From 61e3ec5dcd643a43daea6992d085e6e341fb3c83 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Thu, 11 Apr 2024 00:42:23 -0400 Subject: [PATCH 01/16] feat(policyViolations): store metrics for violation-state (fail, warn, info) by total, audited and unaudited Signed-off-by: Adam Setch --- .../model/DependencyMetrics.java | 129 +++++++--- .../model/PortfolioMetrics.java | 109 ++++++-- .../dependencytrack/model/ProjectMetrics.java | 108 ++++++-- .../resources/v1/misc/Badger.java | 6 +- .../metrics/ComponentMetricsUpdateTask.java | 44 +++- .../tasks/metrics/Counters.java | 235 ++++++++++-------- .../metrics/PortfolioMetricsUpdateTask.java | 12 +- .../metrics/ProjectMetricsUpdateTask.java | 12 +- .../resources/v1/misc/BadgerTest.java | 6 +- .../ComponentMetricsUpdateTaskTest.java | 48 +++- .../PortfolioMetricsUpdateTaskTest.java | 36 ++- .../metrics/ProjectMetricsUpdateTaskTest.java | 36 ++- 12 files changed, 571 insertions(+), 210 deletions(-) diff --git a/src/main/java/org/dependencytrack/model/DependencyMetrics.java b/src/main/java/org/dependencytrack/model/DependencyMetrics.java index f92d224808..7af4a67034 100644 --- a/src/main/java/org/dependencytrack/model/DependencyMetrics.java +++ b/src/main/java/org/dependencytrack/model/DependencyMetrics.java @@ -104,19 +104,44 @@ public class DependencyMetrics implements Serializable { private double inheritedRiskScore; @Persistent - @Column(name = "POLICYVIOLATIONS_FAIL", allowsNull = "true") // New column, must allow nulls on existing data bases) - private Integer policyViolationsFail; + @Column(name = "POLICYVIOLATIONS_FAIL_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) + private Integer policyViolationsFailTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_WARN", allowsNull = "true") // New column, must allow nulls on existing data bases) - private Integer policyViolationsWarn; + @Column(name = "POLICYVIOLATIONS_FAIL_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) + private Integer policyViolationsFailAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_INFO", allowsNull = "true") // New column, must allow nulls on existing data bases) - private Integer policyViolationsInfo; + @Column(name = "POLICYVIOLATIONS_FAIL_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) + private Integer policyViolationsFailUnaudited; @Persistent - @Column(name = "POLICYVIOLATIONS_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_WARN_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) + private Integer policyViolationsWarnTotal; + + @Persistent + @Column(name = "POLICYVIOLATIONS_WARN_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) + private Integer policyViolationsWarnAudited; + + @Persistent + @Column(name = "POLICYVIOLATIONS_WARN_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) + private Integer policyViolationsWarnUnaudited; + + @Persistent + @Column(name = "POLICYVIOLATIONS_INFO_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) + private Integer policyViolationsInfoTotal; + + @Persistent + @Column(name = "POLICYVIOLATIONS_INFO_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) + private Integer policyViolationsInfoAudited; + + @Persistent + @Column(name = "POLICYVIOLATIONS_INFO_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) + private Integer policyViolationsInfoUnaudited; + + + @Persistent + @Column(name = "POLICYVIOLATIONS_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsTotal; @Persistent @@ -128,39 +153,39 @@ public class DependencyMetrics implements Serializable { private Integer policyViolationsUnaudited; @Persistent - @Column(name = "POLICYVIOLATIONS_SECURITY_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_SECURITY_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsSecurityTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_SECURITY_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_SECURITY_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsSecurityAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_SECURITY_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_SECURITY_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsSecurityUnaudited; @Persistent - @Column(name = "POLICYVIOLATIONS_LICENSE_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_LICENSE_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsLicenseTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_LICENSE_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_LICENSE_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsLicenseAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_LICENSE_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_LICENSE_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsLicenseUnaudited; @Persistent - @Column(name = "POLICYVIOLATIONS_OPERATIONAL_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_OPERATIONAL_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsOperationalTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_OPERATIONAL_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_OPERATIONAL_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsOperationalAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_OPERATIONAL_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_OPERATIONAL_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsOperationalUnaudited; @Persistent @@ -287,28 +312,76 @@ public void setInheritedRiskScore(double inheritedRiskScore) { this.inheritedRiskScore = inheritedRiskScore; } - public int getPolicyViolationsFail() { - return policyViolationsFail; + public int getPolicyViolationsFailTotal() { + return policyViolationsFailTotal; + } + + public void setPolicyViolationsFailTotal(int policyViolationsFailTotal) { + this.policyViolationsFailTotal = policyViolationsFailTotal; + } + + public int getPolicyViolationsFailAudited() { + return policyViolationsFailAudited; + } + + public void setPolicyViolationsFailAudited(int policyViolationsFailAudited) { + this.policyViolationsFailAudited = policyViolationsFailAudited; + } + + public int getPolicyViolationsFailUnaudited() { + return policyViolationsFailUnaudited; + } + + public void setPolicyViolationsFailUnaudited(int policyViolationsFailUnaudited) { + this.policyViolationsFailUnaudited = policyViolationsFailUnaudited; + } + + public int getPolicyViolationsWarnTotal() { + return policyViolationsWarnTotal; + } + + public void setPolicyViolationsWarnTotal(int policyViolationsWarnTotal) { + this.policyViolationsWarnTotal = policyViolationsWarnTotal; + } + + public int getPolicyViolationsWarnAudited() { + return policyViolationsWarnAudited; + } + + public void setPolicyViolationsWarnAudited(int policyViolationsWarnAudited) { + this.policyViolationsWarnAudited = policyViolationsWarnAudited; + } + + public int getPolicyViolationsWarnUnaudited() { + return policyViolationsWarnUnaudited; + } + + public void setPolicyViolationsWarnUnaudited(int policyViolationsWarnUnaudited) { + this.policyViolationsWarnUnaudited = policyViolationsWarnUnaudited; + } + + public int getPolicyViolationsInfoTotal() { + return policyViolationsInfoTotal; } - public void setPolicyViolationsFail(int policyViolationsFail) { - this.policyViolationsFail = policyViolationsFail; + public void setPolicyViolationsInfoTotal(int policyViolationsInfoTotal) { + this.policyViolationsInfoTotal = policyViolationsInfoTotal; } - public int getPolicyViolationsWarn() { - return policyViolationsWarn; + public int getPolicyViolationsInfoAudited() { + return policyViolationsInfoAudited; } - public void setPolicyViolationsWarn(int policyViolationsWarn) { - this.policyViolationsWarn = policyViolationsWarn; + public void setPolicyViolationsInfoAudited(int policyViolationsInfoAudited) { + this.policyViolationsInfoAudited = policyViolationsInfoAudited; } - public int getPolicyViolationsInfo() { - return policyViolationsInfo; + public int getPolicyViolationsInfoUnaudited() { + return policyViolationsInfoUnaudited; } - public void setPolicyViolationsInfo(int policyViolationsInfo) { - this.policyViolationsInfo = policyViolationsInfo; + public void setPolicyViolationsInfoUnaudited(int policyViolationsInfoUnaudited) { + this.policyViolationsInfoUnaudited = policyViolationsInfoUnaudited; } public int getPolicyViolationsTotal() { diff --git a/src/main/java/org/dependencytrack/model/PortfolioMetrics.java b/src/main/java/org/dependencytrack/model/PortfolioMetrics.java index aeec76cfe8..e83b54866b 100644 --- a/src/main/java/org/dependencytrack/model/PortfolioMetrics.java +++ b/src/main/java/org/dependencytrack/model/PortfolioMetrics.java @@ -116,16 +116,41 @@ public class PortfolioMetrics implements Serializable { private double inheritedRiskScore; @Persistent - @Column(name = "POLICYVIOLATIONS_FAIL", allowsNull = "true") // New column, must allow nulls on existing data bases) - private Integer policyViolationsFail; + @Column(name = "POLICYVIOLATIONS_FAIL_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsFailTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_WARN", allowsNull = "true") // New column, must allow nulls on existing data bases) - private Integer policyViolationsWarn; + @Column(name = "POLICYVIOLATIONS_FAIL_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsFailAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_INFO", allowsNull = "true") // New column, must allow nulls on existing data bases) - private Integer policyViolationsInfo; + @Column(name = "POLICYVIOLATIONS_FAIL_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsFailUnaudited; + + @Persistent + @Column(name = "POLICYVIOLATIONS_WARN_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsWarnTotal; + + @Persistent + @Column(name = "POLICYVIOLATIONS_WARN_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsWarnAudited; + + @Persistent + @Column(name = "POLICYVIOLATIONS_WARN_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsWarnUnaudited; + + @Persistent + @Column(name = "POLICYVIOLATIONS_INFO_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsInfoTotal; + + @Persistent + @Column(name = "POLICYVIOLATIONS_INFO_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsInfoAudited; + + @Persistent + @Column(name = "POLICYVIOLATIONS_INFO_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsInfoUnaudited; + @Persistent @Column(name = "POLICYVIOLATIONS_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) @@ -317,28 +342,76 @@ public void setInheritedRiskScore(double inheritedRiskScore) { this.inheritedRiskScore = inheritedRiskScore; } - public int getPolicyViolationsFail() { - return policyViolationsFail; + public int getPolicyViolationsFailTotal() { + return policyViolationsFailTotal; + } + + public void setPolicyViolationsFailTotal(int policyViolationsFailTotal) { + this.policyViolationsFailTotal = policyViolationsFailTotal; + } + + public int getPolicyViolationsFailAudited() { + return policyViolationsFailAudited; + } + + public void setPolicyViolationsFailAudited(int policyViolationsFailAudited) { + this.policyViolationsFailAudited = policyViolationsFailAudited; + } + + public int getPolicyViolationsFailUnaudited() { + return policyViolationsFailUnaudited; + } + + public void setPolicyViolationsFailUnaudited(int policyViolationsFailUnaudited) { + this.policyViolationsFailUnaudited = policyViolationsFailUnaudited; + } + + public int getPolicyViolationsWarnTotal() { + return policyViolationsWarnTotal; + } + + public void setPolicyViolationsWarnTotal(int policyViolationsWarnTotal) { + this.policyViolationsWarnTotal = policyViolationsWarnTotal; + } + + public int getPolicyViolationsWarnAudited() { + return policyViolationsWarnAudited; + } + + public void setPolicyViolationsWarnAudited(int policyViolationsWarnAudited) { + this.policyViolationsWarnAudited = policyViolationsWarnAudited; + } + + public int getPolicyViolationsWarnUnaudited() { + return policyViolationsWarnUnaudited; + } + + public void setPolicyViolationsWarnUnaudited(int policyViolationsWarnUnaudited) { + this.policyViolationsWarnUnaudited = policyViolationsWarnUnaudited; + } + + public int getPolicyViolationsInfoTotal() { + return policyViolationsInfoTotal; } - public void setPolicyViolationsFail(int policyViolationsFail) { - this.policyViolationsFail = policyViolationsFail; + public void setPolicyViolationsInfoTotal(int policyViolationsInfoTotal) { + this.policyViolationsInfoTotal = policyViolationsInfoTotal; } - public int getPolicyViolationsWarn() { - return policyViolationsWarn; + public int getPolicyViolationsInfoAudited() { + return policyViolationsInfoAudited; } - public void setPolicyViolationsWarn(int policyViolationsWarn) { - this.policyViolationsWarn = policyViolationsWarn; + public void setPolicyViolationsInfoAudited(int policyViolationsInfoAudited) { + this.policyViolationsInfoAudited = policyViolationsInfoAudited; } - public int getPolicyViolationsInfo() { - return policyViolationsInfo; + public int getPolicyViolationsInfoUnaudited() { + return policyViolationsInfoUnaudited; } - public void setPolicyViolationsInfo(int policyViolationsInfo) { - this.policyViolationsInfo = policyViolationsInfo; + public void setPolicyViolationsInfoUnaudited(int policyViolationsInfoUnaudited) { + this.policyViolationsInfoUnaudited = policyViolationsInfoUnaudited; } public int getPolicyViolationsTotal() { diff --git a/src/main/java/org/dependencytrack/model/ProjectMetrics.java b/src/main/java/org/dependencytrack/model/ProjectMetrics.java index bfa68856cb..53ae98b767 100644 --- a/src/main/java/org/dependencytrack/model/ProjectMetrics.java +++ b/src/main/java/org/dependencytrack/model/ProjectMetrics.java @@ -112,16 +112,40 @@ public class ProjectMetrics implements Serializable { private double inheritedRiskScore; @Persistent - @Column(name = "POLICYVIOLATIONS_FAIL", allowsNull = "true") // New column, must allow nulls on existing data bases) - private Integer policyViolationsFail; + @Column(name = "POLICYVIOLATIONS_FAIL_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsFailTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_WARN", allowsNull = "true") // New column, must allow nulls on existing data bases) - private Integer policyViolationsWarn; + @Column(name = "POLICYVIOLATIONS_FAIL_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsFailAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_INFO", allowsNull = "true") // New column, must allow nulls on existing data bases) - private Integer policyViolationsInfo; + @Column(name = "POLICYVIOLATIONS_FAIL_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsFailUnaudited; + + @Persistent + @Column(name = "POLICYVIOLATIONS_WARN_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsWarnTotal; + + @Persistent + @Column(name = "POLICYVIOLATIONS_WARN_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsWarnAudited; + + @Persistent + @Column(name = "POLICYVIOLATIONS_WARN_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsWarnUnaudited; + + @Persistent + @Column(name = "POLICYVIOLATIONS_INFO_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsInfoTotal; + + @Persistent + @Column(name = "POLICYVIOLATIONS_INFO_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsInfoAudited; + + @Persistent + @Column(name = "POLICYVIOLATIONS_INFO_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + private Integer policyViolationsInfoUnaudited; @Persistent @Column(name = "POLICYVIOLATIONS_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) @@ -305,28 +329,76 @@ public void setInheritedRiskScore(double inheritedRiskScore) { this.inheritedRiskScore = inheritedRiskScore; } - public int getPolicyViolationsFail() { - return policyViolationsFail; + public int getPolicyViolationsFailTotal() { + return policyViolationsFailTotal; + } + + public void setPolicyViolationsFailTotal(int policyViolationsFailTotal) { + this.policyViolationsFailTotal = policyViolationsFailTotal; + } + + public int getPolicyViolationsFailAudited() { + return policyViolationsFailAudited; + } + + public void setPolicyViolationsFailAudited(int policyViolationsFailAudited) { + this.policyViolationsFailAudited = policyViolationsFailAudited; + } + + public int getPolicyViolationsFailUnaudited() { + return policyViolationsFailUnaudited; + } + + public void setPolicyViolationsFailUnaudited(int policyViolationsFailUnaudited) { + this.policyViolationsFailUnaudited = policyViolationsFailUnaudited; + } + + public int getPolicyViolationsWarnTotal() { + return policyViolationsWarnTotal; + } + + public void setPolicyViolationsWarnTotal(int policyViolationsWarnTotal) { + this.policyViolationsWarnTotal = policyViolationsWarnTotal; + } + + public int getPolicyViolationsWarnAudited() { + return policyViolationsWarnAudited; + } + + public void setPolicyViolationsWarnAudited(int policyViolationsWarnAudited) { + this.policyViolationsWarnAudited = policyViolationsWarnAudited; + } + + public int getPolicyViolationsWarnUnaudited() { + return policyViolationsWarnUnaudited; + } + + public void setPolicyViolationsWarnUnaudited(int policyViolationsWarnUnaudited) { + this.policyViolationsWarnUnaudited = policyViolationsWarnUnaudited; + } + + public int getPolicyViolationsInfoTotal() { + return policyViolationsInfoTotal; } - public void setPolicyViolationsFail(int policyViolationsFail) { - this.policyViolationsFail = policyViolationsFail; + public void setPolicyViolationsInfoTotal(int policyViolationsInfoTotal) { + this.policyViolationsInfoTotal = policyViolationsInfoTotal; } - public int getPolicyViolationsWarn() { - return policyViolationsWarn; + public int getPolicyViolationsInfoAudited() { + return policyViolationsInfoAudited; } - public void setPolicyViolationsWarn(int policyViolationsWarn) { - this.policyViolationsWarn = policyViolationsWarn; + public void setPolicyViolationsInfoAudited(int policyViolationsInfoAudited) { + this.policyViolationsInfoAudited = policyViolationsInfoAudited; } - public int getPolicyViolationsInfo() { - return policyViolationsInfo; + public int getPolicyViolationsInfoUnaudited() { + return policyViolationsInfoUnaudited; } - public void setPolicyViolationsInfo(int policyViolationsInfo) { - this.policyViolationsInfo = policyViolationsInfo; + public void setPolicyViolationsInfoUnaudited(int policyViolationsInfoUnaudited) { + this.policyViolationsInfoUnaudited = policyViolationsInfoUnaudited; } public int getPolicyViolationsTotal() { diff --git a/src/main/java/org/dependencytrack/resources/v1/misc/Badger.java b/src/main/java/org/dependencytrack/resources/v1/misc/Badger.java index 94dfb50452..1b715049a1 100644 --- a/src/main/java/org/dependencytrack/resources/v1/misc/Badger.java +++ b/src/main/java/org/dependencytrack/resources/v1/misc/Badger.java @@ -68,9 +68,9 @@ public String generateViolations(ProjectMetrics metrics) { if (metrics == null) { return writeSvg(PROJECT_VIOLATIONS_NO_METRICS_TEMPLATE, context); } else if (metrics.getPolicyViolationsTotal() > 