diff --git a/src/main/java/org/dependencytrack/policy/LicensePolicyEvaluator.java b/src/main/java/org/dependencytrack/policy/LicensePolicyEvaluator.java index 1a640e4b52..434fb20b3e 100644 --- a/src/main/java/org/dependencytrack/policy/LicensePolicyEvaluator.java +++ b/src/main/java/org/dependencytrack/policy/LicensePolicyEvaluator.java @@ -52,20 +52,26 @@ public PolicyCondition.Subject supportedSubject() { public List evaluate(final Policy policy, final Component component) { final List violations = new ArrayList<>(); final License license = component.getResolvedLicense(); - if (license == null) { - return violations; - } + for (final PolicyCondition condition: super.extractSupportedConditions(policy)) { LOGGER.debug("Evaluating component (" + component.getUuid() + ") against policy condition (" + condition.getUuid() + ")"); - final License l = qm.getObjectByUuid(License.class, condition.getValue()); - if (l != null && PolicyCondition.Operator.IS == condition.getOperator()) { - if (component.getResolvedLicense().getId() == l.getId()) { + if (condition.getValue().equals("unresolved")) { + if (license == null && PolicyCondition.Operator.IS == condition.getOperator()) { violations.add(new PolicyConditionViolation(condition, component)); - } - } else if (l != null && PolicyCondition.Operator.IS_NOT == condition.getOperator()) { - if (component.getResolvedLicense().getId() != l.getId()) { + } else if (license != null && PolicyCondition.Operator.IS_NOT == condition.getOperator()) { violations.add(new PolicyConditionViolation(condition, component)); } + } else if (license != null) { + final License l = qm.getObjectByUuid(License.class, condition.getValue()); + if (l != null && PolicyCondition.Operator.IS == condition.getOperator()) { + if (component.getResolvedLicense().getId() == l.getId()) { + violations.add(new PolicyConditionViolation(condition, component)); + } + } else if (l != null && PolicyCondition.Operator.IS_NOT == condition.getOperator()) { + if (component.getResolvedLicense().getId() != l.getId()) { + violations.add(new PolicyConditionViolation(condition, component)); + } + } } } return violations; diff --git a/src/test/java/org/dependencytrack/policy/LicensePolicyEvaluatorTest.java b/src/test/java/org/dependencytrack/policy/LicensePolicyEvaluatorTest.java index 351e3b2721..3bb1521d4e 100644 --- a/src/test/java/org/dependencytrack/policy/LicensePolicyEvaluatorTest.java +++ b/src/test/java/org/dependencytrack/policy/LicensePolicyEvaluatorTest.java @@ -102,4 +102,28 @@ public void wrongOperator() { Assert.assertEquals(0, violations.size()); } + @Test + public void valueIsUnresolved() { + License license = new License(); + license.setName("Apache 2.0"); + license.setLicenseId("Apache-2.0"); + license.setUuid(UUID.randomUUID()); + license = qm.persist(license); + + Policy policy = qm.createPolicy("Test Policy", Policy.Operator.ANY, Policy.ViolationState.INFO); + qm.createPolicyCondition(policy, PolicyCondition.Subject.LICENSE, PolicyCondition.Operator.IS, "unresolved"); + + Component componentWithLicense = new Component(); + componentWithLicense.setResolvedLicense(license); + + Component componentWithoutLicense = new Component(); + + PolicyEvaluator evaluator = new LicensePolicyEvaluator(); + List violations = evaluator.evaluate(policy, componentWithLicense); + Assert.assertEquals(0, violations.size()); + + violations = evaluator.evaluate(policy, componentWithoutLicense); + Assert.assertEquals(1, violations.size()); + } + }