Merge pull request #199 from ruromero/common-issues

fix: show issues from dependencies

Author: ruromero

src/main/java/com/redhat/exhort/integration/backend/sbom/cyclonedx/CycloneDxParser.java

@@ -89,7 +89,7 @@ private Map<PackageRef, DirectDependency> buildDependencies(
     if (bom.getDependencies() == null || bom.getDependencies().isEmpty()) {
       return buildUnknownDependencies(componentPurls);
     }
-    Map<PackageRef, DirectDependency.Builder> direct = new HashMap<>();
+    Map<PackageRef, DirectDependency.Builder> directDepBuilders = new HashMap<>();
     if (rootRef == null) {
       var transitive =
           bom.getDependencies().stream()
@@ -104,36 +104,39 @@ private Map<PackageRef, DirectDependency> buildDependencies(
           .forEach(
               dref -> {
                 PackageRef r = componentPurls.get(dref);
-                direct.put(r, DirectDependency.builder().ref(r).transitive(new HashSet<>()));
+                directDepBuilders.put(
+                    r, DirectDependency.builder().ref(r).transitive(new HashSet<>()));
               });
     }
     bom.getDependencies().stream()
         .forEach(
-            d -> {
-              if (d.getRef().equals(rootRef)) {
-                d.getDependencies()
+            bomDep -> {
+              if (bomDep.getRef().equals(rootRef)) {
+                bomDep
+                    .getDependencies()
                     .forEach(
                         rootDep -> {
                           var ref = componentPurls.get(rootDep.getRef());
-                          direct.put(
+                          directDepBuilders.put(
                               ref, DirectDependency.builder().ref(ref).transitive(new HashSet<>()));
                         });
-              } else if (d.getDependencies() != null) {
-                var source = componentPurls.get(d.getRef());
-                var directBuilder = direct.get(source);
+              } else if (bomDep.getDependencies() != null) {
+                var source = componentPurls.get(bomDep.getRef());
+                var directBuilder = directDepBuilders.get(source);
                 if (directBuilder == null) {
-                  direct.values().stream()
-                      .filter(v -> v.transitive.contains(source))
+                  directDepBuilders.values().stream()
                       .forEach(
-                          v ->
-                              d.getDependencies()
+                          builder ->
+                              bomDep
+                                  .getDependencies()
                                   .forEach(
                                       t -> {
                                         PackageRef target = componentPurls.get(t.getRef());
-                                        v.transitive.add(target);
+                                        builder.transitive.add(target);
                                       }));
                 } else {
-                  d.getDependencies()
+                  bomDep
+                      .getDependencies()
                       .forEach(
                           t -> {
                             PackageRef target = componentPurls.get(t.getRef());
@@ -142,7 +145,7 @@ private Map<PackageRef, DirectDependency> buildDependencies(
                 }
               }
             });
-    return direct.entrySet().stream()
+    return directDepBuilders.entrySet().stream()
         .map(e -> Map.entry(e.getKey(), e.getValue().build()))
         .collect(Collectors.toUnmodifiableMap(Map.Entry::getKey, Map.Entry::getValue));
   }

src/main/java/com/redhat/exhort/integration/providers/ProviderResponseHandler.java

@@ -203,10 +203,10 @@ public Source buildReportForSource(
     List<DependencyReport> sourceReport = new ArrayList<>();
     tree.dependencies().entrySet().stream()
         .forEach(
-            e -> {
-              var ref = e.getKey().ref();
+            depEntry -> {
+              var ref = depEntry.getKey().ref();
               var issues = issuesData.get(ref);
-              var directReport = new DependencyReport().ref(e.getKey());
+              var directReport = new DependencyReport().ref(depEntry.getKey());
               if (issues == null) {
                 issues = Collections.emptyList();
               }
@@ -216,7 +216,7 @@ public Source buildReportForSource(
                       .collect(Collectors.toList()));
               directReport.setHighestVulnerability(issues.stream().findFirst().orElse(null));
               List<TransitiveDependencyReport> transitiveReports =
-                  e.getValue().transitive().stream()
+                  depEntry.getValue().transitive().stream()
                       .map(
                           t -> {
                             List<Issue> transitiveIssues = Collections.emptyList();
@@ -240,7 +240,7 @@ public Source buildReportForSource(
                                 .issues(transitiveIssues)
                                 .highestVulnerability(highestTransitive.orElse(null));
                           })
-                      .filter(d -> !d.getIssues().isEmpty())
+                      .filter(transitiveReport -> !transitiveReport.getIssues().isEmpty())
                       .collect(Collectors.toList());
               transitiveReports.sort(Collections.reverseOrder(new TransitiveScoreComparator()));
               directReport.setTransitive(transitiveReports);

src/test/java/com/redhat/exhort/integration/AbstractAnalysisTest.java

@@ -42,13 +42,10 @@
 import org.cyclonedx.CycloneDxMediaType;
 import org.junit.jupiter.api.AfterEach;
 
