DependencyTrack · nscuro · Nov 14, 2023 · Jul 6, 2023 · Jul 7, 2023 · Nov 6, 2023
diff --git a/src/main/java/org/dependencytrack/model/Repository.java b/src/main/java/org/dependencytrack/model/Repository.java
@@ -86,6 +86,11 @@ public class Repository implements Serializable {
     @NotNull
     private Boolean internal; // New column, must allow nulls on existing databases
 
+    //New column to determine if authentication is required for a repository
+    @Persistent
+    @Column(name = "AUTHENTICATIONREQUIRED", allowsNull = "true")
+    private Boolean authenticationRequired;
+
     @Persistent
     @Column(name = "USERNAME")
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
@@ -97,7 +102,8 @@ public class Repository implements Serializable {
 
     @Persistent(customValueStrategy = "uuid")
     @Index(name = "REPOSITORY_UUID_IDX") // Cannot be @Unique. Microsoft SQL Server throws an exception
-    @Column(name = "UUID", jdbcType = "VARCHAR", length = 36, allowsNull = "true")  // New column, must allow nulls on existing databases
+    @Column(name = "UUID", jdbcType = "VARCHAR", length = 36, allowsNull = "true")
+    // New column, must allow nulls on existing databases
     @NotNull
     private UUID uuid;
 
@@ -157,6 +163,14 @@ public void setInternal(Boolean internal) {
         this.internal = internal;
     }
 
+    public Boolean isAuthenticationRequired() {
+        return authenticationRequired;
+    }
+
+    public void setAuthenticationRequired(Boolean authenticationRequired) {
+        this.authenticationRequired = authenticationRequired;
+    }
+
     public String getUsername() {
         return username;
     }

diff --git a/src/main/java/org/dependencytrack/persistence/DefaultObjectGenerator.java b/src/main/java/org/dependencytrack/persistence/DefaultObjectGenerator.java
@@ -18,11 +18,11 @@
  */
 package org.dependencytrack.persistence;
 
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
+import alpine.common.logging.Logger;
+import alpine.model.ManagedUser;
+import alpine.model.Permission;
+import alpine.model.Team;
+import alpine.server.auth.PasswordService;
 import org.dependencytrack.RequirementsVerifier;
 import org.dependencytrack.auth.Permissions;
 import org.dependencytrack.model.ConfigPropertyConstants;
@@ -32,11 +32,12 @@
 import org.dependencytrack.parser.spdx.json.SpdxLicenseDetailParser;
 import org.dependencytrack.persistence.defaults.DefaultLicenseGroupImporter;
 import org.dependencytrack.util.NotificationUtil;
-import alpine.common.logging.Logger;
-import alpine.model.ManagedUser;
-import alpine.model.Permission;
-import alpine.model.Team;
-import alpine.server.auth.PasswordService;
+
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
 
 /**
  * Creates default objects on an empty database.
@@ -110,7 +111,7 @@ private void loadDefaultLicenses() {
     private void loadDefaultLicenseGroups() {
         try (QueryManager qm = new QueryManager()) {
             final DefaultLicenseGroupImporter importer = new DefaultLicenseGroupImporter(qm);
-            if (! importer.shouldImport()) {
+            if (!importer.shouldImport()) {
                 return;
             }
             LOGGER.info("Adding default license group definitions to datastore");
@@ -180,7 +181,7 @@ private void loadDefaultPersonas() {
 
     private List<Permission> getPortfolioManagersPermissions(final List<Permission> fullList) {
         final List<Permission> permissions = new ArrayList<>();
-        for (final Permission permission: fullList) {
+        for (final Permission permission : fullList) {
             if (permission.getName().equals(Permissions.Constants.VIEW_PORTFOLIO) ||
                     permission.getName().equals(Permissions.Constants.PORTFOLIO_MANAGEMENT)) {
                 permissions.add(permission);
@@ -191,7 +192,7 @@ private List<Permission> getPortfolioManagersPermissions(final List<Permission>
 
