From ece9ec07f0b9424494d979eef34195415a74b018 Mon Sep 17 00:00:00 2001 From: itstimetoforget Date: Wed, 1 Jul 2026 21:54:18 +0200 Subject: [PATCH] Mark project as not required and only validate when specified. Signed-off-by: itstimetoforget --- .../dependencytrack/resources/v1/AnalysisResource.java | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/dependencytrack/resources/v1/AnalysisResource.java b/src/main/java/org/dependencytrack/resources/v1/AnalysisResource.java index 48a252770e..323ee3bcb8 100644 --- a/src/main/java/org/dependencytrack/resources/v1/AnalysisResource.java +++ b/src/main/java/org/dependencytrack/resources/v1/AnalysisResource.java @@ -147,7 +147,6 @@ public Response retrieveAnalysis(@Parameter(description = "The UUID of the proje public Response updateAnalysis(AnalysisRequest request) { final Validator validator = getValidator(); failOnValidationError( - validator.validateProperty(request, "project"), validator.validateProperty(request, "component"), validator.validateProperty(request, "vulnerability"), validator.validateProperty(request, "analysisState"), @@ -158,13 +157,16 @@ public Response updateAnalysis(AnalysisRequest request) { ); try (QueryManager qm = new QueryManager()) { final Project project = qm.getObjectByUuid(Project.class, request.getProject()); - if (project == null) { - return Response.status(Response.Status.NOT_FOUND).entity("The project could not be found.").build(); - } + final Component component = qm.getObjectByUuid(Component.class, request.getComponent()); if (component == null) { return Response.status(Response.Status.NOT_FOUND).entity("The component could not be found.").build(); } + + if (project != null && component.getProject().getId() != project.getId()){ + return Response.status(Response.Status.CONFLICT).entity("The component has a different project than the one specified via the project param.").build(); + } + final Vulnerability vulnerability = qm.getObjectByUuid(Vulnerability.class, request.getVulnerability()); if (vulnerability == null) { return Response.status(Response.Status.NOT_FOUND).entity("The vulnerability could not be found.").build();