diff --git a/src/main/java/org/dependencytrack/model/Finding.java b/src/main/java/org/dependencytrack/model/Finding.java index 50c14001b..5fd41a450 100644 --- a/src/main/java/org/dependencytrack/model/Finding.java +++ b/src/main/java/org/dependencytrack/model/Finding.java @@ -19,17 +19,12 @@ package org.dependencytrack.model; import com.fasterxml.jackson.annotation.JsonInclude; -import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; import org.dependencytrack.parser.common.resolver.CweResolver; import org.dependencytrack.util.VulnerabilityUtil; -import java.io.BufferedReader; -import java.io.IOException; import java.io.Serializable; import java.math.BigDecimal; -import java.sql.Clob; -import java.sql.SQLException; import java.util.ArrayList; import java.util.HashMap; import java.util.HashSet; @@ -185,16 +180,8 @@ public Finding(UUID project, Object... o) { optValue(vulnerability, "vulnId", o[8]); optValue(vulnerability, "title", o[9]); optValue(vulnerability, "subtitle", o[10]); - if (o[11] instanceof final Clob clob) { - optValue(vulnerability, "description", toString(clob)); - } else { - optValue(vulnerability, "description", o[11]); - } - if (o[12] instanceof final Clob clob) { - optValue(vulnerability, "recommendation", toString(clob)); - } else { - optValue(vulnerability, "recommendation", o[12]); - } + optValue(vulnerability, "description", o[11]); + optValue(vulnerability, "recommendation", o[12]); final Severity severity = VulnerabilityUtil.getSeverity(o[13], (BigDecimal) o[14], (BigDecimal) o[15], (BigDecimal) o[16], (BigDecimal) o[17], (BigDecimal) o[18]); optValue(vulnerability, "cvssV2BaseScore", o[14]); optValue(vulnerability, "cvssV3BaseScore", o[15]); @@ -310,16 +297,4 @@ public void addVulnerabilityAliases(List aliases) { vulnerability.put("aliases",uniqueAliases); } - private static String toString(final Clob clob) { - if (clob == null) { - return null; - } - - try (final var reader = new BufferedReader(clob.getCharacterStream())) { - return IOUtils.toString(reader); - } catch (IOException | SQLException e) { - throw new RuntimeException("Failed to read CLOB value", e); - } - } - } \ No newline at end of file diff --git a/src/test/java/org/dependencytrack/util/PurlUtilTest.java b/src/test/java/org/dependencytrack/util/PurlUtilTest.java new file mode 100644 index 000000000..836252a42 --- /dev/null +++ b/src/test/java/org/dependencytrack/util/PurlUtilTest.java @@ -0,0 +1,52 @@ +/* + * This file is part of Dependency-Track. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * Copyright (c) OWASP Foundation. All Rights Reserved. + */ +package org.dependencytrack.util; + +import com.github.packageurl.PackageURL; +import org.junit.Test; + +import java.util.Map; + +import static org.assertj.core.api.Assertions.assertThat; + +public class PurlUtilTest { + + @Test + public void testSilentPurlWithNull() { + assertThat(PurlUtil.silentPurl(null)).isNull(); + } + + @Test + public void testSilentPurlWithInvalidPurl() { + assertThat(PurlUtil.silentPurl("foo:bar:baz")).isNull(); + } + + @Test + public void testSilentPurlWithValidPurl() { + final PackageURL purl = PurlUtil.silentPurl("pkg:maven/foo/bar@1.2.3?qux=quux#baz"); + assertThat(purl).isNotNull(); + assertThat(purl.getType()).isEqualTo("maven"); + assertThat(purl.getNamespace()).isEqualTo("foo"); + assertThat(purl.getName()).isEqualTo("bar"); + assertThat(purl.getVersion()).isEqualTo("1.2.3"); + assertThat(purl.getSubpath()).isEqualTo("baz"); + assertThat(purl.getQualifiers()).containsOnly(Map.entry("qux", "quux")); + } + +} \ No newline at end of file