Skip to content

ROX-29493: Render component vulnerabilities table if imageMetadata#15455

Merged
pedrottimark merged 1 commit intomasterfrom
ROX-29493-imageMetadata
May 28, 2025
Merged

ROX-29493: Render component vulnerabilities table if imageMetadata#15455
pedrottimark merged 1 commit intomasterfrom
ROX-29493-imageMetadata

Conversation

@pedrottimark
Copy link
Contributor

@pedrottimark pedrottimark commented May 27, 2025
edited
Loading

Description

It might help to ignore whitespace for review.

Problem

Thank you:

  • Ross Tannenbaum for finding this problem.
  • David Vail for suggesting the cause.

Component vulnerabilities tables render PartialCVEDataAlert element if either summary or imageMetadata are absent.

Analysis

Other tables render PartialCVEDataAlert if summary is absent.

This seems like copy-paste-edit from one condition to two conditions.

Solution

  1. Render summary conditionally, else nothing.
  2. Render WhateverComponentVulnerabilitiesTable conditionally else PartialCVEDataAlert element.

That is, in the context, omit secondary summary silently if absent, and render Partial CVE data only if primary imageMetadata is absent.

User-facing documentation

  • CHANGELOG.md update is not needed
  • documentation PR is not needed

Testing and quality

  • the change is production ready: the change is GA, or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

  • added unit tests
  • added e2e tests
  • added regression tests
  • added compatibility tests
  • modified existing tests

How I validated my change

  1. npm run tsc in ui/apps/platform folder.
  2. npm run lint in ui/apps/platform folder.

Manual testing with Advisory column

Image: registry.redhat.io/openshift-logging/logging-curator5-rhel9:v5.8.1-478

  1. Visit /main/vulnerabilities/all-images search for image above, and then expand rows for GHSA and PYSEC vulnerabilities.

    • Before changes, see Partial CVE data
      ImageVulnerabilitiesTable_combined

    • After changes, see absence of summary but presence of ImageComponentVulnerabilitiesTable element.
      ImageVulnerabilitiesTable_separated

Not sure how likely to find similar situation for deployment.

@pedrottimark pedrottimark requested a review from a team as a code owner May 27, 2025 20:56
@pedrottimark pedrottimark requested a review from dvail May 27, 2025 20:57
sourcery-ai[bot]
sourcery-ai bot reviewed May 27, 2025
View reviewed changes
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @pedrottimark - I've reviewed your changes and they look great!

Here's what I looked at during the review
  • 🟢 General issues: all looks good
  • 🟢 Security: all looks good
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Documentation: all looks good
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@rhacs-bot
Copy link
Contributor

rhacs-bot commented May 27, 2025

Images are ready for the commit at 9d1a464.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.8.x-823-g9d1a4640d1.

@codecov
Copy link

codecov bot commented May 27, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 49.24%. Comparing base (92e5d0b) to head (9d1a464).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #15455      +/-   ##
==========================================
- Coverage   49.24%   49.24%   -0.01%     
==========================================
  Files        2578     2578              
  Lines      189182   189182              
==========================================
- Hits        93161    93157       -4     
- Misses      88686    88688       +2     
- Partials     7335     7337       +2
Flag Coverage Δ
go-unit-tests 49.24% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@pedrottimark pedrottimark merged commit bc79930 into master May 28, 2025
86 checks passed
@pedrottimark pedrottimark deleted the ROX-29493-imageMetadata branch May 28, 2025 19:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@dvail dvail dvail approved these changes

Assignees

No one assigned

Labels

area/ui

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pedrottimark @rhacs-bot @dvail