DependencyTrack · nscuro · Feb 22, 2024 · Feb 15, 2024 · Feb 15, 2024 · Feb 16, 2024
diff --git a/src/main/java/org/dependencytrack/model/Analysis.java b/src/main/java/org/dependencytrack/model/Analysis.java
@@ -69,17 +69,17 @@ public class Analysis implements Serializable {
     private Vulnerability vulnerability;
 
     @Persistent(defaultFetchGroup = "true")
-    @Column(name = "STATE", jdbcType = "VARCHAR", allowsNull = "false")
+    @Column(name = "STATE", jdbcType = "CLOB", allowsNull = "false")
     @NotNull
     private AnalysisState analysisState;
 
     @Persistent(defaultFetchGroup = "true")
-    @Column(name = "JUSTIFICATION", jdbcType = "VARCHAR", allowsNull = "true")
+    @Column(name = "JUSTIFICATION", jdbcType = "CLOB", allowsNull = "true")
     @NotNull
     private AnalysisJustification analysisJustification;
 
     @Persistent(defaultFetchGroup = "true")
-    @Column(name = "RESPONSE", jdbcType = "VARCHAR", allowsNull = "true")
+    @Column(name = "RESPONSE", jdbcType = "CLOB", allowsNull = "true")
     @NotNull
     private AnalysisResponse analysisResponse;
 
@@ -98,12 +98,12 @@ public class Analysis implements Serializable {
     private boolean suppressed;
 
     @Persistent(defaultFetchGroup = "true")
-    @Column(name = "SEVERITY")
+    @Column(name = "SEVERITY", jdbcType = "CLOB")
     @JsonProperty(value = "severity")
     private Severity severity;
 
     @Persistent
-    @Column(name = "CVSSV2VECTOR")
+    @Column(name = "CVSSV2VECTOR", jdbcType = "CLOB")
     @JsonProperty(value = "cvssV2Vector")
     private String cvssV2Vector;
 
@@ -113,7 +113,7 @@ public class Analysis implements Serializable {
     private BigDecimal cvssV2Score;
 
     @Persistent
-    @Column(name = "CVSSV3VECTOR")
+    @Column(name = "CVSSV3VECTOR", jdbcType = "CLOB")
     @JsonProperty(value = "cvssV3Vector")
     private String cvssV3Vector;
 
@@ -123,7 +123,7 @@ public class Analysis implements Serializable {
     private BigDecimal cvssV3Score;
 
     @Persistent
-    @Column(name = "OWASPVECTOR")
+    @Column(name = "OWASPVECTOR", jdbcType = "CLOB")
     @JsonProperty(value = "owaspVector")
     private String owaspVector;
 

diff --git a/src/main/java/org/dependencytrack/model/AnalysisComment.java b/src/main/java/org/dependencytrack/model/AnalysisComment.java
@@ -66,7 +66,7 @@ public class AnalysisComment implements Serializable {
     private String comment;
 
     @Persistent(defaultFetchGroup = "true")
-    @Column(name = "COMMENTER")
+    @Column(name = "COMMENTER", jdbcType = "CLOB")
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     private String commenter;
 

diff --git a/src/main/java/org/dependencytrack/model/Bom.java b/src/main/java/org/dependencytrack/model/Bom.java
@@ -76,19 +76,19 @@ public String getFormatLongName() {
     private Date imported;
 
     @Persistent
-    @Column(name = "BOM_FORMAT")
+    @Column(name = "BOM_FORMAT", jdbcType = "CLOB")
     private String bomFormat;
 
     @Persistent
-    @Column(name = "SPEC_VERSION")
+    @Column(name = "SPEC_VERSION", jdbcType = "CLOB")
     private String specVersion;
 
     @Persistent
     @Column(name = "BOM_VERSION")
     private Integer bomVersion;
 
     @Persistent
-    @Column(name = "SERIAL_NUMBER")
+    @Column(name = "SERIAL_NUMBER", jdbcType = "CLOB")
     private String serialNumber;
 
