java source code of VulnerabilityResourceTest

dependency-track-master
- .github
  - ISSUE_TEMPLATE
    - ask-a-question.md
    - enhancement-request.md
    - defect-report.md
  - FUNDING.yml
  - workflows
    - anchore.yml
    - maven.yml
  - lock.yml
- src
  - main
    - resources
      - logback.xml
      - nist
      - license-list-data
        json
        licenses.json
        exceptions.json
        exceptions
        gnu-javamail-exception.json
        OCaml-LGPL-linking-exception.json
        WxWindows-exception-3.1.json
        freertos-exception-2.0.json
        u-boot-exception-2.0.json
        openvpn-openssl-exception.json
        Qt-LGPL-exception-1.1.json
        i2p-gpl-java-exception.json
        GCC-exception-3.1.json
        OCCT-exception-1.0.json
        GCC-exception-2.0.json
        CLISP-exception-2.0.json
        OpenJDK-assembly-exception-1.0.json
        Libtool-exception.json
        Autoconf-exception-3.0.json
        Fawkes-Runtime-exception.json
        FLTK-exception.json
        GPL-CC-1.0.json
        Font-exception-2.0.json
        Linux-syscall-note.json
        mif-exception.json
        LZMA-exception.json
        eCos-exception-2.0.json
        Bison-exception-2.2.json
        389-exception.json
        Qwt-exception-1.0.json
        Nokia-Qt-exception-1.1.json
        Classpath-exception-2.0.json
        DigiRule-FOSS-exception.json
        PS-or-PDF-font-exception-20170817.json
        Qt-GPL-exception-1.0.json
        LLVM-exception.json
        Bootloader-exception.json
        Autoconf-exception-2.0.json
        details
        MPL-1.0.json
        bzip2-1.0.6.json
        GPL-2.0.json
        LPPL-1.0.json
        ISC.json
        BSD-2-Clause-NetBSD.json
        Info-ZIP.json
        ErlPL-1.1.json
        Saxpath.json
        AGPL-1.0-only.json
        Zend-2.0.json
        BSD-2-Clause-Patent.json
        AFL-1.1.json
        eGenix.json
        NetCDF.json
        IPL-1.0.json
        CC-BY-NC-ND-4.0.json
        Glulxe.json
        MIT-feh.json
        AFL-1.2.json
        LPL-1.02.json
        GPL-1.0-only.json
        AMPAS.json
        OLDAP-1.3.json
        LGPL-2.1+.json
        EFL-1.0.json
        CC-BY-ND-2.5.json
        AGPL-3.0.json
        Zimbra-1.4.json
        TORQUE-1.1.json
        AFL-3.0.json
        CATOSL-1.1.json
        diffmark.json
        IBM-pibs.json
        LPPL-1.3c.json
        HPND.json
        Xnet.json
        CC-BY-NC-SA-4.0.json
        BSD-3-Clause-No-Nuclear-License.json
        BSL-1.0.json
        CECILL-C.json
        libtiff.json
        Barr.json
        Abstyles.json
        xinetd.json
        OpenSSL.json
        OGTSL.json
        APL-1.0.json
        LiLiQ-P-1.1.json
        NLOD-1.0.json
        CC-BY-ND-1.0.json
        GPL-2.0-only.json
        SCEA.json
        YPL-1.0.json
        PHP-3.01.json
        BSD-3-Clause-Attribution.json
        GL2PS.json
        LGPL-2.1-only.json
        Zimbra-1.3.json
        LGPLLR.json
        NTP.json
        SGI-B-1.0.json
        MTLL.json
        Python-2.0.json
        Mup.json
        Artistic-1.0.json
        WXwindows.json
        CC-BY-SA-2.0.json
        FSFAP.json
        GPL-3.0-or-later.json
        HaskellReport.json
        copyleft-next-0.3.0.json
        W3C-19980720.json
        Ruby.json
        GFDL-1.3.json
        NBPL-1.0.json
        OLDAP-1.4.json
        MIT-enna.json
        CDLA-Sharing-1.0.json
        OSL-2.0.json
        LPPL-1.2.json
        NGPL.json
        LiLiQ-Rplus-1.1.json
        CC-BY-2.5.json
        Afmparse.json
        CrystalStacker.json
        mpich2.json
        CC-BY-NC-ND-1.0.json
        OLDAP-2.0.1.json
        Sendmail-8.23.json
        gSOAP-1.3b.json
        OLDAP-1.1.json
        NASA-1.3.json
        LAL-1.2.json
        OLDAP-2.2.2.json
        CC-BY-NC-3.0.json
        RPL-1.5.json
        NPOSL-3.0.json
        GPL-3.0-with-autoconf-exception.json
        copyleft-next-0.3.1.json
        LGPL-2.0.json
        CDDL-1.0.json
        APSL-1.0.json
        OLDAP-2.2.json
        MIT-CMU.json
        GPL-2.0-with-autoconf-exception.json
        Spencer-99.json
        AFL-2.1.json
        OFL-1.0.json
        QPL-1.0.json
        Linux-OpenIB.json
        Plexus.json
        MS-RL.json
        Spencer-94.json
        CERN-OHL-1.1.json
        CECILL-2.1.json
        CC-BY-NC-SA-1.0.json
        OSL-3.0.json
        CPAL-1.0.json
        OLDAP-2.1.json
        Aladdin.json
        YPL-1.1.json
        BSD-Protection.json
        Giftware.json
        Caldera.json
        xpp.json
        GPL-2.0-with-font-exception.json
        MIT-advertising.json
        DOC.json
        Unlicense.json
        Libpng.json
        BSD-Source-Code.json
        Artistic-1.0-Perl.json
        FTL.json
        TMate.json
        MITNFA.json
        eCos-2.0.json
        CNRI-Python-GPL-Compatible.json
        CC0-1.0.json
        LAL-1.3.json
        OPL-1.0.json
        SimPL-2.0.json
        GPL-2.0-or-later.json
        iMatix.json
        OSL-1.1.json
        CC-BY-SA-1.0.json
        Fair.json
        MS-PL.json
        OLDAP-2.2.1.json
        Apache-2.0.json
        W3C.json
        Vim.json
        BSD-2-Clause-FreeBSD.json
        gnuplot.json
        CC-BY-NC-2.0.json
        LiLiQ-R-1.1.json
        curl.json
        AMDPLPA.json
        GPL-3.0+.json
        EUPL-1.1.json
        Nokia.json
        ANTLR-PD.json
        EUPL-1.2.json
        JSON.json
        OCLC-2.0.json
        MIT-0.json
        Apache-1.0.json
        dvipdfm.json
        AML.json
        W3C-20150513.json
        ZPL-1.1.json
        Sendmail.json
        GPL-1.0+.json
        TOSL.json
        Rdisc.json
        Frameworx-1.0.json
        ODbL-1.0.json
        OSL-2.1.json
        Borceux.json
        AGPL-1.0.json
        CECILL-1.1.json
        APAFML.json
        BSD-3-Clause-No-Nuclear-Warranty.json
        OLDAP-2.4.json
        SGI-B-2.0.json
        Wsuipa.json
        XFree86-1.1.json
        OLDAP-2.5.json
        Beerware.json
        JPNIC.json
        Sleepycat.json
        Glide.json
        AFL-2.0.json
        ClArtistic.json
        OCCT-PL.json
        RSA-MD.json
        0BSD.json
        TCP-wrappers.json
        OGL-UK-1.0.json
        OLDAP-2.8.json
        OGL-UK-2.0.json
        ZPL-2.1.json
        LPPL-1.1.json
        BSD-3-Clause-LBNL.json
        Condor-1.1.json
        Noweb.json
        APSL-2.0.json
        GFDL-1.2-only.json
        VOSTROM.json
        OGL-UK-3.0.json
        Spencer-86.json
        OLDAP-2.3.json
        Apache-1.1.json
        MakeIndex.json
        CC-BY-NC-1.0.json
        IPA.json
        Interbase-1.0.json
        StandardML-NJ.json
        LGPL-2.0+.json
        Eurosym.json
        UPL-1.0.json
        DSDP.json
        WTFPL.json
        BSD-4-Clause.json
        OSET-PL-2.1.json
        CDLA-Permissive-1.0.json
        LGPL-3.0-or-later.json
        Leptonica.json
        EUPL-1.0.json
        Cube.json
        IJG.json
        CC-BY-NC-SA-2.5.json
        AGPL-1.0-or-later.json
        CNRI-Python.json
        Adobe-2006.json
        CUA-OPL-1.0.json
        CC-BY-NC-4.0.json
        CECILL-2.0.json
        GFDL-1.1-or-later.json
        OLDAP-1.2.json
        psfrag.json
        Entessa.json
        ECL-2.0.json
        BSD-3-Clause-No-Nuclear-License-2014.json
        EUDatagrid.json
        Xerox.json
        CC-BY-NC-2.5.json
        ECL-1.0.json
        JasPer-2.0.json
        SAX-PD.json
        GFDL-1.2-or-later.json
        CC-BY-NC-ND-2.5.json
        Multics.json
        OSL-1.0.json
        SPL-1.0.json
        GFDL-1.1.json
        GPL-2.0-with-GCC-exception.json
        Intel.json
        SMPPL.json
        Unicode-DFS-2015.json
        XSkat.json
        LGPL-3.0.json
        LPPL-1.3a.json
        GPL-2.0+.json
        Artistic-1.0-cl8.json
        LGPL-2.1-or-later.json
        CECILL-1.0.json
        SISSL.json
        Zlib.json
        CC-BY-3.0.json
        LGPL-2.0-or-later.json
        X11.json
        BSD-2-Clause.json
        CPOL-1.02.json
        CPL-1.0.json
        GFDL-1.3-or-later.json
        CC-BY-NC-ND-2.0.json
        FSFULLR.json
        psutils.json
        D-FSL-1.0.json
        GPL-2.0-with-classpath-exception.json
        OML.json
        Nunit.json
        Imlib2.json
        AGPL-3.0-or-later.json
        EFL-2.0.json
        OLDAP-2.6.json
        MPL-2.0.json
        Watcom-1.0.json
        HPND-sell-variant.json
        APSL-1.2.json
        GPL-1.0.json
        SGI-B-1.1.json
        GPL-3.0.json
        CC-BY-ND-4.0.json
        BSD-3-Clause.json
        CC-BY-NC-ND-3.0.json
        EPL-2.0.json
        LGPL-3.0+.json
        CC-BY-2.0.json
        PostgreSQL.json
        Adobe-Glyph.json
        Bahyph.json
        SISSL-1.2.json
        zlib-acknowledgement.json
        CC-BY-SA-2.5.json
