From 536de20b9a1e753c0db51161d5268070b7aa3c01 Mon Sep 17 00:00:00 2001
From: RBickert <rbt@mm-software.com>
Date: Wed, 30 Nov 2022 13:40:38 +0100
Subject: [PATCH 1/2] Enable to set undefined license for license policy

Signed-off-by: RBickert <rbt@mm-software.com>
---
 .../policy/LicensePolicyEvaluator.java        | 24 ++++++++++++-------
 .../policy/LicensePolicyEvaluatorTest.java    | 24 +++++++++++++++++++
 2 files changed, 39 insertions(+), 9 deletions(-)

diff --git a/src/main/java/org/dependencytrack/policy/LicensePolicyEvaluator.java b/src/main/java/org/dependencytrack/policy/LicensePolicyEvaluator.java
index 1a640e4b52..e1ebb8ffdb 100644
--- a/src/main/java/org/dependencytrack/policy/LicensePolicyEvaluator.java
+++ b/src/main/java/org/dependencytrack/policy/LicensePolicyEvaluator.java
@@ -52,20 +52,26 @@ public PolicyCondition.Subject supportedSubject() {
     public List<PolicyConditionViolation> evaluate(final Policy policy, final Component component) {
         final List<PolicyConditionViolation> violations = new ArrayList<>();
         final License license = component.getResolvedLicense();
-        if (license == null) {
-            return violations;
-        }
+
         for (final PolicyCondition condition: super.extractSupportedConditions(policy)) {
             LOGGER.debug("Evaluating component (" + component.getUuid() + ") against policy condition (" + condition.getUuid() + ")");
-            final License l = qm.getObjectByUuid(License.class, condition.getValue());
-            if (l != null && PolicyCondition.Operator.IS == condition.getOperator()) {
-                if (component.getResolvedLicense().getId() == l.getId()) {
+            if (condition.getValue().equals("undefinedLicense")) {
+                if (license == null && PolicyCondition.Operator.IS == condition.getOperator()) {
                     violations.add(new PolicyConditionViolation(condition, component));
-                }
-            } else if (l != null && PolicyCondition.Operator.IS_NOT == condition.getOperator()) {
-                if (component.getResolvedLicense().getId() != l.getId()) {
+                } else if (license != null && PolicyCondition.Operator.IS_NOT == condition.getOperator()) {
                     violations.add(new PolicyConditionViolation(condition, component));
                 }
+            } else if (license != null) {
+                final License l = qm.getObjectByUuid(License.class, condition.getValue());
+                if (l != null && PolicyCondition.Operator.IS == condition.getOperator()) {
+                    if (component.getResolvedLicense().getId() == l.getId()) {
+                        violations.add(new PolicyConditionViolation(condition, component));
+                    }
+                } else if (l != null && PolicyCondition.Operator.IS_NOT == condition.getOperator()) {
+                    if (component.getResolvedLicense().getId() != l.getId()) {
+                        violations.add(new PolicyConditionViolation(condition, component));
+                    }
+                }
             }
         }
         return violations;
diff --git a/src/test/java/org/dependencytrack/policy/LicensePolicyEvaluatorTest.java b/src/test/java/org/dependencytrack/policy/LicensePolicyEvaluatorTest.java
index 351e3b2721..74343a0df2 100644
--- a/src/test/java/org/dependencytrack/policy/LicensePolicyEvaluatorTest.java
+++ b/src/test/java/org/dependencytrack/policy/LicensePolicyEvaluatorTest.java
@@ -102,4 +102,28 @@ public void wrongOperator() {
         Assert.assertEquals(0, violations.size());
     }
 
