search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.45k stars 532 forks source link

Search on group field #3749

Closed rcsilva83 closed 1 month ago

rcsilva83 commented 1 month ago

Current Behavior

When we search on the "Components" tab, it only matches the components by name. It makes the search incomplete, as some components use generic names. For example, if you search "angular" the package "@angular/core" isn't returned because "@angular" is the group and "core" is the name.

Proposed Behavior

Search by name and group so, in my example, searching "angular" would return "@angular/core" package.

Checklist

nscuro commented 1 month ago

Somewhat related to #2919.

Extending the search to include the group sounds reasonable to me though.

If anyone is interested in implementing this, the responsible code is here:

https://github.com/DependencyTrack/dependency-track/blob/6e810466e114468f2d29250519b1621924e09740/src/main/java/org/dependencytrack/persistence/ComponentQueryManager.java#L92-L96

filter will hold the value passed to the request's filter or searchText parameter.

rcsilva83 commented 1 month ago

@nscuro , are there any tests with filters? I searched on the project but I couldn't find.

Additionally, I didn't understand how the searchText query param my browser adds to the GET request is parsed on the ComponentResource endpoint. I saw it is related to AlpineRequest but I couldn't understand this code.

nscuro commented 1 month ago

Doesn't look like there are existing resource tests that use filters. But you can simply create a new one. Existing tests for the ComponentResource are located here: https://github.com/DependencyTrack/dependency-track/blob/f08a24dd4560008bd8f1aeb26bb459386e42eeb9/src/test/java/org/dependencytrack/resources/v1/ComponentResourceTest.java#L158-L161

Additionally, I didn't understand how the searchText query param my browser adds to the GET request is parsed on the ComponentResource endpoint. I saw it is related to AlpineRequest but I couldn't understand this code.

It's handled transparently by the Alpine framework. More precisely, ApiFilter, which parses common query parameters and constructs the AlpineRequest object: https://github.com/stevespringett/Alpine/blob/master/alpine-server/src/main/java/alpine/server/filters/ApiFilter.java

Filters are executed before the request reaches the *Resource classes.

The AlpineRequest object is made accessible to all *Resource classes that extend AlpineResource: https://github.com/stevespringett/Alpine/blob/3df4795e8a57f5909bceb902ba40fa26a502f532/alpine-server/src/main/java/alpine/server/resources/AlpineResource.java#L105-L112

AlpineRequest is passed to the persistence layer (QueryManager), which then makes it available for inclusion in database operations: https://github.com/DependencyTrack/dependency-track/blob/f08a24dd4560008bd8f1aeb26bb459386e42eeb9/src/main/java/org/dependencytrack/resources/v1/ComponentResource.java#L112

rcsilva83 commented 1 month ago

@nscuro done :)

github-actions[bot] commented 1 week ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.