        ODC-By-1.0.json
        Naumen.json
        VSL-1.0.json
        Latex2e.json
        GFDL-1.2.json
        PHP-3.0.json
        LGPL-2.0-only.json
        ZPL-2.0.json
        RPSL-1.0.json
        CERN-OHL-1.2.json
        Motosoto.json
        GFDL-1.3-only.json
        CC-BY-SA-3.0.json
        TU-Berlin-2.0.json
        MirOS.json
        MIT.json
        NRL.json
        FSFUL.json
        MPL-1.1.json
        CECILL-B.json
        BSD-1-Clause.json
        NLPL.json
        NOSL.json
        CC-BY-1.0.json
        OLDAP-2.7.json
        CC-BY-4.0.json
        RHeCos-1.1.json
        CC-BY-ND-2.0.json
        OLDAP-2.0.json
        Unicode-DFS-2016.json
        Zed.json
        NCSA.json
        BitTorrent-1.0.json
        MPL-2.0-no-copyleft-exception.json
        TU-Berlin-1.0.json
        Net-SNMP.json
        ICU.json
        RPL-1.1.json
        BitTorrent-1.1.json
        CNRI-Jython.json
        GPL-3.0-with-GCC-exception.json
        APSL-1.1.json
        Artistic-2.0.json
        BSD-4-Clause-UC.json
        GFDL-1.1-only.json
        FreeImage.json
        libpng-2.0.json
        CC-BY-ND-3.0.json
        NPL-1.0.json
        Unicode-TOU.json
        Crossword.json
        CC-BY-NC-SA-3.0.json
        SNIA.json
        SMLNJ.json
        ADSL.json
        GPL-2.0-with-bison-exception.json
        PDDL-1.0.json
        GPL-3.0-only.json
        Newsletr.json
        OFL-1.1.json
        EPL-1.0.json
        TCL.json
        CDDL-1.1.json
        SWL.json
        TAPR-OHL-1.0.json
        CC-BY-NC-SA-2.0.json
        AGPL-3.0-only.json
        Dotseqn.json
        LPL-1.0.json
        Qhull.json
        SugarCRM-1.1.3.json
        BSD-3-Clause-Clear.json
        CC-BY-SA-4.0.json
        ImageMagick.json
        AAL.json
        NPL-1.1.json
        LGPL-2.1.json
        GPL-1.0-or-later.json
        bzip2-1.0.5.json
        LGPL-3.0-only.json
        RSCPL.json
        Intel-ACPI.json
      - default-objects
        licenseGroups.json
      - templates
        notification
        publisher
        msteams.peb
        slack.peb
        email.peb
        webhook.peb
        console.peb
        badge
        project-novulns.peb
        project-vulns.peb
        project-nometrics.peb
      - application.version
      - META-INF
        persistence.xml
      - application.properties
    - docker
      - logback.xml
      - Dockerfile
      - docker-compose.yml
    - java
      - org
        dependencytrack
        integrations
        IntegrationPoint.java
        PortfolioFindingUploader.java
        AbstractIntegrationPoint.java
        kenna
        KennaDataTransformer.java
        KennaSecurityUploader.java
        FindingUploader.java
        fortifyssc
        FortifySscUploader.java
        FortifySscClient.java
        FindingPackagingFormat.java
        ProjectFindingUploader.java
        resources
        v1
        ProjectResource.java
        FindingResource.java
        vo
        DependencyRequest.java
        AnalysisRequest.java
        MappedLdapGroupRequest.java
        BomSubmitRequest.java
        package-info.java
        CloneProjectRequest.java
        MappedOidcGroupRequest.java
        MetricsResource.java
        PermissionResource.java
        RepositoryResource.java
        DependencyResource.java
        NotificationRuleResource.java
        ConfigPropertyResource.java
        NotificationPublisherResource.java
        misc
        Badger.java
        ComponentResource.java
        ProjectPropertyResource.java
        LdapResource.java
        CalculatorResource.java
        PolicyConditionResource.java
        package-info.java
        BadgeResource.java
        SearchResource.java
        PolicyResource.java
        UserResource.java
        OidcResource.java
        CweResource.java
        VulnerabilityResource.java
        TeamResource.java
        LicenseResource.java
        AnalysisResource.java
        AbstractConfigPropertyResource.java
        serializers
        CustomPackageURLSerializer.java
        BomResource.java
        LicenseGroupResource.java
        package-info.java
        search
        ProjectIndexer.java
        LicenseIndexer.java
        VulnerabilityIndexer.java
        CpeIndexer.java
        IndexManager.java
        SearchResult.java
        ComponentIndexer.java
        ObjectIndexer.java
        package-info.java
        IndexManagerFactory.java
        SearchManager.java
        VulnerableSoftwareIndexer.java
        IndexConstants.java
        upgrade
        v370
        v370Updater.java
        v310
        v310Updater.java
        v350
        v350Updater.java
        v321
        v321Updater.java
        v320
        v320Updater.java
        v360
        v360Updater.java
        UpgradeItems.java
        v340
        v340Updater.java
        v380
        v380Updater.java
        v330
        v330Updater.java
        UpgradeInitializer.java
        common
        ManagedHttpClient.java
        HttpClientPool.java
        UnirestFactory.java
        ManagedHttpClientFactory.java
        RequirementsVerifier.java
        util
        XmlUtil.java
        InternalComponentIdentificationUtil.java
        VulnerabilityUtil.java
        DateUtil.java
        JsonUtil.java
        HashUtil.java
        CompressUtil.java
        HttpUtil.java
        ComponentVersion.java
        NotificationUtil.java
        exception
        RequirementsException.java
        package-info.java
        ParseException.java
        event
        EventSubsystemInitializer.java
        IndexEvent.java
        RepositoryMetaEvent.java
        InternalComponentIdentificationEvent.java
        AbstractVulnerabilityManagementUploadEvent.java
        NpmAuditAnalysisEvent.java
        VulnerabilityAnalysisEvent.java
        BomUploadEvent.java
        NpmAdvisoryMirrorEvent.java
        NistMirrorEvent.java
        package-info.java
        VulnDbSyncEvent.java
        OssIndexAnalysisEvent.java
        VulnDbAnalysisEvent.java
        CloneProjectEvent.java
        InternalAnalysisEvent.java
        FortifySscUploadEventAbstract.java
        KennaSecurityUploadEventAbstract.java
        MetricsUpdateEvent.java
        tasks
        FortifySscUploadTask.java
        InternalComponentIdentificationTask.java
        NistMirrorTask.java
        scanners
        NpmAuditAnalysisTask.java
        AbstractVulnerableSoftwareAnalysisTask.java
        OssIndexAnalysisTask.java
        VulnDbAnalysisTask.java
        ScanTask.java
        BaseComponentAnalyzerTask.java
        InternalAnalysisTask.java
        VulnDbSyncTask.java
        NpmAdvisoryMirrorTask.java
        TaskScheduler.java
        repositories
        HexMetaAnalyzer.java
        IMetaAnalyzer.java
        GemMetaAnalyzer.java
        PypiMetaAnalyzer.java
        NugetMetaAnalyzer.java
        MavenMetaAnalyzer.java
        MetaModel.java
        RepositoryMetaAnalyzerTask.java
        AbstractMetaAnalyzer.java
        NpmMetaAnalyzer.java
        MetricsUpdateTask.java
        KennaSecurityUploadTask.java
        VulnerabilityAnalysisTask.java
        IndexTask.java
        package-info.java
        CloneProjectTask.java
        BomUploadProcessingTask.java
        VulnerabilityManagementUploadTask.java
        servlets
        NvdMirrorServlet.java
        notification
        vo
        NewVulnerabilityIdentified.java
        NewVulnerableDependency.java
        BomConsumedOrProcessed.java
        AnalysisDecisionChange.java
        NotificationConstants.java
        publisher
        SendMailPublisher.java
        ConsolePublisher.java
        WebhookPublisher.java
        Publisher.java
        SlackPublisher.java
        AbstractWebhookPublisher.java
        MsTeamsPublisher.java
        DefaultNotificationPublishers.java
        NotificationSubsystemInitializer.java
        NotificationRouter.java
        NotificationScope.java
        NotificationGroup.java
        auth
        Permissions.java
        package-info.java
        model
        AnalysisState.java
        NotificationRule.java
        Cwe.java
        Severity.java
        ComponentMetrics.java
        PolicyCondition.java
        VulnerableSoftware.java
        LicenseGroup.java
        ProjectMetrics.java
        CpeReference.java
        ComponentAnalysisCache.java
        ICpe.java
        DependencyMetrics.java
        License.java
        Analysis.java
        NotificationPublisher.java
        Bom.java
        Policy.java
        Classifier.java
        ConfigPropertyConstants.java
        Dependency.java
        Project.java
        PortfolioMetrics.java
        VulnerabilityMetrics.java
        Finding.java
        package-info.java
        IdentifiableObject.java
        Component.java
        RepositoryMetaComponent.java
        Tag.java
        Repository.java
