Fix version distance policy being evaluated despite not being configured

Co-authored-by: nscuro <[email protected]> Signed-off-by: vithikashukla <[email protected]>
DependencyTrack · Oct 23, 2023 · 1bfba77 · 1bfba77
1 parent 2ab3c63
commit 1bfba77
Showing 1 changed file with 17 additions and 3 deletions.
diff --git a/src/main/java/org/dependencytrack/policy/VersionDistancePolicyEvaluator.java b/src/main/java/org/dependencytrack/policy/VersionDistancePolicyEvaluator.java
@@ -64,7 +64,12 @@ public PolicyCondition.Subject supportedSubject() {
     @Override
     public List<PolicyConditionViolation> evaluate(final Policy policy, final Component component) {
         final var violations = new ArrayList<PolicyConditionViolation>();
-        if (component.getPurl() == null) {
+        if (component.getPurl() == null || component.getVersion() == null) {
+            return violations;
+        }
+
+        final List<PolicyCondition> conditions = super.extractSupportedConditions(policy);
+        if (conditions.isEmpty()) {
             return violations;
         }
 
@@ -83,9 +88,18 @@ public List<PolicyConditionViolation> evaluate(final Policy policy, final Compon
             return violations;
         }
 
-        final var versionDistance = VersionDistance.getVersionDistance(component.getVersion(),metaComponent.getLatestVersion());
+        final VersionDistance versionDistance;
+        try {
+            versionDistance = VersionDistance.getVersionDistance(component.getVersion(), metaComponent.getLatestVersion());
+        } catch (RuntimeException e) {
+            LOGGER.warn("""
+                    Failed to compute version distance for component %s (UUID: %s), \
+                    between component version %s and latest version %s; Skipping\
+                    """.formatted(component, component.getUuid(), component.getVersion(), metaComponent.getLatestVersion()), e);
+            return violations;
+        }
 
-        for (final PolicyCondition condition : super.extractSupportedConditions(policy)) {
+        for (final PolicyCondition condition : conditions) {
             if (isDirectDependency(component) && evaluate(condition, versionDistance)) {
                 violations.add(new PolicyConditionViolation(condition, component));
             }