From d1eda3dfa1fe38ce3ec7dbe01cf2664c32bbcd00 Mon Sep 17 00:00:00 2001 From: Niklas Date: Wed, 28 Feb 2024 11:11:44 +0100 Subject: [PATCH] Revert "Remove unnecessary length constraints from VARCHAR(N) columns" Signed-off-by: nscuro --- .../org/dependencytrack/model/Analysis.java | 14 +- .../model/AnalysisComment.java | 2 +- .../java/org/dependencytrack/model/Bom.java | 6 +- .../org/dependencytrack/model/Component.java | 65 ++-- .../java/org/dependencytrack/model/Cwe.java | 4 +- .../model/FindingAttribution.java | 4 +- .../model/IntegrityMetaComponent.java | 8 +- .../org/dependencytrack/model/License.java | 7 +- .../dependencytrack/model/LicenseGroup.java | 4 +- .../model/NotificationPublisher.java | 13 +- .../model/NotificationRule.java | 13 +- .../org/dependencytrack/model/Policy.java | 10 +- .../model/PolicyCondition.java | 11 +- .../model/PolicyViolation.java | 4 +- .../org/dependencytrack/model/Project.java | 30 +- .../model/ProjectProperty.java | 15 +- .../org/dependencytrack/model/Repository.java | 10 +- .../model/RepositoryMetaComponent.java | 8 +- .../model/ServiceComponent.java | 13 +- .../java/org/dependencytrack/model/Tag.java | 4 +- .../java/org/dependencytrack/model/Vex.java | 6 +- .../model/ViolationAnalysis.java | 2 +- .../model/ViolationAnalysisComment.java | 2 +- .../dependencytrack/model/Vulnerability.java | 26 +- .../model/VulnerabilityAlias.java | 16 +- .../model/VulnerabilityPolicy.java | 9 +- .../model/VulnerabilityPolicyBundle.java | 3 +- .../model/VulnerabilityScan.java | 6 +- .../model/VulnerableSoftware.java | 47 ++- .../dependencytrack/model/WorkflowState.java | 4 +- .../ModelConverterCdxToVuln.java | 3 +- .../resources/migration/changelog-main.xml | 1 - .../resources/migration/changelog-v5.4.0.xml | 297 ------------------ .../tasks/BomUploadProcessingTaskTest.java | 2 + 34 files changed, 222 insertions(+), 447 deletions(-) delete mode 100644 src/main/resources/migration/changelog-v5.4.0.xml diff --git a/src/main/java/org/dependencytrack/model/Analysis.java b/src/main/java/org/dependencytrack/model/Analysis.java index fc1256165..df5b0d773 100644 --- a/src/main/java/org/dependencytrack/model/Analysis.java +++ b/src/main/java/org/dependencytrack/model/Analysis.java @@ -69,17 +69,17 @@ public class Analysis implements Serializable { private Vulnerability vulnerability; @Persistent(defaultFetchGroup = "true") - @Column(name = "STATE", jdbcType = "CLOB", allowsNull = "false") + @Column(name = "STATE", jdbcType = "VARCHAR", allowsNull = "false") @NotNull private AnalysisState analysisState; @Persistent(defaultFetchGroup = "true") - @Column(name = "JUSTIFICATION", jdbcType = "CLOB", allowsNull = "true") + @Column(name = "JUSTIFICATION", jdbcType = "VARCHAR", allowsNull = "true") @NotNull private AnalysisJustification analysisJustification; @Persistent(defaultFetchGroup = "true") - @Column(name = "RESPONSE", jdbcType = "CLOB", allowsNull = "true") + @Column(name = "RESPONSE", jdbcType = "VARCHAR", allowsNull = "true") @NotNull private AnalysisResponse analysisResponse; @@ -98,12 +98,12 @@ public class Analysis implements Serializable { private boolean suppressed; @Persistent(defaultFetchGroup = "true") - @Column(name = "SEVERITY", jdbcType = "CLOB") + @Column(name = "SEVERITY") @JsonProperty(value = "severity") private Severity severity; @Persistent - @Column(name = "CVSSV2VECTOR", jdbcType = "CLOB") + @Column(name = "CVSSV2VECTOR") @JsonProperty(value = "cvssV2Vector") private String cvssV2Vector; @@ -113,7 +113,7 @@ public class Analysis implements Serializable { private BigDecimal cvssV2Score; @Persistent - @Column(name = "CVSSV3VECTOR", jdbcType = "CLOB") + @Column(name = "CVSSV3VECTOR") @JsonProperty(value = "cvssV3Vector") private String cvssV3Vector; @@ -123,7 +123,7 @@ public class Analysis implements Serializable { private BigDecimal cvssV3Score; @Persistent - @Column(name = "OWASPVECTOR", jdbcType = "CLOB") + @Column(name = "OWASPVECTOR") @JsonProperty(value = "owaspVector") private String owaspVector; diff --git a/src/main/java/org/dependencytrack/model/AnalysisComment.java b/src/main/java/org/dependencytrack/model/AnalysisComment.java index b66926d9c..3aa3232aa 100644 --- a/src/main/java/org/dependencytrack/model/AnalysisComment.java +++ b/src/main/java/org/dependencytrack/model/AnalysisComment.java @@ -66,7 +66,7 @@ public class AnalysisComment implements Serializable { private String comment; @Persistent(defaultFetchGroup = "true") - @Column(name = "COMMENTER", jdbcType = "CLOB") + @Column(name = "COMMENTER") @JsonDeserialize(using = TrimmedStringDeserializer.class) private String commenter; diff --git a/src/main/java/org/dependencytrack/model/Bom.java b/src/main/java/org/dependencytrack/model/Bom.java index cf2568a53..5dba40876 100644 --- a/src/main/java/org/dependencytrack/model/Bom.java +++ b/src/main/java/org/dependencytrack/model/Bom.java @@ -76,11 +76,11 @@ public String getFormatLongName() { private Date imported; @Persistent - @Column(name = "BOM_FORMAT", jdbcType = "CLOB") + @Column(name = "BOM_FORMAT") private String bomFormat; @Persistent - @Column(name = "SPEC_VERSION", jdbcType = "CLOB") + @Column(name = "SPEC_VERSION") private String specVersion; @Persistent @@ -88,7 +88,7 @@ public String getFormatLongName() { private Integer bomVersion; @Persistent - @Column(name = "SERIAL_NUMBER", jdbcType = "CLOB") + @Column(name = "SERIAL_NUMBER") private String serialNumber; @Persistent(defaultFetchGroup = "true") diff --git a/src/main/java/org/dependencytrack/model/Component.java b/src/main/java/org/dependencytrack/model/Component.java index ec85dbb75..f0e0b65dc 100644 --- a/src/main/java/org/dependencytrack/model/Component.java +++ b/src/main/java/org/dependencytrack/model/Component.java @@ -27,6 +27,7 @@ import com.fasterxml.jackson.databind.annotation.JsonSerialize; import com.github.packageurl.MalformedPackageURLException; import com.github.packageurl.PackageURL; +import org.apache.commons.lang3.StringUtils; import org.dependencytrack.model.validation.ValidSpdxExpression; import org.dependencytrack.persistence.converter.OrganizationalEntityJsonConverter; import org.dependencytrack.resources.v1.serializers.CustomPackageURLSerializer; @@ -49,6 +50,7 @@ import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; import javax.validation.constraints.Pattern; +import javax.validation.constraints.Size; import java.io.Serializable; import java.util.ArrayList; import java.util.Collection; @@ -115,7 +117,8 @@ public enum FetchGroup { private String author; @Persistent - @Column(name = "PUBLISHER", jdbcType = "CLOB") + @Column(name = "PUBLISHER", jdbcType = "VARCHAR") + @Size(max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The publisher may only contain printable characters") private String publisher; @@ -125,39 +128,44 @@ public enum FetchGroup { private OrganizationalEntity supplier; @Persistent - @Column(name = "GROUP", jdbcType = "CLOB") + @Column(name = "GROUP", jdbcType = "VARCHAR") @Index(name = "COMPONENT_GROUP_IDX") + @Size(max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The group may only contain printable characters") private String group; @Persistent - @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "NAME", jdbcType = "VARCHAR", allowsNull = "false") @Index(name = "COMPONENT_NAME_IDX") @NotBlank + @Size(min = 1, max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The name may only contain printable characters") private String name; @Persistent - @Column(name = "VERSION", jdbcType = "CLOB") + @Column(name = "VERSION", jdbcType = "VARCHAR") + @Size(max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The version may only contain printable characters") private String version; @Persistent - @Column(name = "CLASSIFIER", jdbcType = "CLOB") + @Column(name = "CLASSIFIER", jdbcType = "VARCHAR") @Index(name = "COMPONENT_CLASSIFIER_IDX") @Extension(vendorName = "datanucleus", key = "enum-check-constraint", value = "true") private Classifier classifier; @Persistent - @Column(name = "FILENAME", jdbcType = "CLOB") + @Column(name = "FILENAME", jdbcType = "VARCHAR") + @Size(max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.FS_DIRECTORY_NAME, message = "The specified filename is not valid and cannot be used as a filename") private String filename; @Persistent - @Column(name = "EXTENSION", jdbcType = "CLOB") + @Column(name = "EXTENSION", jdbcType = "VARCHAR") + @Size(max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.FS_FILE_NAME, message = "The specified filename extension is not valid and cannot be used as a extension") private String extension; @@ -236,28 +244,31 @@ public enum FetchGroup { @Persistent @Index(name = "COMPONENT_CPE_IDX") - @Column(name = "CPE", jdbcType = "CLOB") + @Column(name = "CPE") + @Size(max = 255) //Patterns obtained from https://csrc.nist.gov/schema/cpe/2.3/cpe-naming_2.3.xsd @Pattern(regexp = "(cpe:2\\.3:[aho\\*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!