-
-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Affected projects tab not updated when switching between aliases #481
Comments
@sephiroth-j Are you willing to help out on this one? |
I can take a look but it would help a lot if you can share a sbom with a suitable sample project (one that has a vulnerability with an alias). |
Hree's two SBOMs. One affected by |
I just wanted to report back that I found the error and fixed it. In the process I found other errors in the tab handling and also in the backend. I will report back later. |
As mentioned in my previous comment, there are several issues.
http://localhost:8080/api/v1/vulnerability/source/NVD/vuln/CVE-2023-29197/projects?searchText= [{"name":"issue-481","version":"2","classifier":"APPLICATION","directDependencies":"[{\"name\":\"installers\",\"purl\":\"pkg:composer/composer/installers@1.12.0\",\"uuid\":\"7f7b2116-dc9f-4d06-abaf-74f0e72d7918\",\"version\":\"1.12.0\",\"group\":\"composer\",\"purlCoordinates\":\"pkg:composer/composer/installers@1.12.0\",\"objectType\":\"COMPONENT\"},{\"name\":\"shopware-sentry\",\"purl\":\"pkg:composer/onedrop/shopware-sentry@2.0.5\",\"uuid\":\"3267e769-292b-48e5-b8fb-05a332d37fdd\",\"version\":\"2.0.5\",\"group\":\"onedrop\",\"purlCoordinates\":\"pkg:composer/onedrop/shopware-sentry@2.0.5\",\"objectType\":\"COMPONENT\"},{\"name\":\"shopware\",\"purl\":\"pkg:composer/shopware/shopware@5.7.6\",\"uuid\":\"7b2abf7d-3671-4f3e-a1df-80e06ed5cbdd\",\"version\":\"5.7.6\",\"group\":\"shopware\",\"purlCoordinates\":\"pkg:composer/shopware/shopware@5.7.6\",\"objectType\":\"COMPONENT\"},{\"name\":\"ontiussimplesearch\",\"purl\":\"pkg:composer/store.shopware.com/ontiussimplesearch@4.1.59\",\"uuid\":\"6d105fd9-fb29-4fdd-bb19-5a76f80fc9d1\",\"version\":\"4.1.59\",\"group\":\"store.shopware.com\",\"purlCoordinates\":\"pkg:composer/store.shopware.com/ontiussimplesearch@4.1.59\",\"objectType\":\"COMPONENT\"},{\"name\":\"phpdotenv\",\"purl\":\"pkg:composer/vlucas/phpdotenv@3.6.10\",\"uuid\":\"85b91a80-f306-407d-9548-7fd8c9cd1cc3\",\"version\":\"3.6.10\",\"group\":\"vlucas\",\"purlCoordinates\":\"pkg:composer/vlucas/phpdotenv@3.6.10\",\"objectType\":\"COMPONENT\"},{\"name\":\"wbm-tag-manager\",\"purl\":\"pkg:composer/webmatch/wbm-tag-manager@3.5.6\",\"uuid\":\"2ba6330d-d718-42fb-b62f-f35b2af00dc8\",\"version\":\"3.5.6\",\"group\":\"webmatch\",\"purlCoordinates\":\"pkg:composer/webmatch/wbm-tag-manager@3.5.6\",\"objectType\":\"COMPONENT\"},{\"name\":\"composer-git-hooks-standard\",\"purl\":\"pkg:composer/redacted/composer-git-hooks-standard@2.1.0?checksum=sha1%3A858ad6c5329ba062233514352c336311bf92ddbc\",\"uuid\":\"63f6fc8a-eebd-4e45-b776-d91809bad9ba\",\"version\":\"2.1.0\",\"group\":\"redacted\",\"purlCoordinates\":\"pkg:composer/redacted/composer-git-hooks-standard@2.1.0\",\"objectType\":\"COMPONENT\"},{\"name\":\"php-code-sniffer-baseliner\",\"purl\":\"pkg:composer/redacted/php-code-sniffer-baseliner@2.1.1\",\"uuid\":\"6735ff10-bc44-4178-8819-047cbb145fcb\",\"version\":\"2.1.1\",\"group\":\"redacted\",\"purlCoordinates\":\"pkg:composer/redacted/php-code-sniffer-baseliner@2.1.1\",\"objectType\":\"COMPONENT\"},{\"name\":\"php-code-sniffer-standard\",\"purl\":\"pkg:composer/redacted/php-code-sniffer-standard@19.0.0\",\"uuid\":\"3e3dcd03-f48f-4c49-bc3c-f3fab0f486a2\",\"version\":\"19.0.0\",\"group\":\"redacted\",\"purlCoordinates\":\"pkg:composer/redacted/php-code-sniffer-standard@19.0.0\",\"objectType\":\"COMPONENT\"},{\"name\":\"extension-installer\",\"purl\":\"pkg:composer/phpstan/extension-installer@1.1.0\",\"uuid\":\"0d9d75dd-cacc-4948-af03-3f6edbb41f8b\",\"version\":\"1.1.0\",\"group\":\"phpstan\",\"purlCoordinates\":\"pkg:composer/phpstan/extension-installer@1.1.0\",\"objectType\":\"COMPONENT\"},{\"name\":\"phpstan\",\"purl\":\"pkg:composer/phpstan/phpstan@1.5.7\",\"uuid\":\"857c7d42-47e9-43ca-a8f0-0907b369e20f\",\"version\":\"1.5.7\",\"group\":\"phpstan\",\"purlCoordinates\":\"pkg:composer/phpstan/phpstan@1.5.7\",\"objectType\":\"COMPONENT\"},{\"name\":\"phpstan-strict-rules\",\"purl\":\"pkg:composer/phpstan/phpstan-strict-rules@1.1.0\",\"uuid\":\"3b12c708-41d3-4733-ae8e-e23734f9214a\",\"version\":\"1.1.0\",\"group\":\"phpstan\",\"purlCoordinates\":\"pkg:composer/phpstan/phpstan-strict-rules@1.1.0\",\"objectType\":\"COMPONENT\"}]","uuid":"66f62111-c0c2-4dcb-82cf-c80f30894770","properties":[],"tags":[],"lastBomImport":1685297363288,"lastBomImportFormat":"CycloneDX 1.4","lastInheritedRiskScore":35.0,"active":true}] The alias for this is GHSA-wxmh-65f7-jcvw. However, the response to this is an empty array. []
I have fixed the first problem and the tab handling issues on the |
fixes DependencyTrack#481 Signed-off-by: Ronny Perinke <23166289+sephiroth-j@users.noreply.github.com>
filed DependencyTrack/dependency-track/issues/2794 for the backend issue |
Current Behavior
When viewing a vulnerability, it shows the number of affected projects in the header of that tab. When switching to an alias the screen gets updated with the data from the alias, but the affected project tab does not get updated. The affected number of projects is/will probably be wrong in this case.
Steps to Reproduce
Expected Behavior
The affected projects tab should be updated when switching between aliases.
I can see in the Bootstrap code this tab is "hardcodedly injected" and not tied to any bootstrap lifecycle or events.
Dependency-Track Frontend Version
4.8.0
Browser
Google Chrome
Browser Version
No response
Operating System
Windows
Checklist
The text was updated successfully, but these errors were encountered: