Enable to set unresolved license for license policy (DependencyTrack#…

…2214)

* Enable to set undefined license for license policy

Signed-off-by: RBickert <rbt@mm-software.com>

* Change `undefinedLicense` to `unresolved`

Signed-off-by: RBickert <rbt@mm-software.com>

Signed-off-by: RBickert <rbt@mm-software.com>

Closes DependencyTrack#1518

Signed-off-by: mulder999 <nospam099-github@yahoo.com>

src/main/java/org/dependencytrack/policy/LicensePolicyEvaluator.java

@@ -52,20 +52,26 @@ public PolicyCondition.Subject supportedSubject() {
     public List<PolicyConditionViolation> evaluate(final Policy policy, final Component component) {
         final List<PolicyConditionViolation> violations = new ArrayList<>();
         final License license = component.getResolvedLicense();
-        if (license == null) {
-            return violations;
-        }
+
         for (final PolicyCondition condition: super.extractSupportedConditions(policy)) {
             LOGGER.debug("Evaluating component (" + component.getUuid() + ") against policy condition (" + condition.getUuid() + ")");
-            final License l = qm.getObjectByUuid(License.class, condition.getValue());
-            if (l != null && PolicyCondition.Operator.IS == condition.getOperator()) {
-                if (component.getResolvedLicense().getId() == l.getId()) {
+            if (condition.getValue().equals("unresolved")) {
+                if (license == null && PolicyCondition.Operator.IS == condition.getOperator()) {
                     violations.add(new PolicyConditionViolation(condition, component));
-                }
-            } else if (l != null && PolicyCondition.Operator.IS_NOT == condition.getOperator()) {
-                if (component.getResolvedLicense().getId() != l.getId()) {
+                } else if (license != null && PolicyCondition.Operator.IS_NOT == condition.getOperator()) {
                     violations.add(new PolicyConditionViolation(condition, component));
                 }
+            } else if (license != null) {
+                final License l = qm.getObjectByUuid(License.class, condition.getValue());
+                if (l != null && PolicyCondition.Operator.IS == condition.getOperator()) {
+                    if (component.getResolvedLicense().getId() == l.getId()) {
+                        violations.add(new PolicyConditionViolation(condition, component));
+                    }
+                } else if (l != null && PolicyCondition.Operator.IS_NOT == condition.getOperator()) {
+                    if (component.getResolvedLicense().getId() != l.getId()) {
+                        violations.add(new PolicyConditionViolation(condition, component));
+                    }
+                }
             }
         }
         return violations;

src/test/java/org/dependencytrack/policy/LicensePolicyEvaluatorTest.java

@@ -102,4 +102,28 @@ public void wrongOperator() {
         Assert.assertEquals(0, violations.size());
     }
 
+    @Test
+    public void valueIsUnresolved() {
+        License license = new License();
+        license.setName("Apache 2.0");
+        license.setLicenseId("Apache-2.0");
+        license.setUuid(UUID.randomUUID());
+        license = qm.persist(license);
+
+        Policy policy = qm.createPolicy("Test Policy", Policy.Operator.ANY, Policy.ViolationState.INFO);
+        qm.createPolicyCondition(policy, PolicyCondition.Subject.LICENSE, PolicyCondition.Operator.IS, "unresolved");
+
+        Component componentWithLicense = new Component();
+        componentWithLicense.setResolvedLicense(license);
+
+        Component componentWithoutLicense = new Component();
+
+        PolicyEvaluator evaluator = new LicensePolicyEvaluator();
+        List<PolicyConditionViolation> violations = evaluator.evaluate(policy, componentWithLicense);
+        Assert.assertEquals(0, violations.size());
+
+        violations = evaluator.evaluate(policy, componentWithoutLicense);
+        Assert.assertEquals(1, violations.size());
+    }
+
 }