Add more filtering to Vulnerability Exposure chart (frontend)#47674
Conversation
|
@coderabbitai review |
✅ Action performedReview finished.
|
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #47674 +/- ##
==========================================
- Coverage 67.27% 67.26% -0.02%
==========================================
Files 3644 3647 +3
Lines 230327 230548 +221
Branches 11842 12086 +244
==========================================
+ Hits 154963 155084 +121
- Misses 61439 61542 +103
+ Partials 13925 13922 -3
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
WalkthroughThe PR adds CVE-specific software filtering to the dashboard Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@frontend/pages/DashboardPage/cards/ChartCard/ChartCard.tsx`:
- Around line 113-119: The `softwareFilterLines` function currently shows the
software category text whenever any categories are selected, but since all
categories are selected by default, this causes the Software section to appear
in the filter summary even when the user hasn't actually narrowed their
selection. Fix this by changing the condition that determines when to add
category text: instead of checking if `cats.length` is truthy, only add the
category text when the user has actually narrowed their selection, meaning the
number of selected categories is less than the total number of available
CVE_SOFTWARE_CATEGORIES. This way, the filter summary will only show the
Software section when categories have been actively filtered, not just when the
defaults are used.
In
`@frontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/SoftwareFilters/SoftwareFilters.tsx`:
- Around line 75-89: The useQuery hook for fetching vulnerability data in the
SoftwareFilters component is running unconditionally, causing unnecessary
network requests even when Advanced options are collapsed. Add an enabled
property to the useQuery configuration options object (which currently contains
keepPreviousData and staleTime) and set it to showAdvanced to prevent the query
from executing until the user actually expands the Advanced options section.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: b280c682-2fe1-4add-bb71-fefbd9a2f987
📒 Files selected for processing (12)
frontend/interfaces/charts.tsfrontend/pages/DashboardPage/cards/ChartCard/ChartCard.tsxfrontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/ChartFilterModal.tsxfrontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/SoftwareFilters/SoftwareFilters.tests.tsxfrontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/SoftwareFilters/SoftwareFilters.tsxfrontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/SoftwareFilters/_styles.scssfrontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/SoftwareFilters/helpers.tests.tsfrontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/SoftwareFilters/helpers.tsfrontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/SoftwareFilters/index.tsfrontend/pages/DashboardPage/cards/ChartCard/ChartFilterModal/index.tsfrontend/pages/DashboardPage/cards/ChartCard/_styles.scssfrontend/services/entities/charts.ts
bf8065a to
f388d9d
Compare
There was a problem hiding this comment.
Claude Code Review
This repository is configured for manual code reviews. Comment @claude review to trigger a review and subscribe this PR to future pushes, or @claude review once for a one-time review.
Tip: disable this comment in your organization's Code Review settings.
#47470) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #44746 # Details * Adds the ability to filter historical CVE data by software type, EPSS, CVSS, CVE ID (exclude only) and "has known exploit" * Hard-codes the CVSS filter to 9.0+ for now, since that's the only data that's been collected thus far * Un-gates the collection code so that it will collect CVE data for _all_ severities (but still in the restricted set of software) Related PRs [update the front-end](#47674) to allow sending these filters, and [update GitOps](#47634) to allow changing the default filters. # Checklist for submitter If some of the following don't apply, delete the relevant line. - [X] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [X] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects, and untrusted data interpolated into shell scripts/commands is validated against shell metacharacters. ## Testing - [X] Added/updated automated tests - [X] QA'd all new/changed functionality manually ### Manual test plan — CVE chart filtering (backend smoke test) #### Setup - Premium dev server running with a few hosts carrying vulnerable software (so `cve_meta` / `software_cve` / `operating_system_vulnerabilities` are populated) - Chart data present — collector ran once, or