Merge branch 'main' into feature/xxx-fix-notification-description

.github/workflows/dependency-check.yml

@@ -15,7 +15,7 @@
 #
 #  SPDX-License-Identifier: Apache-2.0
 
-name: "[BE] Dependency check"
+name: "[BE] OWASP dependency check"
 
 on:
   workflow_dispatch: # Trigger manually
@@ -25,6 +25,8 @@ env:
   GHCR_REGISTRY: ghcr.io
   JAVA_VERSION: 17
   DOCKER_HUB_REGISTRY_NAMESPACE: tractusx
+  FAIL_BUILD_ON_CVSS: 7
+  SUPPRESSIONS_FILE: dependency_check/suppressions.xml
 
 jobs:
   Dependency-analysis:
@@ -39,27 +41,54 @@ jobs:
           distribution: 'temurin'
           cache: 'maven'
 
-      - name: install tx-models
-        run: mvn install -pl tx-models
+      - name: Run mvn clean install
+        run: |
+          mvn -B -DskipTests -pl tx-models,tx-backend -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn\
+          clean install
 
-      - name: Dependency rules report # possible severity values: <'fail'|'warn'|'ignore'>
-        run: mvn -pl tx-models,tx-backend -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn --batch-mode site -Pdependency-check
+      - name: Dependency check tx-backend # possible severity values: <'fail'|'warn'|'ignore'>
+        uses: dependency-check/Dependency-Check_Action@3102a65fd5f36d0000297576acc56a475b0de98d
+        with:
+          project: 'tx-backend'
+          path: 'tx-backend'
+          format: 'HTML'
+          out: 'tx-backend/target/depcheck-report.html'
+          args: >
+            --failOnCVSS ${{ env.FAIL_BUILD_ON_CVSS }}
+            --suppression ${{ env.SUPPRESSIONS_FILE }}
+        env:
+          # actions/setup-java changes JAVA_HOME, so it needs to be reset to match the depcheck image
+          JAVA_HOME: /opt/jdk
+
+      - name: Dependency check tx-models # possible severity values: <'fail'|'warn'|'ignore'>
+        uses: dependency-check/Dependency-Check_Action@3102a65fd5f36d0000297576acc56a475b0de98d
+        with:
+          project: 'tx-models'
+          path: 'tx-models'
+          format: 'HTML'
+          out: 'tx-models/target/depcheck-report.html'
+          args: >
+            --failOnCVSS ${{ env.FAIL_BUILD_ON_CVSS }}
+            --suppression ${{ env.SUPPRESSIONS_FILE }}
+        env:
+          # actions/setup-java changes JAVA_HOME, so it needs to be reset to match the depcheck image
+          JAVA_HOME: /opt/jdk
 
-      - name: Upload Test results Tx-Backend
+      - name: Upload results for tx-backend
         if: always()
         uses: actions/upload-artifact@master
         with:
           name: Depcheck report tx-backend
-          path: tx-backend/target
+          path: tx-backend/target/depcheck-report.html
 
-      - name: Upload Test results Tx-Models
+      - name: Upload results for tx-models
         if: always()
         uses: actions/upload-artifact@master
         with:
           name: Depcheck report tx-models
-          path: tx-models/target
+          path: tx-models/target/depcheck-report.html
 
-      - name: add PR comment
+      - name: Add PR comment
         uses: mshick/add-pr-comment@v2
         if: failure()
         with:
@@ -68,7 +97,7 @@ jobs:
             One or more high/critical findings have been found during dependency check. Please check the depenency report:
             https://github.com/eclipse-tractusx/traceability-foss/actions/runs/${{ github.run_id }}
 
-      - name: add PR comment
+      - name: Add PR comment
         uses: mshick/add-pr-comment@v2
         if: success()
         with:

CHANGELOG.md

@@ -30,6 +30,8 @@ _**For better traceability add the corresponding GitHub issue number in each cha
 - #994 improved bpn edc configuration view uux
 - #1082 fix update of parts when synchronizing with IRS
 - #xxx fixed notification description on receiver side
+- #875 owasp dependency check tool is now used from github action image instead of maven plugin
+- XXX fixed display of semantic data model in parts as planned table
 
