Merge pull request #1507 from DependencyTrack/fix-slow-affectedprojectcount-query

nscuro · web-flow · commit 93c4eaf88d82 · 2025-10-24T19:19:35.000+02:00
diff --git a/apiserver/src/main/java/org/dependencytrack/persistence/jdbi/FindingDao.java b/apiserver/src/main/java/org/dependencytrack/persistence/jdbi/FindingDao.java
@@ -104,6 +104,7 @@ record GroupedFindingRow(
 
     @SqlQuery(/* language=InjectedFreeMarker */ """
             <#-- @ftlvariable name="apiOffsetLimitClause" type="String" -->
+            <#-- @ftlvariable name="includeSuppressed" type="boolean" -->
             SELECT "PROJECT"."UUID" AS "projectUuid"
                  , "PROJECT"."NAME" AS "projectName"
                  , "PROJECT"."VERSION" AS "projectVersion"
@@ -185,13 +186,15 @@ record GroupedFindingRow(
               INNER JOIN "PROJECT"
                 ON "COMPONENT"."PROJECT_ID" = "PROJECT"."ID"
              WHERE "COMPONENT"."PROJECT_ID" = :projectId
-               AND (:includeSuppressed OR "A"."SUPPRESSED" IS NULL OR NOT "A"."SUPPRESSED")
+            <#if !includeSuppressed>
+               AND "A"."SUPPRESSED" IS DISTINCT FROM TRUE
+            </#if>
                AND (:hasAnalysis IS NULL OR ("A"."ID" IS NOT NULL) = :hasAnalysis)
              ORDER BY "FINDINGATTRIBUTION"."ID"
              ${apiOffsetLimitClause!}
             """)
     @RegisterConstructorMapper(FindingRow.class)
-    List<FindingRow> getFindingsByProject(@Bind long projectId, @Bind boolean includeSuppressed, @Bind Boolean hasAnalysis);
+    List<FindingRow> getFindingsByProject(@Bind long projectId, @Define boolean includeSuppressed, @Bind Boolean hasAnalysis);
 
     default List<Finding> getFindings(final long projectId, final boolean includeSuppressed) {
         List<FindingRow> findingRows = getFindingsByProject(projectId, includeSuppressed, null);
@@ -292,7 +295,7 @@ default List<Finding> getFindings(final long projectId, final boolean includeSup
                 AND "PROJECT"."INACTIVE_SINCE" IS NULL
              </#if>
              <#if !suppressedFilter>
-                AND ("A"."SUPPRESSED" IS NULL OR NOT "A"."SUPPRESSED")
+                AND "A"."SUPPRESSED" IS DISTINCT FROM TRUE
              </#if>
              <#if queryFilter??>
                 ${queryFilter}
diff --git a/apiserver/src/main/java/org/dependencytrack/persistence/jdbi/NotificationSubjectDao.java b/apiserver/src/main/java/org/dependencytrack/persistence/jdbi/NotificationSubjectDao.java
@@ -151,7 +151,7 @@ public interface NotificationSubjectDao extends SqlObject {
               "ANALYSIS" AS "A" ON "A"."COMPONENT_ID" = "C"."ID" AND "A"."VULNERABILITY_ID" = "V"."ID"
             WHERE
               "C"."UUID" = :componentUuid AND "V"."UUID" = ANY(:vulnUuids)
-              AND ("A"."SUPPRESSED" IS NULL OR NOT "A"."SUPPRESSED")
+              AND "A"."SUPPRESSED" IS DISTINCT FROM TRUE
             """)
     @RegisterRowMapper(NotificationSubjectNewVulnerabilityRowMapper.class)
     List<NewVulnerabilitySubject> getForNewVulnerabilities(final UUID componentUuid, final Collection<UUID> vulnUuids,
@@ -239,7 +239,7 @@ List<NewVulnerabilitySubject> getForNewVulnerabilities(final UUID componentUuid,
               "ANALYSIS" AS "A" ON "A"."COMPONENT_ID" = "C"."ID" AND "A"."VULNERABILITY_ID" = "V"."ID"
             WHERE
               "C"."UUID" = :componentUuid
-              AND ("A"."SUPPRESSED" IS NULL OR NOT "A"."SUPPRESSED")
+              AND "A"."SUPPRESSED" IS DISTINCT FROM TRUE
             """)
     @UseRowReducer(NotificationSubjectNewVulnerableDependencyRowReducer.class)
     Optional<NewVulnerableDependencySubject> getForNewVulnerableDependency(final UUID componentUuid);
@@ -491,7 +491,7 @@ default Optional<ProjectVulnAnalysisCompleteSubject> getForProjectVulnAnalysisCo
                         INNER JOIN "VULNERABILITY" AS "V" ON "V"."ID" = "CV"."VULNERABILITY_ID"
                          LEFT JOIN "ANALYSIS" AS "A" ON "A"."COMPONENT_ID" = "C"."ID" AND "A"."VULNERABILITY_ID" = "V"."ID"
                         WHERE "C"."PROJECT_ID" = (SELECT "ID" FROM "CTE_PROJECT")
-                          AND ("A"."SUPPRESSED" IS NULL OR NOT "A"."SUPPRESSED")
+                          AND "A"."SUPPRESSED" IS DISTINCT FROM TRUE
                         """)
                 .bind("projectUuid", UUID.fromString(optionalProject.get().getUuid()))
                 .registerRowMapper(Component.class, new NotificationComponentRowMapper())
diff --git a/apiserver/src/main/java/org/dependencytrack/persistence/jdbi/VulnerabilityDao.java b/apiserver/src/main/java/org/dependencytrack/persistence/jdbi/VulnerabilityDao.java
@@ -222,6 +222,7 @@ record AffectedProjectListRow(
 
