org.owasp.dependencytrack.listener.DefaultObjectGenerator.java Source code

Introduction

Here is the source code for org.owasp.dependencytrack.listener.DefaultObjectGenerator.java

Source

/*
 * This file is part of Dependency-Track.
 *
 * Dependency-Track is free software: you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation, either version 3 of the License, or (at your option) any
 * later version.
 *
 * Dependency-Track is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License along with
 * Dependency-Track. If not, see http://www.gnu.org/licenses/.
 */
package org.owasp.dependencytrack.listener;

import org.apache.commons.io.IOUtils;
import org.hibernate.Hibernate;
import org.hibernate.Query;
import org.hibernate.Session;
import org.owasp.dependencytrack.dao.BaseDao;
import org.owasp.dependencytrack.model.License;
import org.owasp.dependencytrack.model.Permissions;
import org.owasp.dependencytrack.model.Roles;
import org.owasp.dependencytrack.model.User;
import org.owasp.dependencytrack.service.UserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationListener;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.stereotype.Component;

import java.io.IOException;
import java.io.InputStream;
import java.sql.Blob;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CountDownLatch;

/**
 * Spring component that initializes all data objects necessary for a new install.
 *
 * @author Steve Springett (steve.springett@owasp.org)
 */
@Component
public class DefaultObjectGenerator extends BaseDao implements ApplicationListener<ContextRefreshedEvent> {

    static CountDownLatch initialised = new CountDownLatch(1);

    /**
     * Setup logger
     */
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultObjectGenerator.class);

    /**
     * Specify default license names and files
     */
    private static final LinkedHashMap<String, String> LICENSES;

    @Autowired
    UserService userService;

    private Session session;

    static {
        LICENSES = new LinkedHashMap<>();
        LICENSES.put("Apache License 1.0", "licenses/Apache/LICENSE-1.0.txt");
        LICENSES.put("Apache License 1.1", "licenses/Apache/LICENSE-1.1.txt");
        LICENSES.put("Apache License 2.0", "licenses/Apache/LICENSE-2.0.txt");
        LICENSES.put("BSD License - Original (4 Clause)", "licenses/BSD/bsd-original-4clause.txt");
        LICENSES.put("BSD License - Revised (3 Clause)", "licenses/BSD/bsd-revised-3clause.txt");
        LICENSES.put("BSD License - Simplified (2 Clause)", "licenses/BSD/bsd-simplified-2clause.txt");
        LICENSES.put("CDDL 1.0", "licenses/CDDL/cddl-1.0.txt");
        LICENSES.put("Common Public License 1.0", "licenses/CPL/cpl-1.0.txt");
        LICENSES.put("Eclipse Public License 1.0", "licenses/EPL/epl-1.0.txt");
        LICENSES.put("GNU Affero GPL 3.0", "licenses/GNU/agpl-3.0.txt");
        LICENSES.put("GNU GPL 1.0", "licenses/GNU/gpl-1.0.txt");
        LICENSES.put("GNU GPL 2.0", "licenses/GNU/gpl-2.0.txt");
        LICENSES.put("GNU GPL 3.0", "licenses/GNU/gpl-3.0.txt");
        LICENSES.put("GNU Lesser GPL 2.1", "licenses/GNU/lgpl-2.1.txt");
        LICENSES.put("GNU Lesser GPL 3.0", "licenses/GNU/lgpl-3.0.txt");
        LICENSES.put("MIT License", "licenses/MIT/license.txt");
        LICENSES.put("Mozilla Public License 1.0", "licenses/MPL/mpl-1.0.txt");
        LICENSES.put("Mozilla Public License 1.1", "licenses/MPL/mpl-1.1.txt");
        LICENSES.put("Mozilla Public License 2.0", "licenses/MPL/mpl-2.0.txt");
        LICENSES.put("Netscape Public License 1.0", "licenses/NPL/npl-1.0.txt");
        LICENSES.put("Netscape Public License 1.1", "licenses/NPL/npl-1.1.txt");
        LICENSES.put("PHP License 3.0", "licenses/PHP/php-3.0.txt");
        LICENSES.put("PHP License 3.01", "licenses/PHP/php-3.01.txt");
        LICENSES.put("Sun Public License 1.0", "licenses/SPL/spl-1.0.txt");
    }

