Skip to content

Fix too many query parameters when retrieving vuln aliases#5101

Merged
nscuro merged 1 commit intoDependencyTrack:masterfrom
nscuro:issue-5096
Jul 3, 2025
Merged

Fix too many query parameters when retrieving vuln aliases#5101
nscuro merged 1 commit intoDependencyTrack:masterfrom
nscuro:issue-5096

Conversation

@nscuro
Copy link
Copy Markdown
Member

@nscuro nscuro commented Jul 3, 2025

Description

Fixes too many query parameters when retrieving vulnerability aliases.

Addressed Issue

Fixes #5096

Additional Details

N/A

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have added corresponding update logic
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@nscuro nscuro added this to the 4.14.0 milestone Jul 3, 2025
Copilot AI review requested due to automatic review settings July 3, 2025 20:47
@nscuro nscuro added defect Something isn't working backport/4.13.3 PRs to be backported to v4.13.3 labels Jul 3, 2025
@owasp-dt-bot
Copy link
Copy Markdown

owasp-dt-bot commented Jul 3, 2025

🎉 Snyk checks have passed. No issues have been found so far.

security/snyk check is complete. No issues have been found. (View Details)

Copilot AI reviewed Jul 3, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes issue #5096 by batching the vulnIdAndSources input into smaller partitions to avoid exceeding database parameter limits when retrieving vulnerability aliases.

  • Introduces batching logic that partitions the input collection into chunks of up to 250 items
  • Extracts the original query implementation into a new private getVulnerabilityAliasesInternal helper
  • Aggregates results from each batch into a single Map<VulnIdAndSource, List<VulnerabilityAlias>>
Comments suppressed due to low confidence (2)

src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java:695

  • [nitpick] Update the method JavaDoc to note that inputs are internally batched (in groups of 250) to avoid database parameter limits, so future readers understand the reasoning.
    public Map<VulnIdAndSource, List<VulnerabilityAlias>> getVulnerabilityAliases(

src/main/java/org/dependencytrack/persistence/VulnerabilityQueryManager.java:707

  • Add a unit test for cases where vulnIdAndSources.size() exceeds 250 to verify that partitioning and result aggregation work correctly without losing entries.
        final var results = new HashMap<VulnIdAndSource, List<VulnerabilityAlias>>(vulnIdAndSources.size());

@codacy-production
Copy link
Copy Markdown

codacy-production bot commented Jul 3, 2025

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.01% (target: -1.00%) 100.00% (target: 70.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (d46c91b) 24048 19443 80.85%
Head commit (5d68fa0) 24055 (+7) 19450 (+7) 80.86% (+0.01%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#5101) 7 7 100.00%

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

@nscuro nscuro merged commit 89482f1 into DependencyTrack:master Jul 3, 2025
11 checks passed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 3, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

backport/4.13.3 PRs to be backported to v4.13.3 defect Something isn't working

Projects

None yet

Milestone

4.14.0

Development

Successfully merging this pull request may close these issues.

SQLServerException: The incoming request has too many parameters.

3 participants

@nscuro @owasp-dt-bot