From 75f7d0d3c08394d11b55145c179434fbcd3f3d55 Mon Sep 17 00:00:00 2001
From: RBickert <rbt@mm-software.com>
Date: Wed, 2 Aug 2023 13:40:56 +0200
Subject: [PATCH 1/2] =?UTF-8?q?Add=20new=20attribute=20=C2=B4affectedCompo?=
 =?UTF-8?q?nent=C2=B4=20to=20Project?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds the new transient attribute ´affectedComponent´ to the ´Project´
class which allows the Frontend to link from the
´Vulnerability - Affected Projects´ tab to the project's dependency
graph with the affected component being highlighted

Signed-off-by: RBickert <rbt@mm-software.com>
---
 src/main/java/org/dependencytrack/model/Project.java   | 10 ++++++++++
 .../persistence/VulnerabilityQueryManager.java         |  4 +++-
 .../resources/v1/VulnerabilityResource.java            |  2 +-
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/main/java/org/dependencytrack/model/Project.java b/src/main/java/org/dependencytrack/model/Project.java
index 68e9a84845..13659431d9 100644
--- a/src/main/java/org/dependencytrack/model/Project.java
+++ b/src/main/java/org/dependencytrack/model/Project.java
@@ -264,6 +264,8 @@ public enum FetchGroup {
     @JsonIgnore
     private transient List<Component> dependencyGraph;
 
+    private transient UUID affectedComponent;
+
     public long getId() {
         return id;
     }
@@ -492,6 +494,14 @@ public void setDependencyGraph(List<Component> dependencyGraph) {
         this.dependencyGraph = dependencyGraph;
     }
 
+    public UUID getAffectedComponent() {
+        return affectedComponent;
+    }
+
+    public void setAffectedComponent(UUID affectedComponent) {
+        this.affectedComponent = affectedComponent;
+    }
+
     @Override
     public String toString() {
         if (getPurl() != null) {
diff --git a/src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java b/src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java
index 085d821f0d..eb01d7a0ae 100644
--- a/src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java
+++ b/src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java
@@ -483,7 +483,9 @@ public List<Project> getProjects(Vulnerability vulnerability) {
                 affected = false;
             }
             if (affected) {
-                projects.add(component.getProject());
+                Project project = component.getProject();
+                project.setAffectedComponent(component.getUuid());
+                projects.add(project);
             }
         }
         // Force removal of duplicates by taking the List and populating a Set and back again.
diff --git a/src/main/java/org/dependencytrack/resources/v1/VulnerabilityResource.java b/src/main/java/org/dependencytrack/resources/v1/VulnerabilityResource.java
index f429634f22..52fb272218 100644
--- a/src/main/java/org/dependencytrack/resources/v1/VulnerabilityResource.java
+++ b/src/main/java/org/dependencytrack/resources/v1/VulnerabilityResource.java
@@ -211,7 +211,7 @@ public Response getAffectedProject(@PathParam("source") String source,
         try (QueryManager qm = new QueryManager(getAlpineRequest())) {
             final Vulnerability vulnerability = qm.getVulnerabilityByVulnId(source, vuln);
             if (vulnerability != null) {
-                final List<Project> projects = qm.detach(qm.getProjects(vulnerability));
+                final List<Project> projects = qm.getProjects(vulnerability);
                 final long totalCount = projects.size();
                 return Response.ok(projects).header(TOTAL_COUNT_HEADER, totalCount).build();
             } else {

From 0fae5e8f7d911fa99da084b7a59540416895f16a Mon Sep 17 00:00:00 2001
From: RBickert <rbt@mm-software.com>
Date: Mon, 7 Aug 2023 14:33:12 +0200
Subject: [PATCH 2/2] Include new attribute "affectedComponent" in test

Signed-off-by: RBickert <rbt@mm-software.com>
---
 .../dependencytrack/resources/v1/VulnerabilityResourceTest.java  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java b/src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java
index 763de79a71..d9e2ade909 100644
--- a/src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java
+++ b/src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java
@@ -258,6 +258,7 @@ public void getAffectedProjectTest() throws Exception {
         Assert.assertNotNull(json);
         Assert.assertEquals("Project 1", json.getJsonObject(0).getString("name"));
         Assert.assertEquals(sampleData.p1.getUuid().toString(), json.getJsonObject(0).getString("uuid"));
+        Assert.assertEquals(sampleData.c1.getUuid().toString(), json.getJsonObject(0).getString("affectedComponent"));
     }
 
     @Test