Convert Jdo to Sql query to fix sorting on components fields (#441)

* add repo url in integrity meta information in endpoint

* Squashed commit of the following:

commit fb5a520
Merge: 8944f92 805582b
Author: VithikaS <[email protected]>
Date:   Tue Oct 31 14:53:11 2023 +0000

    Merge pull request #410 from DependencyTrack/fix-integrity-meta-query

    fix query for fetching integrity data

commit 805582b
Author: vithikashukla <[email protected]>
Date:   Tue Oct 31 13:56:53 2023 +0000

    fix query for fetching integrity data

    Signed-off-by: vithikashukla <[email protected]>

commit 8944f92
Author: VithikaS <[email protected]>
Date:   Tue Oct 31 09:15:13 2023 +0000

    Integrity analysis if integrity metadata is present (#409)

commit cf6e732
Merge: a1ebb13 4111a37
Author: VithikaS <[email protected]>
Date:   Mon Oct 30 19:02:05 2023 +0000

    Merge pull request #408 from DependencyTrack/remove-mockserver

    Remove `mockserver-netty` dependency

commit a1ebb13
Merge: 42acfab 3254511
Author: Niklas <[email protected]>
Date:   Mon Oct 30 17:16:49 2023 +0100

    Merge pull request #407 from DependencyTrack/dependabot/github_actions/aquasecurity/trivy-action-0.13.0

    Bump aquasecurity/trivy-action from 0.12.0 to 0.13.0

commit 42acfab
Merge: 529da26 0aee974
Author: Niklas <[email protected]>
Date:   Mon Oct 30 17:16:40 2023 +0100

    Merge pull request #406 from DependencyTrack/dependabot/github_actions/bufbuild/buf-setup-action-1.27.2

    Bump bufbuild/buf-setup-action from 1.27.1 to 1.27.2

commit 4111a37
Author: nscuro <[email protected]>
Date:   Mon Oct 30 16:55:56 2023 +0100

    Remove `mockserver-netty` dependency

    For some strange reason, removal of MockServer required addition of `javax.servlet-api`, even though it should come in via `alpine-parent` already.

    Signed-off-by: nscuro <[email protected]>

commit 529da26
Merge: 182cad7 34ef4a2
Author: Niklas <[email protected]>
Date:   Mon Oct 30 16:21:43 2023 +0100

    Merge pull request #405 from DependencyTrack/nscuro-patch-1

    Remove unused `frontend.version` property

commit 182cad7
Merge: 24f6d3a f38d11d
Author: VithikaS <[email protected]>
Date:   Mon Oct 30 14:34:37 2023 +0000

    Merge pull request #404 from DependencyTrack/port-pr-3129

    Force downgrade of `logstash-logback-encoder` to `7.3`

commit 24f6d3a
Merge: ef5086b e9f0f4f
Author: VithikaS <[email protected]>
Date:   Mon Oct 30 14:34:17 2023 +0000

    Merge pull request #403 from DependencyTrack/port-pr-3126

    Fix impossible SQL query conditions causing DB indexes to be bypassed

commit 3254511
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Oct 30 14:30:22 2023 +0000

    Bump aquasecurity/trivy-action from 0.12.0 to 0.13.0

    Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.12.0 to 0.13.0.
    - [Release notes](https://github.com/aquasecurity/trivy-action/releases)
    - [Commits](aquasecurity/trivy-action@0.12.0...0.13.0)

    ---
    updated-dependencies:
    - dependency-name: aquasecurity/trivy-action
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

commit 0aee974
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Oct 30 14:30:18 2023 +0000

    Bump bufbuild/buf-setup-action from 1.27.1 to 1.27.2

    Bumps [bufbuild/buf-setup-action](https://github.com/bufbuild/buf-setup-action) from 1.27.1 to 1.27.2.
    - [Release notes](https://github.com/bufbuild/buf-setup-action/releases)
    - [Commits](bufbuild/buf-setup-action@6bdfab1...1158f4f)

    ---
    updated-dependencies:
    - dependency-name: bufbuild/buf-setup-action
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

commit 34ef4a2
Author: Niklas <[email protected]>
Date:   Mon Oct 30 15:18:32 2023 +0100

    Remove unused `frontend.version` property

    Signed-off-by: Niklas <[email protected]>

commit ef5086b
Merge: 2a035b0 4bb51d5
Author: Niklas <[email protected]>
Date:   Mon Oct 30 15:02:59 2023 +0100

    Merge pull request #400 from DependencyTrack/dependabot/maven/org.apache.maven.plugins-maven-clean-plugin-3.3.2

    Bump org.apache.maven.plugins:maven-clean-plugin from 3.3.1 to 3.3.2

commit 2a035b0
Merge: 4e15bd6 f5174be
Author: Niklas <[email protected]>
Date:   Mon Oct 30 15:02:41 2023 +0100

    Merge pull request #402 from DependencyTrack/add-schema-upgrade

    Schema upgrade v5.2.0

commit f38d11d
Author: nscuro <[email protected]>
Date:   Mon Oct 30 14:10:06 2023 +0100