     @SqlQuery(/* language=InjectedFreeMarker */ """
             <#-- @ftlvariable name="apiFilterParameter" type="String" -->
+            <#-- @ftlvariable name="includeSuppressed" type="boolean" -->
             SELECT "V"."ID" AS "ID"
                  , "V"."VULNID"
                  , "V"."SOURCE"
@@ -273,14 +274,17 @@ record AffectedProjectListRow(
                AND "COMPONENT"."PROJECT_ID" = "ANALYSIS"."PROJECT_ID"
               LEFT JOIN "EPSS"
             	ON "V"."VULNID" = "EPSS"."CVE"
-             WHERE (:includeSuppressed OR "ANALYSIS"."SUPPRESSED" IS NULL OR NOT "ANALYSIS"."SUPPRESSED")
+             WHERE TRUE
+            <#if !includeSuppressed>
+               AND "ANALYSIS"."SUPPRESSED" IS DISTINCT FROM TRUE
+            </#if>
             <#if apiFilterParameter??>
                AND (LOWER("V"."VULNID") LIKE ('%' || LOWER(${apiFilterParameter}) || '%'))
             </#if>
             ORDER BY "V"."ID"
             """)
     @RegisterRowMapper(VulnerabilityRowMapper.class)
-    List<Vulnerability> getVulnerabilitiesByComponent(@Bind Long componentId, @Bind boolean includeSuppressed);
+    List<Vulnerability> getVulnerabilitiesByComponent(@Bind Long componentId, @Define boolean includeSuppressed);
 
     @SqlQuery(/* language=InjectedFreeMarker */ """
             <#-- @ftlvariable name="includeSuppressed" type="boolean" -->
@@ -302,7 +306,7 @@ record AffectedProjectListRow(
             </#if>
              WHERE "VULNERABILITY"."ID" = ANY(:vulnerabilityIds)
             <#if !includeSuppressed>
-               AND ("ANALYSIS"."SUPPRESSED" IS NULL OR NOT "ANALYSIS"."SUPPRESSED")
+               AND "ANALYSIS"."SUPPRESSED" IS DISTINCT FROM TRUE
             </#if>
                AND ${apiProjectAclCondition}
              GROUP BY "VULNERABILITY"."ID"
@@ -321,6 +325,7 @@ record AffectedProjectCountRow(
 
     @SqlQuery(/* language=InjectedFreeMarker */ """
             <#-- @ftlvariable name="apiFilterParameter" type="String" -->
+            <#-- @ftlvariable name="includeSuppressed" type="boolean" -->
             SELECT DISTINCT ON ("V"."ID")
                    "V"."ID"
                  , "V"."VULNID"
@@ -375,15 +380,17 @@ SELECT DISTINCT ON ("V"."ID")
                AND "COMPONENT"."ID" = "ANALYSIS"."COMPONENT_ID"
                AND "COMPONENT"."PROJECT_ID" = "ANALYSIS"."PROJECT_ID"
              WHERE "COMPONENT"."PROJECT_ID" = :projectId
-               AND (:includeSuppressed OR "ANALYSIS"."SUPPRESSED" IS NULL OR NOT "ANALYSIS"."SUPPRESSED")
+            <#if !includeSuppressed>
+               AND "ANALYSIS"."SUPPRESSED" IS DISTINCT FROM TRUE
+            </#if>
             <#if apiFilterParameter??>
                AND (LOWER("V"."VULNID") LIKE ('%' || LOWER(${apiFilterParameter}) || '%'))
             </#if>
              GROUP BY "V"."ID", "EPSS"."SCORE", "EPSS"."PERCENTILE"
              ORDER BY "V"."ID"
             """)
     @RegisterRowMapper(VulnerabilityRowMapper.class)
-    List<Vulnerability> getVulnerabilitiesByProject(@Bind long projectId, boolean includeSuppressed);
+    List<Vulnerability> getVulnerabilitiesByProject(@Bind long projectId, @Define boolean includeSuppressed);
 
     @SqlQuery("""
          SELECT distinct "C"."ID",
