Add missing OSV schema fields to vulnerability page #2132
Conversation
zahraaalizadeh
force-pushed
the
add-missing-osv-schema-fields-to-vulnerability-page
branch
2 times, most recently
from
7eeb0bd
to
22f43d3
Compare
| @@ -163,57 +200,57 @@ <h3 class="mdc-layout-grid__cell--span-3"> | |||
| </dd> | |||
| </dl> | |||
| {% endfor -%} | |||
| </div> | |||
There was a problem hiding this comment.
We also have per-range ecosystem/database_specific: https://ossf.github.io/osv-schema/#affectedecosystem_specific-field
There was a problem hiding this comment.
To clarify, in total there's 3 variations here:
- affected[].ranges[].database_specific
- affected[].database_specific field
- affected[].ecosystem_specific field
There was a problem hiding this comment.
Added a commit to expose it: 47f2185
Also looking at the data models, I reckon currently this data is not recorded on the Bug model:
Lines 185 to 194 in 47f2185
(Please correct me if I'm missing something.)
It might be worth mentioning, I couldn't find any bug that include database_specific on their ranges though.
sample output:
There was a problem hiding this comment.
@oliverchang - FYI added ecae833 to render the on the fly database_specific data too.
| {%- if 'purl' in affected.package -%} | ||
| <dt>Purl</dt> | ||
| <dd>{{ affected.package.purl }}</dd> | ||
| {%- endif -%} | ||
| {%- endif -%} |
There was a problem hiding this comment.
We also a per-affected severity field: https://ossf.github.io/osv-schema/#affectedseverity-field
There was a problem hiding this comment.
There was a problem hiding this comment.
The rendering of this is different from the rendering for the top level severity (e.g. on GHSA-76v2-48w6-crxr). Can we make this the same as the top level rendering?
There was a problem hiding this comment.
update in 212c8f1
sample output:
zahraaalizadeh
force-pushed
the
add-missing-osv-schema-fields-to-vulnerability-page
branch
from
22f43d3
to
47f2185
Compare
| {% for credit in vulnerability.credits -%} | ||
| <li class="credit"> | ||
| <ul> | ||
| <li>{{ credit.name }}{%- if 'type' in credit -%} - {{ credit.type }}{%- endif -%}</li> |
There was a problem hiding this comment.
Can we add a space after the name and before the first "-" ?
There was a problem hiding this comment.
updated: 3c62c56
| pre { | ||
| white-space: pre-wrap; | ||
| overflow: auto; | ||
| } | ||
|
|
||
|
|
||
| .purl{ |
There was a problem hiding this comment.
can you add a space here after "purl" ?
There was a problem hiding this comment.
updated 511d314
| {%- if 'purl' in affected.package -%} | ||
| <dt>Purl</dt> | ||
| <dd>{{ affected.package.purl }}</dd> | ||
| {%- endif -%} | ||
| {%- endif -%} |
There was a problem hiding this comment.
The rendering of this is different from the rendering for the top level severity (e.g. on GHSA-76v2-48w6-crxr). Can we make this the same as the top level rendering?
|
/gcbrun |
gcp/appengine/frontend_handlers.py
Outdated
| @@ -240,7 +240,7 @@ def vulnerability_redirector(potential_vuln_id): | |||
| def bug_to_response(bug, detailed=True): | |||
| """Convert a Bug entity to a response object.""" | |||
| response = osv.vulnerability_to_dict( | |||
| bug.to_vulnerability(include_alias=detailed)) | |||
| bug.to_vulnerability(include_source=detailed, include_alias=detailed)) | |||
There was a problem hiding this comment.
No need to show this actually, as it replicates the existing "Source" field on the vulnerabilities field. Can you please revert?
There was a problem hiding this comment.
Ah, Thanks for the heads up! I didn't noticed the duplication. I dropped the commit.
Earlier in the html, there is a duplicated `if` statement to display the pacjange if it existed in the affected payload. This change removes the duplicated `if` statement in favour of the parent `if` statement.
Priorly, affected database specific was linked to affected range database specific. This change updates the link to point to the correct address.
zahraaalizadeh
force-pushed
the
add-missing-osv-schema-fields-to-vulnerability-page
branch
from
212c8f1
to
db8349b
Compare
This change adds the following info to the vulnerability page:
resolves #2081
Regarding the second items on the issue: per-range ecosystem/database_specific fields I left a question on the issue.