search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.61k stars 553 forks source link

NotificationService crashes with PSQLException: column list index is out of range: 1, number of columns: 0. #2061

Closed oddcb closed 1 month ago

oddcb commented 1 year ago

Current Behavior:

After restarting the api-server it starts updating itself with Github Advisories, OSV etc. After completing the update it crashes: 

(...)
2022-10-18 08:09:53,145 INFO [GitHubAdvisoryMirrorTask] Updating datasource with GitHub advisories
2022-10-18 08:09:56,198 INFO [GitHubAdvisoryMirrorTask] GitHub Advisory mirroring complete
2022-10-18 08:09:56,198 INFO [GitHubAdvisoryMirrorTask] Time spent (total): 482040ms
2022-10-18 08:09:56,208 ERROR [LoggableUncaughtExceptionHandler] An unknown error occurred in an asynchronous event or notification thread
javax.jdo.JDODataStoreException: Cannot set String parameter: value = SYSTEM for column "" : The column index is out of range: 1, number of columns: 0.
        at org.datanucleus.api.jdo.JDOAdapter.getJDOExceptionForNucleusException(JDOAdapter.java:605)
        at org.datanucleus.api.jdo.JDOQuery.executeInternal(JDOQuery.java:456)
        at org.datanucleus.api.jdo.JDOQuery.execute(JDOQuery.java:276)
        at org.dependencytrack.notification.NotificationRouter.resolveRules(NotificationRouter.java:147)
        at org.dependencytrack.notification.NotificationRouter.inform(NotificationRouter.java:56)
        at alpine.notification.NotificationService.lambda$alertSubscriber$0(NotificationService.java:110)
        at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
        at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.base/java.lang.Thread.run(Unknown Source)
Caused by: org.postgresql.util.PSQLException: The column index is out of range: 1, number of columns: 0.
        at org.postgresql.core.v3.SimpleParameterList.bind(SimpleParameterList.java:70)
        at org.postgresql.core.v3.SimpleParameterList.setStringParameter(SimpleParameterList.java:133)
        at org.postgresql.jdbc.PgPreparedStatement.bindString(PgPreparedStatement.java:1099)
        at org.postgresql.jdbc.PgPreparedStatement.setString(PgPreparedStatement.java:387)
        at org.postgresql.jdbc.PgPreparedStatement.setString(PgPreparedStatement.java:373)
        at com.zaxxer.hikari.pool.HikariProxyPreparedStatement.setString(HikariProxyPreparedStatement.java)
        at org.datanucleus.store.rdbms.mapping.column.CharColumnMapping.setString(CharColumnMapping.java:261)
        at org.datanucleus.store.rdbms.mapping.java.EnumMapping.setObject(EnumMapping.java:170)
        at org.datanucleus.store.rdbms.sql.SQLStatementHelper.applyParametersToStatement(SQLStatementHelper.java:311)
        at org.datanucleus.store.rdbms.query.BulkFetchHandler.applyParametersToStatement(BulkFetchHandler.java:99)
        at org.datanucleus.store.rdbms.query.JDOQLQuery.performExecute(JDOQLQuery.java:715)
        at org.datanucleus.store.query.Query.executeQuery(Query.java:2004)
        at org.datanucleus.store.query.Query.executeWithArray(Query.java:1893)
        at org.datanucleus.api.jdo.JDOQuery.executeInternal(JDOQuery.java:433)
        ... 7 common frames omitted

I have no notifications defined through the UI:

Skjermbilde 2022-10-18 kl 10 31 35

This instance was updated from 4.5.0 to 4.6.0 and then 4.6.1.

PG-version is 14.3-1.pgdg110+1 from postgres:14.3-bullseye@sha256:c976fe9355f53fd93c087e0875be401ad19fa5c3c894b5ae44c03ae9c573cbba

Environment:

Additional Details:

(e.g. detailed explanation, stacktraces, related issues, suggestions how to fix, links for us to have context, eg. stackoverflow, gitter, etc)

nscuro commented 1 year ago

I just saw this too during local testing, however I am unable to reproduce it again. I tried multiple times, but it does not reoccur.

I suspect this is a bug in the query compilation of the ORM we use, but I'd need a reproducible setup in order to verify.

Put this as p3 for now, as the exception does not have an impact, other than the notification not being sent. If you did not configure an alert for SYSTEM -> DATASOURCE_MIRRORING, the defect will not affect you at all.

nscuro commented 3 months ago

Found the issue and proposed a fix to the ORM project (https://github.com/datanucleus/datanucleus-rdbms/issues/491). This is blocked until the fix is accepted and a new version is released.

nscuro commented 3 months ago

Fix was accepted, now waiting for a new DataNucleus release.

nscuro commented 1 month ago

Fix was released with DataNucleus 6.0.8.

github-actions[bot] commented 6 days ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.