From a68a8a888562848b821b0d88cfae58847c02b3ee Mon Sep 17 00:00:00 2001
From: Zhanpeng Chen <zpeng.ch@gmail.com>
Date: Mon, 6 Jul 2020 14:42:26 -0400
Subject: [PATCH] Update authorType check (#48)

* Update authorType check

* Make ldapdnCheckIgnoredAuthorTypes a list

* Initlizate ignoredAuthorType list
---
 pom.xml                                                  | 4 ++--
 src/main/java/com/capitalone/dashboard/ApiSettings.java  | 9 +++++++++
 .../dashboard/evaluator/CodeReviewEvaluator.java         | 8 ++++----
 .../dashboard/evaluator/CodeReviewEvaluatorTest.java     | 5 ++---
 4 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/pom.xml b/pom.xml
index 531ab2c..6408f5b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
     <artifactId>api-audit</artifactId>
     <packaging>jar</packaging>
     <name>${project.groupId}:${project.artifactId}</name>
-    <version>3.3.5-SNAPSHOT</version>
+    <version>3.3.6-SNAPSHOT</version>
     <description>Hygieia Audit Rest API Layer</description>
     <url>https://github.com/Hygieia/${repository.name}</url>
 
@@ -59,7 +59,7 @@
     <properties>
         <repository.name>api-audit</repository.name>
         <java.version>1.8</java.version>
-        <com.capitalone.dashboard.core.version>3.7.9</com.capitalone.dashboard.core.version>
+        <com.capitalone.dashboard.core.version>3.7.11</com.capitalone.dashboard.core.version>
         <bc.version>3.0.2</bc.version>
         <application.version.number>${version}</application.version.number>
         <apache.rat.plugin.version>0.13</apache.rat.plugin.version>
diff --git a/src/main/java/com/capitalone/dashboard/ApiSettings.java b/src/main/java/com/capitalone/dashboard/ApiSettings.java
index e695528..91efabe 100644
--- a/src/main/java/com/capitalone/dashboard/ApiSettings.java
+++ b/src/main/java/com/capitalone/dashboard/ApiSettings.java
@@ -4,6 +4,7 @@
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
 
+import java.util.ArrayList;
 import java.util.List;
 
 @Component
@@ -46,6 +47,7 @@ public class ApiSettings {
     @Value("${criticalLicenseVulnerabilitiesAge:0}")
     private int criticalLicenseVulnerabilitiesAge;
     private List<String> buildStageRegEx;
+    private List<String> ldapdnCheckIgnoredAuthorTypes = new ArrayList<>();
 
     public String getKey() {
         return key;
@@ -223,5 +225,12 @@ public void setBuildStageRegEx(List<String> buildStageRegEx) {
         this.buildStageRegEx = buildStageRegEx;
     }
 
+    public List<String> getLdapdnCheckIgnoredAuthorTypes() {
+        return ldapdnCheckIgnoredAuthorTypes;
+    }
+
+    public void setLdapdnCheckIgnoredAuthorTypes(List<String> ldapdnCheckIgnoredAuthorTypes) {
+        this.ldapdnCheckIgnoredAuthorTypes = ldapdnCheckIgnoredAuthorTypes;
+    }
 
 }
\ No newline at end of file
diff --git a/src/main/java/com/capitalone/dashboard/evaluator/CodeReviewEvaluator.java b/src/main/java/com/capitalone/dashboard/evaluator/CodeReviewEvaluator.java
index 79c1c84..3e5c6f2 100644
--- a/src/main/java/com/capitalone/dashboard/evaluator/CodeReviewEvaluator.java
+++ b/src/main/java/com/capitalone/dashboard/evaluator/CodeReviewEvaluator.java
@@ -2,7 +2,6 @@
 