    /**
     * Specify default Permission names
     */
    private static final LinkedHashMap<String, Roles.ROLE> PERMISSIONS = new LinkedHashMap<>();

    static {
        PERMISSIONS.put("applications", Roles.ROLE.USER);
        PERMISSIONS.put("searchApplication", Roles.ROLE.USER);
        PERMISSIONS.put("coarseSearchApplication", Roles.ROLE.USER);
        PERMISSIONS.put("keywordSearchLibraries", Roles.ROLE.USER);
        PERMISSIONS.put("libraryHierarchy", Roles.ROLE.USER);
        PERMISSIONS.put("applicationVersion", Roles.ROLE.USER);
        PERMISSIONS.put("vulnerabilities", Roles.ROLE.USER);
        PERMISSIONS.put("libraries", Roles.ROLE.USER);
        PERMISSIONS.put("downloadlicense", Roles.ROLE.USER);
        PERMISSIONS.put("viewlicense", Roles.ROLE.USER);
        PERMISSIONS.put("dcdata", Roles.ROLE.USER);
        PERMISSIONS.put("about", Roles.ROLE.USER);
        PERMISSIONS.put("dashboard", Roles.ROLE.USER);
        PERMISSIONS.put("addApplication", Roles.ROLE.MODERATOR);
        PERMISSIONS.put("updateApplication", Roles.ROLE.MODERATOR);
        PERMISSIONS.put("updateApplicationVersion", Roles.ROLE.MODERATOR);
        PERMISSIONS.put("deleteApplication", Roles.ROLE.MODERATOR);
        PERMISSIONS.put("deleteApplicationVersion", Roles.ROLE.MODERATOR);
        PERMISSIONS.put("addApplicationVersion", Roles.ROLE.MODERATOR);
        PERMISSIONS.put("addDependency", Roles.ROLE.MODERATOR);
        PERMISSIONS.put("deleteDependency", Roles.ROLE.MODERATOR);
        PERMISSIONS.put("cloneApplication", Roles.ROLE.MODERATOR);
        PERMISSIONS.put("cloneApplicationVersion", Roles.ROLE.MODERATOR);
        PERMISSIONS.put("updatelibrary", Roles.ROLE.MODERATOR);
        PERMISSIONS.put("removelibrary", Roles.ROLE.MODERATOR);
        PERMISSIONS.put("addlibraries", Roles.ROLE.MODERATOR);
        PERMISSIONS.put("uploadlicense", Roles.ROLE.MODERATOR);
        PERMISSIONS.put("usermanagement", Roles.ROLE.ADMIN);
        PERMISSIONS.put("validateuser", Roles.ROLE.ADMIN);
        PERMISSIONS.put("deleteuser", Roles.ROLE.ADMIN);
        PERMISSIONS.put("changeuserrole", Roles.ROLE.ADMIN);
    }

    public DefaultObjectGenerator() {

    }

    /**
     * Method is called when the application context is started or refreshed. @param event A ContextRefreshedEvent
     */
    public void onApplicationEvent(ContextRefreshedEvent event) {
        this.session = super.getSession();
        try {
            loadDefaultLicenses();
            loadDefaultPermissions();
            loadDefaultRoles();
            loadDefaultUsers();
        } catch (IOException e) {
            if (LOGGER.isWarnEnabled())
                LOGGER.warn(e.getMessage());
        } finally {
            initialised.countDown();
        }
    }

