Skip to content

Commit

Permalink
fix: persist scan metadata
Browse files Browse the repository at this point in the history
Signed-off-by: san-zrl <san@zurich.ibm.com>
  • Loading branch information
san-zrl committed Oct 14, 2024
1 parent 840cd63 commit 668bdc1
Show file tree
Hide file tree
Showing 3 changed files with 59 additions and 54 deletions.
55 changes: 26 additions & 29 deletions src/main/java/com/ibm/resources/v1/ScannerResource.java
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,10 @@
*/
package com.ibm.resources.v1;

import static com.ibm.Utils.addProperties;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.ibm.Utils;
import com.ibm.configuration.IConfiguration;
import com.ibm.git.GitService;
import com.ibm.message.IMessageDispatcher;
Expand Down Expand Up @@ -181,18 +182,16 @@ public void onMessage(String requestJSON, @PathParam("clientId") String clientId
cbom = runScan(webSocketMessageDispatcher, clonedProject.get(), scanRequest);
// try to store
if (possibleIdentifiers.isPresent() && cbom.isPresent()) {
List<IdentifiableScan> identifiableScans =
storeCBOM(
cbom.get(),
possibleIdentifiers.get(),
scanRequest.gitUrl(),
scanRequest.branch());
Utils.addProperties(
storeCBOM(
cbom.get(),
possibleIdentifiers.get(),
scanRequest,
clonedProject.get().commitHash,
identifiableScans);
LOG.info("Scan related data persisted");
clonedProject.get().commitHash);
LOG.info(
"CBOM persisted for "
+ scanRequest.gitUrl()
+ ", branch "
+ scanRequest.branch());
webSocketMessageDispatcher.sendCBOMMessage(cbom.get().toString());
}
}
Expand Down Expand Up @@ -290,37 +289,34 @@ public Optional<IdentifiersInternal> getIdentifier(@Nonnull String gitUrl) {
}

@Transactional
public List<IdentifiableScan> storeCBOM(
public void storeCBOM(
@Nonnull JsonNode cbom,
@Nonnull IdentifiersInternal identifiers,
@Nonnull String gitUrl,
@Nonnull String branch) {
@Nonnull ScanRequest scanRequest,
@Nonnull String commitHash) {
final PanacheQuery<Scan> findCbomForGitAndBranch =
Scan.find("gitUrl = ?1 and branch = ?2", gitUrl, branch);
Scan.find(
"gitUrl = ?1 and branch = ?2", scanRequest.gitUrl(), scanRequest.branch());
final Optional<Scan> possibleCbom = findCbomForGitAndBranch.firstResultOptional();

Scan entity = new Scan();
if (possibleCbom.isPresent()) {
LOG.info(
"CBOM-Entity with giturl "
+ possibleCbom.get().getGitUrl()
+ " already present. Will be overwritten.");
entity = possibleCbom.get();
LOG.info(
"Scan from giturl "
+ entity.getGitUrl()
+ " (branch: "
+ entity.getBranch()
+ ") already present. Will be overwritten.");
}
entity.setBom(cbom);
entity.setGitUrl(gitUrl);
entity.setBranch(branch);
entity.setGitUrl(scanRequest.gitUrl());
entity.setBranch(scanRequest.branch());
entity.setCbomSpecVersion(Version.VERSION_16.getVersionString());
entity.setCreatedAt(new Timestamp(System.currentTimeMillis()));
entity.persist();
if (entity.isPersistent()) {
LOG.info("CBOM-Entity object with gitUrl " + entity.getGitUrl() + " persisted");
} else {
LOG.error("An error occurred while persisting the CBOM-Entity.");
}

final Pattern versionPattern = Pattern.compile("(\\d+\\.\\d+\\.?\\d*)");
final Matcher versionMatcher = versionPattern.matcher(branch);
final Matcher versionMatcher = versionPattern.matcher(scanRequest.branch());
String version = null;
if (versionMatcher.find()) {
version = versionMatcher.group(1);
Expand All @@ -346,7 +342,8 @@ public List<IdentifiableScan> storeCBOM(
}
IdentifiableScan.persist(identifiableScans);

return identifiableScans;
addProperties(entity.getBom(), scanRequest, commitHash, identifiableScans);
entity.persist();
}

public static class CancelScanException extends Exception {
Expand Down
30 changes: 19 additions & 11 deletions src/test/java/com/ibm/DefaultTestConfiguration.java
Original file line number Diff line number Diff line change
Expand Up @@ -37,24 +37,27 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.eclipse.microprofile.config.ConfigProvider;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

