Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix version distance policy being evaluated despite not being configured #2980

Merged
merged 2 commits into from
Sep 14, 2023
Merged

Fix version distance policy being evaluated despite not being configured #2980

merged 2 commits into from
Sep 14, 2023

Conversation

nscuro
Copy link
Member

@nscuro nscuro commented Aug 23, 2023

Description

This PR fixes a defect where the new version distance policy was being evaluated despite not being configured by users.

This PR additionally adds checks to policy evaluators that ensure that no expensive or potentially failing computation is being performed, unless the policy actually needs to be verified. This was previously not always the case, causing unnecessary database queries to be performed etc.

Addressed Issue

Fixes #2979

Additional Details

N/A

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have added corresponding update logic
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@nscuro
Fix version distance policy being evaluated despite not being configured
8df7541 
Also handle failures in computing the version distance.

Fixes DependencyTrack#2979

Signed-off-by: nscuro <[email protected]>
@nscuro
Ensure that policy evaluators short-circuit when no applicable condit…
e60d344 
…ion is configured

Do not perform any expensive or potentially failing computation unless the policy *actually* has to be evaluated.

Signed-off-by: nscuro <[email protected]>
leec94
leec94 approved these changes Sep 13, 2023
View reviewed changes
Copy link
Contributor

@leec94 leec94 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i was unable to run a test by “specifying a non-numerical value for the “epoch”", looks like only numbers are allowed.
but i ran a second test, so I added a component with invalid version and i didn’t get any output, which is expected.
looks like this version distance policy is only being run when specified now. good work, approved

@nscuro
Copy link
Member Author

nscuro commented Sep 14, 2023

Thanks @leec94! I'll try to make it a habit to include "how to test" instructions in the PR description. 😁

@nscuro nscuro merged commit 4baad3f into DependencyTrack:master Sep 14, 2023
7 checks passed
@nscuro nscuro deleted the issue-2979 branch September 14, 2023 09:01
@leec94
Copy link
Contributor

leec94 commented Sep 14, 2023

a "how to test" section would be really helpful! thanks!

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Oct 15, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@leec94 leec94 leec94 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@nscuro @leec94