Open ArtWachowski opened 7 months ago
@nscuro , currently their is details Column in Analysis table
Response:
The changes will involve creating new table for details which will store analysis Id, details text, and timestamp. For below details.
14 Feb 2024 at 12:15:16 Details: MY TEXT HERE
P.S. I'm not sure if Frontend is handled for this. If not, this will need to be handled separately. It will involve maintaining backward compatibility, which can be done by ensuring that analysisDetails
is present in the response. Additionally, we can introduce a new object that will contain all the new required details.
@surajbora59 This shouldn't require a new table at all.
As you found out, the details
information is already persisted, it's just that the audit trail is not properly populated.
This appears to be caused by this code:
If no Analysis
existed previously, only one comment is created. Whereas if one existed already, a comment is made for each changed field. This logic needs to be adjusted such that even in the former case, each provided field gets its own entry.
Current Behavior
I noticed that analysisDetails text is delivered as expected and populated in Details box but it is not actually "pushed" to the Audit Trail.
Steps to Reproduce
curl -k -X PUT "$BASE_URL" \ -H "Content-Type: application/json" \ -H "X-Api-Key: $API_KEY" \ -d "{ \"project\": \"$PROJECT_ID\", \"component\": \"$COMPONENT_ID\", \"vulnerability\": \"$VUUID\", \"analysisState\": \"EXPLOITABLE\", \"analysisResponse\": \"NOT_SET\", \"analysisDetails\": \"MY TEXT HERE\", \"isSuppressed\": false }"
Expected Behavior
Audit Trial should have a full record from API transaction, AnalysisState works as expected, AnalysisDetais does not.
14 Feb 2024 at 12:15:16 Analysis: NOT_SET → EXPLOITABLE
14 Feb 2024 at 12:15:16 Details: MY TEXT HERE
Dependency-Track Version
4.9.x
Dependency-Track Distribution
Container Image
Database Server
PostgreSQL
Database Server Version
No response
Browser
Google Chrome
Checklist