        RepositoryType.java
        ProjectProperty.java
        Vulnerability.java
        AnalysisComment.java
        Cpe.java
        metrics
        package-info.java
        Metrics.java
        persistence
        QueryManager.java
        PackageURLStringConverter.java
        DefaultObjectGenerator.java
        CweImporter.java
        package-info.java
        defaults
        IDefaultObjectImporter.java
        DefaultLicenseGroupImporter.java
        parser
        vulndb
        ModelConverter.java
        nvd
        ModelConverter.java
        CpeDictionaryParser.java
        package-info.java
        NvdParser.java
        common
        resolver
        CweResolver.java
        ComponentResolver.java
        npm
        BaseAdvisoryParser.java
        package-info.java
        NpmAuditParser.java
        model
        AdvisoryResults.java
        Advisory.java
        package-info.java
        NpmAdvisoriesParser.java
        cyclonedx
        util
        ModelConverter.java
        package-info.java
        spdx
        rdf
        SpdxDocumentParser.java
        package-info.java
        json
        SpdxLicenseDetailParser.java
        package-info.java
        package-info.java
        ossindex
        OssIndexParser.java
        model
        ComponentReport.java
        ComponentReportVulnerability.java
    - webapp
      - WEB-INF
        fragments
        error.jsp
        web.xml
  - test
    - resources
      - integration
        application-postgres.properties
        application-mysql.properties
        application-h2.properties
      - SPDXTagExample-v2.1.spdx
      - bom-1.xml
      - textfile.txt
    - java
      - org
        dependencytrack
        integrations
        FindingUploaderTest.java
        kenna
        KennaSecurityUploaderTest.java
        ProjectFindingUploaderTest.java
        AbstractIntegrationPointTest.java
        IntegrationPointTest.java
        fortifyssc
        FortifySscClientTest.java
        FortifySscUploaderTest.java
        PortfolioFindingUploaderTest.java
        FindingPackagingFormatTest.java
        resources
        v1
        ProjectPropertyResourceTest.java
        SearchResourceTest.java
        DependencyResourceTest.java
        RepositoryResourceTest.java
        AnalysisResourceTest.java
        PermissionResourceTest.java
        UserResourceUnauthenticatedTest.java
        ConfigPropertyResourceTest.java
        OidcResourceAuthenticatedTest.java
        ComponentResourceTest.java
        NotificationRuleResourceTest.java
        FindingResourceTest.java
        VulnerabilityResourceTest.java
        CalculatorResourceTest.java
        NotificationPublisherResourceTest.java
        LdapResourceTest.java
        LicenseResourceTest.java
        UserResourceAuthenticatedTest.java
        CweResourceTest.java
        TeamResourceTest.java
        OidcResourceUnauthenticatedTest.java
        ProjectResourceTest.java
        BomResourceTest.java
        search
        ProjectIndexerTest.java
        LicenseIndexerTest.java
        ComponentIndexerTest.java
        VulnerabilityIndexerTest.java
        integration
        ApiClient.java
        PopulateData.java
        common
        ManagedHttpClientTest.java
        ManagedHttpClientFactoryTest.java
        HttpClientPoolTest.java
        UnirestFactoryTest.java
        util
        DateUtilTest.java
        HashUtilTest.java
        InternalComponentIdentificationUtilTest.java
        HttpUtilTest.java
        exception
        ParseExceptionTest.java
        event
        CloneProjectEventTest.java
        KennaSecurityUploadEventTest.java
        NpmAdvisoryMirrorEventTest.java
        NpmAuditAnalysisEventTest.java
        BomUploadEventTest.java
        NistMirrorEventTest.java
        InternalAnalysisEventTest.java
        FortifySscUploadEventTest.java
        VulnDbSyncEventTest.java
        RepositoryMetaEventTest.java
        MetricsUpdateEventTest.java
        IndexEventTest.java
        OssIndexAnalysisEventTest.java
        VulnerabilityAnalysisEventTest.java
        tasks
        repositories
        PypiMetaAnalyzerTest.java
        NugetMetaAnalyzerTest.java
        MavenMetaAnalyzerTest.java
        GemMetaAnalyzerTest.java
        NpmMetaAnalyzerTest.java
        HexMetaAnalyzerTest.java
        PersistenceCapableTest.java
        notification
        vo
        AnalysisDecisionChangeTest.java
        NewVulnerableDependencyTest.java
        NewVulnerabilityIdentifiedTest.java
        publisher
        WebhookPublisherTest.java
        DefaultNotificationPublishersTest.java
        MsTeamsPublisherTest.java
        ConsolePublisherTest.java
        SlackPublisherTest.java
        NotificationGroupTest.java
        NotificationRouterTest.java
        NotificationConstantsTest.java
        NotificationScopeTest.java
        NotificationSubsystemInitializerTest.java
        auth
        PermissionsTest.java
        model
        LicenseGroupTest.java
        RepositoryMetaComponentTest.java
        ProjectPropertyTest.java
        ProjectMetricsTest.java
        TagTest.java
        AnalysisStateTest.java
        AnalysisCommentTest.java
        ClassifierTest.java
        PolicyTest.java
        ProjectTest.java
        AnalysisTest.java
        PolicyConditionTest.java
        DependencyMetricsTest.java
        BomTest.java
        ComponentTest.java
        CpeReferenceTest.java
        VulnerabilityMetricsTest.java
        NotificationPublisherTest.java
        CweTest.java
        VulnerabilityTest.java
        FindingTest.java
        RepositoryTypeTest.java
        RepositoryTest.java
        LicenseTest.java
        ComponentMetricsTest.java
        PortfolioMetricsTest.java
        VulnerableSoftwareTest.java
        DependencyTest.java
        CpeTest.java
        SeverityTest.java
        NotificationRuleTest.java
        servlet
        NvdMirrorServletTest.java
        metrics
        MetricsTest.java
        persistence
        PackageURLStringConverterTest.java
        CweImporterTest.java
        DefaultObjectGeneratorTest.java
        parser
        common
        resolver
        CweResolverTest.java
        spdx
        SpdxDocumentParserTest.java
        ResourceTest.java
- release.sh
- prerelease.sh
- pom.xml
- upgrade
  - README.md
  - 3.0.0_to_3.0.1.sql
  - 3.7.1_and_previous_maven_central_fix.sql
- clearlogs.sh
- SECURITY.md
- README.md
- CODE_OF_CONDUCT.md
- .gitignore
- docs
  - robots.txt
  - _docs
    - best-practices.md
    - integrations
      - kenna.md
      - rest-api.md
      - ecosystem.md
      - notifications.md
      - fortify-ssc.md
      - badges.md
      - file-formats.md
      - threadfix.md
      - jenkins.md
    - usage
      - supply-chain-component-analysis.md
      - cicd.md
      - impact-analysis.md
    - getting-started
      - openidconnect-configuration.md
      - configuration.md
      - deploy-docker.md
      - initial-startup.md
      - data-directory.md
      - deploy-exewar.md
      - deploy-war.md
      - database-support.md
      - ldap-configuration.md
    - terminology.md
    - datasources
      - private-vuln-repo.md
      - ossindex.md
      - vulndb.md
      - internal-components.md
      - nvd.md
      - npm.md
      - routing.md
      - repositories.md
    - FAQ.md
    - triage
      - suppression.md
      - analysis-states.md
      - auditing-basics.md
    - _defaults.md
    - analysis-types
      - license.md
      - integrity-verification.md
      - known-vulnerabilities.md
      - outdated-components.md
  - 404.md
  - _sass
    - _pygments.scss
    - _typography.scss
    - _tables.scss
    - _code.scss
    - _normalize.scss
    - _layout.scss
    - _mixins.scss
  - _config.yml
  - Gemfile
  - images
    - badge-project-nometrics.svg
    - dt-logo-white-text.svg
    - badge-project-novulns.svg
    - badge-project-vulns.svg
    - screenshots
    - menu.svg
    - dt-logo-black-text.svg
  - odt-odc-comparison.html
  - changelog.html
  - CNAME
  - index.md
  - _layouts
    - default.html
  - favicon.ico
  - scripts
    - search.js
    - lunr.min.js
  - _plugins
    - replace-regex.rb
  - search.html
  - css
    - main.scss
  - _posts
    - 2018-03-29-v3.0.1.md
    - 2019-09-28-v3.6.0.md
    - 2020-03-22-v3.8.0.md
    - 2018-04-13-v3.0.3.md
    - 2018-06-20-v3.1.1.md
    - 2018-03-30-v3.0.2.md
    - 2018-11-13-v3.3.1.md
    - 2019-10-01-v3.6.1.md
    - 2018-09-21-v3.2.1.md
    - 2018-12-22-v3.4.0.md
    - 2019-04-16-v3.4.1.md
    - 2018-10-02-v3.2.2.md
    - 2019-12-16-v3.7.0.md
    - 2020-01-07-v3.7.1.md
    - _defaults.md
    - 2018-03-27-v3.0.0.md
    - 2019-06-07-v3.5.0.md
    - 2018-06-19-v3.1.0.md
    - 2018-09-06-v3.2.0.md
    - 2018-05-02-v3.0.4.md
    - 2018-10-25-v3.3.0.md
    - 2019-07-17-v3.5.1.md
- LICENSE.txt
- dev-docs.sh
- build-docs.sh

