Skip to content

SCA-5460: added support for updateType in AsyncCheckPolicyComplianceR… #126

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
MuhammadAEws wants to merge 1 commit into
base: master
Choose a base branch
from
Open

SCA-5460: added support for updateType in AsyncCheckPolicyComplianceR… #126

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions ...i/src/main/java/org/whitesource/agent/api/dispatch/AsyncCheckPolicyComplianceRequest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ public class AsyncCheckPolicyComplianceRequest extends BaseRequest<AsyncCheckPol
*/
protected boolean populateVulnerabilities;

private UpdateType updateType = null;
/* --- Constructors --- */

/**
Expand Down Expand Up @@ -110,6 +111,30 @@ public AsyncCheckPolicyComplianceRequest(String orgToken, String product, String
this.logData = logData;
this.productToken = productToken;
}
/**
* Constructor
*
* @param orgToken Organization token uniquely identifying the account at white source.
* @param product The product name or token to update.
* @param productVersion The product version.
* @param projects Open Source usage statement to check against policies.
* @param forceCheckAllDependencies Boolean to check new data only or not.
* @param userKey user key uniquely identifying the account at white source.
* @param requesterEmail Email of the WhiteSource user that requests to update WhiteSource.
* @param logData list of FSA's log data events
* @param productToken The product token
*/
public AsyncCheckPolicyComplianceRequest(String orgToken, String product, String productVersion, Collection<AgentProjectInfo> projects, boolean forceCheckAllDependencies,
String userKey, String requesterEmail, String logData, String productToken, UpdateType updateType) {
this(orgToken, projects, forceCheckAllDependencies);
this.product = product;
this.productVersion = productVersion;
this.userKey = userKey;
this.requesterEmail = requesterEmail;
this.logData = logData;
this.productToken = productToken;
this.updateType = updateType;
}

/**
* Constructor
Expand Down Expand Up @@ -182,4 +207,17 @@ public boolean isPopulateVulnerabilities() {
public void setPopulateVulnerabilities(boolean populateVulnerabilities) {
this.populateVulnerabilities = populateVulnerabilities;
}
/**
* @return Request UpdateType
*/
public UpdateType getUpdateType() {
return updateType;
}

/**
* @param updateType Request UpdateType
*/
public void setUpdateType(UpdateType updateType) {
this.updateType = updateType;
}
}
2 changes: 2 additions & 0 deletions wss-agent-client/src/main/java/org/whitesource/agent/client/WssServiceClientImpl.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -470,6 +470,8 @@ protected <R> HttpRequestBase createHttpRequest(ServiceRequest<R> request) throw
break;
case CHECK_POLICY_COMPLIANCE:
case ASYNC_CHECK_POLICY_COMPLIANCE:
AsyncCheckPolicyComplianceRequest asyncCheckPolicyComplianceRequest = (AsyncCheckPolicyComplianceRequest) request;
if (asyncCheckPolicyComplianceRequest.getUpdateType() != null) nvps.add(new BasicNameValuePair(APIConstants.PARAM_UPDATE_TYPE, asyncCheckPolicyComplianceRequest.getUpdateType().toString()));
jsonDiff = handleCheckPolicyReq(nvps, request);
Comment on lines +473 to 475

@coderabbitai coderabbitai Bot May 25, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify the mixed-case branch and unsafe cast context.
rg -nP --type=java -C4 'case CHECK_POLICY_COMPLIANCE|case ASYNC_CHECK_POLICY_COMPLIANCE|\(AsyncCheckPolicyComplianceRequest\)\s*request'

Repository: whitesource/agents

Length of output: 5796

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Locate the two request classes
fd -t f 'class CheckPolicyComplianceRequest' -a . >/dev/null 2>&1 || true
fd -t f 'CheckPolicyComplianceRequest' wss-agent-client/src/main/java -e* >/dev/null 2>&1 || true
fd -t f 'AsyncCheckPolicyComplianceRequest' wss-agent-client/src/main/java -e* >/dev/null 2>&1 || true