@Mock
@ApplicationScoped
public class DefaultTestConfiguration implements ITestConfiguration {
@NotNull @Override
@Nonnull
@Override
public String exampleCbomVersion() {
return "1.6";
}

@NotNull @Override
@Nonnull
@Override
public String exampleCbomString() {
return "{\"cbom\":\"The cbom\"}";
}

@NotNull @Override
@Nonnull
@Override
public Scan exampleCbom() {
try {
Scan scan = new Scan();
Expand All @@ -70,17 +73,20 @@ public Scan exampleCbom() {
}
}

@NotNull @Override
@Nonnull
@Override
public String exampleGitUrl() {
return "https://github.com/apache/commons-io";
}

@NotNull @Override
@Nonnull
@Override
public String exampleGitBranch() {
return "master";
}

@NotNull @Override
@Nonnull
@Override
public String examplePURL() {
return "pkg:github/apache/commons-io";
}
Expand All @@ -90,12 +96,14 @@ public IComplianceService getComplianceService() {
throw new UnsupportedOperationException("Override this function in your test class");
}

@NotNull @Override
@Nonnull
@Override
public IScanRepository getCBOMRepository() {
return new ScanRepository();
}

@NotNull @Override
@Nonnull
@Override
public IScannerManager getScannerManager() {
// register scanners
final List<IScanner> registry = new ArrayList<>();
Expand All @@ -105,7 +113,7 @@ public IScannerManager getScannerManager() {
}

@Override
public @NotNull List<File> getJavaDependencyJARS() {
public @Nonnull List<File> getJavaDependencyJARS() {
return ConfigProvider.getConfig()
.getOptionalValue("service.scanning.java-jar-dir", String.class)
.flatMap(Utils::getJarFiles)
Expand Down
28 changes: 14 additions & 14 deletions src/test/java/com/ibm/resources/v1/ScannerResourceTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -129,25 +129,25 @@ void testGetIdentifier() {
void testStoreCbom() throws JsonProcessingException {
ObjectMapper mapper = new ObjectMapper();
JsonNode cbomJson = mapper.readTree(this.testConfiguration.exampleCbomString());
final IdentifiersInternal ii =
final IdentifiersInternal identifiers =
new IdentifiersInternal(
this.testConfiguration.exampleGitUrl(),
List.of(this.testConfiguration.examplePURL()));

ScannerResource sr = new ScannerResource(this.testConfiguration);
sr.storeCBOM(
cbomJson,
ii,
this.testConfiguration.exampleGitUrl(),
this.testConfiguration.exampleGitBranch());
ScanRequest request =
new ScanRequest(
this.testConfiguration.exampleGitUrl(),
this.testConfiguration.exampleGitBranch(),
null);
ScannerResource resource = new ScannerResource(this.testConfiguration);
resource.storeCBOM(cbomJson, identifiers, request, "01abcdef");

PanacheQuery<Scan> query =
Scan.find(
"gitUrl = ?1 and branch = ?2",
this.testConfiguration.exampleGitUrl(),
this.testConfiguration.exampleGitBranch());
Scan cb = query.firstResult();
Assertions.assertNotNull(cb);
Assertions.assertEquals(cbomJson, cb.getBom());
Scan.find("gitUrl = ?1 and branch = ?2", request.gitUrl(), request.branch());
Scan scan = query.firstResult();
Assertions.assertNotNull(scan);
Assertions.assertEquals(request.gitUrl(), scan.getGitUrl());
Assertions.assertEquals(request.branch(), scan.getBranch());
Assertions.assertEquals(cbomJson, scan.getBom());
}
}

0 comments on commit 668bdc1

Please sign in to comment.