Skip to content

Commit

Permalink
Merge pull request #892 from DependencyTrack/fix-missing-cwes
Browse files Browse the repository at this point in the history 
Fix `cwes` missing from project/component vulnerability responses
  • Loading branch information
@nscuro
nscuro committed Sep 9, 2024
2 parents c9e165c + 197fad0 commit 962f679
Show file tree
Hide file tree
Showing 2 changed files with 94 additions and 3 deletions.
6 changes: 3 additions & 3 deletions src/main/java/org/dependencytrack/persistence/jdbi/VulnerabilityDao.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ record AffectedProjectListRow(
@SqlQuery(/* language=InjectedFreeMarker */ """
<#-- @ftlvariable name="apiFilterParameter" type="String" -->
SELECT "V"."ID", "V"."CREATED", "V"."CVSSV2BASESCORE", "V"."CVSSV2VECTOR", "V"."CVSSV3BASESCORE", "V"."CVSSV3VECTOR"
, "V"."CWES", "V"."DESCRIPTION", "V"."DETAIL", "V"."PATCHEDVERSIONS", "V"."PUBLISHED", "V"."RECOMMENDATION", "V"."REFERENCES"
, STRING_TO_ARRAY("V"."CWES", ',') AS "CWES", "V"."DESCRIPTION", "V"."DETAIL", "V"."PATCHEDVERSIONS", "V"."PUBLISHED", "V"."RECOMMENDATION", "V"."REFERENCES"
, "V"."SEVERITY", "V"."SOURCE", "V"."TITLE", "V"."UPDATED", "V"."UUID", "V"."VULNID", "V"."VULNERABLEVERSIONS", "V"."OWASPRRVECTOR"
, "EPSS"."SCORE"
, "EPSS"."PERCENTILE"
Expand Down Expand Up @@ -156,7 +156,7 @@ record AffectedProjectCountRow(
@SqlQuery(/* language=InjectedFreeMarker */ """
<#-- @ftlvariable name="apiFilterParameter" type="String" -->
SELECT DISTINCT "V"."ID", "V"."CREATED", "V"."CVSSV2BASESCORE", "V"."CVSSV2VECTOR", "V"."CVSSV3BASESCORE", "V"."CVSSV3VECTOR"
, "V"."CWES", "V"."DESCRIPTION", "V"."DETAIL", "V"."PATCHEDVERSIONS", "V"."PUBLISHED", "V"."RECOMMENDATION", "V"."REFERENCES"
, STRING_TO_ARRAY("V"."CWES", ',') AS "CWES", "V"."DESCRIPTION", "V"."DETAIL", "V"."PATCHEDVERSIONS", "V"."PUBLISHED", "V"."RECOMMENDATION", "V"."REFERENCES"
, "V"."SEVERITY", "V"."SOURCE", "V"."TITLE", "V"."UPDATED", "V"."UUID", "V"."VULNID", "V"."VULNERABLEVERSIONS", "V"."OWASPRRVECTOR"
, "EPSS"."SCORE"
, "EPSS"."PERCENTILE"
Expand Down Expand Up @@ -187,7 +187,7 @@ record AffectedProjectCountRow(
@SqlQuery("""
SELECT distinct "C"."ID",
"C"."NAME",
"C"."AUTHOR",
"C"."AUTHOR",
"C"."BLAKE2B_256",
"C"."BLAKE2B_384",
"C"."BLAKE2B_512",
Expand Down
91 changes: 91 additions & 0 deletions src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,16 @@ public void getVulnerabilitiesByComponentUuidTest() throws Exception {
"source": "INTERNAL",
"description": "Description 1",
"severity": "CRITICAL",
"cwe": {
"cweId": 123,
"name": "Write-what-where Condition"
},
"cwes": [
{
"cweId": 123,
"name": "Write-what-where Condition"
}
],
"uuid": "${json-unit.any-string}",
"affectedProjectCount": 1,
"affectedActiveProjectCount": 1,
Expand All @@ -85,6 +95,16 @@ public void getVulnerabilitiesByComponentUuidTest() throws Exception {
"source": "INTERNAL",
"description": "Description 2",
"severity": "HIGH",
"cwe": {
"cweId": 321,
"name": "Use of Hard-coded Cryptographic Key"
},
"cwes": [
{
"cweId": 321,
"name": "Use of Hard-coded Cryptographic Key"
}
],
"uuid": "${json-unit.any-string}",
"affectedProjectCount": 1,
"affectedActiveProjectCount": 1,
