Merge branch 'main' into fix/REST/removeExtraBracketsFromEmbeddedResponse

Author: afsahsyeda

.github/workflows/build_and_test.yml

@@ -53,7 +53,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 

.github/workflows/codeql.yml

@@ -59,7 +59,7 @@ jobs:
         # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 

.github/workflows/dependency-review.yml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 

.github/workflows/scorecard.yml

@@ -31,7 +31,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 
@@ -48,7 +48,7 @@ jobs:
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
+        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
         with:
           name: SARIF file
           path: results.sarif

.github/workflows/sw360_container.yml

@@ -44,7 +44,7 @@ jobs:
       sw360_version: ${{ steps.pom_version.outputs.SW360_VERSION }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 
@@ -74,7 +74,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 

.github/workflows/thrift_container.yml

@@ -35,7 +35,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@5ef0c079ce82195b2a36a210272d6b661572d83e # v2.14.2
+        uses: step-security/harden-runner@a90bcbc6539c36a85cdfeb73f7e2f433735f215b # v2.15.0
         with:
           egress-policy: audit
 

backend/common/src/main/java/org/eclipse/sw360/datahandler/db/ProjectDatabaseHandler.java

@@ -35,8 +35,7 @@
 import org.eclipse.sw360.datahandler.permissions.PermissionUtils;
 import org.eclipse.sw360.datahandler.permissions.ProjectPermissions;
 import org.eclipse.sw360.datahandler.thrift.*;
-import org.eclipse.sw360.datahandler.thrift.attachments.Attachment;
-import org.eclipse.sw360.datahandler.thrift.attachments.AttachmentContent;
+import org.eclipse.sw360.datahandler.thrift.attachments.*;
 import org.eclipse.sw360.datahandler.thrift.changelogs.ChangeLogs;
 import org.eclipse.sw360.datahandler.thrift.changelogs.Operation;
 import org.eclipse.sw360.datahandler.thrift.components.*;
@@ -80,8 +79,7 @@
 import static org.eclipse.sw360.datahandler.common.SW360Assert.assertId;
 import static org.eclipse.sw360.datahandler.common.SW360Assert.assertNotNull;
 import static org.eclipse.sw360.datahandler.common.SW360Assert.fail;
-import static org.eclipse.sw360.datahandler.common.SW360ConfigKeys.IS_PACKAGE_PORTLET_ENABLED;
-import static org.eclipse.sw360.datahandler.common.SW360ConfigKeys.MAINLINE_STATE_ENABLED_FOR_USER;
+import static org.eclipse.sw360.datahandler.common.SW360ConfigKeys.*;
 import static org.eclipse.sw360.datahandler.common.SW360Utils.getBUFromOrganisation;
 import static org.eclipse.sw360.datahandler.common.SW360Utils.getCreatedOn;
 import static org.eclipse.sw360.datahandler.common.SW360Utils.printName;
@@ -154,6 +152,7 @@ public class ProjectDatabaseHandler extends AttachmentAwareDatabaseHandler {
             Project._Fields.LICENSE_INFO_HEADER_TEXT);
     private Map<String, Project> cachedAllProjectsIdMap;
     private Instant cachedAllProjectsIdMapLoadingInstant;
+    private final ThriftClients thriftClients;
 
     public ProjectDatabaseHandler(Cloudant client, String dbName, String attachmentDbName) throws MalformedURLException {
         this(client, dbName, attachmentDbName, new ProjectModerator(),
@@ -204,6 +203,8 @@ public ProjectDatabaseHandler(Cloudant client, String dbName, String attachmentD
         this.packageDatabaseHandler = packageDatabaseHandler;
         DatabaseConnectorCloudant dbChangelogs = new DatabaseConnectorCloudant(client, DatabaseSettings.COUCH_DB_CHANGE_LOGS);
         this.dbHandlerUtil = new DatabaseHandlerUtil(dbChangelogs);
+
+        thriftClients = new ThriftClients();
     }
 
     /////////////////////
@@ -425,6 +426,10 @@ public AddDocumentRequestSummary addProject(Project project, User user) throws S
         // Add project to database and return ID
         repository.add(project);
 
