search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.61k stars 552 forks source link

/vulnerabilityAudit - "Show inactive projects" filter is inverted #3832

Closed proteus-russ closed 3 months ago

proteus-russ commented 3 months ago

Current Behavior

If you select "Show inactive projects", it only shows active projects. If you unselect "Show inactive projects", it shows inactive projects.

Steps to Reproduce

  1. Filter by "Show inactive projects" and you will see the inverse of the selection

Expected Behavior

If you select "Show inactive projects", it should show inactive projects. If you unselect "Show inactive projects", it should not show inactive projects.

Dependency-Track Version

4.11.3

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

13.10

Browser

Google Chrome

Checklist

proteus-russ commented 3 months ago

I think the same issue may exist at /vulnerabilityAudit/grouped as well.

proteus-russ commented 3 months ago

It looks like this is the bit that is off in FindingsSearchQueryManager#getAllFindings

if (showInactive) {
    queryFilter.append(" WHERE (\"PROJECT\".\"ACTIVE\" = :active OR \"PROJECT\".\"ACTIVE\" IS NULL)");
    params.put("active", true);
}

similar in getAllFindingsGroupedByVulnerability.

github-actions[bot] commented 2 months ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.