ThreadFix Event Model

ThreadFix Event Model

As part of our 2.2 development efforts, we are introducing the ThreadFix event model. ThreadFix events allow users to develop plugins to modify various parts of the system in a maintainable way. ThreadFix plugins are Spring components, so to install a plugin the user just drops JAR files containing the plugin classes into the lib folder. This feature will be included in the 2.2i4 development ThreadFix release.

Pre-Defect-Submission Event

The following class allows plugins to modify defect information before it gets submitted to the defect tracker in a programmatic way. This example changes the description to "From AOP", but any parameters can be edited.

package com.denimgroup.threadfix.service.eventmodel.listener;

import com.denimgroup.threadfix.logging.SanitizedLogger;
import com.denimgroup.threadfix.service.eventmodel.event.PreDefectSubmissionEvent;
import org.springframework.context.ApplicationListener;
import org.springframework.stereotype.Component;

@Component
public class ChangeDefectDescriptionPlugin implements ApplicationListener<PreDefectSubmissionEvent> {

    private static final SanitizedLogger LOG = new SanitizedLogger(ChangeDefectDescriptionPlugin.class);

    @Override
    public void onApplicationEvent(PreDefectSubmissionEvent preDefectSubmissionEvent) {
        LOG.info("Got preDefectSubmissionEvent, setting description");
        preDefectSubmissionEvent.getDefectMetadata().setFullDescription("From AOP");
    }
}

Here is the event class:

package com.denimgroup.threadfix.service.eventmodel.event;

import com.denimgroup.threadfix.data.entities.Vulnerability;
import com.denimgroup.threadfix.service.defects.AbstractDefectTracker;
import com.denimgroup.threadfix.viewmodel.DefectMetadata;
import org.springframework.context.ApplicationEvent;

import java.util.List;

/**
 * Created by mac on 11/12/14.
 */
public class PreDefectSubmissionEvent extends ApplicationEvent {

    final AbstractDefectTracker defectTracker;
    final List<Vulnerability>   vulnerabilityList;
    final DefectMetadata        defectMetadata;

    @SuppressWarnings("unchecked")
    public PreDefectSubmissionEvent(
            AbstractDefectTracker defectTracker,
            List vulnerabilityList,
            DefectMetadata defectMetadata) {
        super(defectMetadata);
        this.defectTracker = defectTracker;
        this.vulnerabilityList = vulnerabilityList;
        this.defectMetadata = defectMetadata;
    }

    public AbstractDefectTracker getDefectTracker() {
        return defectTracker;
    }

    public List<Vulnerability> getVulnerabilityList() {
        return vulnerabilityList;
    }

    public DefectMetadata getDefectMetadata() {
        return defectMetadata;
    }
}

getDefectTracker() will return the AbstractDefectTracker implementation. This allows developers to code based on the type of integration. Jira may have different requirements from HP Quality Center.

getVulnerabilityList() returns the list of vulnerabilities that will be bundled into the defect. All of the vulnerability information is available.

getDefectMetadata() returns a DefectMetadata object. Setting the fields in this object allows modification of parameters sent to the defect tracker.

Defect Tracker Project Metadata Event

Listening to this event allows plugins to modify fields in the modal presented to users when submitting a defect. Fields can be added, removed, and edited. The following example removes all non-required fields from the DynamicFormField list.

package com.denimgroup.threadfix.service.eventmodel.listener;

import com.denimgroup.threadfix.logging.SanitizedLogger;
import com.denimgroup.threadfix.viewmodel.ProjectMetadata;
import com.denimgroup.threadfix.viewmodel.DynamicFormField;
import com.denimgroup.threadfix.service.eventmodel.event.DefectTrackerProjectMetadataEvent;
import org.springframework.context.ApplicationListener;
import org.springframework.stereotype.Service;

import java.util.List;

import static com.denimgroup.threadfix.CollectionUtils.list;

/**
 * Created by mac on 11/11/14.
 */
@Service
public class ProjectMetadataHideNonRequiredFieldsPlugin implements ApplicationListener<DefectTrackerProjectMetadataEvent> {

    private static final SanitizedLogger LOG = new SanitizedLogger(ProjectMetadataHideNonRequiredFieldsPlugin.class);

    @Override
    public void onApplicationEvent(DefectTrackerProjectMetadataEvent defectTrackerProjectMetadataEvent) {

        ProjectMetadata metadata = defectTrackerProjectMetadataEvent.getObject();

        LOG.info("Starting ProjectMetadata event");

        List<DynamicFormField> editableFields = metadata.getEditableFields();
        if (editableFields != null) {

            List<DynamicFormField> toRemove = list();

            for (DynamicFormField editableField : editableFields) {
                if (!editableField.isRequired()) {
                    toRemove.add(editableField);
                }
            }

            for (DynamicFormField dynamicFormField : toRemove) {
                LOG.info("Removing " + dynamicFormField.getName());
                editableFields.remove(dynamicFormField);
            }
        }
    }
}