     @Persistent(defaultFetchGroup = "true")

diff --git a/src/main/java/org/dependencytrack/model/Component.java b/src/main/java/org/dependencytrack/model/Component.java
@@ -27,7 +27,6 @@
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
 import com.github.packageurl.MalformedPackageURLException;
 import com.github.packageurl.PackageURL;
-import org.apache.commons.lang3.StringUtils;
 import org.dependencytrack.model.validation.ValidSpdxExpression;
 import org.dependencytrack.persistence.converter.OrganizationalEntityJsonConverter;
 import org.dependencytrack.resources.v1.serializers.CustomPackageURLSerializer;
@@ -50,7 +49,6 @@
 import javax.validation.constraints.NotBlank;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Pattern;
-import javax.validation.constraints.Size;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -117,8 +115,7 @@ public enum FetchGroup {
     private String author;
 
     @Persistent
-    @Column(name = "PUBLISHER", jdbcType = "VARCHAR")
-    @Size(max = 255)
+    @Column(name = "PUBLISHER", jdbcType = "CLOB")
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The publisher may only contain printable characters")
     private String publisher;
 
@@ -128,44 +125,39 @@ public enum FetchGroup {
     private OrganizationalEntity supplier;
 
     @Persistent
-    @Column(name = "GROUP", jdbcType = "VARCHAR")
+    @Column(name = "GROUP", jdbcType = "CLOB")
     @Index(name = "COMPONENT_GROUP_IDX")
-    @Size(max = 255)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The group may only contain printable characters")
     private String group;
 
     @Persistent
-    @Column(name = "NAME", jdbcType = "VARCHAR", allowsNull = "false")
+    @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB")
     @Index(name = "COMPONENT_NAME_IDX")
     @NotBlank
-    @Size(min = 1, max = 255)
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The name may only contain printable characters")
     private String name;
 
     @Persistent
-    @Column(name = "VERSION", jdbcType = "VARCHAR")
-    @Size(max = 255)
+    @Column(name = "VERSION", jdbcType = "CLOB")
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The version may only contain printable characters")
     private String version;
 
     @Persistent
-    @Column(name = "CLASSIFIER", jdbcType = "VARCHAR")
+    @Column(name = "CLASSIFIER", jdbcType = "CLOB")
     @Index(name = "COMPONENT_CLASSIFIER_IDX")
     @Extension(vendorName = "datanucleus", key = "enum-check-constraint", value = "true")
     private Classifier classifier;
 
     @Persistent
-    @Column(name = "FILENAME", jdbcType = "VARCHAR")
-    @Size(max = 255)
+    @Column(name = "FILENAME", jdbcType = "CLOB")
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.FS_DIRECTORY_NAME, message = "The specified filename is not valid and cannot be used as a filename")
     private String filename;
 
     @Persistent
-    @Column(name = "EXTENSION", jdbcType = "VARCHAR")
-    @Size(max = 255)
+    @Column(name = "EXTENSION", jdbcType = "CLOB")
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.FS_FILE_NAME, message = "The specified filename extension is not valid and cannot be used as a extension")
     private String extension;
@@ -244,31 +236,28 @@ public enum FetchGroup {
 
     @Persistent
     @Index(name = "COMPONENT_CPE_IDX")
-    @Column(name = "CPE")
-    @Size(max = 255)
+    @Column(name = "CPE", jdbcType = "CLOB")
     //Patterns obtained from https://csrc.nist.gov/schema/cpe/2.3/cpe-naming_2.3.xsd
     @Pattern(regexp = "(cpe:2\\.3:[aho\\*\\-](:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!\"#$$%&'\\(\\)\\+,/:;<=>@\\[\\]\\^`\\{\\|}~]))+(\\?*|\\*?))|[\\*\\-])){5}(:(([a-zA-Z]{2,3}(-([a-zA-Z]{2}|[0-9]{3}))?)|[\\*\\-]))(:(((\\?*|\\*?)([a-zA-Z0-9\\-\\._]|(\\\\[\\\\\\*\\?!\"#$$%&'\\(\\)\\+,/:;<=>@\\[\\]\\^`\\{\\|}~]))+(\\?*|\\*?))|[\\*\\-])){4})|([c][pP][eE]:/[AHOaho]?(:[A-Za-z0-9\\._\\-~%]*){0,6})", message = "The CPE must conform to the CPE v2.2 or v2.3 specification defined by NIST")
     private String cpe;
 