+    @Test
+    public void valueIsUndefinedLicense() {
+        License license = new License();
+        license.setName("Apache 2.0");
+        license.setLicenseId("Apache-2.0");
+        license.setUuid(UUID.randomUUID());
+        license = qm.persist(license);
+
+        Policy policy = qm.createPolicy("Test Policy", Policy.Operator.ANY, Policy.ViolationState.INFO);
+        qm.createPolicyCondition(policy, PolicyCondition.Subject.LICENSE, PolicyCondition.Operator.IS, "undefinedLicense");
+
+        Component componentWithLicense = new Component();
+        componentWithLicense.setResolvedLicense(license);
+
+        Component componentWithoutLicense = new Component();
+
+        PolicyEvaluator evaluator = new LicensePolicyEvaluator();
+        List<PolicyConditionViolation> violations = evaluator.evaluate(policy, componentWithLicense);
+        Assert.assertEquals(0, violations.size());
+
+        violations = evaluator.evaluate(policy, componentWithoutLicense);
+        Assert.assertEquals(1, violations.size());
+    }
+
 }

From d111f5bd7467143ebf3fe5f3b1b30d92ff1c694b Mon Sep 17 00:00:00 2001
From: RBickert <rbt@mm-software.com>
Date: Tue, 6 Dec 2022 10:34:52 +0100
Subject: [PATCH 2/2] Change `undefinedLicense` to `unresolved`

Signed-off-by: RBickert <rbt@mm-software.com>
---
 .../org/dependencytrack/policy/LicensePolicyEvaluator.java    | 2 +-
 .../dependencytrack/policy/LicensePolicyEvaluatorTest.java    | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/java/org/dependencytrack/policy/LicensePolicyEvaluator.java b/src/main/java/org/dependencytrack/policy/LicensePolicyEvaluator.java
index e1ebb8ffdb..434fb20b3e 100644
--- a/src/main/java/org/dependencytrack/policy/LicensePolicyEvaluator.java
+++ b/src/main/java/org/dependencytrack/policy/LicensePolicyEvaluator.java
@@ -55,7 +55,7 @@ public List<PolicyConditionViolation> evaluate(final Policy policy, final Compon
 
         for (final PolicyCondition condition: super.extractSupportedConditions(policy)) {
             LOGGER.debug("Evaluating component (" + component.getUuid() + ") against policy condition (" + condition.getUuid() + ")");
-            if (condition.getValue().equals("undefinedLicense")) {
+            if (condition.getValue().equals("unresolved")) {
                 if (license == null && PolicyCondition.Operator.IS == condition.getOperator()) {
                     violations.add(new PolicyConditionViolation(condition, component));
                 } else if (license != null && PolicyCondition.Operator.IS_NOT == condition.getOperator()) {
diff --git a/src/test/java/org/dependencytrack/policy/LicensePolicyEvaluatorTest.java b/src/test/java/org/dependencytrack/policy/LicensePolicyEvaluatorTest.java
index 74343a0df2..3bb1521d4e 100644
--- a/src/test/java/org/dependencytrack/policy/LicensePolicyEvaluatorTest.java
+++ b/src/test/java/org/dependencytrack/policy/LicensePolicyEvaluatorTest.java
@@ -103,7 +103,7 @@ public void wrongOperator() {
     }
 
     @Test
-    public void valueIsUndefinedLicense() {
+    public void valueIsUnresolved() {
         License license = new License();
         license.setName("Apache 2.0");
         license.setLicenseId("Apache-2.0");
@@ -111,7 +111,7 @@ public void valueIsUndefinedLicense() {
         license = qm.persist(license);
 
         Policy policy = qm.createPolicy("Test Policy", Policy.Operator.ANY, Policy.ViolationState.INFO);
-        qm.createPolicyCondition(policy, PolicyCondition.Subject.LICENSE, PolicyCondition.Operator.IS, "undefinedLicense");
+        qm.createPolicyCondition(policy, PolicyCondition.Subject.LICENSE, PolicyCondition.Operator.IS, "unresolved");
 
         Component componentWithLicense = new Component();
         componentWithLicense.setResolvedLicense(license);