Skip to content

Commit

Permalink
Merge branch 'project-ncl:main' into sbomer280_additional_e2e_tests
Browse files Browse the repository at this point in the history
  • Loading branch information
@jonathanchristison
jonathanchristison authored Jan 28, 2025
2 parents 9827ef8 + 2d350c7 commit 76de613
Show file tree
Hide file tree
Showing 16 changed files with 198,409 additions and 102 deletions.
85 changes: 83 additions & 2 deletions core/src/main/java/org/jboss/sbomer/core/features/sbom/utils/SbomUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,15 +39,18 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.TreeSet;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;

import org.commonjava.atlas.maven.ident.ref.SimpleArtifactRef;
Expand Down Expand Up @@ -82,7 +85,6 @@
import org.jboss.pnc.dto.Artifact;
import org.jboss.pnc.dto.Build;
import org.jboss.pnc.dto.DeliverableAnalyzerOperation;
import org.jboss.pnc.enums.BuildType;
import org.jboss.pnc.restclient.util.ArtifactUtil;
import org.jboss.sbomer.core.features.sbom.Constants;
import org.jboss.sbomer.core.features.sbom.config.Config;
Expand Down Expand Up @@ -175,7 +177,9 @@ private static void setCoordinates(Component component, Artifact artifact) {
} else if (scopeName.length == 1) {
component.setName(scopeName[0]);
} else {
log.warn("Unexpected number of slashes in NPM artifact name {}, using it fully", coordinates.getName());
log.warn(
"Unexpected number of slashes in NPM artifact name {}, using it fully",
coordinates.getName());
component.setName(coordinates.getName());
}
component.setVersion(coordinates.getVersionString());
Expand Down Expand Up @@ -1066,4 +1070,81 @@ private static String rebuildPurl(Component component) {
return null;
}
}

/**
* Creates a new purl with the same name, namespace, subpath, type, version and qualifiers and add the specified
* qualifier. If "redHatComponentsOnly" is true, add the qualifiers only if the component has a Red Hat version.
* Finally rebuilds the purl to make sure it is valid and qualifiers are properly sorted.
*
* @param component the input component which has the purl to modify
* @param qualifiers the Map with the qualifiers key-value
* @param redHatComponentsOnly boolean, true if the qualifiers should be added only to components with Red Hat
* version
* @return The new validated purl as string.
*/
public static String addQualifiersToPurlOfComponent(
Component component,
Map<String, String> qualifiers,
boolean redHatComponentsOnly) {

// In case this is not a RH artifact, do not update the purl
if (redHatComponentsOnly && !RhVersionPattern.isRhVersion(component.getVersion())
&& !RhVersionPattern.isRhPurl(component.getPurl())) {
return component.getPurl();
}

try {
PackageURL purl = new PackageURL(component.getPurl());
PackageURLBuilder builder = PackageURLBuilder.aPackageURL()
.withName(purl.getName())
.withNamespace(purl.getNamespace())
.withSubpath(purl.getSubpath())
.withType(purl.getType())
.withVersion(purl.getVersion());

if (purl.getQualifiers() != null) {
// Copy all the original qualifiers
purl.getQualifiers().forEach((k, v) -> builder.withQualifier(k, v));
}

// Add the qualifiers
qualifiers.forEach((k, v) -> builder.withQualifier(k, v));

return builder.build().toString();
} catch (MalformedPackageURLException | IllegalArgumentException e) {
log.warn("Error while adding new qualifiers to component with purl {}", component.getPurl(), e);
return component.getPurl();
}
}

/**
* Returns a TreeSet containing the component PURL and any PURL found among the evidence identities'
* concludedValues.
*
* @param component
* @return The TreeSet containing all the found PURLs
*/
public static Set<String> getAllPurlsOfComponent(Component component) {

if (component == null || component.getPurl() == null) {
return Collections.emptySet();
}

TreeSet<String> allPurls = new TreeSet<>();
allPurls.add(component.getPurl());

if (component.getEvidence() == null || component.getEvidence().getIdentities() == null
|| component.getEvidence().getIdentities().isEmpty()) {
return allPurls;
}

Set<String> purls = component.getEvidence()
.getIdentities()
.stream()
.filter(identity -> Field.PURL.equals(identity.getField()))
.map(identity -> identity.getConcludedValue())
.collect(Collectors.toSet());
allPurls.addAll(purls);
return allPurls;
}
}
20 changes: 14 additions & 6 deletions .../java/org/jboss/sbomer/service/feature/sbom/errata/event/EventNotificationFiringUtil.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@
package org.jboss.sbomer.service.feature.sbom.errata.event;

import org.jboss.sbomer.service.feature.sbom.errata.event.comment.RequestEventStatusUpdateEvent;
import org.jboss.sbomer.service.feature.sbom.errata.event.release.AdvisoryReleaseEvent;
import org.jboss.sbomer.service.feature.sbom.errata.event.release.StandardAdvisoryReleaseEvent;
import org.jboss.sbomer.service.feature.sbom.errata.event.release.TextOnlyAdvisoryReleaseEvent;

import io.quarkus.arc.Arc;
import jakarta.enterprise.event.Event;
Expand All @@ -42,16 +43,23 @@ public static void notifyRequestEventStatusUpdate(Object requestEventNotificatio
}

public static void notifyAdvisoryRelease(Object advisoryReleaseNotification) {
AdvisoryReleaseEvent releaseEvent = (AdvisoryReleaseEvent) advisoryReleaseNotification;
log.info(
"Firing async event for advisory release update upon event with id: {}",
releaseEvent.getRequestEventId());
if (advisoryReleaseNotification instanceof StandardAdvisoryReleaseEvent) {
StandardAdvisoryReleaseEvent releaseEvent = (StandardAdvisoryReleaseEvent) advisoryReleaseNotification;
log.info(
"Firing async event for standard advisory release update upon event with id: {}",
releaseEvent.getRequestEventId());
} else {
TextOnlyAdvisoryReleaseEvent releaseEvent = (TextOnlyAdvisoryReleaseEvent) advisoryReleaseNotification;
log.info(
"Firing async event for text-only advisory release update upon event with id: {}",
releaseEvent.getRequestEventId());
}

