Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(ComponentPortlet & ImportCDX): Validate VCS URL #2408

Merged
merged 1 commit into from
Sep 20, 2024
Merged

feat(ComponentPortlet & ImportCDX): Validate VCS URL #2408

merged 1 commit into from
Sep 20, 2024
+121 −58

Conversation

afsahsyeda
Copy link
Contributor

@afsahsyeda afsahsyeda commented Apr 13, 2024
edited
Loading

Description:

  • The VCS URL if not empty, will be validated for a valid URL while creating and updating a component. If the VCS string contains "github.com", it will sanitized to remove the noise and conform to the repository URL format: https://github.com/{supplier}/{component name}.
  • Packages with invalid VCS URLs in the SBOM will be created as orphan packages

Closes #2377

How To Test?

  1. Creating/Updating a component via REST API and UI.
  2. Creating a component via CDX Import.

Relevant Screenshots:
image

@afsahsyeda afsahsyeda added needs code review needs general test This is general testing, meaning that there is no org specific issue to check for labels Apr 13, 2024
@afsahsyeda afsahsyeda requested a review from akapti April 13, 2024 14:59
@rajaraajeshwari
Copy link

Hi @afsahsyeda
Could you please let us know when this PR will be merged and this feature will be available.

afsahsyeda
afsahsyeda commented Apr 18, 2024
View reviewed changes
frontend/sw360-portlet/src/main/resources/content/Language.properties Outdated
@@ -858,7 +858,7 @@ link.to.project=Link to Project
link.to.projects=Link to Projects
list.of.components.without.version.information=List of Components without version information
list.of.invalid.packages.without.purl.or.name.or.version=List of invalid Packages without purl or name or version
list.of.packages.without.vcs.information=List of Packages without VCS information
list.of.packages.without.vcs.information=List of Packages with invalid or missing VCS information
Copy link
Contributor Author

@afsahsyeda afsahsyeda Apr 18, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a workaround until we migrate to React framework. Did not want to touch the jsp files involving liferay variables.

@akshitjoshii
Copy link
Contributor

Testing this PR

@akshitjoshii
Copy link
Contributor

Testing was successful. VCS validation and github vcs sanitization happening while importing SBOM and manual comp. creation as well.
vcs_validation1

After importing :

vcs_validation2

Error msg for incomplete/wrong github vcs also working.

@afsahsyeda afsahsyeda removed the needs general test This is general testing, meaning that there is no org specific issue to check for label Apr 24, 2024
@akapti akapti added this to the Backlog milestone Apr 29, 2024
@FarooqAftab
Copy link
Contributor

FarooqAftab commented May 6, 2024
edited
Loading

@akapti @afsahsyeda @akshitjoshii vcs field is not getting updated via rest api
image

@ag4ums ag4ums mentioned this pull request May 22, 2024
Open
1 task
@GMishx GMishx self-requested a review June 19, 2024 07:34
GMishx
GMishx approved these changes Jun 24, 2024
View reviewed changes
Copy link
Contributor

@GMishx GMishx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes looks good.

@afsahsyeda afsahsyeda added ready ready to merge and removed needs code review labels Jun 25, 2024
@GMishx
Copy link
Contributor

GMishx commented Aug 16, 2024

@afsahsyeda please rebase the branch with latest main without the frontend changes.

@afsahsyeda
feat(ComponentPortletandImportCDX): Validate VCS URL and sanitize Git…
771b965 
…Hub Repo URLs during CDX import

Signed-off-by: afsahsyeda <afsah.syeda@siemens-healthineers.com>
@afsahsyeda
Copy link
Contributor Author

@GMishx Please code review the PR again as I have made a few additional changes.
@akshitjoshii Please test the PR again as a lot of frontend files have been removed.

@afsahsyeda afsahsyeda added the needs general test This is general testing, meaning that there is no org specific issue to check for label Sep 16, 2024
@afsahsyeda afsahsyeda removed the ready ready to merge label Sep 16, 2024
GMishx
GMishx approved these changes Sep 16, 2024
View reviewed changes
Copy link
Contributor

@GMishx GMishx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes looks good.

@akshitjoshii
Copy link
Contributor

Test was successful.

SBOM containing contaminated VCS

image

Sanitized VCS after import :

image

@GMishx GMishx added ready ready to merge and removed needs general test This is general testing, meaning that there is no org specific issue to check for labels Sep 20, 2024
@GMishx GMishx merged commit cd3d823 into eclipse-sw360:main Sep 20, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GMishx GMishx GMishx approved these changes

@akapti akapti Awaiting requested review from akapti

Assignees
No one assigned
Labels
ready ready to merge
Projects
None yet
Milestone
Backlog
Development

Successfully merging this pull request may close these issues.

VCS Validation of a component and sanitization of github URL's. Change CDX Importer logic accordingly.
6 participants
@afsahsyeda @rajaraajeshwari @akshitjoshii @FarooqAftab @GMishx @akapti