Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Slack notifications failing when no base URL is configured #3791

Merged
merged 2 commits into from
Jun 1, 2024
Merged

Fix Slack notifications failing when no base URL is configured #3791

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e906e7b
Fix Slack notifications failing when no base URL is configured
nscuro Jun 1, 2024
2299969
Add publisher tests for `NEW_VULNERABLE_DEPENDENCY`
nscuro Jun 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 8 additions & 4 deletions src/main/resources/templates/notification/publisher/slack.peb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@
"text": "{{ subject.component.toString | escape(strategy="json") }}"
}
]
},
}{% if baseUrl is not empty %},
{
"type": "actions",
"elements": [
Expand All @@ -84,6 +84,7 @@
}
]
}
{% endif %}
]
}
{% elseif notification.group == "NEW_VULNERABLE_DEPENDENCY" %}
Expand Down Expand Up @@ -132,7 +133,7 @@
"text": "{{ subject.component.project.toString | escape(strategy="json") }}"
}
]
},
}{% if baseUrl is not empty %},
{
"type": "actions",
"elements": [
Expand All @@ -156,6 +157,7 @@
}
]
}
{% endif %}
]
}
{% elseif notification.group == "PROJECT_AUDIT_CHANGE" %}
Expand Down Expand Up @@ -250,7 +252,7 @@
"text": "{{ subject.project.toString | escape(strategy="json") }}"
}
]
},
}{% if baseUrl is not empty %},
{
"type": "actions",
"elements": [
Expand Down Expand Up @@ -283,6 +285,7 @@
}
]
}
{% endif %}
]
}
{% elseif notification.group == "POLICY_VIOLATION" %}
Expand Down Expand Up @@ -357,7 +360,7 @@
"text": "{{ subject.project.toString | escape(strategy="json") }}"
}
]
},
}{% if baseUrl is not empty %},
{
"type": "actions",
"elements": [
Expand All @@ -381,6 +384,7 @@
}
]
}
{% endif %}
]
}
{% else %}
Expand Down
22 changes: 22 additions & 0 deletions src/test/java/org/dependencytrack/notification/publisher/AbstractPublisherTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
import org.dependencytrack.notification.vo.BomConsumedOrProcessed;
import org.dependencytrack.notification.vo.BomProcessingFailed;
import org.dependencytrack.notification.vo.NewVulnerabilityIdentified;
import org.dependencytrack.notification.vo.NewVulnerableDependency;
import org.junit.Test;

import jakarta.json.Json;
Expand Down Expand Up @@ -150,6 +151,27 @@ public void testInformWithNewVulnerabilityNotification() {
.isThrownBy(() -> publisherInstance.inform(PublishContext.from(notification), notification, createConfig()));
}

@Test
public void testInformWithNewVulnerableDependencyNotification() {
final var project = createProject();
final var component = createComponent(project);
final var vuln = createVulnerability();

final var subject = new NewVulnerableDependency(component, List.of(vuln));

final var notification = new Notification()
.scope(NotificationScope.PORTFOLIO)
.group(NotificationGroup.NEW_VULNERABLE_DEPENDENCY)
.level(NotificationLevel.INFORMATIONAL)
.title(NotificationConstants.Title.NEW_VULNERABLE_DEPENDENCY)
.content("")
.timestamp(LocalDateTime.ofEpochSecond(66666, 666, ZoneOffset.UTC))
.subject(subject);

assertThatNoException()
.isThrownBy(() -> publisherInstance.inform(PublishContext.from(notification), notification, createConfig()));
}

@Test
public void testInformWithProjectAuditChangeNotification() {
final var project = createProject();
Expand Down
23 changes: 23 additions & 0 deletions src/test/java/org/dependencytrack/notification/publisher/JiraPublisherTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,29 @@ public void testInformWithNewVulnerabilityNotification() {
""")));
}

@Override
public void testInformWithNewVulnerableDependencyNotification() {
super.testInformWithNewVulnerableDependencyNotification();

verify(postRequestedFor(urlPathEqualTo("/rest/api/2/issue"))
.withHeader("Authorization", equalTo("Basic amlyYVVzZXI6amlyYVBhc3N3b3Jk"))
.withHeader("Content-Type", equalTo("application/json"))
.withRequestBody(equalToJson("""
{
"fields": {
"project": {
"key": "PROJECT"
},
"issuetype": {
"name": "Task"
},
"summary": "[Dependency-Track] [NEW_VULNERABLE_DEPENDENCY] Vulnerable dependency introduced on project projectName",
"description": "A component which contains one or more vulnerabilities has been added to your project.\\n\\\\\\\\\\n\\\\\\\\\\n*Project*\\n[pkg:maven/org.acme/projectName@projectVersion|https://example.com/projects/c9c9539a-e381-4b36-ac52-6a7ab83b2c95]\\n\\n*Component*\\n[componentName : componentVersion|https://example.com/components/94f87321-a5d1-4c2f-b2fe-95165debebc6]\\n\\n*Vulnerabilities*\\n- INT-001 (Medium)\\n"
}
}
""")));
}

@Override
public void testInformWithProjectAuditChangeNotification() {
super.testInformWithProjectAuditChangeNotification();
Expand Down
15 changes: 15 additions & 0 deletions src/test/java/org/dependencytrack/notification/publisher/MattermostPublisherTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,21 @@ public void testInformWithNewVulnerabilityNotification() {
""")));
}

@Override
public void testInformWithNewVulnerableDependencyNotification() {
super.testInformWithNewVulnerableDependencyNotification();

verify(postRequestedFor(anyUrl())
.withHeader("Content-Type", equalTo("application/json"))
.withRequestBody(equalToJson("""
{
"username" : "Dependency Track",
"icon_url" : "https://raw.githubusercontent.com/DependencyTrack/branding/master/dt-logo-symbol-blue-background.png",
"text" : "#### Vulnerable Dependency Introduced\\n\\n**Project**: \\n**Component**: componentName : componentVersion\\n[View Project](https://example.com/projects/) - [View Component](https://example.com/components/94f87321-a5d1-4c2f-b2fe-95165debebc6)"
}
""")));
}

