Skip to content

Commit

Permalink
Merge pull request #3792 from nscuro/backport-pr-3791
Browse files Browse the repository at this point in the history 
Backport: Fix Slack notifications failing when no base URL is configured
  • Loading branch information
@nscuro
nscuro authored Jun 1, 2024
2 parents 8ad00d3 + a17d9ea commit 1b36d23
Show file tree
Hide file tree
Showing 8 changed files with 579 additions and 25 deletions.
12 changes: 8 additions & 4 deletions src/main/resources/templates/notification/publisher/slack.peb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@
"text": "{{ subject.component.toString | escape(strategy="json") }}"
}
]
},
}{% if baseUrl is not empty %},
{
"type": "actions",
"elements": [
Expand All @@ -84,6 +84,7 @@
}
]
}
{% endif %}
]
}
{% elseif notification.group == "NEW_VULNERABLE_DEPENDENCY" %}
Expand Down Expand Up @@ -132,7 +133,7 @@
"text": "{{ subject.component.project.toString | escape(strategy="json") }}"
}
]
},
}{% if baseUrl is not empty %},
{
"type": "actions",
"elements": [
Expand All @@ -156,6 +157,7 @@
}
]
}
{% endif %}
]
}
{% elseif notification.group == "PROJECT_AUDIT_CHANGE" %}
Expand Down Expand Up @@ -250,7 +252,7 @@
"text": "{{ subject.project.toString | escape(strategy="json") }}"
}
]
},
}{% if baseUrl is not empty %},
{
"type": "actions",
"elements": [
Expand Down Expand Up @@ -283,6 +285,7 @@
}
]
}
{% endif %}
]
}
{% elseif notification.group == "POLICY_VIOLATION" %}
Expand Down Expand Up @@ -357,7 +360,7 @@
"text": "{{ subject.project.toString | escape(strategy="json") }}"
}
]
},
}{% if baseUrl is not empty %},
{
"type": "actions",
"elements": [
Expand All @@ -381,6 +384,7 @@
}
]
}
{% endif %}
]
}
{% else %}
Expand Down
22 changes: 22 additions & 0 deletions src/test/java/org/dependencytrack/notification/publisher/AbstractPublisherTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
import org.dependencytrack.notification.vo.BomConsumedOrProcessed;
import org.dependencytrack.notification.vo.BomProcessingFailed;
import org.dependencytrack.notification.vo.NewVulnerabilityIdentified;
import org.dependencytrack.notification.vo.NewVulnerableDependency;
import org.junit.Test;

import javax.json.Json;
Expand Down Expand Up @@ -150,6 +151,27 @@ public void testInformWithNewVulnerabilityNotification() {
.isThrownBy(() -> publisherInstance.inform(PublishContext.from(notification), notification, createConfig()));
}

@Test
public void testInformWithNewVulnerableDependencyNotification() {
final var project = createProject();
final var component = createComponent(project);
final var vuln = createVulnerability();

final var subject = new NewVulnerableDependency(component, List.of(vuln));

final var notification = new Notification()
.scope(NotificationScope.PORTFOLIO)
.group(NotificationGroup.NEW_VULNERABLE_DEPENDENCY)
.level(NotificationLevel.INFORMATIONAL)
.title(NotificationConstants.Title.NEW_VULNERABLE_DEPENDENCY)
.content("")
.timestamp(LocalDateTime.ofEpochSecond(66666, 666, ZoneOffset.UTC))
.subject(subject);

assertThatNoException()
.isThrownBy(() -> publisherInstance.inform(PublishContext.from(notification), notification, createConfig()));
}

@Test
public void testInformWithProjectAuditChangeNotification() {
final var project = createProject();
Expand Down
23 changes: 23 additions & 0 deletions src/test/java/org/dependencytrack/notification/publisher/JiraPublisherTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,29 @@ public void testInformWithNewVulnerabilityNotification() {
""")));
}

@Override
public void testInformWithNewVulnerableDependencyNotification() {
super.testInformWithNewVulnerableDependencyNotification();

verify(postRequestedFor(urlPathEqualTo("/rest/api/2/issue"))
.withHeader("Authorization", equalTo("Basic amlyYVVzZXI6amlyYVBhc3N3b3Jk"))
.withHeader("Content-Type", equalTo("application/json"))
.withRequestBody(equalToJson("""
{
"fields": {
"project": {
"key": "PROJECT"
},
"issuetype": {
"name": "Task"
},
"summary": "[Dependency-Track] [NEW_VULNERABLE_DEPENDENCY] Vulnerable dependency introduced on project projectName",
"description": "A component which contains one or more vulnerabilities has been added to your project.\\n\\\\\\\\\\n\\\\\\\\\\n*Project*\\n[pkg:maven/org.acme/projectName@projectVersion|https://example.com/projects/c9c9539a-e381-4b36-ac52-6a7ab83b2c95]\\n\\n*Component*\\n[componentName : componentVersion|https://example.com/components/94f87321-a5d1-4c2f-b2fe-95165debebc6]\\n\\n*Vulnerabilities*\\n- INT-001 (Medium)\\n"
}
}
""")));
}

@Override
public void testInformWithProjectAuditChangeNotification() {
super.testInformWithProjectAuditChangeNotification();
Expand Down
15 changes: 15 additions & 0 deletions src/test/java/org/dependencytrack/notification/publisher/MattermostPublisherTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,21 @@ public void testInformWithNewVulnerabilityNotification() {
""")));
}

