search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.64k stars 557 forks source link

error on uploadScan #105

Closed stboissdev closed 6 years ago

stboissdev commented 6 years ago

on uploadscan, if a description is greater than 1024, there is an error 

ERROR [ScanUploadProcessingTask] Attempt to store value "Xerces2 is the next generation
 of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of X
erces introduces the Xerces Native Interface (XNI), a complete framework for building parser compone
nts and configurations that is extremely modular and easy to program. The Apache Xerces2 parser is t
he reference implementation of XNI but other parser components, configurations, and parsers can be w
ritten using the Xerces Native Interface. For complete design and implementation documents, refer to
 the XNI Manual. Xerces2 is a fully conforming XML Schema 1.0 processor. A partial experimental impl
ementation of the XML Schema 1.1 Structures and Datatypes Working Drafts (December 2009) and an expe
rimental implementation of the XML Schema Definition Language (XSD): Component Designators (SCD) Can
didate Recommendation (January 2010) are provided for evaluation. For more information, refer to the
 XML Schema page. Xerces2 also provides a complete implementation of the Document Object Model Level
 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusio
ns (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1. Xerces2 is a
ble to parse documents written according to the XML 1.1 Recommendation, except that it does not yet
provide an option to enable normalization checking as described in section 2.13 of this specificatio
n. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly
 serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use." in column "DESCRIPTION"
that has maximum length of 1024. Please correct your data!

and cannot load the following dependencies

stevespringett commented 6 years ago

Input validation at the persistence layer along with the column definition will prevent unvalidated data from persisting. This is expected behavior.

However, I think in some cases (like description) there may be exceptions. Two possible solutions are to:

Other tables use CLOB for large text, including license. But these are not queried at nearly the same rate as the component table so there's little performance impact on those.

stevespringett commented 6 years ago

I've decided to leave the current limits in place and simply truncate the strings to fit the existing field lengths - which should be more than adequate. If I went down the CLOB route and allowed virtually any length text, there are security ramifications for doing so as well as general performance considerations.

This issue should be resolved. Please reopen ticket if the problem persists.

eastmadc commented 6 years ago

Can we reopen this issue for similar problem when setting other component data values? Perhaps this could be considered an issue with dependecy-check generating the report?

Two instances of the problem:

