Merge pull request #11 from secureCodeBox/feature/make-max-pages-configurable

J12934 · web-flow · commit ffe1948da8cf · 2021-09-07T11:04:08.000+02:00
Add config option for max number of pages fetched
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -1,7 +1,7 @@
 # This workflow will test a Java project with Gradle
 # For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-gradle
 
-name: Publish to Maven Central
+name: Java Tests
 on: push
 
 jobs:
@@ -15,5 +15,7 @@ jobs:
         java-version: 1.11
     - name: Grant execute permission for gradlew
       run: chmod +x gradlew
+    - name: Build with Gradle
+      run: ./gradlew build
     - name: Build with Gradle
       run: ./gradlew test
diff --git a/src/main/java/io/securecodebox/persistence/defectdojo/config/DefectDojoConfig.java b/src/main/java/io/securecodebox/persistence/defectdojo/config/DefectDojoConfig.java
@@ -31,10 +31,21 @@ public class DefectDojoConfig {
     @Getter
     private final String username;
 
+    /**
+     * Determines how many apiPages of Objects are fetched before giving up and failing to avoid outOfMemory scenarios.
+     */
+    @Getter
+    private final int maxPageCountForGets;
+
     public static DefectDojoConfig fromEnv(){
         String url = System.getenv("DEFECTDOJO_URL");
         String username = System.getenv("DEFECTDOJO_USERNAME");
         String apiKey = System.getenv("DEFECTDOJO_APIKEY");
-        return new DefectDojoConfig(url, apiKey, username);
+
+        int maxPageCountForGets = 100;
+        if (System.getenv("DEFECTDOJO_MAX_PAGE_COUNT_FOR_GETS") != null) {
+            maxPageCountForGets = Integer.parseInt(System.getenv("DEFECTDOJO_MAX_PAGE_COUNT_FOR_GETS"));
+        }
+        return new DefectDojoConfig(url, apiKey, username, maxPageCountForGets);
     }
 }
diff --git a/src/main/java/io/securecodebox/persistence/defectdojo/service/GenericDefectDojoService.java b/src/main/java/io/securecodebox/persistence/defectdojo/service/GenericDefectDojoService.java
@@ -38,15 +38,13 @@
 import java.util.*;
 
 abstract public class GenericDefectDojoService<T extends DefectDojoModel> {
-    protected String defectDojoUrl;
-    protected String defectDojoApiKey;
+    protected DefectDojoConfig defectDojoConfig;
 
     protected ObjectMapper objectMapper;
     protected ObjectMapper searchStringMapper;
 
     public GenericDefectDojoService(DefectDojoConfig config) {
-        this.defectDojoUrl = config.getUrl();
-        this.defectDojoApiKey = config.getApiKey();
+        this.defectDojoConfig = config;
 
         this.objectMapper = new ObjectMapper();
         this.objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
@@ -65,7 +63,7 @@ public GenericDefectDojoService(DefectDojoConfig config) {
      */
     private HttpHeaders getDefectDojoAuthorizationHeaders() {
         HttpHeaders headers = new HttpHeaders();
-        headers.set("Authorization", "Token " + defectDojoApiKey);
+        headers.set("Authorization", "Token " + this.defectDojoConfig.getApiKey());
         return headers;
     }
 
@@ -80,7 +78,7 @@ public T get(long id) {
         HttpEntity<String> payload = new HttpEntity<>(getDefectDojoAuthorizationHeaders());
 
         ResponseEntity<T> response = restTemplate.exchange(
-                defectDojoUrl + "/api/v2/" + this.getUrlPath() + "/" + id,
+                this.defectDojoConfig.getUrl() + "/api/v2/" + this.getUrlPath() + "/" + id,
                 HttpMethod.GET,
                 payload,
                 getModelClass()
@@ -103,7 +101,7 @@ protected DefectDojoResponse<T> internalSearch(Map<String, Object> queryParams,
             multiValueMap.set(entry.getKey(), String.valueOf(entry.getValue()));
         }
 