Event<Object> event = Arc.container().beanManager().getEvent();
event.fireAsync(advisoryReleaseNotification).whenComplete((result, throwable) -> {
if (throwable != null) {
log.error("Error occurred while processing the async event.", throwable);
}
});
}

}
44 changes: 9 additions & 35 deletions ...elease/ReleaseAdvisoryEventsListener.java → ...eleaseStandardAdvisoryEventsListener.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@

@ApplicationScoped
@Slf4j
public class ReleaseAdvisoryEventsListener {
public class ReleaseStandardAdvisoryEventsListener {

// Set the long transaction imeout to 10 mins
private static final int INCREASED_TIMEOUT_SEC = 600;
Expand Down Expand Up @@ -116,8 +116,8 @@ public class ReleaseAdvisoryEventsListener {

private static final String NVR_STANDARD_SEPARATOR = "-";

public void onReleaseAdvisoryEvent(@ObservesAsync AdvisoryReleaseEvent event) {
log.debug("Event received for advisory release ...");
public void onReleaseAdvisoryEvent(@ObservesAsync StandardAdvisoryReleaseEvent event) {
log.debug("Event received for standard advisory release ...");

RequestEvent requestEvent = requestEventRepository.findById(event.getRequestEventId());
try {
Expand Down Expand Up @@ -206,7 +206,7 @@ protected void releaseManifestsForRPMBuilds(
Errata erratum,
Map<ProductVersionEntry, List<BuildItem>> advisoryBuildDetails,
V1Beta1RequestRecord advisoryManifestsRecord,
Map<ProductVersionEntry, SbomGenerationRequest> releaseGenerations,
Map<String, SbomGenerationRequest> releaseGenerations,
String toolVersion,
Component.Type productType,
Map<ProductVersionEntry, Set<String>> productVersionToCPEs,
Expand Down Expand Up @@ -240,7 +240,7 @@ protected void releaseManifestsForRPMBuilds(

SbomUtils.addMissingSerialNumber(productVersionBom);

SbomGenerationRequest releaseGeneration = releaseGenerations.get(productVersion);
SbomGenerationRequest releaseGeneration = releaseGenerations.get(productVersion.getName());
Sbom sbom = saveReleaseManifestForRPMGeneration(
requestEvent,
erratum,
Expand Down Expand Up @@ -276,7 +276,7 @@ protected void releaseManifestsForDockerBuilds(
Errata erratum,
Map<ProductVersionEntry, List<BuildItem>> advisoryBuildDetails,
V1Beta1RequestRecord advisoryManifestsRecord,
Map<ProductVersionEntry, SbomGenerationRequest> releaseGenerations,
Map<String, SbomGenerationRequest> releaseGenerations,
String toolVersion,
Component.Type productType,
Map<ProductVersionEntry, Set<String>> productVersionToCPEs,
Expand Down Expand Up @@ -309,7 +309,7 @@ protected void releaseManifestsForDockerBuilds(

SbomUtils.addMissingSerialNumber(productVersionBom);

SbomGenerationRequest releaseGeneration = releaseGenerations.get(productVersion);
SbomGenerationRequest releaseGeneration = releaseGenerations.get(productVersion.getName());
Sbom sbom = saveReleaseManifestForDockerGeneration(
requestEvent,
erratum,
Expand Down Expand Up @@ -808,10 +808,10 @@ protected ObjectNode collectReleaseInfo(

TreeSet<String> allPurls = new TreeSet<>();
if (manifest.getMetadata() != null) {
allPurls.addAll(getAllPurlsOfComponent(manifest.getMetadata().getComponent()));
allPurls.addAll(SbomUtils.getAllPurlsOfComponent(manifest.getMetadata().getComponent()));
}
for (Component component : manifest.getComponents()) {
allPurls.addAll(getAllPurlsOfComponent(component));
allPurls.addAll(SbomUtils.getAllPurlsOfComponent(component));
}
ArrayNode purlArray = ObjectMapperProvider.json().createArrayNode();
for (String purl : allPurls) {
Expand All @@ -821,32 +821,6 @@ protected ObjectNode collectReleaseInfo(
return releaseMetadata;
}

private Set<String> getAllPurlsOfComponent(Component component) {

if (component == null) {
return Collections.emptySet();
}

Set<String> allPurls = new HashSet<>();
if (component.getPurl() != null) {
allPurls.add(component.getPurl());
}

if (component.getEvidence() == null || component.getEvidence().getIdentities() == null
|| component.getEvidence().getIdentities().isEmpty()) {
return allPurls;
}

Set<String> purls = component.getEvidence()
.getIdentities()
.stream()
.filter(identity -> Field.PURL.equals(identity.getField()))
.map(identity -> identity.getConcludedValue())
.collect(Collectors.toSet());
allPurls.addAll(purls);
return allPurls;
}

private void adjustComponent(
Component component,
Collection<ErrataCDNRepoNormalized> generationCDNs,
Expand Down
Loading

0 comments on commit 76de613

Please sign in to comment.