Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Policy Violation Display Bug #2043

Closed
SeanWrightFeat opened this issue Oct 13, 2022 · 4 comments
Closed

Policy Violation Display Bug #2043

SeanWrightFeat opened this issue Oct 13, 2022 · 4 comments
Labels
defect Something isn't working
Milestone
4.6.1

Comments

@SeanWrightFeat
Copy link

Current Behavior:

When viewing the Policy Violation of a project, it is not displaying the State or Policy Name in the table. When you delete the policy and recreate it, it then shows. However it disappears as soon as you change any view options on the table, such as sorting the items in the table or changing the amount of items to display.

Steps to Reproduce:

View the Policy Violation section of a project.

Expected Behavior:

Be able to see the State and Policy Name fields.

Environment:

  • Dependency-Track Version: 4.6.0
  • Distribution: Docker
  • BOM Format & Version: N/A
  • Database Server: PostgreSQL
  • Browser: Brave and Firefox

Additional Details:

Here is a screenshot showing the issue:
image
@nscuro nscuro added defect Something isn't working and removed in triage labels Oct 13, 2022
@nscuro nscuro added this to the 4.6.1 milestone Oct 13, 2022
@nscuro
Copy link
Member

nscuro commented Oct 13, 2022

Thanks for reporting @SeanWrightFeat!

Was able to reproduce and have a fix in the pipeline. Once again our ORM is shining with some quirky lazy loading behavior...

As this is impacting a core feature of DT, We'll most likely push a bugfix release out for it.

@SeanWrightFeat
Copy link
Author

@nscuro thank you for getting onto this so quickly! I really appreciate it. Please shout if there's anything at all that I can do to help.

@nscuro nscuro mentioned this issue Oct 13, 2022
Merged
nscuro added a commit to nscuro/dependency-track that referenced this issue Oct 13, 2022
@nscuro
Ensure that policy is part of policy violations API response
fc00022 
DataNucleus would (in some, not all cases) falsely assume that the `violation.policyCondition.policy` field has already been loaded, and would not attempt to fetch it again. This then caused API responses to not contain the `policy` field (DependencyTrack#2043).

The scenario is not reproducible in unit tests, even with regular cache eviction. It is reliably reproducible in running instances using the steps listed in DependencyTrack#2043 though.

Instead of detachment like it's introduced in this PR, another cheap fix would've been to call `violation.getPolicyCondition().getPolicy().getName()` instead of `violation.getPolicyCondition().getPolicy()` in `PolicyQueryManager#getPolicyViolations`. That would force DN to fetch all fields of `Policy`, but I felt like that was too hacky to rely on it.

Signed-off-by: nscuro <nscuro@protonmail.com>
@nscuro
Copy link
Member

nscuro commented Oct 13, 2022

@SeanWrightFeat The fix is now available with version 4.6.1 of the API server / bundled distribution. Release of the frontend was not necessary, so the latest version for that remains 4.6.0. Thanks again for reporting!

@nscuro nscuro closed this as completed Oct 13, 2022
nscuro added a commit to nscuro/dependency-track that referenced this issue Oct 13, 2022
@nscuro
Ensure that policy is part of policy violations API response
f97034c 
DataNucleus would (in some, not all cases) falsely assume that the `violation.policyCondition.policy` field has already been loaded, and would not attempt to fetch it again. This then caused API responses to not contain the `policy` field (DependencyTrack#2043).

The scenario is not reproducible in unit tests, even with regular cache eviction. It is reliably reproducible in running instances using the steps listed in DependencyTrack#2043 though.

Instead of detachment like it's introduced in this PR, another cheap fix would've been to call `violation.getPolicyCondition().getPolicy().getName()` instead of `violation.getPolicyCondition().getPolicy()` in `PolicyQueryManager#getPolicyViolations`. That would force DN to fetch all fields of `Policy`, but I felt like that was too hacky to rely on it.

Signed-off-by: nscuro <nscuro@protonmail.com>
@github-actions
Copy link
Contributor

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
defect Something isn't working
Projects
None yet
Milestone
4.6.1
Development

No branches or pull requests
2 participants
@nscuro @SeanWrightFeat