\"#$$%&'\\(\\)\\+,/:;<=>@\\[\\]\\^`\\{\\|}~]))+(\\?*|\\*?))|[\\*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\\*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!\"#$$%&'\\(\\)\\+,/:;<=>@\\[\\]\\^`\\{\\|}~]))+(\\?*|\\*?))|[\\*\\-])){4})|([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9\\._\\-~%]*){0,6})", message = "The CPE must conform to the CPE v2.2 or v2.3 specification defined by NIST") private String cpe; @Persistent(defaultFetchGroup = "true") @Index(name = "COMPONENT_PURL_IDX") - @Column(name = "PURL", jdbcType = "CLOB") + @Column(name = "PURL", jdbcType = "VARCHAR", length = 1024) + @Size(max = 1024) @com.github.packageurl.validator.PackageURL @JsonDeserialize(using = TrimmedStringDeserializer.class) private String purl; @Persistent(defaultFetchGroup = "true") @Index(name = "COMPONENT_PURL_COORDINATES_IDX") - @Column(name = "PURLCOORDINATES", jdbcType = "CLOB") + @Size(max = 255) @com.github.packageurl.validator.PackageURL @JsonDeserialize(using = TrimmedStringDeserializer.class) private String purlCoordinates; // Field should contain only type, namespace, name, and version. Everything up to the qualifiers @Persistent - @Column(name = "SWIDTAGID", jdbcType = "CLOB") + @Column(name = "SWIDTAGID") @Index(name = "COMPONENT_SWID_TAGID_IDX") + @Size(max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The SWID tagId may only contain printable characters") private String swidTagId; @@ -267,19 +278,22 @@ public enum FetchGroup { private Boolean internal; @Persistent - @Column(name = "DESCRIPTION", jdbcType = "CLOB") + @Column(name = "DESCRIPTION", jdbcType = "VARCHAR", length = 1024) + @Size(max = 1024) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The description may only contain printable characters") private String description; @Persistent - @Column(name = "COPYRIGHT", jdbcType = "CLOB") + @Column(name = "COPYRIGHT", jdbcType = "VARCHAR", length = 1024) + @Size(max = 1024) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The copyright may only contain printable characters") private String copyright; @Persistent - @Column(name = "LICENSE", jdbcType = "CLOB") + @Column(name = "LICENSE", jdbcType = "VARCHAR") + @Size(max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The license may only contain printable characters") private String license; @@ -291,7 +305,8 @@ public enum FetchGroup { private String licenseExpression; @Persistent - @Column(name = "LICENSE_URL", jdbcType = "CLOB") + @Column(name = "LICENSE_URL", jdbcType = "VARCHAR") + @Size(max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.URL, message = "The license URL must be a valid URL") private String licenseUrl; @@ -400,7 +415,7 @@ public String getGroup() { } public void setGroup(String group) { - this.group = group; + this.group = StringUtils.abbreviate(group, 255); } public String getName() { @@ -408,7 +423,7 @@ public String getName() { } public void setName(String name) { - this.name = name; + this.name = StringUtils.abbreviate(name, 255); } public String getVersion() { @@ -416,7 +431,7 @@ public String getVersion() { } public void setVersion(String version) { - this.version = version; + this.version = StringUtils.abbreviate(version, 255); } public Classifier getClassifier() { @@ -432,7 +447,7 @@ public String getFilename() { } public void setFilename(String filename) { - this.filename = filename; + this.filename = StringUtils.abbreviate(filename, 255); } public String getExtension() { @@ -440,7 +455,7 @@ public String getExtension() { } public void setExtension(String extension) { - this.extension = extension; + this.extension = StringUtils.abbreviate(extension, 255); } public String getMd5() { @@ -544,7 +559,7 @@ public String getCpe() { } public void setCpe(String cpe) { - this.cpe = cpe; + this.cpe = StringUtils.abbreviate(cpe, 255); } @JsonSerialize(using = CustomPackageURLSerializer.class) @@ -619,7 +634,7 @@ public String getDescription() { } public void setDescription(String description) { - this.description = description; + this.description = StringUtils.abbreviate(description, 1024); } public String getCopyright() { @@ -627,7 +642,7 @@ public String getCopyright() { } public void setCopyright(String copyright) { - this.copyright = copyright; + this.copyright = StringUtils.abbreviate(copyright, 1024); } public String getLicense() { @@ -635,7 +650,7 @@ public String getLicense() { } public void setLicense(String license) { - this.license = license; + this.license = StringUtils.abbreviate(license, 255); } public String getLicenseExpression() { @@ -651,7 +666,7 @@ public String getLicenseUrl() { } public void setLicenseUrl(String licenseUrl) { - this.licenseUrl = licenseUrl; + this.licenseUrl = StringUtils.abbreviate(licenseUrl, 255); } public License getResolvedLicense() { diff --git a/src/main/java/org/dependencytrack/model/Cwe.java b/src/main/java/org/dependencytrack/model/Cwe.java index e2e8c6b3d..9c40774f4 100644 --- a/src/main/java/org/dependencytrack/model/Cwe.java +++ b/src/main/java/org/dependencytrack/model/Cwe.java @@ -32,6 +32,7 @@ import javax.jdo.annotations.Unique; import javax.validation.constraints.NotNull; import javax.validation.constraints.Pattern; +import javax.validation.constraints.Size; import java.io.Serializable; /** @@ -57,7 +58,8 @@ public class Cwe implements Serializable { private int cweId; @Persistent - @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "NAME", jdbcType = "VARCHAR", allowsNull = "false") + @Size(max = 255) @NotNull @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The name may only contain printable characters") diff --git a/src/main/java/org/dependencytrack/model/FindingAttribution.java b/src/main/java/org/dependencytrack/model/FindingAttribution.java index de072dd3b..35aebe70d 100644 --- a/src/main/java/org/dependencytrack/model/FindingAttribution.java +++ b/src/main/java/org/dependencytrack/model/FindingAttribution.java @@ -76,11 +76,11 @@ public class FindingAttribution implements Serializable { private Vulnerability vulnerability; @Persistent - @Column(name = "ALT_ID", allowsNull = "true", jdbcType = "CLOB") + @Column(name = "ALT_ID", allowsNull = "true") private String alternateIdentifier; @Persistent - @Column(name = "REFERENCE_URL", allowsNull = "true", jdbcType = "CLOB") + @Column(name = "REFERENCE_URL", allowsNull = "true") private String referenceUrl; @Persistent(customValueStrategy = "uuid") diff --git a/src/main/java/org/dependencytrack/model/IntegrityMetaComponent.java b/src/main/java/org/dependencytrack/model/IntegrityMetaComponent.java index a3ed6ce93..d46f74a01 100644 --- a/src/main/java/org/dependencytrack/model/IntegrityMetaComponent.java +++ b/src/main/java/org/dependencytrack/model/IntegrityMetaComponent.java @@ -33,6 +33,7 @@ import javax.jdo.annotations.Unique; import javax.validation.constraints.NotNull; import javax.validation.constraints.Pattern; +import javax.validation.constraints.Size; import java.io.Serializable; import java.util.Date; @@ -74,8 +75,9 @@ public void setSha512(String sha512) { private String sha512; @Persistent - @Column(name = "PURL", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "PURL", allowsNull = "false", jdbcType = "VARCHAR", length = 1024) @Index(name = "PURL_IDX") + @Size(max = 1024) @com.github.packageurl.validator.PackageURL @JsonDeserialize(using = TrimmedStringDeserializer.class) @Unique @@ -95,12 +97,12 @@ public void setSha512(String sha512) { private Date lastFetch; @Persistent - @Column(name = "STATUS", jdbcType = "CLOB") + @Column(name = "STATUS", jdbcType = "VARCHAR", length = 64) @Extension(vendorName = "datanucleus", key = "enum-check-constraint", value = "true") private FetchStatus status; @Persistent - @Column(name = "REPOSITORY_URL", jdbcType = "CLOB") + @Column(name = "REPOSITORY_URL", jdbcType = "VARCHAR", length = 1024) private String repositoryUrl; diff --git a/src/main/java/org/dependencytrack/model/License.java b/src/main/java/org/dependencytrack/model/License.java index 3e2866f3e..3920f088a 100644 --- a/src/main/java/org/dependencytrack/model/License.java +++ b/src/main/java/org/dependencytrack/model/License.java @@ -43,6 +43,7 @@ import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; import javax.validation.constraints.Pattern; +import javax.validation.constraints.Size; import java.io.Serializable; import java.util.List; import java.util.UUID; @@ -101,10 +102,11 @@ public enum FetchGroup { * The String representation of the license name (i.e. Apache License 2.0). */ @Persistent(defaultFetchGroup = "true") - @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "NAME", allowsNull = "false") @Index(name = "LICENSE_NAME_IDX") @JsonProperty(value = "name") @NotBlank + @Size(min = 1, max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The name may only contain printable characters") private String name; @@ -149,11 +151,12 @@ public enum FetchGroup { * The SPDX defined licenseId (i.e. Apache-2.0). */ @Persistent(defaultFetchGroup = "true") - @Column(name = "LICENSEID", jdbcType = "CLOB") + @Column(name = "LICENSEID") @Index(name = "LICENSE_LICENSEID_IDX", unique = "true") @JsonProperty(value = "licenseId") @JsonAlias(value = "licenseExceptionId") @JsonDeserialize(using = TrimmedStringDeserializer.class) + @Size(min = 1, max = 255) @NotBlank @Pattern(regexp = RegexSequence.Definition.STRING_IDENTIFIER, message = "The licenseId may only contain alpha, numeric, and specific symbols _-.+") private String licenseId; diff --git a/src/main/java/org/dependencytrack/model/LicenseGroup.java b/src/main/java/org/dependencytrack/model/LicenseGroup.java index f0ea824be..f930434dd 100644 --- a/src/main/java/org/dependencytrack/model/LicenseGroup.java +++ b/src/main/java/org/dependencytrack/model/LicenseGroup.java @@ -37,6 +37,7 @@ import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; import javax.validation.constraints.Pattern; +import javax.validation.constraints.Size; import java.io.Serializable; import java.util.List; import java.util.UUID; @@ -61,9 +62,10 @@ public class LicenseGroup implements Serializable { * The String representation of the license group name (i.e. Copyleft). */ @Persistent - @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "NAME", allowsNull = "false") @Index(name = "LICENSEGROUP_NAME_IDX") @NotBlank + @Size(min = 1, max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The name may only contain printable characters") private String name; diff --git a/src/main/java/org/dependencytrack/model/NotificationPublisher.java b/src/main/java/org/dependencytrack/model/NotificationPublisher.java index 6abf51ccd..f82967a9c 100644 --- a/src/main/java/org/dependencytrack/model/NotificationPublisher.java +++ b/src/main/java/org/dependencytrack/model/NotificationPublisher.java @@ -33,6 +33,7 @@ import javax.jdo.annotations.Unique; import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; +import javax.validation.constraints.Size; import java.io.Serializable; import java.util.UUID; @@ -72,19 +73,22 @@ public enum FetchGroup { private long id; @Persistent(defaultFetchGroup = "true") - @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "NAME", allowsNull = "false") @NotBlank + @Size(min = 1, max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) private String name; @Persistent(defaultFetchGroup = "true") - @Column(name = "DESCRIPTION", jdbcType = "CLOB") + @Column(name = "DESCRIPTION") + @Size(min = 0, max = 1024) @JsonDeserialize(using = TrimmedStringDeserializer.class) private String description; @Persistent(defaultFetchGroup = "true") - @Column(name = "PUBLISHER_CLASS", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "PUBLISHER_CLASS", length = 1024, allowsNull = "false") @NotBlank + @Size(min = 1, max = 1024) @JsonDeserialize(using = TrimmedStringDeserializer.class) private String publisherClass; @@ -94,8 +98,9 @@ public enum FetchGroup { private String template; @Persistent(defaultFetchGroup = "true") - @Column(name = "TEMPLATE_MIME_TYPE", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "TEMPLATE_MIME_TYPE", allowsNull = "false") @NotBlank + @Size(min = 1, max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) private String templateMimeType; diff --git a/src/main/java/org/dependencytrack/model/NotificationRule.java b/src/main/java/org/dependencytrack/model/NotificationRule.java index bdceb9eba..d0fc9d53c 100644 --- a/src/main/java/org/dependencytrack/model/NotificationRule.java +++ b/src/main/java/org/dependencytrack/model/NotificationRule.java @@ -43,6 +43,7 @@ import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; import javax.validation.constraints.Pattern; +import javax.validation.constraints.Size; import java.io.Serializable; import java.util.ArrayList; import java.util.Collections; @@ -73,8 +74,9 @@ public class NotificationRule implements Serializable { * The String representation of the name of the notification. */ @Persistent - @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "NAME", allowsNull = "false") @NotBlank + @Size(min = 1, max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The name may only contain printable characters") private String name; @@ -100,12 +102,12 @@ public class NotificationRule implements Serializable { private boolean logSuccessfulPublish; @Persistent(defaultFetchGroup = "true") - @Column(name = "SCOPE", jdbcType = "CLOB", allowsNull = "false") + @Column(name = "SCOPE", jdbcType = "VARCHAR", allowsNull = "false") @NotNull private NotificationScope scope; @Persistent(defaultFetchGroup = "true") - @Column(name = "NOTIFICATION_LEVEL", jdbcType = "CLOB") + @Column(name = "NOTIFICATION_LEVEL", jdbcType = "VARCHAR") private NotificationLevel notificationLevel; @Persistent(table = "NOTIFICATIONRULE_PROJECTS", defaultFetchGroup = "true") @@ -121,11 +123,12 @@ public class NotificationRule implements Serializable { private List teams; @Persistent - @Column(name = "NOTIFY_ON", jdbcType = "CLOB") + @Column(name = "NOTIFY_ON", length = 1024) private String notifyOn; @Persistent - @Column(name = "MESSAGE", jdbcType = "CLOB") + @Column(name = "MESSAGE", length = 1024) + @Size(max = 1024) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The message may only contain printable characters") private String message; diff --git a/src/main/java/org/dependencytrack/model/Policy.java b/src/main/java/org/dependencytrack/model/Policy.java index 1cca49c7b..9d3dad806 100644 --- a/src/main/java/org/dependencytrack/model/Policy.java +++ b/src/main/java/org/dependencytrack/model/Policy.java @@ -37,6 +37,7 @@ import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; import javax.validation.constraints.Pattern; +import javax.validation.constraints.Size; import java.io.Serializable; import java.util.ArrayList; import java.util.List; @@ -73,9 +74,10 @@ public enum ViolationState { * The String representation of the policy name. */ @Persistent - @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "NAME", allowsNull = "false") @Index(name = "POLICY_NAME_IDX") @NotBlank + @Size(min = 1, max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The name may only contain printable characters") private String name; @@ -83,8 +85,9 @@ public enum ViolationState { * The operator to use when evaluating conditions. */ @Persistent - @Column(name = "OPERATOR", jdbcType = "CLOB", allowsNull = "false") + @Column(name = "OPERATOR", allowsNull = "false") @NotBlank + @Size(min = 1, max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The operator may only contain printable characters") private Operator operator; @@ -92,8 +95,9 @@ public enum ViolationState { * The state the policy should trigger upon violation. */ @Persistent - @Column(name = "VIOLATIONSTATE", jdbcType = "CLOB", allowsNull = "false") + @Column(name = "VIOLATIONSTATE", allowsNull = "false") @NotBlank + @Size(min = 1, max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The violation state may only contain printable characters") private ViolationState violationState; diff --git a/src/main/java/org/dependencytrack/model/PolicyCondition.java b/src/main/java/org/dependencytrack/model/PolicyCondition.java index 131b50df1..c2dfcb3b3 100644 --- a/src/main/java/org/dependencytrack/model/PolicyCondition.java +++ b/src/main/java/org/dependencytrack/model/PolicyCondition.java @@ -32,6 +32,7 @@ import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; import