Merge pull request #3983 from 2000rosser/issue-2924

Add option to test notification publisher

Author: nscuro

src/main/java/org/dependencytrack/resources/v1/NotificationPublisherResource.java

@@ -34,9 +34,11 @@
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import io.swagger.v3.oas.annotations.security.SecurityRequirements;
 import io.swagger.v3.oas.annotations.tags.Tag;
+
 import org.dependencytrack.auth.Permissions;
 import org.dependencytrack.model.ConfigPropertyConstants;
 import org.dependencytrack.model.NotificationPublisher;
+import org.dependencytrack.model.NotificationRule;
 import org.dependencytrack.model.validation.ValidUuid;
 import org.dependencytrack.notification.NotificationConstants;
 import org.dependencytrack.notification.NotificationGroup;
@@ -49,6 +51,7 @@
 
 import jakarta.json.Json;
 import jakarta.json.JsonObject;
+import jakarta.json.JsonReader;
 import jakarta.validation.Validator;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.DELETE;
@@ -62,6 +65,7 @@
 import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
 import java.io.IOException;
+import java.io.StringReader;
 import java.lang.reflect.InvocationTargetException;
 import java.util.List;
 
@@ -322,4 +326,52 @@ public Response testSmtpPublisherConfig(@FormParam("destination") String destina
             return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Exception occured while sending test mail notification.").build();
         }
     }
+
+    @POST
+    @Path("/test/{uuid}")
+    @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Operation(
+            summary = "Dispatches a rule notification test",
+            description = "<p>Requires permission <strong>SYSTEM_CONFIGURATION</strong></p>"
+    )
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "200", description = "Test notification dispatched successfully"),
+            @ApiResponse(responseCode = "401", description = "Unauthorized")
+    })
+    @PermissionRequired(Permissions.Constants.SYSTEM_CONFIGURATION)
+    public Response testSlackPublisherConfig(
+            @Parameter(description = "The UUID of the rule to test", schema = @Schema(type = "string", format = "uuid"), required = true)
+            @PathParam("uuid") @ValidUuid String ruleUuid) throws Exception {
+        try(QueryManager qm = new QueryManager()){
+            NotificationRule rule = qm.getObjectByUuid(NotificationRule.class, ruleUuid);
+            NotificationPublisher notificationPublisher = rule.getPublisher();
+            final Class<?> publisherClass = Class.forName(notificationPublisher.getPublisherClass());
+            Publisher publisher = (Publisher) publisherClass.getDeclaredConstructor().newInstance();
+            String publisherConfig = rule.getPublisherConfig();
+            JsonReader jsonReader = Json.createReader(new StringReader(publisherConfig));
+            JsonObject configObject = jsonReader.readObject();
+            jsonReader.close();
+            final JsonObject config = Json.createObjectBuilder()
+                    .add(Publisher.CONFIG_DESTINATION, configObject.getString("destination"))
+                    .add(Publisher.CONFIG_TEMPLATE_KEY, rule.getPublisher().getTemplate())
+                    .add(Publisher.CONFIG_TEMPLATE_MIME_TYPE_KEY, rule.getPublisher().getTemplateMimeType())
+                    .build();
+            
+            for(NotificationGroup group : rule.getNotifyOn()){
+                final Notification notification = new Notification()
+                    .scope(rule.getScope())
+                    .group(group.toString())
+                    .title(group)
+                    .content("Rule configuration test")
+                    .level(rule.getNotificationLevel())
+                    .subject(NotificationUtil.generateSubject(group.toString()));
+                publisher.inform(PublishContext.from(notification), notification, config);
+            }
+            return Response.ok().build();
+        } catch (InvocationTargetException | InstantiationException | IllegalAccessException | NoSuchMethodException e) {
+            LOGGER.error(e.getMessage(), e);
+            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Exception occured while sending the notification.").build();
+        }
+    }
 }

src/main/java/org/dependencytrack/util/NotificationUtil.java

@@ -24,6 +24,7 @@
 import alpine.notification.NotificationLevel;
 import org.apache.commons.io.FileUtils;
 import org.dependencytrack.model.Analysis;
+import org.dependencytrack.model.AnalysisState;
 import org.dependencytrack.model.Bom;
 import org.dependencytrack.model.Component;
 import org.dependencytrack.model.ComponentIdentity;
@@ -32,9 +33,12 @@
 import org.dependencytrack.model.NotificationPublisher;
 import org.dependencytrack.model.Policy;
 import org.dependencytrack.model.PolicyCondition;
+import org.dependencytrack.model.PolicyCondition.Operator;
 import org.dependencytrack.model.PolicyViolation;
 import org.dependencytrack.model.Project;
+import org.dependencytrack.model.Severity;
 import org.dependencytrack.model.Tag;
+import org.dependencytrack.model.Vex;
 import org.dependencytrack.model.ViolationAnalysis;
 import org.dependencytrack.model.ViolationAnalysisState;
 import org.dependencytrack.model.Vulnerability;
@@ -65,11 +69,14 @@
 import java.io.IOException;
 import java.net.URLDecoder;
 import java.nio.file.Path;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
+import java.util.Set;
+import java.util.UUID;
 
 import static java.nio.charset.StandardCharsets.UTF_8;
 
