Fix notifications not being sent for child projects where active is…

… `null` Fixes DependencyTrack#3296 Signed-off-by: nscuro <nscuro@protonmail.com>
nscuro · Dec 14, 2023 · 6ea5061 · 6ea5061
1 parent d3fbc56
commit 6ea5061
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 2 deletions.
diff --git a/src/main/java/org/dependencytrack/notification/NotificationRouter.java b/src/main/java/org/dependencytrack/notification/NotificationRouter.java
@@ -257,7 +257,8 @@ private boolean checkIfChildrenAreAffected(Project parent, UUID uuid) {
             return false;
         }
         for (Project child : parent.getChildren()) {
-            if ((child.getUuid().equals(uuid) && Boolean.TRUE.equals(child.isActive())) || isChild) {
+            final boolean isChildActive = child.isActive() == null || child.isActive();
+            if ((child.getUuid().equals(uuid) && isChildActive) || isChild) {
                 return true;
             }
             isChild = checkIfChildrenAreAffected(child, uuid);

diff --git a/src/test/java/org/dependencytrack/notification/NotificationRouterTest.java b/src/test/java/org/dependencytrack/notification/NotificationRouterTest.java
@@ -657,7 +657,42 @@ public void testAffectedInactiveChild() {
         Assert.assertEquals(0, rules.size());
     }
 
-
+    @Test
+    public void testAffectedActiveNullChild() {
+        NotificationPublisher publisher = createSlackPublisher();
+        // Creates a new rule and defines when the rule should be triggered (notifyOn)
+        NotificationRule rule = qm.createNotificationRule("Matching Test Rule", NotificationScope.PORTFOLIO, NotificationLevel.INFORMATIONAL, publisher);
+        Set<NotificationGroup> notifyOn = new HashSet<>();
+        notifyOn.add(NotificationGroup.NEW_VULNERABILITY);
+        rule.setNotifyOn(notifyOn);
+        // Creates a project which will later be matched on
+        List<Project> projects = new ArrayList<>();
+        Project grandParent = qm.createProject("Test Project Grandparent", null, "1.0", null, null, null, true, false);
+        Project parent = qm.createProject("Test Project Parent", null, "1.0", null, grandParent, null, true, false);
+        Project child = qm.createProject("Test Project Child", null, "1.0", null, parent, null, true, false);
+        Project grandChild = qm.createProject("Test Project Grandchild", null, "1.0", null, child, null, true, false);
+        grandChild.setActive(null); // https://github.com/DependencyTrack/dependency-track/issues/3296
+        projects.add(grandParent);
+        rule.setProjects(projects);
+        // Creates a new component
+        Component component = new Component();
+        component.setProject(grandChild);
+        // Creates a new notification
+        Notification notification = new Notification();
+        notification.setScope(NotificationScope.PORTFOLIO.name());
+        notification.setGroup(NotificationGroup.NEW_VULNERABILITY.name());
+        notification.setLevel(NotificationLevel.INFORMATIONAL);
+        // Notification should be limited to only specific projects - Set the projects which are affected by the notification event
+        Set<Project> affectedProjects = new HashSet<>();
+        affectedProjects.add(grandChild);
+        NewVulnerabilityIdentified subject = new NewVulnerabilityIdentified(new Vulnerability(), component, affectedProjects, null);
+        notification.setSubject(subject);
+        // Ok, let's test this
+        NotificationRouter router = new NotificationRouter();
+        List<NotificationRule> rules = router.resolveRules(PublishContext.from(notification), notification);
+        Assert.assertTrue(rule.isNotifyChildren());
+        Assert.assertEquals(1, rules.size());
+    }
 
     private NotificationPublisher createSlackPublisher() {
         return qm.createNotificationPublisher(