     @Persistent(defaultFetchGroup = "true")
     @Index(name = "COMPONENT_PURL_IDX")
-    @Column(name = "PURL", jdbcType = "VARCHAR", length = 1024)
-    @Size(max = 1024)
+    @Column(name = "PURL", jdbcType = "CLOB")
     @com.github.packageurl.validator.PackageURL
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     private String purl;
 
     @Persistent(defaultFetchGroup = "true")
     @Index(name = "COMPONENT_PURL_COORDINATES_IDX")
-    @Size(max = 255)
+    @Column(name = "PURLCOORDINATES", jdbcType = "CLOB")
     @com.github.packageurl.validator.PackageURL
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     private String purlCoordinates; // Field should contain only type, namespace, name, and version. Everything up to the qualifiers
 
     @Persistent
-    @Column(name = "SWIDTAGID")
+    @Column(name = "SWIDTAGID", jdbcType = "CLOB")
     @Index(name = "COMPONENT_SWID_TAGID_IDX")
-    @Size(max = 255)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The SWID tagId may only contain printable characters")
     private String swidTagId;
 
@@ -278,22 +267,19 @@ public enum FetchGroup {
     private Boolean internal;
 
     @Persistent
-    @Column(name = "DESCRIPTION", jdbcType = "VARCHAR", length = 1024)
-    @Size(max = 1024)
+    @Column(name = "DESCRIPTION", jdbcType = "CLOB")
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The description may only contain printable characters")
     private String description;
 
     @Persistent
-    @Column(name = "COPYRIGHT", jdbcType = "VARCHAR", length = 1024)
-    @Size(max = 1024)
+    @Column(name = "COPYRIGHT", jdbcType = "CLOB")
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The copyright may only contain printable characters")
     private String copyright;
 
     @Persistent
-    @Column(name = "LICENSE", jdbcType = "VARCHAR")
-    @Size(max = 255)
+    @Column(name = "LICENSE", jdbcType = "CLOB")
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The license may only contain printable characters")
     private String license;
@@ -305,8 +291,7 @@ public enum FetchGroup {
     private String licenseExpression;
 
     @Persistent
-    @Column(name = "LICENSE_URL", jdbcType = "VARCHAR")
-    @Size(max = 255)
+    @Column(name = "LICENSE_URL", jdbcType = "CLOB")
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.URL, message = "The license URL must be a valid URL")
     private String licenseUrl;
@@ -415,23 +400,23 @@ public String getGroup() {
     }
 
     public void setGroup(String group) {
-        this.group = StringUtils.abbreviate(group, 255);
+        this.group = group;
     }
 
     public String getName() {
         return name;
     }
 
     public void setName(String name) {
-        this.name = StringUtils.abbreviate(name, 255);
+        this.name = name;
     }
 
     public String getVersion() {
         return version;
     }
 
     public void setVersion(String version) {
-        this.version = StringUtils.abbreviate(version, 255);
+        this.version = version;
     }
 
     public Classifier getClassifier() {
@@ -447,15 +432,15 @@ public String getFilename() {
     }
 
     public void setFilename(String filename) {
-        this.filename = StringUtils.abbreviate(filename, 255);
+        this.filename = filename;
     }
 
     public String getExtension() {
         return extension;
     }
 
     public void setExtension(String extension) {
-        this.extension = StringUtils.abbreviate(extension, 255);
+        this.extension = extension;
     }
 
     public String getMd5() {
@@ -559,7 +544,7 @@ public String getCpe() {
     }
 
     public void setCpe(String cpe) {
-        this.cpe = StringUtils.abbreviate(cpe, 255);
+        this.cpe = cpe;
     }
 