@@ -634,4 +641,105 @@ public static String generateNotificationTitle(String messageType, Project proje
         }
         return messageType;
     }
+
+    public static Object generateSubject(String group) {
+        final Project project = createProject();
+        final Vulnerability vuln = createVulnerability();
+        final Component component = createComponent(project);
+        final Analysis analysis = createAnalysis(component, vuln);
+        final PolicyViolation policyViolation = createPolicyViolation(component, project);
+
+        switch (group) {
+            case "BOM_CONSUMED":
+                return new BomConsumedOrProcessed(project, "bomContent", Bom.Format.CYCLONEDX, "1.5");
+            case "BOM_PROCESSED":
+                return new BomConsumedOrProcessed(project, "bomContent", Bom.Format.CYCLONEDX, "1.5");
+            case "BOM_PROCESSING_FAILED":
+                return new BomProcessingFailed(project, "bomContent", "cause", Bom.Format.CYCLONEDX, "1.5");
+            case "BOM_VALIDATION_FAILED":
+                return new BomValidationFailed(project, "bomContent", List.of("TEST"), Bom.Format.CYCLONEDX);
+            case "VEX_CONSUMED":
+                return new VexConsumedOrProcessed(project, "", Vex.Format.CYCLONEDX, "");
+            case "VEX_PROCESSED":
+                return new VexConsumedOrProcessed(project, "", Vex.Format.CYCLONEDX, "");
+            case "NEW_VULNERABILITY":
+                return new NewVulnerabilityIdentified(vuln, component, Set.of(project), VulnerabilityAnalysisLevel.BOM_UPLOAD_ANALYSIS);
+            case "NEW_VULNERABLE_DEPENDENCY":
+                return new NewVulnerableDependency(component, List.of(vuln));
+            case "POLICY_VIOLATION":
+                return new PolicyViolationIdentified(policyViolation, component, project);
+            case "PROJECT_CREATED":
+                return NotificationUtil.toJson(project);
+            case "PROJECT_AUDIT_CHANGE":
+                return new AnalysisDecisionChange(vuln, component, project, analysis);
+            default:
+                return null;
+        }
+    }
+
+    private static Project createProject() {
+        final Project project = new Project();
+        project.setUuid(UUID.fromString("c9c9539a-e381-4b36-ac52-6a7ab83b2c95"));
+        project.setName("projectName");
+        project.setVersion("projectVersion");
+        project.setPurl("pkg:maven/org.acme/projectName@projectVersion");
+        return project;
+    }
+
+    private static Vulnerability createVulnerability() {
+        final Vulnerability vuln = new Vulnerability();
+        vuln.setUuid(UUID.fromString("bccec5d5-ec21-4958-b3e8-22a7a866a05a"));
+        vuln.setVulnId("INT-001");
+        vuln.setSource(Vulnerability.Source.INTERNAL);
+        vuln.setSeverity(Severity.MEDIUM);
+        return vuln;
+    }
+
+    private static Component createComponent(Project project) {
+        final Component component = new Component();
+        component.setProject(project);
+        component.setUuid(UUID.fromString("94f87321-a5d1-4c2f-b2fe-95165debebc6"));
+        component.setName("componentName");
+        component.setVersion("componentVersion");
+        return component;
+    }
+
+    private static Analysis createAnalysis(Component component, Vulnerability vuln) {
+        final Analysis analysis = new Analysis();
+        analysis.setComponent(component);
+        analysis.setVulnerability(vuln);
+        analysis.setAnalysisState(AnalysisState.FALSE_POSITIVE);
+        analysis.setSuppressed(true);
+        return analysis;
+    }
+
+    private static PolicyViolation createPolicyViolation(Component component, Project project) {
+        final Policy policy = new Policy();
+        policy.setId(1);
+        policy.setName("test");
+        policy.setOperator(Policy.Operator.ALL);
+        policy.setProjects(List.of(project));
+        policy.setUuid(UUID.randomUUID());
+        policy.setViolationState(Policy.ViolationState.INFO);
+
+        final PolicyCondition condition = new PolicyCondition();
+        condition.setId(1);
+        condition.setUuid(UUID.randomUUID());
+        condition.setOperator(Operator.NUMERIC_EQUAL);
+        condition.setSubject(PolicyCondition.Subject.AGE);
+        condition.setValue("1");
+        condition.setPolicy(policy);
+
+        final PolicyViolation policyViolation = new PolicyViolation();
+        policyViolation.setId(1);
+        policyViolation.setPolicyCondition(condition);
+        policyViolation.setComponent(component);
+        policyViolation.setText("test");
+        policyViolation.setType(PolicyViolation.Type.SECURITY);
+        policyViolation.setAnalysis(new ViolationAnalysis());
+        policyViolation.setUuid(UUID.randomUUID());
+        policyViolation.setTimestamp(new Date(System.currentTimeMillis()));
+        return policyViolation;
+    }
+
 }