 import com.capitalone.dashboard.ApiSettings;
 import com.capitalone.dashboard.common.CommonCodeReview;
-import com.capitalone.dashboard.model.AuthorType;
 import com.capitalone.dashboard.model.Collector;
 import com.capitalone.dashboard.model.CollectorItem;
 import com.capitalone.dashboard.model.CollectorType;
@@ -222,10 +221,11 @@ private CodeReviewAuditResponseV2 getPeerReviewResponses(CollectorItem repoItem,
      * Adds SCM_AUTHOR_LOGIN_INVALID status at Code Review level
      */
     private void checkCommitByLDAPUnauthUser(CodeReviewAuditResponseV2 reviewAuditResponseV2, Commit commit) {
+        if (StringUtils.isNotEmpty(commit.getScmAuthorType()) && settings.getLdapdnCheckIgnoredAuthorTypes().contains(commit.getScmAuthorType())) {
+            return;
+        }
         if (StringUtils.isEmpty(commit.getScmAuthorLDAPDN()) &&
-                !CommonCodeReview.matchIncrementVersionTag(commit.getScmCommitLog(), settings) &&
-                commit.getScmAuthorType() != null &&
-                !commit.getScmAuthorType().equals(AuthorType.Bot)) {
+                !CommonCodeReview.matchIncrementVersionTag(commit.getScmCommitLog(), settings)) {
             reviewAuditResponseV2.addAuditStatus(CodeReviewAuditStatus.SCM_AUTHOR_LOGIN_INVALID);
             // add commit made by unauth user to commitsByLDAPUnauthUsers list
             reviewAuditResponseV2.addCommitByLDAPUnauthUser(commit);
diff --git a/src/test/java/com/capitalone/dashboard/evaluator/CodeReviewEvaluatorTest.java b/src/test/java/com/capitalone/dashboard/evaluator/CodeReviewEvaluatorTest.java
index 3f8a5d4..dc472ff 100644
--- a/src/test/java/com/capitalone/dashboard/evaluator/CodeReviewEvaluatorTest.java
+++ b/src/test/java/com/capitalone/dashboard/evaluator/CodeReviewEvaluatorTest.java
@@ -2,7 +2,6 @@
 
 import com.capitalone.dashboard.ApiSettings;
 import com.capitalone.dashboard.common.TestConstants;
-import com.capitalone.dashboard.model.AuthorType;
 import com.capitalone.dashboard.model.CollectionError;
 import com.capitalone.dashboard.model.CollectorItem;
 import com.capitalone.dashboard.model.Commit;
@@ -368,7 +367,7 @@ public void checkCommitByBotTest() {
         when(gitRequestRepository.findByCollectorItemIdAndMergedAtIsBetween(any(ObjectId.class),any(Long.class), any(Long.class))).thenReturn(pullRequestList);
         when(commitRepository.findByCollectorItemIdAndScmCommitTimestampIsBetween(any(ObjectId.class),any(Long.class), any(Long.class))).thenReturn(commitsList);
         when(apiSettings.getServiceAccountOU()).thenReturn(TestConstants.USER_ACCOUNTS);
-        when(apiSettings.getServiceAccountOU()).thenReturn(TestConstants.USER_ACCOUNTS);
+        when(apiSettings.getLdapdnCheckIgnoredAuthorTypes()).thenReturn(Arrays.asList("Bot"));
         when(apiSettings.getCommitLogIgnoreAuditRegEx()).thenReturn("(.)*(Increment_Version_Tag)(.)*");
         when(serviceAccountRepository.findAll()).thenReturn(Stream.of(makeServiceAccount()).collect(Collectors.toList()));
 
@@ -580,7 +579,7 @@ private Commit makeUnauthCommit(String message, String scmRevisionNumber, String
         c.setScmRevisionNumber(scmRevisionNumber);
         c.setType(CommitType.New);
         c.setScmAuthor(author);
-        c.setScmAuthorType(AuthorType.fromString(authorType));
+        c.setScmAuthorType(authorType);
         c.setScmAuthorLogin("unknown");
         c.setScmCommitterLogin(committer);
         c.setScmCommitTimestamp(timeStamp);