policy.setUuid(UUID.fromString("8d2f1ec1-3625-48c6-97c4-2a7553c7a376"));
+        policy.setViolationState(ViolationState.INFO);
+        policy.setName("policyName");
+        return policy;
+    }
+
+    private static ViolationAnalysis createViolationAnalysis() {
+        final var violationAnalysis = new ViolationAnalysis();
+        violationAnalysis.setViolationAnalysisState(ViolationAnalysisState.APPROVED);
+        violationAnalysis.setSuppressed(false);
+        return violationAnalysis;
+    }
+
+    private static PolicyCondition createPolicyCondition() {
+        final var policy = createPolicy();
+        final var policyCondition = new PolicyCondition();
+        policyCondition.setUuid(UUID.fromString("b029fce3-96f2-4c4a-9049-61070e9b6ea6"));
+        policyCondition.setPolicy(policy);
+        policyCondition.setSubject(PolicyCondition.Subject.AGE);
+        policyCondition.setOperator(Operator.NUMERIC_EQUAL);
+        return policyCondition;
+    }
+
+    private static PolicyViolation createPolicyViolation() {
+        final var project = createProject();
+        final var component = createComponent(project);
+        final var violation = new PolicyViolation();
+        final var violationAnalysis = createViolationAnalysis();
+        final var policyCondition = createPolicyCondition();
+        
+        violation.setUuid(UUID.fromString("bf956a83-6013-4a69-9c76-857e2a8c8e45"));
+        violation.setPolicyCondition(policyCondition);
+        violation.setType(Type.LICENSE);
+        violation.setComponent(component);
+        violation.setTimestamp(Date.from(Instant.ofEpochSecond(66666, 666))); // Thu Jan 01 18:31:06 GMT 1970
+        violation.setAnalysis(violationAnalysis);
+        return violation;
+    }
 }