Expand Down Expand Up @@ -123,6 +143,16 @@ public void getVulnerabilitiesByComponentUuidIncludeSuppressedTest() {
"source": "INTERNAL",
"description": "Description 1",
"severity": "CRITICAL",
"cwe": {
"cweId": 123,
"name": "Write-what-where Condition"
},
"cwes": [
{
"cweId": 123,
"name": "Write-what-where Condition"
}
],
"uuid": "${json-unit.any-string}",
"affectedProjectCount": 1,
"affectedActiveProjectCount": 1,
Expand All @@ -133,6 +163,16 @@ public void getVulnerabilitiesByComponentUuidIncludeSuppressedTest() {
"source": "INTERNAL",
"description": "Description 2",
"severity": "HIGH",
"cwe": {
"cweId": 321,
"name": "Use of Hard-coded Cryptographic Key"
},
"cwes": [
{
"cweId": 321,
"name": "Use of Hard-coded Cryptographic Key"
}
],
"uuid": "${json-unit.any-string}",
"affectedProjectCount": 1,
"affectedActiveProjectCount": 1,
Expand Down Expand Up @@ -167,6 +207,16 @@ public void getVulnerabilitiesByProjectTest() throws Exception {
"source": "INTERNAL",
"description": "Description 1",
"severity": "CRITICAL",
"cwe": {
"cweId": 123,
"name": "Write-what-where Condition"
},
"cwes": [
{
"cweId": 123,
"name": "Write-what-where Condition"
}
],
"components": [
{
"name": "Component 1",
Expand All @@ -188,6 +238,16 @@ public void getVulnerabilitiesByProjectTest() throws Exception {
"source": "INTERNAL",
"description": "Description 2",
"severity": "HIGH",
"cwe": {
"cweId": 321,
"name": "Use of Hard-coded Cryptographic Key"
},
"cwes": [
{
"cweId": 321,
"name": "Use of Hard-coded Cryptographic Key"
}
],
"components": [
{
"name": "Component 1",
Expand All @@ -209,6 +269,20 @@ public void getVulnerabilitiesByProjectTest() throws Exception {
"source": "INTERNAL",
"description": "Description 4",
"severity": "LOW",
"cwe": {
"cweId": 123,
"name": "Write-what-where Condition"
},
"cwes": [
{
"cweId": 123,
"name": "Write-what-where Condition"
},
{
"cweId": 321,
"name": "Use of Hard-coded Cryptographic Key"
}
],
"components": [
{
"name": "Component 2",
Expand Down Expand Up @@ -267,6 +341,20 @@ public void getVulnerabilitiesByProjectIncludeProjectSuppressedTest() throws Exc
"source": "INTERNAL",
"description": "Description 4",
"severity": "LOW",
"cwe": {
"cweId": 123,
"name": "Write-what-where Condition"
},
"cwes": [
{
"cweId": 123,
"name": "Write-what-where Condition"
},
{
"cweId": 321,
"name": "Use of Hard-coded Cryptographic Key"
}
],
"components": [
{
"name": "Component 2",
Expand Down Expand Up @@ -1003,6 +1091,7 @@ private class SampleData {
v1.setSource(Vulnerability.Source.INTERNAL);
v1.setSeverity(Severity.CRITICAL);
v1.setDescription("Description 1");
v1.setCwes(List.of(123));

vs1 = new VulnerableSoftware();
qm.persist(vs1);
Expand All @@ -1014,6 +1103,7 @@ private class SampleData {
v2.setSource(Vulnerability.Source.INTERNAL);
v2.setSeverity(Severity.HIGH);
v2.setDescription("Description 2");
v2.setCwes(List.of(321));

v3 = new Vulnerability();
v3.setVulnId("INT-3");
Expand All @@ -1026,6 +1116,7 @@ private class SampleData {
v4.setSource(Vulnerability.Source.INTERNAL);
v4.setSeverity(Severity.LOW);
v4.setDescription("Description 4");
v4.setCwes(List.of(123, 321));

v5 = new Vulnerability();
v5.setVulnId("INT-5");
Expand Down

0 comments on commit 962f679

Please sign in to comment.