+        if (SW360Utils.readConfig(INHERIT_ATTACHMENT_USAGES, false) && !CommonUtils.isNullOrEmptyMap(project.getLinkedProjects())) {
+            saveAttachmentUsages(project);
+        }
+
         dbHandlerUtil.addChangeLogs(project, null, user.getEmail(), Operation.CREATE, null, Lists.newArrayList(),
                 null, null);
         sendMailNotificationsForNewProject(project, user.getEmail());
@@ -480,6 +485,16 @@ public RequestStatus updateProject(Project project, User user, boolean forceUpda
             updateProjectDependentLinkedFields(project, actual);
             project.unsetVendor();
             updateModifiedFields(project, user.getEmail());
+
+            if (SW360Utils.readConfig(INHERIT_ATTACHMENT_USAGES, false)) {
+                Set<String> newLinkedProjects = CommonUtils.isNullOrEmptyMap(project.getLinkedProjects()) ? new HashSet<>() : new HashSet<>(project.getLinkedProjects().keySet());
+                Set<String> actualLinkedProjects = CommonUtils.isNullOrEmptyMap(actual.getLinkedProjects()) ? new HashSet<>() : actual.getLinkedProjects().keySet();
+
+                newLinkedProjects.removeAll(actualLinkedProjects);
+                if (!newLinkedProjects.isEmpty()) {
+                    saveAttachmentUsages(project);
+                }
+            }
             repository.update(project);
 
             List<ChangeLogs> referenceDocLogList=new LinkedList<>();
@@ -504,6 +519,62 @@ public RequestStatus updateProject(Project project, User user, boolean forceUpda
         }
     }
 
+    private void saveAttachmentUsages(Project project) {
+        AttachmentService.Iface attachmentClient = thriftClients.makeAttachmentClient();
+        String projectId = project.getId();
+        List<String> projectPaths = new ArrayList<>();
+
+        buildProjectPaths(project,null,projectPaths);
+        projectPaths.remove(project.getId());
+        try {
+            if (!projectPaths.isEmpty()) {
+                List<AttachmentUsage> newAttachmentUsages = parseAttachmentUsages(projectPaths,projectId);
+                attachmentClient.makeAttachmentUsages(newAttachmentUsages);
+            }
+        } catch (TException e) {
+            log.error("Saving attachment usages for project " + projectId + " failed", e);
+        }
+    }
+
+    void buildProjectPaths(Project project, String parentPath, List<String> results) {
+        String currentPath = parentPath == null ? project.getId() : parentPath + ":" + project.getId();
+        if(CommonUtils.isNullOrEmptyMap(project.getLinkedProjects())) {
+            results.add(currentPath);
+        }
+        else {
+            for(Map.Entry<String,ProjectProjectRelationship> entry: project.getLinkedProjects().entrySet()) {
+                buildProjectPaths(repository.get(entry.getKey()), currentPath, results);
+            }
+            results.add(currentPath);
+        }
+    }
+
+    private List<AttachmentUsage> parseAttachmentUsages(List<String> projectPaths, String projectId) {
+        List<AttachmentUsage> result = new ArrayList<>();
+        try {
+            for(String projectPath: projectPaths) {
+                String[] pathArray = projectPath.split(":");
+                String subProjectId = pathArray[pathArray.length-1];
+                List<AttachmentUsage> subProjectAttachmentUsages = thriftClients.makeAttachmentClient().getUsedAttachments(Source.projectId(subProjectId), null);
+
+                for(AttachmentUsage usage: subProjectAttachmentUsages) {
+                    String releaseId = usage.getOwner().getReleaseId();
+                    String attachmentContentId = usage.getAttachmentContentId();
+                    AttachmentUsage newUsage = new AttachmentUsage(Source.releaseId(releaseId), attachmentContentId, Source.projectId(projectId));
+                    final UsageData usageData;
+                    LicenseInfoUsage licenseInfoUsage = new LicenseInfoUsage(Collections.emptySet());
+                    licenseInfoUsage.setProjectPath(projectPath);
+                    usageData = UsageData.licenseInfo(licenseInfoUsage);
+                    newUsage.setUsageData(usageData);
+                    result.add(newUsage);
+                }
+            }
+        } catch (TException e) {
+            log.error("Saving attachment usages for project " + projectId + " failed", e);
+        }
+        return result;
+    }
+
     private void setRequestedDateAndTrimComment(Project project, Project actual, User user) {
         Set<String> actualReleaseIds = null;
         if (Objects.nonNull(actual) && Objects.nonNull(actual.getReleaseIdToUsage())) {
@@ -862,7 +933,7 @@ private boolean isLinkedReleasesUpdateFromLinkedPackagesFailed(Project updatedPr
         final ProjectReleaseRelationship releaseRelation = new ProjectReleaseRelationship(ReleaseRelationship.UNKNOWN, MainlineState.OPEN);
         if (CommonUtils.isNotEmpty(linkedPacakgeIds)) {
             try {
-                PackageService.Iface packageClient = new ThriftClients().makePackageClient();
+                PackageService.Iface packageClient = thriftClients.makePackageClient();
                 List<Package> addedPackages = packageClient.getPackageByIds(linkedPacakgeIds);
 
