Skip to content

Commit

Permalink
Add publisher tests for NEW_VULNERABLE_DEPENDENCY
Browse files Browse the repository at this point in the history 
Signed-off-by: nscuro <[email protected]>
  • Loading branch information
@nscuro
nscuro committed Jun 1, 2024
1 parent 4119d46 commit a17d9ea
Show file tree
Hide file tree
Showing 5 changed files with 207 additions and 21 deletions.
23 changes: 23 additions & 0 deletions src/test/java/org/dependencytrack/notification/publisher/JiraPublisherTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,29 @@ public void testInformWithNewVulnerabilityNotification() {
""")));
}

@Override
public void testInformWithNewVulnerableDependencyNotification() {
super.testInformWithNewVulnerableDependencyNotification();

verify(postRequestedFor(urlPathEqualTo("/rest/api/2/issue"))
.withHeader("Authorization", equalTo("Basic amlyYVVzZXI6amlyYVBhc3N3b3Jk"))
.withHeader("Content-Type", equalTo("application/json"))
.withRequestBody(equalToJson("""
{
"fields": {
"project": {
"key": "PROJECT"
},
"issuetype": {
"name": "Task"
},
"summary": "[Dependency-Track] [NEW_VULNERABLE_DEPENDENCY] Vulnerable dependency introduced on project projectName",
"description": "A component which contains one or more vulnerabilities has been added to your project.\\n\\\\\\\\\\n\\\\\\\\\\n*Project*\\n[pkg:maven/org.acme/projectName@projectVersion|https://example.com/projects/c9c9539a-e381-4b36-ac52-6a7ab83b2c95]\\n\\n*Component*\\n[componentName : componentVersion|https://example.com/components/94f87321-a5d1-4c2f-b2fe-95165debebc6]\\n\\n*Vulnerabilities*\\n- INT-001 (Medium)\\n"
}
}
""")));
}

@Override
public void testInformWithProjectAuditChangeNotification() {
super.testInformWithProjectAuditChangeNotification();
Expand Down
15 changes: 15 additions & 0 deletions src/test/java/org/dependencytrack/notification/publisher/MattermostPublisherTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,21 @@ public void testInformWithNewVulnerabilityNotification() {
""")));
}

@Override
public void testInformWithNewVulnerableDependencyNotification() {
super.testInformWithNewVulnerableDependencyNotification();

verify(postRequestedFor(anyUrl())
.withHeader("Content-Type", equalTo("application/json"))
.withRequestBody(equalToJson("""
{
"username" : "Dependency Track",
"icon_url" : "https://raw.githubusercontent.com/DependencyTrack/branding/master/dt-logo-symbol-blue-background.png",
"text" : "#### Vulnerable Dependency Introduced\\n\\n**Project**: \\n**Component**: componentName : componentVersion\\n[View Project](https://example.com/projects/) - [View Component](https://example.com/components/94f87321-a5d1-4c2f-b2fe-95165debebc6)"
}
""")));
}

@Override
public void testInformWithProjectAuditChangeNotification() {
super.testInformWithProjectAuditChangeNotification();
Expand Down
34 changes: 34 additions & 0 deletions src/test/java/org/dependencytrack/notification/publisher/MsTeamsPublisherTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,40 @@ public void testInformWithNewVulnerabilityNotification() {
""")));
}

@Override
public void testInformWithNewVulnerableDependencyNotification() {
super.testInformWithNewVulnerableDependencyNotification();

verify(postRequestedFor(anyUrl())
.withHeader("Content-Type", equalTo("application/json"))
.withRequestBody(equalToJson("""
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"summary": "Vulnerable Dependency Introduced",
"title": "Vulnerable Dependency Introduced",
"sections": [
{
"activityTitle": "Dependency-Track",
"activitySubtitle": "1970-01-01T18:31:06.000000666",
"activityImage": "https://raw.githubusercontent.com/DependencyTrack/branding/master/dt-logo-symbol-blue-background.png",
"facts": [
{
"name": "Project",
"value": "pkg:maven/org.acme/projectName@projectVersion"
},
{
"name": "Component",
"value": "componentName : componentVersion"
}
],
"text": ""
}
]
}
""")));
}

@Override
public void testInformWithProjectAuditChangeNotification() {
super.testInformWithProjectAuditChangeNotification();
Expand Down
84 changes: 63 additions & 21 deletions src/test/java/org/dependencytrack/notification/publisher/SendMailPublisherTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -227,17 +227,17 @@ public void testInformWithDataSourceMirroringNotification() {
GitHub Advisory Mirroring
--------------------------------------------------------------------------------
Level: ERROR
Scope: SYSTEM
Group: DATASOURCE_MIRRORING
--------------------------------------------------------------------------------
An error occurred mirroring the contents of GitHub Advisories. Check log for details.
--------------------------------------------------------------------------------
1970-01-01T18:31:06.000000666
""");
});
Expand All @@ -255,9 +255,9 @@ public void testInformWithNewVulnerabilityNotification() {
assertThat(content.getBodyPart(0)).isInstanceOf(MimeBodyPart.class);
assertThat((String) content.getBodyPart(0).getContent()).isEqualToIgnoringNewLines("""
New Vulnerability Identified
--------------------------------------------------------------------------------
Vulnerability ID: INT-001
Vulnerability URL: /vulnerability/?source=INTERNAL&vulnId=INT-001
Severity: MEDIUM
Expand All @@ -268,13 +268,55 @@ public void testInformWithNewVulnerabilityNotification() {
Version: projectVersion
Description: projectDescription
Project URL: /projects/c9c9539a-e381-4b36-ac52-6a7ab83b2c95
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
1970-01-01T18:31:06.000000666
""");
});
}