    Force downgrade of `logstash-logback-encoder` to `7.3`

    Ported from DependencyTrack/dependency-track#3129

    Signed-off-by: nscuro <[email protected]>

commit e9f0f4f
Author: nscuro <[email protected]>
Date:   Mon Oct 30 14:06:42 2023 +0100

    Fix impossible SQL query conditions causing DB indexes to be bypassed

    Ported from DependencyTrack/dependency-track#3126

    Signed-off-by: nscuro <[email protected]>

commit f5174be
Author: vithikashukla <[email protected]>
Date:   Mon Oct 30 12:49:49 2023 +0000

    schema upgarde

    Signed-off-by: vithikashukla <[email protected]>

commit 4bb51d5
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Fri Oct 27 14:44:39 2023 +0000

    Bump org.apache.maven.plugins:maven-clean-plugin from 3.3.1 to 3.3.2

    Bumps [org.apache.maven.plugins:maven-clean-plugin](https://github.com/apache/maven-clean-plugin) from 3.3.1 to 3.3.2.
    - [Release notes](https://github.com/apache/maven-clean-plugin/releases)
    - [Commits](apache/maven-clean-plugin@maven-clean-plugin-3.3.1...maven-clean-plugin-3.3.2)

    ---
    updated-dependencies:
    - dependency-name: org.apache.maven.plugins:maven-clean-plugin
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...

    Signed-off-by: dependabot[bot] <[email protected]>

* WIP

* WIP 3

* Update ComponentQueryManager.java

* component projection added for SQL

* added test for ComponentQueryManager with postgres

* add test and projection mapping

* changed list to paginated result

* Update ComponentQueryManager.java

* fix mapping of postgres byte array

* fix tests

* Update ComponentQueryManager.java

* Update ComponentQueryManager.java

* addressed PR comments

* Update ComponentResourcePostgresTest.java

* fix transient object warnings

* Update FindingResource.java

---------

Signed-off-by: mehab <[email protected]>
Co-authored-by: mehab <[email protected]>

src/main/java/org/dependencytrack/model/ComponentMetaInformation.java

@@ -3,5 +3,6 @@
 import java.util.Date;
 
 public record ComponentMetaInformation(Date publishedDate, IntegrityMatchStatus integrityMatchStatus,
-                                       Date lastFetched) {
+                                       Date lastFetched,
+                                       String integrityRepoUrl) {
 }