# Show the actual class declarations (and any inheritance) for both
for f in $(rg -l --type=java 'class\s+CheckPolicyComplianceRequest\b' wss-agent-client/src/main/java || true); do
  echo "---- $f ----"
  rg -n --type=java -m1 'class\s+CheckPolicyComplianceRequest\b' "$f"
  rg -n --type=java 'extends\s+|implements\s+' "$f" || true
done

for f in $(rg -l --type=java 'class\s+AsyncCheckPolicyComplianceRequest\b' wss-agent-client/src/main/java || true); do
  echo "---- $f ----"
  rg -n --type=java -m1 'class\s+AsyncCheckPolicyComplianceRequest\b' "$f"
  rg -n --type=java 'extends\s+|implements\s+' "$f" || true
done

# Inspect handleCheckPolicyReq signature/body to see expected request type
rg -n --type=java 'handleCheckPolicyReq\s*\(' wss-agent-client/src/main/java/org/whitesource/agent/client/WssServiceClientImpl.java
rg -n --type=java 'handleCheckPolicyReq\s*\(' wss-agent-client/src/main/java/org/whitesource/agent/client -S

Repository: whitesource/agents

Length of output: 576

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Find where these request types are declared (any module)
rg -l --type=java 'class\s+CheckPolicyComplianceRequest\b' .
rg -l --type=java 'class\s+AsyncCheckPolicyComplianceRequest\b' .

# Print the declaration lines + any extends/implements on those files
for f in $(rg -l --type=java 'class\s+CheckPolicyComplianceRequest\b' .); do
  echo "---- $f : CheckPolicyComplianceRequest ----"
  rg -n --type=java -m1 'class\s+CheckPolicyComplianceRequest\b' "$f"
  rg -n --type=java -m1 '(extends|implements)\s' "$f" || true
done

for f in $(rg -l --type=java 'class\s+AsyncCheckPolicyComplianceRequest\b' .); do
  echo "---- $f : AsyncCheckPolicyComplianceRequest ----"
  rg -n --type=java -m1 'class\s+AsyncCheckPolicyComplianceRequest\b' "$f"
  rg -n --type=java -m1 '(extends|implements)\s' "$f" || true
done

# Also check whether CheckPolicyComplianceRequest is an instance of AsyncCheckPolicyComplianceRequest via inheritance:
# search for "extends AsyncCheckPolicyComplianceRequest" / "implements AsyncCheckPolicyComplianceRequest" patterns
rg -n --type=java '(extends|implements)\s+AsyncCheckPolicyComplianceRequest' . || true

Repository: whitesource/agents

Length of output: 957

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# 1) Find the switch(requestType) block inside WssServiceClientImpl
rg -n --type=java 'switch\s*\(\s*requestType\s*\)' wss-agent-client/src/main/java/org/whitesource/agent/client/WssServiceClientImpl.java
rg -n --type=java 'CHECK_POLICY_COMPLIANCE|ASYNC_CHECK_POLICY_COMPLIANCE' wss-agent-client/src/main/java/org/whitesource/agent/client/WssServiceClientImpl.java -n

# 2) Locate where requestType comes from (search for method that sets/uses requestType)
# Look for 'requestType =' assignments and the method signature that receives request + requestType.
rg -n --type=java '(requestType\s*=|private\s+.*requestType|public\s+.*requestType|enum\s+.*requestType)' wss-agent-client/src/main/java/org/whitesource/agent/client/WssServiceClientImpl.java || true

# 3) Inspect relevant methods by printing a small window around the shared cases
# We'll print around the line range for the switch branch.
sed -n '430,520p' wss-agent-client/src/main/java/org/whitesource/agent/client/WssServiceClientImpl.java | cat -n

# 4) Search for usage of CHECK_POLICY_COMPLIANCE in dispatch/other module code
rg -n --type=java '\bCHECK_POLICY_COMPLIANCE\b' . | head -n 50

Repository: whitesource/agents

Length of output: 7701

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Inspect Request base classes for how request.type() is implemented
rg -n --type=java 'class\s+BaseRequest\b|interface\s+ServiceRequest\b|type\(\)\s*\{' -S wss-agent-api/src/main/java/org/whitesource/agent/api/dispatch || true
rg -n --type=java 'RequestType\s+type\s*\(\s*\)' -S . || true
rg -n --type=java '\btype\(\)\b' wss-agent-api/src/main/java/org/whitesource/agent/api/dispatch -S || true

