Regression: Sorting broken in "Vulnerabilities" view #1698

nscuro · 2025-03-07T11:21:12Z

Current Behavior

Trying so sort records in the Vulnerabilities view fails with a HTTP 500 response, and the following error being logged:

2025-03-07 12:09:45,127 ERROR [GlobalExceptionHandler] Uncaught internal server error [requestId=ac750c03-0e24-4f2f-9df2-e6deb9a5b0bc]
java.lang.IllegalArgumentException: Ordering is not allowed
	at org.dependencytrack.persistence.jdbi.ApiRequestStatementCustomizer.defineOrdering(ApiRequestStatementCustomizer.java:106)
	at org.dependencytrack.persistence.jdbi.ApiRequestStatementCustomizer.beforeTemplating(ApiRequestStatementCustomizer.java:85)
	at org.jdbi.v3.core.statement.SqlStatement.lambda$beforeTemplating$9(SqlStatement.java:1868)
	at org.jdbi.v3.core.statement.BaseStatement.callCustomizers(BaseStatement.java:103)
	at org.jdbi.v3.core.statement.SqlStatement.beforeTemplating(SqlStatement.java:1868)
	at org.jdbi.v3.core.statement.SqlStatement.internalExecute(SqlStatement.java:1796)
	at org.jdbi.v3.core.result.ResultProducers.lambda$createResultBearing$3(ResultProducers.java:96)
	at org.jdbi.v3.core.result.internal.ResultSetSupplier.get(ResultSetSupplier.java:55)
	at org.jdbi.v3.core.result.internal.ResultSetResultIterator.<init>(ResultSetResultIterator.java:52)
	at org.jdbi.v3.core.result.internal.ResultSetResultIterable.iterator(ResultSetResultIterable.java:51)
	at org.jdbi.v3.core.result.ResultIterable.stream(ResultIterable.java:266)
	at org.jdbi.v3.core.result.ResultIterable.collect(ResultIterable.java:340)
	at org.jdbi.v3.sqlobject.statement.internal.ResultReturner$CollectedResultReturner.mappedResult(ResultReturner.java:315)
	at org.jdbi.v3.sqlobject.statement.internal.SqlQueryHandler.lambda$configureReturner$0(SqlQueryHandler.java:65)
	at org.jdbi.v3.sqlobject.statement.internal.CustomizingStatementHandler.invoke(CustomizingStatementHandler.java:197)
	at org.jdbi.v3.sqlobject.statement.internal.SqlQueryHandler.invoke(SqlQueryHandler.java:27)
	at org.jdbi.v3.core.extension.ExtensionMetadata$ExtensionHandlerInvoker.lambda$invoke$0(ExtensionMetadata.java:345)
	at org.jdbi.v3.core.AbstractHandleSupplier.invokeInContext(AbstractHandleSupplier.java:36)
	at org.jdbi.v3.core.extension.ExtensionMetadata$ExtensionHandlerInvoker.call(ExtensionMetadata.java:363)
	at org.jdbi.v3.core.extension.ExtensionMetadata$ExtensionHandlerInvoker.invoke(ExtensionMetadata.java:346)
	at org.jdbi.v3.core.extension.ExtensionFactoryDelegate.lambda$attach$0(ExtensionFactoryDelegate.java:118)
	at jdk.proxy6/jdk.proxy6.$Proxy255.getAffectedProjectCount(Unknown Source)
	at org.dependencytrack.persistence.VulnerabilityQueryManager.lambda$getVulnerabilities$1(VulnerabilityQueryManager.java:318)
	at org.dependencytrack.persistence.jdbi.JdbiFactory.lambda$withJdbiHandle$1(JdbiFactory.java:73)
	at org.jdbi.v3.core.Jdbi.withHandle(Jdbi.java:422)
	at org.dependencytrack.persistence.jdbi.JdbiFactory.withJdbiHandle(JdbiFactory.java:73)
	at org.dependencytrack.persistence.VulnerabilityQueryManager.getVulnerabilities(VulnerabilityQueryManager.java:316)
	at org.dependencytrack.persistence.QueryManager.getVulnerabilities(QueryManager.java:1108)
	at org.dependencytrack.resources.v1.VulnerabilityResource.getAllVulnerabilities(VulnerabilityResource.java:310)

Steps to Reproduce

Click on any header of a sortable column in the Vulnerabilities view
Observe exception being thrown

Expected Behavior

Sorting vulnerability records should work.

Hyades Version

5.6.0-SNAPSHOT

Repository Type

Hyades apiserver

Browser

N/A

Checklist

I have read and understand the contributing guidelines
I have checked the existing issues for whether this defect was already reported

The text was updated successfully, but these errors were encountered:

…no order-able columns list If a DAO method does not specify a `@AllowApiOrdering` annotation, ignore any order API parameters. Only if `@AllowApiOrdering` is present, validate incoming parameters against it. Fixes DependencyTrack/hyades#1698 Signed-off-by: nscuro <[email protected]>

nscuro added defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort labels Mar 7, 2025

nscuro self-assigned this Mar 7, 2025

nscuro added this to the 0.6.0 milestone Mar 7, 2025

nscuro changed the title ~~Regression: Sorting broken in *Vulnerabilities* view~~ Regression: Sorting broken in "Vulnerabilities" view Mar 7, 2025

nscuro mentioned this issue Mar 7, 2025

Don't throw when ordering API params are provided but DAO method has no order-able columns list DependencyTrack/hyades-apiserver#1086

Merged

2 tasks

sahibamittal closed this as completed in DependencyTrack/hyades-apiserver#1086 Mar 10, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Regression: Sorting broken in "Vulnerabilities" view #1698

Regression: Sorting broken in "Vulnerabilities" view #1698

nscuro commented Mar 7, 2025

Regression: Sorting broken in "Vulnerabilities" view #1698

Regression: Sorting broken in "Vulnerabilities" view #1698

Comments

nscuro commented Mar 7, 2025

Current Behavior

Steps to Reproduce

Expected Behavior

Hyades Version

Repository Type

Browser

Checklist