Fix is_dependency_of query template

The query template (https://jdbi.org/#query-templating) engine was changed from the default (which uses `<>` for interpolation) to Freemarker (which uses `${}`) in #465. The `is_dependency_of` query uses templating for dynamic filter conditions. Signed-off-by: nscuro <nscuro@protonmail.com>
DependencyTrack · Dec 13, 2023 · 216e97f · 216e97f
1 parent 444d1a4
commit 216e97f
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 32 deletions.
diff --git a/src/main/java/org/dependencytrack/policy/cel/CelCommonPolicyLibrary.java b/src/main/java/org/dependencytrack/policy/cel/CelCommonPolicyLibrary.java
@@ -408,7 +408,7 @@ private static boolean isDependencyOf(final Component leafComponent, final Compo
                         -- Do not consider other leaf nodes (typically the majority of components).
                         -- Because we're looking for parent nodes, they MUST have direct dependencies defined.
                         AND "DIRECT_DEPENDENCIES" IS NOT NULL
-                        AND <filters>
+                        AND ${filters}
                     ),
                     "CTE_DEPENDENCIES" ("UUID", "PROJECT_ID", "FOUND", "PATH") AS (
                       SELECT

diff --git a/src/test/java/org/dependencytrack/policy/cel/CelPolicyEngineTest.java b/src/test/java/org/dependencytrack/policy/cel/CelPolicyEngineTest.java
@@ -845,37 +845,37 @@ public void testEvaluateProjectWithFuncProjectDependsOnComponent() {
         assertThat(qm.getAllPolicyViolations(componentB)).hasSize(1);
     }
 
-//    @Test
-//    public void testEvaluateProjectWithFuncComponentIsDependencyOfComponent() {
-//        final var policy = qm.createPolicy("policy", Policy.Operator.ANY, Policy.ViolationState.FAIL);
-//        qm.createPolicyCondition(policy, PolicyCondition.Subject.EXPRESSION, PolicyCondition.Operator.MATCHES, """
-//                component.is_dependency_of(org.dependencytrack.policy.v1.Component{name: "acme-lib-a"})
-//                """, PolicyViolation.Type.OPERATIONAL);
-//
-//        final var project = new Project();
-//        project.setName("acme-app");
-//        qm.persist(project);
-//
-//        final var componentA = new Component();
-//        componentA.setProject(project);
-//        componentA.setName("acme-lib-a");
-//        qm.persist(componentA);
-//
-//        final var componentB = new Component();
-//        componentB.setProject(project);
-//        componentB.setName("acme-lib-b");
-//        qm.persist(componentB);
-//
-//        project.setDirectDependencies("[%s]".formatted(new ComponentIdentity(componentA).toJSON()));
-//        qm.persist(project);
-//        componentA.setDirectDependencies("[%s]".formatted(new ComponentIdentity(componentB).toJSON()));
-//        qm.persist(componentA);
-//
-//        new CelPolicyEngine().evaluateProject(project.getUuid());
-//
-//        assertThat(qm.getAllPolicyViolations(componentA)).isEmpty();
-//        assertThat(qm.getAllPolicyViolations(componentB)).hasSize(1);
-//    }
+    @Test
+    public void testEvaluateProjectWithFuncComponentIsDependencyOfComponent() {
+        final var policy = qm.createPolicy("policy", Policy.Operator.ANY, Policy.ViolationState.FAIL);
+        qm.createPolicyCondition(policy, PolicyCondition.Subject.EXPRESSION, PolicyCondition.Operator.MATCHES, """
+                component.is_dependency_of(org.dependencytrack.policy.v1.Component{name: "acme-lib-a"})
+                """, PolicyViolation.Type.OPERATIONAL);
+
+        final var project = new Project();
+        project.setName("acme-app");
+        qm.persist(project);
+
+        final var componentA = new Component();
+        componentA.setProject(project);
+        componentA.setName("acme-lib-a");
+        qm.persist(componentA);
+
+        final var componentB = new Component();
+        componentB.setProject(project);
+        componentB.setName("acme-lib-b");
+        qm.persist(componentB);
+
+        project.setDirectDependencies("[%s]".formatted(new ComponentIdentity(componentA).toJSON()));
+        qm.persist(project);
+        componentA.setDirectDependencies("[%s]".formatted(new ComponentIdentity(componentB).toJSON()));
+        qm.persist(componentA);
+
+        new CelPolicyEngine().evaluateProject(project.getUuid());
+
+        assertThat(qm.getAllPolicyViolations(componentA)).isEmpty();
+        assertThat(qm.getAllPolicyViolations(componentB)).hasSize(1);
+    }
 
     @Test
     public void testEvaluateProjectWithFuncMatchesRange() {