 
 ### Added

frontend/src/app/modules/page/parts/presentation/parts.component.html

@@ -84,7 +84,7 @@
           <ng-template #myTmp let-parts="view">
             <!-- asPlanned Parts Table-->
             <app-parts-table class="parts-asPlanned-table"
-                             [paginationData]="parts.data | formatPaginationSemanticDataModelToCamelCase"
+                             [paginationData]="parts.data"
                              [labelId]="titleId"
                              (publishIconClickedEvent)="openPublisherSideNav()"
                              (partReloadClickedEvent)="triggerPartReload($event)"

frontend/src/app/modules/shared/components/table/table.component.html

@@ -68,7 +68,7 @@
       <mat-divider class="mx-0.25" [vertical]="true"></mat-divider>
       <div class="ml-0.5"
            *ngIf="tableHeaderMenuEnabled"
-           matTooltip="{{'table.more' | i18n}}"
+           matTooltip="{{'table.multiActionsNotImplemented' | i18n}}"
            matTooltipClass="table--header--tooltip"
            matTooltipPosition="above"
            [class.mdc-tooltip--multiline]="true"
@@ -77,6 +77,7 @@
         <app-button
           [iconName]="'more_horiz'"
           [matMenuTriggerFor]="actionMenu"
+          [isDisabled]="true"
         >
         </app-button>
       </div>

frontend/src/app/modules/shared/service/notification.service.ts

@@ -81,7 +81,7 @@ export class NotificationService {
 
   public createNotification(affectedPartIds: string[], description: string, severity: Severity, bpn: string, type: string, title: string, dateString: DateTimeString,
   ): Observable<string> {
-    const targetDate = null === dateString ? null : new Date(dateString).toISOString();
+    const targetDate = dateString?.length > 0 ? new Date(dateString).toISOString() : null;
     const upperCaseType = type ? type.toUpperCase() : null;
     const body = { affectedPartIds, description, severity, receiverBpn: bpn, type: upperCaseType, title: title === "" ? null: title, targetDate };
 
@@ -137,7 +137,8 @@ export class NotificationService {
 
   public editNotification(notificationId: string, title: string, receiverBpn: string, severity: string, targetDate: string, description: string, affectedPartIds: string[]): Observable<void> {
     const requestUrl = this.notificationUrl();
-    if(targetDate) {
+    console.log(targetDate);
+    if (targetDate?.length > 0) {
       targetDate = new Date(targetDate).toISOString();
     }
     const body = { title: title === "" ? null: title, receiverBpn: receiverBpn, severity, targetDate, description, affectedPartIds: affectedPartIds };

frontend/src/assets/locales/de/common.json

@@ -124,6 +124,7 @@
     "addParts" : "Teile hinzufügen",
     "viewDetails" : "Details anzeigen",
     "more" : "Mehr Aktionen",
+    "multiActionsNotImplemented" : "Funktionalität zum ausführen einer Aktion für mehrere Qualitätsthemen wurde bisher noch nicht implementiert.",
     "editNotification" : "Qualitätsthemen bearbeiten",
     "selectAtLeastOne" : "Erfordert mindestens eine Selektion in der Tabelle",
     "selectOnlyOne" : "Aktion erfordert eine einzige Selektion in der Tabelle",

frontend/src/assets/locales/en/common.json

@@ -121,6 +121,7 @@
     "addParts" : "Add parts to quality topics",
     "viewDetails" : "View details",
     "more" : "More actions",
+    "multiActionsNotImplemented" : "Functionality for action on multiple notifications is not implemented yet.",
     "editNotification" : "Edit quality topics",
     "selectAtLeastOne" : "Requires at least one selection in the policies table",
     "selectOnlyOne" : "Action requires only one selection from the table",

pom.xml

@@ -266,30 +266,6 @@ SPDX-License-Identifier: Apache-2.0
         </pluginManagement>
     </build>
     <profiles>
-        <profile>
-            <id>dependency-check</id>
-            <build>
-                <plugins>
-                    <plugin>
-                        <groupId>org.owasp</groupId>
-                        <artifactId>dependency-check-maven</artifactId>
-                        <version>${owasp-plugin.version}</version>
-                        <configuration>
-                            <suppressionFile>dependency_check/suppressions.xml</suppressionFile>
-                            <failBuildOnCVSS>7.0</failBuildOnCVSS>
-                        </configuration>
-                        <executions>
-                            <execution>
-                                <phase>site</phase>
-                                <goals>
-                                    <goal>check</goal>
-                                </goals>
-                            </execution>
-                        </executions>
-                    </plugin>
-                </plugins>
-            </build>
-        </profile>
         <profile>
             <id>spotbugs-check</id>
             <build>

tx-backend/src/main/java/org/eclipse/tractusx/traceability/policies/infrastructure/PolicyRepositoryImpl.java

