Current situation: When a project is defined in SecHub without having a whitelist entr

Current workaround is to always add a dummy entry - e.g. "<a href="http://example.com"

Projects only doing codescan but have no whitelist entry throw NPE about sechub HOT 3 CLOSED

de-jcup commented on May 30, 2024

Projects only doing codescan but have no whitelist entry throw NPE

from sechub.

Comments (3)

de-jcup commented on May 30, 2024

Current workaround is to always add a dummy entry - e.g. "http://example.com" as whitelist entry

from sechub.

de-jcup commented on May 30, 2024

Hmm.. tried out old version (0.10.3) and there tests do not fail but there was an error

After trying out to create a project I found a way to reproduce the problem:

create some testdata

start scenario2 integration test.
copy the executed command (contains generated api tokens for scenario2_user1)

now create a new project by DeveloperAdmin UI:

name "testproject"
description "xxx"
user: scenario2_user1
whitelist: at first dialog just press OK on next dialog do the cancel (exact this way)

assign scenario2_user1 to the project.
execute a normal scan

use copied command from 1 and replace "scanAsync" with "scan". Also change project to "testproject" and start

You will receive a 500 error message at client side.
On server side a NPE has occurred :

java.lang.NullPointerException: null
	at com.daimler.sechub.domain.schedule.whitelist.ProjectWhiteListSecHubConfigurationValidationService.fetchAllowedUris(ProjectWhiteListSecHubConfigurationValidationService.java:69) ~[main/:na]
	at 
...

from sechub.

de-jcup commented on May 30, 2024

There is another problem: When adding something not being valid (e.g. the empty entry in former first white list dialog) we cannot delete the project any longer:

org.h2.jdbc.JdbcSQLException: Referential integrity constraint violation: "C04_ADM_PROJECTWHITELIST_PROJECT_ID: PUBLIC.ADM_PROJECT_WHITELIST_URI FOREIGN KEY(PROJECT_PROJECT_ID) REFERENCES PUBLIC.ADM_PROJECT(PROJECT_ID) ('testproject')"; SQL statement:
delete from adm_project where project_id=? and version=? [23503-197]
	at org.h2.message.DbException.getJdbcSQLException(DbException.java:357) ~[h2-1.4.197.jar:1.4.197]
...
	at com.daimler.sechub.domain.administration.project.ProjectDeleteService.deletProject(ProjectDeleteService.java:42) ~[main/:na]
	at com.daimler.sechub.domain.administration.project.ProjectDeleteService$$FastClassBySpringCGLIB$$b95f38d3.invoke(<generated>) ~[main/:na]
...

Updating the white list by an dummy entry like "https://www.example.com" did solve the problem and admin ui /service was able to delete the project then.

This did also prevent execution of IntegrationTests for the test scenario where used user was created!

from sechub.

Recommend Projects