src/test/java/org/dependencytrack/resources/v1/NotificationPublisherResourceTest.java

@@ -18,33 +18,38 @@
  */
 package org.dependencytrack.resources.v1;
 
-import alpine.common.util.UuidUtil;
-import alpine.notification.NotificationLevel;
-import alpine.server.filters.ApiFilter;
-import alpine.server.filters.AuthenticationFilter;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.UUID;
+
 import org.dependencytrack.JerseyTestRule;
 import org.dependencytrack.ResourceTest;
 import org.dependencytrack.model.ConfigPropertyConstants;
 import org.dependencytrack.model.NotificationPublisher;
 import org.dependencytrack.model.NotificationRule;
+import org.dependencytrack.notification.NotificationGroup;
 import org.dependencytrack.notification.NotificationScope;
 import org.dependencytrack.notification.publisher.DefaultNotificationPublishers;
 import org.dependencytrack.notification.publisher.Publisher;
 import org.dependencytrack.notification.publisher.SendMailPublisher;
+import org.dependencytrack.notification.publisher.SlackPublisher;
 import org.dependencytrack.persistence.DefaultObjectGenerator;
 import org.glassfish.jersey.server.ResourceConfig;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Test;
 
+import alpine.common.util.UuidUtil;
+import alpine.notification.NotificationLevel;
+import alpine.server.filters.ApiFilter;
+import alpine.server.filters.AuthenticationFilter;
 import jakarta.json.JsonArray;
 import jakarta.json.JsonObject;
 import jakarta.ws.rs.client.Entity;
 import jakarta.ws.rs.core.Form;
 import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
-import java.util.UUID;
 
 public class NotificationPublisherResourceTest extends ResourceTest {
 
@@ -339,6 +344,30 @@ public void testSmtpPublisherConfigTest() {
         Assert.assertEquals(200, response.getStatus(), 0);
     }
 
+    @Test
+    public void testNotificationRuleTest() {
+        NotificationPublisher publisher = qm.createNotificationPublisher(
+                "Example Publisher", "Publisher description",
+                SlackPublisher.class, "template", "text/html",
+                false);
+        
+        NotificationRule rule = qm.createNotificationRule("Example Rule 1", NotificationScope.PORTFOLIO, NotificationLevel.INFORMATIONAL, publisher);
+
+        Set<NotificationGroup> groups = new HashSet<>(Set.of(NotificationGroup.BOM_CONSUMED, NotificationGroup.BOM_PROCESSED, NotificationGroup.BOM_PROCESSING_FAILED,
+                                NotificationGroup.BOM_VALIDATION_FAILED, NotificationGroup.NEW_VULNERABILITY, NotificationGroup.NEW_VULNERABLE_DEPENDENCY, 
+                                NotificationGroup.POLICY_VIOLATION, NotificationGroup.PROJECT_CREATED, NotificationGroup.PROJECT_AUDIT_CHANGE, 
+                                NotificationGroup.VEX_CONSUMED, NotificationGroup.VEX_PROCESSED));
+        rule.setNotifyOn(groups);
+
+        rule.setPublisherConfig("{\"destination\":\"https://example.com/webhook\"}");
+        
+        Response sendMailResponse = jersey.target(V1_NOTIFICATION_PUBLISHER + "/test/" + rule.getUuid()).request()
+                .header(X_API_KEY, apiKey)
+                .post(Entity.entity("", MediaType.APPLICATION_FORM_URLENCODED_TYPE));
+        
+        Assert.assertEquals(200, sendMailResponse.getStatus());
+    }
+
     @Test
     public void restoreDefaultTemplatesTest() {
         NotificationPublisher slackPublisher = qm.getDefaultNotificationPublisher(DefaultNotificationPublishers.SLACK.getPublisherClass());