2018-07-10 17:06:51,347 [] ERROR [org.owasp.dependencytrack.tasks.ScanUploadProcessingTask] Error while processing scan result javax.jdo.JDOFatalUserException: Attempt to store value ", _htest=False, _utest=False): """ _htest - bool, change box location when running htest _utest - bool, don't wait_window when running unittest """ Toplevel.__init__(self, parent) self.parent = parent if _htest: parent.instance_dict = {} self.wm_withdraw() self.configure(borderwidth=5) self.title(title or 'IDLE Preferences') self.geometry( "+%d+%d" % (parent.winfo_rootx() + 20, parent.winfo_rooty() + (30 if not _htest else 150))) #Theme Elements. Each theme element key is its display name. #The first value of the tuple is the sample area tag name. #The second value is the display name list sort index. self.themeElements={ 'Normal Text':('normal', '00'), 'Python Keywords':('keyword', '01'), 'Python Definitions':('definition', '02'), 'Python Builtins':('builtin', '03'), 'Python Comments':('comment', '04'), 'Python Strings':('string', '05'), 'Selected Text':('hilite', '06'), 'Found Text':('hit', '07'), 'Cursor':('cursor', '08'), 'Error Text':('error', '09'), 'Shell Normal Text':('console', '10'), 'Shell Stdout Text':('stdout', '11'), 'Shell Stderr Text':('stderr', '12'), } self.ResetChangedItems() #load initial values in changed items dict self.CreateWidgets() self.resizable(height=FALSE, width=FALSE) self.transient(parent) self.grab_set() self.protocol("WM_DELETE_WINDOW", self.Cancel) self.tabPages.focus_set() #key bindings for this dialog #self.bind('<Escape>', self.Cancel) #dismiss dialog, no save #self.bind('<Alt-a>', self.Apply) #apply changes, save #self.bind('<F1>', self.Help) #context help self.LoadConfigs() self.AttachVarCallbacks() #avoid callbacks during LoadConfigs if not _utest: self.wm_deiconify() self.wait_window() def CreateWidgets(self): self.tabPages = TabbedPageSet(self, page_names=['Fonts/Tabs', 'Highlighting', 'Keys', 'General']) self.tabPages.pack(side=TOP, expand=TRUE, fill=BOTH) self.CreatePageFontTab() self.CreatePageHighlight() self.CreatePageKeys() self.CreatePageGeneral() self.create_action_buttons().pack(side=BOTTOM) def create_action_buttons(self): if macosxSupport.isAquaTk(): # Changing the default padding on OSX results in unreadable # text in the buttons paddingArgs = {} else: paddingArgs = {'padx':6, 'pady':3} outer = Frame(self, pady=2) buttons = Frame(outer, pady=2) self.buttonOk = Button( buttons, text='Ok', command=self.Ok, takefocus=FALSE, **paddingArgs) self.buttonApply = Button( buttons, text='Apply', command=self.Apply, takefocus=FALSE, **paddingArgs) self.buttonCancel = Button( buttons, text='Cancel', command=self.Cancel, takefocus=FALSE, **paddingArgs) self.buttonOk.pack(side=LEFT, padx=5) self.buttonApply.pack(side=LEFT, padx=5) self.buttonCancel.pack(side=LEFT, padx=5) # Comment out Help button creation and packing until implement self.Help ## self.buttonHelp = Button( ## buttons, text='Help', command=self.Help, ## takefocus=FALSE, **paddingArgs) ## self.buttonHelp.pack(side=RIGHT, padx=5) # add space above buttons Frame(outer, height=2, borderwidth=0).pack(side=TOP) buttons.pack(side=BOTTOM) return outer def CreatePageFontTab(self): parent = self.parent self.fontSize = StringVar(parent) self.fontBold = BooleanVar(parent) self.fontName = StringVar(parent) self.spaceNum = IntVar(parent) self.editFont = tkFont.Font(parent, ('courier', 10, 'normal')) ##widget creation #body frame frame = self.tabPages.pages['Fonts/Tabs'].frame #body section frames frameFont = LabelFrame( frame, borderwidth=2, relief=GROOVE, text=' Base Editor Font ') frameIndent = LabelFrame( frame, borderwidth=2, relief=GROOVE, text=' Indentation Width ') #frameFont frameFontName = Frame(frameFont) frameFontParam = Frame(frameFont) labelFontNameTitle = Label( frameFontName, justify=LEFT, text='Font