0) { - context.put("fail", String.valueOf(metrics.getPolicyViolationsFail())); - context.put("warn", String.valueOf(metrics.getPolicyViolationsWarn())); - context.put("info", String.valueOf(metrics.getPolicyViolationsInfo())); + context.put("fail", String.valueOf(metrics.getPolicyViolationsFailTotal())); + context.put("warn", String.valueOf(metrics.getPolicyViolationsWarnTotal())); + context.put("info", String.valueOf(metrics.getPolicyViolationsInfoTotal())); return writeSvg(PROJECT_VIOLATIONS_TEMPLATE, context); } else { return writeSvg(PROJECT_VIOLATIONS_NONE_TEMPLATE, context); diff --git a/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java b/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java index 570cb001e0..1aea201fd1 100644 --- a/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java +++ b/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java @@ -122,25 +122,40 @@ static Counters updateMetrics(final UUID uuid) throws Exception { } switch (Policy.ViolationState.valueOf(violation.violationState().name())) { - case FAIL -> counters.policyViolationsFail++; - case WARN -> counters.policyViolationsWarn++; - case INFO -> counters.policyViolationsInfo++; + case FAIL -> counters.policyViolationsFailTotal++; + case WARN -> counters.policyViolationsWarnTotal++; + case INFO -> counters.policyViolationsInfoTotal++; } + } if (counters.policyViolationsLicenseTotal > 0) { - counters.policyViolationsLicenseAudited = toIntExact(getTotalAuditedPolicyViolations(pm, component, PolicyViolation.Type.LICENSE)); + counters.policyViolationsLicenseAudited = toIntExact(getTotalAuditedPolicyViolationsByType(pm, component, PolicyViolation.Type.LICENSE)); counters.policyViolationsLicenseUnaudited = counters.policyViolationsLicenseTotal - counters.policyViolationsLicenseAudited; } if (counters.policyViolationsOperationalTotal > 0) { - counters.policyViolationsOperationalAudited = toIntExact(getTotalAuditedPolicyViolations(pm, component, PolicyViolation.Type.OPERATIONAL)); + counters.policyViolationsOperationalAudited = toIntExact(getTotalAuditedPolicyViolationsByType(pm, component, PolicyViolation.Type.OPERATIONAL)); counters.policyViolationsOperationalUnaudited = counters.policyViolationsOperationalTotal - counters.policyViolationsOperationalAudited; } if (counters.policyViolationsSecurityTotal > 0) { - counters.policyViolationsSecurityAudited = toIntExact(getTotalAuditedPolicyViolations(pm, component, PolicyViolation.Type.SECURITY)); + counters.policyViolationsSecurityAudited = toIntExact(getTotalAuditedPolicyViolationsByType(pm, component, PolicyViolation.Type.SECURITY)); counters.policyViolationsSecurityUnaudited = counters.policyViolationsSecurityTotal - counters.policyViolationsSecurityAudited; } + // FIXME - need to get the correct count for audited + //if (counters.policyViolationsFailTotal > 0) { + counters.policyViolationsFailAudited = toIntExact(getTotalAuditedPolicyViolationsByState(pm, component, Policy.ViolationState.FAIL)); + counters.policyViolationsFailUnaudited = counters.policyViolationsFailTotal - counters.policyViolationsFailAudited; + //} + //if (counters.policyViolationsWarnTotal > 0) { + counters.policyViolationsWarnAudited = toIntExact(getTotalAuditedPolicyViolationsByState(pm, component, Policy.ViolationState.WARN)); + counters.policyViolationsWarnUnaudited = counters.policyViolationsWarnTotal - counters.policyViolationsWarnAudited; + //} + //if (counters.policyViolationsInfoTotal > 0) { + counters.policyViolationsInfoAudited = toIntExact(getTotalAuditedPolicyViolationsByState(pm, component, Policy.ViolationState.INFO)); + counters.policyViolationsInfoUnaudited = counters.policyViolationsInfoTotal - counters.policyViolationsInfoAudited; + //} + counters.policyViolationsAudited = counters.policyViolationsLicenseAudited + counters.policyViolationsOperationalAudited + counters.policyViolationsSecurityAudited; @@ -221,7 +236,7 @@ private static List getPolicyViolations(final Persist } } - private static long getTotalAuditedPolicyViolations(final PersistenceManager pm, final Component component, final PolicyViolation.Type violationType) throws Exception { + private static long getTotalAuditedPolicyViolationsByType(final PersistenceManager pm, final Component component, final PolicyViolation.Type violationType) throws Exception { try (final Query query = pm.newQuery(ViolationAnalysis.class)) { query.setFilter(""" component == :component && @@ -235,6 +250,21 @@ private static long getTotalAuditedPolicyViolations(final PersistenceManager pm, } } + // FIXME - this is throwing nulls + private static long getTotalAuditedPolicyViolationsByState(final PersistenceManager pm, final Component component, final Policy.ViolationState violationState) throws Exception { + try (final Query query = pm.newQuery(ViolationAnalysis.class)) { + query.setFilter(""" + component == :component && + suppressed == false && + analysisState != :notSet && + policyViolation.policyCondition.policy.violationState == :violationState + """); + query.setParameters(component, ViolationAnalysisState.NOT_SET, violationState); + query.setResult("count(this)"); + return query.executeResultUnique(Long.class); + } + } + public record PolicyViolationProjection(Enum type, Enum violationState) { } diff --git a/src/main/java/org/dependencytrack/tasks/metrics/Counters.java b/src/main/java/org/dependencytrack/tasks/metrics/Counters.java index 77b9e0584e..7f2912d15b 100644 --- a/src/main/java/org/dependencytrack/tasks/metrics/Counters.java +++ b/src/main/java/org/dependencytrack/tasks/metrics/Counters.java @@ -39,7 +39,9 @@ final class Counters { double inheritedRiskScore; int components, vulnerableComponents, projects, vulnerableProjects; int vulnerabilities, suppressions, findingsTotal, findingsAudited, findingsUnaudited; - int policyViolationsFail, policyViolationsWarn, policyViolationsInfo, + int policyViolationsFailTotal, policyViolationsFailAudited, policyViolationsFailUnaudited, + policyViolationsWarnTotal, policyViolationsWarnAudited, policyViolationsWarnUnaudited, + policyViolationsInfoTotal,policyViolationsInfoAudited, policyViolationsInfoUnaudited, policyViolationsTotal, policyViolationsAudited, policyViolationsUnaudited, policyViolationsSecurityTotal, policyViolationsSecurityAudited, policyViolationsSecurityUnaudited, policyViolationsLicenseTotal, policyViolationsLicenseAudited, policyViolationsLicenseUnaudited, @@ -66,9 +68,15 @@ DependencyMetrics createComponentMetrics(final Component component) { metrics.setFindingsAudited(this.findingsAudited); metrics.setFindingsUnaudited(this.findingsUnaudited); metrics.setInheritedRiskScore(this.inheritedRiskScore); - metrics.setPolicyViolationsFail(this.policyViolationsFail); - metrics.setPolicyViolationsWarn(this.policyViolationsWarn); - metrics.setPolicyViolationsInfo(this.policyViolationsInfo); + metrics.setPolicyViolationsFailTotal(this.policyViolationsFailTotal); + metrics.setPolicyViolationsFailAudited(this.policyViolationsFailAudited); + metrics.setPolicyViolationsFailUnaudited(this.policyViolationsFailUnaudited); + metrics.setPolicyViolationsWarnTotal(this.policyViolationsWarnTotal); + metrics.setPolicyViolationsWarnAudited(this.policyViolationsWarnAudited); + metrics.setPolicyViolationsWarnUnaudited(this.policyViolationsWarnUnaudited); + metrics.setPolicyViolationsInfoTotal(this.policyViolationsInfoTotal); + metrics.setPolicyViolationsInfoAudited(this.policyViolationsInfoAudited); + metrics.setPolicyViolationsInfoUnaudited(this.policyViolationsInfoUnaudited); metrics.setPolicyViolationsTotal(this.policyViolationsTotal); metrics.setPolicyViolationsAudited(this.policyViolationsAudited); metrics.setPolicyViolationsUnaudited(this.policyViolationsUnaudited); @@ -102,9 +110,15 @@ ProjectMetrics createProjectMetrics(final Project project) { metrics.setFindingsAudited(this.findingsAudited); metrics.setFindingsUnaudited(this.findingsUnaudited); metrics.setInheritedRiskScore(this.inheritedRiskScore); - metrics.setPolicyViolationsFail(this.policyViolationsFail); - metrics.setPolicyViolationsWarn(this.policyViolationsWarn); - metrics.setPolicyViolationsInfo(this.policyViolationsInfo); + metrics.setPolicyViolationsFailTotal(this.policyViolationsFailTotal); + metrics.setPolicyViolationsFailAudited(this.policyViolationsFailAudited); + metrics.setPolicyViolationsFailUnaudited(this.policyViolationsFailUnaudited); + metrics.setPolicyViolationsWarnTotal(this.policyViolationsWarnTotal); + metrics.setPolicyViolationsWarnAudited(this.policyViolationsWarnAudited); + metrics.setPolicyViolationsWarnUnaudited(this.policyViolationsWarnUnaudited); + metrics.setPolicyViolationsInfoTotal(this.policyViolationsInfoTotal); + metrics.setPolicyViolationsInfoAudited(this.policyViolationsInfoAudited); + metrics.setPolicyViolationsInfoUnaudited(this.policyViolationsInfoUnaudited); metrics.setPolicyViolationsTotal(this.policyViolationsTotal); metrics.setPolicyViolationsAudited(this.policyViolationsAudited); metrics.setPolicyViolationsUnaudited(this.policyViolationsUnaudited); @@ -139,9 +153,15 @@ PortfolioMetrics createPortfolioMetrics() { metrics.setProjects(this.projects); metrics.setVulnerableProjects(this.vulnerableProjects); metrics.setInheritedRiskScore(this.inheritedRiskScore); - metrics.setPolicyViolationsFail(this.policyViolationsFail); - metrics.setPolicyViolationsWarn(this.policyViolationsWarn); - metrics.setPolicyViolationsInfo(this.policyViolationsInfo); + metrics.setPolicyViolationsFailTotal(this.policyViolationsFailTotal); + metrics.setPolicyViolationsFailAudited(this.policyViolationsFailAudited); + metrics.setPolicyViolationsFailUnaudited(this.policyViolationsFailUnaudited); + metrics.setPolicyViolationsWarnTotal(this.policyViolationsWarnTotal); + metrics.setPolicyViolationsWarnAudited(this.policyViolationsWarnAudited); + metrics.setPolicyViolationsWarnUnaudited(this.policyViolationsWarnUnaudited); + metrics.setPolicyViolationsInfoTotal(this.policyViolationsInfoTotal); + metrics.setPolicyViolationsInfoAudited(this.policyViolationsInfoAudited); + metrics.setPolicyViolationsInfoUnaudited(this.policyViolationsInfoUnaudited); metrics.setPolicyViolationsTotal(this.policyViolationsTotal); metrics.setPolicyViolationsAudited(this.policyViolationsAudited); metrics.setPolicyViolationsUnaudited(this.policyViolationsUnaudited); @@ -160,99 +180,120 @@ PortfolioMetrics createPortfolioMetrics() { } boolean hasChanged(final DependencyMetrics comparedTo) { - return comparedTo == null - || comparedTo.getCritical() != this.critical - || comparedTo.getHigh() != this.high - || comparedTo.getMedium() != this.medium - || comparedTo.getLow() != this.low - || comparedTo.getUnassigned() != this.unassigned - || comparedTo.getVulnerabilities() != this.vulnerabilities - || comparedTo.getSuppressed() != this.suppressions - || comparedTo.getFindingsTotal() != this.findingsTotal - || comparedTo.getFindingsAudited() != this.findingsAudited - || comparedTo.getFindingsUnaudited() != this.findingsUnaudited - || comparedTo.getInheritedRiskScore() != this.inheritedRiskScore - || comparedTo.getPolicyViolationsFail() != this.policyViolationsFail - || comparedTo.getPolicyViolationsWarn() != this.policyViolationsWarn - || comparedTo.getPolicyViolationsInfo() != this.policyViolationsInfo - || comparedTo.getPolicyViolationsTotal() != this.policyViolationsTotal - || comparedTo.getPolicyViolationsAudited() != this.policyViolationsAudited - || comparedTo.getPolicyViolationsUnaudited() != this.policyViolationsUnaudited - || comparedTo.getPolicyViolationsSecurityTotal() != this.policyViolationsSecurityTotal - || comparedTo.getPolicyViolationsSecurityAudited() != this.policyViolationsSecurityAudited - || comparedTo.getPolicyViolationsSecurityUnaudited() != this.policyViolationsSecurityUnaudited - || comparedTo.getPolicyViolationsLicenseTotal() != this.policyViolationsLicenseTotal - || comparedTo.getPolicyViolationsLicenseAudited() != this.policyViolationsLicenseAudited - || comparedTo.getPolicyViolationsLicenseUnaudited() != this.policyViolationsLicenseUnaudited - || comparedTo.getPolicyViolationsOperationalTotal() != this.policyViolationsOperationalTotal - || comparedTo.getPolicyViolationsOperationalAudited() != this.policyViolationsOperationalAudited - || comparedTo.getPolicyViolationsOperationalUnaudited() != this.policyViolationsOperationalUnaudited; + return true; +// return comparedTo == null +// || comparedTo.getCritical() != this.critical +// || comparedTo.getHigh() != this.high +// || comparedTo.getMedium() != this.medium +// || comparedTo.getLow() != this.low +// || comparedTo.getUnassigned() != this.unassigned +// || comparedTo.getVulnerabilities() != this.vulnerabilities +// || comparedTo.getSuppressed() != this.suppressions +// || comparedTo.getFindingsTotal() != this.findingsTotal +// || comparedTo.getFindingsAudited() != this.findingsAudited +// || comparedTo.getFindingsUnaudited() != this.findingsUnaudited +// || comparedTo.getInheritedRiskScore() != this.inheritedRiskScore +// || comparedTo.getPolicyViolationsFailTotal() != this.policyViolationsFailTotal +// || comparedTo.getPolicyViolationsFailAudited() != this.policyViolationsFailAudited +// || comparedTo.getPolicyViolationsFailUnaudited() != this.policyViolationsFailUnaudited +// || comparedTo.getPolicyViolationsWarnTotal() != this.policyViolationsWarnTotal +// || comparedTo.getPolicyViolationsWarnAudited() != this.policyViolationsWarnAudited +// || comparedTo.getPolicyViolationsWarnUnaudited() != this.policyViolationsWarnUnaudited +// || comparedTo.getPolicyViolationsInfoTotal() != this.policyViolationsInfoTotal +// || comparedTo.getPolicyViolationsInfoAudited() != this.policyViolationsInfoAudited +// || comparedTo.getPolicyViolationsInfoUnaudited() != this.policyViolationsInfoUnaudited +// || comparedTo.getPolicyViolationsTotal() != this.policyViolationsTotal +// || comparedTo.getPolicyViolationsAudited() != this.policyViolationsAudited +// || comparedTo.getPolicyViolationsUnaudited() != this.policyViolationsUnaudited +// || comparedTo.getPolicyViolationsSecurityTotal() != this.policyViolationsSecurityTotal +// || comparedTo.getPolicyViolationsSecurityAudited() != this.policyViolationsSecurityAudited +// || comparedTo.getPolicyViolationsSecurityUnaudited() != this.policyViolationsSecurityUnaudited +// || comparedTo.getPolicyViolationsLicenseTotal() != this.policyViolationsLicenseTotal +// || comparedTo.getPolicyViolationsLicenseAudited() != this.policyViolationsLicenseAudited +// || comparedTo.getPolicyViolationsLicenseUnaudited() != this.policyViolationsLicenseUnaudited +// || comparedTo.getPolicyViolationsOperationalTotal() != this.policyViolationsOperationalTotal +// || comparedTo.getPolicyViolationsOperationalAudited() != this.policyViolationsOperationalAudited +// || comparedTo.getPolicyViolationsOperationalUnaudited() != this.policyViolationsOperationalUnaudited; } boolean hasChanged(final ProjectMetrics comparedTo) { - return comparedTo == null - || comparedTo.getCritical() != this.critical - || comparedTo.getHigh() != this.high - || comparedTo.getMedium() != this.medium - || comparedTo.getLow() != this.low - || comparedTo.getUnassigned() != this.unassigned - || comparedTo.getVulnerabilities() != this.vulnerabilities - || comparedTo.getSuppressed() != this.suppressions - || comparedTo.getFindingsTotal() != this.findingsTotal - || comparedTo.getFindingsAudited() != this.findingsAudited - || comparedTo.getFindingsUnaudited() != this.findingsUnaudited - || comparedTo.getInheritedRiskScore() != this.inheritedRiskScore - || comparedTo.getPolicyViolationsFail() != this.policyViolationsFail - || comparedTo.getPolicyViolationsWarn() != this.policyViolationsWarn - || comparedTo.getPolicyViolationsInfo() != this.policyViolationsInfo - || comparedTo.getPolicyViolationsTotal() != this.policyViolationsTotal - || comparedTo.getPolicyViolationsAudited() != this.policyViolationsAudited - || comparedTo.getPolicyViolationsUnaudited() != this.policyViolationsUnaudited - || comparedTo.getPolicyViolationsSecurityTotal() != this.policyViolationsSecurityTotal - || comparedTo.getPolicyViolationsSecurityAudited() != this.policyViolationsSecurityAudited - || comparedTo.getPolicyViolationsSecurityUnaudited() != this.policyViolationsSecurityUnaudited - || comparedTo.getPolicyViolationsLicenseTotal() != this.policyViolationsLicenseTotal - || comparedTo.getPolicyViolationsLicenseAudited() != this.policyViolationsLicenseAudited - || comparedTo.getPolicyViolationsLicenseUnaudited() != this.policyViolationsLicenseUnaudited - || comparedTo.getPolicyViolationsOperationalTotal() != this.policyViolationsOperationalTotal - || comparedTo.getPolicyViolationsOperationalAudited() != this.policyViolationsOperationalAudited - || comparedTo.getPolicyViolationsOperationalUnaudited() != this.policyViolationsOperationalUnaudited - || comparedTo.getComponents() != this.components - || comparedTo.getVulnerableComponents() != this.vulnerableComponents; + return true; +// return comparedTo == null +// || comparedTo.getCritical() != this.critical +// || comparedTo.getHigh() != this.high +// || comparedTo.getMedium() != this.medium +// || comparedTo.getLow() != this.low +// || comparedTo.getUnassigned() != this.unassigned +// || comparedTo.getVulnerabilities() != this.vulnerabilities +// || comparedTo.getSuppressed() != this.suppressions +// || comparedTo.getFindingsTotal() != this.findingsTotal +// || comparedTo.getFindingsAudited() != this.findingsAudited +// || comparedTo.getFindingsUnaudited() != this.findingsUnaudited +// || comparedTo.getInheritedRiskScore() != this.inheritedRiskScore +// || comparedTo.getPolicyViolationsFailTotal() != this.policyViolationsFailTotal +// || comparedTo.getPolicyViolationsFailAudited() != this.policyViolationsFailAudited +// || comparedTo.getPolicyViolationsFailUnaudited() != this.policyViolationsFailUnaudited +// || comparedTo.getPolicyViolationsWarnTotal() != this.policyViolationsWarnTotal +// || comparedTo.getPolicyViolationsWarnAudited() != this.policyViolationsWarnAudited +// || comparedTo.getPolicyViolationsWarnUnaudited() != this.policyViolationsWarnUnaudited +// || comparedTo.getPolicyViolationsInfoTotal() != this.policyViolationsInfoTotal +// || comparedTo.getPolicyViolationsInfoAudited() != this.policyViolationsInfoAudited +// || comparedTo.getPolicyViolationsInfoUnaudited() != this.policyViolationsInfoUnaudited +// || comparedTo.getPolicyViolationsTotal() != this.policyViolationsTotal +// || comparedTo.getPolicyViolationsAudited() != this.policyViolationsAudited +// || comparedTo.getPolicyViolationsUnaudited() != this.policyViolationsUnaudited +// || comparedTo.getPolicyViolationsSecurityTotal() != this.policyViolationsSecurityTotal +// || comparedTo.getPolicyViolationsSecurityAudited() != this.policyViolationsSecurityAudited +// || comparedTo.getPolicyViolationsSecurityUnaudited() != this.policyViolationsSecurityUnaudited +// || comparedTo.getPolicyViolationsLicenseTotal() != this.policyViolationsLicenseTotal +// || comparedTo.getPolicyViolationsLicenseAudited() != this.policyViolationsLicenseAudited +// || comparedTo.getPolicyViolationsLicenseUnaudited() != this.policyViolationsLicenseUnaudited +// || comparedTo.getPolicyViolationsOperationalTotal() != this.policyViolationsOperationalTotal +// || comparedTo.getPolicyViolationsOperationalAudited() != this.policyViolationsOperationalAudited +// || comparedTo.getPolicyViolationsOperationalUnaudited() != this.policyViolationsOperationalUnaudited +// || comparedTo.getComponents() != this.components +// || comparedTo.getVulnerableComponents() != this.vulnerableComponents; } boolean hasChanged(final PortfolioMetrics comparedTo) { - return comparedTo == null - || comparedTo.getCritical() != this.critical - || comparedTo.getHigh() != this.high - || comparedTo.getMedium() != this.medium - || comparedTo.getLow() != this.low - || comparedTo.getUnassigned() != this.unassigned - || comparedTo.getVulnerabilities() != this.vulnerabilities - || comparedTo.getInheritedRiskScore() != this.inheritedRiskScore - || comparedTo.getPolicyViolationsFail() != this.policyViolationsFail - || comparedTo.getPolicyViolationsWarn() != this.policyViolationsWarn - || comparedTo.getPolicyViolationsInfo() != this.policyViolationsInfo - || comparedTo.getPolicyViolationsTotal() != this.policyViolationsTotal - || comparedTo.getPolicyViolationsAudited() != this.policyViolationsAudited - || comparedTo.getPolicyViolationsUnaudited() != this.policyViolationsUnaudited - || comparedTo.getPolicyViolationsSecurityTotal() != this.policyViolationsSecurityTotal - || comparedTo.getPolicyViolationsSecurityAudited() != this.policyViolationsSecurityAudited - || comparedTo.getPolicyViolationsSecurityUnaudited() != this.policyViolationsSecurityUnaudited - || comparedTo.getPolicyViolationsLicenseTotal() != this.policyViolationsLicenseTotal - || comparedTo.getPolicyViolationsLicenseAudited() != this.policyViolationsLicenseAudited - || comparedTo.getPolicyViolationsLicenseUnaudited() != this.policyViolationsLicenseUnaudited - || comparedTo.getPolicyViolationsOperationalTotal() != this.policyViolationsOperationalTotal - || comparedTo.getPolicyViolationsOperationalAudited() != this.policyViolationsOperationalAudited - || comparedTo.getPolicyViolationsOperationalUnaudited() != this.policyViolationsOperationalUnaudited - || comparedTo.getComponents() != this.components - || comparedTo.getVulnerableComponents() != this.vulnerableComponents - || comparedTo.getSuppressed() != this.suppressions - || comparedTo.getFindingsTotal() != this.findingsTotal - || comparedTo.getFindingsAudited() != this.findingsAudited - || comparedTo.getFindingsUnaudited() != this.findingsUnaudited - || comparedTo.getProjects() != this.projects - || comparedTo.getVulnerableProjects() != this.vulnerableProjects; + return true; +// return comparedTo == null +// || comparedTo.getCritical() != this.critical +// || comparedTo.getHigh() != this.high +// || comparedTo.getMedium() != this.medium +// || comparedTo.getLow() != this.low +// || comparedTo.getUnassigned() != this.unassigned +// || comparedTo.getVulnerabilities() != this.vulnerabilities +// || comparedTo.getInheritedRiskScore() != this.inheritedRiskScore +// || comparedTo.getPolicyViolationsFailTotal() != this.policyViolationsFailTotal +// || comparedTo.getPolicyViolationsFailAudited() != this.policyViolationsFailAudited +// || comparedTo.getPolicyViolationsFailUnaudited() != this.policyViolationsFailUnaudited +// || comparedTo.getPolicyViolationsWarnTotal() != this.policyViolationsWarnTotal +// || comparedTo.getPolicyViolationsWarnAudited() != this.policyViolationsWarnAudited +// || comparedTo.getPolicyViolationsWarnUnaudited() != this.policyViolationsWarnUnaudited +// || comparedTo.getPolicyViolationsInfoTotal() != this.policyViolationsInfoTotal +// || comparedTo.getPolicyViolationsInfoAudited() != this.policyViolationsInfoAudited +// || comparedTo.getPolicyViolationsInfoUnaudited() != this.policyViolationsInfoUnaudited +// || comparedTo.getPolicyViolationsTotal() != this.policyViolationsTotal +// || comparedTo.getPolicyViolationsAudited() != this.policyViolationsAudited +// || comparedTo.getPolicyViolationsUnaudited() != this.policyViolationsUnaudited +// || comparedTo.getPolicyViolationsSecurityTotal() != this.policyViolationsSecurityTotal +// || comparedTo.getPolicyViolationsSecurityAudited() != this.policyViolationsSecurityAudited +// || comparedTo.getPolicyViolationsSecurityUnaudited() != this.policyViolationsSecurityUnaudited +// || comparedTo.getPolicyViolationsLicenseTotal() != this.policyViolationsLicenseTotal +// || comparedTo.getPolicyViolationsLicenseAudited() != this.policyViolationsLicenseAudited +// || comparedTo.getPolicyViolationsLicenseUnaudited() != this.policyViolationsLicenseUnaudited +// || comparedTo.getPolicyViolationsOperationalTotal() != this.policyViolationsOperationalTotal +// || comparedTo.getPolicyViolationsOperationalAudited() != this.policyViolationsOperationalAudited +// || comparedTo.getPolicyViolationsOperationalUnaudited() != this.policyViolationsOperationalUnaudited +// || comparedTo.getComponents() != this.components +// || comparedTo.getVulnerableComponents() != this.vulnerableComponents +// || comparedTo.getSuppressed() != this.suppressions +// || comparedTo.getFindingsTotal() != this.findingsTotal +// || comparedTo.getFindingsAudited() != this.findingsAudited +// || comparedTo.getFindingsUnaudited() != this.findingsUnaudited +// || comparedTo.getProjects() != this.projects +// || comparedTo.getVulnerableProjects() != this.vulnerableProjects; } } diff --git a/src/main/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTask.java b/src/main/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTask.java index 8673ba4c8c..b564510219 100644 --- a/src/main/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTask.java +++ b/src/main/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTask.java @@ -128,9 +128,15 @@ private void updateMetrics() throws Exception { counters.components += metrics.getComponents(); counters.vulnerableComponents += metrics.getVulnerableComponents(); - counters.policyViolationsFail += metrics.getPolicyViolationsFail(); - counters.policyViolationsWarn += metrics.getPolicyViolationsWarn(); - counters.policyViolationsInfo += metrics.getPolicyViolationsInfo(); + counters.policyViolationsFailTotal += metrics.getPolicyViolationsFailTotal(); + counters.policyViolationsFailAudited += metrics.getPolicyViolationsFailAudited(); + counters.policyViolationsFailUnaudited += metrics.getPolicyViolationsFailUnaudited(); + counters.policyViolationsWarnTotal += metrics.getPolicyViolationsWarnTotal(); + counters.policyViolationsWarnAudited += metrics.getPolicyViolationsWarnAudited(); + counters.policyViolationsWarnUnaudited += metrics.getPolicyViolationsWarnUnaudited(); + counters.policyViolationsInfoTotal += metrics.getPolicyViolationsInfoTotal(); + counters.policyViolationsInfoAudited += metrics.getPolicyViolationsInfoAudited(); + counters.policyViolationsInfoUnaudited += metrics.getPolicyViolationsInfoUnaudited(); counters.policyViolationsTotal += metrics.getPolicyViolationsTotal(); counters.policyViolationsAudited += metrics.getPolicyViolationsAudited(); counters.policyViolationsUnaudited += metrics.getPolicyViolationsUnaudited(); diff --git a/src/main/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTask.java b/src/main/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTask.java index a42cd9bf1c..26a5d76d77 100644 --- a/src/main/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTask.java +++ b/src/main/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTask.java @@ -106,9 +106,15 @@ private void updateMetrics(final UUID uuid) throws Exception { counters.vulnerableComponents += 1; } - counters.policyViolationsFail += componentCounters.policyViolationsFail; - counters.policyViolationsWarn += componentCounters.policyViolationsWarn; - counters.policyViolationsInfo += componentCounters.policyViolationsInfo; + counters.policyViolationsFailTotal += componentCounters.policyViolationsFailTotal; + counters.policyViolationsFailAudited += componentCounters.policyViolationsFailAudited; + counters.policyViolationsFailUnaudited += componentCounters.policyViolationsFailUnaudited; + counters.policyViolationsWarnTotal += componentCounters.policyViolationsWarnTotal; + counters.policyViolationsWarnAudited += componentCounters.policyViolationsWarnAudited; + counters.policyViolationsWarnUnaudited += componentCounters.policyViolationsWarnUnaudited; + counters.policyViolationsInfoTotal += componentCounters.policyViolationsInfoTotal; + counters.policyViolationsInfoAudited += componentCounters.policyViolationsInfoAudited; + counters.policyViolationsInfoUnaudited += componentCounters.policyViolationsInfoUnaudited; counters.policyViolationsTotal += componentCounters.policyViolationsTotal; counters.policyViolationsAudited += componentCounters.policyViolationsAudited; counters.policyViolationsUnaudited += componentCounters.policyViolationsUnaudited; diff --git a/src/test/java/org/dependencytrack/resources/v1/misc/BadgerTest.java b/src/test/java/org/dependencytrack/resources/v1/misc/BadgerTest.java index b0720fc101..1bbf41cd4a 100644 --- a/src/test/java/org/dependencytrack/resources/v1/misc/BadgerTest.java +++ b/src/test/java/org/dependencytrack/resources/v1/misc/BadgerTest.java @@ -80,9 +80,9 @@ public void generateViolationsWithoutViolationsGenerateExpectedSvg() throws Exce public void generateViolationsWithViolationsGenerateExpectedSvg() throws Exception { ProjectMetrics metrics = new ProjectMetrics(); metrics.setPolicyViolationsTotal(1 + 2 + 3); - metrics.setPolicyViolationsFail(1); - metrics.setPolicyViolationsWarn(2); - metrics.setPolicyViolationsInfo(3); + metrics.setPolicyViolationsFailTotal(1); + metrics.setPolicyViolationsWarnTotal(2); + metrics.setPolicyViolationsInfoTotal(3); Badger badger = new Badger(); String svg = badger.generateViolations(metrics); Assert.assertEquals(strip(svg), strip(expectedSvg("project-violations.svg"))); diff --git a/src/test/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTaskTest.java b/src/test/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTaskTest.java index 1fb0423de2..69d2a98dcb 100644 --- a/src/test/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTaskTest.java @@ -64,9 +64,15 @@ public void testUpdateCMetricsEmpty() { assertThat(metrics.getFindingsAudited()).isZero(); assertThat(metrics.getFindingsUnaudited()).isZero(); assertThat(metrics.getInheritedRiskScore()).isZero(); - assertThat(metrics.getPolicyViolationsFail()).isZero(); - assertThat(metrics.getPolicyViolationsWarn()).isZero(); - assertThat(metrics.getPolicyViolationsInfo()).isZero(); + assertThat(metrics.getPolicyViolationsFailTotal()).isZero(); + assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); + assertThat(metrics.getPolicyViolationsFailUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnTotal()).isZero(); + assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); + assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); assertThat(metrics.getPolicyViolationsTotal()).isZero(); assertThat(metrics.getPolicyViolationsAudited()).isZero(); assertThat(metrics.getPolicyViolationsUnaudited()).isZero(); @@ -161,9 +167,15 @@ public void testUpdateMetricsVulnerabilities() { assertThat(metrics.getFindingsAudited()).isEqualTo(1); assertThat(metrics.getFindingsUnaudited()).isEqualTo(1); assertThat(metrics.getInheritedRiskScore()).isEqualTo(8.0); - assertThat(metrics.getPolicyViolationsFail()).isZero(); - assertThat(metrics.getPolicyViolationsWarn()).isZero(); - assertThat(metrics.getPolicyViolationsInfo()).isZero(); + assertThat(metrics.getPolicyViolationsFailTotal()).isZero(); + assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); + assertThat(metrics.getPolicyViolationsFailUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnTotal()).isZero(); + assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); + assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); assertThat(metrics.getPolicyViolationsTotal()).isZero(); assertThat(metrics.getPolicyViolationsAudited()).isZero(); assertThat(metrics.getPolicyViolationsUnaudited()).isZero(); @@ -217,9 +229,15 @@ public void testUpdateMetricsPolicyViolations() { assertThat(metrics.getFindingsAudited()).isZero(); assertThat(metrics.getFindingsUnaudited()).isZero(); assertThat(metrics.getInheritedRiskScore()).isZero(); - assertThat(metrics.getPolicyViolationsFail()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsWarn()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsInfo()).isZero(); // Suppressed + assertThat(metrics.getPolicyViolationsFailTotal()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); + assertThat(metrics.getPolicyViolationsFailUnaudited()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsWarnTotal()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsWarnAudited()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); // Suppressed + assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); assertThat(metrics.getPolicyViolationsTotal()).isEqualTo(2); assertThat(metrics.getPolicyViolationsAudited()).isEqualTo(1); assertThat(metrics.getPolicyViolationsUnaudited()).isEqualTo(1); @@ -309,9 +327,15 @@ public void testUpdateMetricsWithDuplicateAliases() { assertThat(metrics.getFindingsAudited()).isEqualTo(0); assertThat(metrics.getFindingsUnaudited()).isEqualTo(2); assertThat(metrics.getInheritedRiskScore()).isEqualTo(8.0); - assertThat(metrics.getPolicyViolationsFail()).isZero(); - assertThat(metrics.getPolicyViolationsWarn()).isZero(); - assertThat(metrics.getPolicyViolationsInfo()).isZero(); + assertThat(metrics.getPolicyViolationsFailTotal()).isZero(); + assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); + assertThat(metrics.getPolicyViolationsFailUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnTotal()).isZero(); + assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); + assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); assertThat(metrics.getPolicyViolationsTotal()).isZero(); assertThat(metrics.getPolicyViolationsAudited()).isZero(); assertThat(metrics.getPolicyViolationsUnaudited()).isZero(); diff --git a/src/test/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTaskTest.java b/src/test/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTaskTest.java index 11ede2cb1d..ebce8f32ee 100644 --- a/src/test/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTaskTest.java @@ -78,9 +78,15 @@ public void testUpdateMetricsEmpty() { assertThat(metrics.getFindingsAudited()).isZero(); assertThat(metrics.getFindingsUnaudited()).isZero(); assertThat(metrics.getInheritedRiskScore()).isZero(); - assertThat(metrics.getPolicyViolationsFail()).isZero(); - assertThat(metrics.getPolicyViolationsWarn()).isZero(); - assertThat(metrics.getPolicyViolationsInfo()).isZero(); + assertThat(metrics.getPolicyViolationsFailTotal()).isZero(); + assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); + assertThat(metrics.getPolicyViolationsFailUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnTotal()).isZero(); + assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); + assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); assertThat(metrics.getPolicyViolationsTotal()).isZero(); assertThat(metrics.getPolicyViolationsAudited()).isZero(); assertThat(metrics.getPolicyViolationsUnaudited()).isZero(); @@ -170,9 +176,15 @@ public void testUpdateMetricsVulnerabilities() { assertThat(metrics.getFindingsAudited()).isEqualTo(1); assertThat(metrics.getFindingsUnaudited()).isEqualTo(1); assertThat(metrics.getInheritedRiskScore()).isEqualTo(10.0); - assertThat(metrics.getPolicyViolationsFail()).isZero(); - assertThat(metrics.getPolicyViolationsWarn()).isZero(); - assertThat(metrics.getPolicyViolationsInfo()).isZero(); + assertThat(metrics.getPolicyViolationsFailTotal()).isZero(); + assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); + assertThat(metrics.getPolicyViolationsFailUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnTotal()).isZero(); + assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); + assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); assertThat(metrics.getPolicyViolationsTotal()).isZero(); assertThat(metrics.getPolicyViolationsAudited()).isZero(); assertThat(metrics.getPolicyViolationsUnaudited()).isZero(); @@ -248,9 +260,15 @@ public void testUpdateMetricsPolicyViolations() { assertThat(metrics.getFindingsAudited()).isZero(); assertThat(metrics.getFindingsUnaudited()).isZero(); assertThat(metrics.getInheritedRiskScore()).isZero(); - assertThat(metrics.getPolicyViolationsFail()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsWarn()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsInfo()).isZero(); // Suppressed + assertThat(metrics.getPolicyViolationsFailTotal()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); + assertThat(metrics.getPolicyViolationsFailUnaudited()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsWarnTotal()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsWarnAudited()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); // Suppressed + assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); assertThat(metrics.getPolicyViolationsTotal()).isEqualTo(2); assertThat(metrics.getPolicyViolationsAudited()).isEqualTo(1); assertThat(metrics.getPolicyViolationsUnaudited()).isEqualTo(1); diff --git a/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java b/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java index 40f71d8518..283108227f 100644 --- a/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java @@ -60,9 +60,15 @@ public void testUpdateMetricsEmpty() { assertThat(metrics.getFindingsAudited()).isZero(); assertThat(metrics.getFindingsUnaudited()).isZero(); assertThat(metrics.getInheritedRiskScore()).isZero(); - assertThat(metrics.getPolicyViolationsFail()).isZero(); - assertThat(metrics.getPolicyViolationsWarn()).isZero(); - assertThat(metrics.getPolicyViolationsInfo()).isZero(); + assertThat(metrics.getPolicyViolationsFailTotal()).isZero(); + assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); + assertThat(metrics.getPolicyViolationsFailUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnTotal()).isZero(); + assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); + assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); assertThat(metrics.getPolicyViolationsTotal()).isZero(); assertThat(metrics.getPolicyViolationsAudited()).isZero(); assertThat(metrics.getPolicyViolationsUnaudited()).isZero(); @@ -152,9 +158,15 @@ public void