Merge pull request #600 from DependencyTrack/revert-579-issue-1077-im…

…prove-unnecessary-varchar-columns Revert "Remove unnecessary length constraints from VARCHAR(N) columns"
DependencyTrack · Feb 28, 2024 · 26ad987 · 26ad987
2 parents b1c3b0d + d1eda3d
commit 26ad987
Show file tree

Hide file tree

Showing 34 changed files with 222 additions and 447 deletions.
diff --git a/src/main/java/org/dependencytrack/model/Analysis.java b/src/main/java/org/dependencytrack/model/Analysis.java
@@ -69,17 +69,17 @@ public class Analysis implements Serializable {
     private Vulnerability vulnerability;
 
     @Persistent(defaultFetchGroup = "true")
-    @Column(name = "STATE", jdbcType = "CLOB", allowsNull = "false")
+    @Column(name = "STATE", jdbcType = "VARCHAR", allowsNull = "false")
     @NotNull
     private AnalysisState analysisState;
 
     @Persistent(defaultFetchGroup = "true")
-    @Column(name = "JUSTIFICATION", jdbcType = "CLOB", allowsNull = "true")
+    @Column(name = "JUSTIFICATION", jdbcType = "VARCHAR", allowsNull = "true")
     @NotNull
     private AnalysisJustification analysisJustification;
 
     @Persistent(defaultFetchGroup = "true")
-    @Column(name = "RESPONSE", jdbcType = "CLOB", allowsNull = "true")
+    @Column(name = "RESPONSE", jdbcType = "VARCHAR", allowsNull = "true")
     @NotNull
     private AnalysisResponse analysisResponse;
 
@@ -98,12 +98,12 @@ public class Analysis implements Serializable {
     private boolean suppressed;
 
     @Persistent(defaultFetchGroup = "true")
-    @Column(name = "SEVERITY", jdbcType = "CLOB")
+    @Column(name = "SEVERITY")
     @JsonProperty(value = "severity")
     private Severity severity;
 
     @Persistent
-    @Column(name = "CVSSV2VECTOR", jdbcType = "CLOB")
+    @Column(name = "CVSSV2VECTOR")
     @JsonProperty(value = "cvssV2Vector")
     private String cvssV2Vector;
 
@@ -113,7 +113,7 @@ public class Analysis implements Serializable {
     private BigDecimal cvssV2Score;
 
     @Persistent
-    @Column(name = "CVSSV3VECTOR", jdbcType = "CLOB")
+    @Column(name = "CVSSV3VECTOR")
     @JsonProperty(value = "cvssV3Vector")
     private String cvssV3Vector;
 
@@ -123,7 +123,7 @@ public class Analysis implements Serializable {
     private BigDecimal cvssV3Score;
 
     @Persistent
-    @Column(name = "OWASPVECTOR", jdbcType = "CLOB")
+    @Column(name = "OWASPVECTOR")
     @JsonProperty(value = "owaspVector")
     private String owaspVector;
 

diff --git a/src/main/java/org/dependencytrack/model/AnalysisComment.java b/src/main/java/org/dependencytrack/model/AnalysisComment.java
@@ -66,7 +66,7 @@ public class AnalysisComment implements Serializable {
     private String comment;
 
     @Persistent(defaultFetchGroup = "true")
-    @Column(name = "COMMENTER", jdbcType = "CLOB")
+    @Column(name = "COMMENTER")
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     private String commenter;
 

diff --git a/src/main/java/org/dependencytrack/model/Bom.java b/src/main/java/org/dependencytrack/model/Bom.java
@@ -76,19 +76,19 @@ public String getFormatLongName() {
     private Date imported;
 
     @Persistent
-    @Column(name = "BOM_FORMAT", jdbcType = "CLOB")
+    @Column(name = "BOM_FORMAT")
     private String bomFormat;
 
     @Persistent
-    @Column(name = "SPEC_VERSION", jdbcType = "CLOB")
+    @Column(name = "SPEC_VERSION")
     private String specVersion;
 