javax.validation.constraints.Pattern; +import javax.validation.constraints.Size; import java.io.Serializable; import java.util.UUID; @@ -97,25 +98,29 @@ public enum Subject { private Policy policy; @Persistent - @Column(name = "OPERATOR", jdbcType = "CLOB", allowsNull = "false") + @Column(name = "OPERATOR", allowsNull = "false") @NotBlank + @Size(min = 1, max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The operator may only contain printable characters") private Operator operator; @Persistent - @Column(name = "SUBJECT", jdbcType = "CLOB", allowsNull = "false") + @Column(name = "SUBJECT", allowsNull = "false") @NotBlank + @Size(min = 1, max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The subject may only contain printable characters") private Subject subject; @Persistent @Column(name = "VALUE", allowsNull = "false", jdbcType = "CLOB") @NotBlank + @Size(min = 1) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The value may only contain printable characters") private String value; @Persistent - @Column(name = "VIOLATIONTYPE", jdbcType = "CLOB", allowsNull = "true") + @Column(name = "VIOLATIONTYPE", allowsNull = "true") + @Size(min = 1, max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The violation type may only contain printable characters") private PolicyViolation.Type violationType; diff --git a/src/main/java/org/dependencytrack/model/PolicyViolation.java b/src/main/java/org/dependencytrack/model/PolicyViolation.java index 3ae3a65da..2820da971 100644 --- a/src/main/java/org/dependencytrack/model/PolicyViolation.java +++ b/src/main/java/org/dependencytrack/model/PolicyViolation.java @@ -32,6 +32,7 @@ import javax.jdo.annotations.Unique; import javax.validation.constraints.NotNull; import javax.validation.constraints.Pattern; +import javax.validation.constraints.Size; import java.io.Serializable; import java.util.Date; import java.util.UUID; @@ -84,7 +85,8 @@ public enum Type { private Date timestamp; @Persistent - @Column(name = "TEXT", jdbcType = "CLOB") + @Column(name = "TEXT") + @Size(min = 1, max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The text may only contain printable characters") private String text; diff --git a/src/main/java/org/dependencytrack/model/Project.java b/src/main/java/org/dependencytrack/model/Project.java index 540b3092c..bafdd4de5 100644 --- a/src/main/java/org/dependencytrack/model/Project.java +++ b/src/main/java/org/dependencytrack/model/Project.java @@ -53,6 +53,7 @@ import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; import javax.validation.constraints.Pattern; +import javax.validation.constraints.Size; import java.io.IOException; import java.io.Serializable; import java.util.ArrayList; @@ -141,13 +142,15 @@ public enum FetchGroup { private long id; @Persistent - @Column(name = "AUTHOR", jdbcType = "CLOB") + @Column(name = "AUTHOR", jdbcType = "VARCHAR") + @Size(max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The author may only contain printable characters") private String author; @Persistent - @Column(name = "PUBLISHER", jdbcType = "CLOB") + @Column(name = "PUBLISHER", jdbcType = "VARCHAR") + @Size(max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The publisher may only contain printable characters") private String publisher; @@ -163,42 +166,45 @@ public enum FetchGroup { private OrganizationalEntity supplier; @Persistent - @Column(name = "GROUP", jdbcType = "CLOB") + @Column(name = "GROUP", jdbcType = "VARCHAR") @Index(name = "PROJECT_GROUP_IDX") + @Size(max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The group may only contain printable characters") private String group; @Persistent @Index(name = "PROJECT_NAME_IDX") - @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "NAME", jdbcType = "VARCHAR", allowsNull = "false") @NotBlank + @Size(min = 1, max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The name may only contain printable characters") private String name; @Persistent - @Column(name = "DESCRIPTION", jdbcType = "CLOB") + @Column(name = "DESCRIPTION", jdbcType = "VARCHAR") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The description may only contain printable characters") private String description; @Persistent @Index(name = "PROJECT_VERSION_IDX") - @Column(name = "VERSION", jdbcType = "CLOB") + @Column(name = "VERSION", jdbcType = "VARCHAR") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The version may only contain printable characters") private String version; @Persistent - @Column(name = "CLASSIFIER", jdbcType = "CLOB") + @Column(name = "CLASSIFIER", jdbcType = "VARCHAR") @Index(name = "PROJECT_CLASSIFIER_IDX") @Extension(vendorName = "datanucleus", key = "enum-check-constraint", value = "true") private Classifier classifier; @Persistent @Index(name = "PROJECT_CPE_IDX") - @Column(name = "CPE", jdbcType = "CLOB") + @Column(name = "CPE") + @Size(max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) //Patterns obtained from https://csrc.nist.gov/schema/cpe/2.3/cpe-naming_2.3.xsd @Pattern(regexp = "(cpe:2\\.3:[aho\\*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!\"#$$%&'\\(\\)\\+,/:;<=>@\\[\\]\\^`\\{\\|}~]))+(\\?*|\\*?))|[\\*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\\*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!\"#$$%&'\\(\\)\\+,/:;<=>@\\[\\]\\^`\\{\\|}~]))+(\\?*|\\*?))|[\\*\\-])){4})|([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9\\._\\-~%]*){0,6})", message = "The CPE must conform to the CPE v2.2 or v2.3 specification defined by NIST") @@ -206,14 +212,16 @@ public enum FetchGroup { @Persistent @Index(name = "PROJECT_PURL_IDX") - @Column(name = "PURL", jdbcType = "CLOB") + @Column(name = "PURL") + @Size(max = 255) @com.github.packageurl.validator.PackageURL @JsonDeserialize(using = TrimmedStringDeserializer.class) private String purl; @Persistent @Index(name = "PROJECT_SWID_TAGID_IDX") - @Column(name = "SWIDTAGID", jdbcType = "CLOB") + @Column(name = "SWIDTAGID") + @Size(max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The SWID tagId may only contain printable characters") private String swidTagId; @@ -260,7 +268,7 @@ public enum FetchGroup { */ @Persistent @Index(name = "PROJECT_LASTBOMIMPORT_FORMAT_IDX") - @Column(name = "LAST_BOM_IMPORTED_FORMAT", jdbcType = "CLOB") + @Column(name = "LAST_BOM_IMPORTED_FORMAT") private String lastBomImportFormat; /** diff --git a/src/main/java/org/dependencytrack/model/ProjectProperty.java b/src/main/java/org/dependencytrack/model/ProjectProperty.java index 03ad4fb49..3bf3842da 100644 --- a/src/main/java/org/dependencytrack/model/ProjectProperty.java +++ b/src/main/java/org/dependencytrack/model/ProjectProperty.java @@ -33,6 +33,7 @@ import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; import javax.validation.constraints.Pattern; +import javax.validation.constraints.Size; import java.io.Serializable; /** @@ -58,32 +59,36 @@ public class ProjectProperty implements IConfigProperty, Serializable { private Project project; @Persistent - @Column(name = "GROUPNAME", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "GROUPNAME", allowsNull = "false") @NotBlank + @Size(min = 1, max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = "[\\P{Cc}]+", message = "The groupName must not contain control characters") private String groupName; @Persistent - @Column(name = "PROPERTYNAME", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "PROPERTYNAME", allowsNull = "false") @NotBlank + @Size(min = 1, max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = "[\\P{Cc}]+", message = "The propertyName must not contain control characters") private String propertyName; @Persistent - @Column(name = "PROPERTYVALUE", jdbcType = "CLOB") + @Column(name = "PROPERTYVALUE", length = 1024) + @Size(min = 0, max = 1024) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = "[\\P{Cc}]+", message = "The propertyValue must not contain control characters") private String propertyValue; @Persistent - @Column(name = "PROPERTYTYPE", jdbcType = "CLOB", allowsNull = "false") + @Column(name = "PROPERTYTYPE", jdbcType = "VARCHAR", allowsNull = "false") @NotNull private PropertyType propertyType; @Persistent - @Column(name = "DESCRIPTION", jdbcType = "CLOB") + @Column(name = "DESCRIPTION") + @Size(max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = "[\\P{Cc}]+", message = "The description must not contain control characters") private String description; diff --git