Match null values

Signed-off-by: Walter de Boer <walterdeboer@dbso.nl>
sahibamittal · Mar 11, 2023 · 91fa7e5 · 91fa7e5
1 parent 9a5645a
commit 91fa7e5
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 21 deletions.
diff --git a/src/main/java/org/dependencytrack/policy/CpePolicyEvaluator.java b/src/main/java/org/dependencytrack/policy/CpePolicyEvaluator.java
@@ -18,13 +18,12 @@
  */
 package org.dependencytrack.policy;
 
-import alpine.common.logging.Logger;
+import java.util.ArrayList;
+import java.util.List;
 import org.dependencytrack.model.Component;
 import org.dependencytrack.model.Policy;
 import org.dependencytrack.model.PolicyCondition;
-
-import java.util.ArrayList;
-import java.util.List;
+import alpine.common.logging.Logger;
 
 /**
  * Evaluates a components Common Platform Enumeration (CPE) against a policy.
@@ -50,9 +49,6 @@ public PolicyCondition.Subject supportedSubject() {
     @Override
     public List<PolicyConditionViolation> evaluate(final Policy policy, final Component component) {
         final List<PolicyConditionViolation> violations = new ArrayList<>();
-        if (component.getCpe() == null) {
-            return violations;
-        }
         for (final PolicyCondition condition: super.extractSupportedConditions(policy)) {
             LOGGER.debug("Evaluating component (" + component.getUuid() + ") against policy condition (" + condition.getUuid() + ")");
             if (PolicyCondition.Operator.MATCHES == condition.getOperator()) {

diff --git a/src/main/java/org/dependencytrack/policy/PackageURLPolicyEvaluator.java b/src/main/java/org/dependencytrack/policy/PackageURLPolicyEvaluator.java
@@ -18,13 +18,12 @@
  */
 package org.dependencytrack.policy;
 
-import alpine.common.logging.Logger;
+import java.util.ArrayList;
+import java.util.List;
 import org.dependencytrack.model.Component;
 import org.dependencytrack.model.Policy;
 import org.dependencytrack.model.PolicyCondition;
-
-import java.util.ArrayList;
-import java.util.List;
+import alpine.common.logging.Logger;
 
 /**
  * Evaluates a components Package URL against a policy.
@@ -50,17 +49,15 @@ public PolicyCondition.Subject supportedSubject() {
     @Override
     public List<PolicyConditionViolation> evaluate(final Policy policy, final Component component) {
         final List<PolicyConditionViolation> violations = new ArrayList<>();
-        if (component.getPurl() == null) {
-            return violations;
-        }
         for (final PolicyCondition condition: super.extractSupportedConditions(policy)) {
             LOGGER.debug("Evaluating component (" + component.getUuid() + ") against policy condition (" + condition.getUuid() + ")");
+            final var canonicalPurl = component.getPurl() == null ? null : component.getPurl().canonicalize();
             if (PolicyCondition.Operator.MATCHES == condition.getOperator()) {
-                if (Matcher.matches(component.getPurl().canonicalize(), condition.getValue())) {
+                if (Matcher.matches(canonicalPurl, condition.getValue())) {
                     violations.add(new PolicyConditionViolation(condition, component));
                 }
             } else if (PolicyCondition.Operator.NO_MATCH == condition.getOperator()) {
-                if (!Matcher.matches(component.getPurl().canonicalize(), condition.getValue())) {
+                if (!Matcher.matches(canonicalPurl, condition.getValue())) {
                     violations.add(new PolicyConditionViolation(condition, component));
                 }
             }

diff --git a/src/test/java/org/dependencytrack/policy/CpePolicyEvaluatorTest.java b/src/test/java/org/dependencytrack/policy/CpePolicyEvaluatorTest.java
@@ -18,15 +18,14 @@
  */
 package org.dependencytrack.policy;
 
+import java.util.List;
 import org.dependencytrack.PersistenceCapableTest;
 import org.dependencytrack.model.Component;
 import org.dependencytrack.model.Policy;
 import org.dependencytrack.model.PolicyCondition;
 import org.junit.Assert;
 import org.junit.Test;
 
-import java.util.List;
-
 public class CpePolicyEvaluatorTest extends PersistenceCapableTest {
 
     @Test
@@ -43,6 +42,20 @@ public void hasMatch() {
         Assert.assertEquals(condition, violation.getPolicyCondition());
     }
 
+    @Test
+    public void hasMatchNullCpe() {
+        Policy policy = qm.createPolicy("Test Policy", Policy.Operator.ANY, Policy.ViolationState.INFO);
+        PolicyCondition condition = qm.createPolicyCondition(policy, PolicyCondition.Subject.CPE, PolicyCondition.Operator.NO_MATCH, ".+");
+        Component component = new Component();
+        component.setCpe(null);
+        PolicyEvaluator evaluator = new CpePolicyEvaluator();
+        List<PolicyConditionViolation> violations = evaluator.evaluate(policy, component);
+        Assert.assertEquals(1, violations.size());
+        PolicyConditionViolation violation = violations.get(0);
+        Assert.assertEquals(component, violation.getComponent());
+        Assert.assertEquals(condition, violation.getPolicyCondition());
+    }
+
     @Test
     public void noMatch() {
         Policy policy = qm.createPolicy("Test Policy", Policy.Operator.ANY, Policy.ViolationState.INFO);

diff --git a/src/test/java/org/dependencytrack/policy/PackageURLPolicyEvaluatorTest.java b/src/test/java/org/dependencytrack/policy/PackageURLPolicyEvaluatorTest.java
@@ -18,15 +18,14 @@
  */
 package org.dependencytrack.policy;
 
-import com.github.packageurl.PackageURL;
+import java.util.List;
 import org.dependencytrack.PersistenceCapableTest;
 import org.dependencytrack.model.Component;
 import org.dependencytrack.model.Policy;
 import org.dependencytrack.model.PolicyCondition;
 import org.junit.Assert;
 import org.junit.Test;
-
-import java.util.List;
+import com.github.packageurl.PackageURL;
 
 public class PackageURLPolicyEvaluatorTest extends PersistenceCapableTest {
 
@@ -44,6 +43,20 @@ public void hasMatch() throws Exception {
         Assert.assertEquals(condition, violation.getPolicyCondition());
     }
 
+    @Test
+    public void hasMatchNullPurl() throws Exception {
+        Policy policy = qm.createPolicy("Test Policy", Policy.Operator.ANY, Policy.ViolationState.INFO);
+        PolicyCondition condition = qm.createPolicyCondition(policy, PolicyCondition.Subject.PACKAGE_URL, PolicyCondition.Operator.NO_MATCH, ".+");
+        Component component = new Component();
+        component.setPurl((PackageURL)null);
+        PolicyEvaluator evaluator = new PackageURLPolicyEvaluator();
+        List<PolicyConditionViolation> violations = evaluator.evaluate(policy, component);
+        Assert.assertEquals(1, violations.size());
+        PolicyConditionViolation violation = violations.get(0);
+        Assert.assertEquals(component, violation.getComponent());
+        Assert.assertEquals(condition, violation.getPolicyCondition());
+    }
+
     @Test
     public void noMatch() throws Exception {
         Policy policy = qm.createPolicy("Test Policy", Policy.Operator.ANY, Policy.ViolationState.INFO);