From f185f0270f9bdbeac862935337bf0d8d63b0e4b0 Mon Sep 17 00:00:00 2001
From: nscuro <nscuro@protonmail.com>
Date: Tue, 11 Jun 2024 18:29:29 +0200
Subject: [PATCH] Perform License Resolution On Name Field During SBOM Import

Ports https://github.com/DependencyTrack/dependency-track/pull/3555 from Dependency-Track v4.11.0.

The main logic was already ported via https://github.com/DependencyTrack/hyades-apiserver/pull/705. This PR contains the missing test case.

Co-authored-by: Aravind Parappil <aravindparappil@gmail.com>
Signed-off-by: nscuro <nscuro@protonmail.com>
---
 .../tasks/BomUploadProcessingTaskTest.java    | 53 +++++++++++++++++++
 1 file changed, 53 insertions(+)

diff --git a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java
index 1794fffbf..717008915 100644
--- a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java
+++ b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java
@@ -42,6 +42,7 @@
 import org.junit.Test;
 
 import java.io.File;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
@@ -903,6 +904,50 @@ public void informWithBomContainingInvalidLicenseExpressionTest() throws Excepti
         });
     }
 
+    @Test // https://github.com/DependencyTrack/dependency-track/issues/3433
+    public void informIssue3433Test() throws Exception {
+        final var license = new License();
+        license.setLicenseId("GPL-3.0-or-later");
+        license.setName("GPL-3.0-or-later");
+        qm.persist(license);
+
+        final var project = new Project();
+        project.setName("acme-license-app");
+        qm.persist(project);
+
+        final byte[] bomBytes = """
+                {
+                  "bomFormat": "CycloneDX",
+                  "specVersion": "1.4",
+                  "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b80",
+                  "version": 1,
+                  "components": [
+                    {
+                      "type": "library",
+                      "name": "acme-lib-x",
+                      "licenses": [
+                        {
+                          "license": {
+                            "name": "GPL-3.0-or-later"
+                          }
+                        }
+                      ]
+                    }
+                  ]
+                }
+                """.getBytes(StandardCharsets.UTF_8);
+
+        final var bomUploadEvent = new BomUploadEvent(qm.detach(Project.class, project.getId()), createTempBomFile(bomBytes));
+        qm.createWorkflowSteps(bomUploadEvent.getChainIdentifier());
+        new BomUploadProcessingTask().inform(bomUploadEvent);
+        assertBomProcessedNotification();
+
+        assertThat(qm.getAllComponents(project)).satisfiesExactly(component -> {
+            assertThat(component.getResolvedLicense()).isNotNull();
+            assertThat(component.getResolvedLicense().getLicenseId()).isEqualTo("GPL-3.0-or-later");
+        });
+    }
+
     @Test
     public void informWithBomContainingServiceTest() throws Exception {
         final Project project = qm.createProject("Acme Example", null, "1.0", null, null, null, true, false);
@@ -1062,4 +1107,12 @@ private static File createTempBomFile(final String testFileName) throws Exceptio
         return bomFilePath.toFile();
     }
 
+    private static File createTempBomFile(final byte[] bomBytes) throws Exception {
+        // The task will delete the input file after processing it,
+        // so create a temporary copy to not impact other tests.
+        final Path bomFilePath = Files.createTempFile(null, null);
+        Files.write(bomFilePath, bomBytes);
+        return bomFilePath.toFile();
+    }
+
 }