Skip to content

Commit

Permalink
Improve matching and reporting code and UI #1228
Browse files Browse the repository at this point in the history
Reference: #1228

Signed-off-by: John M. Horan <johnmhoran@gmail.com>
  • Loading branch information
johnmhoran committed Nov 22, 2023
1 parent 65d82a7 commit 3b34e46
Show file tree
Hide file tree
Showing 6 changed files with 153 additions and 720 deletions.
583 changes: 42 additions & 541 deletions vulnerabilities/models.py

Large diffs are not rendered by default.

208 changes: 70 additions & 138 deletions vulnerabilities/templates/package_details.html
Original file line number Diff line number Diff line change
Expand Up @@ -40,18 +40,47 @@
</table>
</div>

{% if affected_by_vulnerabilities|length != 0 %}

<div class="pl-3 pr-3 mb-5 non-vuln">
<table class="table vcio-table width-100-pct mt-2">
<tbody>
<tr>
<td class="two-col-left">
Closest non-vulnerable purl
</td>
<td class="two-col-right">
<a href="{{ fixed_package_details.closest_non_vulnerable_fix_url }}?search={{ fixed_package_details.closest_non_vulnerable_fix }}" target="_self">{{ fixed_package_details.closest_non_vulnerable_fix }}</a>
</td>
</tr>
<tr>
<td class="two-col-left">
Latest non-vulnerable purl
</td>
<td class="two-col-right">
<a href="{{ fixed_package_details.most_recent_non_vulnerable_fix_url }}?search={{ fixed_package_details.most_recent_non_vulnerable_fix }}" target="_self">{{ fixed_package_details.most_recent_non_vulnerable_fix }}</a>
</td>
</tr>
</tbody>
</table>
</div>

{% endif %}

<div class="content ml-3 mr-3">
<div class="has-text-weight-bold ml-1 mb-0">
Affected by vulnerabilities ({{ affected_by_vulnerabilities|length }})
</div>



<table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth">
<thead>
<tr>
<th style="width: 175px;">Vulnerability</th>
<th>Summary</th>
<th style="width: 225px;">Aliases</th>
<th style="width: 300px;">Fixed by packages</th>
<th style="width: 300px;">Closest fixed by packages</th>
</tr>
</thead>

Expand All @@ -75,159 +104,63 @@
{% endif %}
{% endfor %}
</td>
<td style="color: #ff0000; word-wrap: break-word; word-break: break-all;">
<!-- <span class="dev_fixed_by_headers">START 'for pkg in vulnerability.fixed_by_packages'</span>
{% for pkg in vulnerability.fixed_by_packages %}
<div style="font-size: 13px; padding: 0px 0px 5px 0px; line-height: 17px;">
{{ pkg.purl }}
</div>
{% endfor %}
<span class="dev_fixed_by_headers">END 'for pkg in vulnerability.fixed_by_packages'</span>
<hr style="border-top: solid 1px #d8d8d8;"> -->

<!-- <span class="dev_fixed_by_headers">START 'get_closest_fixed_package' context</span>
{% for pkg in vulnerability.fixed_by_packages %}
{% if pkg in get_closest_fixed_package %}
<div style="font-size: 13px; padding: 0px 0px 5px 0px; line-height: 17px;">
<span style="color: #009933;">{{ pkg.purl }}</span>
</div>
{% endif %}
{% endfor %}
<br />
<span style="color: #cc0099; font-size: 13px; padding: 0px 0px 5px 0px; font-weight: none;">get_closest_fixed_package list:</span>
<br />
<div style="color: #cc0099; font-size: 13px; padding: 0px 0px 5px 0px;">{{ get_closest_fixed_package }}</div>
<br />
<div style="color: #996633; font-size: 13px; padding: 0px 0px 5px 0px;">
<span class="dev_fixed_by_headers">END 'get_closest_fixed_package' context</span>
<br /><br /> -->


<!-- <span class="dev_fixed_by_headers">START 'fixed_package_details' context</span> -->

{% if package.purl in fixed_package_details.purl %}
{% for key, value in fixed_package_details.items %}
{% if key == "vulnerabilities" %}
<td style="word-wrap: break-word; word-break: break-all;">
{% if package.purl in fixed_package_details.purl %}
{% for key, value in fixed_package_details.items %}
{% if key == "vulnerabilities" %}
{% for abc in value %}
{% if abc.vulnerability == vulnerability.vulnerability_id %}
<ul class="fixed_by_bullet" style="color: #000000;">
<li>
<span style="font-weight: bold;">PURL:</span> {{ fixed_package_details.purl }}

<!-- <div class="dropdown is-hoverable has-text-weight-normal is-right">
<div class="dropdown-trigger">
<i class="fa fa-question-circle ml-2 fa-lg has-background-white has-text-link"></i>
</div>
<div class="dropdown-menu dropdown-vuln-dict-width" id="dropdown-menu4" role="menu">
<div class="dropdown-content dropdown-instructions-box-shadow">
<div class="dropdown-item">
<div style="max-height: 300px; overflow-y: auto;">
This is a dictionary created as part of this affected-fixed matching work:
<div style="padding-top: 5px;">
{% for key, value in fixed_package_details.items %}
{{ key }}: {{ value }}
<br />
{% endfor %}
</div>
</div>
</div>
</div>
</div>
</div> -->