/*
 * This file is part of Dependency-Track.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * SPDX-License-Identifier: Apache-2.0
 * Copyright (c) Steve Springett. All Rights Reserved.
 */
package org.dependencytrack.resources.v1;

import alpine.filters.AuthenticationFilter;
import alpine.util.UuidUtil;
import org.dependencytrack.ResourceTest;
import org.dependencytrack.model.AnalysisState;
import org.dependencytrack.model.Component;
import org.dependencytrack.model.Project;
import org.dependencytrack.model.Severity;
import org.dependencytrack.model.Vulnerability;
import org.dependencytrack.persistence.CweImporter;
import org.glassfish.jersey.server.ResourceConfig;
import org.glassfish.jersey.servlet.ServletContainer;
import org.glassfish.jersey.test.DeploymentContext;
import org.glassfish.jersey.test.ServletDeploymentContext;
import org.junit.Assert;
import org.junit.Test;
import javax.json.Json;
import javax.json.JsonArray;
import javax.json.JsonObject;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.util.UUID;

public class VulnerabilityResourceTest extends ResourceTest {

    @Override
    protected DeploymentContext configureDeployment() {
        return ServletDeploymentContext.forServlet(new ServletContainer(
                new ResourceConfig(VulnerabilityResource.class)
                        .register(AuthenticationFilter.class)))
                .build();
    }

    @Test
    public void getVulnerabilitiesByComponentUuidTest() throws Exception {
        SampleData sampleData = new SampleData();
        Response response = target(V1_VULNERABILITY + "/component/" + sampleData.c1.getUuid().toString()).request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(200, response.getStatus(), 0);
        Assert.assertEquals(String.valueOf(2), response.getHeaderString(TOTAL_COUNT_HEADER));
        JsonArray json = parseJsonArray(response);
        Assert.assertNotNull(json);
        Assert.assertEquals(2, json.size());
        Assert.assertEquals("INT-1", json.getJsonObject(0).getString("vulnId"));
        Assert.assertEquals("INTERNAL", json.getJsonObject(0).getString("source"));
        Assert.assertEquals("Description 1", json.getJsonObject(0).getString("description"));
        Assert.assertEquals("CRITICAL", json.getJsonObject(0).getString("severity"));
        Assert.assertTrue(UuidUtil.isValidUUID(json.getJsonObject(0).getString("uuid")));
        Assert.assertEquals("INT-2", json.getJsonObject(1).getString("vulnId"));
        Assert.assertEquals("INTERNAL", json.getJsonObject(1).getString("source"));
        Assert.assertEquals("Description 2", json.getJsonObject(1).getString("description"));
        Assert.assertEquals("HIGH", json.getJsonObject(1).getString("severity"));
        Assert.assertTrue(UuidUtil.isValidUUID(json.getJsonObject(1).getString("uuid")));
    }