@Override
public void testInformWithProjectAuditChangeNotification() {
super.testInformWithProjectAuditChangeNotification();
Expand Down
34 changes: 34 additions & 0 deletions src/test/java/org/dependencytrack/notification/publisher/MsTeamsPublisherTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,40 @@ public void testInformWithNewVulnerabilityNotification() {
""")));
}

@Override
public void testInformWithNewVulnerableDependencyNotification() {
super.testInformWithNewVulnerableDependencyNotification();

verify(postRequestedFor(anyUrl())
.withHeader("Content-Type", equalTo("application/json"))
.withRequestBody(equalToJson("""
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"summary": "Vulnerable Dependency Introduced",
"title": "Vulnerable Dependency Introduced",
"sections": [
{
"activityTitle": "Dependency-Track",
"activitySubtitle": "1970-01-01T18:31:06.000000666",
"activityImage": "https://raw.githubusercontent.com/DependencyTrack/branding/master/dt-logo-symbol-blue-background.png",
"facts": [
{
"name": "Project",
"value": "pkg:maven/org.acme/projectName@projectVersion"
},
{
"name": "Component",
"value": "componentName : componentVersion"
}
],
"text": ""
}
]
}
""")));
}

@Override
public void testInformWithProjectAuditChangeNotification() {
super.testInformWithProjectAuditChangeNotification();
Expand Down
84 changes: 63 additions & 21 deletions src/test/java/org/dependencytrack/notification/publisher/SendMailPublisherTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,17 +227,17 @@ public void testInformWithDataSourceMirroringNotification() {
GitHub Advisory Mirroring

--------------------------------------------------------------------------------

Level: ERROR
Scope: SYSTEM
Group: DATASOURCE_MIRRORING

--------------------------------------------------------------------------------

An error occurred mirroring the contents of GitHub Advisories. Check log for details.

--------------------------------------------------------------------------------

1970-01-01T18:31:06.000000666
""");
});
Expand All @@ -255,9 +255,9 @@ public void testInformWithNewVulnerabilityNotification() {
assertThat(content.getBodyPart(0)).isInstanceOf(MimeBodyPart.class);
assertThat((String) content.getBodyPart(0).getContent()).isEqualToIgnoringNewLines("""
New Vulnerability Identified

--------------------------------------------------------------------------------

Vulnerability ID: INT-001
Vulnerability URL: /vulnerability/?source=INTERNAL&vulnId=INT-001
Severity: MEDIUM
Expand All @@ -268,13 +268,55 @@ public void testInformWithNewVulnerabilityNotification() {
Version: projectVersion
Description: projectDescription
Project URL: /projects/c9c9539a-e381-4b36-ac52-6a7ab83b2c95

--------------------------------------------------------------------------------



--------------------------------------------------------------------------------


1970-01-01T18:31:06.000000666
""");
});
}

@Override
public void testInformWithNewVulnerableDependencyNotification() {
super.testInformWithNewVulnerableDependencyNotification();

assertThat(greenMail.getReceivedMessages()).satisfiesExactly(message -> {
assertThat(message.getSubject()).isEqualTo("[Dependency-Track] Vulnerable Dependency Introduced");
assertThat(message.getContent()).isInstanceOf(MimeMultipart.class);
final MimeMultipart content = (MimeMultipart) message.getContent();
assertThat(content.getCount()).isEqualTo(1);
assertThat(content.getBodyPart(0)).isInstanceOf(MimeBodyPart.class);
assertThat((String) content.getBodyPart(0).getContent()).isEqualToIgnoringNewLines("""
Vulnerable Dependency Introduced

--------------------------------------------------------------------------------

Project: pkg:maven/org.acme/projectName@projectVersion
Project URL: /projects/?uuid=c9c9539a-e381-4b36-ac52-6a7ab83b2c95
Component: componentName : componentVersion
Component URL: /component/?uuid=94f87321-a5d1-4c2f-b2fe-95165debebc6

Vulnerabilities

Vulnerability ID: INT-001
Vulnerability URL: /vulnerability/?source=INTERNAL&vulnId=INT-001
Severity: MEDIUM
Source: INTERNAL
Description:
vulnerabilityDescription



--------------------------------------------------------------------------------



--------------------------------------------------------------------------------

1970-01-01T18:31:06.000000666
""");
});
Expand All @@ -292,30 +334,30 @@ public void testInformWithProjectAuditChangeNotification() {
assertThat(content.getBodyPart(0)).isInstanceOf(MimeBodyPart.class);
assertThat((String) content.getBodyPart(0).getContent()).isEqualToIgnoringNewLines("""
Analysis Decision: Finding Suppressed

--------------------------------------------------------------------------------

Analysis Type: Project Analysis

Analysis State: FALSE_POSITIVE
Suppressed: true
Vulnerability ID: INT-001
Vulnerability URL: /vulnerability/?source=INTERNAL&vulnId=INT-001
Severity: MEDIUM
Source: INTERNAL

Component: componentName : componentVersion
Component URL: /component/?uuid=94f87321-a5d1-4c2f-b2fe-95165debebc6
Project: pkg:maven/org.acme/projectName@projectVersion
Description: projectDescription
Project URL: /projects/c9c9539a-e381-4b36-ac52-6a7ab83b2c95

--------------------------------------------------------------------------------



--------------------------------------------------------------------------------

1970-01-01T18:31:06.000000666
""");
});
Expand Down
Loading