Issue 1428 : remove deprecated code (#910)

src/main/java/org/dependencytrack/model/Vulnerability.java

@@ -20,13 +20,14 @@
 
 import alpine.common.validation.RegexSequence;
 import alpine.server.json.TrimmedStringDeserializer;
-import com.fasterxml.jackson.annotation.JsonGetter;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonInclude;
-import com.fasterxml.jackson.annotation.JsonSetter;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
-import org.dependencytrack.parser.common.resolver.CweResolver;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Pattern;
+import jakarta.validation.constraints.Size;
 import org.dependencytrack.persistence.CollectionIntegerConverter;
 import org.dependencytrack.resources.v1.serializers.CweDeserializer;
 import org.dependencytrack.resources.v1.serializers.CweSerializer;
@@ -47,10 +48,6 @@
 import javax.jdo.annotations.Persistent;
 import javax.jdo.annotations.PrimaryKey;
 import javax.jdo.annotations.Unique;
-import jakarta.validation.constraints.NotBlank;
-import jakarta.validation.constraints.NotNull;
-import jakarta.validation.constraints.Pattern;
-import jakarta.validation.constraints.Size;
 import java.io.Serializable;
 import java.math.BigDecimal;
 import java.util.ArrayList;
@@ -480,36 +477,6 @@ public void setSubTitle(String subTitle) {
         this.subTitle = subTitle;
     }
 
-    /**
-     * Setter for keeping the REST API backwards-compatible.
-     * Will be removed in v5.
-     *
-     * @deprecated Use {@link #getCwes()} instead
-     * @return The first {@link Cwe} returned by {@link #getCwes()}, or {@code null} if no {@link Cwe}s are set.
-     */
-    @JsonGetter("cwe")
-    public Cwe getCwe() {
-        if (cwes == null || cwes.isEmpty()) {
-            return null;
-        }
-
-        return CweResolver.getInstance().lookup(cwes.get(0));
-    }
-
-    /**
-     * Setter for keeping the REST API backwards-compatible.
-     * Will be removed in v5.
-     *
-     * @deprecated Use {@link #setCwes(List)} instead
-     * @param cwe The {@link Cwe} to set
-     */
-    @JsonSetter("cwe")
-    public void setCwe(final Cwe cwe) {
-        if (cwe != null) {
-            setCwes(List.of(cwe.getCweId()));
-        }
-    }
-
     public List<Integer> getCwes() {
         return cwes;
     }

src/main/java/org/dependencytrack/persistence/QueryManager.java

@@ -935,10 +935,6 @@ public Vulnerability getVulnerabilityByVulnId(Vulnerability.Source source, Strin
         return getVulnerabilityQueryManager().getVulnerabilityByVulnId(source, vulnId, includeVulnerableSoftware);
     }
 
-    public List<Vulnerability> getVulnerabilitiesForNpmModule(String module) {
-        return getVulnerabilityQueryManager().getVulnerabilitiesForNpmModule(module);
-    }
-
     public void addVulnerability(Vulnerability vulnerability, Component component, AnalyzerIdentity analyzerIdentity) {
         getVulnerabilityQueryManager().addVulnerability(vulnerability, component, analyzerIdentity);
     }

src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java

@@ -185,20 +185,6 @@ public Vulnerability getVulnerabilityByVulnId(Vulnerability.Source source, Strin
         return getVulnerabilityByVulnId(source.name(), vulnId, includeVulnerableSoftware);
     }
 
-    /**
-     * Returns vulnerabilities for the specified npm module
-     * @param module the NPM module to query on
-     * @return a list of Vulnerability objects
-     */
-    @Deprecated
-    @SuppressWarnings("unchecked")
-    //todo: determine if this is needed and delete
-    public List<Vulnerability> getVulnerabilitiesForNpmModule(String module) {
-        final Query<Vulnerability> query = pm.newQuery(Vulnerability.class, "source == :source && subtitle == :module");
-        query.getFetchPlan().addGroup(Vulnerability.FetchGroup.COMPONENTS.name());
-        return (List<Vulnerability>) query.execute(Vulnerability.Source.NPM.name(), module);
-    }
-
     /**
      * Adds a vulnerability to a component.
      * @param vulnerability the vulnerability to add

src/main/java/org/dependencytrack/resources/v1/BomResource.java

@@ -56,8 +56,6 @@
 import org.dependencytrack.event.kafka.KafkaEventDispatcher;
 import org.dependencytrack.model.Component;
 import org.dependencytrack.model.Project;
-import org.dependencytrack.model.WorkflowState;
-import org.dependencytrack.model.WorkflowStatus;
 import org.dependencytrack.model.validation.ValidUuid;
 import org.dependencytrack.notification.NotificationConstants;
 import org.dependencytrack.notification.NotificationGroup;
@@ -71,7 +69,6 @@
 import org.dependencytrack.resources.v1.problems.ProblemDetails;
 import org.dependencytrack.resources.v1.vo.BomSubmitRequest;
 import org.dependencytrack.resources.v1.vo.BomUploadResponse;
-import org.dependencytrack.resources.v1.vo.IsTokenBeingProcessedResponse;
 import org.glassfish.jersey.media.multipart.BodyPartEntity;
 import org.glassfish.jersey.media.multipart.FormDataBodyPart;
 import org.glassfish.jersey.media.multipart.FormDataParam;
@@ -86,8 +83,6 @@
 import java.util.Arrays;
 import java.util.Base64;
 import java.util.List;
-import java.util.UUID;
-import java.util.concurrent.atomic.AtomicBoolean;
 
 import static java.util.function.Predicate.not;
 import static org.dependencytrack.model.ConfigPropertyConstants.BOM_VALIDATION_ENABLED;
@@ -431,51 +426,6 @@ public Response uploadBom(
         }
     }
 
