diff --git a/src/main/java/org/dependencytrack/notification/NotificationRouter.java b/src/main/java/org/dependencytrack/notification/NotificationRouter.java index 033c7fea51..010a91bf6a 100644 --- a/src/main/java/org/dependencytrack/notification/NotificationRouter.java +++ b/src/main/java/org/dependencytrack/notification/NotificationRouter.java @@ -257,7 +257,8 @@ private boolean checkIfChildrenAreAffected(Project parent, UUID uuid) { return false; } for (Project child : parent.getChildren()) { - if ((child.getUuid().equals(uuid) && Boolean.TRUE.equals(child.isActive())) || isChild) { + final boolean isChildActive = child.isActive() == null || child.isActive(); + if ((child.getUuid().equals(uuid) && isChildActive) || isChild) { return true; } isChild = checkIfChildrenAreAffected(child, uuid); diff --git a/src/test/java/org/dependencytrack/notification/NotificationRouterTest.java b/src/test/java/org/dependencytrack/notification/NotificationRouterTest.java index 1e1acc4b06..f51919a14d 100644 --- a/src/test/java/org/dependencytrack/notification/NotificationRouterTest.java +++ b/src/test/java/org/dependencytrack/notification/NotificationRouterTest.java @@ -657,7 +657,42 @@ public void testAffectedInactiveChild() { Assert.assertEquals(0, rules.size()); } - + @Test + public void testAffectedActiveNullChild() { + NotificationPublisher publisher = createSlackPublisher(); + // Creates a new rule and defines when the rule should be triggered (notifyOn) + NotificationRule rule = qm.createNotificationRule("Matching Test Rule", NotificationScope.PORTFOLIO, NotificationLevel.INFORMATIONAL, publisher); + Set notifyOn = new HashSet<>(); + notifyOn.add(NotificationGroup.NEW_VULNERABILITY); + rule.setNotifyOn(notifyOn); + // Creates a project which will later be matched on + List projects = new ArrayList<>(); + Project grandParent = qm.createProject("Test Project Grandparent", null, "1.0", null, null, null, true, false); + Project parent = qm.createProject("Test Project Parent", null, "1.0", null, grandParent, null, true, false); + Project child = qm.createProject("Test Project Child", null, "1.0", null, parent, null, true, false); + Project grandChild = qm.createProject("Test Project Grandchild", null, "1.0", null, child, null, true, false); + grandChild.setActive(null); // https://github.com/DependencyTrack/dependency-track/issues/3296 + projects.add(grandParent); + rule.setProjects(projects); + // Creates a new component + Component component = new Component(); + component.setProject(grandChild); + // Creates a new notification + Notification notification = new Notification(); + notification.setScope(NotificationScope.PORTFOLIO.name()); + notification.setGroup(NotificationGroup.NEW_VULNERABILITY.name()); + notification.setLevel(NotificationLevel.INFORMATIONAL); + // Notification should be limited to only specific projects - Set the projects which are affected by the notification event + Set affectedProjects = new HashSet<>(); + affectedProjects.add(grandChild); + NewVulnerabilityIdentified subject = new NewVulnerabilityIdentified(new Vulnerability(), component, affectedProjects, null); + notification.setSubject(subject); + // Ok, let's test this + NotificationRouter router = new NotificationRouter(); + List rules = router.resolveRules(PublishContext.from(notification), notification); + Assert.assertTrue(rule.isNotifyChildren()); + Assert.assertEquals(1, rules.size()); + } private NotificationPublisher createSlackPublisher() { return qm.createNotificationPublisher(