Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expanding graph node: "A is undefined" #966

Open
2 tasks done
rkg-mm opened this issue Aug 10, 2024 · 4 comments
Open
2 tasks done

Expanding graph node: "A is undefined" #966

rkg-mm opened this issue Aug 10, 2024 · 4 comments
Labels
defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort

Comments

@rkg-mm
Copy link
Contributor

rkg-mm commented Aug 10, 2024
edited
Loading

Current Behavior

I have a project which seems to break the frontend graph. Can't share the SBOM unfortunately, but maybe we can identify the failure anyway or at least add some error handling to that place.

The map "a" here doesn't contain the UUID of the component that is tried to read from it, resulting in A being undefined in the next line.

image

It's an SBOM produced by cdxgen from a complex android app using gradle.

Steps to Reproduce

  1. Open a specific project with unknown triggering conditions
  2. Open Graph, root + 1st level shows fine
  3. Expand any 2nd level by clicking "+"
  4. Wait mouse icon on that "+" never goes away, graph doesn't open and error in console as shown above.

Expected Behavior

Should expand the graph.

Dependency-Track Frontend Version

4.11.4

Browser

Mozilla Firefox

Browser Version

No response

Operating System

Windows

Checklist
@rkg-mm rkg-mm added defect Something isn't working in triage labels Aug 10, 2024
@rkg-mm
Copy link
Contributor Author

rkg-mm commented Aug 10, 2024

Should be this code line:

frontend/src/views/portfolio/projects/ProjectDependencyGraph.vue

Line 500 in 0eb71eb

let treeNode = treeNodeMap.get(dependency.uuid);

@nscuro nscuro added p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort and removed in triage labels Aug 10, 2024
@nscuro
Copy link
Member

nscuro commented Aug 10, 2024
edited
Loading

Seems like a rather simple thing to fix with an additional null / undefined check. Question is, how do we handle this?

I'm thinking displaying a red, or otherwise highlighted node, to point out this issue would be preferable over a simple warning popup.

Also, BOM Upload Processing V2 should log a warning when it encounters "broken" dependency graphs: https://github.com/DependencyTrack/dependency-track/blob/122039a5d1bee1156cdef93f5a2fc5f1015959bc/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTaskV2.java#L657-L660. Would be interesting if it catches this specific issue.

@rkg-mm
Copy link
Contributor Author

rkg-mm commented Aug 10, 2024

I'm thinking displaying a red, or otherwise highlighted node, to point out this issue would be preferable over a simple warning popup.

Probably best, with some mouseover information?

Also, BOM Upload Processing V2 should log a warning when it encounters "broken" dependency graphs: https://github.com/DependencyTrack/dependency-track/blob/122039a5d1bee1156cdef93f5a2fc5f1015959bc/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTaskV2.java#L657-L660. Would be interesting if it catches this specific issue.

Doesn't seem like it catched it:

2024-08-10 16:53:40,801 [] INFO [org.dependencytrack.tasks.BomUploadProcessingTaskV2] Consuming uploaded BOM [bomSerialNumber=faff1de0-ff24-4ae1-b3b3-8b384dcbd618, bomFormat=CycloneDX, bomUploadToken=f466963e-aee2-46e7-8c0d-89b89863844d, projectName=redacted, bomSpecVersion=1.5, projectUuid=9de39327-deb4-4904-a0a2-e0548c89b346, projectVersion=null, bomVersion=1]
2024-08-10 16:53:40,807 [] INFO [org.dependencytrack.tasks.BomUploadProcessingTaskV2] Consumed 183 components (183 before de-duplication), 0 services (0 before de-duplication), and 123 dependency graph entries [bomSerialNumber=faff1de0-ff24-4ae1-b3b3-8b384dcbd618, bomFormat=CycloneDX, bomUploadToken=f466963e-aee2-46e7-8c0d-89b89863844d, projectName=redacted, bomSpecVersion=1.5, projectUuid=9de39327-deb4-4904-a0a2-e0548c89b346, projectVersion=null, bomVersion=1]
2024-08-10 16:53:40,833 [] INFO [org.dependencytrack.tasks.BomUploadProcessingTaskV2] Processing 183 components [bomSerialNumber=faff1de0-ff24-4ae1-b3b3-8b384dcbd618, bomFormat=CycloneDX, bomUploadToken=f466963e-aee2-46e7-8c0d-89b89863844d, projectName=redacted, bomSpecVersion=1.5, projectUuid=9de39327-deb4-4904-a0a2-e0548c89b346, projectVersion=null, bomVersion=1]
2024-08-10 16:53:42,716 [] INFO [org.dependencytrack.tasks.BomUploadProcessingTaskV2] Processing 0 services [bomSerialNumber=faff1de0-ff24-4ae1-b3b3-8b384dcbd618, bomFormat=CycloneDX, bomUploadToken=f466963e-aee2-46e7-8c0d-89b89863844d, projectName=redacted, bomSpecVersion=1.5, projectUuid=9de39327-deb4-4904-a0a2-e0548c89b346, projectVersion=null, bomVersion=1]
2024-08-10 16:53:42,719 [] INFO [org.dependencytrack.tasks.BomUploadProcessingTaskV2] Processing 123 dependency graph entries [bomSerialNumber=faff1de0-ff24-4ae1-b3b3-8b384dcbd618, bomFormat=CycloneDX, bomUploadToken=f466963e-aee2-46e7-8c0d-89b89863844d, projectName=redacted, bomSpecVersion=1.5, projectUuid=9de39327-deb4-4904-a0a2-e0548c89b346, projectVersion=null, bomVersion=1]
2024-08-10 16:53:42,987 [] INFO [org.dependencytrack.tasks.BomUploadProcessingTaskV2] BOM processed successfully in 00:00:02.208 [bomSerialNumber=faff1de0-ff24-4ae1-b3b3-8b384dcbd618, bomFormat=CycloneDX, bomUploadToken=f466963e-aee2-46e7-8c0d-89b89863844d, projectName=redacted, bomSpecVersion=1.5, projectUuid=9de39327-deb4-4904-a0a2-e0548c89b346, projectVersion=null, bomVersion=1]
2024-08-10 16:53:42,992 [] INFO [org.dependencytrack.tasks.repositories.RepositoryMetaAnalyzerTask] Performing component repository metadata analysis against 183 components
2024-08-10 16:53:44,474 [] INFO [org.dependencytrack.tasks.scanners.InternalAnalysisTask] Starting internal analysis task

@msymons
Copy link
Member

msymons commented Aug 12, 2024
edited
Loading

I'm thinking displaying a red, or otherwise highlighted node, to point out this issue would be preferable over a simple warning popup.

I do not think that colour should be used (or, not colour alone) as Dependency-Track has a requirement to be accessible.

Is the way that we use mouseover in DT compatible with accessibility requirements?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@msymons @nscuro @rkg-mm