testUpdateMetricsVulnerabilities() { assertThat(metrics.getFindingsAudited()).isEqualTo(1); assertThat(metrics.getFindingsUnaudited()).isEqualTo(1); assertThat(metrics.getInheritedRiskScore()).isEqualTo(10.0); - assertThat(metrics.getPolicyViolationsFail()).isZero(); - assertThat(metrics.getPolicyViolationsWarn()).isZero(); - assertThat(metrics.getPolicyViolationsInfo()).isZero(); + assertThat(metrics.getPolicyViolationsFailTotal()).isZero(); + assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); + assertThat(metrics.getPolicyViolationsFailUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnTotal()).isZero(); + assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); + assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); assertThat(metrics.getPolicyViolationsTotal()).isZero(); assertThat(metrics.getPolicyViolationsAudited()).isZero(); assertThat(metrics.getPolicyViolationsUnaudited()).isZero(); @@ -220,9 +232,15 @@ public void testUpdateMetricsPolicyViolations() { assertThat(metrics.getFindingsAudited()).isZero(); assertThat(metrics.getFindingsUnaudited()).isZero(); assertThat(metrics.getInheritedRiskScore()).isZero(); - assertThat(metrics.getPolicyViolationsFail()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsWarn()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsInfo()).isZero(); // Suppressed + assertThat(metrics.getPolicyViolationsFailTotal()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); + assertThat(metrics.getPolicyViolationsFailUnaudited()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsWarnTotal()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsWarnAudited()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); + assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); assertThat(metrics.getPolicyViolationsTotal()).isEqualTo(2); assertThat(metrics.getPolicyViolationsAudited()).isEqualTo(1); assertThat(metrics.getPolicyViolationsUnaudited()).isEqualTo(1); From efb2703f5ba5d5e4549680063983b3679160f381 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Fri, 12 Apr 2024 15:25:08 -0400 Subject: [PATCH 02/16] feat: violation state audited/unaudited by state Signed-off-by: Adam Setch --- .../model/DependencyMetrics.java | 39 ++++++++++++ .../model/PortfolioMetrics.java | 40 +++++++++++- .../dependencytrack/model/ProjectMetrics.java | 61 +++++++++++++++---- .../metrics/ComponentMetricsUpdateTask.java | 16 ++--- .../tasks/metrics/Counters.java | 3 + .../upgrade/v4110/v4110Updater.java | 1 + .../ComponentMetricsUpdateTaskTest.java | 12 ++++ .../PortfolioMetricsUpdateTaskTest.java | 9 +++ .../metrics/ProjectMetricsUpdateTaskTest.java | 9 +++ 9 files changed, 170 insertions(+), 20 deletions(-) diff --git a/src/main/java/org/dependencytrack/model/DependencyMetrics.java b/src/main/java/org/dependencytrack/model/DependencyMetrics.java index 7af4a67034..0144a964c5 100644 --- a/src/main/java/org/dependencytrack/model/DependencyMetrics.java +++ b/src/main/java/org/dependencytrack/model/DependencyMetrics.java @@ -103,6 +103,11 @@ public class DependencyMetrics implements Serializable { @Column(name = "RISKSCORE") private double inheritedRiskScore; + @Persistent + @Column(name = "POLICYVIOLATIONS_FAILL", allowsNull = "true") // New column, must allow nulls on existing databases) + @Deprecated + private Integer policyViolationsFail; + @Persistent @Column(name = "POLICYVIOLATIONS_FAIL_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsFailTotal; @@ -115,6 +120,11 @@ public class DependencyMetrics implements Serializable { @Column(name = "POLICYVIOLATIONS_FAIL_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsFailUnaudited; + @Persistent + @Column(name = "POLICYVIOLATIONS_WARN", allowsNull = "true") // New column, must allow nulls on existing databases) + @Deprecated + private Integer policyViolationsWarn; + @Persistent @Column(name = "POLICYVIOLATIONS_WARN_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsWarnTotal; @@ -127,6 +137,11 @@ public class DependencyMetrics implements Serializable { @Column(name = "POLICYVIOLATIONS_WARN_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsWarnUnaudited; + @Persistent + @Column(name = "POLICYVIOLATIONS_INFO", allowsNull = "true") // New column, must allow nulls on existing databases) + @Deprecated + private Integer policyViolationsInfo; + @Persistent @Column(name = "POLICYVIOLATIONS_INFO_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsInfoTotal; @@ -312,6 +327,14 @@ public void setInheritedRiskScore(double inheritedRiskScore) { this.inheritedRiskScore = inheritedRiskScore; } + public int getPolicyViolationsFail() { + return policyViolationsFail; + } + + public void setPolicyViolationsFail(int policyViolationsFail) { + this.policyViolationsFail = policyViolationsFail; + } + public int getPolicyViolationsFailTotal() { return policyViolationsFailTotal; } @@ -336,6 +359,14 @@ public void setPolicyViolationsFailUnaudited(int policyViolationsFailUnaudited) this.policyViolationsFailUnaudited = policyViolationsFailUnaudited; } + public int getPolicyViolationsWarn() { + return policyViolationsWarn; + } + + public void setPolicyViolationsWarn(int policyViolationsWarn) { + this.policyViolationsWarn = policyViolationsWarn; + } + public int getPolicyViolationsWarnTotal() { return policyViolationsWarnTotal; } @@ -360,6 +391,14 @@ public void setPolicyViolationsWarnUnaudited(int policyViolationsWarnUnaudited) this.policyViolationsWarnUnaudited = policyViolationsWarnUnaudited; } + public int getPolicyViolationsInfo() { + return policyViolationsInfo; + } + + public void setPolicyViolationsInfo(int policyViolationsInfo) { + this.policyViolationsInfo = policyViolationsInfo; + } + public int getPolicyViolationsInfoTotal() { return policyViolationsInfoTotal; } diff --git a/src/main/java/org/dependencytrack/model/PortfolioMetrics.java b/src/main/java/org/dependencytrack/model/PortfolioMetrics.java index e83b54866b..d0e4fbc8eb 100644 --- a/src/main/java/org/dependencytrack/model/PortfolioMetrics.java +++ b/src/main/java/org/dependencytrack/model/PortfolioMetrics.java @@ -115,6 +115,11 @@ public class PortfolioMetrics implements Serializable { @Column(name = "RISKSCORE") private double inheritedRiskScore; + @Persistent + @Column(name = "POLICYVIOLATIONS_FAILL", allowsNull = "true") // New column, must allow nulls on existing databases) + @Deprecated + private Integer policyViolationsFail; + @Persistent @Column(name = "POLICYVIOLATIONS_FAIL_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsFailTotal; @@ -127,6 +132,11 @@ public class PortfolioMetrics implements Serializable { @Column(name = "POLICYVIOLATIONS_FAIL_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsFailUnaudited; + @Persistent + @Column(name = "POLICYVIOLATIONS_WARN", allowsNull = "true") // New column, must allow nulls on existing databases) + @Deprecated + private Integer policyViolationsWarn; + @Persistent @Column(name = "POLICYVIOLATIONS_WARN_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsWarnTotal; @@ -139,6 +149,11 @@ public class PortfolioMetrics implements Serializable { @Column(name = "POLICYVIOLATIONS_WARN_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsWarnUnaudited; + @Persistent + @Column(name = "POLICYVIOLATIONS_INFO", allowsNull = "true") // New column, must allow nulls on existing databases) + @Deprecated + private Integer policyViolationsInfo; + @Persistent @Column(name = "POLICYVIOLATIONS_INFO_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsInfoTotal; @@ -151,7 +166,6 @@ public class PortfolioMetrics implements Serializable { @Column(name = "POLICYVIOLATIONS_INFO_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsInfoUnaudited; - @Persistent @Column(name = "POLICYVIOLATIONS_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsTotal; @@ -342,6 +356,14 @@ public void setInheritedRiskScore(double inheritedRiskScore) { this.inheritedRiskScore = inheritedRiskScore; } + public int getPolicyViolationsFail() { + return policyViolationsFail; + } + + public void setPolicyViolationsFail(int policyViolationsFail) { + this.policyViolationsFail = policyViolationsFail; + } + public int getPolicyViolationsFailTotal() { return policyViolationsFailTotal; } @@ -366,6 +388,14 @@ public void setPolicyViolationsFailUnaudited(int policyViolationsFailUnaudited) this.policyViolationsFailUnaudited = policyViolationsFailUnaudited; } + public int getPolicyViolationsWarn() { + return policyViolationsWarn; + } + + public void setPolicyViolationsWarn(int policyViolationsWarn) { + this.policyViolationsWarn = policyViolationsWarn; + } + public int getPolicyViolationsWarnTotal() { return policyViolationsWarnTotal; } @@ -390,6 +420,14 @@ public void setPolicyViolationsWarnUnaudited(int policyViolationsWarnUnaudited) this.policyViolationsWarnUnaudited = policyViolationsWarnUnaudited; } + public int getPolicyViolationsInfo() { + return policyViolationsInfo; + } + + public void setPolicyViolationsInfo(int policyViolationsInfo) { + this.policyViolationsInfo = policyViolationsInfo; + } + public int getPolicyViolationsInfoTotal() { return policyViolationsInfoTotal; } diff --git a/src/main/java/org/dependencytrack/model/ProjectMetrics.java b/src/main/java/org/dependencytrack/model/ProjectMetrics.java index 53ae98b767..88c4328191 100644 --- a/src/main/java/org/dependencytrack/model/ProjectMetrics.java +++ b/src/main/java/org/dependencytrack/model/ProjectMetrics.java @@ -112,39 +112,54 @@ public class ProjectMetrics implements Serializable { private double inheritedRiskScore; @Persistent - @Column(name = "POLICYVIOLATIONS_FAIL_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_FAILL", allowsNull = "true") // New column, must allow nulls on existing databases) + @Deprecated + private Integer policyViolationsFail; + + @Persistent + @Column(name = "POLICYVIOLATIONS_FAIL_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsFailTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_FAIL_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_FAIL_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsFailAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_FAIL_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_FAIL_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsFailUnaudited; @Persistent - @Column(name = "POLICYVIOLATIONS_WARN_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_WARN", allowsNull = "true") // New column, must allow nulls on existing databases) + @Deprecated + private Integer policyViolationsWarn; + + @Persistent + @Column(name = "POLICYVIOLATIONS_WARN_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsWarnTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_WARN_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_WARN_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsWarnAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_WARN_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_WARN_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsWarnUnaudited; @Persistent - @Column(name = "POLICYVIOLATIONS_INFO_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_INFO", allowsNull = "true") // New column, must allow nulls on existing databases) + @Deprecated + private Integer policyViolationsInfo; + + @Persistent + @Column(name = "POLICYVIOLATIONS_INFO_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsInfoTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_INFO_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_INFO_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsInfoAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_INFO_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_INFO_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsInfoUnaudited; @Persistent @@ -152,11 +167,11 @@ public class ProjectMetrics implements Serializable { private Integer policyViolationsTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) + @Column(name = "POLICYVIOLATIONS_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) + @Column(name = "POLICYVIOLATIONS_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsUnaudited; @Persistent @@ -329,6 +344,14 @@ public void setInheritedRiskScore(double inheritedRiskScore) { this.inheritedRiskScore = inheritedRiskScore; } + public int getPolicyViolationsFail() { + return policyViolationsFail; + } + + public void setPolicyViolationsFail(int policyViolationsFail) { + this.policyViolationsFail = policyViolationsFail; + } + public int getPolicyViolationsFailTotal() { return policyViolationsFailTotal; } @@ -353,6 +376,14 @@ public void setPolicyViolationsFailUnaudited(int policyViolationsFailUnaudited) this.policyViolationsFailUnaudited = policyViolationsFailUnaudited; } + public int getPolicyViolationsWarn() { + return policyViolationsWarn; + } + + public void setPolicyViolationsWarn(int policyViolationsWarn) { + this.policyViolationsWarn = policyViolationsWarn; + } + public int getPolicyViolationsWarnTotal() { return policyViolationsWarnTotal; } @@ -377,6 +408,14 @@ public void setPolicyViolationsWarnUnaudited(int policyViolationsWarnUnaudited) this.policyViolationsWarnUnaudited = policyViolationsWarnUnaudited; } + public int getPolicyViolationsInfo() { + return policyViolationsInfo; + } + + public void setPolicyViolationsInfo(int policyViolationsInfo) { + this.policyViolationsInfo = policyViolationsInfo; + } + public int getPolicyViolationsInfoTotal() { return policyViolationsInfoTotal; } diff --git a/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java b/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java index 1aea201fd1..f3cf4960fb 100644 --- a/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java +++ b/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java @@ -142,19 +142,19 @@ static Counters updateMetrics(final UUID uuid) throws Exception { counters.policyViolationsSecurityUnaudited = counters.policyViolationsSecurityTotal - counters.policyViolationsSecurityAudited; } - // FIXME - need to get the correct count for audited - //if (counters.policyViolationsFailTotal > 0) { + // FIXME - Adam need to get the correct count for audited + if (counters.policyViolationsFailTotal > 0) { counters.policyViolationsFailAudited = toIntExact(getTotalAuditedPolicyViolationsByState(pm, component, Policy.ViolationState.FAIL)); counters.policyViolationsFailUnaudited = counters.policyViolationsFailTotal - counters.policyViolationsFailAudited; - //} - //if (counters.policyViolationsWarnTotal > 0) { + } + if (counters.policyViolationsWarnTotal > 0) { counters.policyViolationsWarnAudited = toIntExact(getTotalAuditedPolicyViolationsByState(pm, component, Policy.ViolationState.WARN)); counters.policyViolationsWarnUnaudited = counters.policyViolationsWarnTotal - counters.policyViolationsWarnAudited; - //} - //if (counters.policyViolationsInfoTotal > 0) { + } + if (counters.policyViolationsInfoTotal > 0) { counters.policyViolationsInfoAudited = toIntExact(getTotalAuditedPolicyViolationsByState(pm, component, Policy.ViolationState.INFO)); counters.policyViolationsInfoUnaudited = counters.policyViolationsInfoTotal - counters.policyViolationsInfoAudited; - //} + } counters.policyViolationsAudited = counters.policyViolationsLicenseAudited + counters.policyViolationsOperationalAudited + @@ -250,7 +250,7 @@ private static long getTotalAuditedPolicyViolationsByType(final PersistenceManag } } - // FIXME - this is throwing nulls + // FIXME - Adam - this is throwing nulls private static long getTotalAuditedPolicyViolationsByState(final PersistenceManager pm, final Component component, final Policy.ViolationState violationState) throws Exception { try (final Query query = pm.newQuery(ViolationAnalysis.class)) { query.setFilter(""" diff --git a/src/main/java/org/dependencytrack/tasks/metrics/Counters.java b/src/main/java/org/dependencytrack/tasks/metrics/Counters.java index 7f2912d15b..5ed2920f1e 100644 --- a/src/main/java/org/dependencytrack/tasks/metrics/Counters.java +++ b/src/main/java/org/dependencytrack/tasks/metrics/Counters.java @@ -68,12 +68,15 @@ DependencyMetrics createComponentMetrics(final Component component) { metrics.setFindingsAudited(this.findingsAudited); metrics.setFindingsUnaudited(this.findingsUnaudited); metrics.setInheritedRiskScore(this.inheritedRiskScore); + metrics.setPolicyViolationsFail(this.policyViolationsFailTotal); metrics.setPolicyViolationsFailTotal(this.policyViolationsFailTotal); metrics.setPolicyViolationsFailAudited(this.policyViolationsFailAudited); metrics.setPolicyViolationsFailUnaudited(this.policyViolationsFailUnaudited); + metrics.setPolicyViolationsWarn(this.policyViolationsWarnTotal); metrics.setPolicyViolationsWarnTotal(this.policyViolationsWarnTotal); metrics.setPolicyViolationsWarnAudited(this.policyViolationsWarnAudited); metrics.setPolicyViolationsWarnUnaudited(this.policyViolationsWarnUnaudited); + metrics.setPolicyViolationsInfo(this.policyViolationsInfoTotal); metrics.setPolicyViolationsInfoTotal(this.policyViolationsInfoTotal); metrics.setPolicyViolationsInfoAudited(this.policyViolationsInfoAudited); metrics.setPolicyViolationsInfoUnaudited(this.policyViolationsInfoUnaudited); diff --git a/src/main/java/org/dependencytrack/upgrade/v4110/v4110Updater.java b/src/main/java/org/dependencytrack/upgrade/v4110/v4110Updater.java index a9f71a82cb..aea6215935 100644 --- a/src/main/java/org/dependencytrack/upgrade/v4110/v4110Updater.java +++ b/src/main/java/org/dependencytrack/upgrade/v4110/v4110Updater.java @@ -44,6 +44,7 @@ public void executeUpgrade(final AlpineQueryManager qm, final Connection connect dropCweTable(connection); computeVulnerabilitySeverities(connection); extendPurlColumnLengths(connection); + // FIXME - Adam - add an upgrade process here? } private static void dropCweTable(final Connection connection) throws Exception { diff --git a/src/test/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTaskTest.java b/src/test/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTaskTest.java index 69d2a98dcb..0b0a78d52b 100644 --- a/src/test/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTaskTest.java @@ -64,12 +64,15 @@ public void testUpdateCMetricsEmpty() { assertThat(metrics.getFindingsAudited()).isZero(); assertThat(metrics.getFindingsUnaudited()).isZero(); assertThat(metrics.getInheritedRiskScore()).isZero(); + assertThat(metrics.getPolicyViolationsFail()).isZero(); assertThat(metrics.getPolicyViolationsFailTotal()).isZero(); assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); assertThat(metrics.getPolicyViolationsFailUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarn()).isZero(); assertThat(metrics.getPolicyViolationsWarnTotal()).isZero(); assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfo()).isZero(); assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); @@ -167,12 +170,15 @@ public void