Bump Alpine to 2.2.6-SNAPSHOT

Signed-off-by: nscuro <nscuro@protonmail.com>
MM-msr · Jun 18, 2024 · 2b63328 · 2b63328
1 parent 6b65024
commit 2b63328
Show file tree

Hide file tree

Showing 13 changed files with 23 additions and 73 deletions.
diff --git a/pom.xml b/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>us.springett</groupId>
         <artifactId>alpine-parent</artifactId>
-        <version>2.2.5</version>
+        <version>2.2.6-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

diff --git a/src/main/java/org/dependencytrack/model/ProjectProperty.java b/src/main/java/org/dependencytrack/model/ProjectProperty.java
@@ -56,6 +56,7 @@ public class ProjectProperty implements IConfigProperty, Serializable {
 
     @Persistent
     @Column(name = "PROJECT_ID", allowsNull = "false")
+    @JsonIgnore
     private Project project;
 
     @Persistent

diff --git a/src/main/java/org/dependencytrack/persistence/QueryManager.java b/src/main/java/org/dependencytrack/persistence/QueryManager.java
@@ -98,9 +98,6 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
-import java.util.function.Consumer;
-import java.util.function.Function;
-import java.util.function.Supplier;
 
 /**
  * This QueryManager provides a concrete extension of {@link AlpineQueryManager} by
@@ -1454,59 +1451,6 @@ public <T> Query<T> getObjectsByUuidsQuery(final Class<T> clazz, final List<UUID
         return query;
     }
 
-    /**
-     * Convenience method to execute a given {@link Runnable} within the context of a {@link Transaction}.
-     * <p>
-     * Eventually, this may be moved to {@link alpine.persistence.AbstractAlpineQueryManager}.
-     *
-     * @param runnable The {@link Runnable} to execute
-     * @since 4.6.0
-     */
-    public void runInTransaction(final Runnable runnable) {
-        runInTransaction((Function<Transaction, Void>) trx -> {
-            runnable.run();
-            return null;
-        });
-    }
-
-    public void runInTransaction(final Consumer<Transaction> consumer) {
-        runInTransaction((Function<Transaction, Void>) trx -> {
-            consumer.accept(trx);
-            return null;
-        });
-    }
-
-    /**
-     * Convenience method to execute a given {@link Supplier} within the context of a {@link Transaction}.
-     * <p>
-     * Eventually, this may be moved to {@link alpine.persistence.AbstractAlpineQueryManager}.
-     *
-     * @param supplier The {@link Supplier} to execute
-     * @since 4.9.0
-     */
-    public <T> T runInTransaction(final Supplier<T> supplier) {
-        return runInTransaction((Function<Transaction, T>) trx -> supplier.get());
-    }
-
-    public <T> T runInTransaction(final Function<Transaction, T> function) {
-        final Transaction trx = pm.currentTransaction();
-        final boolean isJoiningExisting = trx.isActive();
-        try {
-            if (!isJoiningExisting) {
-                trx.begin();
-            }
-            final T result = function.apply(trx);
-            if (!isJoiningExisting) {
-                trx.commit();
-            }
-            return result;
-        } finally {
-            if (!isJoiningExisting && trx.isActive()) {
-                trx.rollback();
-            }
-        }
-    }
-
     /**
      * Convenience method to ensure that any active transaction is rolled back.
      * <p>

diff --git a/src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java b/src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java
@@ -564,7 +564,7 @@ public List<AffectedProject> getAffectedProjects(Vulnerability vulnerability) {
     }
 
     public synchronized VulnerabilityAlias synchronizeVulnerabilityAlias(final VulnerabilityAlias alias) {
-        return runInTransaction(() -> {
+        return callInTransaction(() -> {
             // Query existing aliases that match AT LEAST ONE identifier of the given alias.
             //
             // For each data source, we want to know the existing aliases where the respective identifier either:

diff --git a/src/main/java/org/dependencytrack/resources/v1/TeamResource.java b/src/main/java/org/dependencytrack/resources/v1/TeamResource.java
@@ -272,7 +272,7 @@ public Response updateApiKeyComment(@PathParam("key") final String key,
         try (final var qm = new QueryManager()) {
             qm.getPersistenceManager().setProperty(PROPERTY_RETAIN_VALUES, "true");
 
-            return qm.runInTransaction(() -> {
+            return qm.callInTransaction(() -> {
                 final ApiKey apiKey = qm.getApiKey(key);
                 if (apiKey == null) {
                     return Response

diff --git a/src/main/java/org/dependencytrack/tasks/AbstractNistMirrorTask.java b/src/main/java/org/dependencytrack/tasks/AbstractNistMirrorTask.java
@@ -19,6 +19,7 @@
 package org.dependencytrack.tasks;
 
 import alpine.common.logging.Logger;
+import alpine.persistence.Transaction;
 import org.dependencytrack.model.AffectedVersionAttribution;
 import org.dependencytrack.model.Vulnerability;
 import org.dependencytrack.model.VulnerableSoftware;
@@ -46,9 +47,7 @@ abstract class AbstractNistMirrorTask {
     Vulnerability synchronizeVulnerability(final QueryManager qm, final Vulnerability vuln) {
         PersistenceUtil.assertNonPersistent(vuln, "vuln must not be persistent");
 