                 Map<String, ProjectReleaseRelationship> releaseIdToUsageMap = addedPackages.stream().map(Package::getReleaseId)
@@ -894,7 +965,7 @@ private boolean isLinkedReleasesUpdateFromLinkedPackagesFailed(Project updatedPr
 
         if (CommonUtils.isNotEmpty(unlinkedPacakgeIds)) {
             try {
-                PackageService.Iface packageClient = new ThriftClients().makePackageClient();
+                PackageService.Iface packageClient = thriftClients.makePackageClient();
                 List<Package> removedPackages = packageClient.getPackageWithReleaseByPackageIds(unlinkedPacakgeIds);
 
                 Map<String, Set<String>> releaseIdToPackageIdsMap = removedPackages.stream()
@@ -2064,7 +2135,6 @@ private void propagateSecurityResponsiblesToLinkedProjects(Set<String> responsib
     }
 
     private Map<String, String> getGidsByEmail() throws TException {
-        ThriftClients thriftClients = new ThriftClients();
         UserService.Iface userClient = thriftClients.makeUserClient();
         Map<String, String> gidByEmail = new HashMap<>();
         userClient
@@ -2386,7 +2456,6 @@ public ByteBuffer getReportDataStream(User user, boolean extendedByReleases, Str
      }
 
     private ProjectExporter getProjectExporterObject(List<Project> documents, User user, boolean extendedByReleases) throws SW360Exception {
-    	ThriftClients thriftClients = new ThriftClients();
     	return new ProjectExporter(thriftClients.makeComponentClient(),
                 thriftClients.makeProjectClient(), user, documents, extendedByReleases);
     }
@@ -2409,7 +2478,7 @@ public String getReportInEmail(User user,
 
      private List<Project> getProjectDetailsBasedOnId(User user, String projectId) throws TException {
          final Collection<ProjectLink> projectLinks = SW360Utils.getLinkedProjectsAsFlatList(projectId, true,
-                 new ThriftClients(), log, user);
+                 thriftClients, log, user);
          if (projectLinks.isEmpty()) {
              throw new TException("For the projectId : " + projectId
                      + ", No data available. Please check the projectId and try again.");
@@ -2419,7 +2488,6 @@ private List<Project> getProjectDetailsBasedOnId(User user, String projectId) th
      }
 
      public ByteBuffer downloadExcel(User user, boolean extendedByReleases, String token) throws SW360Exception {
-        ThriftClients thriftClients = new ThriftClients();
         ProjectExporter exporter = new ProjectExporter(thriftClients.makeComponentClient(),
 				thriftClients.makeProjectClient(), user, extendedByReleases);
 		try {

backend/common/src/main/java/org/eclipse/sw360/datahandler/db/SW360ConfigsDatabaseHandler.java

@@ -90,6 +90,7 @@ private void loadToConfigsInMemForSw360(ConfigContainer configContainer) {
                 .put(VCS_HOSTS, getOrDefault(configContainer, VCS_HOSTS, "[]"))
                 .put(NON_PKG_MANAGED_COMPS_PROP, getOrDefault(configContainer, NON_PKG_MANAGED_COMPS_PROP, ""))
                 .put(REST_API_TOKEN_LENGTH, getOrDefault(configContainer, REST_API_TOKEN_LENGTH, "20"))
+                .put(INHERIT_ATTACHMENT_USAGES, getOrDefault(configContainer, INHERIT_ATTACHMENT_USAGES, "false"))
             .build();
         putInMemory(ConfigFor.SW360_CONFIGURATION, configMap);
     }
@@ -199,6 +200,7 @@ private boolean isConfigValid(String configKey, String configValue) {
                  DISABLE_CLEARING_FOSSOLOGY_REPORT_DOWNLOAD,
                  IS_BULK_RELEASE_DELETING_ENABLED,
                  IS_PACKAGE_PORTLET_ENABLED,
+                 INHERIT_ATTACHMENT_USAGES,
                  IS_ADMIN_PRIVATE_ACCESS_ENABLED,
                  UI_CLEARING_TEAM_UNKNOWN_ENABLED,
                  UI_CUSTOM_WELCOME_PAGE_GUIDELINE,

backend/moderation/src/main/java/org/eclipse/sw360/moderation/ModerationHandler.java

