Fix NPE when querying component metadata for projects without findings

Ports PR DependencyTrack/dependency-track#3889 from Dependency-Track v4.12.0-SNAPSHOT. Signed-off-by: nscuro <[email protected]>
DependencyTrack · Jun 28, 2024 · 1e50bb8 · 1e50bb8
1 parent 3cf2942
commit 1e50bb8
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 0 deletions.
diff --git a/src/main/java/org/dependencytrack/persistence/RepositoryQueryManager.java b/src/main/java/org/dependencytrack/persistence/RepositoryQueryManager.java
@@ -31,6 +31,7 @@
 import javax.jdo.Query;
 import java.io.Serializable;
 import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -254,6 +255,10 @@ public synchronized RepositoryMetaComponent synchronizeRepositoryMetaComponent(f
      * @since 4.9.0
      */
     public List<RepositoryMetaComponent> getRepositoryMetaComponents(final List<RepositoryQueryManager.RepositoryMetaComponentSearch> list) {
+        if (list == null || list.isEmpty()) {
+            return Collections.emptyList();
+        }
+
         final Query<RepositoryMetaComponent> query = pm.newQuery(RepositoryMetaComponent.class);
 
         // Dynamically build the filter string and populate the parameters

diff --git a/src/test/java/org/dependencytrack/resources/v1/FindingResourceTest.java b/src/test/java/org/dependencytrack/resources/v1/FindingResourceTest.java
@@ -136,6 +136,29 @@ public void getFindingsByProjectTest() {
         );
     }
 
+    @Test
+    public void getFindingsByProjectEmptyTest() {
+        final var metaComponent = new RepositoryMetaComponent();
+        metaComponent.setRepositoryType(RepositoryType.MAVEN);
+        metaComponent.setNamespace("com.acme");
+        metaComponent.setName("acme-lib");
+        metaComponent.setLatestVersion("1.2.3");
+        metaComponent.setLastCheck(new Date());
+        qm.persist(metaComponent);
+
+        final var project = new Project();
+        project.setName("acme-app");
+        qm.persist(project);
+
+        final Response response = jersey.target(V1_FINDING + "/project/" + project.getUuid())
+                .request()
+                .header(X_API_KEY, apiKey)
+                .get();
+        assertThat(response.getStatus()).isEqualTo(200);
+        assertThat(response.getHeaderString(TOTAL_COUNT_HEADER)).isEqualTo("0");
+        assertThat(getPlainTextBody(response)).isEqualTo("[]");
+    }
+
     @Test
     public void getFindingsByProjectInvalidTest() {
         Response response = jersey.target(V1_FINDING + "/project/" + UUID.randomUUID().toString()).request()