Face :') self.listFontName = Listbox( frameFontName, height=5, takefocus=FALSE, exportselection=FALSE) self.listFontName.bind( '<ButtonRelease-1>', self.OnListFontButtonRelease) scrollFont = Scrollbar(frameFontName) scrollFont.config(command=self.listFontName.yview) self.listFontName.config(yscrollcommand=scrollFont.set) labelFontSizeTitle = Label(frameFontParam, text='Size :') self.optMenuFontSize = DynOptionMenu( frameFontParam, self.fontSize, None, command=self.SetFontSample) checkFontBold = Checkbutton( frameFontParam, variable=self.fontBold, onvalue=1, offvalue=0, text='Bold', command=self.SetFontSample) frameFontSample = Frame(frameFont, relief=SOLID, borderwidth=1) self.labelFontSample = Label( frameFontSample, justify=LEFT, font=self.editFont, text='AaBbCcDdEe\nFfGgHhIiJjK\n1234567890\n#:+=(){}[]') #frameIndent frameIndentSize = Frame(frameIndent) labelSpaceNumTitle = Label( frameIndentSize, justify=LEFT, text='Python Standard: 4 Spaces!') self.scaleSpaceNum = Scale( frameIndentSize, variable=self.spaceNum, orient='horizontal', tickinterval=2, from_=2, to=16) #widget packing #body frameFont.pack(side=LEFT, padx=5, pady=5, expand=TRUE, fill=BOTH) frameIndent.pack(side=LEFT, padx=5, pady=5, fill=Y) #frameFont frameFontName.pack(side=TOP, padx=5, pady=5, fill=X) frameFontParam.pack(side=TOP, padx=5, pady=5, fill=X) labelFontNameTitle.pack(side=TOP, anchor=W) self.listFontName.pack(side=LEFT, expand=TRUE, fill=X) scrollFont.pack(side=LEFT, fill=Y) labelFontSizeTitle.pack(side=LEFT, anchor=W) self.optMenuFontSize.pack(side=LEFT, anchor=W) checkFontBold.pack(side=LEFT, anchor=W, padx=20) frameFontSample.pack(side=TOP, padx=5, pady=5, expand=TRUE, fill=BOTH) self.labelFontSample.pack(expand=TRUE, fill=BOTH) #frameIndent frameIndentSize.pack(side=TOP, fill=X) labelSpaceNumTitle.pack(side=TOP, anchor=W, padx=5) self.scaleSpaceNum.pack(side=TOP, padx=5, fill=X) return frame def CreatePageHighlight(self): parent = self.parent self.builtinTheme = StringVar(parent) self.customTheme = StringVar(parent) self.fgHilite = BooleanVar(parent) self.colour = StringVar(parent) self.fontName = StringVar(parent) self.themeIsBuiltin = BooleanVar(parent) self.highlightTarget = StringVar(parent) ##widget creation #body frame frame = self.tabPages.pages['Highlighting'].frame #body section frames frameCustom = LabelFrame(frame, borderwidth=2, relief=GROOVE, text=' Custom Highlighting ') frameTheme = LabelFrame(frame, borderwidth=2, relief=GROOVE, text=' Highlighting Theme ') #frameCustom self.textHighlightSample=Text( frameCustom, relief=SOLID, borderwidth=1, font=('courier', 12," in column ""VALUE"" that has maximum length of 4096. Please correct your data! at org.datanucleus.api.jdo.NucleusJDOHelper.getJDOExceptionForNucleusException(NucleusJDOHelper.java:615) at org.datanucleus.api.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:717) at org.datanucleus.api.jdo.JDOPersistenceManager.makePersistent(JDOPersistenceManager.java:738) at alpine.persistence.AbstractAlpineQueryManager.persist(AbstractAlpineQueryManager.java:374) at org.owasp.dependencytrack.persistence.QueryManager.createEvidence(QueryManager.java:595) at org.owasp.dependencytrack.tasks.ScanUploadProcessingTask.processDependency(ScanUploadProcessingTask.java:149) at org.owasp.dependencytrack.tasks.ScanUploadProcessingTask.inform(ScanUploadProcessingTask.java:83) at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:87) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: org.datanucleus.exceptions.NucleusUserException: Attempt to store value ", _htest=False, _utest=False): """ _htest - bool, change box location when running htest _utest - bool, don't wait_window when running unittest """ Toplevel.