     @Persistent
     @Column(name = "BOM_VERSION")
     private Integer bomVersion;
 
     @Persistent
-    @Column(name = "SERIAL_NUMBER", jdbcType = "CLOB")
+    @Column(name = "SERIAL_NUMBER")
     private String serialNumber;
 
     @Persistent(defaultFetchGroup = "true")

diff --git a/src/main/java/org/dependencytrack/model/Component.java b/src/main/java/org/dependencytrack/model/Component.java
@@ -27,6 +27,7 @@
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import com.github.packageurl.MalformedPackageURLException;
 import com.github.packageurl.PackageURL;
+import org.apache.commons.lang3.StringUtils;
 import org.dependencytrack.model.validation.ValidSpdxExpression;
 import org.dependencytrack.persistence.converter.OrganizationalEntityJsonConverter;
 import org.dependencytrack.resources.v1.serializers.CustomPackageURLSerializer;
@@ -49,6 +50,7 @@
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Pattern;
+import javax.validation.constraints.Size;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -115,7 +117,8 @@ public enum FetchGroup {
     private String author;
 
     @Persistent
-    @Column(name = "PUBLISHER", jdbcType = "CLOB")
+    @Column(name = "PUBLISHER", jdbcType = "VARCHAR")
+    @Size(max = 255)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The publisher may only contain printable characters")
     private String publisher;
 
@@ -125,39 +128,44 @@ public enum FetchGroup {
     private OrganizationalEntity supplier;
 
     @Persistent
-    @Column(name = "GROUP", jdbcType = "CLOB")
+    @Column(name = "GROUP", jdbcType = "VARCHAR")
     @Index(name = "COMPONENT_GROUP_IDX")
+    @Size(max = 255)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The group may only contain printable characters")
     private String group;
 
     @Persistent
-    @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB")
+    @Column(name = "NAME", jdbcType = "VARCHAR", allowsNull = "false")
     @Index(name = "COMPONENT_NAME_IDX")
     @NotBlank
+    @Size(min = 1, max = 255)
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The name may only contain printable characters")
     private String name;
 
     @Persistent
-    @Column(name = "VERSION", jdbcType = "CLOB")
+    @Column(name = "VERSION", jdbcType = "VARCHAR")
+    @Size(max = 255)
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The version may only contain printable characters")
     private String version;
 
     @Persistent
-    @Column(name = "CLASSIFIER", jdbcType = "CLOB")
+    @Column(name = "CLASSIFIER", jdbcType = "VARCHAR")
     @Index(name = "COMPONENT_CLASSIFIER_IDX")
     @Extension(vendorName = "datanucleus", key = "enum-check-constraint", value = "true")
     private Classifier classifier;
 
     @Persistent
-    @Column(name = "FILENAME", jdbcType = "CLOB")
+    @Column(name = "FILENAME", jdbcType = "VARCHAR")
+    @Size(max = 255)
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.FS_DIRECTORY_NAME, message = "The specified filename is not valid and cannot be used as a filename")
     private String filename;
 
     @Persistent
-    @Column(name = "EXTENSION", jdbcType = "CLOB")
+    @Column(name = "EXTENSION", jdbcType = "VARCHAR")
+    @Size(max = 255)
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.FS_FILE_NAME, message = "The specified filename extension is not valid and cannot be used as a extension")
     private String extension;
@@ -236,28 +244,31 @@ public enum FetchGroup {
 
     @Persistent
     @Index(name = "COMPONENT_CPE_IDX")
-    @Column(name = "CPE", jdbcType = "CLOB")
+    @Column(name = "CPE")
+    @Size(max = 255)
     //Patterns obtained from https://csrc.nist.gov/schema/cpe/2.3/cpe-naming_2.3.xsd
     @Pattern(regexp = "(cpe:2\\.3:[aho\\*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!\"#$$%&'\\(\\)\\+,/:;<=>@\\[\\]\\^`\\{\\|}~]))+(\\?*|\\*?))|[\\*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\\*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!\"#$$%&'\\(\\)\\+,/:;<=>@\\[\\]\\^`\\{\\|}~]))+(\\?*|\\*?))|[\\*\\-])){4})|([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9\\._\\-~%]*){0,6})", message = "The CPE must conform to the CPE v2.2 or v2.3 specification defined by NIST")
     private String cpe;
 