-    @GET
-    @Path("/token/{uuid}")
-    @Produces(MediaType.APPLICATION_JSON)
-    @Operation(
-            summary = "Determines if there are any tasks associated with the token that are being processed, or in the queue to be processed.",
-            description = """
-                    <p>
-                      This endpoint is intended to be used in conjunction with uploading a supported BOM document.
-                      Upon upload, a token will be returned. The token can then be queried using this endpoint to
-                      determine if any tasks (such as vulnerability analysis) is being performed on the BOM:
-                      <ul>
-                        <li>A value of <code>true</code> indicates processing is occurring.</li>
-                        <li>A value of <code>false</code> indicates that no processing is occurring for the specified token.</li>
-                      </ul>
-                      However, a value of <code>false</code> also does not confirm the token is valid,
-                      only that no processing is associated with the specified token.
-                    </p>
-                    <p>Requires permission <strong>BOM_UPLOAD</strong></p>
-                    <p><strong>Deprecated</strong>. Use <code>/v1/event/token/{uuid}</code> instead.</p>""")
-    @ApiResponses(value = {
-            @ApiResponse(
-                    responseCode = "200",
-                    description = "The processing status of the provided token",
-                    content = @Content(schema = @Schema(implementation = IsTokenBeingProcessedResponse.class))
-            ),
-            @ApiResponse(responseCode = "401", description = "Unauthorized")
-    })
-    @PermissionRequired(Permissions.Constants.BOM_UPLOAD)
-    @Deprecated(since = "4.11.0")
-    public Response isTokenBeingProcessed(
-            @Parameter(description = "The UUID of the token to query", schema = @Schema(type = "string", format = "uuid"), required = true)
-            @PathParam("uuid") @ValidUuid String uuid) {
-        // Check workflow states for the token.
-        List<WorkflowState> workflowStates;
-        try (final var qm = new QueryManager()) {
-            workflowStates = qm.getAllWorkflowStatesForAToken(UUID.fromString(uuid));
-        }
-        AtomicBoolean hasTerminalStatus = new AtomicBoolean(true);
-        IsTokenBeingProcessedResponse response = new IsTokenBeingProcessedResponse();
-        workflowStates.stream().forEach(workflowState -> hasTerminalStatus.set(hasTerminalStatus.get() && (workflowState.getStatus() != WorkflowStatus.PENDING
-                                                                                                           && workflowState.getStatus() != WorkflowStatus.TIMED_OUT)));
-        response.setProcessing(!hasTerminalStatus.get());
-        return Response.ok(response).build();
-    }
-
     /**
      * Common logic that processes a BOM given a project and encoded payload.
      */

