Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Port: Return processing token when cloning project #659

Merged
merged 3 commits into from
May 21, 2024
Merged

Port: Return processing token when cloning project #659

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9cc34ee
porting feature from issue-3260
leec94 Apr 25, 2024
d48d674
change header
leec94 Apr 26, 2024
3799e52
Merge branch 'main' into issue-3260-processingtoken
leec94 May 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion src/main/java/org/dependencytrack/resources/v1/BomResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -339,11 +339,12 @@ public Response uploadBom(@FormDataParam("project") String projectUuid,
@GET
@Path("/token/{uuid}")
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Determines if there are any tasks associated with the token that are being processed, or in the queue to be processed.", notes = "This endpoint is intended to be used in conjunction with uploading a supported BOM document. Upon upload, a token will be returned. The token can then be queried using this endpoint to determine if any tasks (such as vulnerability analysis) is being performed on the BOM. A value of true indicates processing is occurring. A value of false indicates that no processing is occurring for the specified token. However, a value of false also does not confirm the token is valid, only that no processing is associated with the specified token.", response = IsTokenBeingProcessedResponse.class)
@ApiOperation(value = "Determines if there are any tasks associated with the token that are being processed, or in the queue to be processed.", notes = "Deprecated. Use /v1/event/token/{uuid} instead.", response = IsTokenBeingProcessedResponse.class)
@ApiResponses(value = {
@ApiResponse(code = 401, message = "Unauthorized")
})
@PermissionRequired(Permissions.Constants.BOM_UPLOAD)
@Deprecated(since = "4.11.0")
public Response isTokenBeingProcessed(
@ApiParam(value = "The UUID of the token to query", required = true)
@PathParam("uuid") String uuid) {
Expand Down
69 changes: 69 additions & 0 deletions src/main/java/org/dependencytrack/resources/v1/EventResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
/*
* This file is part of Dependency-Track.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* SPDX-License-Identifier: Apache-2.0
* Copyright (c) OWASP Foundation. All Rights Reserved.
*/
package org.dependencytrack.resources.v1;

import alpine.event.framework.Event;
import alpine.server.resources.AlpineResource;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponses;
import io.swagger.annotations.Authorization;
import io.swagger.annotations.ApiParam;
import io.swagger.annotations.ApiResponse;
import org.dependencytrack.resources.v1.vo.IsTokenBeingProcessedResponse;

import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.UUID;

/**
* JAX-RS resources for processing Events
*
* @author Ralf King
* @since 4.11.0
*/
@Path("/v1/event")
@Api(value = "event", authorizations = @Authorization(value = "X-Api-Key"))
public class EventResource extends AlpineResource {

@GET
@Path("/token/{uuid}")
@Produces(MediaType.APPLICATION_JSON)
@ApiOperation(value = "Determines if there are any tasks associated with the token that are being processed, or in the queue to be processed.",
notes = "This endpoint is intended to be used in conjunction with other API calls which return a token for asynchronous tasks. " +
"The token can then be queried using this endpoint to determine if the task is complete. " +
"A value of true indicates processing is occurring. A value of false indicates that no processing is " +
"occurring for the specified token. However, a value of false also does not confirm the token is valid, " +
"only that no processing is associated with the specified token.", response = IsTokenBeingProcessedResponse.class)
@ApiResponses(value = {
@ApiResponse(code = 401, message = "Unauthorized")
})
public Response isTokenBeingProcessed (
@ApiParam(value = "The UUID of the token to query", required = true)
@PathParam("uuid") String uuid) {
final boolean value = Event.isEventBeingProcessed(UUID.fromString(uuid));
IsTokenBeingProcessedResponse response = new IsTokenBeingProcessedResponse();
response.setProcessing(value);
return Response.ok(response).build();
}
}
4 changes: 3 additions & 1 deletion src/main/java/org/dependencytrack/resources/v1/ProjectResource.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -528,7 +528,9 @@ public Response cloneProject(CloneProjectRequest jsonRequest) {
}
LOGGER.info("Project " + sourceProject + " is being cloned by " + super.getPrincipal().getName());
Event.dispatch(new CloneProjectEvent(jsonRequest));
return Response.ok().build();
CloneProjectEvent event = new CloneProjectEvent(jsonRequest);
Event.dispatch(event);
return Response.ok(java.util.Collections.singletonMap("token", event.getChainIdentifier())).build();
} else {
return Response.status(Response.Status.NOT_FOUND).entity("The UUID of the project could not be found.").build();
}
Expand Down
10 changes: 8 additions & 2 deletions src/test/java/org/dependencytrack/resources/v1/ProjectResourceTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1006,7 +1006,10 @@ public void cloneProjectTest() {
""".formatted(project.getUuid())));

assertThat(response.getStatus()).isEqualTo(200);
assertThat(getPlainTextBody(response)).isEmpty();
JsonObject json = parseJsonObject(response);
Assert.assertNotNull(json);
Assert.assertNotNull(json.getString("token"));
Assert.assertTrue(UuidUtil.isValidUUID(json.getString("token")));

await("Cloning completion")
.atMost(Duration.ofSeconds(15))
Expand Down Expand Up @@ -1129,6 +1132,9 @@ public void cloneProjectWithAclTest() {
}
""".formatted(accessProject.getUuid())));
assertThat(response.getStatus()).isEqualTo(200);
assertThat(getPlainTextBody(response)).isEmpty();
JsonObject json = parseJsonObject(response);
Assert.assertNotNull(json);
Assert.assertNotNull(json.getString("token"));
Assert.assertTrue(UuidUtil.isValidUUID(json.getString("token")));
}
}