Searching software versions by name will now return all versions that match the corresponding title name as well

[getvictor]

Related issue: Resolves #35028

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
  See Changes files for more information.

Testing

• Added/updated automated tests
• QA'd all new/changed functionality manually

Summary by CodeRabbit

• New Features

  • Software version search now includes all versions whose software title matches the search query, extending search capabilities beyond name-only matching.

• Tests

  • Added tests to verify the expanded search functionality, covering searches by partial and full title names.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 65.89%. Comparing base (e67a415) to head (081a8a7).
⚠️ Report is 16 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #38103      +/-   ##
==========================================
+ Coverage   65.86%   65.89%   +0.02%     
==========================================
  Files        2392     2393       +1     
  Lines      190711   190950     +239     
  Branches     8469     8469              
==========================================
+ Hits       125611   125822     +211     
- Misses      53684    53695      +11     
- Partials    11416    11433      +17     

Flag	Coverage Δ
backend	67.72% <100.00%> (+0.02%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[getvictor]

@coderabbitai full review

[coderabbitai]

✅ Actions performed

Full review triggered.

[coderabbitai]

Walkthrough

Expands software search functionality to include matching by software title name in addition to software name and version. When a search query is provided, a LEFT JOIN to software_titles is added and title name is included in filter conditions, enabling discovery of all software versions grouped under a matching title.

Changes

Cohort / File(s)	Summary
Changelog entry changes/35028-software-versions-search	Documents the software versions search expansion by name to include all versions matching the title name.
Software search query enhancement server/datastore/mysql/software.go	Adds LEFT JOIN to software_titles when MatchQuery is provided; includes st.name in search conditions alongside software name/version/cve; introduces needsTitleJoin flag to handle count logic with COUNT(DISTINCT shc.software_id) when title join could create duplicates.
Test coverage server/datastore/mysql/software_test.go	New test function testListSoftwareVersionsSearchByTitleName verifies searching software versions by title name returns all grouped entries under that title; validates partial and full name searches.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• #35670: Also modifies server/datastore/mysql/software.go's software-listing and count query logic, introducing an optimized listing/count path that may interact with the title-based search changes.

Suggested reviewers

• sgress454
• mostlikelee

🚥 Pre-merge checks | ✅ 3 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 40.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Description check	⚠️ Warning	The PR description is incomplete, missing several required checklist sections such as input validation, SQL injection prevention, backwards compatibility checks, and database migration validation.	Complete the remaining checklist items by either checking applicable boxes with confirmations or explicitly stating why sections don't apply to this change. At minimum, address input validation/SQL injection prevention and any database schema impacts.

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change: expanding software version search to include title name matches.
Linked Issues check	✅ Passed	The code changes expand the software search to include title name matches, directly addressing the SharePoint visibility issue in #35028.
Out of Scope Changes check	✅ Passed	All changes are focused on expanding software version search scope by adding title name matching, directly aligned with #35028 requirements.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch victor/35028-software-versions-search

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @changes/35028-software-versions-search:
- Line 1: Update the user-facing description that currently says "Searching
software versions by name will now return all versions that match the
corresponding title name as well." to clarify what "title name" means; replace
it with either a more explicit phrase such as "Searching software versions by
name will now return all versions that match the software's title (the display
name shown in Fleet) in addition to its internal name" or a shorter alternative
like "Searching software versions by name will also match the software's display
title." Modify the description text in the
changes/35028-software-versions-search entry so users clearly understand that
"title" refers to the display name shown in Fleet, not an internal identifier.

In @server/datastore/mysql/software_test.go:
- Around line 10346-10416: The local variable titleID is assigned but never used
causing a Go compile error; either remove the unused GetContext block or use the
retrieved ID to assert grouping. Fix by updating
testListSoftwareVersionsSearchByTitleName: after creating initialSoftware,
either delete the titleID query entirely, or change it to fetch a value you
assert (e.g. fetch the title name or re-query software rows to assert their
title_id equals the retrieved id) using ds.writer(ctx).GetContext and then use
that variable in an assertion so it is referenced (symbols: titleID, ds.writer,
testListSoftwareVersionsSearchByTitleName, ListSoftware).

🧹 Nitpick comments (1)

server/datastore/mysql/software.go (1)

2050-2080: Verify join order dependency

The needsTitleJoin flag is set based on MatchQuery != "", which creates a dependency on needsSoftwareJoin also being true (line 2050). The code correctly ensures the software table (s) is joined first (line 2072) before the software_titles table (st) references s.title_id (line 2079).

This dependency is implicit and could be fragile if the conditions on lines 2050-2051 ever diverge. Consider adding an assertion or comment to make this dependency explicit:

needsSoftwareJoin := opts.ListOptions.MatchQuery != ""
needsTitleJoin := opts.ListOptions.MatchQuery != "" // Requires needsSoftwareJoin to be true for s.title_id reference

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7915280 and c3c27f3.

📒 Files selected for processing (3)

• changes/35028-software-versions-search
• server/datastore/mysql/software.go
• server/datastore/mysql/software_test.go

🧰 Additional context used

📓 Path-based instructions (1)

**/*.go

⚙️ CodeRabbit configuration file

When reviewing SQL queries that are added or modified, ensure that appropriate filtering criteria are applied—especially when a query is intended to return data for a specific entity (e.g., a single host). Check for missing WHERE clauses or incorrect filtering that could lead to incorrect or non-deterministic results (e.g., returning the first row instead of the correct one). Flag any queries that may return unintended results due to lack of precise scoping.

Files:

• server/datastore/mysql/software.go
• server/datastore/mysql/software_test.go

🧬 Code graph analysis (2)

server/datastore/mysql/software.go (2)

server/platform/mysql/list_options.go (1)

• ListOptions (14-23)

server/fleet/app.go (1)

• ListOptions (1253-1277)

server/datastore/mysql/software_test.go (1)

server/fleet/software.go (3)

• Software (83-149)
• Software (151-153)
• SoftwareListOptions (634-652)

🔇 Additional comments (3)

server/datastore/mysql/software_test.go (1)

106-107: Good test wiring; ensures the regression runs as part of TestSoftware.
No concerns with adding the new case entry.

server/datastore/mysql/software.go (2)

1875-1884: LGTM - Well-implemented search enhancement

The LEFT JOIN to software_titles when searching is correctly implemented:

• The join is only added when MatchQuery is provided, avoiding unnecessary overhead
• LEFT JOIN is appropriate since not all software entries may have a title_id
• The join condition s.title_id = st.id is correct
• The same enhancement is consistently applied to both the list query here and the count query (lines 2076-2080)

The implementation correctly handles NULL values from the LEFT JOIN - when st.name is NULL, the ILIKE condition on line 1936 won't match, which is the expected behavior.

---

2122-2128: Join dependency is correctly implemented and tested

The search clause references scv.cve (line 2126), which depends on the software_cve table being joined via the LEFT JOIN added when needsCVEJoin is true on line 2052. This is correctly guaranteed whenever MatchQuery != "".

The OR-based WHERE clause handles the LEFT JOIN correctly: rows matching any condition (software name, version, CVE, or title name) are included, so NULL values in scv.cve from the LEFT JOIN don't incorrectly filter out matches on other columns.

The existing test testListSoftwareVersionsSearchByTitleName validates this works as intended—searching for a title name returns all software entries under that title, even when their individual names differ. The implicit dependency between needsCVEJoin and the search clause creates fragility to future modifications, but the current implementation is correct.

[ksykulev]

Looks good to me. Just had a quick non-blocking comment.