#252 - Added badge configuration

DependencyTrack · Jul 31, 2019 · 341e406 · 341e406
1 parent dfe3dfa
commit 341e406
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 11 deletions.
diff --git a/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java b/src/main/java/org/dependencytrack/model/ConfigPropertyConstants.java
@@ -23,6 +23,7 @@
 public enum ConfigPropertyConstants {
 
  GENERAL_BASE_URL("general", "base.url", null, PropertyType.URL, "URL used to construct links back to Dependency-Track from external systems"),
+ GENERAL_BADGE_ENABLED("general", "badge.enabled", "false", PropertyType.BOOLEAN, "Flag to enable/disable SVG badge support from metrics"),
  EMAIL_SMTP_ENABLED("email", "smtp.enabled", "false", PropertyType.BOOLEAN, "Flag to enable/disable SMTP"),
  EMAIL_SMTP_FROM_ADDR("email", "smtp.from.address", null, PropertyType.STRING, "The from email address to use to send output SMTP mail"),
  EMAIL_SMTP_SERVER_HOSTNAME("email", "smtp.server.hostname", null, PropertyType.STRING, "The hostname or IP address of the SMTP mail server"),

diff --git a/src/main/java/org/dependencytrack/resources/v1/BadgeResource.java b/src/main/java/org/dependencytrack/resources/v1/BadgeResource.java
@@ -19,31 +19,44 @@
 package org.dependencytrack.resources.v1;
 
 import alpine.auth.AuthenticationNotRequired;
+import alpine.model.ConfigProperty;
 import alpine.resources.AlpineResource;
-import io.swagger.annotations.*;
+import alpine.util.BooleanUtil;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import io.swagger.annotations.ApiParam;
+import io.swagger.annotations.ApiResponse;
+import io.swagger.annotations.ApiResponses;
 import org.dependencytrack.model.Project;
 import org.dependencytrack.model.ProjectMetrics;
 import org.dependencytrack.persistence.QueryManager;
 import org.dependencytrack.resources.v1.misc.Badger;
-
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.Response;
 
+import static org.dependencytrack.model.ConfigPropertyConstants.GENERAL_BADGE_ENABLED;
+
 /**
  * JAX-RS resources for processing metrics.
  *
  * @author Steve Springett
  * @since 3.6.0
  */
 @Path("/v1/badge")
-@Api(value = "badge", authorizations = @Authorization(value = "X-Api-Key"))
+@Api(value = "badge")
 public class BadgeResource extends AlpineResource {
 
  private static final String SVG_MEDIA_TYPE = "image/svg+xml";
 
+ private boolean isBadgeSupportEnabled(final QueryManager qm) {
+ ConfigProperty property = qm.getConfigProperty(
+ GENERAL_BADGE_ENABLED.getGroupName(), GENERAL_BADGE_ENABLED.getPropertyName());
+ return BooleanUtil.valueOf(property.getPropertyValue());
+ }
+
  @GET
  @Path("/vulns/project/{uuid}")
  @Produces(SVG_MEDIA_TYPE)
@@ -52,22 +65,26 @@ public class BadgeResource extends AlpineResource {
  response = ProjectMetrics.class
  )
  @ApiResponses(value = {
+ @ApiResponse(code = 204, message = "Badge support is disabled. No content will be returned."),
  @ApiResponse(code = 401, message = "Unauthorized"),
  @ApiResponse(code = 404, message = "The project could not be found")
  })
- //@PermissionRequired(Permissions.Constants.VIEW_PORTFOLIO)
- @AuthenticationNotRequired // todo remove this
+ @AuthenticationNotRequired
  public Response getProjectVulnerabilitiesBadge(
  @ApiParam(value = "The UUID of the project to retrieve metrics for", required = true)
  @PathParam("uuid") String uuid) {
  try (QueryManager qm = new QueryManager()) {
- final Project project = qm.getObjectByUuid(Project.class, uuid);
- if (project != null) {
- final ProjectMetrics metrics = qm.getMostRecentProjectMetrics(project);
- final Badger badger = new Badger();
- return Response.ok(badger.generate(metrics)).build();
+ if (isBadgeSupportEnabled(qm)) {
+ final Project project = qm.getObjectByUuid(Project.class, uuid);
+ if (project != null) {
+ final ProjectMetrics metrics = qm.getMostRecentProjectMetrics(project);
+ final Badger badger = new Badger();
+ return Response.ok(badger.generate(metrics)).build();
+ } else {
+ return Response.status(Response.Status.NOT_FOUND).entity("The project could not be found.").build();
+ }
  } else {
- return Response.status(Response.Status.NOT_FOUND).entity("The project could not be found.").build();
+ return Response.status(Response.Status.NO_CONTENT).build();
  }
  }
  }

diff --git a/src/main/webapp/admin/index.jsp b/src/main/webapp/admin/index.jsp
@@ -141,6 +141,9 @@
  <label class="required" for="generalConfigBaseUrlInput">Dependency-Track Base URL</label>
  <input type="text" name="Base URL" class="form-control required" id="generalConfigBaseUrlInput" data-group-name="general" data-property-name="base.url">
  </div>
+ <div class="checkbox">
+ <label><input type="checkbox" id="generalConfigBadgeEnabledInput" data-group-name="general" data-property-name="badge.enabled"> Enable SVG badge support (unauthenticated)</label>
+ </div>
  <button type="button" class="btn btn-primary btn-config-property" id="updateGeneralConfigButton" data-group-name="general">Update</button>
  </div>
  <div class="tab-pane admin-form-content" id="artifactsTab" data-admin-title="BOM Formats">