testUpdateMetricsVulnerabilities() { assertThat(metrics.getFindingsAudited()).isEqualTo(1); assertThat(metrics.getFindingsUnaudited()).isEqualTo(1); assertThat(metrics.getInheritedRiskScore()).isEqualTo(8.0); + assertThat(metrics.getPolicyViolationsFail()).isZero(); assertThat(metrics.getPolicyViolationsFailTotal()).isZero(); assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); assertThat(metrics.getPolicyViolationsFailUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarn()).isZero(); assertThat(metrics.getPolicyViolationsWarnTotal()).isZero(); assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfo()).isZero(); assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); @@ -229,12 +235,15 @@ public void testUpdateMetricsPolicyViolations() { assertThat(metrics.getFindingsAudited()).isZero(); assertThat(metrics.getFindingsUnaudited()).isZero(); assertThat(metrics.getInheritedRiskScore()).isZero(); + assertThat(metrics.getPolicyViolationsFail()).isEqualTo(1); assertThat(metrics.getPolicyViolationsFailTotal()).isEqualTo(1); assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); assertThat(metrics.getPolicyViolationsFailUnaudited()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsWarn()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarnTotal()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarnAudited()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfo()).isZero(); // Suppressed assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); // Suppressed assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); @@ -327,12 +336,15 @@ public void testUpdateMetricsWithDuplicateAliases() { assertThat(metrics.getFindingsAudited()).isEqualTo(0); assertThat(metrics.getFindingsUnaudited()).isEqualTo(2); assertThat(metrics.getInheritedRiskScore()).isEqualTo(8.0); + assertThat(metrics.getPolicyViolationsFail()).isZero(); assertThat(metrics.getPolicyViolationsFailTotal()).isZero(); assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); assertThat(metrics.getPolicyViolationsFailUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarn()).isZero(); assertThat(metrics.getPolicyViolationsWarnTotal()).isZero(); assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfo()).isZero(); assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); diff --git a/src/test/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTaskTest.java b/src/test/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTaskTest.java index ebce8f32ee..cbefad60b2 100644 --- a/src/test/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTaskTest.java @@ -78,12 +78,15 @@ public void testUpdateMetricsEmpty() { assertThat(metrics.getFindingsAudited()).isZero(); assertThat(metrics.getFindingsUnaudited()).isZero(); assertThat(metrics.getInheritedRiskScore()).isZero(); + assertThat(metrics.getPolicyViolationsFail()).isZero(); assertThat(metrics.getPolicyViolationsFailTotal()).isZero(); assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); assertThat(metrics.getPolicyViolationsFailUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarn()).isZero(); assertThat(metrics.getPolicyViolationsWarnTotal()).isZero(); assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfo()).isZero(); assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); @@ -176,12 +179,15 @@ public void testUpdateMetricsVulnerabilities() { assertThat(metrics.getFindingsAudited()).isEqualTo(1); assertThat(metrics.getFindingsUnaudited()).isEqualTo(1); assertThat(metrics.getInheritedRiskScore()).isEqualTo(10.0); + assertThat(metrics.getPolicyViolationsFail()).isZero(); assertThat(metrics.getPolicyViolationsFailTotal()).isZero(); assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); assertThat(metrics.getPolicyViolationsFailUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarn()).isZero(); assertThat(metrics.getPolicyViolationsWarnTotal()).isZero(); assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfo()).isZero(); assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); @@ -260,12 +266,15 @@ public void testUpdateMetricsPolicyViolations() { assertThat(metrics.getFindingsAudited()).isZero(); assertThat(metrics.getFindingsUnaudited()).isZero(); assertThat(metrics.getInheritedRiskScore()).isZero(); + assertThat(metrics.getPolicyViolationsFail()).isEqualTo(1); assertThat(metrics.getPolicyViolationsFailTotal()).isEqualTo(1); assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); assertThat(metrics.getPolicyViolationsFailUnaudited()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsWarn()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarnTotal()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarnAudited()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfo()).isZero(); // Suppressed assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); // Suppressed assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); diff --git a/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java b/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java index 283108227f..469c03c911 100644 --- a/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java @@ -60,12 +60,15 @@ public void testUpdateMetricsEmpty() { assertThat(metrics.getFindingsAudited()).isZero(); assertThat(metrics.getFindingsUnaudited()).isZero(); assertThat(metrics.getInheritedRiskScore()).isZero(); + assertThat(metrics.getPolicyViolationsFail()).isZero(); assertThat(metrics.getPolicyViolationsFailTotal()).isZero(); assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); assertThat(metrics.getPolicyViolationsFailUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarn()).isZero(); assertThat(metrics.getPolicyViolationsWarnTotal()).isZero(); assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfo()).isZero(); assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); @@ -158,12 +161,15 @@ public void testUpdateMetricsVulnerabilities() { assertThat(metrics.getFindingsAudited()).isEqualTo(1); assertThat(metrics.getFindingsUnaudited()).isEqualTo(1); assertThat(metrics.getInheritedRiskScore()).isEqualTo(10.0); + assertThat(metrics.getPolicyViolationsFail()).isZero(); assertThat(metrics.getPolicyViolationsFailTotal()).isZero(); assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); assertThat(metrics.getPolicyViolationsFailUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarn()).isZero(); assertThat(metrics.getPolicyViolationsWarnTotal()).isZero(); assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfo()).isZero(); assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); @@ -232,12 +238,15 @@ public void testUpdateMetricsPolicyViolations() { assertThat(metrics.getFindingsAudited()).isZero(); assertThat(metrics.getFindingsUnaudited()).isZero(); assertThat(metrics.getInheritedRiskScore()).isZero(); + assertThat(metrics.getPolicyViolationsFail()).isEqualTo(1); assertThat(metrics.getPolicyViolationsFailTotal()).isEqualTo(1); assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); assertThat(metrics.getPolicyViolationsFailUnaudited()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsWarn()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarnTotal()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarnAudited()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfo()).isZero(); assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); From df01edc98b3cddb54f1185457ae3c4ef6285b29c Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Fri, 12 Apr 2024 15:36:01 -0400 Subject: [PATCH 03/16] feat: violation state audited/unaudited by state Signed-off-by: Adam Setch --- src/main/java/org/dependencytrack/model/DependencyMetrics.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/dependencytrack/model/DependencyMetrics.java b/src/main/java/org/dependencytrack/model/DependencyMetrics.java index 0144a964c5..df09e83603 100644 --- a/src/main/java/org/dependencytrack/model/DependencyMetrics.java +++ b/src/main/java/org/dependencytrack/model/DependencyMetrics.java @@ -104,7 +104,7 @@ public class DependencyMetrics implements Serializable { private double inheritedRiskScore; @Persistent - @Column(name = "POLICYVIOLATIONS_FAILL", allowsNull = "true") // New column, must allow nulls on existing databases) + @Column(name = "POLICYVIOLATIONS_FAIL", allowsNull = "true") // New column, must allow nulls on existing databases) @Deprecated private Integer policyViolationsFail; From 78481bd86c4bc04a38d6c5d2df92f29fe070d2b7 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Fri, 12 Apr 2024 15:37:09 -0400 Subject: [PATCH 04/16] feat: violation state audited/unaudited by state Signed-off-by: Adam Setch --- .../model/DependencyMetrics.java | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/main/java/org/dependencytrack/model/DependencyMetrics.java b/src/main/java/org/dependencytrack/model/DependencyMetrics.java index df09e83603..b3d2297ecb 100644 --- a/src/main/java/org/dependencytrack/model/DependencyMetrics.java +++ b/src/main/java/org/dependencytrack/model/DependencyMetrics.java @@ -168,39 +168,39 @@ public class DependencyMetrics implements Serializable { private Integer policyViolationsUnaudited; @Persistent - @Column(name = "POLICYVIOLATIONS_SECURITY_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) + @Column(name = "POLICYVIOLATIONS_SECURITY_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsSecurityTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_SECURITY_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) + @Column(name = "POLICYVIOLATIONS_SECURITY_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsSecurityAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_SECURITY_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) + @Column(name = "POLICYVIOLATIONS_SECURITY_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsSecurityUnaudited; @Persistent - @Column(name = "POLICYVIOLATIONS_LICENSE_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) + @Column(name = "POLICYVIOLATIONS_LICENSE_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsLicenseTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_LICENSE_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) + @Column(name = "POLICYVIOLATIONS_LICENSE_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsLicenseAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_LICENSE_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) + @Column(name = "POLICYVIOLATIONS_LICENSE_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsLicenseUnaudited; @Persistent - @Column(name = "POLICYVIOLATIONS_OPERATIONAL_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) + @Column(name = "POLICYVIOLATIONS_OPERATIONAL_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsOperationalTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_OPERATIONAL_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) + @Column(name = "POLICYVIOLATIONS_OPERATIONAL_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsOperationalAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_OPERATIONAL_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) + @Column(name = "POLICYVIOLATIONS_OPERATIONAL_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) private Integer policyViolationsOperationalUnaudited; @Persistent From fb9e312b890fe143b673cbc2abf90f769f7451ce Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Fri, 12 Apr 2024 15:38:11 -0400 Subject: [PATCH 05/16] feat: violation state audited/unaudited by state Signed-off-by: Adam Setch --- .../model/PortfolioMetrics.java | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/main/java/org/dependencytrack/model/PortfolioMetrics.java b/src/main/java/org/dependencytrack/model/PortfolioMetrics.java index d0e4fbc8eb..dc76c09c31 100644 --- a/src/main/java/org/dependencytrack/model/PortfolioMetrics.java +++ b/src/main/java/org/dependencytrack/model/PortfolioMetrics.java @@ -116,20 +116,20 @@ public class PortfolioMetrics implements Serializable { private double inheritedRiskScore; @Persistent - @Column(name = "POLICYVIOLATIONS_FAILL", allowsNull = "true") // New column, must allow nulls on existing databases) + @Column(name = "POLICYVIOLATIONS_FAIL", allowsNull = "true") // New column, must allow nulls on existing databases) @Deprecated private Integer policyViolationsFail; @Persistent - @Column(name = "POLICYVIOLATIONS_FAIL_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_FAIL_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsFailTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_FAIL_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_FAIL_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsFailAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_FAIL_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_FAIL_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsFailUnaudited; @Persistent @@ -138,15 +138,15 @@ public class PortfolioMetrics implements Serializable { private Integer policyViolationsWarn; @Persistent - @Column(name = "POLICYVIOLATIONS_WARN_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_WARN_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsWarnTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_WARN_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_WARN_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsWarnAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_WARN_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_WARN_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsWarnUnaudited; @Persistent @@ -155,15 +155,15 @@ public class PortfolioMetrics implements Serializable { private Integer policyViolationsInfo; @Persistent - @Column(name = "POLICYVIOLATIONS_INFO_TOTAL", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_INFO_TOTAL", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsInfoTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_INFO_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_INFO_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsInfoAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_INFO_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_INFO_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsInfoUnaudited; @Persistent From 79741c787daec2aaa46a0cd8cdf25139de73636b Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Fri, 12 Apr 2024 15:39:03 -0400 Subject: [PATCH 06/16] feat: violation state audited/unaudited by state Signed-off-by: Adam Setch --- src/main/java/org/dependencytrack/model/ProjectMetrics.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/dependencytrack/model/ProjectMetrics.java b/src/main/java/org/dependencytrack/model/ProjectMetrics.java index 88c4328191..03bbaed4f8 100644 --- a/src/main/java/org/dependencytrack/model/ProjectMetrics.java +++ b/src/main/java/org/dependencytrack/model/ProjectMetrics.java @@ -112,7 +112,7 @@ public class ProjectMetrics implements Serializable { private double inheritedRiskScore; @Persistent - @Column(name = "POLICYVIOLATIONS_FAILL", allowsNull = "true") // New column, must allow nulls on existing databases) + @Column(name = "POLICYVIOLATIONS_FAIL", allowsNull = "true") // New column, must allow nulls on existing databases) @Deprecated private Integer policyViolationsFail; @@ -167,11 +167,11 @@ public class ProjectMetrics implements Serializable { private Integer policyViolationsTotal; @Persistent - @Column(name = "POLICYVIOLATIONS_AUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_AUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsAudited; @Persistent - @Column(name = "POLICYVIOLATIONS_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing data bases) + @Column(name = "POLICYVIOLATIONS_UNAUDITED", allowsNull = "true") // New column, must allow nulls on existing databases) private Integer policyViolationsUnaudited; @Persistent From 1357961d6af1bf21a2faf10e89225caf78183b23 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Fri, 12 Apr 2024 15:51:29 -0400 Subject: [PATCH 07/16] feat: violation state audited/unaudited by state Signed-off-by: Adam Setch --- .../metrics/ComponentMetricsUpdateTask.java | 5 +- .../tasks/metrics/Counters.java | 228 +++++++++--------- 2 files changed, 123 insertions(+), 110 deletions(-) diff --git a/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java b/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java index f3cf4960fb..46f816bade 100644 --- a/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java +++ b/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java @@ -252,7 +252,8 @@ private static long getTotalAuditedPolicyViolationsByType(final PersistenceManag // FIXME - Adam - this is throwing nulls private static long getTotalAuditedPolicyViolationsByState(final PersistenceManager pm, final Component component, final Policy.ViolationState violationState) throws Exception { - try (final Query query = pm.newQuery(ViolationAnalysis.class)) { + return 0l; + /*try (final Query query = pm.newQuery(ViolationAnalysis.class)) { query.setFilter(""" component == :component && suppressed == false && @@ -262,7 +263,7 @@ private static long getTotalAuditedPolicyViolationsByState(final PersistenceMana query.setParameters(component, ViolationAnalysisState.NOT_SET, violationState); query.setResult("count(this)"); return query.executeResultUnique(Long.class); - } + }*/ } public record PolicyViolationProjection(Enum type, Enum violationState) { diff --git a/src/main/java/org/dependencytrack/tasks/metrics/Counters.java b/src/main/java/org/dependencytrack/tasks/metrics/Counters.java index 5ed2920f1e..32ca7f3ff6 100644 --- a/src/main/java/org/dependencytrack/tasks/metrics/Counters.java +++ b/src/main/java/org/dependencytrack/tasks/metrics/Counters.java @@ -113,12 +113,15 @@ ProjectMetrics createProjectMetrics(final Project project) { metrics.setFindingsAudited(this.findingsAudited); metrics.setFindingsUnaudited(this.findingsUnaudited); metrics.setInheritedRiskScore(this.inheritedRiskScore); + metrics.setPolicyViolationsFail(this.policyViolationsFailTotal); metrics.setPolicyViolationsFailTotal(this.policyViolationsFailTotal); metrics.setPolicyViolationsFailAudited(this.policyViolationsFailAudited); metrics.setPolicyViolationsFailUnaudited(this.policyViolationsFailUnaudited); + metrics.setPolicyViolationsWarn(this.policyViolationsWarnTotal); metrics.setPolicyViolationsWarnTotal(this.policyViolationsWarnTotal); metrics.setPolicyViolationsWarnAudited(this.policyViolationsWarnAudited); metrics.setPolicyViolationsWarnUnaudited(this.policyViolationsWarnUnaudited); + metrics.setPolicyViolationsInfo(this.policyViolationsInfoTotal); metrics.setPolicyViolationsInfoTotal(this.policyViolationsInfoTotal); metrics.setPolicyViolationsInfoAudited(this.policyViolationsInfoAudited); metrics.setPolicyViolationsInfoUnaudited(this.policyViolationsInfoUnaudited); @@ -156,12 +159,15 @@ PortfolioMetrics