    @Test
    public void getVulnerabilitiesByComponentMd5Test() throws Exception {
        SampleData sampleData = new SampleData();
        Response response = target(V1_VULNERABILITY + "/component/" + sampleData.c1.getMd5()).request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(200, response.getStatus(), 0);
        Assert.assertEquals(String.valueOf(2), response.getHeaderString(TOTAL_COUNT_HEADER));
        JsonArray json = parseJsonArray(response);
        Assert.assertNotNull(json);
        Assert.assertEquals(2, json.size());
        Assert.assertEquals("INT-1", json.getJsonObject(0).getString("vulnId"));
        Assert.assertEquals("INTERNAL", json.getJsonObject(0).getString("source"));
        Assert.assertEquals("Description 1", json.getJsonObject(0).getString("description"));
        Assert.assertEquals("CRITICAL", json.getJsonObject(0).getString("severity"));
        Assert.assertTrue(UuidUtil.isValidUUID(json.getJsonObject(0).getString("uuid")));
        Assert.assertEquals("INT-2", json.getJsonObject(1).getString("vulnId"));
        Assert.assertEquals("INTERNAL", json.getJsonObject(1).getString("source"));
        Assert.assertEquals("Description 2", json.getJsonObject(1).getString("description"));
        Assert.assertEquals("HIGH", json.getJsonObject(1).getString("severity"));
        Assert.assertTrue(UuidUtil.isValidUUID(json.getJsonObject(1).getString("uuid")));
    }

    @Test
    public void getVulnerabilitiesByComponentSha1Test() throws Exception {
        SampleData sampleData = new SampleData();
        Response response = target(V1_VULNERABILITY + "/component/" + sampleData.c1.getSha1()).request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(200, response.getStatus(), 0);
        Assert.assertEquals(String.valueOf(2), response.getHeaderString(TOTAL_COUNT_HEADER));
        JsonArray json = parseJsonArray(response);
        Assert.assertNotNull(json);
        Assert.assertEquals(2, json.size());
        Assert.assertEquals("INT-1", json.getJsonObject(0).getString("vulnId"));
        Assert.assertEquals("INTERNAL", json.getJsonObject(0).getString("source"));
        Assert.assertEquals("Description 1", json.getJsonObject(0).getString("description"));
        Assert.assertEquals("CRITICAL", json.getJsonObject(0).getString("severity"));
        Assert.assertTrue(UuidUtil.isValidUUID(json.getJsonObject(0).getString("uuid")));
        Assert.assertEquals("INT-2", json.getJsonObject(1).getString("vulnId"));
        Assert.assertEquals("INTERNAL", json.getJsonObject(1).getString("source"));
        Assert.assertEquals("Description 2", json.getJsonObject(1).getString("description"));
        Assert.assertEquals("HIGH", json.getJsonObject(1).getString("severity"));
        Assert.assertTrue(UuidUtil.isValidUUID(json.getJsonObject(1).getString("uuid")));
    }

    @Test
    public void getVulnerabilitiesByComponentInvalidTest() throws Exception  {
        new SampleData();
        Response response = target(V1_VULNERABILITY + "/component/" + "jklfdjklfjaklfla").request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(404, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("The component could not be found.", body);
    }

    @Test
    public void getVulnerabilitiesByComponentUuidIncludeSuppressedTest() throws Exception {
        SampleData sampleData = new SampleData();
        Response response = target(V1_VULNERABILITY + "/component/" + sampleData.c1.getUuid().toString())
                .queryParam("suppressed", "true")
                .request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(200, response.getStatus(), 0);
        Assert.assertEquals(String.valueOf(3), response.getHeaderString(TOTAL_COUNT_HEADER));
        JsonArray json = parseJsonArray(response);
        Assert.assertNotNull(json);
        Assert.assertEquals(3, json.size());
        Assert.assertEquals("INT-1", json.getJsonObject(0).getString("vulnId"));
        Assert.assertEquals("INTERNAL", json.getJsonObject(0).getString("source"));
        Assert.assertEquals("Description 1", json.getJsonObject(0).getString("description"));
        Assert.assertEquals("CRITICAL", json.getJsonObject(0).getString("severity"));
        Assert.assertTrue(UuidUtil.isValidUUID(json.getJsonObject(0).getString("uuid")));
        Assert.assertEquals("INT-2", json.getJsonObject(1).getString("vulnId"));
        Assert.assertEquals("INTERNAL", json.getJsonObject(1).getString("source"));
        Assert.assertEquals("Description 2", json.getJsonObject(1).getString("description"));
        Assert.assertEquals("HIGH", json.getJsonObject(1).getString("severity"));
        Assert.assertTrue(UuidUtil.isValidUUID(json.getJsonObject(1).getString("uuid")));
        Assert.assertEquals("INT-3", json.getJsonObject(2).getString("vulnId"));
        Assert.assertEquals("INTERNAL", json.getJsonObject(2).getString("source"));
        Assert.assertEquals("Description 3", json.getJsonObject(2).getString("description"));
        Assert.assertEquals("MEDIUM", json.getJsonObject(2).getString("severity"));
        Assert.assertTrue(UuidUtil.isValidUUID(json.getJsonObject(2).getString("uuid")));
    }

    @Test
    public void getVulnerabilitiesByProjectTest() throws Exception {
        SampleData sampleData = new SampleData();
        Response response = target(V1_VULNERABILITY + "/project/" + sampleData.p1.getUuid().toString()).request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(200, response.getStatus(), 0);
        Assert.assertEquals(String.valueOf(4), response.getHeaderString(TOTAL_COUNT_HEADER));
        JsonArray json = parseJsonArray(response);
        Assert.assertNotNull(json);
        Assert.assertEquals(4, json.size());
        Assert.assertEquals("INT-1", json.getJsonObject(0).getString("vulnId"));
        Assert.assertEquals("INTERNAL", json.getJsonObject(0).getString("source"));
        Assert.assertEquals("Description 1", json.getJsonObject(0).getString("description"));
        Assert.assertEquals("CRITICAL", json.getJsonObject(0).getString("severity"));
        Assert.assertTrue(UuidUtil.isValidUUID(json.getJsonObject(0).getString("uuid")));
        Assert.assertEquals("INT-2", json.getJsonObject(1).getString("vulnId"));
        Assert.assertEquals("INTERNAL", json.getJsonObject(1).getString("source"));
        Assert.assertEquals("Description 2", json.getJsonObject(1).getString("description"));
        Assert.assertEquals("HIGH", json.getJsonObject(1).getString("severity"));
        Assert.assertTrue(UuidUtil.isValidUUID(json.getJsonObject(1).getString("uuid")));
        Assert.assertEquals("INT-4", json.getJsonObject(2).getString("vulnId"));
        Assert.assertEquals("INTERNAL", json.getJsonObject(2).getString("source"));
        Assert.assertEquals("Description 4", json.getJsonObject(2).getString("description"));
        Assert.assertEquals("LOW", json.getJsonObject(2).getString("severity"));
        Assert.assertTrue(UuidUtil.isValidUUID(json.getJsonObject(2).getString("uuid")));
        Assert.assertEquals("INT-5", json.getJsonObject(3).getString("vulnId"));
        Assert.assertEquals("INTERNAL", json.getJsonObject(3).getString("source"));
        Assert.assertEquals("Description 5", json.getJsonObject(3).getString("description"));
        Assert.assertEquals("CRITICAL", json.getJsonObject(3).getString("severity"));
        Assert.assertTrue(UuidUtil.isValidUUID(json.getJsonObject(3).getString("uuid")));
    }