     @Persistent(defaultFetchGroup = "true")
     @Index(name = "COMPONENT_PURL_IDX")
-    @Column(name = "PURL", jdbcType = "CLOB")
+    @Column(name = "PURL", jdbcType = "VARCHAR", length = 1024)
+    @Size(max = 1024)
     @com.github.packageurl.validator.PackageURL
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     private String purl;
 
     @Persistent(defaultFetchGroup = "true")
     @Index(name = "COMPONENT_PURL_COORDINATES_IDX")
-    @Column(name = "PURLCOORDINATES", jdbcType = "CLOB")
+    @Size(max = 255)
     @com.github.packageurl.validator.PackageURL
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     private String purlCoordinates; // Field should contain only type, namespace, name, and version. Everything up to the qualifiers
 
     @Persistent
-    @Column(name = "SWIDTAGID", jdbcType = "CLOB")
+    @Column(name = "SWIDTAGID")
     @Index(name = "COMPONENT_SWID_TAGID_IDX")
+    @Size(max = 255)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The SWID tagId may only contain printable characters")
     private String swidTagId;
 
@@ -267,19 +278,22 @@ public enum FetchGroup {
     private Boolean internal;
 
     @Persistent
-    @Column(name = "DESCRIPTION", jdbcType = "CLOB")
+    @Column(name = "DESCRIPTION", jdbcType = "VARCHAR", length = 1024)
+    @Size(max = 1024)
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The description may only contain printable characters")
     private String description;
 
     @Persistent
-    @Column(name = "COPYRIGHT", jdbcType = "CLOB")
+    @Column(name = "COPYRIGHT", jdbcType = "VARCHAR", length = 1024)
+    @Size(max = 1024)
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The copyright may only contain printable characters")
     private String copyright;
 
     @Persistent
-    @Column(name = "LICENSE", jdbcType = "CLOB")
+    @Column(name = "LICENSE", jdbcType = "VARCHAR")
+    @Size(max = 255)
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The license may only contain printable characters")
     private String license;
@@ -291,7 +305,8 @@ public enum FetchGroup {
     private String licenseExpression;
 
     @Persistent
-    @Column(name = "LICENSE_URL", jdbcType = "CLOB")
+    @Column(name = "LICENSE_URL", jdbcType = "VARCHAR")
+    @Size(max = 255)
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.URL, message = "The license URL must be a valid URL")
     private String licenseUrl;
@@ -400,23 +415,23 @@ public String getGroup() {
     }
 
     public void setGroup(String group) {
-        this.group = group;
+        this.group = StringUtils.abbreviate(group, 255);
     }
 
     public String getName() {
         return name;
     }
 
     public void setName(String name) {
-        this.name = name;
+        this.name = StringUtils.abbreviate(name, 255);
     }
 
     public String getVersion() {
         return version;
     }
 
     public void setVersion(String version) {
-        this.version = version;
+        this.version = StringUtils.abbreviate(version, 255);
     }
 
     public Classifier getClassifier() {
@@ -432,15 +447,15 @@ public String getFilename() {
     }
 
     public void setFilename(String filename) {
-        this.filename = filename;
+        this.filename = StringUtils.abbreviate(filename, 255);
     }
 
     public String getExtension() {
         return extension;
     }
 
     public void setExtension(String extension) {
-        this.extension = extension;
+        this.extension = StringUtils.abbreviate(extension, 255);
     }
 
     public String getMd5() {
@@ -544,7 +559,7 @@ public String getCpe() {
     }
 
     public void setCpe(String cpe) {
-        this.cpe = cpe;
+        this.cpe = StringUtils.abbreviate(cpe, 255);
     }
 