-        return qm.runInTransaction(trx -> {
-            trx.setSerializeRead(true); // SELECT ... FOR UPDATE
-
+        return qm.callInTransaction(Transaction.defaultOptions().withSerializeRead(true), () -> {
             Vulnerability persistentVuln = getVulnerabilityByCveId(qm, vuln.getVulnId());
             if (persistentVuln == null) {
                 persistentVuln = qm.getPersistenceManager().makePersistent(vuln);
@@ -70,9 +69,7 @@ void synchronizeVulnerableSoftware(final QueryManager qm, final Vulnerability pe
         assertPersistent(persistentVuln, "vuln must be persistent");
         assertNonPersistentAll(vsList, "vsList must not be persistent");
 
-        qm.runInTransaction(tx -> {
-            tx.setSerializeRead(false);
-
+        qm.runInTransaction(() -> {
             // Get all VulnerableSoftware records that are currently associated with the vulnerability.
             // Note: For SOME ODD REASON, duplicate (as in, same database ID and all) VulnerableSoftware
             // records are returned, when operating on data that was originally created by the feed-based

diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml
@@ -1,6 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <configuration scan="true">
 
+    <statusListener class="ch.qos.logback.core.status.NopStatusListener"/>
+
     <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
         <file>${user.home}/.dependency-track/dependency-track.log</file>
         <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">

diff --git a/src/test/java/org/dependencytrack/persistence/DefaultObjectGeneratorTest.java b/src/test/java/org/dependencytrack/persistence/DefaultObjectGeneratorTest.java
@@ -68,7 +68,7 @@ public void testLoadDefaultLicensesUpdatesExistingLicenses() throws Exception {
         method.setAccessible(true);
         method.invoke(generator);
 
-        qm.getPersistenceManager().refresh(license);
+        qm.getPersistenceManager().evictAll();
         assertThat(license.getLicenseId()).isEqualTo("LGPL-2.1+");
         assertThat(license.getName()).isEqualTo("GNU Lesser General Public License v2.1 or later");
         assertThat(license.getComment()).isNotEqualTo("comment");

diff --git a/src/test/java/org/dependencytrack/resources/v1/ProjectResourceTest.java b/src/test/java/org/dependencytrack/resources/v1/ProjectResourceTest.java
@@ -695,7 +695,8 @@ public void patchProjectSuccessfullyPatchedTest() {
                               "name": "tag4"
                             }
                           ],
-                          "active": false
+                          "active": false,
+                          "children": []
                         }
                         """);
     }
@@ -772,7 +773,7 @@ public void patchProjectParentTest() {
                         """);
 
         // Ensure the parent was updated.
-        qm.getPersistenceManager().refresh(project);
+        qm.getPersistenceManager().evictAll();
         assertThat(project.getParent()).isNotNull();
         assertThat(project.getParent().getUuid()).isEqualTo(newParent.getUuid());
     }
@@ -797,7 +798,7 @@ public void patchProjectParentNotFoundTest() {
         assertThat(getPlainTextBody(response)).isEqualTo("The UUID of the parent project could not be found.");
 
         // Ensure the parent was not modified.
-        qm.getPersistenceManager().refresh(project);
+        qm.getPersistenceManager().evictAll();
         assertThat(project.getParent()).isNotNull();
         assertThat(project.getParent().getUuid()).isEqualTo(parent.getUuid());
     }