    @Test
    public void getVulnerabilitiesByProjectIncludeGlobalSuppressedTest() throws Exception {
        SampleData sampleData = new SampleData();
        Response response = target(V1_VULNERABILITY + "/project/" + sampleData.p1.getUuid().toString())
                .queryParam("suppressed", "true")
                .request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(200, response.getStatus(), 0);
        //Assert.assertEquals(String.valueOf(4), response.getHeaderString(TOTAL_COUNT_HEADER));
        JsonArray json = parseJsonArray(response);
        Assert.assertNotNull(json);
        Assert.assertEquals(5, json.size());
        Assert.assertEquals("INT-1", json.getJsonObject(0).getString("vulnId"));
        Assert.assertEquals("INT-2", json.getJsonObject(1).getString("vulnId"));
        Assert.assertEquals("INT-3", json.getJsonObject(2).getString("vulnId"));
        Assert.assertEquals("INT-4", json.getJsonObject(3).getString("vulnId"));
        Assert.assertEquals("INT-5", json.getJsonObject(4).getString("vulnId"));
    }

    @Test
    public void getVulnerabilitiesByProjectIncludeProjectSuppressedTest() throws Exception {
        SampleData sampleData = new SampleData();
        Response response = target(V1_VULNERABILITY + "/project/" + sampleData.p2.getUuid().toString())
                .queryParam("suppressed", "true")
                .request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(200, response.getStatus(), 0);
        Assert.assertEquals(String.valueOf(2), response.getHeaderString(TOTAL_COUNT_HEADER));
        JsonArray json = parseJsonArray(response);
        Assert.assertNotNull(json);
        Assert.assertEquals(2, json.size());
        Assert.assertEquals("INT-4", json.getJsonObject(0).getString("vulnId"));
        Assert.assertEquals("INT-5", json.getJsonObject(1).getString("vulnId"));
    }

    @Test
    public void getVulnerabilitiesByProjectInvalidTest() throws Exception {
        new SampleData();
        Response response = target(V1_VULNERABILITY + "/project/" + UUID.randomUUID().toString()).request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(404, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("The project could not be found.", body);
    }

    @Test
    public void getVulnerabilityByUuidTest() throws Exception {
        SampleData sampleData = new SampleData();
        Response response = target(V1_VULNERABILITY + "/" + sampleData.v1.getUuid().toString()).request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(200, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        JsonObject json = parseJsonObject(response);
        Assert.assertNotNull(json);
        Assert.assertEquals("INT-1", json.getString("vulnId"));
    }

    @Test
    public void getVulnerabilityByUuidInvalidTest() throws Exception {
        new SampleData();
        Response response = target(V1_VULNERABILITY + "/" + UUID.randomUUID().toString()).request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(404, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("The vulnerability could not be found.", body);
    }

    @Test
    public void getVulnerabilityByVulnIdTest() throws Exception {
        SampleData sampleData = new SampleData();
        Response response = target(V1_VULNERABILITY + "/source/" + sampleData.v1.getSource() + "/vuln/" + sampleData.v1.getVulnId()).request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(200, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        JsonObject json = parseJsonObject(response);
        Assert.assertNotNull(json);
        Assert.assertEquals("INT-1", json.getString("vulnId"));
    }

    @Test
    public void getVulnerabilityByVulnIdInvalidTest() throws Exception {
        new SampleData();
        Response response = target(V1_VULNERABILITY + "/source/INTERNAL/vuln/blah").request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(404, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("The vulnerability could not be found.", body);
    }

    @Test
    public void getAffectedProjectTest() throws Exception {
        SampleData sampleData = new SampleData();
        Response response = target(V1_VULNERABILITY + "/source/" + sampleData.v1.getSource() + "/vuln/" + sampleData.v1.getVulnId() + "/projects").request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(200, response.getStatus(), 0);
        Assert.assertEquals(String.valueOf(1), response.getHeaderString(TOTAL_COUNT_HEADER));
        JsonArray json = parseJsonArray(response);
        Assert.assertNotNull(json);
        Assert.assertEquals("Project 1", json.getJsonObject(0).getString("name"));
        Assert.assertEquals(sampleData.p1.getUuid().toString(), json.getJsonObject(0).getString("uuid"));
    }

    @Test
    public void getAffectedProjectInvalidTest() throws Exception {
        new SampleData();
        Response response = target(V1_VULNERABILITY + "/source/INTERNAL/vuln/blah/projects").request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(404, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("The vulnerability could not be found.", body);
    }

    @Test
    public void getAllVulnerabilitiesTest() throws Exception {
        new SampleData();
        Response response = target(V1_VULNERABILITY).request()
                .header(X_API_KEY, apiKey)
                .get(Response.class);
        Assert.assertEquals(200, response.getStatus(), 0);
        Assert.assertEquals(String.valueOf(5), response.getHeaderString(TOTAL_COUNT_HEADER));
        JsonArray json = parseJsonArray(response);
        Assert.assertNotNull(json);
        Assert.assertEquals(5, json.size());
        Assert.assertEquals("INT-1", json.getJsonObject(0).getString("vulnId"));
        Assert.assertEquals("INT-2", json.getJsonObject(1).getString("vulnId"));
        Assert.assertEquals("INT-3", json.getJsonObject(2).getString("vulnId"));
        Assert.assertEquals("INT-4", json.getJsonObject(3).getString("vulnId"));
        Assert.assertEquals("INT-5", json.getJsonObject(4).getString("vulnId"));
    }

    @Test
    public void createVulnerabilityTest() throws Exception {
        new CweImporter().processCweDefinitions();
        JsonObject payload = Json.createObjectBuilder()
                .add("vulnId", "ACME-1")
                .add("description", "Something is vulnerable")
                .add("cwe", Json.createObjectBuilder().add("cweId", 80))
                .add("cvssV2Vector", "(AV:N/AC:M/Au:S/C:P/I:P/A:P)")
                .add("cvssV3Vector", "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L")
                .build();
        Response response = target(V1_VULNERABILITY).request()
                .header(X_API_KEY, apiKey)
                .put(Entity.json(payload.toString()));
        Assert.assertEquals(201, response.getStatus(), 0);
        JsonObject json = parseJsonObject(response);
        Assert.assertNotNull(json);
        Assert.assertEquals("ACME-1", json.getString("vulnId"));
        Assert.assertEquals("INTERNAL", json.getString("source"));
        Assert.assertEquals("Something is vulnerable", json.getString("description"));
        Assert.assertEquals(6.0, json.getJsonNumber("cvssV2BaseScore").doubleValue(), 0);
        Assert.assertEquals(6.4, json.getJsonNumber("cvssV2ImpactSubScore").doubleValue(), 0);
        Assert.assertEquals(6.8, json.getJsonNumber("cvssV2ExploitabilitySubScore").doubleValue(), 0);
        Assert.assertEquals("(AV:N/AC:M/Au:S/C:P/I:P/A:P)", json.getString("cvssV2Vector"));
        Assert.assertEquals(6.3, json.getJsonNumber("cvssV3BaseScore").doubleValue(), 0);
        Assert.assertEquals(3.4, json.getJsonNumber("cvssV3ImpactSubScore").doubleValue(), 0);
        Assert.assertEquals(2.8, json.getJsonNumber("cvssV3ExploitabilitySubScore").doubleValue(), 0);
        Assert.assertEquals("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", json.getString("cvssV3Vector"));
        Assert.assertEquals("MEDIUM", json.getString("severity"));
        Assert.assertEquals(80, json.getJsonObject("cwe").getInt("cweId"));
        Assert.assertEquals("Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", json.getJsonObject("cwe").getString("name"));
        Assert.assertTrue(UuidUtil.isValidUUID(json.getString("uuid")));
    }