__init__(self, parent) self.parent = parent if _htest: parent.instance_dict = {} self.wm_withdraw() self.configure(borderwidth=5) self.title(title or 'IDLE Preferences') self.geometry( "+%d+%d" % (parent.winfo_rootx() + 20, parent.winfo_rooty() + (30 if not _htest else 150))) #Theme Elements. Each theme element key is its display name. #The first value of the tuple is the sample area tag name. #The second value is the display name list sort index. self.themeElements={ 'Normal Text':('normal', '00'), 'Python Keywords':('keyword', '01'), 'Python Definitions':('definition', '02'), 'Python Builtins':('builtin', '03'), 'Python Comments':('comment', '04'), 'Python Strings':('string', '05'), 'Selected Text':('hilite', '06'), 'Found Text':('hit', '07'), 'Cursor':('cursor', '08'), 'Error Text':('error', '09'), 'Shell Normal Text':('console', '10'), 'Shell Stdout Text':('stdout', '11'), 'Shell Stderr Text':('stderr', '12'), } self.ResetChangedItems() #load initial values in changed items dict self.CreateWidgets() self.resizable(height=FALSE, width=FALSE) self.transient(parent) self.grab_set() self.protocol("WM_DELETE_WINDOW", self.Cancel) self.tabPages.focus_set() #key bindings for this dialog #self.bind('<Escape>', self.Cancel) #dismiss dialog, no save #self.bind('<Alt-a>', self.Apply) #apply changes, save #self.bind('<F1>', self.Help) #context help self.LoadConfigs() self.AttachVarCallbacks() #avoid callbacks during LoadConfigs if not _utest: self.wm_deiconify() self.wait_window() def CreateWidgets(self): self.tabPages = TabbedPageSet(self, page_names=['Fonts/Tabs', 'Highlighting', 'Keys', 'General']) self.tabPages.pack(side=TOP, expand=TRUE, fill=BOTH) self.CreatePageFontTab() self.CreatePageHighlight() self.CreatePageKeys() self.CreatePageGeneral() self.create_action_buttons().pack(side=BOTTOM) def create_action_buttons(self): if macosxSupport.isAquaTk(): # Changing the default padding on OSX results in unreadable # text in the buttons paddingArgs = {} else: paddingArgs = {'padx':6, 'pady':3} outer = Frame(self, pady=2) buttons = Frame(outer, pady=2) self.buttonOk = Button( buttons, text='Ok', command=self.Ok, takefocus=FALSE, **paddingArgs) self.buttonApply = Button( buttons, text='Apply', command=self.Apply, takefocus=FALSE, **paddingArgs) self.buttonCancel = Button( buttons, text='Cancel', command=self.Cancel, takefocus=FALSE, **paddingArgs) self.buttonOk.pack(side=LEFT, padx=5) self.buttonApply.pack(side=LEFT, padx=5) self.buttonCancel.pack(side=LEFT, padx=5) # Comment out Help button creation and packing until implement self.Help ## self.buttonHelp = Button( ## buttons, text='Help', command=self.Help, ## takefocus=FALSE, **paddingArgs) ## self.buttonHelp.pack(side=RIGHT, padx=5) # add space above buttons Frame(outer, height=2, borderwidth=0).pack(side=TOP) buttons.pack(side=BOTTOM) return outer def CreatePageFontTab(self): parent = self.parent self.fontSize = StringVar(parent) self.fontBold = BooleanVar(parent) self.fontName = StringVar(parent) self.spaceNum = IntVar(parent) self.editFont = tkFont.Font(parent, ('courier', 10, 'normal')) ##widget creation #body frame frame = self.tabPages.pages['Fonts/Tabs'].frame #body section frames frameFont = LabelFrame( frame, borderwidth=2, relief=GROOVE, text=' Base Editor Font ') frameIndent = LabelFrame( frame, borderwidth=2, relief=GROOVE, text=' Indentation Width ') #frameFont frameFontName = Frame(frameFont) frameFontParam = Frame(frameFont) labelFontNameTitle = Label( frameFontName, justify=LEFT, text='Font Face :') self.listFontName = Listbox( frameFontName, height=5, takefocus=FALSE, exportselection=FALSE) self.listFontName.bind( '<ButtonRelease-1>', self.OnListFontButtonRelease) scrollFont = Scrollbar(frameFontName) scrollFont.config(command=self.listFontName.yview) self.listFontName.config(yscrollcommand=scrollFont.set) labelFontSizeTitle = Label(frameFontParam, text='Size :') self.optMenuFontSize = DynOptionMenu( frameFontParam, self.fontSize, None, command=self.SetFontSample) checkFontBold = Checkbutton( frameFontParam, variable=self.fontBold, onvalue=1, offvalue=0, text='Bold', command=self.SetFontSample) frameFontSample = Frame(frameFont, relief=SOLID, borderwidth=1) self.labelFontSample = Label( frameFontSample, justify=LEFT, font=self.editFont, text='AaBbCcDdEe\nFfGgHhIiJjK\n1234567890\n#:+=(){}[]') #frameIndent frameIndentSize = Frame(frameIndent) labelSpaceNumTitle = Label( frameIndentSize, justify=LEFT, text='Python Standard: 4 Spaces!') self.scaleSpaceNum = Scale( frameIndentSize, variable=self.spaceNum, orient='horizontal', tickinterval=2, from_=2, to=16) #widget packing #body frameFont.pack(side=LEFT, padx=5, pady=5, expand=TRUE, fill=BOTH) frameIndent.pack(side=LEFT, padx=5, pady=5, fill=Y) #frameFont frameFontName.pack(side=TOP, padx=5, pady=5, fill=X) frameFontParam.pack(side=TOP, padx=5, pady=5, fill=X) labelFontNameTitle.pack(side=TOP, anchor=W) self.listFontName.pack(side=LEFT, expand=TRUE, fill=X) scrollFont.pack(side=LEFT, fill=Y) labelFontSizeTitle.pack(side=LEFT, anchor=W) self.optMenuFontSize.pack(side=LEFT, anchor=W) checkFontBold.pack(side=LEFT, anchor=W, padx=20) frameFontSample.pack(side=TOP, padx=5, pady=5, expand=TRUE, fill=BOTH) self.labelFontSample.pack(expand=TRUE, fill=BOTH) #frameIndent frameIndentSize.pack(side=TOP, fill=X) labelSpaceNumTitle.pack(side=TOP, anchor=W, padx=5) self.scaleSpaceNum.pack(side=TOP, padx=5, fill=X) return frame def CreatePageHighlight(self): parent = self.parent self.builtinTheme = StringVar(parent) self.customTheme = StringVar(parent) self.fgHilite = BooleanVar(parent) self.colour = StringVar(parent) self.fontName = StringVar(parent) self.themeIsBuiltin = BooleanVar(parent) self.highlightTarget = StringVar(parent) ##widget creation #body frame frame = self.tabPages.pages['Highlighting'].frame #body section frames frameCustom = LabelFrame(frame, borderwidth=2, relief=GROOVE, text=' Custom Highlighting ') frameTheme = LabelFrame(frame, borderwidth=2, relief=GROOVE, text=' Highlighting Theme ') #frameCustom self.textHighlightSample=Text( frameCustom, relief=SOLID, borderwidth=1, font=('courier', 12," in column ""VALUE"" that has maximum length of 4096. Please correct your data! at org.datanucleus.store.rdbms.mapping.datastore.CharRDBMSMapping.setString(CharRDBMSMapping.java:253) at org.datanucleus.store.rdbms.mapping.java.SingleFieldMapping.setString(SingleFieldMapping.java:180) at org.datanucleus.store.rdbms.fieldmanager.ParameterSetter.storeStringField(ParameterSetter.java:158) at org.datanucleus.state.StateManagerImpl.providedStringField(StateManagerImpl.java:1811) at org.owasp.dependencytrack.model.Evidence.dnProvideField(Evidence.java) at org.owasp.dependencytrack.model.Evidence.dnProvideFields(Evidence.java) at org.datanucleus.state.StateManagerImpl.provideFields(StateManagerImpl.java:2510) at org.datanucleus.store.rdbms.request.InsertRequest.execute(InsertRequest.java:307) at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObjectInTable(RDBMSPersistenceHandler.java:162) at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObject(RDBMSPersistenceHandler.java:138) at org.datanucleus.state.StateManagerImpl.internalMakePersistent(StateManagerImpl.java:4551) at org.datanucleus.state.StateManagerImpl.makePersistent(StateManagerImpl.java:4528) at org.datanucleus.ExecutionContextImpl.persistObjectInternal(ExecutionContextImpl.java:2025) at org.datanucleus.ExecutionContextImpl.persistObjectWork(ExecutionContextImpl.java:1868) at org.datanucleus.ExecutionContextImpl.persistObject(ExecutionContextImpl.java:1723) at org.datanucleus.api.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:712) ... 11 common frames omitted 2018-07-10 17:06:51,347 [] WARN [DataNucleus.General] ExecutionContext closed with active transaction, so rolling back the active transaction

