feat: load, persist and export CBOM 1.6 data

Signed-off-by: san-zrl <[email protected]>

fix: added CryptoAssetsResource

Signed-off-by: san-zrl <[email protected]>

added getAllCryptoAssets() perr project and globally

Signed-off-by: san-zrl <[email protected]>

src/main/java/org/dependencytrack/metrics/Metrics.java

@@ -87,4 +87,12 @@ public static void updateComponentMetrics(final UUID componentUuid) {
                 .invoke());
     }
 
+    /**
+     * Update metrics related to cryptography.
+     *
+     * @since 5.5.0
+     */
+    public static void updateCryptographyMetrics() {
+        useJdbiHandle(handle -> handle.createCall("CALL \"UPDATE_CRYPTOGRAPHY_METRICS\"()").invoke());
+    }
 }

src/main/java/org/dependencytrack/model/CipherSuite.java

@@ -0,0 +1,88 @@
+/*
+ * This file is part of Dependency-Track.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * Copyright (c) OWASP Foundation. All Rights Reserved.
+ */
+package org.dependencytrack.model;
+
+import java.io.Serializable;
+import java.util.List;
+
+import javax.jdo.annotations.Column;
+import javax.jdo.annotations.Element;
+import javax.jdo.annotations.Extension;
+import javax.jdo.annotations.IdGeneratorStrategy;
+import javax.jdo.annotations.Join;
+import javax.jdo.annotations.Order;
+import javax.jdo.annotations.PersistenceCapable;
+import javax.jdo.annotations.Persistent;
+import javax.jdo.annotations.PrimaryKey;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonInclude;
+
+@PersistenceCapable(table = "CIPHER_SUITE")
+@JsonInclude(JsonInclude.Include.NON_NULL)
+public class CipherSuite implements Serializable {
+
+    private static final long serialVersionUID = 8548267900098588016L;
+
+    @PrimaryKey
+    @Persistent(valueStrategy = IdGeneratorStrategy.NATIVE)
+    @JsonIgnore
+    private long id;
+
+    @Persistent
+    @Column(name = "NAME", jdbcType = "VARCHAR", length=64)
+    private String name;
+
+    @Persistent(table = "CIPHER_SUITE_ALGORITHM", defaultFetchGroup = "true")
+    @Join(column = "CIPHER_SUITE_ID")
+    @Element(column = "ALGORITHM", dependent = "true")
+    @Order(extensions = @Extension(vendorName = "datanucleus", key = "list-ordering", value = "id ASC"))
+    private List<String> algorithms;
+
+    @Persistent(table = "CIPHER_SUITE_IDENTIFIER", defaultFetchGroup = "true")
+    @Join(column = "CIPHER_SUITE_ID")
+    @Element(column = "IDENTIFIER", dependent = "true")
+    @Order(extensions = @Extension(vendorName = "datanucleus", key = "list-ordering", value = "id ASC"))
+    private List<String> identifiers;
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public List<String> getAlgorithms() {
+        return algorithms;
+    }
+
+    public void setAlgorithms(List<String> algorithms) {
+        this.algorithms = algorithms;
+    }
+
+    public List<String> getIdentifiers() {
+        return identifiers;
+    }
+
+    public void setIdentifiers(List<String> identifiers) {
+        this.identifiers = identifiers;
+    }
+}
+

src/main/java/org/dependencytrack/model/Classifier.java

@@ -36,5 +36,6 @@ public enum Classifier {
     PLATFORM,
     DEVICE_DRIVER,
     MACHINE_LEARNING_MODEL,
-    DATA
+    DATA,
+    CRYPTOGRAPHIC_ASSET
 }

src/main/java/org/dependencytrack/model/Component.java

@@ -78,6 +78,7 @@
                 @Persistent(name = "children"),
                 @Persistent(name = "properties"),
                 @Persistent(name = "vulnerabilities"),
+                @Persistent(name = "cryptoAssetProperties")
         }),
         @FetchGroup(name = "IDENTITY", members = {
                 @Persistent(name = "id"),
@@ -390,6 +391,17 @@ public enum FetchGroup {
     @NotNull
     private UUID uuid;
 
