Merge pull request #187 from walterdeboer/issue-1113

Migrate remaining classes to Jackson
DependencyTrack · Mar 10, 2023 · d69fb19 · d69fb19
2 parents 71b03a0 + dd234ad
commit d69fb19
Show file tree

Hide file tree

Showing 42 changed files with 953 additions and 990 deletions.
diff --git a/pom.xml b/pom.xml
@@ -181,15 +181,7 @@
             <artifactId>javax.activation-api</artifactId>
             <version>1.2.0</version>
         </dependency>
-        <!-- org.json
-        This was previously transitively included with Unirest. However, Unirest v3.x removed reliance on org.json
-        in favor of their own API compatible replacement. Therefore, it was necessary to directly include org.json.
-        Removal of org.json is documented in https://github.com/DependencyTrack/dependency-track/issues/1113 -->
-        <dependency>
-            <groupId>org.json</groupId>
-            <artifactId>json</artifactId>
-            <version>20220924</version>
-        </dependency>
+
         <!-- Package URL -->
         <dependency>
             <groupId>com.github.package-url</groupId>

diff --git a/src/main/java/org/dependencytrack/common/Jackson.java b/src/main/java/org/dependencytrack/common/Jackson.java
@@ -18,6 +18,11 @@
  */
 package org.dependencytrack.common;
 
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigDecimal;
+import java.text.SimpleDateFormat;
+import org.apache.http.client.methods.CloseableHttpResponse;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;
@@ -27,12 +32,6 @@
 import com.fasterxml.jackson.databind.node.ArrayNode;
 import com.fasterxml.jackson.databind.node.JsonNodeFactory;
 import com.fasterxml.jackson.databind.node.ObjectNode;
-import org.apache.http.client.methods.CloseableHttpResponse;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.text.SimpleDateFormat;
-import java.util.Optional;
 
 /**
  * Helper class wrapping a Jackson {@link ObjectMapper} and providing various utility methods.
@@ -89,9 +88,12 @@ public static JsonNode readHttpResponse(final CloseableHttpResponse response) th
     }
 
     public static <T> T readHttpResponse(final CloseableHttpResponse response, final Class<T> clazz) throws IOException {
-        try (final InputStream entityInputStream = response.getEntity().getContent()) {
-            return objectReader().readValue(entityInputStream, clazz);
+        if ((response != null) && (response.getEntity().getContent() != null)) {
+            try (final InputStream entityInputStream = response.getEntity().getContent()) {
+                return objectReader().readValue(entityInputStream, clazz);
+            }
         }
+        return null;
     }
 
     public static ArrayNode asArray(final JsonNode jsonNode, final String fieldName) {
@@ -104,9 +106,53 @@ public static ArrayNode asArray(final JsonNode jsonNode, final String fieldName)
     }
 
     public static String optString(final JsonNode jsonNode, final String fieldName) {
-        return Optional.ofNullable(jsonNode.get(fieldName))
-                .map(JsonNode::asText)
-                .orElse(null);
+        final var field = jsonNode.get(fieldName);
+        return field == null || field.isNull() ? null : field.asText();
+    }
+
+    public static String optString(final JsonNode jsonNode, final int index) {
+        final var field = jsonNode.get(index);
+        return field == null || field.isNull() ? null : field.asText();
+    }
+
+    public static Integer optInt(final JsonNode jsonNode, final String fieldName) {
+        final var field = jsonNode.get(fieldName);
+        return field == null || field.isNull() ? null : field.asInt();
+    }
+
+    public static Number optLong(final JsonNode jsonNode, final String fieldName) {
+        final var field = jsonNode.get(fieldName);
+        return field == null || field.isNull() ? null : field.asLong();
+    }
+
+    public static Double optDouble(final JsonNode jsonNode, final String fieldName) {
+        final var field = jsonNode.get(fieldName);
+        return field == null || field.isNull() ? null : field.asDouble();
+    }
+
+    public static BigDecimal optBigDecimal(final JsonNode jsonNode, final String fieldName) {
+        final var field = jsonNode.get(fieldName);
+        return field == null || field.isNull() ? null : field.decimalValue();
+    }
+
+    public static Boolean optBoolean(final JsonNode jsonNode, final String fieldName) {
+        final var field = jsonNode.get(fieldName);
+        return field == null || field.isNull() ? null : field.asBoolean();
+    }
+
+    public static JsonNode optNode(final JsonNode jsonNode, final String fieldName) {
+        final var field = jsonNode.get(fieldName);
+        return field == null || field.isNull() ? null : field;
+    }
+
+    public static JsonNode optNode(final JsonNode jsonNode, final int index) {
+        final var field = jsonNode.get(index);
+        return field == null || field.isNull() ? null : field;
+    }
+
+    public static ArrayNode optArray(final JsonNode jsonNode, final String fieldName) {
+        final var field = jsonNode.get(fieldName);
+        return field == null || field.isNull() ? null : (ArrayNode)field;
     }
 