@Override
public void testInformWithNewVulnerableDependencyNotification() {
super.testInformWithNewVulnerableDependencyNotification();

assertThat(greenMail.getReceivedMessages()).satisfiesExactly(message -> {
assertThat(message.getSubject()).isEqualTo("[Dependency-Track] Vulnerable Dependency Introduced");
assertThat(message.getContent()).isInstanceOf(MimeMultipart.class);
final MimeMultipart content = (MimeMultipart) message.getContent();
assertThat(content.getCount()).isEqualTo(1);
assertThat(content.getBodyPart(0)).isInstanceOf(MimeBodyPart.class);
assertThat((String) content.getBodyPart(0).getContent()).isEqualToIgnoringNewLines("""
Vulnerable Dependency Introduced
--------------------------------------------------------------------------------
Project: pkg:maven/org.acme/projectName@projectVersion
Project URL: /projects/?uuid=c9c9539a-e381-4b36-ac52-6a7ab83b2c95
Component: componentName : componentVersion
Component URL: /component/?uuid=94f87321-a5d1-4c2f-b2fe-95165debebc6
Vulnerabilities
Vulnerability ID: INT-001
Vulnerability URL: /vulnerability/?source=INTERNAL&vulnId=INT-001
Severity: MEDIUM
Source: INTERNAL
Description:
vulnerabilityDescription
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
1970-01-01T18:31:06.000000666
""");
});
Expand All @@ -292,30 +334,30 @@ public void testInformWithProjectAuditChangeNotification() {
assertThat(content.getBodyPart(0)).isInstanceOf(MimeBodyPart.class);
assertThat((String) content.getBodyPart(0).getContent()).isEqualToIgnoringNewLines("""
Analysis Decision: Finding Suppressed
--------------------------------------------------------------------------------
Analysis Type: Project Analysis
Analysis State: FALSE_POSITIVE
Suppressed: true
Vulnerability ID: INT-001
Vulnerability URL: /vulnerability/?source=INTERNAL&vulnId=INT-001
Severity: MEDIUM
Source: INTERNAL
Component: componentName : componentVersion
Component URL: /component/?uuid=94f87321-a5d1-4c2f-b2fe-95165debebc6
Project: pkg:maven/org.acme/projectName@projectVersion
Description: projectDescription
Project URL: /projects/c9c9539a-e381-4b36-ac52-6a7ab83b2c95
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
1970-01-01T18:31:06.000000666
""");
});
Expand Down
72 changes: 72 additions & 0 deletions src/test/java/org/dependencytrack/notification/publisher/WebhookPublisherTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,6 +231,78 @@ public void testInformWithNewVulnerabilityNotification() {
""")));
}

@Override
public void testInformWithNewVulnerableDependencyNotification() {
super.testInformWithNewVulnerableDependencyNotification();

verify(postRequestedFor(anyUrl())
.withHeader("Content-Type", equalTo("application/json"))
.withRequestBody(equalToJson("""
{
"notification": {
"level": "INFORMATIONAL",
"scope": "PORTFOLIO",
"group": "NEW_VULNERABLE_DEPENDENCY",
"timestamp": "1970-01-01T18:31:06.000000666",
"title": "Vulnerable Dependency Introduced",
"content": "",
"subject": {
"project": {
"uuid": "c9c9539a-e381-4b36-ac52-6a7ab83b2c95",
"name": "projectName",
"version": "projectVersion",
"description": "projectDescription",
"purl": "pkg:maven/org.acme/projectName@projectVersion",
"tags": "tag1,tag2"
},
"component": {
"uuid": "94f87321-a5d1-4c2f-b2fe-95165debebc6",
"name": "componentName",
"version": "componentVersion"
},
"vulnerabilities": [
{
"uuid": "bccec5d5-ec21-4958-b3e8-22a7a866a05a",
"vulnId": "INT-001",
"source": "INTERNAL",
"aliases": [
{
"source": "OSV",
"vulnId": "OSV-001"
}
],
"title": "vulnerabilityTitle",
"subtitle": "vulnerabilitySubTitle",
"description": "vulnerabilityDescription",
"recommendation": "vulnerabilityRecommendation",
"cvssv2": 5.5,
"cvssv3": 6.6,
"owaspRRLikelihood": 1.1,
"owaspRRTechnicalImpact": 2.2,
"owaspRRBusinessImpact": 3.3,
"severity": "MEDIUM",
"cwe": {
"cweId": 666,
"name": "Operation on Resource in Wrong Phase of Lifetime"
},
"cwes": [
{
"cweId": 666,
"name": "Operation on Resource in Wrong Phase of Lifetime"
},
{
"cweId": 777,
"name": "Regular Expression without Anchors"
}
]
}
]
}
}
}
""")));
}

@Override
public void testInformWithProjectAuditChangeNotification() {
super.testInformWithProjectAuditChangeNotification();
Expand Down

0 comments on commit a17d9ea

Please sign in to comment.