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.ObjectMapper;
 import com.github.jknack.handlebars.internal.Files;
 import com.github.tomakehurst.wiremock.WireMockServer;
 import com.github.tomakehurst.wiremock.client.BasicCredentials;
 import com.google.common.base.Charsets;
-import com.redhat.exhort.config.ObjectMapperProducer;
 import com.redhat.exhort.extensions.InjectWireMock;
 import com.redhat.exhort.extensions.WiremockV3Extension;
 
@@ -89,14 +86,16 @@ void resetMock() {
   }
 
   protected void assertJson(String expectedFile, String currentBody) {
-    ObjectMapper mapper = ObjectMapperProducer.newInstance();
-    JsonNode current;
     try {
-      current = mapper.readTree(currentBody);
-      JsonNode expected =
-          mapper.readTree(
-              getClass().getClassLoader().getResourceAsStream("__files/" + expectedFile));
-      assertEquals(expected, current);
+      var expectedContent =
+          new String(
+              getClass()
+                  .getClassLoader()
+                  .getResourceAsStream("__files/" + expectedFile)
+                  .readAllBytes());
+      assertTrue(
+          equalToJson(expectedContent, true, false).match(currentBody).isExactMatch(),
+          String.format("Expecting: %s \nGot: %s", expectedContent, currentBody));
     } catch (IOException e) {
       fail("Unexpected processing exception");
     }
@@ -279,7 +278,8 @@ protected void stubSnykRequests() {
             .withHeader(
                 "Authorization", equalTo("token " + OK_TOKEN).or(equalTo("token " + SNYK_TOKEN)))
             .withHeader(Exchange.CONTENT_TYPE, equalTo(MediaType.APPLICATION_JSON))
-            .withRequestBody(equalToJson(loadFileAsString("__files/snyk/maven_request.json")))
+            .withRequestBody(
+                equalToJson(loadFileAsString("__files/snyk/maven_request.json"), true, false))
             .willReturn(
                 aResponse()
                     .withStatus(200)
@@ -335,7 +335,9 @@ private void stubSnykEmptyRequest(String provider) {
             .withRequestBody(
                 equalToJson(
                     loadFileAsString("__files/snyk/empty_request.json")
-                        .replaceAll("__PKG_MANAGER__", provider)))
+                        .replaceAll("__PKG_MANAGER__", provider),
+                    true,
+                    false))
             .willReturn(
                 aResponse()
                     .withStatus(200)
@@ -360,13 +362,15 @@ protected void stubOssToken() {
         post(Constants.OSS_INDEX_AUTH_COMPONENT_API_PATH)
             .withBasicAuth(OK_USER, OK_TOKEN)
             .withHeader(Exchange.CONTENT_TYPE, equalTo(MediaType.APPLICATION_JSON))
-            .withRequestBody(equalToJson(loadFileAsString("__files/ossindex/empty_request.json")))
+            .withRequestBody(
+                equalToJson(loadFileAsString("__files/ossindex/empty_request.json"), true, false))
             .willReturn(aResponse().withStatus(200).withBodyFile("ossindex/empty_report.json")));
     server.stubFor(
         post(Constants.OSS_INDEX_AUTH_COMPONENT_API_PATH)
             .withBasicAuth(OK_USER, OK_TOKEN)
             .withHeader(Exchange.CONTENT_TYPE, equalTo(MediaType.APPLICATION_JSON))
-            .withRequestBody(equalToJson(loadFileAsString("__files/ossindex/maven_request.json")))
+            .withRequestBody(
+                equalToJson(loadFileAsString("__files/ossindex/maven_request.json"), true, false))
             .willReturn(aResponse().withStatus(200).withBodyFile("ossindex/maven_report.json")));
     server.stubFor(
         post(Constants.OSS_INDEX_AUTH_COMPONENT_API_PATH)

src/test/java/com/redhat/exhort/integration/AnalysisV3Test.java

@@ -33,7 +33,6 @@
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
-import java.util.Optional;
 import java.util.stream.Stream;
 
 import org.cyclonedx.CycloneDxMediaType;
@@ -44,7 +43,6 @@
 import org.junit.jupiter.params.provider.ValueSource;
 
 import com.redhat.exhort.api.v3.AnalysisReport;
-import com.redhat.exhort.api.v3.ProviderStatus;
 
 import io.quarkus.test.junit.QuarkusTest;
 
@@ -63,7 +61,7 @@ public void testEmptySbom(
       List<String> providers, Map<String, String> authHeaders, String pkgManager) {
     stubAllProviders();
 