-        var url = new URI(defectDojoUrl + "/api/v2/" + this.getUrlPath() + "/");
+        var url = new URI(this.defectDojoConfig.getUrl() + "/api/v2/" + this.getUrlPath() + "/");
         var uriBuilder = UriComponentsBuilder.fromUri(url).queryParams(multiValueMap);
 
         ResponseEntity<String> responseString = restTemplate.exchange(
@@ -126,8 +124,8 @@ public List<T> search(Map<String, Object> queryParams) throws URISyntaxException
             objects.addAll(response.getResults());
 
             hasNext = response.getNext() != null;
-            if (page > 100) {
-                throw new DefectDojoLoopException("Found too many response object. Quitting after " + page + " paginated API pages of " + DEFECT_DOJO_OBJET_LIMIT + " each.");
+            if (page > this.defectDojoConfig.getMaxPageCountForGets()) {
+                throw new DefectDojoLoopException("Found too many response object. Quitting after " + (page - 1)  + " paginated API pages of " + DEFECT_DOJO_OBJET_LIMIT + " each.");
             }
         } while (hasNext);
 
@@ -161,22 +159,22 @@ public T create(T object) {
         RestTemplate restTemplate = new RestTemplate();
         HttpEntity<T> payload = new HttpEntity<T>(object, getDefectDojoAuthorizationHeaders());
 
-        ResponseEntity<T> response = restTemplate.exchange(defectDojoUrl + "/api/v2/" + getUrlPath() + "/", HttpMethod.POST, payload, getModelClass());
+        ResponseEntity<T> response = restTemplate.exchange(this.defectDojoConfig.getUrl() + "/api/v2/" + getUrlPath() + "/", HttpMethod.POST, payload, getModelClass());
         return response.getBody();
     }
 
     public void delete(long id) {
         RestTemplate restTemplate = new RestTemplate();
         HttpEntity<String> payload = new HttpEntity<>(getDefectDojoAuthorizationHeaders());
 
-        restTemplate.exchange(defectDojoUrl + "/api/v2/" + getUrlPath() + "/" + id + "/", HttpMethod.DELETE, payload, String.class);
+        restTemplate.exchange(this.defectDojoConfig.getUrl() + "/api/v2/" + getUrlPath() + "/" + id + "/", HttpMethod.DELETE, payload, String.class);
     }
 
     public T update(T object, long objectId) {
         RestTemplate restTemplate = new RestTemplate();
         HttpEntity<T> payload = new HttpEntity<T>(object, getDefectDojoAuthorizationHeaders());
 
-        ResponseEntity<T> response = restTemplate.exchange(defectDojoUrl + "/api/v2/" + getUrlPath() + "/" + objectId + "/", HttpMethod.PUT, payload, getModelClass());
+        ResponseEntity<T> response = restTemplate.exchange(this.defectDojoConfig.getUrl() + "/api/v2/" + getUrlPath() + "/" + objectId + "/", HttpMethod.PUT, payload, getModelClass());
         return response.getBody();
     }
 }
diff --git a/src/test/java/io/securecodebox/persistence/defectdojo/service/FindingServiceTest.java b/src/test/java/io/securecodebox/persistence/defectdojo/service/FindingServiceTest.java
@@ -113,7 +113,7 @@ class FindingServiceTest {
 
     @BeforeEach
     void setup() {
-        config = new DefectDojoConfig("https://defectdojo.example.com", "abc", "test-user");
+        config = new DefectDojoConfig("https://defectdojo.example.com", "abc", "test-user", 42);
         underTest = new FindingService(config);
     }
 

Original file line number	Diff line number	Diff line change
`@@ -113,7 +113,7 @@ class FindingServiceTest {`
`113`	`113`
`114`	`114`	`@BeforeEach`
`115`	`115`	`void setup() {`
`116`		`- config = new DefectDojoConfig("https://defectdojo.example.com", "abc", "test-user");`
	`116`	`+ config = new DefectDojoConfig("https://defectdojo.example.com", "abc", "test-user", 42);`
`117`	`117`	`underTest = new FindingService(config);`
`118`	`118`	`}`
`119`	`119`