@Override
public void testInformWithNewVulnerableDependencyNotification() {
super.testInformWithNewVulnerableDependencyNotification();

verify(postRequestedFor(anyUrl())
.withHeader("Content-Type", equalTo("application/json"))
.withRequestBody(equalToJson("""
{
"username" : "Dependency Track",
"icon_url" : "https://raw.githubusercontent.com/DependencyTrack/branding/master/dt-logo-symbol-blue-background.png",
"text" : "#### Vulnerable Dependency Introduced\\n\\n**Project**: \\n**Component**: componentName : componentVersion\\n[View Project](https://example.com/projects/) - [View Component](https://example.com/components/94f87321-a5d1-4c2f-b2fe-95165debebc6)"
}
""")));
}

@Override
public void testInformWithProjectAuditChangeNotification() {
super.testInformWithProjectAuditChangeNotification();
Expand Down
34 changes: 34 additions & 0 deletions src/test/java/org/dependencytrack/notification/publisher/MsTeamsPublisherTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,40 @@ public void testInformWithNewVulnerabilityNotification() {
""")));
}

@Override
public void testInformWithNewVulnerableDependencyNotification() {
super.testInformWithNewVulnerableDependencyNotification();

verify(postRequestedFor(anyUrl())
.withHeader("Content-Type", equalTo("application/json"))
.withRequestBody(equalToJson("""
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"summary": "Vulnerable Dependency Introduced",
"title": "Vulnerable Dependency Introduced",
"sections": [
{
"activityTitle": "Dependency-Track",
"activitySubtitle": "1970-01-01T18:31:06.000000666",
"activityImage": "https://raw.githubusercontent.com/DependencyTrack/branding/master/dt-logo-symbol-blue-background.png",
"facts": [
{
"name": "Project",
"value": "pkg:maven/org.acme/projectName@projectVersion"
},
{
"name": "Component",
"value": "componentName : componentVersion"
}
],
"text": ""
}
]
}
""")));
}

@Override
public void testInformWithProjectAuditChangeNotification() {
super.testInformWithProjectAuditChangeNotification();
Expand Down
84 changes: 63 additions & 21 deletions src/test/java/org/dependencytrack/notification/publisher/SendMailPublisherTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,17 +227,17 @@ public void testInformWithDataSourceMirroringNotification() {
GitHub Advisory Mirroring
--------------------------------------------------------------------------------
Level: ERROR
Scope: SYSTEM
Group: DATASOURCE_MIRRORING
--------------------------------------------------------------------------------
An error occurred mirroring the contents of GitHub Advisories. Check log for details.
--------------------------------------------------------------------------------
1970-01-01T18:31:06.000000666
""");
});
Expand All @@ -255,9 +255,9 @@ public void testInformWithNewVulnerabilityNotification() {
assertThat(content.getBodyPart(0)).isInstanceOf(MimeBodyPart.class);
assertThat((String) content.getBodyPart(0).getContent()).isEqualToIgnoringNewLines("""
New Vulnerability Identified
--------------------------------------------------------------------------------
Vulnerability ID: INT-001
Vulnerability URL: /vulnerability/?source=INTERNAL&vulnId=INT-001
Severity: MEDIUM
Expand All @@ -268,13 +268,55 @@ public void testInformWithNewVulnerabilityNotification() {
Version: projectVersion
Description: projectDescription
Project URL: /projects/c9c9539a-e381-4b36-ac52-6a7ab83b2c95
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
1970-01-01T18:31:06.000000666
""");
});
}

@Override
public void testInformWithNewVulnerableDependencyNotification() {
super.testInformWithNewVulnerableDependencyNotification();

assertThat(greenMail.getReceivedMessages()).satisfiesExactly(message -> {
assertThat(message.getSubject()).isEqualTo("[Dependency-Track] Vulnerable Dependency Introduced");
assertThat(message.getContent()).isInstanceOf(MimeMultipart.class);
final MimeMultipart content = (MimeMultipart) message.getContent();
assertThat(content.getCount()).isEqualTo(1);
assertThat(content.getBodyPart(0)).isInstanceOf(MimeBodyPart.class);
assertThat((String) content.getBodyPart(0).getContent()).isEqualToIgnoringNewLines("""
Vulnerable Dependency Introduced
--------------------------------------------------------------------------------
Project: pkg:maven/org.acme/projectName@projectVersion
Project URL: /projects/?uuid=c9c9539a-e381-4b36-ac52-6a7ab83b2c95
Component: componentName : componentVersion
Component URL: /component/?uuid=94f87321-a5d1-4c2f-b2fe-95165debebc6
Vulnerabilities
Vulnerability ID: INT-001
Vulnerability URL: /vulnerability/?source=INTERNAL&vulnId=INT-001
Severity: MEDIUM
Source: INTERNAL
Description:
vulnerabilityDescription
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
1970-01-01T18:31:06.000000666
""");
});
Expand All @@ -292,30 +334,30 @@ public void testInformWithProjectAuditChangeNotification() {
assertThat(content.getBodyPart(0)).isInstanceOf(MimeBodyPart.class);
assertThat((String) content.getBodyPart(0).getContent()).isEqualToIgnoringNewLines("""
Analysis Decision: Finding Suppressed
--------------------------------------------------------------------------------
Analysis Type: Project Analysis
Analysis State: FALSE_POSITIVE
Suppressed: true
Vulnerability ID: INT-001
Vulnerability URL: /vulnerability/?source=INTERNAL&vulnId=INT-001
Severity: MEDIUM
Source: INTERNAL
Component: componentName : componentVersion
Component URL: /component/?uuid=94f87321-a5d1-4c2f-b2fe-95165debebc6
Project: pkg:maven/org.acme/projectName@projectVersion
Description: projectDescription
Project URL: /projects/c9c9539a-e381-4b36-ac52-6a7ab83b2c95
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
1970-01-01T18:31:06.000000666
""");
});
Expand Down
Loading

0 comments on commit 1b36d23

Please sign in to comment.