@@ -430,4 +430,12 @@ public Map<PaginationData, List<ClearingRequest>> searchClearingRequestsByFilter
 
         return handler.searchClearingRequestsByFilters(user, filterMap, pageData);
     }
+
+    @Override
+    public RequestStatus deleteClearingRequest(String id, User user) throws TException {
+        assertId(id);
+        assertUser(user);
+
+        return handler.deleteClearingRequest(id, user);
+    }
 }

backend/moderation/src/main/java/org/eclipse/sw360/moderation/db/ModerationDatabaseHandler.java

@@ -63,6 +63,8 @@
 import org.apache.thrift.TException;
 import org.jetbrains.annotations.NotNull;
 
+import com.ibm.cloud.sdk.core.service.exception.ServiceResponseException;
+
 import java.net.MalformedURLException;
 import java.util.*;
 import java.util.Map.Entry;
@@ -308,18 +310,84 @@ public RequestStatus updateClearingRequest(ClearingRequest request, User user, S
     }
 
     public void updateClearingRequestForProjectDeletion(Project project, User user) {
-        ClearingRequest clearingRequest = clearingRequestRepository.get(project.getClearingRequestId());
-        Comment comment = new Comment().setText(new StringBuilder("Clearing Request is orphaned, as project (name): <b>")
-                .append(SW360Utils.printName(project))
-                .append("</b> associated with CR is deleted!").toString());
+        String clearingRequestId = project.getClearingRequestId();
+        if (CommonUtils.isNullEmptyOrWhitespace(clearingRequestId)) {
+            log.info("No clearing request id set for project {} deletion.", project.getId());
+            return;
+        }
+
+        ClearingRequest clearingRequest;
+        try {
+            clearingRequest = clearingRequestRepository.get(clearingRequestId);
+        } catch (ServiceResponseException e) {
+            log.error(
+                    "Failed to retrieve clearing request for project deletion. Project: {}, CR-ID: {}",
+                    project.getId(),
+                    clearingRequestId,
+                    e);
+            return;
+        }
+
+        if (clearingRequest == null) {
+            log.info(
+                    "Clearing request {} not found for project {} deletion. It may have already been deleted.",
+                    clearingRequestId,
+                    project.getId());
+            return;
+        }
+
+        Comment comment = new Comment().setText("Clearing Request is orphaned, as project (name): <b>"
+                + SW360Utils.printName(project)
+                + "</b> associated with CR is deleted!");
         comment.setCommentedBy(user.getEmail());
         comment.setAutoGenerated(true);
         comment.setCommentedOn(System.currentTimeMillis());
         clearingRequest.unsetProjectId();
         clearingRequest.addToComments(comment);
         clearingRequest.setModifiedOn(System.currentTimeMillis());
         clearingRequest.unsetPriority();
-        clearingRequestRepository.update(clearingRequest);
+        try {
+            clearingRequestRepository.update(clearingRequest);
+        } catch (ServiceResponseException e) {
+            log.error(
+                    "Failed to update clearing request for project deletion. Project: {}, CR-ID: {}, User: {}",
+                    project.getId(),
+                    clearingRequestId,
+                    user.getEmail(),
+                    e);
+        }
+    }
+
+    public RequestStatus deleteClearingRequest(String id, User user) {
+        ClearingRequest clearingRequest = null;
+
+        try {
+            clearingRequest = clearingRequestRepository.get(id);
+        } catch (ServiceResponseException e) {
+            log.debug("Could not find clearing request by ID: " + id + ", trying as project ID");
+        }
+
+        if (clearingRequest == null) {
+            clearingRequest = clearingRequestRepository.getClearingRequestByProjectId(id);
+        }
+
+        if (clearingRequest != null) {
+            if (hasPermissionToDeleteClearingRequest(user, clearingRequest)) {
+                boolean succeeded = clearingRequestRepository.remove(clearingRequest);
+                return succeeded ? RequestStatus.SUCCESS : RequestStatus.FAILURE;
+            } else {
+                log.error("Problems deleting clearing request: User " + user.getEmail() + " tried to delete "
+                        + "clearing request with ID " + id);
+                return RequestStatus.FAILURE;
+            }
+        }
+        log.error("Clearing request to delete was null for ID: " + id);
+        return RequestStatus.FAILURE;
+    }
+
+    private boolean hasPermissionToDeleteClearingRequest(User user, ClearingRequest clearingRequest) {
+        boolean isCreator = clearingRequest.getRequestingUser().equals(user.getEmail());
+        return isCreator || PermissionUtils.isUserAtLeast(UserGroup.CLEARING_ADMIN, user);
     }
 
     public void updateClearingRequestForChangeInProjectBU(String crId, String businessUnit, User user) {