src/main/java/org/dependencytrack/resources/v1/PolicyResource.java

@@ -46,7 +46,6 @@
 import org.dependencytrack.auth.Permissions;
 import org.dependencytrack.model.Policy;
 import org.dependencytrack.model.Project;
-import org.dependencytrack.model.Tag;
 import org.dependencytrack.model.validation.ValidUuid;
 import org.dependencytrack.persistence.QueryManager;
 import org.dependencytrack.resources.v1.openapi.PaginatedApi;
@@ -315,96 +314,4 @@ public Response removeProjectFromPolicy(
             return Response.status(Response.Status.NOT_MODIFIED).build();
         }
     }
-
-    @POST
-    @Path("/{policyUuid}/tag/{tagName}")
-    @Consumes(MediaType.APPLICATION_JSON)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Operation(
-            summary = "Adds a tag to a policy",
-            description = """
-                    <p><strong>Deprecated</strong>. Use <code>POST /api/v1/tag/{name}/policy</code> instead.</p>
-                    <p>Requires permission <strong>POLICY_MANAGEMENT</strong></p>
-                    """
-    )
-    @ApiResponses(value = {
-            @ApiResponse(
-                    responseCode = "200",
-                    description = "The updated policy",
-                    content = @Content(schema = @Schema(implementation = Policy.class))
-            ),
-            @ApiResponse(responseCode = "304", description = "The policy already has the specified tag assigned"),
-            @ApiResponse(responseCode = "401", description = "Unauthorized"),
-            @ApiResponse(responseCode = "404", description = "The policy or tag could not be found")
-    })
-    @PermissionRequired({Permissions.Constants.POLICY_MANAGEMENT, Permissions.Constants.POLICY_MANAGEMENT_UPDATE})
-    @Deprecated(forRemoval = true)
-    public Response addTagToPolicy(
-            @Parameter(description = "The UUID of the policy to add a project to", schema = @Schema(type = "string", format = "uuid"), required = true)
-            @PathParam("policyUuid") @ValidUuid String policyUuid,
-            @Parameter(description = "The name of the tag to add to the rule", required = true)
-            @PathParam("tagName") String tagName) {
-        try (QueryManager qm = new QueryManager()) {
-            final Policy policy = qm.getObjectByUuid(Policy.class, policyUuid);
-            if (policy == null) {
-                return Response.status(Response.Status.NOT_FOUND).entity("The policy could not be found.").build();
-            }
-
-            final Tag tag = qm.getTagByName(tagName);
-            if (tag == null) {
-                return Response.status(Response.Status.NOT_FOUND).entity("The tag could not be found.").build();
-            }
-            if (qm.bind(policy, List.of(tag))) {
-                return Response.ok(policy).build();
-            }
-            return Response.status(Response.Status.NOT_MODIFIED).build();
-        }
-    }
-
-    @DELETE
-    @Path("/{policyUuid}/tag/{tagName}")
-    @Consumes(MediaType.APPLICATION_JSON)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Operation(
-            summary = "Removes a tag from a policy",
-            description = """
-                    <p><strong>Deprecated</strong>. Use <code>DELETE /api/v1/tag/{name}/policy</code> instead.</p>
-                    <p>Requires permission <strong>POLICY_MANAGEMENT</strong></p>
-                    """
-    )
-    @ApiResponses(value = {
-            @ApiResponse(
-                    responseCode = "200",
-                    description = "The updated policy",
-                    content = @Content(schema = @Schema(implementation = Policy.class))
-            ),
-            @ApiResponse(responseCode = "304", description = "The policy does not have the specified tag assigned"),
-            @ApiResponse(responseCode = "401", description = "Unauthorized"),
-            @ApiResponse(responseCode = "404", description = "The policy or tag could not be found")
-    })
-    @PermissionRequired({Permissions.Constants.POLICY_MANAGEMENT, Permissions.Constants.POLICY_MANAGEMENT_DELETE})
-    @Deprecated(forRemoval = true)
-    public Response removeTagFromPolicy(
-            @Parameter(description = "The UUID of the policy to remove the tag from", schema = @Schema(type = "string", format = "uuid"), required = true)
-            @PathParam("policyUuid") @ValidUuid String policyUuid,
-            @Parameter(description = "The name of the tag to remove from the policy", required = true)
-            @PathParam("tagName") String tagName) {
-        try (QueryManager qm = new QueryManager()) {
-            final Policy policy = qm.getObjectByUuid(Policy.class, policyUuid);
-            if (policy == null) {
-                return Response.status(Response.Status.NOT_FOUND).entity("The policy could not be found.").build();
-            }
-            final Tag tag = qm.getTagByName(tagName);
-            if (tag == null) {
-                return Response.status(Response.Status.NOT_FOUND).entity("The tag could not be found.").build();
-            }
-            final List<Tag> tags = policy.getTags();
-            if (tags != null && tags.contains(tag)) {
-                policy.getTags().remove(tag);
-                qm.persist(policy);
-                return Response.ok(policy).build();
-            }
-            return Response.status(Response.Status.NOT_MODIFIED).build();
-        }
-    }
 }

src/main/java/org/dependencytrack/resources/v1/TagResource.java

@@ -58,7 +58,6 @@
 import java.util.List;
 import java.util.NoSuchElementException;
 import java.util.Set;
-import java.util.UUID;
 
 @Path("/v1/tag")
 @io.swagger.v3.oas.annotations.tags.Tag(name = "tag")
@@ -433,33 +432,4 @@ public Response getTagsForPolicy(
             return Response.ok(result.getObjects()).header(TOTAL_COUNT_HEADER, result.getTotal()).build();
         }
     }
-
-    @GET
-    @Path("/{policyUuid}")
-    @Produces(MediaType.APPLICATION_JSON)
-    @Operation(
-            summary = "Returns a list of all tags associated with a given policy",
-            description = """
-                    <p><strong>Deprecated</strong>. Use <code>/api/v1/tag/policy/{uuid}</code> instead.</p>
-                    <p>Requires permission <strong>VIEW_PORTFOLIO</strong></p>
-                    """
-    )
-    @PaginatedApi
-    @ApiResponses(value = {
-            @ApiResponse(
-                    responseCode = "200",
-                    description = "A list of all tags associated with a given policy",
-                    headers = @Header(name = TOTAL_COUNT_HEADER, description = "The total number of tags", schema = @Schema(format = "integer")),
-                    content = @Content(array = @ArraySchema(schema = @Schema(implementation = Tag.class)))
-            ),
-            @ApiResponse(responseCode = "401", description = "Unauthorized")
-    })
-    @PermissionRequired(Permissions.Constants.VIEW_PORTFOLIO)
-    @Deprecated(forRemoval = true)
-    public Response getTags(
-            @Parameter(description = "The UUID of the policy", required = true)
-            @PathParam("policyUuid") final UUID policyUuid
-    ) {
-        return getTagsForPolicy(String.valueOf(policyUuid));
-    }
 }