Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dynamic loading of fields for policy evaluation #465

Merged
merged 12 commits into from
Dec 12, 2023
Merged

Dynamic loading of fields for policy evaluation #465

merged 12 commits into from
Dec 12, 2023

Conversation

nscuro
Copy link
Member

@nscuro nscuro commented Dec 5, 2023
edited
Loading

Description

Uses JDBI to load fields required for policy evaluation that are not already present in the evaluation context.

Warning

component.resolved_license and component.resolved_license.groups is not fetched currently. It will be added in a later PR. The assumption for now is that those fields are less relevant for vulnerability analysis decisions.

Decoupled from #459

Addressed Issue

Partly addresses DependencyTrack/hyades#940

Additional Details

N/A

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have added corresponding update logic
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@nscuro nscuro added the enhancement New feature or request label Dec 5, 2023
@nscuro nscuro force-pushed the cel-dynamic-field-loading branch 2 times, most recently from a67dc8a to a7692b5 Compare December 6, 2023 22:46
nscuro added 4 commits December 7, 2023 16:08
@nscuro
WIP: Dynamic loading of fields for policy evaluation
de7dffa 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Use Freemarker for SQL templates
a122278 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Fix rebase artifacts
e62dacc 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Add dynamic loading of vulnerability fields
15c3ffb 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro nscuro force-pushed the cel-dynamic-field-loading branch from 632d520 to 15c3ffb Compare December 7, 2023 15:18
@nscuro
Add tests for CelPolicyDao
fe55d1e 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro nscuro force-pushed the cel-dynamic-field-loading branch from ce58d83 to fe55d1e Compare December 7, 2023 23:52
nscuro added 2 commits December 8, 2023 10:59
@nscuro
Handle possible null in timestamp fields
76e7dad 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Use ResultSet#getTimestamp instead of #getDate in row mappers
5494058 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro nscuro marked this pull request as ready for review December 10, 2023 22:16
@nscuro nscuro changed the title WIP: Dynamic loading of fields for policy evaluation Dynamic loading of fields for policy evaluation Dec 10, 2023
@nscuro nscuro mentioned this pull request Dec 11, 2023
Closed
2 tasks
@nscuro
Do not cache vulnerability details in vuln policy evaluator
7bfc283 
Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Address review comments
19b4a61 
Signed-off-by: nscuro <nscuro@protonmail.com>
mehab
mehab previously approved these changes Dec 12, 2023
View reviewed changes
Copy link
Collaborator

@mehab mehab left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@mehab
Merge branch 'main' into cel-dynamic-field-loading
324e441 
Signed-off-by: meha <meha.bhargava2@gmail.com>
@mehab mehab self-requested a review December 12, 2023 16:08
@mehab mehab merged commit 444d1a4 into main Dec 12, 2023
6 checks passed
@mehab mehab deleted the cel-dynamic-field-loading branch December 12, 2023 16:09
nscuro added a commit that referenced this pull request Dec 13, 2023
@nscuro
Fix is_dependency_of query template
216e97f 
The query template (https://jdbi.org/#query-templating) engine was changed from the default (which uses `<>` for interpolation) to Freemarker (which uses `${}`) in #465.

The `is_dependency_of` query uses templating for dynamic filter conditions.

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro nscuro mentioned this pull request Dec 13, 2023
Merged
2 tasks
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 12, 2024
@nscuro nscuro added this to the 5.3.0 milestone Feb 7, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mehab mehab mehab approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
5.3.0
Development

Successfully merging this pull request may close these issues.
3 participants
@nscuro @mehab @sahibamittal