     @JsonSerialize(using = CustomPackageURLSerializer.class)
@@ -634,23 +619,23 @@ public String getDescription() {
     }
 
     public void setDescription(String description) {
-        this.description = StringUtils.abbreviate(description, 1024);
+        this.description = description;
     }
 
     public String getCopyright() {
         return copyright;
     }
 
     public void setCopyright(String copyright) {
-        this.copyright = StringUtils.abbreviate(copyright, 1024);
+        this.copyright = copyright;
     }
 
     public String getLicense() {
         return license;
     }
 
     public void setLicense(String license) {
-        this.license = StringUtils.abbreviate(license, 255);
+        this.license = license;
     }
 
     public String getLicenseExpression() {
@@ -666,7 +651,7 @@ public String getLicenseUrl() {
     }
 
     public void setLicenseUrl(String licenseUrl) {
-        this.licenseUrl = StringUtils.abbreviate(licenseUrl, 255);
+        this.licenseUrl = licenseUrl;
     }
 
     public License getResolvedLicense() {

diff --git a/src/main/java/org/dependencytrack/model/Cwe.java b/src/main/java/org/dependencytrack/model/Cwe.java
@@ -32,7 +32,6 @@
 import javax.jdo.annotations.Unique;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Pattern;
-import javax.validation.constraints.Size;
 import java.io.Serializable;
 
 /**
@@ -58,8 +57,7 @@ public class Cwe implements Serializable {
     private int cweId;
 
     @Persistent
-    @Column(name = "NAME", jdbcType = "VARCHAR", allowsNull = "false")
-    @Size(max = 255)
+    @Column(name = "NAME", allowsNull = "false", jdbcType = "CLOB")
     @NotNull
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Pattern(regexp = RegexSequence.Definition.PRINTABLE_CHARS, message = "The name may only contain printable characters")

diff --git a/src/main/java/org/dependencytrack/model/FindingAttribution.java b/src/main/java/org/dependencytrack/model/FindingAttribution.java
@@ -76,11 +76,11 @@ public class FindingAttribution implements Serializable {
     private Vulnerability vulnerability;
 
     @Persistent
-    @Column(name = "ALT_ID", allowsNull = "true")
+    @Column(name = "ALT_ID", allowsNull = "true", jdbcType = "CLOB")
     private String alternateIdentifier;
 
     @Persistent
-    @Column(name = "REFERENCE_URL", allowsNull = "true")
+    @Column(name = "REFERENCE_URL", allowsNull = "true", jdbcType = "CLOB")
     private String referenceUrl;
 
     @Persistent(customValueStrategy = "uuid")

diff --git a/src/main/java/org/dependencytrack/model/IntegrityMetaComponent.java b/src/main/java/org/dependencytrack/model/IntegrityMetaComponent.java
@@ -33,7 +33,6 @@
 import javax.jdo.annotations.Unique;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Pattern;
-import javax.validation.constraints.Size;
 import java.io.Serializable;
 import java.util.Date;
 
@@ -75,9 +74,8 @@ public void setSha512(String sha512) {
     private String sha512;
 
     @Persistent
-    @Column(name = "PURL", allowsNull = "false", jdbcType = "VARCHAR", length = 1024)
+    @Column(name = "PURL", allowsNull = "false", jdbcType = "CLOB")
     @Index(name = "PURL_IDX")
-    @Size(max = 1024)
     @com.github.packageurl.validator.PackageURL
     @JsonDeserialize(using = TrimmedStringDeserializer.class)
     @Unique
@@ -97,12 +95,12 @@ public void setSha512(String sha512) {
     private Date lastFetch;
 
     @Persistent
-    @Column(name = "STATUS", jdbcType = "VARCHAR", length = 64)
+    @Column(name = "STATUS", jdbcType = "CLOB")
     @Extension(vendorName = "datanucleus", key = "enum-check-constraint", value = "true")
     private FetchStatus status;
 
     @Persistent
-    @Column(name = "REPOSITORY_URL", jdbcType = "VARCHAR", length = 1024)
+    @Column(name = "REPOSITORY_URL", jdbcType = "CLOB")
     private String repositoryUrl;