diff --git a/src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java b/src/test/java/org/dependencytrack/resources/v1/VulnerabilityResourceTest.java
@@ -320,7 +320,7 @@ public void createVulnerabilityTest() {
         Assert.assertEquals(2.8, json.getJsonNumber("cvssV3ExploitabilitySubScore").doubleValue(), 0);
         Assert.assertEquals("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", json.getString("cvssV3Vector"));
         Assert.assertEquals(1.0, json.getJsonNumber("owaspRRLikelihoodScore").doubleValue(), 0);
-        Assert.assertEquals(1.3, json.getJsonNumber("owaspRRTechnicalImpactScore").doubleValue(), 0);
+        Assert.assertEquals(1.25, json.getJsonNumber("owaspRRTechnicalImpactScore").doubleValue(), 0);
         Assert.assertEquals(1.8, json.getJsonNumber("owaspRRBusinessImpactScore").doubleValue(), 0);
         Assert.assertEquals("SL:1/M:1/O:0/S:2/ED:1/EE:1/A:1/ID:1/LC:2/LI:1/LAV:1/LAC:1/FD:1/RD:1/NC:2/PV:3", json.getString("owaspRRVector"));
         Assert.assertEquals("MEDIUM", json.getString("severity"));
@@ -448,7 +448,7 @@ public void updateVulnerabilityTest() {
         Assert.assertEquals(3.4, json.getJsonNumber("cvssV3ImpactSubScore").doubleValue(), 0);
         Assert.assertEquals(2.8, json.getJsonNumber("cvssV3ExploitabilitySubScore").doubleValue(), 0);
         Assert.assertEquals(1.0, json.getJsonNumber("owaspRRLikelihoodScore").doubleValue(), 0);
-        Assert.assertEquals(1.3, json.getJsonNumber("owaspRRTechnicalImpactScore").doubleValue(), 0);
+        Assert.assertEquals(1.25, json.getJsonNumber("owaspRRTechnicalImpactScore").doubleValue(), 0);
         Assert.assertEquals(1.8, json.getJsonNumber("owaspRRBusinessImpactScore").doubleValue(), 0);
         Assert.assertEquals("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", json.getString("cvssV3Vector"));
         Assert.assertEquals("SL:1/M:1/O:0/S:2/ED:1/EE:1/A:1/ID:1/LC:2/LI:1/LAV:1/LAC:1/FD:1/RD:1/NC:2/PV:3", json.getString("owaspRRVector"));

diff --git a/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java b/src/test/java/org/dependencytrack/tasks/BomUploadProcessingTaskTest.java
@@ -455,6 +455,9 @@ public void informWithExistingDuplicateComponentsTest() {
         componentB.setVersion("2.0.0");
         qm.persist(componentB);
 
+        final Component transientComponentA = qm.makeTransient(componentA);
+        final Component transientComponentB = qm.makeTransient(componentB);
+
         final byte[] bomBytes = """
                 {
                   "bomFormat": "CycloneDX",
@@ -494,15 +497,15 @@ public void informWithExistingDuplicateComponentsTest() {
                     assertThat(indexEvent.getIndexableClass()).isEqualTo(Component.class);
                     assertThat(indexEvent.getAction()).isEqualTo(IndexEvent.Action.UPDATE);
                     final var searchDoc = (ComponentDocument) indexEvent.getDocument();
-                    assertThat(searchDoc.uuid()).isEqualTo(componentA.getUuid());
+                    assertThat(searchDoc.uuid()).isEqualTo(transientComponentA.getUuid());
                 },
                 event -> {
                     assertThat(event).isInstanceOf(IndexEvent.class);
                     final var indexEvent = (IndexEvent) event;
                     assertThat(indexEvent.getIndexableClass()).isEqualTo(Component.class);
                     assertThat(indexEvent.getAction()).isEqualTo(IndexEvent.Action.DELETE);
                     final var searchDoc = (ComponentDocument) indexEvent.getDocument();
-                    assertThat(searchDoc.uuid()).isEqualTo(componentB.getUuid());
+                    assertThat(searchDoc.uuid()).isEqualTo(transientComponentB.getUuid());
                 },
                 event -> {
                     assertThat(event).isInstanceOf(IndexEvent.class);

diff --git a/src/test/java/org/dependencytrack/tasks/GitHubAdvisoryMirrorTaskTest.java b/src/test/java/org/dependencytrack/tasks/GitHubAdvisoryMirrorTaskTest.java
@@ -188,6 +188,7 @@ public void testUpdateDatasourceVulnerableVersionRanges() {
         final var task = new GitHubAdvisoryMirrorTask();
         task.updateDatasource(List.of(ghAdvisory));
 
+        qm.getPersistenceManager().evictAll();
         final Vulnerability vuln = qm.getVulnerabilityByVulnId(Source.GITHUB, "GHSA-57j2-w4cx-62h2");
         assertThat(vuln).isNotNull();
 

diff --git a/src/test/java/org/dependencytrack/tasks/OsvDownloadTaskTest.java b/src/test/java/org/dependencytrack/tasks/OsvDownloadTaskTest.java
@@ -285,6 +285,7 @@ public void testUpdateDatasourceVulnerableVersionRanges() {
                  }
                 """)));
 
+        qm.getPersistenceManager().evictAll();
         final Vulnerability vuln = qm.getVulnerabilityByVulnId(Vulnerability.Source.GITHUB, "GHSA-57j2-w4cx-62h2");
         assertThat(vuln).isNotNull();
-Original file line number
+Diff line change
@@ Expand Up / @@ -285,6 +285,7 @@ public void testUpdateDatasourceVulnerableVersionRanges() { @@
                      }
                     """)));
+            qm.getPersistenceManager().evictAll();
             final Vulnerability vuln = qm.getVulnerabilityByVulnId(Vulnerability.Source.GITHUB, "GHSA-57j2-w4cx-62h2");
             assertThat(vuln).isNotNull();
@@ Expand Down @@