    /**
     * Loads the default licenses into the database if no license data exists. @throws IOException An exception if the license file cannot be found
     */
    private void loadDefaultLicenses() throws IOException {
        if (getCount(session, License.class) > 0) {
            return;
        }
        if (LOGGER.isInfoEnabled()) {
            LOGGER.info("Adding default licenses to datastore.");
        }
        session.beginTransaction();
        for (Map.Entry<String, String> entry : LICENSES.entrySet()) {
            final String licenseName = entry.getKey();
            final String licenseFile = entry.getValue();
            final String contentType = (licenseFile.endsWith(".html")) ? "text/html" : "text/plain";
            final License license = new License();
            license.setLicensename(licenseName);
            InputStream inputStream = null;
            Resource resource;
            try {
                resource = new ClassPathResource(licenseFile);
                license.setFilename(resource.getFilename());
                license.setContenttype(contentType);

                inputStream = resource.getInputStream();

                String licenceFileContent = new String(IOUtils.toCharArray(inputStream));
                final Blob blob = Hibernate.getLobCreator(session).createBlob(licenceFileContent.getBytes());

                license.setText(blob);
                session.save(license);
                if (LOGGER.isInfoEnabled()) {
                    LOGGER.info("Added: " + licenseName);
                }
            } catch (IOException e) {
                throw new RuntimeException(e);
            } finally {
                IOUtils.closeQuietly(inputStream);
            }
        }
        session.getTransaction().commit();
    }

    /**
     * Loads the default permissions into the database if no permission data exists.
     */
    private void loadDefaultPermissions() {
        if (getCount(session, Permissions.class) > 0) {
            return;
        }
        if (LOGGER.isInfoEnabled()) {
            LOGGER.info("Adding default permissions to datastore.");
        }
        session.beginTransaction();
        for (Map.Entry<String, Roles.ROLE> entry : PERMISSIONS.entrySet()) {
            final Permissions permission = new Permissions(entry.getKey());
            session.save(permission);
        }
        session.getTransaction().commit();
    }

    /**
     * Loads the default Roles into the database if no Role data exists.
     */
    @SuppressWarnings("unchecked")
    private void loadDefaultRoles() {
        if (getCount(session, Roles.class) > 0) {
            return;
        }
        if (LOGGER.isInfoEnabled()) {
            LOGGER.info("Adding default roles to datastore.");
        }
        // Retrieve a list of all persisted permissions
        final Query query = session.createQuery("FROM Permissions");
        final List<Permissions> permissions = query.list();

        Map<Roles.ROLE, Roles> rolesMap = new HashMap<>();

        for (Roles.ROLE eachRole : Roles.ROLE.values()) {
            Roles role = new Roles(eachRole.name().toLowerCase());
            rolesMap.put(eachRole, role);
        }

        Roles userRole = rolesMap.get(Roles.ROLE.USER);
        Roles moderatorRole = rolesMap.get(Roles.ROLE.MODERATOR);
        Roles adminRole = rolesMap.get(Roles.ROLE.ADMIN);

        session.beginTransaction();
        for (Permissions permission : permissions) {
            adminRole.addPermission(permission);
            if (getRole(permission) == Roles.ROLE.USER) {
                userRole.addPermission(permission);
                moderatorRole.addPermission(permission);
            }
            if (getRole(permission) == Roles.ROLE.MODERATOR) {
                moderatorRole.addPermission(permission);
            }
        }
        for (Roles eachRole : rolesMap.values()) {
            session.save(eachRole);
        }
        session.getTransaction().commit();
    }

    private Roles.ROLE getRole(Permissions permission) {
        return PERMISSIONS.get(permission.getPermissionname());
    }

    /**
     * Loads the default users into the database if no User data exists.
     */
    @SuppressWarnings("unchecked")
    private void loadDefaultUsers() {
        if (getCount(session, User.class) > 0) {
            return;
        }
        userService.registerUser("admin", false, "admin", Roles.ROLE.ADMIN);
    }

}