search

denimgroup / threadfix

ThreadFix is a software vulnerability management platform. This GitHub site is far out of date. Please go to www.threadfix.it for up-to-date information.
339 stars 127 forks source link

Non-serializable attribute defectViewModel #1782

Open adetlefsen-rms opened 7 years ago

adetlefsen-rms commented 7 years ago

I get the following error when attempting to view a previously configured Application, e.g. at:

http://localhost:8080/threadfix-main/organizations/1/applications/1?nonce=XXXXXXXXX

Commit: 9892390
Diagnostics: 120 megabytes memory available out of 507 megabytes. 308 gigabytes disk space available.

java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute with name defectViewModel
    at org.apache.catalina.session.ManagerBase.checkSessionAttribute(ManagerBase.java:835)
    at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1841)
    at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:178)
    at org.springframework.web.context.request.ServletRequestAttributes.setAttribute(ServletRequestAttributes.java:163)
    at org.springframework.web.bind.support.DefaultSessionAttributeStore.storeAttribute(DefaultSessionAttributeStore.java:55)
    at org.springframework.web.method.annotation.SessionAttributesHandler.storeAttributes(SessionAttributesHandler.java:124)
    at org.springframework.web.method.annotation.ModelFactory.updateModel(ModelFactory.java:232)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.getModelAndView(RequestMappingHandlerAdapter.java:877)
[...etc...]

It appears that the class com.denimgroup.threadfix.viewmodels.DefectViewModel does not implement the interface java.io.Serializable.

adetlefsen-rms commented 7 years ago

Why is this closed? The related pull request #1783 hasn't been merged and the issue still exists.

dancornell commented 7 years ago

Let me check why this got closed out. We have a bot that does some syncing between our internal JIRA and external GitHub and that might be responsible.

Also we're working to get the pull requests here addressed. We are in the process of reworking how we do maintenance of the ThreadFix 2.3 Community codebase and how we release a bunch of updates we have made to that codebase and that has made it tough for us to accept pull requests at the moment. Really appreciate you sending in the patch you sent - I hope we can get it incorporated soon.

augustd commented 7 years ago

What's the word on this? I am also working on a patch for #1780 but I want to make sure I am working from the latest code so I know it can be accepted into the main branch.

dancornell commented 7 years ago

Best case we are probably a month and a half from the public release of the updated codebase. The current pull request is pretty easy to port to an updated codebase. Updates pertaining to #1780 will be a little trickier. Lemme talk to the team about the best way to integrate some updates like that. (Sorry this is a bit of a pain - lots of moving parts at the moment.)