Comments (3)
Current workaround is to always add a dummy entry - e.g. "http://example.com" as whitelist entry
from sechub.
Hmm.. tried out old version (0.10.3) and there tests do not fail but there was an error
After trying out to create a project I found a way to reproduce the problem:
- create some testdata
- start scenario2 integration test.
- copy the executed command (contains generated api tokens for scenario2_user1)
- now create a new project by DeveloperAdmin UI:
- name "testproject"
- description "xxx"
- user: scenario2_user1
- whitelist: at first dialog just press OK on next dialog do the cancel (exact this way)
- assign scenario2_user1 to the project.
- execute a normal scan
- use copied command from 1 and replace "scanAsync" with "scan". Also change project to "testproject" and start
You will receive a 500 error message at client side.
On server side a NPE has occurred :
java.lang.NullPointerException: null
at com.daimler.sechub.domain.schedule.whitelist.ProjectWhiteListSecHubConfigurationValidationService.fetchAllowedUris(ProjectWhiteListSecHubConfigurationValidationService.java:69) ~[main/:na]
at
...
from sechub.
There is another problem: When adding something not being valid (e.g. the empty entry in former first white list dialog) we cannot delete the project any longer:
org.h2.jdbc.JdbcSQLException: Referential integrity constraint violation: "C04_ADM_PROJECTWHITELIST_PROJECT_ID: PUBLIC.ADM_PROJECT_WHITELIST_URI FOREIGN KEY(PROJECT_PROJECT_ID) REFERENCES PUBLIC.ADM_PROJECT(PROJECT_ID) ('testproject')"; SQL statement:
delete from adm_project where project_id=? and version=? [23503-197]
at org.h2.message.DbException.getJdbcSQLException(DbException.java:357) ~[h2-1.4.197.jar:1.4.197]
...
at com.daimler.sechub.domain.administration.project.ProjectDeleteService.deletProject(ProjectDeleteService.java:42) ~[main/:na]
at com.daimler.sechub.domain.administration.project.ProjectDeleteService$$FastClassBySpringCGLIB$$b95f38d3.invoke(<generated>) ~[main/:na]
...
Updating the white list by an dummy entry like "https://www.example.com" did solve the problem and admin ui /service was able to delete the project then.
This did also prevent execution of IntegrationTests for the test scenario where used user was created!
from sechub.
Related Issues (20)
- Enlarge project_id database varchar field
- SarifImporter in Sereco shall handle version control data in run and gitleaks revision information
- Fix thymeleaf warnings
- Release Server 1.9.0
- Release Client 1.5.0
- Release PDS 1.6.0
- SecHub gh-action: Default to client v1.5.0
- Add false positive limit to documentation HOT 1
- Improve user message coming from pds-gitleaks
- Perform multiple requests to mark false positives if the false positives list exceeds the accepted limit of the SecHub server
- Enrich email body when mail address of user gets changed
- Provide a subframework to encrypt data at rest
- SecHub gh-action: Integration tests with client 1.5.0
- Improve remote Data validator
- sechub-api.sh: no authentication on anonymous api calls
- Remote Data Section - Documentation
- Issue in github action documentation
- Implement first version of a spring application that helps to categorize and verify secretscan results
- Reduce visibility of deployment variables inside PDS caller scripts
- Ignore whitespaces when parsing github action scan types
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sechub.