     /**

diff --git a/src/main/java/org/dependencytrack/event/EventSubsystemInitializer.java b/src/main/java/org/dependencytrack/event/EventSubsystemInitializer.java
@@ -18,11 +18,8 @@
  */
 package org.dependencytrack.event;
 
-import alpine.common.logging.Logger;
-import alpine.event.LdapSyncEvent;
-import alpine.event.framework.EventService;
-import alpine.event.framework.SingleThreadedEventService;
-import alpine.server.tasks.LdapSyncTask;
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
 import org.dependencytrack.RequirementsVerifier;
 import org.dependencytrack.tasks.BomUploadProcessingTask;
 import org.dependencytrack.tasks.CallbackTask;
@@ -51,9 +48,11 @@
 import org.dependencytrack.tasks.scanners.OssIndexAnalysisTask;
 import org.dependencytrack.tasks.scanners.SnykAnalysisTask;
 import org.dependencytrack.tasks.scanners.VulnDbAnalysisTask;
-
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
+import alpine.common.logging.Logger;
+import alpine.event.LdapSyncEvent;
+import alpine.event.framework.EventService;
+import alpine.event.framework.SingleThreadedEventService;
+import alpine.server.tasks.LdapSyncTask;
 
 /**
  * Initializes the event subsystem and configures event subscribers.

diff --git a/src/main/java/org/dependencytrack/integrations/FindingPackagingFormat.java b/src/main/java/org/dependencytrack/integrations/FindingPackagingFormat.java
@@ -18,21 +18,18 @@
  */
 package org.dependencytrack.integrations;
 
-import alpine.model.About;
-import alpine.model.ConfigProperty;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.node.ObjectNode;
+import static org.dependencytrack.model.ConfigPropertyConstants.GENERAL_BASE_URL;
+import java.util.Date;
+import java.util.List;
+import java.util.UUID;
 import org.dependencytrack.common.Jackson;
 import org.dependencytrack.model.Finding;
 import org.dependencytrack.model.Project;
 import org.dependencytrack.persistence.QueryManager;
 import org.dependencytrack.util.DateUtil;
-
-import java.util.Date;
-import java.util.List;
-import java.util.UUID;
-
-import static org.dependencytrack.model.ConfigPropertyConstants.GENERAL_BASE_URL;
+import com.fasterxml.jackson.databind.JsonNode;
+import alpine.model.About;
+import alpine.model.ConfigProperty;
 
 public class FindingPackagingFormat {
 
@@ -74,7 +71,7 @@ private JsonNode initialize(final UUID projectUuid, final List<Finding> findings
                 This is useful for file-based parsing systems that needs to be able to
                 identify what type of file it is, and what type of system generated it.
              */
-            final ObjectNode meta = Jackson.newObject();
+            final var meta = Jackson.newObject();
             meta.put(FIELD_APPLICATION, about.getApplication());
             meta.put(FIELD_VERSION, about.getVersion());
             meta.put(FIELD_TIMESTAMP, DateUtil.toISO8601(new Date()));
@@ -88,7 +85,7 @@ private JsonNode initialize(final UUID projectUuid, final List<Finding> findings
                 well as not have to perform additional queries back to Dependency-Track
                 to discover basic project information.
              */
-            final ObjectNode projectJson = Jackson.newObject();
+            final var projectJson = Jackson.newObject();
             projectJson.put(FIELD_UUID, project.getUuid().toString());
             projectJson.put(FIELD_NAME, project.getName());
             if (project.getVersion() != null) {
@@ -108,7 +105,7 @@ private JsonNode initialize(final UUID projectUuid, final List<Finding> findings
                 Add the meta and project objects along with the findings array
                 to a root json object and return.
              */
-            final ObjectNode root = Jackson.newObject();
+            final var root = Jackson.newObject();
             root.put(FIELD_VERSION, FPF_VERSION);
             root.set(FIELD_META, meta);
             root.set(FIELD_PROJECT, projectJson);

diff --git a/src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoClient.java b/src/main/java/org/dependencytrack/integrations/defectdojo/DefectDojoClient.java
@@ -18,9 +18,12 @@
  */
 package org.dependencytrack.integrations.defectdojo;
 