-    AnalysisReport report =
+    var report =
         given()
             .header(CONTENT_TYPE, CycloneDxMediaType.APPLICATION_CYCLONEDX_JSON)
             .headers(authHeaders)
@@ -80,7 +78,7 @@ public void testEmptySbom(
 
     providers.forEach(
         p -> {
-          Optional<ProviderStatus> provider =
+          var provider =
               report.getSummary().getProviderStatuses().stream()
                   .filter(s -> s.getProvider().equals(p))
                   .findFirst();
@@ -144,7 +142,7 @@ private static Stream<Arguments> emptySbomArguments() {
   public void testAllWithToken() {
     stubAllProviders();
 
-    String body =
+    var body =
         given()
             .header(CONTENT_TYPE, CycloneDxMediaType.APPLICATION_CYCLONEDX_JSON)
             .header("Accept", MediaType.APPLICATION_JSON)
@@ -171,7 +169,7 @@ public void testAllWithToken() {
   public void testSnykWithNoToken() {
     stubAllProviders();
 
-    String body =
+    var body =
         given()
             .header(CONTENT_TYPE, CycloneDxMediaType.APPLICATION_CYCLONEDX_JSON)
             .header("Accept", MediaType.APPLICATION_JSON)
@@ -195,7 +193,7 @@ public void testSnykWithNoToken() {
   public void testUnauthorizedRequest() {
     stubAllProviders();
 
-    AnalysisReport report =
+    var report =
         given()
             .header(CONTENT_TYPE, CycloneDxMediaType.APPLICATION_CYCLONEDX_JSON)
             .body(loadFileAsString(String.format("%s/empty-sbom.json", CYCLONEDX)))
@@ -212,7 +210,7 @@ public void testUnauthorizedRequest() {
             .as(AnalysisReport.class);
 
     assertEquals(1, report.getSummary().getProviderStatuses().size());
-    ProviderStatus status = report.getSummary().getProviderStatuses().get(0);
+    var status = report.getSummary().getProviderStatuses().get(0);
     assertFalse(status.getOk());
     assertEquals(Constants.SNYK_PROVIDER, status.getProvider());
     assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), status.getStatus());
@@ -224,7 +222,7 @@ public void testUnauthorizedRequest() {
   public void testForbiddenRequest() {
     stubAllProviders();
 
-    AnalysisReport report =
+    var report =
         given()
             .header(CONTENT_TYPE, CycloneDxMediaType.APPLICATION_CYCLONEDX_JSON)
             .body(loadFileAsString(String.format("%s/empty-sbom.json", CYCLONEDX)))
@@ -241,7 +239,7 @@ public void testForbiddenRequest() {
             .as(AnalysisReport.class);
 
     assertEquals(1, report.getSummary().getProviderStatuses().size());
-    ProviderStatus status = report.getSummary().getProviderStatuses().get(0);
+    var status = report.getSummary().getProviderStatuses().get(0);
     assertFalse(status.getOk());
     assertEquals(Constants.SNYK_PROVIDER, status.getProvider());
     assertEquals(Response.Status.FORBIDDEN.getStatusCode(), status.getStatus());
@@ -254,8 +252,8 @@ public void testForbiddenRequest() {
   public void testMultipart_HttpVersions(String version) throws IOException, InterruptedException {
     stubAllProviders();
 
-    HttpClient client = HttpClient.newHttpClient();
-    HttpRequest request =
+    var client = HttpClient.newHttpClient();
+    var request =
         HttpRequest.newBuilder(URI.create("http://localhost:8081/api/v3/analysis"))
             .setHeader(Constants.RHDA_TOKEN_HEADER, DEFAULT_RHDA_TOKEN)
             .setHeader(CONTENT_TYPE, CycloneDxMediaType.APPLICATION_CYCLONEDX_JSON)
@@ -267,7 +265,7 @@ public void testMultipart_HttpVersions(String version) throws IOException, Inter
             .POST(HttpRequest.BodyPublishers.ofFile(loadSBOMFile(CYCLONEDX).toPath()))
             .build();
 
-    HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
+    var response = client.send(request, HttpResponse.BodyHandlers.ofString());
 
     assertEquals(Response.Status.OK.getStatusCode(), response.statusCode());
 

src/test/java/com/redhat/exhort/integration/backend/sbom/SbomParserTest.java

@@ -163,7 +163,7 @@ void testComplexGolangCycloneDX() {
     var tree = parser.buildTree(file);
 
     assertEquals(40, tree.dependencies().size());
-    assertEquals(485, tree.transitiveCount());
+    assertEquals(900, tree.transitiveCount());
   }
 
   static Stream<String> getMediaTypes() {