    @Test
    public void createVulnerabilityDuplicateTest() {
        Vulnerability vuln = new Vulnerability();
        vuln.setVulnId("ACME-1");
        vuln.setSource(Vulnerability.Source.INTERNAL);
        qm.createVulnerability(vuln, false);
        JsonObject payload = Json.createObjectBuilder()
                .add("vulnId", "ACME-1")
                .add("description", "Something is vulnerable")
                .add("cwe", Json.createObjectBuilder().add("cweId", 80))
                .add("cvssV2Vector", "(AV:N/AC:M/Au:S/C:P/I:P/A:P)")
                .add("cvssV3Vector", "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L")
                .build();
        Response response = target(V1_VULNERABILITY).request()
                .header(X_API_KEY, apiKey)
                .put(Entity.json(payload.toString()));
        Assert.assertEquals(409, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("A vulnerability with the specified vulnId already exists.", body);
    }

    @Test
    public void updateVulnerabilityTest() throws Exception {
        new CweImporter().processCweDefinitions();
        Vulnerability vuln = new Vulnerability();
        vuln.setVulnId("ACME-1");
        vuln.setSource(Vulnerability.Source.INTERNAL);
        vuln = qm.createVulnerability(vuln, false);
        JsonObject payload = Json.createObjectBuilder()
                .add("vulnId", "ACME-1")
                .add("source", "INTERNAL")
                .add("description", "Something is vulnerable")
                .add("cwe", Json.createObjectBuilder().add("cweId", 80))
                .add("cvssV2Vector", "(AV:N/AC:M/Au:S/C:P/I:P/A:P)")
                .add("cvssV3Vector", "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L")
                .add("uuid", vuln.getUuid().toString())
                .build();
        Response response = target(V1_VULNERABILITY).request()
                .header(X_API_KEY, apiKey)
                .post(Entity.json(payload.toString()));
        Assert.assertEquals(200, response.getStatus(), 0);
        JsonObject json = parseJsonObject(response);
        Assert.assertNotNull(json);
        Assert.assertEquals("ACME-1", json.getString("vulnId"));
        Assert.assertEquals("INTERNAL", json.getString("source"));
        Assert.assertEquals("Something is vulnerable", json.getString("description"));
        Assert.assertEquals(6.0, json.getJsonNumber("cvssV2BaseScore").doubleValue(), 0);
        Assert.assertEquals(6.4, json.getJsonNumber("cvssV2ImpactSubScore").doubleValue(), 0);
        Assert.assertEquals(6.8, json.getJsonNumber("cvssV2ExploitabilitySubScore").doubleValue(), 0);
        Assert.assertEquals("(AV:N/AC:M/Au:S/C:P/I:P/A:P)", json.getString("cvssV2Vector"));
        Assert.assertEquals(6.3, json.getJsonNumber("cvssV3BaseScore").doubleValue(), 0);
        Assert.assertEquals(3.4, json.getJsonNumber("cvssV3ImpactSubScore").doubleValue(), 0);
        Assert.assertEquals(2.8, json.getJsonNumber("cvssV3ExploitabilitySubScore").doubleValue(), 0);
        Assert.assertEquals("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", json.getString("cvssV3Vector"));
        Assert.assertEquals("MEDIUM", json.getString("severity"));
        Assert.assertEquals(80, json.getJsonObject("cwe").getInt("cweId"));
        Assert.assertEquals("Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", json.getJsonObject("cwe").getString("name"));
        Assert.assertTrue(UuidUtil.isValidUUID(json.getString("uuid")));
    }

    @Test
    public void updateVulnerabilityInvalidTest() {
        JsonObject payload = Json.createObjectBuilder()
                .add("vulnId", "ACME-1")
                .add("description", "Something is vulnerable")
                .add("cwe", Json.createObjectBuilder().add("cweId", 80))
                .add("cvssV2Vector", "(AV:N/AC:M/Au:S/C:P/I:P/A:P)")
                .add("cvssV3Vector", "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L")
                .add("uuid", UUID.randomUUID().toString())
                .build();
        Response response = target(V1_VULNERABILITY).request()
                .header(X_API_KEY, apiKey)
                .post(Entity.json(payload.toString()));
        Assert.assertEquals(404, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("The vulnerability could not be found.", body);
    }

    @Test
    public void updateVulnerabilityUnchangableTest() {
        Vulnerability vuln = new Vulnerability();
        vuln.setVulnId("ACME-1");
        vuln.setSource(Vulnerability.Source.INTERNAL);
        qm.createVulnerability(vuln, false);
        JsonObject payload = Json.createObjectBuilder()
                .add("vulnId", "ACME-2")
                .add("description", "Something is vulnerable")
                .add("cwe", Json.createObjectBuilder().add("cweId", 80))
                .add("cvssV2Vector", "(AV:N/AC:M/Au:S/C:P/I:P/A:P)")
                .add("cvssV3Vector", "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L")
                .add("uuid", vuln.getUuid().toString())
                .build();
        Response response = target(V1_VULNERABILITY).request()
                .header(X_API_KEY, apiKey)
                .post(Entity.json(payload.toString()));
        Assert.assertEquals(406, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("The vulnId may not be changed.", body);
    }

    @Test
    public void assignVulnerabilityTest() {
        Vulnerability vuln = new Vulnerability();
        vuln.setVulnId("ACME-1");
        vuln.setSource(Vulnerability.Source.INTERNAL);
        qm.createVulnerability(vuln, false);
        Component comp = new Component();
        comp.setName("Test Component");
        comp = qm.createComponent(comp, false);
        Response response = target(V1_VULNERABILITY + "/source/INTERNAL/vuln/ACME-1/component/" + comp.getUuid().toString()).request()
                .header(X_API_KEY, apiKey)
                .post(Entity.entity(null, MediaType.APPLICATION_JSON));
        Assert.assertEquals(200, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
    }

    @Test
    public void assignVulnerabilityInvalidVulnerabilityTest() {
        Component comp = new Component();
        comp.setName("Test Component");
        comp = qm.createComponent(comp, false);
        Response response = target(V1_VULNERABILITY + "/source/INTERNAL/vuln/BLAH/component/" + comp.getUuid().toString()).request()
                .header(X_API_KEY, apiKey)
                .post(Entity.entity(null, MediaType.APPLICATION_JSON));
        Assert.assertEquals(404, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("The vulnerability could not be found.", body);
    }

    @Test
    public void assignVulnerabilityInvalidComponentTest() {
        Vulnerability vuln = new Vulnerability();
        vuln.setVulnId("ACME-1");
        vuln.setSource(Vulnerability.Source.INTERNAL);
        qm.createVulnerability(vuln, false);
        Response response = target(V1_VULNERABILITY + "/source/INTERNAL/vuln/ACME-1/component/" + UUID.randomUUID().toString()).request()
                .header(X_API_KEY, apiKey)
                .post(Entity.entity(null, MediaType.APPLICATION_JSON));
        Assert.assertEquals(404, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("The component could not be found.", body);
    }

    @Test
    public void assignVulnerabilityByUuidTest() {
        Vulnerability vuln = new Vulnerability();
        vuln.setVulnId("ACME-1");
        vuln.setSource(Vulnerability.Source.INTERNAL);
        vuln = qm.createVulnerability(vuln, false);
        Component comp = new Component();
        comp.setName("Test Component");
        comp = qm.createComponent(comp, false);
        Response response = target(V1_VULNERABILITY + "/" + vuln.getUuid().toString() + "/component/" + comp.getUuid().toString()).request()
                .header(X_API_KEY, apiKey)
                .post(Entity.entity(null, MediaType.APPLICATION_JSON));
        Assert.assertEquals(200, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
    }

