Fix broken global vuln audit view for MSSQL

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Apache License 2.0

2.56k stars 541 forks source link

Description

Fixes broken global vulnerability audit view for MSSQL.

Tested with MSSQL, PostgreSQL, and H2.

Addressed Issue

Fixes #3692

Additional Details

MSSQL does not support DISTINCT for columns of type TEXT, which DESCRIPTION and RECOMMENDATION are.

Because the database schema is controlled by DataNucleus, and DataNucleus doesn't allow us to customize column types for specific RDBMSes, changing the respective columns to VARCHAR(MAX) is not possible.

DISTINCT was needed because finding rows are joined with the PROJECT_ACCESS_TEAMS table, to support portfolio ACLs. If a user is member of multiple teams, the query would yield a duplicate row for each permitted team the user is a member of.

The need for DISTINCT is eliminated by converting the ACL check from a LEFT JOIN to an EXISTS subquery.

Checklist

[x] I have read and understand the contributing guidelines
[x] This PR fixes a defect, and I have provided tests to verify that the fix is effective
~This PR implements an enhancement, and I have provided tests to verify that it works as intended~
~This PR introduces changes to the database model, and I have added corresponding update logic~
~This PR introduces new or alters existing behavior, and I have updated the documentation accordingly~

Coverage summary from Codacy

Coverage variation	Diff coverage
:white_check_mark: +0.02% (target: -1.00%)	:white_check_mark: 73.53% (target: 70.00%)

Coverage variation

Diff coverage

:white_check_mark: +0.02% (target: -1.00%)

:white_check_mark: 73.53% (target: 70.00%)

Coverage variation details

| | Coverable lines | Covered lines | Coverage | | ------------- | ------------- | ------------- | ------------- | | Common ancestor commit (528b8c50d61859637880201d26262f477b22579a) | 22045 | 16745 | 75.96% | | | Head commit (f15524e32c7494ba8cd54a02370a9612e5320063) | 22051 (+6) | 16753 (+8) | 75.97% (**+0.02%**) | **Coverage variation** is the difference between the coverage for the head and common ancestor commits of the pull request branch: ` - `

Diff coverage details

| | Coverable lines | Covered lines | Diff coverage | | ------------- | ------------- | ------------- | ------------- | | Pull request (#3700) | 34 | 25 | **73.53%** | **Diff coverage** is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: `/ * 100%`

_{Codacy will stop sending the deprecated coverage status from June 5th, 2024. Learn more}

DependencyTrack / dependency-track