@@ -18,11 +18,15 @@
  ********************************************************************************/
 package org.eclipse.tractusx.traceability.policies.infrastructure;
 
+import lombok.AllArgsConstructor;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.eclipse.tractusx.irs.edc.client.policy.AcceptedPoliciesProvider;
+import org.eclipse.tractusx.irs.edc.client.policy.AcceptedPolicy;
 import org.eclipse.tractusx.irs.edc.client.policy.Constraint;
 import org.eclipse.tractusx.irs.edc.client.policy.Constraints;
 import org.eclipse.tractusx.irs.edc.client.policy.Permission;
+import org.eclipse.tractusx.irs.edc.client.policy.Policy;
 import org.eclipse.tractusx.traceability.policies.domain.PolicyRepository;
 import policies.response.CreatePolicyResponse;
 import policies.response.IrsPolicyResponse;
@@ -41,11 +45,12 @@
 
 @Slf4j
 @Service
-@RequiredArgsConstructor
+@AllArgsConstructor
 public class PolicyRepositoryImpl implements PolicyRepository {
 
     private final PolicyClient policyClient;
     private final TraceabilityProperties traceabilityProperties;
+    private AcceptedPoliciesProvider.DefaultAcceptedPoliciesProvider defaultAcceptedPoliciesProvider;
 
     @Override
     public Map<String, List<IrsPolicyResponse>> getPolicies() {
@@ -69,15 +74,15 @@ public Map<String, Optional<IrsPolicyResponse>> getPolicy(String policyId) {
     }
 
 
-
     @Override
     public void createPolicyBasedOnAppConfig() {
         log.info("Check if irs policy exists");
         final Map<String, List<IrsPolicyResponse>> irsPolicies = this.policyClient.getPolicies();
         final List<String> irsPoliciesIds = irsPolicies.values().stream()
                 .flatMap(List::stream)
                 .map(irsPolicyResponse -> irsPolicyResponse.payload().policyId())
-                .toList();        log.info("Irs has following policies: {}", irsPoliciesIds);
+                .toList();
+        log.info("Irs has following policies: {}", irsPoliciesIds);
 
         log.info("Required constraints - 2 -");
         log.info("First constraint requirements: leftOperand {} operator {} and rightOperand {}", traceabilityProperties.getLeftOperand(), traceabilityProperties.getOperatorType(), traceabilityProperties.getRightOperand());
@@ -90,25 +95,29 @@ public void createPolicyBasedOnAppConfig() {
         } else {
             checkAndUpdatePolicy(matchingPolicy);
         }
+        updateAcceptedPoliciesProvider();
     }
 
     @Override
     public void deletePolicy(String policyId) {
         this.policyClient.deletePolicy(policyId);
+        updateAcceptedPoliciesProvider();
     }
 
     @Override
     public void updatePolicy(UpdatePolicyRequest updatePolicyRequest) {
         this.policyClient.updatePolicy(updatePolicyRequest);
+        updateAcceptedPoliciesProvider();
     }
 
     @Override
     public CreatePolicyResponse createPolicy(RegisterPolicyRequest registerPolicyRequest) {
-       return this.policyClient.createPolicy(registerPolicyRequest);
+        CreatePolicyResponse policy = this.policyClient.createPolicy(registerPolicyRequest);
+        updateAcceptedPoliciesProvider();
+        return policy;
     }
 
 
-
     private IrsPolicyResponse findMatchingPolicy(Map<String, List<IrsPolicyResponse>> irsPolicies) {
         return irsPolicies.values().stream()
                 .flatMap(List::stream)
@@ -141,8 +150,6 @@ private Stream<Constraint> getConstraintsStream(Permission permission) {
     }
 
 
-
-
     private void createMissingPolicies() {
         log.info("Irs policy does not exist creating {}", traceabilityProperties.getRightOperand());
         this.policyClient.createPolicyFromAppConfig();
@@ -160,4 +167,19 @@ private boolean isPolicyExpired(IrsPolicyResponse requiredPolicy) {
         return traceabilityProperties.getValidUntil().isAfter(requiredPolicy.validUntil());
     }
 