+    @Persistent(defaultFetchGroup = "true", dependent = "true")
+    @Index(name = "COMPONENT_CRYPTO_PROPERTIES_ID_IDX")
+    @Column(name = "CRYPTO_PROPERTIES_ID", allowsNull = "true")
+    private CryptoAssetProperties cryptoAssetProperties;
+
+    @Persistent(table = "COMPONENT_OCCURRENCES")
+    @Join(column = "COMPONENT_ID")
+    @Element(column = "OCCURRENCE_ID", dependent = "true")
+    @Order(extensions = @Extension(vendorName = "datanucleus", key = "list-ordering", value = "id ASC"))
+    private List<Occurrence> occurrences;
+
     private transient String bomRef;
     private transient List<org.cyclonedx.model.License> licenseCandidates;
     private transient DependencyMetrics metrics;
@@ -886,6 +898,21 @@ public String getAuthor(){
     public void setAuthor(String author){
         this.author=author;
     }
+    public CryptoAssetProperties getCryptoAssetProperties() {
+        return cryptoAssetProperties;
+    }
+
+    public void setCryptoAssetProperties(CryptoAssetProperties cryptoAssetProperties) {
+        this.cryptoAssetProperties = cryptoAssetProperties;
+    }
+
+    public List<Occurrence> getOccurrences() {
+        return occurrences;
+    }
+
+    public void setOccurrences(List<Occurrence> occurrences) {
+        this.occurrences = occurrences;
+    }
 
     @Override
     public String toString() {

src/main/java/org/dependencytrack/model/ComponentIdentity.java

@@ -20,6 +20,8 @@
 
 import com.github.packageurl.MalformedPackageURLException;
 import com.github.packageurl.PackageURL;
+
+import org.cyclonedx.model.component.crypto.enums.AssetType;
 import org.dependencytrack.util.PurlUtil;
 import org.json.JSONObject;
 
@@ -47,6 +49,8 @@ public enum ObjectType {
     private String name;
     private String version;
     private UUID uuid;
+    private String oid;
+    private AssetType assetType;
 
     public ComponentIdentity(final PackageURL purl, final String cpe, final String swidTagId,
                              final String group, final String name, final String version) {
@@ -70,6 +74,8 @@ public ComponentIdentity(final Component component) {
         this.version = component.getVersion();
         this.uuid = component.getUuid();
         this.objectType = ObjectType.COMPONENT;
+        this.assetType = component.getCryptoAssetProperties() != null ? component.getCryptoAssetProperties().getAssetType() : null;
+        this.oid = component.getCryptoAssetProperties() != null ? component.getCryptoAssetProperties().getOid() : null;
     }
 
     public ComponentIdentity(final org.cyclonedx.model.Component component) {
@@ -85,6 +91,8 @@ public ComponentIdentity(final org.cyclonedx.model.Component component) {
         this.name = component.getName();
         this.version = component.getVersion();
         this.objectType = ObjectType.COMPONENT;
+        this.assetType = component.getCryptoProperties() != null ? component.getCryptoProperties().getAssetType() : null;
+        this.oid = component.getCryptoProperties() != null ? component.getCryptoProperties().getOid() : null;
     }
 
     public ComponentIdentity(final ServiceComponent service) {
@@ -102,6 +110,12 @@ public ComponentIdentity(final org.cyclonedx.model.Service service) {
         this.objectType = ObjectType.SERVICE;
     }
 
+    // search crypto assets by asset type
+    public ComponentIdentity(AssetType assetType) {
+        this.objectType = ObjectType.COMPONENT;
+        this.assetType = assetType;
+    }
+
     public ObjectType getObjectType() {
         return objectType;
     }
@@ -138,17 +152,43 @@ public UUID getUuid() {
         return uuid;
     }
 
-    @Override
+    public AssetType getAssetType() {
+        return assetType;
+    }
+
+    public void setAssetType(AssetType assetType) {
+        this.assetType = assetType;
+    }
+
+    public String getOid() {
+        return oid;
+    }
+
+    public void setOid(String oid) {
+        this.oid = oid;
+    }
+
+     @Override
     public boolean equals(final Object o) {
         if (this == o) return true;
         if (o == null || getClass() != o.getClass()) return false;
         final ComponentIdentity that = (ComponentIdentity) o;
-        return objectType == that.objectType && Objects.equals(purl, that.purl) && Objects.equals(purlCoordinates, that.purlCoordinates) && Objects.equals(cpe, that.cpe) && Objects.equals(swidTagId, that.swidTagId) && Objects.equals(group, that.group) && Objects.equals(name, that.name) && Objects.equals(version, that.version) && Objects.equals(uuid, that.uuid);
+        return objectType == that.objectType &&
+            Objects.equals(purl, that.purl) &&
+            Objects.equals(purlCoordinates, that.purlCoordinates) &&
+            Objects.equals(cpe, that.cpe) &&
+            Objects.equals(swidTagId, that.swidTagId) &&
+            Objects.equals(group, that.group) &&
+            Objects.equals(name, that.name) &&
+            Objects.equals(version, that.version) &&
+            Objects.equals(uuid, that.uuid) &&
+            assetType == that.assetType &&
+            Objects.equals(oid, that.oid);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(objectType, purl, purlCoordinates, cpe, swidTagId, group, name, version, uuid);
+        return Objects.hash(objectType, purl, purlCoordinates, cpe, swidTagId, group, name, version, uuid, assetType, oid);
     }
 
     public JSONObject toJSON() {