createPortfolioMetrics() { metrics.setProjects(this.projects); metrics.setVulnerableProjects(this.vulnerableProjects); metrics.setInheritedRiskScore(this.inheritedRiskScore); + metrics.setPolicyViolationsFail(this.policyViolationsFailTotal); metrics.setPolicyViolationsFailTotal(this.policyViolationsFailTotal); metrics.setPolicyViolationsFailAudited(this.policyViolationsFailAudited); metrics.setPolicyViolationsFailUnaudited(this.policyViolationsFailUnaudited); + metrics.setPolicyViolationsWarn(this.policyViolationsWarnTotal); metrics.setPolicyViolationsWarnTotal(this.policyViolationsWarnTotal); metrics.setPolicyViolationsWarnAudited(this.policyViolationsWarnAudited); metrics.setPolicyViolationsWarnUnaudited(this.policyViolationsWarnUnaudited); + metrics.setPolicyViolationsInfo(this.policyViolationsInfoTotal); metrics.setPolicyViolationsInfoTotal(this.policyViolationsInfoTotal); metrics.setPolicyViolationsInfoAudited(this.policyViolationsInfoAudited); metrics.setPolicyViolationsInfoUnaudited(this.policyViolationsInfoUnaudited); @@ -183,120 +189,126 @@ PortfolioMetrics createPortfolioMetrics() { } boolean hasChanged(final DependencyMetrics comparedTo) { - return true; -// return comparedTo == null -// || comparedTo.getCritical() != this.critical -// || comparedTo.getHigh() != this.high -// || comparedTo.getMedium() != this.medium -// || comparedTo.getLow() != this.low -// || comparedTo.getUnassigned() != this.unassigned -// || comparedTo.getVulnerabilities() != this.vulnerabilities -// || comparedTo.getSuppressed() != this.suppressions -// || comparedTo.getFindingsTotal() != this.findingsTotal -// || comparedTo.getFindingsAudited() != this.findingsAudited -// || comparedTo.getFindingsUnaudited() != this.findingsUnaudited -// || comparedTo.getInheritedRiskScore() != this.inheritedRiskScore -// || comparedTo.getPolicyViolationsFailTotal() != this.policyViolationsFailTotal -// || comparedTo.getPolicyViolationsFailAudited() != this.policyViolationsFailAudited -// || comparedTo.getPolicyViolationsFailUnaudited() != this.policyViolationsFailUnaudited -// || comparedTo.getPolicyViolationsWarnTotal() != this.policyViolationsWarnTotal -// || comparedTo.getPolicyViolationsWarnAudited() != this.policyViolationsWarnAudited -// || comparedTo.getPolicyViolationsWarnUnaudited() != this.policyViolationsWarnUnaudited -// || comparedTo.getPolicyViolationsInfoTotal() != this.policyViolationsInfoTotal -// || comparedTo.getPolicyViolationsInfoAudited() != this.policyViolationsInfoAudited -// || comparedTo.getPolicyViolationsInfoUnaudited() != this.policyViolationsInfoUnaudited -// || comparedTo.getPolicyViolationsTotal() != this.policyViolationsTotal -// || comparedTo.getPolicyViolationsAudited() != this.policyViolationsAudited -// || comparedTo.getPolicyViolationsUnaudited() != this.policyViolationsUnaudited -// || comparedTo.getPolicyViolationsSecurityTotal() != this.policyViolationsSecurityTotal -// || comparedTo.getPolicyViolationsSecurityAudited() != this.policyViolationsSecurityAudited -// || comparedTo.getPolicyViolationsSecurityUnaudited() != this.policyViolationsSecurityUnaudited -// || comparedTo.getPolicyViolationsLicenseTotal() != this.policyViolationsLicenseTotal -// || comparedTo.getPolicyViolationsLicenseAudited() != this.policyViolationsLicenseAudited -// || comparedTo.getPolicyViolationsLicenseUnaudited() != this.policyViolationsLicenseUnaudited -// || comparedTo.getPolicyViolationsOperationalTotal() != this.policyViolationsOperationalTotal -// || comparedTo.getPolicyViolationsOperationalAudited() != this.policyViolationsOperationalAudited -// || comparedTo.getPolicyViolationsOperationalUnaudited() != this.policyViolationsOperationalUnaudited; + return comparedTo == null + || comparedTo.getCritical() != this.critical + || comparedTo.getHigh() != this.high + || comparedTo.getMedium() != this.medium + || comparedTo.getLow() != this.low + || comparedTo.getUnassigned() != this.unassigned + || comparedTo.getVulnerabilities() != this.vulnerabilities + || comparedTo.getSuppressed() != this.suppressions + || comparedTo.getFindingsTotal() != this.findingsTotal + || comparedTo.getFindingsAudited() != this.findingsAudited + || comparedTo.getFindingsUnaudited() != this.findingsUnaudited + || comparedTo.getInheritedRiskScore() != this.inheritedRiskScore + || comparedTo.getPolicyViolationsFail() != this.policyViolationsFailTotal + || comparedTo.getPolicyViolationsFailTotal() != this.policyViolationsFailTotal + || comparedTo.getPolicyViolationsFailAudited() != this.policyViolationsFailAudited + || comparedTo.getPolicyViolationsFailUnaudited() != this.policyViolationsFailUnaudited + || comparedTo.getPolicyViolationsWarn() != this.policyViolationsWarnTotal + || comparedTo.getPolicyViolationsWarnTotal() != this.policyViolationsWarnTotal + || comparedTo.getPolicyViolationsWarnAudited() != this.policyViolationsWarnAudited + || comparedTo.getPolicyViolationsWarnUnaudited() != this.policyViolationsWarnUnaudited + || comparedTo.getPolicyViolationsInfo() != this.policyViolationsInfoTotal + || comparedTo.getPolicyViolationsInfoTotal() != this.policyViolationsInfoTotal + || comparedTo.getPolicyViolationsInfoAudited() != this.policyViolationsInfoAudited + || comparedTo.getPolicyViolationsInfoUnaudited() != this.policyViolationsInfoUnaudited + || comparedTo.getPolicyViolationsTotal() != this.policyViolationsTotal + || comparedTo.getPolicyViolationsAudited() != this.policyViolationsAudited + || comparedTo.getPolicyViolationsUnaudited() != this.policyViolationsUnaudited + || comparedTo.getPolicyViolationsSecurityTotal() != this.policyViolationsSecurityTotal + || comparedTo.getPolicyViolationsSecurityAudited() != this.policyViolationsSecurityAudited + || comparedTo.getPolicyViolationsSecurityUnaudited() != this.policyViolationsSecurityUnaudited + || comparedTo.getPolicyViolationsLicenseTotal() != this.policyViolationsLicenseTotal + || comparedTo.getPolicyViolationsLicenseAudited() != this.policyViolationsLicenseAudited + || comparedTo.getPolicyViolationsLicenseUnaudited() != this.policyViolationsLicenseUnaudited + || comparedTo.getPolicyViolationsOperationalTotal() != this.policyViolationsOperationalTotal + || comparedTo.getPolicyViolationsOperationalAudited() != this.policyViolationsOperationalAudited + || comparedTo.getPolicyViolationsOperationalUnaudited() != this.policyViolationsOperationalUnaudited; } boolean hasChanged(final ProjectMetrics comparedTo) { - return true; -// return comparedTo == null -// || comparedTo.getCritical() != this.critical -// || comparedTo.getHigh() != this.high -// || comparedTo.getMedium() != this.medium -// || comparedTo.getLow() != this.low -// || comparedTo.getUnassigned() != this.unassigned -// || comparedTo.getVulnerabilities() != this.vulnerabilities -// || comparedTo.getSuppressed() != this.suppressions -// || comparedTo.getFindingsTotal() != this.findingsTotal -// || comparedTo.getFindingsAudited() != this.findingsAudited -// || comparedTo.getFindingsUnaudited() != this.findingsUnaudited -// || comparedTo.getInheritedRiskScore() != this.inheritedRiskScore -// || comparedTo.getPolicyViolationsFailTotal() != this.policyViolationsFailTotal -// || comparedTo.getPolicyViolationsFailAudited() != this.policyViolationsFailAudited -// || comparedTo.getPolicyViolationsFailUnaudited() != this.policyViolationsFailUnaudited -// || comparedTo.getPolicyViolationsWarnTotal() != this.policyViolationsWarnTotal -// || comparedTo.getPolicyViolationsWarnAudited() != this.policyViolationsWarnAudited -// || comparedTo.getPolicyViolationsWarnUnaudited() != this.policyViolationsWarnUnaudited -// || comparedTo.getPolicyViolationsInfoTotal() != this.policyViolationsInfoTotal -// || comparedTo.getPolicyViolationsInfoAudited() != this.policyViolationsInfoAudited -// || comparedTo.getPolicyViolationsInfoUnaudited() != this.policyViolationsInfoUnaudited -// || comparedTo.getPolicyViolationsTotal() != this.policyViolationsTotal -// || comparedTo.getPolicyViolationsAudited() != this.policyViolationsAudited -// || comparedTo.getPolicyViolationsUnaudited() != this.policyViolationsUnaudited -// || comparedTo.getPolicyViolationsSecurityTotal() != this.policyViolationsSecurityTotal -// || comparedTo.getPolicyViolationsSecurityAudited() != this.policyViolationsSecurityAudited -// || comparedTo.getPolicyViolationsSecurityUnaudited() != this.policyViolationsSecurityUnaudited -// || comparedTo.getPolicyViolationsLicenseTotal() != this.policyViolationsLicenseTotal -// || comparedTo.getPolicyViolationsLicenseAudited() != this.policyViolationsLicenseAudited -// || comparedTo.getPolicyViolationsLicenseUnaudited() != this.policyViolationsLicenseUnaudited -// || comparedTo.getPolicyViolationsOperationalTotal() != this.policyViolationsOperationalTotal -// || comparedTo.getPolicyViolationsOperationalAudited() != this.policyViolationsOperationalAudited -// || comparedTo.getPolicyViolationsOperationalUnaudited() != this.policyViolationsOperationalUnaudited -// || comparedTo.getComponents() != this.components -// || comparedTo.getVulnerableComponents() != this.vulnerableComponents; + return comparedTo == null + || comparedTo.getCritical() != this.critical + || comparedTo.getHigh() != this.high + || comparedTo.getMedium() != this.medium + || comparedTo.getLow() != this.low + || comparedTo.getUnassigned() != this.unassigned + || comparedTo.getVulnerabilities() != this.vulnerabilities + || comparedTo.getSuppressed() != this.suppressions + || comparedTo.getFindingsTotal() != this.findingsTotal + || comparedTo.getFindingsAudited() != this.findingsAudited + || comparedTo.getFindingsUnaudited() != this.findingsUnaudited + || comparedTo.getInheritedRiskScore() != this.inheritedRiskScore + || comparedTo.getPolicyViolationsFail() != this.policyViolationsFailTotal + || comparedTo.getPolicyViolationsFailTotal() != this.policyViolationsFailTotal + || comparedTo.getPolicyViolationsFailAudited() != this.policyViolationsFailAudited + || comparedTo.getPolicyViolationsFailUnaudited() != this.policyViolationsFailUnaudited + || comparedTo.getPolicyViolationsWarn() != this.policyViolationsWarnTotal + || comparedTo.getPolicyViolationsWarnTotal() != this.policyViolationsWarnTotal + || comparedTo.getPolicyViolationsWarnAudited() != this.policyViolationsWarnAudited + || comparedTo.getPolicyViolationsWarnUnaudited() != this.policyViolationsWarnUnaudited + || comparedTo.getPolicyViolationsInfo() != this.policyViolationsInfoTotal + || comparedTo.getPolicyViolationsInfoTotal() != this.policyViolationsInfoTotal + || comparedTo.getPolicyViolationsInfoAudited() != this.policyViolationsInfoAudited + || comparedTo.getPolicyViolationsInfoUnaudited() != this.policyViolationsInfoUnaudited + || comparedTo.getPolicyViolationsTotal() != this.policyViolationsTotal + || comparedTo.getPolicyViolationsAudited() != this.policyViolationsAudited + || comparedTo.getPolicyViolationsUnaudited() != this.policyViolationsUnaudited + || comparedTo.getPolicyViolationsSecurityTotal() != this.policyViolationsSecurityTotal + || comparedTo.getPolicyViolationsSecurityAudited() != this.policyViolationsSecurityAudited + || comparedTo.getPolicyViolationsSecurityUnaudited() != this.policyViolationsSecurityUnaudited + || comparedTo.getPolicyViolationsLicenseTotal() != this.policyViolationsLicenseTotal + || comparedTo.getPolicyViolationsLicenseAudited() != this.policyViolationsLicenseAudited + || comparedTo.getPolicyViolationsLicenseUnaudited() != this.policyViolationsLicenseUnaudited + || comparedTo.getPolicyViolationsOperationalTotal() != this.policyViolationsOperationalTotal + || comparedTo.getPolicyViolationsOperationalAudited() != this.policyViolationsOperationalAudited + || comparedTo.getPolicyViolationsOperationalUnaudited() != this.policyViolationsOperationalUnaudited + || comparedTo.getComponents() != this.components + || comparedTo.getVulnerableComponents() != this.vulnerableComponents; } boolean hasChanged(final PortfolioMetrics comparedTo) { - return true; -// return comparedTo == null -// || comparedTo.getCritical() != this.critical -// || comparedTo.getHigh() != this.high -// || comparedTo.getMedium() != this.medium -// || comparedTo.getLow() != this.low -// || comparedTo.getUnassigned() != this.unassigned -// || comparedTo.getVulnerabilities() != this.vulnerabilities -// || comparedTo.getInheritedRiskScore() != this.inheritedRiskScore -// || comparedTo.getPolicyViolationsFailTotal() != this.policyViolationsFailTotal -// || comparedTo.getPolicyViolationsFailAudited() != this.policyViolationsFailAudited -// || comparedTo.getPolicyViolationsFailUnaudited() != this.policyViolationsFailUnaudited -// || comparedTo.getPolicyViolationsWarnTotal() != this.policyViolationsWarnTotal -// || comparedTo.getPolicyViolationsWarnAudited() != this.policyViolationsWarnAudited -// || comparedTo.getPolicyViolationsWarnUnaudited() != this.policyViolationsWarnUnaudited -// || comparedTo.getPolicyViolationsInfoTotal() != this.policyViolationsInfoTotal -// || comparedTo.getPolicyViolationsInfoAudited() != this.policyViolationsInfoAudited -// || comparedTo.getPolicyViolationsInfoUnaudited() != this.policyViolationsInfoUnaudited -// || comparedTo.getPolicyViolationsTotal() != this.policyViolationsTotal -// || comparedTo.getPolicyViolationsAudited() != this.policyViolationsAudited -// || comparedTo.getPolicyViolationsUnaudited() != this.policyViolationsUnaudited -// || comparedTo.getPolicyViolationsSecurityTotal() != this.policyViolationsSecurityTotal -// || comparedTo.getPolicyViolationsSecurityAudited() != this.policyViolationsSecurityAudited -// || comparedTo.getPolicyViolationsSecurityUnaudited() != this.policyViolationsSecurityUnaudited -// || comparedTo.getPolicyViolationsLicenseTotal() != this.policyViolationsLicenseTotal -// || comparedTo.getPolicyViolationsLicenseAudited() != this.policyViolationsLicenseAudited -// || comparedTo.getPolicyViolationsLicenseUnaudited() != this.policyViolationsLicenseUnaudited -// || comparedTo.getPolicyViolationsOperationalTotal() != this.policyViolationsOperationalTotal -// || comparedTo.getPolicyViolationsOperationalAudited() != this.policyViolationsOperationalAudited -// || comparedTo.getPolicyViolationsOperationalUnaudited() != this.policyViolationsOperationalUnaudited -// || comparedTo.getComponents() != this.components -// || comparedTo.getVulnerableComponents() != this.vulnerableComponents -// || comparedTo.getSuppressed() != this.suppressions -// || comparedTo.getFindingsTotal() != this.findingsTotal -// || comparedTo.getFindingsAudited() != this.findingsAudited -// || comparedTo.getFindingsUnaudited() != this.findingsUnaudited -// || comparedTo.getProjects() != this.projects -// || comparedTo.getVulnerableProjects() != this.vulnerableProjects; + return comparedTo == null + || comparedTo.getCritical() != this.critical + || comparedTo.getHigh() != this.high + || comparedTo.getMedium() != this.medium + || comparedTo.getLow() != this.low + || comparedTo.getUnassigned() != this.unassigned + || comparedTo.getVulnerabilities() != this.vulnerabilities + || comparedTo.getInheritedRiskScore() != this.inheritedRiskScore + || comparedTo.getPolicyViolationsFail() != this.policyViolationsFailTotal + || comparedTo.getPolicyViolationsFailTotal() != this.policyViolationsFailTotal + || comparedTo.getPolicyViolationsFailAudited() != this.policyViolationsFailAudited + || comparedTo.getPolicyViolationsFailUnaudited() != this.policyViolationsFailUnaudited + || comparedTo.getPolicyViolationsWarn() != this.policyViolationsWarnTotal + || comparedTo.getPolicyViolationsWarnTotal() != this.policyViolationsWarnTotal + || comparedTo.getPolicyViolationsWarnAudited() != this.policyViolationsWarnAudited + || comparedTo.getPolicyViolationsWarnUnaudited() != this.policyViolationsWarnUnaudited + || comparedTo.getPolicyViolationsInfo() != this.policyViolationsInfoTotal + || comparedTo.getPolicyViolationsInfoTotal() != this.policyViolationsInfoTotal + || comparedTo.getPolicyViolationsInfoAudited() != this.policyViolationsInfoAudited + || comparedTo.getPolicyViolationsInfoUnaudited() != this.policyViolationsInfoUnaudited + || comparedTo.getPolicyViolationsTotal() != this.policyViolationsTotal + || comparedTo.getPolicyViolationsAudited() != this.policyViolationsAudited + || comparedTo.getPolicyViolationsUnaudited() != this.policyViolationsUnaudited + || comparedTo.getPolicyViolationsSecurityTotal() != this.policyViolationsSecurityTotal + || comparedTo.getPolicyViolationsSecurityAudited() != this.policyViolationsSecurityAudited + || comparedTo.getPolicyViolationsSecurityUnaudited() != this.policyViolationsSecurityUnaudited + || comparedTo.getPolicyViolationsLicenseTotal() != this.policyViolationsLicenseTotal + || comparedTo.getPolicyViolationsLicenseAudited() != this.policyViolationsLicenseAudited + || comparedTo.getPolicyViolationsLicenseUnaudited() != this.policyViolationsLicenseUnaudited + || comparedTo.getPolicyViolationsOperationalTotal() != this.policyViolationsOperationalTotal + || comparedTo.getPolicyViolationsOperationalAudited() != this.policyViolationsOperationalAudited + || comparedTo.getPolicyViolationsOperationalUnaudited() != this.policyViolationsOperationalUnaudited + || comparedTo.getComponents() != this.components + || comparedTo.getVulnerableComponents() != this.vulnerableComponents + || comparedTo.getSuppressed() != this.suppressions + || comparedTo.getFindingsTotal() != this.findingsTotal + || comparedTo.getFindingsAudited() != this.findingsAudited + || comparedTo.getFindingsUnaudited() != this.findingsUnaudited + || comparedTo.getProjects() != this.projects + || comparedTo.getVulnerableProjects() != this.vulnerableProjects; } } From 5c550666518987e60228ec1bce6b3ab574f07ec1 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Fri, 12 Apr 2024 22:30:34 -0400 Subject: [PATCH 08/16] feat: violation state audited/unaudited by state Signed-off-by: Adam Setch --- .../model/DependencyMetrics.java | 18 +-- .../model/PortfolioMetrics.java | 18 +-- .../dependencytrack/model/ProjectMetrics.java | 21 +-- .../metrics/ComponentMetricsUpdateTask.java | 120 ++++++++---------- .../tasks/metrics/Counters.java | 9 -- 5 files changed, 62 insertions(+), 124 deletions(-) diff --git a/src/main/java/org/dependencytrack/model/DependencyMetrics.java b/src/main/java/org/dependencytrack/model/DependencyMetrics.java index b3d2297ecb..7abfae51dc 100644 --- a/src/main/java/org/dependencytrack/model/DependencyMetrics.java +++ b/src/main/java/org/dependencytrack/model/DependencyMetrics.java @@ -328,11 +328,7 @@ public void setInheritedRiskScore(double inheritedRiskScore) { } public int getPolicyViolationsFail() { - return policyViolationsFail; - } - - public void setPolicyViolationsFail(int policyViolationsFail) { - this.policyViolationsFail = policyViolationsFail; + return policyViolationsFailTotal; } public int getPolicyViolationsFailTotal() { @@ -360,11 +356,7 @@ public void setPolicyViolationsFailUnaudited(int policyViolationsFailUnaudited) } public int getPolicyViolationsWarn() { - return