    @Test
    public void assignVulnerabilityByUuidInvalidVulnerabilityTest() {
        Component comp = new Component();
        comp.setName("Test Component");
        comp = qm.createComponent(comp, false);
        Response response = target(V1_VULNERABILITY + "/" + UUID.randomUUID().toString() + "/component/" + comp.getUuid().toString()).request()
                .header(X_API_KEY, apiKey)
                .post(Entity.entity(null, MediaType.APPLICATION_JSON));
        Assert.assertEquals(404, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("The vulnerability could not be found.", body);
    }

    @Test
    public void assignVulnerabilityByUuidInvalidComponentTest() {
        Vulnerability vuln = new Vulnerability();
        vuln.setVulnId("ACME-1");
        vuln.setSource(Vulnerability.Source.INTERNAL);
        vuln = qm.createVulnerability(vuln, false);
        Response response = target(V1_VULNERABILITY + "/" + vuln.getUuid().toString() + "/component/" + UUID.randomUUID().toString()).request()
                .header(X_API_KEY, apiKey)
                .post(Entity.entity(null, MediaType.APPLICATION_JSON));
        Assert.assertEquals(404, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("The component could not be found.", body);
    }

    @Test
    public void unassignVulnerabilityTest() {
        Vulnerability vuln = new Vulnerability();
        vuln.setVulnId("ACME-1");
        vuln.setSource(Vulnerability.Source.INTERNAL);
        qm.createVulnerability(vuln, false);
        Component comp = new Component();
        comp.setName("Test Component");
        comp = qm.createComponent(comp, false);
        Response response = target(V1_VULNERABILITY + "/source/INTERNAL/vuln/ACME-1/component/" + comp.getUuid().toString()).request()
                .header(X_API_KEY, apiKey)
                .delete();
        Assert.assertEquals(200, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
    }

    @Test
    public void unassignVulnerabilityInvalidVulnerabilityTest() {
        Component comp = new Component();
        comp.setName("Test Component");
        comp = qm.createComponent(comp, false);
        Response response = target(V1_VULNERABILITY + "/source/INTERNAL/vuln/BLAH/component/" + comp.getUuid().toString()).request()
                .header(X_API_KEY, apiKey)
                .delete();
        Assert.assertEquals(404, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("The vulnerability could not be found.", body);
    }

    @Test
    public void unassignVulnerabilityInvalidComponentTest() {
        Vulnerability vuln = new Vulnerability();
        vuln.setVulnId("ACME-1");
        vuln.setSource(Vulnerability.Source.INTERNAL);
        qm.createVulnerability(vuln, false);
        Response response = target(V1_VULNERABILITY + "/source/INTERNAL/vuln/ACME-1/component/" + UUID.randomUUID().toString()).request()
                .header(X_API_KEY, apiKey)
                .delete();
        Assert.assertEquals(404, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("The component could not be found.", body);
    }

    @Test
    public void unassignVulnerabilityByUuidTest() {
        Vulnerability vuln = new Vulnerability();
        vuln.setVulnId("ACME-1");
        vuln.setSource(Vulnerability.Source.INTERNAL);
        vuln = qm.createVulnerability(vuln, false);
        Component comp = new Component();
        comp.setName("Test Component");
        comp = qm.createComponent(comp, false);
        Response response = target(V1_VULNERABILITY + "/" + vuln.getUuid().toString() + "/component/" + comp.getUuid().toString()).request()
                .header(X_API_KEY, apiKey)
                .delete();
        Assert.assertEquals(200, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
    }

    @Test
    public void unassignVulnerabilityByUuidInvalidVulnerabilityTest() {
        Component comp = new Component();
        comp.setName("Test Component");
        comp = qm.createComponent(comp, false);
        Response response = target(V1_VULNERABILITY + "/" + UUID.randomUUID().toString() + "/component/" + comp.getUuid().toString()).request()
                .header(X_API_KEY, apiKey)
                .delete();
        Assert.assertEquals(404, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("The vulnerability could not be found.", body);
    }

    @Test
    public void unassignVulnerabilityByUuidInvalidComponentTest() {
        Vulnerability vuln = new Vulnerability();
        vuln.setVulnId("ACME-1");
        vuln.setSource(Vulnerability.Source.INTERNAL);
        vuln = qm.createVulnerability(vuln, false);
        Response response = target(V1_VULNERABILITY + "/" + vuln.getUuid().toString() + "/component/" + UUID.randomUUID().toString()).request()
                .header(X_API_KEY, apiKey)
                .delete();
        Assert.assertEquals(404, response.getStatus(), 0);
        Assert.assertNull(response.getHeaderString(TOTAL_COUNT_HEADER));
        String body = getPlainTextBody(response);
        Assert.assertEquals("The component could not be found.", body);
    }

    private class SampleData {
        final Project p1;
        final Project p2;
        final Component c1;
        final Component c2;
        final Vulnerability v1;
        final Vulnerability v2;
        final Vulnerability v3;
        final Vulnerability v4;
        final Vulnerability v5;

        SampleData() throws Exception {
            new CweImporter().processCweDefinitions();
            c1 = new Component();
            c1.setName("Component 1");
            c1.setMd5("2AAF520D1F19AECF246A0995D91E93A5");
            c1.setSha1("3D5A54669CF8D4ED55B7DF5751FA18C3F72F0CFB");
            c1.setSha256("47602D7DFE910AD941FEA52E85E6E3F1C175434B0E6E261C31C766FE4C078A25");
            c2 = new Component();
            c2.setName("Component 2");
            c1.setMd5("5EABD62FA03D159A96C77E6EEB6C7027");
            c1.setSha1("108BCF94A1C0E0F915B935C97F6BB9E50FB7C246");
            c1.setSha256("418716B003FE0268B6521EF7ACBED13F5BA491D593896D5DEB2058C42D87002D");
            qm.createComponent(c1, false);
            qm.createComponent(c2, false);

            v1 = new Vulnerability();
            v1.setVulnId("INT-1");
            v1.setSource(Vulnerability.Source.INTERNAL);
            v1.setSeverity(Severity.CRITICAL);
            v1.setDescription("Description 1");

            v2 = new Vulnerability();
            v2.setVulnId("INT-2");
            v2.setSource(Vulnerability.Source.INTERNAL);
            v2.setSeverity(Severity.HIGH);
            v2.setDescription("Description 2");

            v3 = new Vulnerability();
            v3.setVulnId("INT-3");
            v3.setSource(Vulnerability.Source.INTERNAL);
            v3.setSeverity(Severity.MEDIUM);
            v3.setDescription("Description 3");

            v4 = new Vulnerability();
            v4.setVulnId("INT-4");
            v4.setSource(Vulnerability.Source.INTERNAL);
            v4.setSeverity(Severity.LOW);
            v4.setDescription("Description 4");

            v5 = new Vulnerability();
            v5.setVulnId("INT-5");
            v5.setSource(Vulnerability.Source.INTERNAL);
            v5.setSeverity(Severity.CRITICAL);
            v5.setDescription("Description 5");

            qm.createVulnerability(v1, false);
            qm.createVulnerability(v2, false);
            qm.createVulnerability(v3, false);
            qm.createVulnerability(v4, false);
            qm.createVulnerability(v5, false);
            qm.addVulnerability(v1, c1);
            qm.addVulnerability(v2, c1);
            qm.addVulnerability(v3, c1);
            qm.addVulnerability(v4, c2);
            qm.addVulnerability(v5, c2);

            p1 = qm.createProject("Project 1", null, null, null, null, null, true, false);
            p2 = qm.createProject("Project 2", null, null, null, null, null, true, false);

            qm.createDependencyIfNotExist(p1, c1, null, null);
            qm.createDependencyIfNotExist(p1, c2, null, null);
            qm.createDependencyIfNotExist(p2, c2, null, null);

            qm.makeAnalysis(null, c1, v3, AnalysisState.FALSE_POSITIVE, true);
            qm.makeAnalysis(p2, c2, v5, AnalysisState.NOT_AFFECTED, true);
        }
    }
}