src/main/java/org/dependencytrack/model/sqlmapping/ComponentProjection.java

@@ -0,0 +1,245 @@
+package org.dependencytrack.model.sqlmapping;
+
+import org.apache.commons.lang3.SerializationUtils;
+import org.dependencytrack.model.Classifier;
+import org.dependencytrack.model.Component;
+import org.dependencytrack.model.ComponentMetaInformation;
+import org.dependencytrack.model.IntegrityMatchStatus;
+import org.dependencytrack.model.License;
+import org.dependencytrack.model.Project;
+
+import java.util.Date;
+import java.util.UUID;
+
+public class ComponentProjection {
+
+    public long id;
+
+    public String uuid;
+
+    public String author;
+
+    public String group;
+
+    public String name;
+
+    public String text;
+
+    public String publisher;
+
+    public String version;
+
+    public String classifier;
+
+    public String copyright;
+
+    public String description;
+
+    public String extension;
+
+    public String filename;
+
+    public byte[] externalReferences;
+
+    public String directDependencies;
+
+    public String cpe;
+
+    public String purl;
+
+    public String purlCoordinates;
+
+    public String swidTagId;
+
+    public Boolean internal;
+
+    public Double lastInheritedRiskScore;
+
+    public String md5;
+
+    public String sha1;
+
+    public String sha256;
+
+    public String sha384;
+
+    public String sha512;
+
+    public String sha3_256;
+
+    public String sha3_384;
+
+    public String sha3_512;
+
+    public String blake2b_256;
+
+    public String blake2b_384;
+
+    public String blake2b_512;
+
+    public String blake3;
+
+    public String licenseUrl;
+
+    public String componentLicenseName;
+
+    public String licenseExpression;
+
+    public Date publishedAt;
+
+    public Date lastFetch;
+
+    public String integrityCheckStatus;
+
+    public String integrityRepoUrl;
+
+    public Long projectId;
+
+    public String projectUuid;
+
+    public String projectGroup;
+
+    public String projectName;
+
+    public String projectVersion;
+
+    public String projectClassifier;
+
+    public Boolean projectActive;
+
+    public String projectAuthor;
+
+    public String projectCpe;
+
+    public String projectDescription;
+
+    public String projectPurl;
+
+    public String projectSwidTagId;
+
+    public Date lastBomImport;
+
+    public String lastBomImportFormat;
+
+    public Double projectLastInheritedRiskScore;
+
+    public String projectDirectDependencies;
+
+    public byte[] projectExternalReferences;
+
+    public String projectPublisher;
+
+    public String licenseUuid;
+
+    public String licenseId;
+    public String licenseName;
+
+    public Boolean isOsiApproved;
+
+    public Boolean isFsfLibre;
+
+    public Boolean isCustomLicense;
+
+    public Long totalCount;
+
+    public static Component mapToComponent(ComponentProjection result) {
+        Component componentPersistent = new Component();
+        componentPersistent.setAuthor(result.author);
+        componentPersistent.setBlake2b_256(result.blake2b_256);
+        componentPersistent.setBlake2b_384(result.blake2b_384);
+        componentPersistent.setBlake2b_512(result.blake2b_512);
+        componentPersistent.setBlake3(result.blake3);
+        if (result.classifier != null) {
+            componentPersistent.setClassifier(Classifier.valueOf(result.classifier));
+        }
+        componentPersistent.setCopyright(result.copyright);
+        componentPersistent.setCpe(result.cpe);
+        componentPersistent.setDescription(result.description);
+        componentPersistent.setDirectDependencies(result.directDependencies);
+        componentPersistent.setExtension(result.extension);
+        componentPersistent.setGroup(result.group);
+        componentPersistent.setId(result.id);
+        if (result.internal != null) {
+            componentPersistent.setInternal(result.internal);
+        }
+        componentPersistent.setNotes(result.text);
+        componentPersistent.setSwidTagId(result.swidTagId);
+        componentPersistent.setLastInheritedRiskScore(result.lastInheritedRiskScore);
+        componentPersistent.setLicense(result.componentLicenseName);
+        componentPersistent.setLicenseUrl(result.licenseUrl);
+        componentPersistent.setLicenseExpression(result.licenseExpression);
+        componentPersistent.setName(result.name);
+        if (result.uuid != null) {
+            componentPersistent.setUuid(UUID.fromString(result.uuid));
+        }
+        if (result.externalReferences != null) {
+            componentPersistent.setExternalReferences(SerializationUtils.deserialize(result.externalReferences));
+        }
+        componentPersistent.setPurl(result.purl);
+        componentPersistent.setPurlCoordinates(result.purlCoordinates);
+        componentPersistent.setVersion(result.version);
+        componentPersistent.setMd5(result.md5);
+        componentPersistent.setSha1(result.sha1);
+        componentPersistent.setSha256(result.sha256);
+        componentPersistent.setSha384(result.sha384);
+        componentPersistent.setSha512(result.sha512);
+        componentPersistent.setSha3_256(result.sha3_256);
+        componentPersistent.setSha3_384(result.sha3_384);
+        componentPersistent.setSha3_512(result.sha3_512);
+
+        var project = new Project();
+        if (result.projectId != null) {
+            project.setId(result.projectId);
+        }
+        project.setAuthor(result.projectAuthor);
+        if (result.projectActive != null) {
+            project.setActive(result.projectActive);
+        }
+        project.setDescription(result.projectDescription);
+        project.setCpe(result.projectCpe);
+        project.setPurl(result.projectPurl);
+        project.setSwidTagId(result.projectSwidTagId);
+        project.setPublisher(result.projectPublisher);
+        if (result.projectExternalReferences != null) {
+            project.setExternalReferences(SerializationUtils.deserialize(result.projectExternalReferences));
+        }
+        project.setLastInheritedRiskScore(result.projectLastInheritedRiskScore);
+        if (result.projectClassifier != null) {
+            project.setClassifier(Classifier.valueOf(result.projectClassifier));
+        }
+        project.setDirectDependencies(result.projectDirectDependencies);
+        project.setLastBomImport(result.lastBomImport);
+        project.setLastBomImportFormat(result.lastBomImportFormat);
+        project.setName(result.projectName);
+        if (result.projectUuid != null) {
+            project.setUuid(UUID.fromString(result.projectUuid));
+        }
+        project.setVersion(result.projectVersion);
+        componentPersistent.setProject(project);
+
+        var license = new License();
+        license.setName(result.licenseName);
+        if (result.licenseUuid != null) {
+            license.setUuid(UUID.fromString(result.licenseUuid));
+        }
+        if (result.isCustomLicense != null) {
+            license.setCustomLicense(result.isCustomLicense);
+        }
+        if (result.isFsfLibre != null) {
+            license.setFsfLibre(result.isFsfLibre);
+        }
+        license.setLicenseId(result.licenseId);
+        if (result.isOsiApproved != null) {
+            license.setOsiApproved(result.isOsiApproved);
+        }
+        license.setName(result.licenseName);
+        componentPersistent.setResolvedLicense(license);
+
+        var componentMetaInformation = new ComponentMetaInformation(result.publishedAt,
+                result.integrityCheckStatus != null ? IntegrityMatchStatus.valueOf(result.integrityCheckStatus) : null,
+                result.lastFetch, result.integrityRepoUrl);
+        componentPersistent.setComponentMetaInformation(componentMetaInformation);
+
+        return componentPersistent;
+    }
+}