seeded: `go run ./tools/charts-backfill --dataset cve --use-tracked-cves --days 7` - API token exported and helper set: ```bash BASE=https://localhost:8080/api/v1/fleet/charts peak() { curl -sk -H "Authorization: Bearer $TOKEN" "$BASE/$1" | jq '[.data[].value] | max'; } #### Checks (compare against the no-filter baseline) - [x] Baseline returns data — GET /charts/cve?days=7 returns a data series; .filters is empty/default - [x] Severity force-pinned to critical — cve?days=7 and cve?days=7&severity_min=0&severity_max=10 give identical peaks (no low-severity leak; client severity ignored) - [x] Category narrowing — software_categories=browsers ≤ baseline; software_categories=os,browsers,office,adobe == baseline - [x] OS category includes kernel — software_categories=os returns OS-vuln + Linux-kernel CVE counts - [x] Known-exploit narrowing — known_exploit=true ≤ baseline - [x] EPSS narrowing — epss_min=0.9 ≤ baseline; epss_min=0&epss_max=1 == baseline (EPSS is 0.0–1.0 on the API) - [x] Exclude is subtractive + tolerant — excluding a visible CVE lowers/keeps counts; exclude_cves=CVE-0000-00000 == baseline (no-op) - [x] Filters echo back — filtered requests return applied values under .filters - [x] Uptime untouched — GET /charts/uptime?days=7 returns its normal series - [x] Free-tier safety (optional) — on non-Premium, /charts/cve returns an empty series, no error - [x] > 0 rows from: SELECT COUNT(DISTINCT scd.entity_id) AS below_critical FROM host_scd_data scd JOIN cve_meta cm ON cm.cve = scd.entity_id WHERE scd.dataset='cve' AND cm.cvss_score < 9.0; - (confirms lower-severity CVEs are stored) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Summary of changes * **New Features** * Added advanced CVE chart request filters: software categories, known-exploit flag, EPSS min/max, severity min/max, and excluded CVEs. * Expanded CVE chart coverage to use the full “collectible” CVE set, with filtering applied when serving chart data. * **Tests** * Added coverage for collecting collectible CVEs and resolving chart entities based on filter combinations and exclusions. * **Chores** * Updated CVE chart backfill to use collectible CVE discovery. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Use slices.Concat instead of append(swArgs, metaArgs...) so the combined args slice doesn't risk aliasing swArgs's backing array.
An empty software-category selection is indistinguishable from no filter on the chart read path (empty list collapses to nil = all categories), so deselecting every category showed all CVEs instead of none. Block Apply and show an inline validation error until at least one category is selected.
The Hosts tab renders inside .chart-filter-modal__form, which carries the bottom margin before the action buttons; the Software tab rendered SoftwareFilters directly and so had no gap. Wrap it in the same __form div so both tabs space identically.
a938394 to
d60bcd6
Compare
CI Feedback 🧐A test triggered by this PR failed. Here is an AI-generated analysis of the failure:
|
) <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Visual polish for the unreleased Vulnerability Exposure chart filter (part of #47674 / #44746) Left-aligns the "Advanced options" reveal toggle in the chart filter modal's Software tab so it matches the design. Previously the toggle stretched to the full width of the column-flex container and its content was centered; this adds `align-self: flex-start` so it hugs the left edge. ## Before / After - **Before:** "Advanced options" toggle centered in the panel. <img width="400" alt="image" src="https://github.com/user-attachments/assets/b4cbe5fc-832e-415b-af31-bfd3ca14085d" /> - **After:** Left-aligned, matching the Figma design. <img width="400" alt="CleanShot 2026-06-26 at 12 20 50@2x" src="https://github.com/user-attachments/assets/6204bc50-eb1a-4abc-bee6-45f6bb161bb2" /> # Checklist for submitter - [x] QA'd all new/changed functionality manually <!-- Frontend-only CSS alignment fix on an unreleased feature — DB/config/orbit/changes-file sections below are N/A and removed per template instructions. --> <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Style** * Adjusted the alignment of the “Advanced options” toggle in the software filters panel for a cleaner layout. * **Bug Fixes** * Improved the positioning of the toggle button so it aligns consistently within the filter section. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
Related issue: For #44746
Checklist for submitter
If some of the following don't apply, delete the relevant line.
changes/,orbit/changes/oree/fleetd-chrome/changes.See Changes files for more information.
Testing
Summary by CodeRabbit
Release Notes
New Features
Tests
Style