search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.58k stars 542 forks source link

Something wrong with ComponentAgePolicyEvaluator and/or -Test #2459

Open malice00 opened 1 year ago

malice00 commented 1 year ago

Current Behavior

While working on another issue, I ran all tests and at some point the tests for the ComponentAgePolicyEvaluator started failing. I can't say the exact time it starts, but at midnight (my computer has TZ Europe/Vienna) the tests started working again!?

I suspect somewhere in there, there might be some issues with TimeZones or something similar. If it's the tests themselves, it's not a big issue, but if it's the evaluator, results may be incorrect, depending on when evaluation takes place!

Steps to Reproduce

  1. Hard to say -- pretty sure the tests fail at least between 11pm and midnight in Timezone Europe/Vienna, but it might be longer than this 1 hour as well...

Expected Behavior

Tests succeed, no matter what time it is.

Dependency-Track Version

4.8.0-SNAPSHOT

Dependency-Track Distribution

Executable WAR

Database Server

N/A

Database Server Version

No response

Browser

Mozilla Firefox

Checklist

malice00 commented 1 year ago

I've had time to check it some more: currently I am in CEST and the tests are off between 11pm and midnight.

What exactly is the definition of the age-condition supposed to be? Should the time be included in the check or is it supposed to compare to eg 'start of day' in whatever timezone the server is running?