Add regression test for DependencyTrack/dependency-track#1905

Signed-off-by: nscuro <nscuro@protonmail.com>
DependencyTrack · Jul 7, 2023 · 8fd9a6d · 8fd9a6d
1 parent e845d91
commit 8fd9a6d
Show file tree

Hide file tree

Showing 3 changed files with 115 additions and 10 deletions.
diff --git a/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java b/src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java
@@ -142,16 +142,16 @@ public static Component convertComponent(final org.cyclonedx.model.Component cdx
             for (final org.cyclonedx.model.Hash cdxHash : cdxComponent.getHashes()) {
                 final Consumer<String> hashSetter = switch (cdxHash.getAlgorithm().toLowerCase()) {
                     case "md5" -> component::setMd5;
-                    case "sha1" -> component::setSha1;
-                    case "sha256" -> component::setSha256;
-                    case "sha384" -> component::setSha384;
-                    case "sha512" -> component::setSha512;
-                    case "sha3_256" -> component::setSha3_256;
-                    case "sha3_384" -> component::setSha3_384;
-                    case "sha3_512" -> component::setSha3_512;
-                    case "blake2b_256" -> component::setBlake2b_256;
-                    case "blake2b_384" -> component::setBlake2b_384;
-                    case "blake2b_512" -> component::setBlake2b_512;
+                    case "sha-1" -> component::setSha1;
+                    case "sha-256" -> component::setSha256;
+                    case "sha-384" -> component::setSha384;
+                    case "sha-512" -> component::setSha512;
+                    case "sha3-256" -> component::setSha3_256;
+                    case "sha3-384" -> component::setSha3_384;
+                    case "sha3-512" -> component::setSha3_512;
+                    case "blake2b-256" -> component::setBlake2b_256;
+                    case "blake2b-384" -> component::setBlake2b_384;
+                    case "blake2b-512" -> component::setBlake2b_512;
                     case "blake3" -> component::setBlake3;
                     default -> null;
                 };

diff --git a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java
@@ -288,6 +288,43 @@ public void informIssue2519Test() throws Exception {
         }
     }
 
+    @Test // https://github.com/DependencyTrack/dependency-track/issues/1905
+    public void informIssue1905Test() throws Exception {
+        final var project = qm.createProject("Acme Example", null, "1.0", null, null, null, true, false);
+
+        for (int i = 0; i < 3; i++) {
+            var bomUploadEvent = new BomUploadEvent(qm.detach(Project.class, project.getId()), createTempBomFile("bom-issue1905.json"));
+            new BomUploadProcessingTask().inform(bomUploadEvent);
+
+            // Make sure processing did not fail.
+            assertThat(kafkaMockProducer.history())
+                    .noneSatisfy(record -> {
+                        assertThat(record.topic()).isEqualTo(KafkaTopics.NOTIFICATION_BOM.name());
+                        final Notification notification = deserializeValue(KafkaTopics.NOTIFICATION_BOM, record);
+                        assertThat(notification.getGroup()).isEqualTo(GROUP_BOM_PROCESSING_FAILED);
+                    });
+
+            // Ensure all expected components are present.
+            // In this particular case, both components from the BOM are supposed to NOT be merged.
+            assertThat(qm.getAllComponents(project)).satisfiesExactlyInAnyOrder(
+                    component -> {
+                        assertThat(component.getClassifier()).isEqualTo(Classifier.LIBRARY);
+                        assertThat(component.getName()).isEqualTo("cloud.google.com/go/storage");
+                        assertThat(component.getVersion()).isEqualTo("v1.13.0");
+                        assertThat(component.getPurl().canonicalize()).isEqualTo("pkg:golang/cloud.google.com/go/storage@v1.13.0?type=package");
+                        assertThat(component.getSha256()).isNull();
+                    },
+                    component -> {
+                        assertThat(component.getClassifier()).isEqualTo(Classifier.LIBRARY);
+                        assertThat(component.getName()).isEqualTo("cloud.google.com/go/storage");
+                        assertThat(component.getVersion()).isEqualTo("v1.13.0");
+                        assertThat(component.getPurl().canonicalize()).isEqualTo("pkg:golang/cloud.google.com/go/storage@v1.13.0?goarch=amd64&goos=darwin&type=module");
+                        assertThat(component.getSha256()).isEqualTo("6a63ef842388f8796da7aacfbbeeb661dc2122b8dffb7e0f29500be07c206309");
+                    }
+            );
+        }
+    }
+
     private static File createTempBomFile(final String testFileName) throws Exception {
         // The task will delete the input file after processing it,
         // so create a temporary copy to not impact other tests.

diff --git a/src/test/resources/unit/bom-issue1905.json b/src/test/resources/unit/bom-issue1905.json
@@ -0,0 +1,68 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.4",
+  "version": 1,
+  "metadata": {
+    "timestamp": "2023-05-16T08:57:13+02:00",
+    "tools": [
+      {
+        "vendor": "CycloneDX",
+        "name": "cyclonedx-gomod",
+        "version": "v1.4.0"
+      }
+    ],
+    "component": {
+      "bom-ref": "pkg:golang/go.foobar.com/localfull@v0.0.0-20230515095825-3c9a500d1e33?type=module",
+      "type": "application",
+      "name": "go.foobar.com/localfull",
+      "version": "v0.0.0-20230515095825-3c9a500d1e33",
+      "purl": "pkg:golang/go.foobar.com/localfull@v0.0.0-20230515095825-3c9a500d1e33?type=module\u0026goos=darwin\u0026goarch=amd64",
+      "properties": [
+      ],
+      "components": [
+      ]
+    }
+  },
+  "components": [
+    {
+      "bom-ref": "pkg:golang/cloud.google.com/go/storage@v1.13.0?type=module",
+      "type": "library",
+      "name": "cloud.google.com/go/storage",
+      "version": "v1.13.0",
+      "scope": "required",
+      "hashes": [
+        {
+          "alg": "SHA-256",
+          "content": "6a63ef842388f8796da7aacfbbeeb661dc2122b8dffb7e0f29500be07c206309"
+        }
+      ],
+      "purl": "pkg:golang/cloud.google.com/go/storage@v1.13.0?type=module\u0026goos=darwin\u0026goarch=amd64",
+      "components": [
+        {
+          "type": "library",
+          "name": "cloud.google.com/go/storage",
+          "version": "v1.13.0",
+          "purl": "pkg:golang/cloud.google.com/go/storage@v1.13.0?type=package"
+        }
+      ],
+      "evidence": {
+        "licenses": [
+          {
+            "license": {
+              "id": "Apache-2.0"
+            }
+          }
+        ]
+      }
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "pkg:golang/go.foobar.com/localfull@v0.0.0-20230515095825-3c9a500d1e33?type=module",
+      "dependsOn": [
+        "pkg:golang/cloud.google.com/go/storage@v1.13.0?type=module"
+      ]
+    }
+  ]
+}