Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consolidate 'Fixed by packages' tab and 'Affected packages' tab in Vulnerability details page #1287

Open
johnmhoran opened this issue Aug 30, 2023 · 3 comments
Open

Consolidate 'Fixed by packages' tab and 'Affected packages' tab in Vulnerability details page #1287

johnmhoran opened this issue Aug 30, 2023 · 3 comments
Assignees
@TG1999
Labels
enhancement ui

Comments

@johnmhoran
Copy link
Member

We need to consolidate the Fixed by packages tab and the Affected packages tab in the Vulnerability details page into a single tab with a table in which the rows contain relevant pairing of affected and fixed packages.
@johnmhoran johnmhoran self-assigned this Aug 30, 2023
@johnmhoran
Copy link
Member Author

@pombredanne @TG1999

(1) When we match fixed by packages to a particular affected package, do we want to match all of these attributes?

"name"
"namespace"
"type"
"qualifiers"
"subpath"

That's what we currently do in my pending Package UI/API issue PR 1249 (issue 1228).

(2) This question likely also applies to the results of a PURL search -- do you agree? For example, a search for pkg:deb/debian/jackson-databind@2.9.1-1?distro=sid displays results that include non-matching qualifiers:

image

In addition, this screenshot reflects the poor sorting AND the apparent existence in the DB of duplicate records. I can address the sorting in this issue, though I suspect the problem of duplicate records is more complex and not directly related and will need to be addressed in a separate issue. (See issue 1278, which I opened back in August.)

@johnmhoran
Copy link
Member Author

Note that in views.py, in the PackageSearch class, this docstring is not as precisely focused.

    def get_queryset(self, query=None):
        """
        Return a Package queryset for the ``query``.
        Make a best effort approach to find matching packages either based
        on exact purl, partial purl or just name and namespace.
        """
        query = query or self.request.GET.get("search") or ""
        return self.model.objects.search(query).with_vulnerability_counts().prefetch_related()

@johnmhoran
Copy link
Member Author

I see the same docstring in the search() method of the PackageQuerySet() class in models.py.

I take this to mean that we do want a broad and flexible search result in case the user submits an abbreviated search, e.g., a search for jackson-databind will return maven, deb and rpm packages. When we get to that issue, it will be interesting to see how we apply the univers RANGE_CLASS_BY_SCHEMES to a group of potentially many different combos of type, namespace etc.

Meanwhile, please focus on my questions (1) and (2) above at your earliest opportunity.

@johnmhoran johnmhoran mentioned this issue Oct 5, 2023
Closed
johnmhoran added a commit that referenced this issue Oct 6, 2023
@johnmhoran
Begin work on combining affected and fixed by packages #1287
4229c5e 
Reference: #1287

Signed-off-by: John M. Horan <johnmhoran@gmail.com>
@johnmhoran johnmhoran mentioned this issue Oct 6, 2023
Closed
@johnmhoran johnmhoran moved this from Needs Review to Reviewed in VulnerableCode Data Quality and next Jun 20, 2024
@pombredanne pombredanne mentioned this issue Jul 16, 2024
Open
johnmhoran added a commit that referenced this issue Jul 30, 2024
@johnmhoran
Add CSS for collapsed navbar, adjust vuln template nesting #1287
7346411 
Reference: #1287
Signed-off-by: John M. Horan <johnmhoran@gmail.com>
@johnmhoran johnmhoran mentioned this issue Jul 30, 2024
Merged
johnmhoran added a commit that referenced this issue Jul 30, 2024
@johnmhoran
Merge branch 'main' into 1287-resume-combining-affected-fixed-tabs
38991d9 
Reference: #1287
Signed-off-by: John M. Horan johnmhoran@gmail.com
@johnmhoran johnmhoran mentioned this issue Jul 30, 2024
Open
johnmhoran added a commit that referenced this issue Aug 7, 2024
@johnmhoran
Add matched affected/fixed-by Packages with correct sorting #1287
e5ca080 
Reference: #1287
- Matched affected/fixed-by Package data added to Vulnerability details.
- version_class-based sorting added to that data as well.
- Note that version_class-based Packages sorting still needs to be added
  to Package search results.
- Filter added to encode Package URLs.
- Next: will add tests.
Signed-off-by: John M. Horan <johnmhoran@gmail.com>
johnmhoran added a commit that referenced this issue Aug 7, 2024
@johnmhoran
Merge branch 'main' into 1287-resume-combining-affected-fixed-tabs
8333952 
Reference: #1287
- Fixed merge conflicts.
Signed-off-by: John M. Horan <johnmhoran@gmail.com>
@johnmhoran johnmhoran moved this from Reviewed to Assigned in VulnerableCode Data Quality and next Aug 8, 2024
johnmhoran added a commit that referenced this issue Aug 12, 2024
@johnmhoran
Refactor sort and version_class functions and add tests #1287
7e740a6 
Reference: #1287
Signed-off-by: John M. Horan <johnmhoran@gmail.com>
johnmhoran added a commit that referenced this issue Aug 12, 2024
@johnmhoran
Merge branch 'main' into 1287-resume-combining-affected-fixed-tabs
ebd8cdc 
Reference: #1287
Signed-off-by: John M. Horan johnmhoran@gmail.com
johnmhoran added a commit that referenced this issue Aug 13, 2024
@johnmhoran
Run 'make valid' #1287
76c5eda 
Reference: #1287
Signed-off-by: John M. Horan <johnmhoran@gmail.com>
@pombredanne pombredanne assigned TG1999 and unassigned johnmhoran Sep 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TG1999 TG1999

Labels
enhancement ui
Projects
04-VulnerableCode Data Quality and next
Status: No status
Milestone
No milestone
Development

No branches or pull requests
2 participants
@johnmhoran @TG1999