</li>
<li>
<span style="font-weight: bold;">Vulnerability:</span> {{ abc.vulnerability }}
</li>
<li>
<span style="font-weight: bold;">Closest fixed-by PURL:</span>
<a href="{{ abc.closest_fixed_by_url }}?search={{ abc.closest_fixed_by_purl }}" target="_self">{{ abc.closest_fixed_by_purl }}</a>
</li>
<li>
<span style="font-weight: bold;">Closest fixed-by vulnerability count:</span> {{ abc.closest_fixed_by_vulnerabilities|length }}
{% if abc.closest_fixed_by_vulnerabilities|length != 0 %}
<div class="dropdown is-hoverable has-text-weight-normal is-right">
<div class="dropdown-trigger">
<i class="fa fa-question-circle ml-2 fa-lg has-background-white has-text-danger"></i>
</div>
<div class="dropdown-menu dropdown-vuln-list-width" id="dropdown-menu4" role="menu">
<div class="dropdown-content dropdown-instructions-box-shadow">
<div class="dropdown-item">
<div style="max-height: 300px; overflow-y: auto;">
The <strong>closest fixed-by PURL</strong> has {{ abc.closest_fixed_by_vulnerabilities|length }}
{% if abc.closest_fixed_by_vulnerabilities|length == 1 %}
vulnerability:
{% else %}
vulnerabilities:
{% endif %}
<div style="padding-top: 5px;">
<!-- ALERT: We're using the namedtuple here -- but a dict might be better because we need the values as keyt-value pairs in the purl_dict we create in models.py. ATM all we have is the 2 values as items in a list, e.g.,

"closest_fixed_by_vulnerabilities": [
[
"VCID-t7e4-g3fr-aaan",
"/vulnerabilities/VCID-t7e4-g3fr-aaan"
]
]
<a href="{{ abc.closest_fixed_by_url }}?search={{ abc.closest_fixed_by_purl }}" target="_self">{{ abc.closest_fixed_by_purl }}</a>
<br />

<span>Vulnerabilities:</span> {{ abc.closest_fixed_by_vulnerabilities|length }}

{% if abc.closest_fixed_by_vulnerabilities|length != 0 %}
<div class="dropdown is-hoverable has-text-weight-normal is-right">
<div class="dropdown-trigger">
<i class="fa fa-question-circle ml-2 fa-sm has-background-white has-text-link"></i>
</div>
<div class="dropdown-menu dropdown-vuln-list-width" id="dropdown-menu4" role="menu">
<div class="dropdown-content dropdown-instructions-box-shadow">
<div class="dropdown-item">
<div style="max-height: 200px; overflow-y: auto;">
The <strong>closest fixed-by purl</strong> has {{ abc.closest_fixed_by_vulnerabilities|length }}
{% if abc.closest_fixed_by_vulnerabilities|length == 1 %}
vulnerability:
{% else %}
vulnerabilities:
{% endif %}
<div style="padding-top: 5px;">
{% for closest_vuln in abc.closest_fixed_by_vulnerabilities %}
<div>
<a href="{{ closest_vuln.vuln_get_absolute_url }}" target="_self">{{ closest_vuln.vuln_id }}</a>
</div>
{% endfor %}
</div>
</div>
</div>
</div>
</div>
</div>
{% endif %}

-->
{% for closest_vuln in abc.closest_fixed_by_vulnerabilities %}
<div>
<a href="{{ closest_vuln.vuln_get_absolute_url }}" target="_self">{{ closest_vuln.vuln_id }}</a>
</div>
{% endfor %}
</div>
</div>
</div>
</div>
</div>
</div>
{% endif %}
</li>
<li style="border-top: solid 1px #cccccc; margin-top: 10px; padding-top: 10px;">
<span style="font-weight: bold;">Closest non-vulnerable fix:</span>
<!-- <a href="{{ abc.closest_non_vulnerable_fix_url }}?search={{ abc.closest_non_vulnerable_fix }}" target="_self">{{ abc.closest_non_vulnerable_fix }}</a> -->
<!-- 2023-08-07 Monday 16:34:43. Replace with higher-level key-value pair -->
<a href="{{ fixed_package_details.closest_non_vulnerable_fix_url }}?search={{ fixed_package_details.closest_non_vulnerable_fix }}" target="_self">{{ fixed_package_details.closest_non_vulnerable_fix }}</a>
</li>
<li>
<span style="font-weight: bold;">Most recent non-vulnerable fix:</span>
<!-- <a href="{{ abc.most_recent_non_vulnerable_fix_url }}?search={{ abc.most_recent_non_vulnerable_fix }}" target="_self">{{ abc.most_recent_non_vulnerable_fix }}</a> -->
<!-- 2023-08-07 Monday 16:34:43. Replace with higher-level key-value pair -->
<a href="{{ fixed_package_details.most_recent_non_vulnerable_fix_url }}?search={{ fixed_package_details.most_recent_non_vulnerable_fix }}" target="_self">{{ fixed_package_details.most_recent_non_vulnerable_fix }}</a>
</li>
</ul>
{% endif %}
{% endfor %}


{% endif %}
{% endfor %}
{% else %}
NO-- {{ package.purl }}
{% endif %}
{% endfor %}


<!-- <span class="dev_fixed_by_headers">END 'fixed_package_details' context</span> -->


</div>

{% endif %}
</td>
</tr>
{% empty %}
<tr>
<td colspan="4"></td>
<td colspan="4">
This package is not known to be affected by vulnerabilities.
</td>
</tr>
{% endfor %}
</tbody>

</table>
</div>

Expand All @@ -244,7 +177,6 @@
<th style="width: 225px;">Aliases</th>
</tr>
</thead>

<tbody>
{% for vulnerability in fixing_vulnerabilities %}
<tr>
Expand Down
Loading

0 comments on commit 3b34e46

Please sign in to comment.