search

DependencyTrack / dependency-track

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
https://dependencytrack.org/
Apache License 2.0
2.69k stars 578 forks source link

Alerts not showing after migration to 4.1 because of GLOBAL_AUDIT_CHANGE #969

Open bugbouncer opened 3 years ago

bugbouncer commented 3 years ago

Current Behavior:

  1. Define an alert on Dependency Track 3.8, containing the GLOBAL_AUDIT_CHANGE group
  2. Migrate Dependency Track to 4.1
  3. Log in as administrator and navigate to Administration->Notifications-Alerts

The list of Alerts is empty. Even rules without GLOBAL_AUDIT_CHANGE are not shown. In the Developer Tools of your browser, you can see a failing AJAX request, indicating a problem with the GLOBAL_AUDIT_CHANGE rule.

Steps to Reproduce:

This happened after the migration from 3.8 to 4.1

Expected Behavior:

The List of alerts should be populated in 4.1 if Alerts were defined with Dependency Track 3.8.

Environment:

Additional Details:

The GLOBAL_AUDIT_CHANGE was removed from NotificationGroup.java

Workaround

Remove the value "GLOBAL_AUDIT_CHANGE" manually from the database in table "NOTIFICATIONRULE", column "NOTIFY_ON". The column contains a list of rules, e.g.: NEW_VULNERABILITY,NEW_VULNERABLE_DEPENDENCY,GLOBAL_AUDIT_CHANGE,PROJECT_AUDIT_CHANGE Remove the GLOBAL_AUDIT_CHANGE value to make the alerts appear again: NEW_VULNERABILITY,NEW_VULNERABLE_DEPENDENCY,PROJECT_AUDIT_CHANGE

romainvv commented 3 years ago

Hello, same here, we cannot see any alerts in the alert management screen : 08:58:10.252 ERROR [LoggableUncaughtExceptionHandler] An unknown error occurred in an asynchronous event or notification thread java.lang.IllegalArgumentException: No enum constant org.dependencytrack.notification.NotificationGroup.GLOBAL_AUDIT_CHANGE at java.base/java.lang.Enum.valueOf(Unknown Source) at org.dependencytrack.notification.NotificationGroup.valueOf(NotificationGroup.java:21) at org.dependencytrack.model.NotificationRule.getNotifyOn(NotificationRule.java:190) at org.dependencytrack.notification.NotificationRouter.limitToProject(NotificationRouter.java:154) at org.dependencytrack.notification.NotificationRouter.resolveRules(NotificationRouter.java:134) at org.dependencytrack.notification.NotificationRouter.inform(NotificationRouter.java:48) at alpine.notification.NotificationService.lambda$alertSubscriber$0(NotificationService.java:100) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.base/java.lang.Thread.run(Unknown Source)

stevespringett commented 3 years ago

Different symptom, same root cause as described in #951

romainvv commented 3 years ago

Hello, I leave the docker commands below to fix the NOTIFY_ON filed : docker exec -it dtrack-postgres psql -U postgres -d postgres -c "\dt " docker exec -it dtrack-postgres psql -U postgres -d postgres -c "SELECT * FROM \"NOTIFICATIONRULE\";" docker exec -it dtrack-postgres psql -U postgres -d postgres -c "UPDATE \"NOTIFICATIONRULE\" SET \"NOTIFY_ON\" = 'NEW_VULNERABILITY,NEW_VULNERABLE_DEPENDENCY' WHERE \"NOTIFY_ON\" IS NOT null;"

Maybe it can help someone Bye