-import alpine.common.logging.Logger;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.node.ArrayNode;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.text.SimpleDateFormat;
+import java.util.Date;
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpStatus;
 import org.apache.http.client.methods.CloseableHttpResponse;
@@ -34,13 +37,9 @@
 import org.apache.http.entity.mime.content.StringBody;
 import org.dependencytrack.common.HttpClientPool;
 import org.dependencytrack.common.Jackson;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URISyntaxException;
-import java.net.URL;
-import java.text.SimpleDateFormat;
-import java.util.Date;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.node.ArrayNode;
+import alpine.common.logging.Logger;
 
 public class DefectDojoClient {
 
@@ -99,21 +98,21 @@ public ArrayNode getDojoTestIds(final String token, final String eid) {
             request.addHeader("Authorization", "Token " + token);
             try (CloseableHttpResponse response = HttpClientPool.getClient().execute(request)) {
                 if (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
-                    if (response.getEntity() != null) {
-                        JsonNode dojoObj = Jackson.readHttpResponse(response);
-                        final ArrayNode dojoArray = Jackson.asArray(dojoObj, "results");
+                    JsonNode jsonObject = Jackson.readHttpResponse(response);
+                    if (jsonObject != null) {
+                        final ArrayNode dojoArray = Jackson.asArray(jsonObject, "results");
                         String nextUrl;
-                        while (dojoObj.get("next") != null) {
-                            nextUrl = dojoObj.get("next").toString();
+                        while (jsonObject.get("next") != null) {
+                            nextUrl = jsonObject.get("next").toString();
                             LOGGER.debug("Making the subsequent pagination call on " + nextUrl);
                             uriBuilder = new URIBuilder(nextUrl);
                             request = new HttpGet(uriBuilder.build().toString());
                             request.addHeader("accept", "application/json");
                             request.addHeader("Authorization", "Token " + token);
                             try (CloseableHttpResponse response1 = HttpClientPool.getClient().execute(request)) {
-                                nextUrl = dojoObj.get("next").toString();
-                                dojoObj = Jackson.readHttpResponse(response1);
-                                dojoArray.addAll(Jackson.asArray(dojoObj, "results"));
+                                nextUrl = jsonObject.get("next").toString();
+                                jsonObject = Jackson.readHttpResponse(response1);
+                                dojoArray.addAll(Jackson.asArray(jsonObject, "results"));
                             }
                         }
                         LOGGER.debug("Successfully retrieved the test list ");

diff --git a/src/main/java/org/dependencytrack/integrations/fortifyssc/FortifySscClient.java b/src/main/java/org/dependencytrack/integrations/fortifyssc/FortifySscClient.java
@@ -18,9 +18,12 @@
  */
 package org.dependencytrack.integrations.fortifyssc;
 
-import alpine.common.logging.Logger;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.fasterxml.jackson.databind.node.ObjectNode;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
 import org.apache.http.HttpEntity;
 import org.apache.http.HttpStatus;
 import org.apache.http.client.methods.CloseableHttpResponse;
@@ -32,13 +35,8 @@
 import org.apache.http.entity.mime.MultipartEntityBuilder;
 import org.dependencytrack.common.HttpClientPool;
 import org.dependencytrack.common.Jackson;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URISyntaxException;
-import java.net.URL;
-import java.nio.charset.StandardCharsets;
-import java.util.Base64;
+import com.fasterxml.jackson.databind.JsonNode;
+import alpine.common.logging.Logger;
 
 public class FortifySscClient {
 
@@ -54,17 +52,17 @@ public FortifySscClient(final FortifySscUploader uploader, final URL baseURL) {
     public String generateOneTimeUploadToken(final String citoken) {
         LOGGER.debug("Generating one-time upload token");
         var request = new HttpPost(baseURL + "/api/v1/fileTokens");
-        final ObjectNode payload = Jackson.newObject().put("fileTokenType", "UPLOAD");
+        final var payload = Jackson.newObject().put("fileTokenType", "UPLOAD");
         request.addHeader("Content-Type", "application/json");
         request.addHeader("Authorization", "FortifyToken " + Base64.getEncoder().encodeToString(citoken.getBytes(StandardCharsets.UTF_8)));
         try {
             request.setEntity(new StringEntity(payload.toString()));
             try (CloseableHttpResponse response = HttpClientPool.getClient().execute(request)) {
                 if (response.getStatusLine().getStatusCode() == HttpStatus.SC_CREATED) {
-                    if (response.getEntity() != null) {
-                        final JsonNode root = Jackson.readHttpResponse(response);
+                    final JsonNode jsonObject = Jackson.readHttpResponse(response);
+                    if (jsonObject != null) {
                         LOGGER.debug("One-time upload token retrieved");
-                        return root.get("data").get("token").asText();
+                        return jsonObject.get("data").get("token").asText();
                     }
                 } else {
                     uploader.handleUnexpectedHttpResponse(LOGGER, request.getURI().toString(), response.getStatusLine().getStatusCode(), response.getStatusLine().getReasonPhrase());