2020
2121import com .google .protobuf .util .JsonFormat ;
2222import org .dependencytrack .PersistenceCapableTest ;
23+ import org .dependencytrack .kevdatasource .api .KevAssertion ;
2324import org .dependencytrack .model .Analysis ;
2425import org .dependencytrack .model .AnalysisState ;
2526import org .dependencytrack .model .Component ;
@@ -103,9 +104,24 @@ public void testGetForNewVulnerabilities() {
103104 vulnB .setSource (Vulnerability .Source .NVD );
104105 qm .persist (vulnB );
105106
106- useJdbiTransaction (handle -> new VulnerabilityAliasDao (handle )
107- .syncAssertions ("TEST" , new VulnerabilityKey ("CVE-100" , Vulnerability .Source .NVD ),
108- Set .of (new VulnerabilityKey ("GHSA-100" , Vulnerability .Source .GITHUB ))));
107+ useJdbiTransaction (handle -> {
108+ new VulnerabilityAliasDao (handle )
109+ .syncAssertions (
110+ "TEST" ,
111+ new VulnerabilityKey ("CVE-100" , Vulnerability .Source .NVD ),
112+ Set .of (new VulnerabilityKey ("GHSA-100" , Vulnerability .Source .GITHUB )));
113+ handle
114+ .attach (KevDao .class )
115+ .upsertBatch ("cisa" , List .of (
116+ new KevAssertion (
117+ "NVD" ,
118+ "CVE-100" ,
119+ null ,
120+ null ,
121+ null ,
122+ null ,
123+ null )));
124+ });
109125
110126 qm .addVulnerability (vulnA , component , "internal" );
111127 qm .addVulnerability (vulnB , component , "internal" );
@@ -125,7 +141,7 @@ public void testGetForNewVulnerabilities() {
125141 .withMatcher ("projectUuid" , equalTo (project .getUuid ().toString ()))
126142 .withMatcher ("componentUuid" , equalTo (component .getUuid ().toString ()))
127143 .withMatcher ("vulnUuid" , equalTo (vulnA .getUuid ().toString ()))
128- .isEqualTo ("""
144+ .isEqualTo (/* language=JSON */ """
129145 {
130146 "affectedProjects": [
131147 {
@@ -193,7 +209,8 @@ public void testGetForNewVulnerabilities() {
193209 "vulnId": "CVE-100",
194210 "cvssV2Vector": "(AV:N/AC:M/Au:S/C:P/I:P/A:P)",
195211 "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
196- "owaspRRVector": "(SL:5/M:5/O:2/S:9/ED:4/EE:2/A:7/ID:2/LC:2/LI:2/LAV:7/LAC:9/FD:3/RD:5/NC:0/PV:7)"
212+ "owaspRRVector": "(SL:5/M:5/O:2/S:9/ED:4/EE:2/A:7/ID:2/LC:2/LI:2/LAV:7/LAC:9/FD:3/RD:5/NC:0/PV:7)",
213+ "isKev": true
197214 }
198215 }
199216 """ ));
@@ -247,7 +264,7 @@ public void testGetForNewVulnerabilityWithAnalysisRatingOverwrite() throws Excep
247264 .withMatcher ("projectUuid" , equalTo (project .getUuid ().toString ()))
248265 .withMatcher ("componentUuid" , equalTo (component .getUuid ().toString ()))
249266 .withMatcher ("vulnUuid" , equalTo (vuln .getUuid ().toString ()))
250- .isEqualTo ("""
267+ .isEqualTo (/* language=JSON */ """
251268 {
252269 "component": {
253270 "uuid": "${json-unit.matches:componentUuid}",
@@ -270,7 +287,8 @@ public void testGetForNewVulnerabilityWithAnalysisRatingOverwrite() throws Excep
270287 "severity": "CRITICAL",
271288 "cvssV2Vector": "",
272289 "cvssV3Vector": "cvssV3VectorOverwrite",
273- "owaspRRVector": "owaspRrVector"
290+ "owaspRRVector": "owaspRrVector",
291+ "isKev": false
274292 },
275293 "affectedProjects": [
276294 {
@@ -332,11 +350,25 @@ public void testGetForNewVulnerableDependency() throws Exception {
332350 vulnB .setSource (Vulnerability .Source .NVD );
333351 qm .persist (vulnB );
334352
335- useJdbiTransaction (handle -> new VulnerabilityAliasDao (handle )
336- .syncAssertions (
337- "TEST" ,
338- new VulnerabilityKey ("CVE-100" , Vulnerability .Source .NVD ),
339- Set .of (new VulnerabilityKey ("GHSA-100" , Vulnerability .Source .GITHUB ))));
353+ useJdbiTransaction (handle -> {
354+ new VulnerabilityAliasDao (handle )
355+ .syncAssertions (
356+ "TEST" ,
357+ new VulnerabilityKey ("CVE-100" , Vulnerability .Source .NVD ),
358+ Set .of (new VulnerabilityKey ("GHSA-100" , Vulnerability .Source .GITHUB )));
359+
360+ handle
361+ .attach (KevDao .class )
362+ .upsertBatch ("cisa" , List .of (
363+ new KevAssertion (
364+ "NVD" ,
365+ "CVE-100" ,
366+ null ,
367+ null ,
368+ null ,
369+ null ,
370+ null )));
371+ });
340372
341373 qm .addVulnerability (vulnA , component , "internal" );
