Skip to content

Commit

Permalink
Set license name instead of ID when using custom license
Browse files Browse the repository at this point in the history 
Co-authored-by: Ross Murphy <RossMurphy@ibm.com>
Signed-off-by: nscuro <nscuro@protonmail.com>
  • Loading branch information
@nscuro @2000rosser
nscuro and 2000rosser committed Jul 8, 2024
1 parent c7f5dd0 commit 50e0acb
Show file tree
Hide file tree
Showing 2 changed files with 80 additions and 1 deletion.
6 changes: 5 additions & 1 deletion src/main/java/org/dependencytrack/parser/cyclonedx/util/ModelConverter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -754,7 +754,11 @@ public static org.cyclonedx.model.Component convert(final QueryManager qm, final
final LicenseChoice licenses = new LicenseChoice();
if (component.getResolvedLicense() != null) {
final org.cyclonedx.model.License license = new org.cyclonedx.model.License();
license.setId(component.getResolvedLicense().getLicenseId());
if (!component.getResolvedLicense().isCustomLicense()) {
license.setId(component.getResolvedLicense().getLicenseId());
} else {
license.setName(component.getResolvedLicense().getName());
}
license.setUrl(component.getLicenseUrl());
licenses.addLicense(license);
cycloneComponent.setLicenses(licenses);
Expand Down
75 changes: 75 additions & 0 deletions src/test/java/org/dependencytrack/resources/v1/BomResourceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -312,6 +312,81 @@ public void exportProjectAsCycloneDxInventoryTest() {
assertThat(componentWithVulnAndAnalysis.getDirectDependencies()).isNotNull();
}

@Test
public void exportProjectAsCycloneDxLicenseTest() {
Project project = qm.createProject("Acme Example", null, "1.0", null, null, null, true, false);
Component c = new Component();
c.setProject(project);
c.setName("sample-component");
c.setVersion("1.0");
org.dependencytrack.model.License license = new org.dependencytrack.model.License();
license.setId(1234);
license.setName("CustomName");
license.setCustomLicense(true);
c.setResolvedLicense(license);
c.setDirectDependencies("[]");
Component component = qm.createComponent(c, false);
qm.persist(project);
Response response = jersey.target(V1_BOM + "/cyclonedx/project/" + project.getUuid()).request()
.header(X_API_KEY, apiKey)
.get(Response.class);

final String jsonResponse = getPlainTextBody(response);
assertThatNoException().isThrownBy(() -> CycloneDxValidator.getInstance().validate(jsonResponse.getBytes()));
assertThatJson(jsonResponse)
.withMatcher("component", equalTo(component.getUuid().toString()))
.withMatcher("projectUuid", equalTo(project.getUuid().toString()))
.isEqualTo(json("""
{
"bomFormat": "CycloneDX",
"specVersion": "1.5",
"serialNumber": "${json-unit.ignore}",
"version": 1,
"metadata": {
"timestamp": "${json-unit.any-string}",
"tools": [
{
"vendor": "OWASP",
"name": "Dependency-Track",
"version": "${json-unit.any-string}"
}
],
"component": {
"type": "library",
"bom-ref": "${json-unit.matches:projectUuid}",
"name": "Acme Example",
"version": "1.0"
}
},
"components": [
{
"type": "library",
"bom-ref": "${json-unit.matches:component}",
"name": "sample-component",
"version": "1.0",
"licenses": [
{
"license": {
"name": "CustomName"
}
}
]
}
],
"dependencies": [
{
"ref": "${json-unit.matches:projectUuid}",
"dependsOn": []
},
{
"ref": "${json-unit.matches:component}",
"dependsOn": []
}
]
}
"""));
}

@Test
public void exportProjectAsCycloneDxInventoryWithVulnerabilitiesTest() {
var vulnerability = new Vulnerability();
Expand Down

0 comments on commit 50e0acb

Please sign in to comment.