Add test to verify that the BOM_PROCESSING_FAILED notification is t…

…riggered as expected Signed-off-by: nscuro <nscuro@protonmail.com>
sahibamittal · Apr 10, 2023 · 4877351 · 4877351
1 parent 8f7fb01
commit 4877351
Showing 1 changed file with 47 additions and 5 deletions.
diff --git a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java
@@ -20,6 +20,7 @@
 
 import alpine.event.framework.EventService;
 import alpine.notification.Notification;
+import alpine.notification.NotificationLevel;
 import alpine.notification.NotificationService;
 import alpine.notification.Subscriber;
 import alpine.notification.Subscription;
@@ -28,21 +29,26 @@
 import org.dependencytrack.event.BomUploadEvent;
 import org.dependencytrack.event.NewVulnerableDependencyAnalysisEvent;
 import org.dependencytrack.event.VulnerabilityAnalysisEvent;
-import org.dependencytrack.model.Severity;
-import org.dependencytrack.model.Vulnerability;
-import org.dependencytrack.model.VulnerableSoftware;
+import org.dependencytrack.model.Bom;
+import org.dependencytrack.model.Classifier;
+import org.dependencytrack.model.Component;
 import org.dependencytrack.model.ConfigPropertyConstants;
 import org.dependencytrack.model.Project;
-import org.dependencytrack.model.Component;
-import org.dependencytrack.model.Classifier;
+import org.dependencytrack.model.Severity;
+import org.dependencytrack.model.Vulnerability;
 import org.dependencytrack.model.VulnerabilityAnalysisLevel;
+import org.dependencytrack.model.VulnerableSoftware;
 import org.dependencytrack.notification.NotificationGroup;
+import org.dependencytrack.notification.NotificationScope;
+import org.dependencytrack.notification.vo.BomProcessingFailed;
 import org.dependencytrack.notification.vo.NewVulnerabilityIdentified;
+import org.junit.After;
 import org.junit.AfterClass;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Paths;
 import java.time.Duration;
@@ -95,6 +101,7 @@ public void setUp() {
                 ConfigPropertyConstants.SCANNER_INTERNAL_ENABLED.getDescription());
     }
 
+    @After
     public void tearDown() {
         NOTIFICATIONS.clear();
     }
@@ -167,4 +174,39 @@ public void informTest() throws Exception {
         );
     }
 
+    @Test
+    public void informWithInvalidCycloneDxBomTest() throws Exception {
+        final Project project = qm.createProject("Acme Example", null, "1.0", null, null, null, true, false);
+
+        final byte[] bomBytes = """
+                {
+                  "bomFormat": "CycloneDX",
+                """.getBytes(StandardCharsets.UTF_8);
+
+        new BomUploadProcessingTask().inform(new BomUploadEvent(project.getUuid(), bomBytes));
+        assertConditionWithTimeout(() -> NOTIFICATIONS.size() >= 2, Duration.ofSeconds(5));
+
+        assertThat(NOTIFICATIONS).satisfiesExactly(
+                notification -> assertThat(notification.getGroup()).isEqualTo(NotificationGroup.PROJECT_CREATED.name()),
+                notification -> {
+                    assertThat(notification.getScope()).isEqualTo(NotificationScope.PORTFOLIO.name());
+                    assertThat(notification.getGroup()).isEqualTo(NotificationGroup.BOM_PROCESSING_FAILED.name());
+                    assertThat(notification.getLevel()).isEqualTo(NotificationLevel.ERROR);
+                    assertThat(notification.getTitle()).isNotBlank();
+                    assertThat(notification.getContent()).isNotBlank();
+                    assertThat(notification.getSubject()).isInstanceOf(BomProcessingFailed.class);
+                    final var subject = (BomProcessingFailed) notification.getSubject();
+                    assertThat(subject.getProject().getUuid()).isEqualTo(project.getUuid());
+                    assertThat(subject.getBom()).isEqualTo("ewogICJib21Gb3JtYXQiOiAiQ3ljbG9uZURYIiwK");
+                    assertThat(subject.getFormat()).isEqualTo(Bom.Format.CYCLONEDX);
+                    assertThat(subject.getSpecVersion()).isNull();
+                    assertThat(subject.getCause()).isEqualTo("Unable to parse BOM from byte array");
+                }
+        );
+
+        qm.getPersistenceManager().refresh(project);
+        assertThat(project.getClassifier()).isNull();
+        assertThat(project.getLastBomImport()).isNull();
+    }
+
 }