     @JsonSerialize(using = CustomPackageURLSerializer.class)
@@ -619,23 +634,23 @@ public String getDescription() {
     }
 
     public void setDescription(String description) {
-        this.description = description;
+        this.description = StringUtils.abbreviate(description, 1024);
     }
 
     public String getCopyright() {
         return copyright;
     }
 
     public void setCopyright(String copyright) {
-        this.copyright = copyright;
+        this.copyright = StringUtils.abbreviate(copyright, 1024);
     }
 
     public String getLicense() {
         return license;
     }
 
     public void setLicense(String license) {
-        this.license = license;
+        this.license = StringUtils.abbreviate(license, 255);
     }
 
     public String getLicenseExpression() {
@@ -651,7 +666,7 @@ public String getLicenseUrl() {
     }
 
     public void setLicenseUrl(String licenseUrl) {
-        this.licenseUrl = licenseUrl;
+        this.licenseUrl = StringUtils.abbreviate(licenseUrl, 255);
     }
 
     public License getResolvedLicense() {

diff --git a/src/main/java/org/dependencytrack/model/Cwe.java b/src/main/java/org/dependencytrack/model/Cwe.java
@@ -32,6 +32,7 @@
 import javax.jdo.annotations.Unique;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Pattern;
+import javax.validation.constraints.Size;
 import java.io.Serializable;
 
 /**
@@ -57,7 +58,8 @@ public class Cwe implements Serializable {
     private int cweId;
 
     @Persistent
-    @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB")
+    @Column(name = "NAME", jdbcType = "VARCHAR", allowsNull = "false")
+    @Size(max = 255)
     @NotNull
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The name may only contain printable characters")

diff --git a/src/main/java/org/dependencytrack/model/FindingAttribution.java b/src/main/java/org/dependencytrack/model/FindingAttribution.java
@@ -76,11 +76,11 @@ public class FindingAttribution implements Serializable {
     private Vulnerability vulnerability;
 
     @Persistent
-    @Column(name = "ALT_ID", allowsNull = "true", jdbcType = "CLOB")
+    @Column(name = "ALT_ID", allowsNull = "true")
     private String alternateIdentifier;
 
     @Persistent
-    @Column(name = "REFERENCE_URL", allowsNull = "true", jdbcType = "CLOB")
+    @Column(name = "REFERENCE_URL", allowsNull = "true")
     private String referenceUrl;
 
     @Persistent(customValueStrategy = "uuid")

diff --git a/src/main/java/org/dependencytrack/model/IntegrityMetaComponent.java b/src/main/java/org/dependencytrack/model/IntegrityMetaComponent.java
@@ -33,6 +33,7 @@
 import javax.jdo.annotations.Unique;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Pattern;
+import javax.validation.constraints.Size;
 import java.io.Serializable;
 import java.util.Date;
 
@@ -74,8 +75,9 @@ public void setSha512(String sha512) {
     private String sha512;
 
     @Persistent
-    @Column(name = "PURL", allowsNull = "false", jdbcType = "CLOB")
+    @Column(name = "PURL", allowsNull = "false", jdbcType = "VARCHAR", length = 1024)
     @Index(name = "PURL_IDX")
+    @Size(max = 1024)
     @com.github.packageurl.validator.PackageURL
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Unique
@@ -95,12 +97,12 @@ public void setSha512(String sha512) {
     private Date lastFetch;
 
     @Persistent
-    @Column(name = "STATUS", jdbcType = "CLOB")
+    @Column(name = "STATUS", jdbcType = "VARCHAR", length = 64)
     @Extension(vendorName = "datanucleus", key = "enum-check-constraint", value = "true")
     private FetchStatus status;
 
     @Persistent
-    @Column(name = "REPOSITORY_URL", jdbcType = "CLOB")
+    @Column(name = "REPOSITORY_URL", jdbcType = "VARCHAR", length = 1024)
     private String repositoryUrl;