Handling of Clob is not required for PostgreSQL

In DT v4.x, `Clob` is only returned for H2, for all other databases the columns are already mapped to `String`. Signed-off-by: nscuro <[email protected]>
DependencyTrack · Jun 25, 2024 · 7b8320d · 7b8320d
1 parent 6993cff
commit 7b8320d
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 27 deletions.
diff --git a/src/main/java/org/dependencytrack/model/Finding.java b/src/main/java/org/dependencytrack/model/Finding.java
@@ -19,17 +19,12 @@
 package org.dependencytrack.model;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
-import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.dependencytrack.parser.common.resolver.CweResolver;
 import org.dependencytrack.util.VulnerabilityUtil;
 
-import java.io.BufferedReader;
-import java.io.IOException;
 import java.io.Serializable;
 import java.math.BigDecimal;
-import java.sql.Clob;
-import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -185,16 +180,8 @@ public Finding(UUID project, Object... o) {
         optValue(vulnerability, "vulnId", o[8]);
         optValue(vulnerability, "title", o[9]);
         optValue(vulnerability, "subtitle", o[10]);
-        if (o[11] instanceof final Clob clob) {
-            optValue(vulnerability, "description", toString(clob));
-        } else {
-            optValue(vulnerability, "description", o[11]);
-        }
-        if (o[12] instanceof final Clob clob) {
-            optValue(vulnerability, "recommendation", toString(clob));
-        } else {
-            optValue(vulnerability, "recommendation", o[12]);
-        }
+        optValue(vulnerability, "description", o[11]);
+        optValue(vulnerability, "recommendation", o[12]);
         final Severity severity = VulnerabilityUtil.getSeverity(o[13], (BigDecimal) o[14], (BigDecimal) o[15], (BigDecimal) o[16], (BigDecimal) o[17], (BigDecimal) o[18]);
         optValue(vulnerability, "cvssV2BaseScore", o[14]);
         optValue(vulnerability, "cvssV3BaseScore", o[15]);
@@ -310,16 +297,4 @@ public void addVulnerabilityAliases(List<VulnerabilityAlias> aliases) {
         vulnerability.put("aliases",uniqueAliases);
     }
 
-    private static String toString(final Clob clob) {
-        if (clob == null) {
-            return null;
-        }
-
-        try (final var reader = new BufferedReader(clob.getCharacterStream())) {
-            return IOUtils.toString(reader);
-        } catch (IOException | SQLException e) {
-            throw new RuntimeException("Failed to read CLOB value", e);
-        }
-    }
-
 }
diff --git a/src/test/java/org/dependencytrack/util/PurlUtilTest.java b/src/test/java/org/dependencytrack/util/PurlUtilTest.java
@@ -0,0 +1,52 @@
+/*
+ * This file is part of Dependency-Track.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) OWASP Foundation. All Rights Reserved.
+ */
+package org.dependencytrack.util;
+
+import com.github.packageurl.PackageURL;
+import org.junit.Test;
+
+import java.util.Map;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+public class PurlUtilTest {
+
+    @Test
+    public void testSilentPurlWithNull() {
+        assertThat(PurlUtil.silentPurl(null)).isNull();
+    }
+
+    @Test
+    public void testSilentPurlWithInvalidPurl() {
+        assertThat(PurlUtil.silentPurl("foo:bar:baz")).isNull();
+    }
+
+    @Test
+    public void testSilentPurlWithValidPurl() {
+        final PackageURL purl = PurlUtil.silentPurl("pkg:maven/foo/[email protected]?qux=quux#baz");
+        assertThat(purl).isNotNull();
+        assertThat(purl.getType()).isEqualTo("maven");
+        assertThat(purl.getNamespace()).isEqualTo("foo");
+        assertThat(purl.getName()).isEqualTo("bar");
+        assertThat(purl.getVersion()).isEqualTo("1.2.3");
+        assertThat(purl.getSubpath()).isEqualTo("baz");
+        assertThat(purl.getQualifiers()).containsOnly(Map.entry("qux", "quux"));
+    }
+
+}