     private List<Permission> getAutomationPermissions(final List<Permission> fullList) {
         final List<Permission> permissions = new ArrayList<>();
-        for (final Permission permission: fullList) {
+        for (final Permission permission : fullList) {
             if (permission.getName().equals(Permissions.Constants.VIEW_PORTFOLIO) ||
                     permission.getName().equals(Permissions.Constants.BOM_UPLOAD)) {
                 permissions.add(permission);
@@ -206,20 +207,20 @@ private List<Permission> getAutomationPermissions(final List<Permission> fullLis
     private void loadDefaultRepositories() {
         try (QueryManager qm = new QueryManager()) {
             LOGGER.info("Synchronizing default repositories to datastore");
-            qm.createRepository(RepositoryType.CPAN, "cpan-public-registry", "https://fastapi.metacpan.org/v1/", true, false);
-            qm.createRepository(RepositoryType.GEM, "rubygems.org", "https://rubygems.org/", true, false);
-            qm.createRepository(RepositoryType.HEX, "hex.pm", "https://hex.pm/", true, false);
-            qm.createRepository(RepositoryType.MAVEN, "central", "https://repo1.maven.org/maven2/", true, false);
-            qm.createRepository(RepositoryType.MAVEN, "atlassian-public", "https://packages.atlassian.com/content/repositories/atlassian-public/", true, false);
-            qm.createRepository(RepositoryType.MAVEN, "jboss-releases", "https://repository.jboss.org/nexus/content/repositories/releases/", true, false);
-            qm.createRepository(RepositoryType.MAVEN, "clojars", "https://repo.clojars.org/", true, false);
-            qm.createRepository(RepositoryType.MAVEN, "google-android", "https://maven.google.com/", true, false);
-            qm.createRepository(RepositoryType.NPM, "npm-public-registry", "https://registry.npmjs.org/", true, false);
-            qm.createRepository(RepositoryType.PYPI, "pypi.org", "https://pypi.org/", true, false);
-            qm.createRepository(RepositoryType.NUGET, "nuget-gallery", "https://api.nuget.org/", true, false);
-            qm.createRepository(RepositoryType.COMPOSER, "packagist", "https://repo.packagist.org/", true, false);
-            qm.createRepository(RepositoryType.CARGO, "crates.io", "https://crates.io", true, false);
-            qm.createRepository(RepositoryType.GO_MODULES, "proxy.golang.org", "https://proxy.golang.org", true, false);
+            qm.createRepository(RepositoryType.CPAN, "cpan-public-registry", "https://fastapi.metacpan.org/v1/", true, false, false, null, null);
+            qm.createRepository(RepositoryType.GEM, "rubygems.org", "https://rubygems.org/", true, false, false, null, null);
+            qm.createRepository(RepositoryType.HEX, "hex.pm", "https://hex.pm/", true, false, false, null, null);
+            qm.createRepository(RepositoryType.MAVEN, "central", "https://repo1.maven.org/maven2/", true, false, false, null, null);
+            qm.createRepository(RepositoryType.MAVEN, "atlassian-public", "https://packages.atlassian.com/content/repositories/atlassian-public/", true, false, false, null, null);
+            qm.createRepository(RepositoryType.MAVEN, "jboss-releases", "https://repository.jboss.org/nexus/content/repositories/releases/", true, false, false, null, null);
+            qm.createRepository(RepositoryType.MAVEN, "clojars", "https://repo.clojars.org/", true, false, false, null, null);
+            qm.createRepository(RepositoryType.MAVEN, "google-android", "https://maven.google.com/", true, false, false, null, null);
+            qm.createRepository(RepositoryType.NPM, "npm-public-registry", "https://registry.npmjs.org/", true, false, false, null, null);
+            qm.createRepository(RepositoryType.PYPI, "pypi.org", "https://pypi.org/", true, false, false, null, null);
+            qm.createRepository(RepositoryType.NUGET, "nuget-gallery", "https://api.nuget.org/", true, false, false, null, null);
+            qm.createRepository(RepositoryType.COMPOSER, "packagist", "https://repo.packagist.org/", true, false, false, null, null);
+            qm.createRepository(RepositoryType.CARGO, "crates.io", "https://crates.io", true, false, false, null, null);
+            qm.createRepository(RepositoryType.GO_MODULES, "proxy.golang.org", "https://proxy.golang.org", true, false, false, null, null);
         }
     }
 