342374 qm .addVulnerability (vulnB , component , "internal" );
@@ -355,7 +387,7 @@ public void testGetForNewVulnerableDependency() throws Exception {
355387 .withMatcher ("projectUuid" , equalTo (project .getUuid ().toString ()))
356388 .withMatcher ("componentUuid" , equalTo (component .getUuid ().toString ()))
357389 .withMatcher ("vulnUuid" , equalTo (vulnA .getUuid ().toString ()))
358- .isEqualTo ("""
390+ .isEqualTo (/* language=JSON */ """
359391 {
360392 "component": {
361393 "uuid": "${json-unit.matches:componentUuid}",
@@ -410,7 +442,8 @@ public void testGetForNewVulnerableDependency() throws Exception {
410442 "owaspRRVector": "(SL:5/M:5/O:2/S:9/ED:4/EE:2/A:7/ID:2/LC:2/LI:2/LAV:7/LAC:9/FD:3/RD:5/NC:0/PV:7)",
411443 "aliases": [
412444 {"vulnId": "GHSA-100", "source": "GITHUB"}
413- ]
445+ ],
446+ "isKev": true
414447 }
415448 ]
416449 }
@@ -465,7 +498,7 @@ public void testGetForNewVulnerableDependencyWithAnalysisRatingOverwrite() throw
465498 .withMatcher ("projectUuid" , equalTo (project .getUuid ().toString ()))
466499 .withMatcher ("componentUuid" , equalTo (component .getUuid ().toString ()))
467500 .withMatcher ("vulnUuid" , equalTo (vuln .getUuid ().toString ()))
468- .isEqualTo ("""
501+ .isEqualTo (/* language=JSON */ """
469502 {
470503 "component": {
471504 "uuid": "${json-unit.matches:componentUuid}",
@@ -489,7 +522,8 @@ public void testGetForNewVulnerableDependencyWithAnalysisRatingOverwrite() throw
489522 "severity": "CRITICAL",
490523 "cvssV2Vector": "",
491524 "cvssV3Vector": "cvssV3VectorOverwrite",
492- "owaspRRVector": "owaspRrVector"
525+ "owaspRRVector": "owaspRrVector",
526+ "isKev": false
493527 }
494528 ]
495529 }
@@ -540,9 +574,25 @@ public void testGetForProjectAuditChange() {
540574 vulnA .setCwes (List .of (666 , 777 ));
541575 qm .persist (vulnA );
542576
543- useJdbiTransaction (handle -> new VulnerabilityAliasDao (handle )
544- .syncAssertions ("TEST" , new VulnerabilityKey ("CVE-100" , Vulnerability .Source .NVD ),
545- Set .of (new VulnerabilityKey ("GHSA-100" , Vulnerability .Source .GITHUB ))));
577+ useJdbiTransaction (handle -> {
578+ new VulnerabilityAliasDao (handle )
579+ .syncAssertions (
580+ "TEST" ,
581+ new VulnerabilityKey ("CVE-100" , Vulnerability .Source .NVD ),
582+ Set .of (new VulnerabilityKey ("GHSA-100" , Vulnerability .Source .GITHUB )));
583+
584+ handle
585+ .attach (KevDao .class )
586+ .upsertBatch ("cisa" , List .of (
587+ new KevAssertion (
588+ "NVD" ,
589+ "CVE-100" ,
590+ null ,
591+ null ,
592+ null ,
593+ null ,
594+ null )));
595+ });
546596
547597 qm .addVulnerability (vulnA , component , "internal" );
548598
@@ -565,7 +615,7 @@ public void testGetForProjectAuditChange() {
565615 .withMatcher ("projectUuid" , equalTo (project .getUuid ().toString ()))
566616 .withMatcher ("componentUuid" , equalTo (component .getUuid ().toString ()))
567617 .withMatcher ("vulnUuid" , equalTo (vulnA .getUuid ().toString ()))
568- .isEqualTo ("""
618+ .isEqualTo (/* language=JSON */ """
569619 {
570620 "component": {
571621 "uuid": "${json-unit.matches:componentUuid}",
@@ -622,7 +672,8 @@ public void testGetForProjectAuditChange() {
622672 ],
623673 "cvssV2Vector": "(AV:N/AC:M/Au:S/C:P/I:P/A:P)",
624674 "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
625- "owaspRRVector": "(SL:5/M:5/O:2/S:9/ED:4/EE:2/A:7/ID:2/LC:2/LI:2/LAV:7/LAC:9/FD:3/RD:5/NC:0/PV:7)"
675+ "owaspRRVector": "(SL:5/M:5/O:2/S:9/ED:4/EE:2/A:7/ID:2/LC:2/LI:2/LAV:7/LAC:9/FD:3/RD:5/NC:0/PV:7)",
676+ "isKev": true
626677 },
627678 "analysis": {
628679 "component": {
@@ -680,7 +731,8 @@ public void testGetForProjectAuditChange() {
680731 ],
681732 "cvssV2Vector": "(AV:N/AC:M/Au:S/C:P/I:P/A:P)",
682733 "cvssV3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
683- "owaspRRVector": "(SL:5/M:5/O:2/S:9/ED:4/EE:2/A:7/ID:2/LC:2/LI:2/LAV:7/LAC:9/FD:3/RD:5/NC:0/PV:7)"
734+ "owaspRRVector": "(SL:5/M:5/O:2/S:9/ED:4/EE:2/A:7/ID:2/LC:2/LI:2/LAV:7/LAC:9/FD:3/RD:5/NC:0/PV:7)",
735+ "isKev": true
684736 },
685737 "state": "NOT_AFFECTED",
686738 "suppressed": false
0 commit comments