policyViolationsWarn; - } - - public void setPolicyViolationsWarn(int policyViolationsWarn) { - this.policyViolationsWarn = policyViolationsWarn; + return policyViolationsWarnTotal; } public int getPolicyViolationsWarnTotal() { @@ -392,11 +384,7 @@ public void setPolicyViolationsWarnUnaudited(int policyViolationsWarnUnaudited) } public int getPolicyViolationsInfo() { - return policyViolationsInfo; - } - - public void setPolicyViolationsInfo(int policyViolationsInfo) { - this.policyViolationsInfo = policyViolationsInfo; + return policyViolationsInfoTotal; } public int getPolicyViolationsInfoTotal() { diff --git a/src/main/java/org/dependencytrack/model/PortfolioMetrics.java b/src/main/java/org/dependencytrack/model/PortfolioMetrics.java index dc76c09c31..5e7a68d57b 100644 --- a/src/main/java/org/dependencytrack/model/PortfolioMetrics.java +++ b/src/main/java/org/dependencytrack/model/PortfolioMetrics.java @@ -357,11 +357,7 @@ public void setInheritedRiskScore(double inheritedRiskScore) { } public int getPolicyViolationsFail() { - return policyViolationsFail; - } - - public void setPolicyViolationsFail(int policyViolationsFail) { - this.policyViolationsFail = policyViolationsFail; + return policyViolationsFailTotal; } public int getPolicyViolationsFailTotal() { @@ -389,11 +385,7 @@ public void setPolicyViolationsFailUnaudited(int policyViolationsFailUnaudited) } public int getPolicyViolationsWarn() { - return policyViolationsWarn; - } - - public void setPolicyViolationsWarn(int policyViolationsWarn) { - this.policyViolationsWarn = policyViolationsWarn; + return policyViolationsWarnTotal; } public int getPolicyViolationsWarnTotal() { @@ -421,11 +413,7 @@ public void setPolicyViolationsWarnUnaudited(int policyViolationsWarnUnaudited) } public int getPolicyViolationsInfo() { - return policyViolationsInfo; - } - - public void setPolicyViolationsInfo(int policyViolationsInfo) { - this.policyViolationsInfo = policyViolationsInfo; + return policyViolationsInfoTotal; } public int getPolicyViolationsInfoTotal() { diff --git a/src/main/java/org/dependencytrack/model/ProjectMetrics.java b/src/main/java/org/dependencytrack/model/ProjectMetrics.java index 03bbaed4f8..36566e4474 100644 --- a/src/main/java/org/dependencytrack/model/ProjectMetrics.java +++ b/src/main/java/org/dependencytrack/model/ProjectMetrics.java @@ -344,12 +344,9 @@ public void setInheritedRiskScore(double inheritedRiskScore) { this.inheritedRiskScore = inheritedRiskScore; } + @Deprecated public int getPolicyViolationsFail() { - return policyViolationsFail; - } - - public void setPolicyViolationsFail(int policyViolationsFail) { - this.policyViolationsFail = policyViolationsFail; + return policyViolationsFailUnaudited; } public int getPolicyViolationsFailTotal() { @@ -376,12 +373,9 @@ public void setPolicyViolationsFailUnaudited(int policyViolationsFailUnaudited) this.policyViolationsFailUnaudited = policyViolationsFailUnaudited; } + @Deprecated public int getPolicyViolationsWarn() { - return policyViolationsWarn; - } - - public void setPolicyViolationsWarn(int policyViolationsWarn) { - this.policyViolationsWarn = policyViolationsWarn; + return policyViolationsWarnUnaudited; } public int getPolicyViolationsWarnTotal() { @@ -408,12 +402,9 @@ public void setPolicyViolationsWarnUnaudited(int policyViolationsWarnUnaudited) this.policyViolationsWarnUnaudited = policyViolationsWarnUnaudited; } + @Deprecated public int getPolicyViolationsInfo() { - return policyViolationsInfo; - } - - public void setPolicyViolationsInfo(int policyViolationsInfo) { - this.policyViolationsInfo = policyViolationsInfo; + return policyViolationsInfoUnaudited; } public int getPolicyViolationsInfoTotal() { diff --git a/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java b/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java index 46f816bade..13dc3766e6 100644 --- a/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java +++ b/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java @@ -115,51 +115,61 @@ static Counters updateMetrics(final UUID uuid) throws Exception { for (final PolicyViolationProjection violation : getPolicyViolations(pm, component)) { counters.policyViolationsTotal++; + if (violation.suppressed == null || !violation.suppressed) { + counters.policyViolationsUnaudited++; + } + switch (PolicyViolation.Type.valueOf(violation.type().name())) { - case LICENSE -> counters.policyViolationsLicenseTotal++; - case OPERATIONAL -> counters.policyViolationsOperationalTotal++; - case SECURITY -> counters.policyViolationsSecurityTotal++; + case LICENSE -> { + counters.policyViolationsLicenseTotal++; + if (violation.suppressed == null || !violation.suppressed) { + counters.policyViolationsLicenseUnaudited++; + } + } + case OPERATIONAL -> { + counters.policyViolationsOperationalTotal++; + if (violation.suppressed == null || !violation.suppressed) { + counters.policyViolationsOperationalUnaudited++; + } + } + case SECURITY -> { + counters.policyViolationsSecurityTotal++; + if (violation.suppressed == null || !violation.suppressed) { + counters.policyViolationsSecurityUnaudited++; + } + } } switch (Policy.ViolationState.valueOf(violation.violationState().name())) { - case FAIL -> counters.policyViolationsFailTotal++; - case WARN -> counters.policyViolationsWarnTotal++; - case INFO -> counters.policyViolationsInfoTotal++; + case FAIL -> { + counters.policyViolationsFailTotal++; + if (violation.suppressed == null || !violation.suppressed) { + counters.policyViolationsFailUnaudited++; + } + } + case WARN -> { + counters.policyViolationsWarnTotal++; + if (violation.suppressed == null || !violation.suppressed) { + counters.policyViolationsWarnUnaudited++; + } + } + case INFO -> { + counters.policyViolationsInfoTotal++; + if (violation.suppressed == null || !violation.suppressed) { + counters.policyViolationsInfoUnaudited++; + } + } } - } - if (counters.policyViolationsLicenseTotal > 0) { - counters.policyViolationsLicenseAudited = toIntExact(getTotalAuditedPolicyViolationsByType(pm, component, PolicyViolation.Type.LICENSE)); - counters.policyViolationsLicenseUnaudited = counters.policyViolationsLicenseTotal - counters.policyViolationsLicenseAudited; - } - if (counters.policyViolationsOperationalTotal > 0) { - counters.policyViolationsOperationalAudited = toIntExact(getTotalAuditedPolicyViolationsByType(pm, component, PolicyViolation.Type.OPERATIONAL)); - counters.policyViolationsOperationalUnaudited = counters.policyViolationsOperationalTotal - counters.policyViolationsOperationalAudited; - } - if (counters.policyViolationsSecurityTotal > 0) { - counters.policyViolationsSecurityAudited = toIntExact(getTotalAuditedPolicyViolationsByType(pm, component, PolicyViolation.Type.SECURITY)); - counters.policyViolationsSecurityUnaudited = counters.policyViolationsSecurityTotal - counters.policyViolationsSecurityAudited; - } + counters.policyViolationsAudited = counters.policyViolationsTotal - counters.policyViolationsUnaudited; + counters.policyViolationsLicenseAudited = counters.policyViolationsLicenseTotal - counters.policyViolationsLicenseUnaudited; + counters.policyViolationsOperationalAudited = counters.policyViolationsOperationalTotal - counters.policyViolationsOperationalUnaudited; + counters.policyViolationsSecurityAudited = counters.policyViolationsSecurityTotal - counters.policyViolationsSecurityUnaudited; + counters.policyViolationsFailAudited = counters.policyViolationsFailTotal - counters.policyViolationsFailUnaudited; + counters.policyViolationsWarnAudited = counters.policyViolationsWarnTotal - counters.policyViolationsWarnUnaudited; + counters.policyViolationsInfoAudited = counters.policyViolationsInfoTotal - counters.policyViolationsInfoUnaudited; - // FIXME - Adam need to get the correct count for audited - if (counters.policyViolationsFailTotal > 0) { - counters.policyViolationsFailAudited = toIntExact(getTotalAuditedPolicyViolationsByState(pm, component, Policy.ViolationState.FAIL)); - counters.policyViolationsFailUnaudited = counters.policyViolationsFailTotal - counters.policyViolationsFailAudited; - } - if (counters.policyViolationsWarnTotal > 0) { - counters.policyViolationsWarnAudited = toIntExact(getTotalAuditedPolicyViolationsByState(pm, component, Policy.ViolationState.WARN)); - counters.policyViolationsWarnUnaudited = counters.policyViolationsWarnTotal - counters.policyViolationsWarnAudited; - } - if (counters.policyViolationsInfoTotal > 0) { - counters.policyViolationsInfoAudited = toIntExact(getTotalAuditedPolicyViolationsByState(pm, component, Policy.ViolationState.INFO)); - counters.policyViolationsInfoUnaudited = counters.policyViolationsInfoTotal - counters.policyViolationsInfoAudited; - } - - counters.policyViolationsAudited = counters.policyViolationsLicenseAudited + - counters.policyViolationsOperationalAudited + - counters.policyViolationsSecurityAudited; - counters.policyViolationsUnaudited = counters.policyViolationsTotal - counters.policyViolationsAudited; qm.runInTransaction(() -> { final DependencyMetrics latestMetrics = qm.getMostRecentDependencyMetrics(component); @@ -229,44 +239,14 @@ private static long getTotalSuppressedFindings(final PersistenceManager pm, fina private static List getPolicyViolations(final PersistenceManager pm, final Component component) throws Exception { try (final Query query = pm.newQuery(PolicyViolation.class)) { - query.setFilter("component == :component && (analysis == null || analysis.suppressed == false)"); + query.setFilter("component == :component"); query.setParameters(component); - query.setResult("type, policyCondition.policy.violationState"); + query.setResult("type, policyCondition.policy.violationState, analysis.suppressed"); return List.copyOf(query.executeResultList(PolicyViolationProjection.class)); } } - private static long getTotalAuditedPolicyViolationsByType(final PersistenceManager pm, final Component component, final PolicyViolation.Type violationType) throws Exception { - try (final Query query = pm.newQuery(ViolationAnalysis.class)) { - query.setFilter(""" - component == :component && - suppressed == false && - analysisState != :notSet && - policyViolation.type == :violationType - """); - query.setParameters(component, ViolationAnalysisState.NOT_SET, violationType); - query.setResult("count(this)"); - return query.executeResultUnique(Long.class); - } - } - - // FIXME - Adam - this is throwing nulls - private static long getTotalAuditedPolicyViolationsByState(final PersistenceManager pm, final Component component, final Policy.ViolationState violationState) throws Exception { - return 0l; - /*try (final Query query = pm.newQuery(ViolationAnalysis.class)) { - query.setFilter(""" - component == :component && - suppressed == false && - analysisState != :notSet && - policyViolation.policyCondition.policy.violationState == :violationState - """); - query.setParameters(component, ViolationAnalysisState.NOT_SET, violationState); - query.setResult("count(this)"); - return query.executeResultUnique(Long.class); - }*/ - } - - public record PolicyViolationProjection(Enum type, Enum violationState) { + public record PolicyViolationProjection(Enum type, Enum violationState, Boolean suppressed) { } } diff --git a/src/main/java/org/dependencytrack/tasks/metrics/Counters.java b/src/main/java/org/dependencytrack/tasks/metrics/Counters.java index 32ca7f3ff6..f9c7cd41c1 100644 --- a/src/main/java/org/dependencytrack/tasks/metrics/Counters.java +++ b/src/main/java/org/dependencytrack/tasks/metrics/Counters.java @@ -68,15 +68,12 @@ DependencyMetrics createComponentMetrics(final Component component) { metrics.setFindingsAudited(this.findingsAudited); metrics.setFindingsUnaudited(this.findingsUnaudited); metrics.setInheritedRiskScore(this.inheritedRiskScore); - metrics.setPolicyViolationsFail(this.policyViolationsFailTotal); metrics.setPolicyViolationsFailTotal(this.policyViolationsFailTotal); metrics.setPolicyViolationsFailAudited(this.policyViolationsFailAudited); metrics.setPolicyViolationsFailUnaudited(this.policyViolationsFailUnaudited); - metrics.setPolicyViolationsWarn(this.policyViolationsWarnTotal); metrics.setPolicyViolationsWarnTotal(this.policyViolationsWarnTotal); metrics.setPolicyViolationsWarnAudited(this.policyViolationsWarnAudited); metrics.setPolicyViolationsWarnUnaudited(this.policyViolationsWarnUnaudited); - metrics.setPolicyViolationsInfo(this.policyViolationsInfoTotal); metrics.setPolicyViolationsInfoTotal(this.policyViolationsInfoTotal); metrics.setPolicyViolationsInfoAudited(this.policyViolationsInfoAudited); metrics.setPolicyViolationsInfoUnaudited(this.policyViolationsInfoUnaudited); @@ -113,15 +110,12 @@ ProjectMetrics createProjectMetrics(final Project project) { metrics.setFindingsAudited(this.findingsAudited); metrics.setFindingsUnaudited(this.findingsUnaudited); metrics.setInheritedRiskScore(this.inheritedRiskScore); - metrics.setPolicyViolationsFail(this.policyViolationsFailTotal); metrics.setPolicyViolationsFailTotal(this.policyViolationsFailTotal); metrics.setPolicyViolationsFailAudited(this.policyViolationsFailAudited); metrics.setPolicyViolationsFailUnaudited(this.policyViolationsFailUnaudited); - metrics.setPolicyViolationsWarn(this.policyViolationsWarnTotal); metrics.setPolicyViolationsWarnTotal(this.policyViolationsWarnTotal); metrics.setPolicyViolationsWarnAudited(this.policyViolationsWarnAudited); metrics.setPolicyViolationsWarnUnaudited(this.policyViolationsWarnUnaudited); - metrics.setPolicyViolationsInfo(this.policyViolationsInfoTotal); metrics.setPolicyViolationsInfoTotal(this.policyViolationsInfoTotal); metrics.setPolicyViolationsInfoAudited(this.policyViolationsInfoAudited); metrics.setPolicyViolationsInfoUnaudited(this.policyViolationsInfoUnaudited); @@ -159,15 +153,12 @@ PortfolioMetrics createPortfolioMetrics() { metrics.setProjects(this.projects); metrics.setVulnerableProjects(this.vulnerableProjects); metrics.setInheritedRiskScore(this.inheritedRiskScore); - metrics.setPolicyViolationsFail(this.policyViolationsFailTotal); metrics.setPolicyViolationsFailTotal(this.policyViolationsFailTotal); metrics.setPolicyViolationsFailAudited(this.policyViolationsFailAudited); metrics.setPolicyViolationsFailUnaudited(this.policyViolationsFailUnaudited); - metrics.setPolicyViolationsWarn(this.policyViolationsWarnTotal); metrics.setPolicyViolationsWarnTotal(this.policyViolationsWarnTotal); metrics.setPolicyViolationsWarnAudited(this.policyViolationsWarnAudited); metrics.setPolicyViolationsWarnUnaudited(this.policyViolationsWarnUnaudited); - metrics.setPolicyViolationsInfo(this.policyViolationsInfoTotal); metrics.setPolicyViolationsInfoTotal(this.policyViolationsInfoTotal); metrics.setPolicyViolationsInfoAudited(this.policyViolationsInfoAudited); metrics.setPolicyViolationsInfoUnaudited(this.policyViolationsInfoUnaudited); From 48ffa170212a8708090b548549da5bedfe32cc6b Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Sat, 13 Apr 2024 05:01:44 -0400 Subject: [PATCH 09/16] feat: violation state audited/unaudited by state Signed-off-by: Adam Setch --- .../model/DependencyMetrics.java | 9 ++- .../model/PortfolioMetrics.java | 9 ++- .../metrics/ComponentMetricsUpdateTask.java | 76 +++++++------------ 3 files changed, 41 insertions(+), 53 deletions(-) diff --git a/src/main/java/org/dependencytrack/model/DependencyMetrics.java b/src/main/java/org/dependencytrack/model/DependencyMetrics.java index 7abfae51dc..b41cebef54 100644 --- a/src/main/java/org/dependencytrack/model/DependencyMetrics.java +++ b/src/main/java/org/dependencytrack/model/DependencyMetrics.java @@ -327,8 +327,9 @@ public void setInheritedRiskScore(double inheritedRiskScore) { this.inheritedRiskScore = inheritedRiskScore; } + @Deprecated public int getPolicyViolationsFail() { - return policyViolationsFailTotal; + return policyViolationsFailUnaudited; } public int getPolicyViolationsFailTotal() { @@ -355,8 +356,9 @@ public void setPolicyViolationsFailUnaudited(int policyViolationsFailUnaudited) this.policyViolationsFailUnaudited = policyViolationsFailUnaudited; } + @Deprecated public int getPolicyViolationsWarn() { - return policyViolationsWarnTotal; + return policyViolationsWarnUnaudited; } public int getPolicyViolationsWarnTotal() { @@ -383,8 +385,9 @@ public void setPolicyViolationsWarnUnaudited(int policyViolationsWarnUnaudited) this.policyViolationsWarnUnaudited = policyViolationsWarnUnaudited; } + @Deprecated public int getPolicyViolationsInfo() { - return policyViolationsInfoTotal; + return policyViolationsInfoUnaudited; } public int getPolicyViolationsInfoTotal() { diff --git a/src/main/java/org/dependencytrack/model/PortfolioMetrics.java b/src/main/java/org/dependencytrack/model/PortfolioMetrics.java index 5e7a68d57b..6a8c41bada 100644 --- a/src/main/java/org/dependencytrack/model/PortfolioMetrics.java +++ b/src/main/java/org/dependencytrack/model/PortfolioMetrics.java @@ -356,8 +356,9 @@ public void setInheritedRiskScore(double inheritedRiskScore) { this.inheritedRiskScore = inheritedRiskScore; } + @Deprecated public int getPolicyViolationsFail() { - return policyViolationsFailTotal; + return policyViolationsFailUnaudited; } public int getPolicyViolationsFailTotal() { @@ -384,8 +385,9 @@ public void setPolicyViolationsFailUnaudited(int policyViolationsFailUnaudited) this.policyViolationsFailUnaudited = policyViolationsFailUnaudited; } + @Deprecated public int getPolicyViolationsWarn() { - return policyViolationsWarnTotal; + return policyViolationsWarnUnaudited; } public int getPolicyViolationsWarnTotal() { @@ -412,8 +414,9 @@ public void setPolicyViolationsWarnUnaudited(int policyViolationsWarnUnaudited) this.policyViolationsWarnUnaudited = policyViolationsWarnUnaudited; } + @Deprecated public int getPolicyViolationsInfo() { - return policyViolationsInfoTotal; + return policyViolationsInfoUnaudited; } public int getPolicyViolationsInfoTotal() { diff --git a/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java b/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java index 13dc3766e6..ad7b43b7c3 100644 --- a/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java +++ b/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java @@ -21,6 +21,7 @@ import alpine.common.logging.Logger; import alpine.event.framework.Event; import alpine.event.framework.Subscriber; +import org.apache.commons.lang3.BooleanUtils; import org.apache.commons.lang3.time.DurationFormatUtils; import org.dependencytrack.event.ComponentMetricsUpdateEvent; import org.dependencytrack.metrics.Metrics; @@ -30,8 +31,6 @@ import org.dependencytrack.model.DependencyMetrics; import org.dependencytrack.model.Policy; import org.dependencytrack.model.PolicyViolation; -import org.dependencytrack.model.ViolationAnalysis; -import org.dependencytrack.model.ViolationAnalysisState; import