diff --git a/src/main/java/org/dependencytrack/persistence/QueryManager.java b/src/main/java/org/dependencytrack/persistence/QueryManager.java
@@ -649,7 +649,7 @@ public ViolationAnalysis getViolationAnalysis(Component component, PolicyViolati
     }
 
     public ViolationAnalysis makeViolationAnalysis(Component component, PolicyViolation policyViolation,
-                                 ViolationAnalysisState violationAnalysisState, Boolean isSuppressed) {
+                                                   ViolationAnalysisState violationAnalysisState, Boolean isSuppressed) {
         return getPolicyQueryManager().makeViolationAnalysis(component, policyViolation, violationAnalysisState, isSuppressed);
     }
 
@@ -774,14 +774,14 @@ public AffectedVersionAttribution getAffectedVersionAttribution(Vulnerability vu
     }
 
     public void updateAffectedVersionAttributions(final Vulnerability vulnerability,
-                                                                              final List<VulnerableSoftware> vsList,
-                                                                              final Vulnerability.Source source) {
+                                                  final List<VulnerableSoftware> vsList,
+                                                  final Vulnerability.Source source) {
         getVulnerabilityQueryManager().updateAffectedVersionAttributions(vulnerability, vsList, source);
     }
 
     public void updateAffectedVersionAttribution(final Vulnerability vulnerability,
-                                                                       final VulnerableSoftware vulnerableSoftware,
-                                                                       final Vulnerability.Source source) {
+                                                 final VulnerableSoftware vulnerableSoftware,
+                                                 final Vulnerability.Source source) {
         getVulnerabilityQueryManager().updateAffectedVersionAttribution(vulnerability, vulnerableSoftware, source);
     }
 
@@ -814,8 +814,8 @@ public List<VulnerableSoftware> getAllVulnerableSoftwareByCpe(final String cpeSt
     }
 
     public VulnerableSoftware getVulnerableSoftwareByPurl(String purlType, String purlNamespace, String purlName,
-                                                           String versionEndExcluding, String versionEndIncluding,
-                                                           String versionStartExcluding, String versionStartIncluding) {
+                                                          String versionEndExcluding, String versionEndIncluding,
+                                                          String versionStartExcluding, String versionStartIncluding) {
         return getVulnerableSoftwareQueryManager().getVulnerableSoftwareByPurl(purlType, purlNamespace, purlName, versionEndExcluding, versionEndIncluding, versionStartExcluding, versionStartIncluding);
     }
 
@@ -1101,12 +1101,12 @@ public boolean repositoryExist(RepositoryType type, String identifier) {
         return getRepositoryQueryManager().repositoryExist(type, identifier);
     }
 
-    public Repository createRepository(RepositoryType type, String identifier, String url, boolean enabled, boolean internal) {
-        return getRepositoryQueryManager().createRepository(type, identifier, url, enabled, internal);
+    public Repository createRepository(RepositoryType type, String identifier, String url, boolean enabled, boolean internal, boolean isAuthenticationRequired, String username, String password) {
+        return getRepositoryQueryManager().createRepository(type, identifier, url, enabled, internal, isAuthenticationRequired, username, password);
     }
 
-    public Repository updateRepository(UUID uuid, String identifier, String url, boolean internal, String username, String password, boolean enabled) {
-        return getRepositoryQueryManager().updateRepository(uuid, identifier, url, internal, username, password, enabled);
+    public Repository updateRepository(UUID uuid, String identifier, String url, boolean internal, boolean authenticationRequired, String username, String password, boolean enabled) {
+        return getRepositoryQueryManager().updateRepository(uuid, identifier, url, internal, authenticationRequired, username, password, enabled);
     }
 
     public RepositoryMetaComponent getRepositoryMetaComponent(RepositoryType repositoryType, String namespace, String name) {
@@ -1439,4 +1439,4 @@ public List<RepositoryMetaComponent> getRepositoryMetaComponentsBatch(final List
 
         return results;
     }
-}
+}