search

trustification / trustify

Apache License 2.0
10 stars 19 forks source link

The upload fails for the ds1 SBOM ubi9-9.3-782.json #816

Closed PhilipCattanach closed 1 month ago

PhilipCattanach commented 1 month ago

Running trustify locally in PM Mode.

Upload request for ubi9-9.3-782.json failed with a status code of 400

The other SBOMs within the ds1 dataset appear to have been uploaded successfully Screenshot and the extract from the log are attached. UploadFailure TrustifyLogUploadError.txt

helio-frota commented 1 month ago

I found a similar 400 but then I noticed I was in advisories page...

And the back-end shows this clear message:

    UnsupportedFormat(
        "Unable to detect advisory format; only CSAF, CVE, and OSV are supported",
    ),
helio-frota commented 1 month ago

2024-09-17_12-38

helio-frota commented 1 month ago

/me downloaded the log file and not able to find the 400 error :man_shrugging: 

➜  Downloads rg "200 " TrustifyLogUploadError.txt
1:2024-09-17T15:09:25.624921Z  INFO actix_web::middleware::logger: ::1 "GET /api/v1/sbom?limit=10&offset=0&sort=published:asc HTTP/1.1" 200 3115 "http://localhost:8080/sboms" "Mozilla/5.0 (X11; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0" 0.045210
47:2024-09-17T15:09:28.387769Z  INFO actix_web::middleware::logger: ::1 "GET /api/v1/sbom?limit=10&offset=0&sort=published:asc HTTP/1.1" 200 3545 "http://localhost:8080/sboms" "Mozilla/5.0 (X11; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0" 0.054015
48:2024-09-17T15:09:28.569723Z  INFO actix_web::middleware::logger: ::1 "GET /api/v1/sbom/urn:uuid:01920088-07db-7ae1-8741-f80fc6fd4324/packages?limit=1&offset=0 HTTP/1.1" 200 297 "http://localhost:8080/sboms" "Mozilla/5.0 (X11; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0" 0.125631
➜  Downloads rg "400 " TrustifyLogUploadError.txt
➜  Downloads
ctron commented 1 month ago

I just tried to upload ds1, and it works for me:

"spdx/ubi9-9.3-782.json.bz2": {
  "document_id": "https://access.redhat.com/security/data/sbom/beta/spdx/ubi9-container-f8098ef8-eee0-4ee6-b5d1-b00d992adef5",
  "id": "urn:uuid:019203e8-d12a-7721-932f-4362c62c4013"
},

And according to the uploaded log, it succeeds for you as well:

2024-09-17T15:09:28.328983Z  INFO actix_web::middleware::logger: ::1 "POST /api/v1/sbom HTTP/1.1" 201 138 "http://localhost:8080/sboms" "Mozilla/5.0 (X11; Linux x86_64; rv:130.0) Gecko/20100101 Firefox/130.0" 0.524177

@carlosthe19916 Could that be a UI issue?

ctron commented 1 month ago

Just tried the same way with the UI: image

ctron commented 1 month ago

Ok, I created a unit test, uploading multiple sboms in parallel and can see the "deadlock" issue then too. I assume that's the case there as well, as the document itself ingests fine.

Duplicate of: https://github.com/trustification/trustify/issues/817

ctron commented 1 month ago

Duplicate of: https://github.com/trustification/trustify/issues/817