org.dependencytrack.model.Vulnerability; import org.dependencytrack.model.VulnerabilityAlias; import org.dependencytrack.persistence.QueryManager; @@ -115,60 +114,43 @@ static Counters updateMetrics(final UUID uuid) throws Exception { for (final PolicyViolationProjection violation : getPolicyViolations(pm, component)) { counters.policyViolationsTotal++; - if (violation.suppressed == null || !violation.suppressed) { - counters.policyViolationsUnaudited++; - } - switch (PolicyViolation.Type.valueOf(violation.type().name())) { - case LICENSE -> { - counters.policyViolationsLicenseTotal++; - if (violation.suppressed == null || !violation.suppressed) { - counters.policyViolationsLicenseUnaudited++; - } - } - case OPERATIONAL -> { - counters.policyViolationsOperationalTotal++; - if (violation.suppressed == null || !violation.suppressed) { - counters.policyViolationsOperationalUnaudited++; - } - } - case SECURITY -> { - counters.policyViolationsSecurityTotal++; - if (violation.suppressed == null || !violation.suppressed) { - counters.policyViolationsSecurityUnaudited++; - } - } + case LICENSE -> counters.policyViolationsLicenseTotal++; + case OPERATIONAL -> counters.policyViolationsOperationalTotal++; + case SECURITY -> counters.policyViolationsSecurityTotal++; } switch (Policy.ViolationState.valueOf(violation.violationState().name())) { - case FAIL -> { - counters.policyViolationsFailTotal++; - if (violation.suppressed == null || !violation.suppressed) { - counters.policyViolationsFailUnaudited++; - } - } - case WARN -> { - counters.policyViolationsWarnTotal++; - if (violation.suppressed == null || !violation.suppressed) { - counters.policyViolationsWarnUnaudited++; - } + case FAIL -> counters.policyViolationsFailTotal++; + case WARN -> counters.policyViolationsWarnTotal++; + case INFO -> counters.policyViolationsInfoTotal++; + } + + + if (BooleanUtils.isTrue(violation.suppressed)) { + counters.policyViolationsAudited++; + + switch (PolicyViolation.Type.valueOf(violation.type().name())) { + case LICENSE -> counters.policyViolationsLicenseAudited++; + case OPERATIONAL -> counters.policyViolationsOperationalAudited++; + case SECURITY -> counters.policyViolationsSecurityAudited++; } - case INFO -> { - counters.policyViolationsInfoTotal++; - if (violation.suppressed == null || !violation.suppressed) { - counters.policyViolationsInfoUnaudited++; - } + + switch (Policy.ViolationState.valueOf(violation.violationState().name())) { + case FAIL -> counters.policyViolationsFailAudited++; + case WARN -> counters.policyViolationsWarnAudited++; + case INFO -> counters.policyViolationsInfoAudited++; } } } - counters.policyViolationsAudited = counters.policyViolationsTotal - counters.policyViolationsUnaudited; - counters.policyViolationsLicenseAudited = counters.policyViolationsLicenseTotal - counters.policyViolationsLicenseUnaudited; - counters.policyViolationsOperationalAudited = counters.policyViolationsOperationalTotal - counters.policyViolationsOperationalUnaudited; - counters.policyViolationsSecurityAudited = counters.policyViolationsSecurityTotal - counters.policyViolationsSecurityUnaudited; - counters.policyViolationsFailAudited = counters.policyViolationsFailTotal - counters.policyViolationsFailUnaudited; - counters.policyViolationsWarnAudited = counters.policyViolationsWarnTotal - counters.policyViolationsWarnUnaudited; - counters.policyViolationsInfoAudited = counters.policyViolationsInfoTotal - counters.policyViolationsInfoUnaudited; + counters.policyViolationsUnaudited = counters.policyViolationsTotal - counters.policyViolationsAudited; + counters.policyViolationsLicenseUnaudited = counters.policyViolationsLicenseTotal - counters.policyViolationsLicenseAudited; + counters.policyViolationsOperationalUnaudited = counters.policyViolationsOperationalTotal - counters.policyViolationsOperationalAudited; + counters.policyViolationsSecurityUnaudited = counters.policyViolationsSecurityTotal - counters.policyViolationsSecurityAudited; + counters.policyViolationsFailUnaudited = counters.policyViolationsFailTotal - counters.policyViolationsFailAudited; + counters.policyViolationsWarnUnaudited = counters.policyViolationsWarnTotal - counters.policyViolationsWarnAudited; + counters.policyViolationsInfoUnaudited = counters.policyViolationsInfoTotal - counters.policyViolationsInfoAudited; qm.runInTransaction(() -> { From d54180933e82f1a51deb4ef9bea0602d09cfc4b7 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Sat, 13 Apr 2024 05:02:20 -0400 Subject: [PATCH 10/16] feat: violation state audited/unaudited by state Signed-off-by: Adam Setch --- .../tasks/metrics/ComponentMetricsUpdateTask.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java b/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java index ad7b43b7c3..58f19cec81 100644 --- a/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java +++ b/src/main/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTask.java @@ -126,7 +126,6 @@ static Counters updateMetrics(final UUID uuid) throws Exception { case INFO -> counters.policyViolationsInfoTotal++; } - if (BooleanUtils.isTrue(violation.suppressed)) { counters.policyViolationsAudited++; From 8c898cab02b5ece0d3d0d34d91de7069a58697c8 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Sat, 13 Apr 2024 05:04:00 -0400 Subject: [PATCH 11/16] feat: violation state audited/unaudited by state Signed-off-by: Adam Setch --- .../tasks/metrics/ProjectMetricsUpdateTaskTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java b/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java index 469c03c911..5019b04cb1 100644 --- a/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java @@ -242,7 +242,7 @@ public void testUpdateMetricsPolicyViolations() { assertThat(metrics.getPolicyViolationsFailTotal()).isEqualTo(1); assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); assertThat(metrics.getPolicyViolationsFailUnaudited()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsWarn()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsWarn()).isEqualTo(0); assertThat(metrics.getPolicyViolationsWarnTotal()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarnAudited()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); From 2eb8b7e42980be29e50a3bba04dba0e0ee90ee08 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Sat, 13 Apr 2024 05:07:50 -0400 Subject: [PATCH 12/16] feat: violation state audited/unaudited by state Signed-off-by: Adam Setch --- .../java/org/dependencytrack/resources/v1/misc/Badger.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/dependencytrack/resources/v1/misc/Badger.java b/src/main/java/org/dependencytrack/resources/v1/misc/Badger.java index 1b715049a1..94dfb50452 100644 --- a/src/main/java/org/dependencytrack/resources/v1/misc/Badger.java +++ b/src/main/java/org/dependencytrack/resources/v1/misc/Badger.java @@ -68,9 +68,9 @@ public String generateViolations(ProjectMetrics metrics) { if (metrics == null) { return writeSvg(PROJECT_VIOLATIONS_NO_METRICS_TEMPLATE, context); } else if (metrics.getPolicyViolationsTotal() > 0) { - context.put("fail", String.valueOf(metrics.getPolicyViolationsFailTotal())); - context.put("warn", String.valueOf(metrics.getPolicyViolationsWarnTotal())); - context.put("info", String.valueOf(metrics.getPolicyViolationsInfoTotal())); + context.put("fail", String.valueOf(metrics.getPolicyViolationsFail())); + context.put("warn", String.valueOf(metrics.getPolicyViolationsWarn())); + context.put("info", String.valueOf(metrics.getPolicyViolationsInfo())); return writeSvg(PROJECT_VIOLATIONS_TEMPLATE, context); } else { return writeSvg(PROJECT_VIOLATIONS_NONE_TEMPLATE, context); From 4043dd07d3883195c77824c873adfc3e4cc8e2f1 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Sat, 13 Apr 2024 05:13:29 -0400 Subject: [PATCH 13/16] feat: violation state audited/unaudited by state Signed-off-by: Adam Setch --- .../java/org/dependencytrack/upgrade/v4110/v4110Updater.java | 1 - 1 file changed, 1 deletion(-) diff --git a/src/main/java/org/dependencytrack/upgrade/v4110/v4110Updater.java b/src/main/java/org/dependencytrack/upgrade/v4110/v4110Updater.java index aea6215935..a9f71a82cb 100644 --- a/src/main/java/org/dependencytrack/upgrade/v4110/v4110Updater.java +++ b/src/main/java/org/dependencytrack/upgrade/v4110/v4110Updater.java @@ -44,7 +44,6 @@ public void executeUpgrade(final AlpineQueryManager qm, final Connection connect dropCweTable(connection); computeVulnerabilitySeverities(connection); extendPurlColumnLengths(connection); - // FIXME - Adam - add an upgrade process here? } private static void dropCweTable(final Connection connection) throws Exception { From 8fe5c0b7aef5a95856c6d80cb37173226797680c Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Sat, 13 Apr 2024 05:14:46 -0400 Subject: [PATCH 14/16] feat: violation state audited/unaudited by state Signed-off-by: Adam Setch --- .../java/org/dependencytrack/resources/v1/misc/Badger.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/dependencytrack/resources/v1/misc/Badger.java b/src/main/java/org/dependencytrack/resources/v1/misc/Badger.java index 94dfb50452..1b715049a1 100644 --- a/src/main/java/org/dependencytrack/resources/v1/misc/Badger.java +++ b/src/main/java/org/dependencytrack/resources/v1/misc/Badger.java @@ -68,9 +68,9 @@ public String generateViolations(ProjectMetrics metrics) { if (metrics == null) { return writeSvg(PROJECT_VIOLATIONS_NO_METRICS_TEMPLATE, context); } else if (metrics.getPolicyViolationsTotal() > 0) { - context.put("fail", String.valueOf(metrics.getPolicyViolationsFail())); - context.put("warn", String.valueOf(metrics.getPolicyViolationsWarn())); - context.put("info", String.valueOf(metrics.getPolicyViolationsInfo())); + context.put("fail", String.valueOf(metrics.getPolicyViolationsFailTotal())); + context.put("warn", String.valueOf(metrics.getPolicyViolationsWarnTotal())); + context.put("info", String.valueOf(metrics.getPolicyViolationsInfoTotal())); return writeSvg(PROJECT_VIOLATIONS_TEMPLATE, context); } else { return writeSvg(PROJECT_VIOLATIONS_NONE_TEMPLATE, context); From 1870316e5ab7cf7600ff21f39d5e626302c10e29 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Sat, 13 Apr 2024 09:24:30 -0400 Subject: [PATCH 15/16] feat: violation state audited/unaudited by state Signed-off-by: Adam Setch --- .../ComponentMetricsUpdateTaskTest.java | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/test/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTaskTest.java b/src/test/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTaskTest.java index 0b0a78d52b..3f570b8412 100644 --- a/src/test/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/metrics/ComponentMetricsUpdateTaskTest.java @@ -241,24 +241,24 @@ public void testUpdateMetricsPolicyViolations() { assertThat(metrics.getPolicyViolationsFailUnaudited()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarn()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarnTotal()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsWarnAudited()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); - assertThat(metrics.getPolicyViolationsInfo()).isZero(); // Suppressed - assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); // Suppressed - assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnUnaudited()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsInfo()).isZero(); + assertThat(metrics.getPolicyViolationsInfoTotal()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsInfoAudited()).isEqualTo(1); // Suppressed assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); - assertThat(metrics.getPolicyViolationsTotal()).isEqualTo(2); + assertThat(metrics.getPolicyViolationsTotal()).isEqualTo(3); assertThat(metrics.getPolicyViolationsAudited()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsUnaudited()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsSecurityTotal()).isZero(); // Suppressed - assertThat(metrics.getPolicyViolationsSecurityAudited()).isZero(); + assertThat(metrics.getPolicyViolationsUnaudited()).isEqualTo(2); + assertThat(metrics.getPolicyViolationsSecurityTotal()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsSecurityAudited()).isEqualTo(1); // Suppressed assertThat(metrics.getPolicyViolationsSecurityUnaudited()).isZero(); assertThat(metrics.getPolicyViolationsLicenseTotal()).isEqualTo(1); assertThat(metrics.getPolicyViolationsLicenseAudited()).isZero(); assertThat(metrics.getPolicyViolationsLicenseUnaudited()).isEqualTo(1); assertThat(metrics.getPolicyViolationsOperationalTotal()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsOperationalAudited()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsOperationalUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsOperationalAudited()).isEqualTo(0); + assertThat(metrics.getPolicyViolationsOperationalUnaudited()).isEqualTo(1); qm.getPersistenceManager().refresh(component); assertThat(component.getLastInheritedRiskScore()).isZero(); From 145056a2403162164e951587bd65c64feb67327a Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Sat, 13 Apr 2024 09:31:52 -0400 Subject: [PATCH 16/16] feat: violation state audited/unaudited by state Signed-off-by: Adam Setch --- .../PortfolioMetricsUpdateTaskTest.java | 24 +++++++++---------- .../metrics/ProjectMetricsUpdateTaskTest.java | 22 ++++++++--------- 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/src/test/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTaskTest.java b/src/test/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTaskTest.java index cbefad60b2..dfb2e209eb 100644 --- a/src/test/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/metrics/PortfolioMetricsUpdateTaskTest.java @@ -272,24 +272,24 @@ public void testUpdateMetricsPolicyViolations() { assertThat(metrics.getPolicyViolationsFailUnaudited()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarn()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarnTotal()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsWarnAudited()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); - assertThat(metrics.getPolicyViolationsInfo()).isZero(); // Suppressed - assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); // Suppressed - assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnUnaudited()).isEqualTo(1);; + assertThat(metrics.getPolicyViolationsInfo()).isZero(); + assertThat(metrics.getPolicyViolationsInfoTotal()).isEqualTo(1); // Suppressed + assertThat(metrics.getPolicyViolationsInfoAudited()).isEqualTo(1); // Suppressed assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); - assertThat(metrics.getPolicyViolationsTotal()).isEqualTo(2); - assertThat(metrics.getPolicyViolationsAudited()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsUnaudited()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsSecurityTotal()).isZero(); // Suppressed - assertThat(metrics.getPolicyViolationsSecurityAudited()).isZero(); + assertThat(metrics.getPolicyViolationsTotal()).isEqualTo(3); + assertThat(metrics.getPolicyViolationsAudited()).isEqualTo(1); // Suppressed + assertThat(metrics.getPolicyViolationsUnaudited()).isEqualTo(2); + assertThat(metrics.getPolicyViolationsSecurityTotal()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsSecurityAudited()).isEqualTo(1); // Suppressed assertThat(metrics.getPolicyViolationsSecurityUnaudited()).isZero(); assertThat(metrics.getPolicyViolationsLicenseTotal()).isEqualTo(1); assertThat(metrics.getPolicyViolationsLicenseAudited()).isZero(); assertThat(metrics.getPolicyViolationsLicenseUnaudited()).isEqualTo(1); assertThat(metrics.getPolicyViolationsOperationalTotal()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsOperationalAudited()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsOperationalUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsOperationalAudited()).isZero(); + assertThat(metrics.getPolicyViolationsOperationalUnaudited()).isEqualTo(1); qm.getPersistenceManager().refreshAll(projectUnaudited, projectAudited, projectSuppressed, componentUnaudited, componentAudited, componentSuppressed); diff --git a/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java b/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java index 5019b04cb1..f382b4a300 100644 --- a/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/metrics/ProjectMetricsUpdateTaskTest.java @@ -242,26 +242,26 @@ public void testUpdateMetricsPolicyViolations() { assertThat(metrics.getPolicyViolationsFailTotal()).isEqualTo(1); assertThat(metrics.getPolicyViolationsFailAudited()).isZero(); assertThat(metrics.getPolicyViolationsFailUnaudited()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsWarn()).isEqualTo(0); + assertThat(metrics.getPolicyViolationsWarn()).isEqualTo(1); assertThat(metrics.getPolicyViolationsWarnTotal()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsWarnAudited()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsWarnUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnAudited()).isZero(); + assertThat(metrics.getPolicyViolationsWarnUnaudited()).isEqualTo(1); assertThat(metrics.getPolicyViolationsInfo()).isZero(); - assertThat(metrics.getPolicyViolationsInfoTotal()).isZero(); - assertThat(metrics.getPolicyViolationsInfoAudited()).isZero(); + assertThat(metrics.getPolicyViolationsInfoTotal()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsInfoAudited()).isEqualTo(1); assertThat(metrics.getPolicyViolationsInfoUnaudited()).isZero(); - assertThat(metrics.getPolicyViolationsTotal()).isEqualTo(2); + assertThat(metrics.getPolicyViolationsTotal()).isEqualTo(3); assertThat(metrics.getPolicyViolationsAudited()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsUnaudited()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsSecurityTotal()).isZero(); // Suppressed - assertThat(metrics.getPolicyViolationsSecurityAudited()).isZero(); + assertThat(metrics.getPolicyViolationsUnaudited()).isEqualTo(2); + assertThat(metrics.getPolicyViolationsSecurityTotal()).isEqualTo(1); + assertThat(metrics.getPolicyViolationsSecurityAudited()).isEqualTo(1); // Suppressed assertThat(metrics.getPolicyViolationsSecurityUnaudited()).isZero(); assertThat(metrics.getPolicyViolationsLicenseTotal()).isEqualTo(1); assertThat(metrics.getPolicyViolationsLicenseAudited()).isZero(); assertThat(metrics.getPolicyViolationsLicenseUnaudited()).isEqualTo(1); assertThat(metrics.getPolicyViolationsOperationalTotal()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsOperationalAudited()).isEqualTo(1); - assertThat(metrics.getPolicyViolationsOperationalUnaudited()).isZero(); + assertThat(metrics.getPolicyViolationsOperationalAudited()).isZero(); + assertThat(metrics.getPolicyViolationsOperationalUnaudited()).isEqualTo(1); qm.getPersistenceManager().refreshAll(project, componentUnaudited, componentAudited, componentSuppressed); assertThat(project.getLastInheritedRiskScore()).isZero();