Open aravindparappil46 opened 4 months ago
Coverage variation | Diff coverage |
---|---|
:white_check_mark: +0.00% (target: -1.00%) | :white_check_mark: 100.00% (target: 70.00%) |
Codacy will stop sending the deprecated coverage status from June 5th, 2024. Learn more
Need some help figuring out how to filter Finding by tags π€
I understand that filtering is currently done in FindingsSearchQueryManager.processFilters(), but unsure how to edit the SQL query to be able to filter by project tags.
I see that Tag is a child table of Parent, so guessing we need some LEFT JOIN magic in Finding.QUERY_ALL_FINDINGS πͺ π§
I would advise against LEFT JOIN
s for 1:N relationships like the Project
<-> Tag
one, since it will cause duplicate rows for each tag.
This should be solvable with a simple EXISTS
subquery, for example:
EXISTS (
SELECT 1
FROM "TAG"
INNER JOIN "PROJECTS_TAGS"
ON "PROJECTS_TAGS"."TAG_ID" = "TAG"."ID"
WHERE "PROJECTS_TAGS"."PROJECT_ID" = "PROJECT"."ID"
AND "TAG"."NAME" = 'foo'
)
Similar to how it's done for the portfolio ACL check:
There's also users that use the parent
construct to create a hierarchy of projects. How would that be handled? Might be a lot easier if tags can be set on findings and filter on those. The risk is that you get a LOT of tag-finding relationship entries if you have lots of findings with tag java
for example.
@valentijnscholten There's also users that use the parent construct to create a hierarchy of projects. How would that be handled?
Good question. How would you expect it to be handled? At the moment there's not a lot of "inheritance" logic for the parent-child construct.
Description
In order to display tags in the vulnerability audit page, added tags to the response of
/findings
API.Addressed Issue
Partially addresses frontend issue: https://github.com/DependencyTrack/frontend/issues/849
Additional Details
Right now, this PR just adds the
tags
to the/finding
API response (used by the Vulnerability Audit page to display it)Help Needed Need some help figuring out how to filter
Finding
bytags
π€I understand that filtering is currently done in
FindingsSearchQueryManager.processFilters()
, but unsure how to edit the SQL query to be able to filter by project tags.I see that
Tag
is a child table ofParent
, so guessing we need someLEFT JOIN
magic inFinding.QUERY_ALL_FINDINGS
πͺ π§Checklist