# Inspect constructors / methods in the two request classes
sed -n '1,120p' wss-agent-api/src/main/java/org/whitesource/agent/api/dispatch/CheckPolicyComplianceRequest.java | cat -n
sed -n '1,160p' wss-agent-api/src/main/java/org/whitesource/agent/api/dispatch/AsyncCheckPolicyComplianceRequest.java | cat -n

rg -n --type=java '\bgetUpdateType\b|updateType' wss-agent-api/src/main/java/org/whitesource/agent/api/dispatch/CheckPolicyComplianceRequest.java
rg -n --type=java '\bgetUpdateType\b|updateType' wss-agent-api/src/main/java/org/whitesource/agent/api/dispatch/AsyncCheckPolicyComplianceRequest.java

# Re-open the exact switch case in WssServiceClientImpl for context
sed -n '420,510p' wss-agent-client/src/main/java/org/whitesource/agent/client/WssServiceClientImpl.java | cat -n

Repository: whitesource/agents

Length of output: 15899

🏁 Script executed:

#!/bin/bash
set -euo pipefail

sed -n '510,620p' wss-agent-client/src/main/java/org/whitesource/agent/client/WssServiceClientImpl.java | cat -n

Repository: whitesource/agents

Length of output: 5283

🏁 Script executed:

#!/bin/bash
set -euo pipefail

sed -n '1,220p' wss-agent-api/src/main/java/org/whitesource/agent/api/dispatch/BaseRequest.java | cat -n

Repository: whitesource/agents

Length of output: 6555

Split CHECK_POLICY_COMPLIANCE and ASYNC_CHECK_POLICY_COMPLIANCE to avoid ClassCastException.

WssServiceClientImpl handles both request types in the same switch block and immediately casts request to AsyncCheckPolicyComplianceRequest. For CHECK_POLICY_COMPLIANCE, callers pass CheckPolicyComplianceRequest (different class), so this cast can fail at runtime.

Proposed fix 
             case CHECK_POLICY_COMPLIANCE:
+                jsonDiff = handleCheckPolicyReq(nvps, request);
+                break;
             case ASYNC_CHECK_POLICY_COMPLIANCE:
                 AsyncCheckPolicyComplianceRequest asyncCheckPolicyComplianceRequest = (AsyncCheckPolicyComplianceRequest) request;
-                if (asyncCheckPolicyComplianceRequest.getUpdateType() != null) nvps.add(new BasicNameValuePair(APIConstants.PARAM_UPDATE_TYPE, asyncCheckPolicyComplianceRequest.getUpdateType().toString()));
+                if (asyncCheckPolicyComplianceRequest.getUpdateType() != null) {
+                    nvps.add(new BasicNameValuePair(APIConstants.PARAM_UPDATE_TYPE, asyncCheckPolicyComplianceRequest.getUpdateType().toString()));
+                }
                 jsonDiff = handleCheckPolicyReq(nvps, request);
                 break;
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@wss-agent-client/src/main/java/org/whitesource/agent/client/WssServiceClientImpl.java`
around lines 473 - 475, The switch currently treats CHECK_POLICY_COMPLIANCE and
ASYNC_CHECK_POLICY_COMPLIANCE the same and unconditionally casts request to
AsyncCheckPolicyComplianceRequest, causing ClassCastException; update the
WssServiceClientImpl switch to handle the two cases separately: for
ASYNC_CHECK_POLICY_COMPLIANCE cast to AsyncCheckPolicyComplianceRequest and add
the updateType NVPair (using asyncCheckPolicyComplianceRequest.getUpdateType()),
and for CHECK_POLICY_COMPLIANCE treat request as CheckPolicyComplianceRequest
(no cast to Async...) and call handleCheckPolicyReq(nvps, request) accordingly
so jsonDiff is set without invalid casts; locate the logic around
AsyncCheckPolicyComplianceRequest, CheckPolicyComplianceRequest,
handleCheckPolicyReq, CHECK_POLICY_COMPLIANCE and ASYNC_CHECK_POLICY_COMPLIANCE
and split the branches to avoid the unsafe cast.

break;
case ASYNC_CHECK_POLICY_COMPLIANCE_STATUS:
Expand Down