a/src/main/java/org/dependencytrack/model/Repository.java b/src/main/java/org/dependencytrack/model/Repository.java index ed6575121..2d62f1b91 100644 --- a/src/main/java/org/dependencytrack/model/Repository.java +++ b/src/main/java/org/dependencytrack/model/Repository.java @@ -55,18 +55,18 @@ public class Repository implements Serializable { private long id; @Persistent(defaultFetchGroup = "true") - @Column(name = "TYPE", jdbcType = "CLOB", allowsNull = "false") + @Column(name = "TYPE", jdbcType = "VARCHAR", allowsNull = "false") @NotNull private RepositoryType type; @Persistent - @Column(name = "IDENTIFIER", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "IDENTIFIER", allowsNull = "false") @NotBlank @JsonDeserialize(using = TrimmedStringDeserializer.class) private String identifier; @Persistent - @Column(name = "URL", jdbcType = "CLOB") + @Column(name = "URL") @NotBlank @JsonDeserialize(using = TrimmedStringDeserializer.class) private String url; @@ -93,12 +93,12 @@ public class Repository implements Serializable { private Boolean authenticationRequired; @Persistent - @Column(name = "USERNAME", jdbcType = "CLOB") + @Column(name = "USERNAME") @JsonDeserialize(using = TrimmedStringDeserializer.class) private String username; @Persistent - @Column(name = "PASSWORD", jdbcType = "CLOB") + @Column(name = "PASSWORD") private String password; @Persistent(customValueStrategy = "uuid") diff --git a/src/main/java/org/dependencytrack/model/RepositoryMetaComponent.java b/src/main/java/org/dependencytrack/model/RepositoryMetaComponent.java index d7f098707..1fde0c3a1 100644 --- a/src/main/java/org/dependencytrack/model/RepositoryMetaComponent.java +++ b/src/main/java/org/dependencytrack/model/RepositoryMetaComponent.java @@ -53,7 +53,7 @@ public class RepositoryMetaComponent implements Serializable { * This is an indirect representation of a the Package URL "type" field. */ @Persistent(defaultFetchGroup = "true") - @Column(name = "REPOSITORY_TYPE", jdbcType = "CLOB", allowsNull = "false") + @Column(name = "REPOSITORY_TYPE", jdbcType = "VARCHAR", allowsNull = "false") @NotNull private RepositoryType repositoryType; @@ -61,14 +61,14 @@ public class RepositoryMetaComponent implements Serializable { * This is a representation of the Package URL "namespace" field. */ @Persistent - @Column(name = "NAMESPACE", jdbcType = "CLOB") + @Column(name = "NAMESPACE") private String namespace; /** * This is a representation of the Package URL "name" field. */ @Persistent - @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "NAME", allowsNull = "false") @NotNull private String name; @@ -76,7 +76,7 @@ public class RepositoryMetaComponent implements Serializable { * The latest version of the component. */ @Persistent - @Column(name = "LATEST_VERSION", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "LATEST_VERSION", allowsNull = "false") @NotNull private String latestVersion; diff --git a/src/main/java/org/dependencytrack/model/ServiceComponent.java b/src/main/java/org/dependencytrack/model/ServiceComponent.java index 69f0cc067..eeae2042b 100644 --- a/src/main/java/org/dependencytrack/model/ServiceComponent.java +++ b/src/main/java/org/dependencytrack/model/ServiceComponent.java @@ -42,6 +42,7 @@ import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; import javax.validation.constraints.Pattern; +import javax.validation.constraints.Size; import java.io.Serializable; import java.util.ArrayList; import java.util.Collection; @@ -88,25 +89,29 @@ public enum FetchGroup { private OrganizationalEntity provider; @Persistent - @Column(name = "GROUP", jdbcType = "CLOB") + @Column(name = "GROUP", jdbcType = "VARCHAR") + @Size(max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The group may only contain printable characters") private String group; @Persistent - @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "NAME", jdbcType = "VARCHAR", allowsNull = "false") @NotBlank + @Size(min = 1, max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The name may only contain printable characters") private String name; @Persistent - @Column(name = "VERSION", jdbcType = "CLOB") + @Column(name = "VERSION", jdbcType = "VARCHAR") + @Size(max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The version may only contain printable characters") private String version; @Persistent - @Column(name = "DESCRIPTION", jdbcType = "CLOB") + @Column(name = "DESCRIPTION", jdbcType = "VARCHAR", length = 1024) + @Size(max = 1024) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The description may only contain printable characters") private String description; diff --git a/src/main/java/org/dependencytrack/model/Tag.java b/src/main/java/org/dependencytrack/model/Tag.java index 0c4dad227..c35de98c1 100644 --- a/src/main/java/org/dependencytrack/model/Tag.java +++ b/src/main/java/org/dependencytrack/model/Tag.java @@ -33,6 +33,7 @@ import javax.jdo.annotations.PrimaryKey; import javax.validation.constraints.NotBlank; import javax.validation.constraints.Pattern; +import javax.validation.constraints.Size; import java.io.Serializable; import java.util.List; import java.util.Objects; @@ -55,8 +56,9 @@ public class Tag implements Serializable { private long id; @Persistent - @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "NAME", allowsNull = "false") @NotBlank + @Size(min = 1, max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The name may only contain printable characters") private String name; diff --git a/src/main/java/org/dependencytrack/model/Vex.java b/src/main/java/org/dependencytrack/model/Vex.java index 0b6b98bcc..490109a2b 100644 --- a/src/main/java/org/dependencytrack/model/Vex.java +++ b/src/main/java/org/dependencytrack/model/Vex.java @@ -74,11 +74,11 @@ public String getFormatLongName() { private Date imported; @Persistent - @Column(name = "VEX_FORMAT", jdbcType = "CLOB") + @Column(name = "VEX_FORMAT") private String vexFormat; @Persistent - @Column(name = "SPEC_VERSION", jdbcType = "CLOB") + @Column(name = "SPEC_VERSION") private String specVersion; @Persistent @@ -86,7 +86,7 @@ public String getFormatLongName() { private Integer vexVersion; @Persistent - @Column(name = "SERIAL_NUMBER", jdbcType = "CLOB") + @Column(name = "SERIAL_NUMBER") private String serialNumber; @Persistent(defaultFetchGroup = "true") diff --git a/src/main/java/org/dependencytrack/model/ViolationAnalysis.java b/src/main/java/org/dependencytrack/model/ViolationAnalysis.java index 8847b2c03..41101fdab 100644 --- a/src/main/java/org/dependencytrack/model/ViolationAnalysis.java +++ b/src/main/java/org/dependencytrack/model/ViolationAnalysis.java @@ -67,7 +67,7 @@ public class ViolationAnalysis implements Serializable { private PolicyViolation policyViolation; @Persistent(defaultFetchGroup = "true") - @Column(name = "STATE", jdbcType = "CLOB", allowsNull = "false") + @Column(name = "STATE", jdbcType = "VARCHAR", allowsNull = "false") @NotNull private ViolationAnalysisState analysisState; diff --git a/src/main/java/org/dependencytrack/model/ViolationAnalysisComment.java b/src/main/java/org/dependencytrack/model/ViolationAnalysisComment.java index d2d70f12a..ebe8206d6 100644 --- a/src/main/java/org/dependencytrack/model/ViolationAnalysisComment.java +++ b/src/main/java/org/dependencytrack/model/ViolationAnalysisComment.java @@ -66,7 +66,7 @@ public class ViolationAnalysisComment implements Serializable { private String comment; @Persistent(defaultFetchGroup = "true") - @Column(name = "COMMENTER", jdbcType = "CLOB") + @Column(name = "COMMENTER") @JsonDeserialize(using = TrimmedStringDeserializer.class) private String commenter; diff --git a/src/main/java/org/dependencytrack/model/Vulnerability.java b/src/main/java/org/dependencytrack/model/Vulnerability.java index 837e60437..4fedf1bc5 100644 --- a/src/main/java/org/dependencytrack/model/Vulnerability.java +++ b/src/main/java/org/dependencytrack/model/Vulnerability.java @@ -49,6 +49,7 @@ import javax.validation.constraints.NotBlank; import javax.validation.constraints.NotNull; import javax.validation.constraints.Pattern; +import javax.validation.constraints.Size; import java.io.Serializable; import java.math.BigDecimal; import java.util.ArrayList; @@ -136,35 +137,38 @@ public static boolean isKnownSource(String source) { private long id; @Persistent - @Column(name = "VULNID", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "VULNID", allowsNull = "false") @Index(name = "VULNERABILITY_VULNID_IDX") @NotBlank + @Size(min = 1, max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The vulnerability ID may only contain printable characters") private String vulnId; @Persistent - @Column(name = "SOURCE", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "SOURCE", allowsNull = "false") @NotBlank + @Size(min = 1, max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The source may only contain printable characters") private String source; @Persistent - @Column(name = "FRIENDLYVULNID", jdbcType = "CLOB") + @Column(name = "FRIENDLYVULNID") @NotBlank + @Size(min = 1, max = 255) @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The friendly vulnerability ID may only contain printable characters") private String friendlyVulnId; @Persistent - @Column(name = "TITLE", jdbcType = "CLOB") + @Column(name = "TITLE") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The title may only contain printable characters") private String title; @Persistent - @Column(name = "SUBTITLE", jdbcType = "CLOB") + @Column(name = "SUBTITLE") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The subtitle may only contain printable characters") private String subTitle; @@ -218,7 +222,7 @@ public static boolean isKnownSource(String source) { private Date updated; @Persistent(defaultFetchGroup = "true") - @Column(name = "CWES", jdbcType = "CLOB") + @Column(name = "CWES") @Convert(CollectionIntegerConverter.class) @JsonSerialize(using = CweSerializer.class) @JsonDeserialize(using = CweDeserializer.class) @@ -237,7 +241,7 @@ public static boolean isKnownSource(String source) { private BigDecimal cvssV2ExploitabilitySubScore; @Persistent - @Column(name = "CVSSV2VECTOR", jdbcType = "CLOB") + @Column(name = "CVSSV2VECTOR") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The CVSSv2 Vector may only contain printable characters") private String cvssV2Vector; @@ -255,7 +259,7 @@ public static boolean isKnownSource(String source) { private BigDecimal cvssV3ExploitabilitySubScore; @Persistent - @Column(name = "CVSSV3VECTOR", jdbcType = "CLOB") + @Column(name = "CVSSV3VECTOR") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The CVSSv3 Vector may only contain printable characters") private String cvssV3Vector; @@ -273,7 +277,7 @@ public static boolean isKnownSource(String source) { private BigDecimal owaspRRBusinessImpactScore; @Persistent - @Column(name = "OWASPRRVECTOR", jdbcType = "CLOB") + @Column(name = "OWASPRRVECTOR") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The OWASP RR Vector may only contain printable characters") private String owaspRRVector; @@ -284,13 +288,13 @@ public static boolean isKnownSource(String source) { private Severity severity; @Persistent - @Column(name = "VULNERABLEVERSIONS", jdbcType = "CLOB") + @Column(name = "VULNERABLEVERSIONS") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The vulnerable versions may only contain printable characters") private String vulnerableVersions; @Persistent - @Column(name = "PATCHEDVERSIONS", jdbcType = "CLOB") + @Column(name = "PATCHEDVERSIONS") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The patched versions may only contain printable characters") private String patchedVersions; diff --git a/src/main/java/org/dependencytrack/model/VulnerabilityAlias.java b/src/main/java/org/dependencytrack/model/VulnerabilityAlias.java index 3122c4a4a..487eb7629 100644 --- a/src/main/java/org/dependencytrack/model/VulnerabilityAlias.java +++ b/src/main/java/org/dependencytrack/model/VulnerabilityAlias.java @@ -56,56 +56,56 @@ public class VulnerabilityAlias implements Serializable { private long id; @Persistent - @Column(name = "INTERNAL_ID", jdbcType = "CLOB") + @Column(name = "INTERNAL_ID") @Index(name = "VULNERABILITYALIAS_INTERNAL_ID_IDX") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The internalId field may only contain printable characters") private String internalId; @Persistent - @Column(name = "CVE_ID", jdbcType = "CLOB") + @Column(name = "CVE_ID") @Index(name = "VULNERABILITYALIAS_CVE_ID_IDX") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The cveId field may only contain printable characters") private String cveId; @Persistent - @Column(name = "GHSA_ID", jdbcType = "CLOB") + @Column(name = "GHSA_ID") @Index(name = "VULNERABILITYALIAS_GHSA_ID_IDX") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The ghsaId field may only contain printable characters") private String ghsaId; @Persistent - @Column(name = "SONATYPE_ID", jdbcType = "CLOB") + @Column(name = "SONATYPE_ID") @Index(name = "VULNERABILITYALIAS_SONATYPE_ID_IDX") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The sonatypeId field may only contain printable characters") private String sonatypeId; @Persistent - @Column(name = "OSV_ID", jdbcType = "CLOB") + @Column(name = "OSV_ID") @Index(name = "VULNERABILITYALIAS_OSV_ID_IDX") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The osvId field may only contain printable characters") private String osvId; @Persistent - @Column(name = "SNYK_ID", jdbcType = "CLOB") + @Column(name = "SNYK_ID") @Index(name = "VULNERABILITYALIAS_SNYK_ID_IDX") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The snykId field may only contain printable characters") private String snykId; @Persistent - @Column(name = "GSD_ID", jdbcType = "CLOB") + @Column(name = "GSD_ID") @Index(name = "VULNERABILITYALIAS_GSD_ID_IDX") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The gsdId field may only contain printable characters") private String gsdId; @Persistent - @Column(name = "VULNDB_ID", jdbcType = "CLOB") + @Column(name = "VULNDB_ID") @Index(name = "VULNERABILITYALIAS_VULNDB_ID_IDX") @JsonDeserialize(using = TrimmedStringDeserializer.class) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS_PLUS, message = "The vulnDbId field may only contain printable characters") diff --git a/src/main/java/org/dependencytrack/model/VulnerabilityPolicy.java b/src/main/java/org/dependencytrack/model/VulnerabilityPolicy.java index b5993a509..205ae1ee9 100644 --- a/src/main/java/org/dependencytrack/model/VulnerabilityPolicy.java +++ b/src/main/java/org/dependencytrack/model/VulnerabilityPolicy.java @@ -15,6 +15,7 @@ import javax.jdo.annotations.PrimaryKey; import javax.validation.constraints.NotBlank; import javax.validation.constraints.Pattern; +import javax.validation.constraints.Size; import java.io.Serializable; import java.util.Date; import java.util.List; @@ -30,19 +31,21 @@ public class VulnerabilityPolicy implements Serializable { private long id; @Persistent - @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "NAME", allowsNull = "false") @Index(name = "VULNERABILITY_POLICY_NAME_IDX", unique = "true") @NotBlank + @Size(min = 1, max = 255) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The name may only contain printable characters") private String name; @Persistent - @Column(name = "DESCRIPTION", allowsNull = "true", jdbcType = "CLOB") + @Column(name = "DESCRIPTION", allowsNull = "true") + @Size(max = 4096) @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The description may only contain printable characters") private String description; @Persistent - @Column(name = "AUTHOR", allowsNull = "true", jdbcType = "CLOB") + @Column(name = "AUTHOR", allowsNull = "true", jdbcType = "VARCHAR") @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The author may only contain printable characters") private String author; diff --git a/src/main/java/org/dependencytrack/model/VulnerabilityPolicyBundle.java b/src/main/java/org/dependencytrack/model/VulnerabilityPolicyBundle.java index 7164836b4..b79612f84 100644 --- a/src/main/java/org/dependencytrack/model/VulnerabilityPolicyBundle.java +++ b/src/main/java/org/dependencytrack/model/VulnerabilityPolicyBundle.java @@ -25,8 +25,9 @@ public class VulnerabilityPolicyBundle implements Serializable { private long id; @Persistent - @Column(name = "URL", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "URL", allowsNull = "false") @NotBlank + @Size(min = 1, max = 2048) private String url; @Persistent diff --git a/src/main/java/org/dependencytrack/model/VulnerabilityScan.java b/src/main/java/org/dependencytrack/model/VulnerabilityScan.java index 49660f265..40c827d6e 100644 --- a/src/main/java/org/dependencytrack/model/VulnerabilityScan.java +++ b/src/main/java/org/dependencytrack/model/VulnerabilityScan.java @@ -36,14 +36,14 @@ public enum TargetType { */ @Persistent @Unique(name = "VULNERABILITY_SCAN_TOKEN_IDX") - @Column(name = "TOKEN", allowsNull = "false", jdbcType = "CLOB") + @Column(name = "TOKEN", allowsNull = "false") private String token; /** * The type of the entity targeted by this scan. */ @Persistent - @Column(name = "TARGET_TYPE", jdbcType = "CLOB", allowsNull = "false") + @Column(name = "TARGET_TYPE", jdbcType = "VARCHAR", allowsNull = "false") private TargetType targetType; /** @@ -57,7 +57,7 @@ public enum TargetType { * The overall status of this scan. */ @Persistent - @Column(name = "STATUS", jdbcType = "CLOB", allowsNull = "false") + @Column(name = "STATUS", jdbcType = "VARCHAR", allowsNull = "false") private Status status; /** diff --git a/src/main/java/org/dependencytrack/model/VulnerableSoftware.java b/src/main/java/org/dependencytrack/model/VulnerableSoftware.java index d9fc3450e..129b65106 100644 --- a/src/main/java/org/dependencytrack/model/VulnerableSoftware.java +++ b/src/main/java/org/dependencytrack/model/VulnerableSoftware.java @@ -63,99 +63,98 @@ public class VulnerableSoftware implements ICpe, Serializable { private long id; @Persistent - @Column(name = "PURL", jdbcType = "CLOB") + @Column(name = "PURL", jdbcType = "VARCHAR") private String purl; @Persistent - @Column(name = "PURL_TYPE", jdbcType = "CLOB") + @Column(name = "PURL_TYPE", jdbcType = "VARCHAR") private String purlType; @Persistent - @Column(name = "PURL_NAMESPACE", jdbcType = "CLOB") + @Column(name = "PURL_NAMESPACE", jdbcType = "VARCHAR") private String purlNamespace; @Persistent - @Column(name = "PURL_NAME", jdbcType = "CLOB") + @Column(name = "PURL_NAME", jdbcType = "VARCHAR") private String purlName; @Persistent - @Column(name = "PURL_VERSION", jdbcType = "CLOB") + @Column(name = "PURL_VERSION", jdbcType = "VARCHAR") private String purlVersion; @Persistent - @Column(name = "PURL_QUALIFIERS", jdbcType = "CLOB") + @Column(name = "PURL_QUALIFIERS", jdbcType = "VARCHAR") private String purlQualifiers; @Persistent - @Column(name = "PURL_SUBPATH", jdbcType = "CLOB") + @Column(name = "PURL_SUBPATH", jdbcType = "VARCHAR") private String purlSubpath; @Persistent - @Column(name = "CPE22", jdbcType = "CLOB") + @Column(name = "CPE22", jdbcType = "VARCHAR") private String cpe22; @Persistent - @Column(name = "CPE23", jdbcType = "CLOB") + @Column(name = "CPE23", jdbcType = "VARCHAR") private String cpe23; @Persistent - @Column(name = "PART", jdbcType = "CLOB") + @Column(name = "PART", jdbcType = "VARCHAR") private String part; @Persistent - @Column(name = "VENDOR", jdbcType = "CLOB") + @Column(name = "VENDOR", jdbcType = "VARCHAR") private String vendor; @Persistent - @Column(name = "PRODUCT", jdbcType = "CLOB") + @Column(name = "PRODUCT", jdbcType = "VARCHAR") private String product; @Persistent - @Column(name = "VERSION", jdbcType = "CLOB") private String version; @Persistent - @Column(name = "UPDATE", jdbcType = "CLOB") + @Column(name = "UPDATE", jdbcType = "VARCHAR") private String update; @Persistent - @Column(name = "EDITION", jdbcType = "CLOB") + @Column(name = "EDITION", jdbcType = "VARCHAR") private String edition; @Persistent - @Column(name = "LANGUAGE", jdbcType = "CLOB") + @Column(name = "LANGUAGE", jdbcType = "VARCHAR") private String language; @Persistent - @Column(name = "SWEDITION", jdbcType = "CLOB") + @Column(name = "SWEDITION", jdbcType = "VARCHAR") private String swEdition; @Persistent - @Column(name = "TARGETSW", jdbcType = "CLOB") + @Column(name = "TARGETSW", jdbcType = "VARCHAR") private String targetSw; @Persistent - @Column(name = "TARGETHW", jdbcType = "CLOB") + @Column(name = "TARGETHW", jdbcType = "VARCHAR") private String targetHw; @Persistent - @Column(name = "OTHER", jdbcType = "CLOB") + @Column(name = "OTHER", jdbcType = "VARCHAR") private String other; @Persistent - @Column(name = "VERSIONENDEXCLUDING", jdbcType = "CLOB") + @Column(name = "VERSIONENDEXCLUDING") private String versionEndExcluding; @Persistent - @Column(name = "VERSIONENDINCLUDING", jdbcType = "CLOB") + @Column(name = "VERSIONENDINCLUDING") private String versionEndIncluding; @Persistent - @Column(name = "VERSIONSTARTEXCLUDING", jdbcType = "CLOB") + @Column(name = "VERSIONSTARTEXCLUDING") private String versionStartExcluding; @Persistent - @Column(name = "VERSIONSTARTINCLUDING", jdbcType = "CLOB") + @Column(name = "VERSIONSTARTINCLUDING") private String versionStartIncluding; @Persistent diff --git a/src/main/java/org/dependencytrack/model/WorkflowState.java b/src/main/java/org/dependencytrack/model/WorkflowState.java index 5f25afe8b..01e48eb2f 100644 --- a/src/main/java/org/dependencytrack/model/WorkflowState.java +++ b/src/main/java/org/dependencytrack/model/WorkflowState.java @@ -44,13 +44,13 @@ public class WorkflowState implements Serializable { private Date updatedAt; @Persistent - @Column(name = "STEP", jdbcType = "CLOB", allowsNull = "false") + @Column(name = "STEP", jdbcType = "VARCHAR", length = 64, allowsNull = "false") @NotNull @Extension(vendorName = "datanucleus", key = "enum-check-constraint", value = "true") private WorkflowStep step; @Persistent - @Column(name = "STATUS", jdbcType = "CLOB", allowsNull = "false") + @Column(name = "STATUS", jdbcType = "VARCHAR", length = 64, allowsNull = "false") @NotNull @Extension(vendorName = "datanucleus", key = "enum-check-constraint", value = "true") private WorkflowStatus status; diff --git a/src/main/java/org/dependencytrack/parser/dependencytrack/ModelConverterCdxToVuln.java b/src/main/java/org/dependencytrack/parser/dependencytrack/ModelConverterCdxToVuln.java index b980dfabe..dae4eece0 100644 --- a/src/main/java/org/dependencytrack/parser/dependencytrack/ModelConverterCdxToVuln.java +++ b/src/main/java/org/dependencytrack/parser/dependencytrack/ModelConverterCdxToVuln.java @@ -1,5 +1,6 @@ package org.dependencytrack.parser.dependencytrack; +import org.apache.commons.lang3.StringUtils; import org.cyclonedx.proto.v1_4.Bom; import org.cyclonedx.proto.v1_4.ScoreMethod; import org.cyclonedx.proto.v1_4.Source; @@ -47,7 +48,7 @@ public static Vulnerability convert(final QueryManager qm, final Bom bom, if (cycloneVuln.getPropertiesCount() != 0) { var titleProperty = cycloneVuln.getProperties(0); if (titleProperty.getName().equals(TITLE_PROPERTY_NAME) && titleProperty.hasValue()) { - vuln.setTitle(titleProperty.getValue()); + vuln.setTitle(StringUtils.abbreviate(titleProperty.getValue(), 255)); } } if (cycloneVuln.hasDescription()) { diff --git a/src/main/resources/migration/changelog-main.xml b/src/main/resources/migration/changelog-main.xml index 5ab794a8e..58a4a9b67 100644 --- a/src/main/resources/migration/changelog-main.xml +++ b/src/main/resources/migration/changelog-main.xml @@ -10,6 +10,5 @@ http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-latest.xsd"> - \ No newline at end of file diff --git a/src/main/resources/migration/changelog-v5.4.0.xml b/src/main/resources/migration/changelog-v5.4.0.xml deleted file mode 100644 index 6f92a7e18..000000000 --- a/src/main/resources/migration/changelog-v5.4.0.xml +++ /dev/null @@ -1,297 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ALTER TABLE "AFFECTEDVERSIONATTRIBUTION" DROP CONSTRAINT IF EXISTS "AFFECTEDVERSIONATTRIBUTION_SOURCE_check"; - ALTER TABLE "AFFECTEDVERSIONATTRIBUTION" ADD CONSTRAINT "AFFECTEDVERSIONATTRIBUTION_SOURCE_check" - CHECK ("SOURCE"::TEXT = ANY(ARRAY['NVD', 'NPM', 'GITHUB', 'VULNDB', 'OSSINDEX', 'RETIREJS', 'INTERNAL', 'OSV', 'SNYK'])); - - ALTER TABLE "ANALYSIS" DROP CONSTRAINT IF EXISTS "ANALYSIS_STATE_check"; - ALTER TABLE "ANALYSIS" ADD CONSTRAINT "ANALYSIS_STATE_check" - CHECK ("STATE"::TEXT = ANY(ARRAY['EXPLOITABLE', 'IN_TRIAGE', 'FALSE_POSITIVE', 'NOT_AFFECTED', 'RESOLVED', 'NOT_SET'])); - - ALTER TABLE "ANALYSIS" DROP CONSTRAINT IF EXISTS "ANALYSIS_JUSTIFICATION_check"; - ALTER TABLE "ANALYSIS" ADD CONSTRAINT "ANALYSIS_JUSTIFICATION_check" - CHECK ("JUSTIFICATION" IS NULL OR "JUSTIFICATION"::TEXT = ANY(ARRAY['CODE_NOT_PRESENT', 'CODE_NOT_REACHABLE', 'REQUIRES_CONFIGURATION', 'REQUIRES_DEPENDENCY', 'REQUIRES_ENVIRONMENT', 'PROTECTED_BY_COMPILER', 'PROTECTED_AT_RUNTIME', 'PROTECTED_AT_PERIMETER', 'PROTECTED_BY_MITIGATING_CONTROL', 'NOT_SET'])); - - ALTER TABLE "ANALYSIS" DROP CONSTRAINT IF EXISTS "ANALYSIS_RESPONSE_check"; - ALTER TABLE "ANALYSIS" ADD CONSTRAINT "ANALYSIS_RESPONSE_check" - CHECK ("RESPONSE" IS NULL OR "RESPONSE"::TEXT = ANY(ARRAY['CAN_NOT_FIX', 'WILL_NOT_FIX', 