From 216e97fa8efa8c7363084805847a889e1afd025b Mon Sep 17 00:00:00 2001
From: nscuro <nscuro@protonmail.com>
Date: Wed, 13 Dec 2023 11:19:42 +0100
Subject: [PATCH] Fix `is_dependency_of` query template

The query template (https://jdbi.org/#query-templating) engine was changed from the default (which uses `<>` for interpolation) to Freemarker (which uses `${}`) in #465.

The `is_dependency_of` query uses templating for dynamic filter conditions.

Signed-off-by: nscuro <nscuro@protonmail.com>
---
 .../policy/cel/CelCommonPolicyLibrary.java    |  2 +-
 .../policy/cel/CelPolicyEngineTest.java       | 62 +++++++++----------
 2 files changed, 32 insertions(+), 32 deletions(-)

diff --git a/src/main/java/org/dependencytrack/policy/cel/CelCommonPolicyLibrary.java b/src/main/java/org/dependencytrack/policy/cel/CelCommonPolicyLibrary.java
index 635c1e354..4fbd099ff 100644
--- a/src/main/java/org/dependencytrack/policy/cel/CelCommonPolicyLibrary.java
+++ b/src/main/java/org/dependencytrack/policy/cel/CelCommonPolicyLibrary.java
@@ -408,7 +408,7 @@ private static boolean isDependencyOf(final Component leafComponent, final Compo
                         -- Do not consider other leaf nodes (typically the majority of components).
                         -- Because we're looking for parent nodes, they MUST have direct dependencies defined.
                         AND "DIRECT_DEPENDENCIES" IS NOT NULL
-                        AND <filters>
+                        AND ${filters}
                     ),
                     "CTE_DEPENDENCIES" ("UUID", "PROJECT_ID", "FOUND", "PATH") AS (
                       SELECT
diff --git a/src/test/java/org/dependencytrack/policy/cel/CelPolicyEngineTest.java b/src/test/java/org/dependencytrack/policy/cel/CelPolicyEngineTest.java
index 914e41de1..193df037e 100644
--- a/src/test/java/org/dependencytrack/policy/cel/CelPolicyEngineTest.java
+++ b/src/test/java/org/dependencytrack/policy/cel/CelPolicyEngineTest.java
@@ -845,37 +845,37 @@ public void testEvaluateProjectWithFuncProjectDependsOnComponent() {
         assertThat(qm.getAllPolicyViolations(componentB)).hasSize(1);
     }
 
-//    @Test
-//    public void testEvaluateProjectWithFuncComponentIsDependencyOfComponent() {
-//        final var policy = qm.createPolicy("policy", Policy.Operator.ANY, Policy.ViolationState.FAIL);
-//        qm.createPolicyCondition(policy, PolicyCondition.Subject.EXPRESSION, PolicyCondition.Operator.MATCHES, """
-//                component.is_dependency_of(org.dependencytrack.policy.v1.Component{name: "acme-lib-a"})
-//                """, PolicyViolation.Type.OPERATIONAL);
-//
-//        final var project = new Project();
-//        project.setName("acme-app");
-//        qm.persist(project);
-//
-//        final var componentA = new Component();
-//        componentA.setProject(project);
-//        componentA.setName("acme-lib-a");
-//        qm.persist(componentA);
-//
-//        final var componentB = new Component();
-//        componentB.setProject(project);
-//        componentB.setName("acme-lib-b");
-//        qm.persist(componentB);
-//
-//        project.setDirectDependencies("[%s]".formatted(new ComponentIdentity(componentA).toJSON()));
-//        qm.persist(project);
-//        componentA.setDirectDependencies("[%s]".formatted(new ComponentIdentity(componentB).toJSON()));
-//        qm.persist(componentA);
-//
-//        new CelPolicyEngine().evaluateProject(project.getUuid());
-//
-//        assertThat(qm.getAllPolicyViolations(componentA)).isEmpty();
-//        assertThat(qm.getAllPolicyViolations(componentB)).hasSize(1);
-//    }
+    @Test
+    public void testEvaluateProjectWithFuncComponentIsDependencyOfComponent() {
+        final var policy = qm.createPolicy("policy", Policy.Operator.ANY, Policy.ViolationState.FAIL);
+        qm.createPolicyCondition(policy, PolicyCondition.Subject.EXPRESSION, PolicyCondition.Operator.MATCHES, """
+                component.is_dependency_of(org.dependencytrack.policy.v1.Component{name: "acme-lib-a"})
+                """, PolicyViolation.Type.OPERATIONAL);
+
+        final var project = new Project();
+        project.setName("acme-app");
+        qm.persist(project);
+
+        final var componentA = new Component();
+        componentA.setProject(project);
+        componentA.setName("acme-lib-a");
+        qm.persist(componentA);
+
+        final var componentB = new Component();
+        componentB.setProject(project);
+        componentB.setName("acme-lib-b");
+        qm.persist(componentB);
+
+        project.setDirectDependencies("[%s]".formatted(new ComponentIdentity(componentA).toJSON()));
+        qm.persist(project);
+        componentA.setDirectDependencies("[%s]".formatted(new ComponentIdentity(componentB).toJSON()));
+        qm.persist(componentA);
+
+        new CelPolicyEngine().evaluateProject(project.getUuid());
+
+        assertThat(qm.getAllPolicyViolations(componentA)).isEmpty();
+        assertThat(qm.getAllPolicyViolations(componentB)).hasSize(1);
+    }
 
     @Test
     public void testEvaluateProjectWithFuncMatchesRange() {