+    private void updateAcceptedPoliciesProvider() {
+        defaultAcceptedPoliciesProvider.removeAcceptedPolicies(defaultAcceptedPoliciesProvider.getAcceptedPolicies(null));
+        // Flatten the map into a list of IrsPolicyResponse objects
+        List<IrsPolicyResponse> irsPolicyResponses = getPolicies().values().stream()
+                .flatMap(List::stream)
+                .toList();
+
+        // Map the IrsPolicyResponse objects to AcceptedPolicy objects
+        List<AcceptedPolicy> irsPolicies = irsPolicyResponses.stream().map(response -> {
+            Policy policy = new Policy(response.payload().policyId(), response.payload().policy().getCreatedOn(), response.validUntil(), response.payload().policy().getPermissions());
+            return new AcceptedPolicy(policy, response.validUntil());
+        }).toList();
+        defaultAcceptedPoliciesProvider.addAcceptedPolicies(irsPolicies);
+    }
+
 }

tx-backend/src/test/java/org/eclipse/tractusx/traceability/assets/infrastructure/base/irs/PolicyRepositoryImplTest.java

@@ -19,6 +19,7 @@
 
 package org.eclipse.tractusx.traceability.assets.infrastructure.base.irs;
 
+import org.eclipse.tractusx.irs.edc.client.policy.AcceptedPoliciesProvider;
 import org.eclipse.tractusx.irs.edc.client.policy.Constraint;
 import org.eclipse.tractusx.irs.edc.client.policy.Constraints;
 import org.eclipse.tractusx.irs.edc.client.policy.Operator;
@@ -43,6 +44,7 @@
 import java.util.Map;
 
 import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.times;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
@@ -56,6 +58,10 @@ class PolicyRepositoryImplTest {
     @Mock
     TraceabilityProperties traceabilityProperties;
 
+    @Mock
+    AcceptedPoliciesProvider.DefaultAcceptedPoliciesProvider defaultAcceptedPoliciesProvider;
+
+
     @Mock
     private PolicyClient policyClient;
 
@@ -71,6 +77,8 @@ void givenNoPolicyExist_whenCreateIrsPolicyIfMissing_thenCreateApplicationConfig
         // then
         verify(policyClient, times(1))
                 .createPolicyFromAppConfig();
+        verify(defaultAcceptedPoliciesProvider, times(1))
+                .addAcceptedPolicies(any());
     }
 
     @Test
@@ -94,6 +102,8 @@ void givenPolicyExist_whenCreateIrsPolicyIfMissing_thenDoNotCreateApplicationCon
 
         // then
         verifyNoMoreInteractions(policyClient);
+        verify(defaultAcceptedPoliciesProvider, times(1))
+                .addAcceptedPolicies(any());
     }
 
     @Test
@@ -119,6 +129,8 @@ void givenOutdatedPolicyExist_whenCreatePolicyBasedOnAppConfig_thenUpdateIt() {
         // then
         verify(policyClient, times(1)).deletePolicy(traceabilityProperties.getRightOperand());
         verify(policyClient, times(1)).createPolicyFromAppConfig();
+        verify(defaultAcceptedPoliciesProvider, times(1))
+                .addAcceptedPolicies(any());
     }
 
     @Test

tx-backend/src/test/java/org/eclipse/tractusx/traceability/integration/common/support/IrsApiSupport.java

@@ -172,6 +172,26 @@ public void irsApiDeletesPolicy(String policyId) {
         );
     }
 
+    public void irsApiReturnsExpiredPolicy() {
+        whenHttp(restitoProvider.stubServer()).match(
+                Condition.get("/irs/policies")
+        ).then(
+                Action.status(HttpStatus.OK_200),
+                Action.header("Content-Type", "application/json"),
+                restitoProvider.jsonResponseFromFile("./stubs/irs/policies/response_200_get_policies_EXPIRED.json")
+        );
+    }
+
+    public void irsApiReturnsMismatchingPolicy() {
+        whenHttp(restitoProvider.stubServer()).match(
+                Condition.get("/irs/policies")
+        ).then(
+                Action.status(HttpStatus.OK_200),
+                Action.header("Content-Type", "application/json"),
+                restitoProvider.jsonResponseFromFile("./stubs/irs/policies/response_200_get_policies_CONSTRAINTS_MISMATCHING.json")
+        );
+    }
+
     private String readFile(String filePath) throws IOException {
         // Implement reading file content from the specified filePath
         // This is a utility method to read the JSON response from a file