Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent behavior with project properties in notifications #4360

Open
2 tasks done
lme-atolcd opened this issue Nov 7, 2024 · 0 comments
Open
2 tasks done

Inconsistent behavior with project properties in notifications #4360

lme-atolcd opened this issue Nov 7, 2024 · 0 comments
Labels
defect Something isn't working in triage

Comments

@lme-atolcd
Copy link

Current Behavior

We are trying to use project properties with webhook notifications.

For some notifications (like POLICY_VIOLATION), subject.project.properties is populated as expected. But for other notifications (like NEW_VULNERABLE_DEPENDENCY), subject.project.properties is empty (no null).
Same thing when using subject.component.project.properties instead of subject.project.properties.

Is this the expected behavior? Or maybe there is a better or more consistent way to get project properties in notification templates?

Steps to Reproduce

1.Add a new webhook notification with this template:

{
  "notification": {
    "level": "{{ notification.level | escape(strategy="json") }}",
    "scope": "{{ notification.scope | escape(strategy="json") }}",
    "group": "{{ notification.group | escape(strategy="json") }}",
    "timestamp": "{{ notification.timestamp }}",
    "title": "{{ notification.title | escape(strategy="json") }}",
    "content": "{{ notification.content | escape(strategy="json") }}"
  },
  
  "subject.component.project.properties.toString" : "{{ subject.component.project.properties.toString | escape(strategy="json") }}",
  "subject.component.project.properties": [
    {% for p in subject.component.project.properties %}
      {
        "groupName": "{{ p.groupName.toString | escape(strategy="json") }}",
        "propertyName": "{{ p.propertyName.toString | escape(strategy="json") }}",
        "propertyValue": "{{ p.propertyValue.toString | escape(strategy="json") }}"
      }
    {% endfor %}
  ],
  
  "subject.project.properties.toString" : "{{ subject.project.properties.toString | escape(strategy="json") }}",
  "subject.project.properties": [
    {% for p in subject.project.properties %}
      {
        "groupName": "{{ p.groupName.toString | escape(strategy="json") }}",
        "propertyName": "{{ p.propertyName.toString | escape(strategy="json") }}",
        "propertyValue": "{{ p.propertyValue.toString | escape(strategy="json") }}"
      }
    {% endfor %}
  ]
}
  1. trigger POLICY_VIOLATION and NEW_VULNERABLE_DEPENDENCY notifications using this template
  2. inspect the result JSON sent to the webhook URL

Results for a POLICY_VIOLATION notification:

{
  "notification": {
    "level": "INFORMATIONAL",
    "scope": "PORTFOLIO",
    "group": "POLICY_VIOLATION",
    "timestamp": "2024-11-07T14:42:22.965782190",
    "title": "Policy Violation on Project: [test lme : 1.0]",
    "content": "A security policy violation occurred"
  },
  "subject.component.project.properties.toString": "[org.dependencytrack.model.ProjectProperty@7872efd6]",
  "subject.component.project.properties": [
    {
      "groupName": "my_group",
      "propertyName": "my_property",
      "propertyValue": "my_value"
    }
  ],
  "subject.project.properties.toString": "[org.dependencytrack.model.ProjectProperty@7872efd6]",
  "subject.project.properties": [
    {
      "groupName": "my_group",
      "propertyName": "my_property",
      "propertyValue": "my_value"
    }
  ]
}

Results for a NEW_VULNERABLE_DEPENDENCY notification (no properties in the result):

{
  "notification": {
    "level": "INFORMATIONAL",
    "scope": "PORTFOLIO",
    "group": "NEW_VULNERABLE_DEPENDENCY",
    "timestamp": "2024-11-07T14:42:22.961691586",
    "title": "Vulnerable Dependency Introduced on Project: [test lme : 1.0]",
    "content": "A dependency was introduced that contains 11 known vulnerabilities"
  },
  "subject.component.project.properties.toString": "",
  "subject.component.project.properties": [

  ],
  "subject.project.properties.toString": "",
  "subject.project.properties": [

  ]
}

Expected Behavior

The ability to have access to project properties consistently for all notification types.

Dependency-Track Version

4.12.0

Dependency-Track Distribution

Container Image

Database Server

PostgreSQL

Database Server Version

12

Browser

Google Chrome

Checklist
@lme-atolcd lme-atolcd added defect Something isn't working in triage labels Nov 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
defect Something isn't working in triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lme-atolcd