AND

2018-07-10 18:12:35,326 [] ERROR [org.owasp.dependencytrack.tasks.ScanUploadProcessingTask] Error while processing scan result javax.jdo.JDOFatalUserException: Attempt to store value "libspeex/speex.c) AM_CONFIG_HEADER([config.h]) SPEEX_MAJOR_VERSION=1 SPEEX_MINOR_VERSION=1 SPEEX_MICRO_VERSION=16 SPEEX_EXTRA_VERSION= #SPEEX_VERSION= #SPEEX_VERSION=$SPEEX_MAJOR_VERSION.$SPEEX_MINOR_VERSION.$SPEEX_MICRO_VERSION$SPEEX_EXTRA_VERSION SPEEX_VERSION="1.2rc1" SPEEX_LT_CURRENT=6 SPEEX_LT_REVISION=0 SPEEX_LT_AGE=5 AC_SUBST(SPEEX_LT_CURRENT) AC_SUBST(SPEEX_LT_REVISION) AC_SUBST(SPEEX_LT_AGE) # For automake. VERSION=$SPEEX_VERSION PACKAGE=speex AC_SUBST(SPEEX_VERSION) AM_INIT_AUTOMAKE($PACKAGE" in column ""NAME"" that has maximum length of 255. Please correct your data! at org.datanucleus.api.jdo.NucleusJDOHelper.getJDOExceptionForNucleusException(NucleusJDOHelper.java:615) at org.datanucleus.api.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:717) at org.datanucleus.api.jdo.JDOPersistenceManager.makePersistent(JDOPersistenceManager.java:738) at alpine.persistence.AbstractAlpineQueryManager.persist(AbstractAlpineQueryManager.java:374) at org.owasp.dependencytrack.persistence.QueryManager.createComponent(QueryManager.java:515) at org.owasp.dependencytrack.tasks.ScanUploadProcessingTask.processDependency(ScanUploadProcessingTask.java:114) at org.owasp.dependencytrack.tasks.ScanUploadProcessingTask.inform(ScanUploadProcessingTask.java:83) at alpine.event.framework.BaseEventService.lambda$publish$0(BaseEventService.java:87) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: org.datanucleus.exceptions.NucleusUserException: Attempt to store value "libspeex/speex.c) AM_CONFIG_HEADER([config.h]) SPEEX_MAJOR_VERSION=1 SPEEX_MINOR_VERSION=1 SPEEX_MICRO_VERSION=16 SPEEX_EXTRA_VERSION= #SPEEX_VERSION= #SPEEX_VERSION=$SPEEX_MAJOR_VERSION.$SPEEX_MINOR_VERSION.$SPEEX_MICRO_VERSION$SPEEX_EXTRA_VERSION SPEEX_VERSION="1.2rc1" SPEEX_LT_CURRENT=6 SPEEX_LT_REVISION=0 SPEEX_LT_AGE=5 AC_SUBST(SPEEX_LT_CURRENT) AC_SUBST(SPEEX_LT_REVISION) AC_SUBST(SPEEX_LT_AGE) # For automake. VERSION=$SPEEX_VERSION PACKAGE=speex AC_SUBST(SPEEX_VERSION) AM_INIT_AUTOMAKE($PACKAGE" in column ""NAME"" that has maximum length of 255. Please correct your data! at org.datanucleus.store.rdbms.mapping.datastore.CharRDBMSMapping.setString(CharRDBMSMapping.java:253) at org.datanucleus.store.rdbms.mapping.java.SingleFieldMapping.setString(SingleFieldMapping.java:180) at org.datanucleus.store.rdbms.fieldmanager.ParameterSetter.storeStringField(ParameterSetter.java:158) at org.datanucleus.state.StateManagerImpl.providedStringField(StateManagerImpl.java:1811) at org.owasp.dependencytrack.model.Component.dnProvideField(Component.java) at org.owasp.dependencytrack.model.Component.dnProvideFields(Component.java) at org.datanucleus.state.StateManagerImpl.provideFields(StateManagerImpl.java:2510) at org.datanucleus.store.rdbms.request.InsertRequest.execute(InsertRequest.java:307) at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObjectInTable(RDBMSPersistenceHandler.java:162) at org.datanucleus.store.rdbms.RDBMSPersistenceHandler.insertObject(RDBMSPersistenceHandler.java:138) at org.datanucleus.state.StateManagerImpl.internalMakePersistent(StateManagerImpl.java:4551) at org.datanucleus.state.StateManagerImpl.makePersistent(StateManagerImpl.java:4528) at org.datanucleus.ExecutionContextImpl.persistObjectInternal(ExecutionContextImpl.java:2025) at org.datanucleus.ExecutionContextImpl.persistObjectWork(ExecutionContextImpl.java:1868) at org.datanucleus.ExecutionContextImpl.persistObject(ExecutionContextImpl.java:1723) at org.datanucleus.api.jdo.JDOPersistenceManager.jdoMakePersistent(JDOPersistenceManager.java:712) ... 11 common frames omitted 2018-07-10 18:12:35,326 [] WARN [DataNucleus.General] ExecutionContext closed with active transaction, so rolling back the active transaction

stevespringett commented 6 years ago

@eastmadc Well it certainly seems that Dependency-Track came across data too big for it to fit in its schema, but in this case, the data is invalid, unwanted, and likely automatically generated through faulty logic. I'd recommend creating a ticket on the Dependency-Check project, linking to this ticket, and supply the Dependency-Check team excerpts of the XML report. It's likely an issue with one or more of the analyzers who's job it is to identify and extract data as evidence.

stevespringett commented 6 years ago

@eastmadc what is your opinion on truncating additional fields. If they were truncated, the upload and processing of the report would have been successful, but on the other hand, you'd have a bunch of data that you likely would not want. I'm not sure what's the lesser of two evils in this scenario. At a minimum, better logging is desired, but I still think failing hard and not letting the content be imported is likely the lesser of the evils. I wouldn't want to have to go back and start identifying and modifying erroneous data after its been imported. That defeats the purpose of automation.

eastmadc commented 6 years ago

@stevespringett I agree with your thoughts around keeping the existing failure behavior. I will create a ticket on the dependency-check project. If a given scan upload parse fails should any of the content be trusted before creating non-existing components? I believe the current behavior will load the components up to the point of failure.

lock[bot] commented 6 years ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.