'UPDATE', 'ROLLBACK', 'WORKAROUND_AVAILABLE', 'NOT_SET'])); - - ALTER TABLE "ANALYSIS" DROP CONSTRAINT IF EXISTS "ANALYSIS_SEVERITY_check"; - ALTER TABLE "ANALYSIS" ADD CONSTRAINT "ANALYSIS_SEVERITY_check" - CHECK ("SEVERITY" IS NULL OR "SEVERITY"::TEXT = ANY(ARRAY['CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO', 'UNASSIGNED'])); - - ALTER TABLE "FINDINGATTRIBUTION" DROP CONSTRAINT IF EXISTS "FINDINGATTRIBUTION_ANALYZERIDENTITY_check"; - ALTER TABLE "FINDINGATTRIBUTION" ADD CONSTRAINT "FINDINGATTRIBUTION_ANALYZERIDENTITY_check" - CHECK ("ANALYZERIDENTITY"::TEXT = ANY(ARRAY['INTERNAL_ANALYZER', 'OSSINDEX_ANALYZER', 'NPM_AUDIT_ANALYZER', 'VULNDB_ANALYZER', 'SNYK_ANALYZER', 'NONE'])); - - ALTER TABLE "INTEGRITY_ANALYSIS" DROP CONSTRAINT IF EXISTS "INTEGRITY_ANALYSIS_STATUS_check"; - ALTER TABLE "INTEGRITY_ANALYSIS" ADD CONSTRAINT "INTEGRITY_ANALYSIS_STATUS_check" - CHECK ("INTEGRITY_CHECK_STATUS"::TEXT = ANY(ARRAY['HASH_MATCH_PASSED', 'HASH_MATCH_FAILED', 'HASH_MATCH_UNKNOWN', 'COMPONENT_MISSING_HASH', 'COMPONENT_MISSING_HASH_AND_MATCH_UNKNOWN'])); - - ALTER TABLE "INTEGRITY_ANALYSIS" DROP CONSTRAINT IF EXISTS "INTEGRITY_ANALYSIS_MD5_STATUS_check"; - ALTER TABLE "INTEGRITY_ANALYSIS" ADD CONSTRAINT "INTEGRITY_ANALYSIS_MD5_STATUS_check" - CHECK ("MD5_HASH_MATCH_STATUS"::TEXT = ANY(ARRAY['HASH_MATCH_PASSED', 'HASH_MATCH_FAILED', 'HASH_MATCH_UNKNOWN', 'COMPONENT_MISSING_HASH', 'COMPONENT_MISSING_HASH_AND_MATCH_UNKNOWN'])); - - ALTER TABLE "INTEGRITY_ANALYSIS" DROP CONSTRAINT IF EXISTS "INTEGRITY_ANALYSIS_SHA1_STATUS_check"; - ALTER TABLE "INTEGRITY_ANALYSIS" ADD CONSTRAINT "INTEGRITY_ANALYSIS_SHA1_STATUS_check" - CHECK ("SHA1_HASH_MATCH_STATUS"::TEXT = ANY(ARRAY['HASH_MATCH_PASSED', 'HASH_MATCH_FAILED', 'HASH_MATCH_UNKNOWN', 'COMPONENT_MISSING_HASH', 'COMPONENT_MISSING_HASH_AND_MATCH_UNKNOWN'])); - - ALTER TABLE "INTEGRITY_ANALYSIS" DROP CONSTRAINT IF EXISTS "INTEGRITY_ANALYSIS_SHA256_STATUS_check"; - ALTER TABLE "INTEGRITY_ANALYSIS" ADD CONSTRAINT "INTEGRITY_ANALYSIS_SHA256_STATUS_check" - CHECK ("SHA256_HASH_MATCH_STATUS"::TEXT = ANY(ARRAY['HASH_MATCH_PASSED', 'HASH_MATCH_FAILED', 'HASH_MATCH_UNKNOWN', 'COMPONENT_MISSING_HASH', 'COMPONENT_MISSING_HASH_AND_MATCH_UNKNOWN'])); - - ALTER TABLE "INTEGRITY_ANALYSIS" DROP CONSTRAINT IF EXISTS "INTEGRITY_ANALYSIS_SHA512_STATUS_check"; - ALTER TABLE "INTEGRITY_ANALYSIS" ADD CONSTRAINT "INTEGRITY_ANALYSIS_SHA512_STATUS_check" - CHECK ("SHA512_HASH_MATCH_STATUS"::TEXT = ANY(ARRAY['HASH_MATCH_PASSED', 'HASH_MATCH_FAILED', 'HASH_MATCH_UNKNOWN', 'COMPONENT_MISSING_HASH', 'COMPONENT_MISSING_HASH_AND_MATCH_UNKNOWN'])); - - ALTER TABLE "NOTIFICATIONRULE" DROP CONSTRAINT IF EXISTS "NOTIFICATION_LEVEL_check"; - ALTER TABLE "NOTIFICATIONRULE" ADD CONSTRAINT "NOTIFICATION_LEVEL_check" - CHECK ("NOTIFICATION_LEVEL"::TEXT = ANY(ARRAY['INFORMATIONAL', 'WARNING', 'ERROR'])); - - ALTER TABLE "NOTIFICATIONRULE" DROP CONSTRAINT IF EXISTS "NOTIFICATION_SCOPE_check"; - ALTER TABLE "NOTIFICATIONRULE" ADD CONSTRAINT "NOTIFICATION_SCOPE_check" - CHECK ("SCOPE"::TEXT = ANY(ARRAY['SYSTEM', 'PORTFOLIO'])); - - ALTER TABLE "POLICY" DROP CONSTRAINT IF EXISTS "POLICY_OPERATOR_check"; - ALTER TABLE "POLICY" ADD CONSTRAINT "POLICY_OPERATOR_check" - CHECK ("OPERATOR"::TEXT = ANY(ARRAY['ALL', 'ANY'])); - - ALTER TABLE "POLICY" DROP CONSTRAINT IF EXISTS "POLICY_VIOLATIONSTATE_check"; - ALTER TABLE "POLICY" ADD CONSTRAINT "POLICY_VIOLATIONSTATE_check" - CHECK ("VIOLATIONSTATE"::TEXT = ANY(ARRAY['INFO', 'WARN', 'FAIL'])); - - ALTER TABLE "POLICYCONDITION" DROP CONSTRAINT IF EXISTS "POLICYCONDITION_OPERATOR_check"; - ALTER TABLE "POLICYCONDITION" ADD CONSTRAINT "POLICYCONDITION_OPERATOR_check" - CHECK ("OPERATOR"::TEXT = ANY(ARRAY['IS', 'IS_NOT', 'MATCHES', 'NO_MATCH', 'NUMERIC_GREATER_THAN', 'NUMERIC_LESS_THAN', 'NUMERIC_EQUAL', 'NUMERIC_NOT_EQUAL', 'NUMERIC_GREATER_THAN_OR_EQUAL', 'NUMERIC_LESSER_THAN_OR_EQUAL', 'CONTAINS_ALL', 'CONTAINS_ANY'])); - - ALTER TABLE "POLICYCONDITION" DROP CONSTRAINT IF EXISTS "POLICYCONDITION_SUBJECT_check"; - ALTER TABLE "POLICYCONDITION" ADD CONSTRAINT "POLICYCONDITION_SUBJECT_check" - CHECK ("SUBJECT"::TEXT = ANY(ARRAY['AGE', 'COORDINATES', 'CPE', 'EXPRESSION', 'LICENSE', 'LICENSE_GROUP', 'PACKAGE_URL', 'SEVERITY', 'SWID_TAGID', 'VERSION', 'COMPONENT_HASH', 'CWE', 'VULNERABILITY_ID', 'VERSION_DISTANCE'])); - - ALTER TABLE "POLICYCONDITION" DROP CONSTRAINT IF EXISTS "POLICYCONDITION_VIOLATIONTYPE_check"; - ALTER TABLE "POLICYCONDITION" ADD CONSTRAINT "POLICYCONDITION_VIOLATIONTYPE_check" - CHECK ("VIOLATIONTYPE"::TEXT = ANY(ARRAY['LICENSE', 'SECURITY', 'OPERATIONAL'])); - - ALTER TABLE "POLICYVIOLATION" DROP CONSTRAINT IF EXISTS "POLICYVIOLATION_TYPE_check"; - ALTER TABLE "POLICYVIOLATION" ADD CONSTRAINT "POLICYVIOLATION_TYPE_check" - CHECK ("TYPE"::TEXT = ANY(ARRAY['LICENSE', 'SECURITY', 'OPERATIONAL'])); - - ALTER TABLE "PROJECT_PROPERTY" DROP CONSTRAINT IF EXISTS "PROJECT_PROPERTY_TYPE_check"; - ALTER TABLE "PROJECT_PROPERTY" ADD CONSTRAINT "PROJECT_PROPERTY_TYPE_check" - CHECK ("PROPERTYTYPE"::TEXT = ANY(ARRAY['BOOLEAN', 'INTEGER', 'NUMBER', 'STRING', 'ENCRYPTEDSTRING', 'TIMESTAMP', 'URL', 'UUID'])); - - ALTER TABLE "REPOSITORY" DROP CONSTRAINT IF EXISTS "REPOSITORY_TYPE_check"; - ALTER TABLE "REPOSITORY" ADD CONSTRAINT "REPOSITORY_TYPE_check" - CHECK ("TYPE"::TEXT = ANY(ARRAY['MAVEN', 'NPM', 'GEM', 'PYPI', 'NUGET', 'HEX', 'COMPOSER', 'CARGO', 'GO_MODULES', 'CPAN', 'GITHUB', 'UNSUPPORTED'])); - - ALTER TABLE "REPOSITORY_META_COMPONENT" DROP CONSTRAINT IF EXISTS "REPOSITORY_META_COMPONENT_REPOSITORY_TYPE_check"; - ALTER TABLE "REPOSITORY_META_COMPONENT" ADD CONSTRAINT "REPOSITORY_META_COMPONENT_REPOSITORY_TYPE_check" - CHECK ("REPOSITORY_TYPE"::TEXT = ANY(ARRAY['MAVEN', 'NPM', 'GEM', 'PYPI', 'NUGET', 'HEX', 'COMPOSER', 'CARGO', 'GO_MODULES', 'CPAN', 'GITHUB', 'UNSUPPORTED'])); - - ALTER TABLE "VIOLATIONANALYSIS" DROP CONSTRAINT IF EXISTS "VIOLATIONANALYSIS_STATE_check"; - ALTER TABLE "VIOLATIONANALYSIS" ADD CONSTRAINT "VIOLATIONANALYSIS_STATE_check" - CHECK ("STATE"::TEXT = ANY(ARRAY['APPROVED', 'REJECTED', 'NOT_SET'])); - - ALTER TABLE "VULNERABILITY" DROP CONSTRAINT IF EXISTS "VULNERABILITY_SEVERITY_check"; - ALTER TABLE "VULNERABILITY" ADD CONSTRAINT "VULNERABILITY_SEVERITY_check" - CHECK ("SEVERITY"::TEXT = ANY(ARRAY['CRITICAL', 'HIGH', 'MEDIUM', 'LOW', 'INFO', 'UNASSIGNED'])); - - ALTER TABLE "VULNERABILITYSCAN" DROP CONSTRAINT IF EXISTS "VULNERABILITYSCAN_STATUS_check"; - ALTER TABLE "VULNERABILITYSCAN" ADD CONSTRAINT "VULNERABILITYSCAN_STATUS_check" - CHECK ("STATUS"::TEXT = ANY(ARRAY['UNKNOWN', 'IN_PROGRESS', 'COMPLETED', 'FAILED'])); - - ALTER TABLE "VULNERABILITYSCAN" DROP CONSTRAINT IF EXISTS "VULNERABILITYSCAN_TARGET_TYPE_check"; - ALTER TABLE "VULNERABILITYSCAN" ADD CONSTRAINT "VULNERABILITYSCAN_TARGET_TYPE_check" - CHECK ("TARGET_TYPE"::TEXT = ANY(ARRAY['COMPONENT', 'PROJECT'])); - - - \ No newline at end of file diff --git a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java index 997366759..86c1c8cd3 100644 --- a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java +++ b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java @@ -18,6 +18,7 @@ */ package org.dependencytrack.tasks; +import com.github.packageurl.PackageURL; import org.apache.kafka.clients.producer.ProducerRecord; import org.dependencytrack.PersistenceCapableTest; import org.dependencytrack.event.BomUploadEvent; @@ -216,6 +217,7 @@ public void informTestWithComponentAlreadyExistsForIntegrityCheck() throws Excep final var bomUploadEvent = new BomUploadEvent(qm.detach(Project.class, project.getId()), createTempBomFile("bom-1.xml")); qm.createWorkflowSteps(bomUploadEvent.getChainIdentifier()); + PackageURL packageUrl = new PackageURL("pkg:maven/com.example/xmlutil@1.0.0?download_url=https%3A%2F%2Fon-premises.url%2Frepository%2Fnpm%2F%40babel%2Fhelper-split-export-declaration%2Fhelper-split-export-declaration%2Fhelper-split-export-declaration%2Fhelper-split-export-declaration%2Fhelper-split-export-declaration-7.18.6.tgz"); var integrityMeta = new IntegrityMetaComponent(); integrityMeta.setPurl("pkg:maven/com.example/xmlutil@1.0.0?download_url=https%3A%2F%2Fon-premises.url%2Frepository%2Fnpm%2F%40babel%2Fhelper-split-export-declaration%2Fhelper-split-export-declaration%2Fhelper-split-export-declaration%2Fhelper-split-export-declaration%2Fhelper-split-export-declaration-7.18.6.tgz"); integrityMeta.setStatus(FetchStatus.IN_PROGRESS);