FEAT: Searchable multi-select filters for Attack History (ADO 7834)#1643
Open
adrian-gavrila wants to merge 10 commits intomicrosoft:mainfrom
Open
FEAT: Searchable multi-select filters for Attack History (ADO 7834)#1643adrian-gavrila wants to merge 10 commits intomicrosoft:mainfrom
adrian-gavrila wants to merge 10 commits intomicrosoft:mainfrom
Conversation
…ilter" Add a tri-state has_converters param to get_attack_results. Previously converter_classes=[] meant "attacks with no converters"; it now means "no filter". Use has_converters=False for the old behavior. BREAKING CHANGE: converter_classes=[] no longer filters to zero-converter attacks. No in-repo callers relied on this. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Update the AttackService and REST route to forward the new has_converters param to memory, and rename the route query param from attack_class (scalar) to attack_types (repeated) for consistency with the other list-valued filters. BREAKING CHANGE: REST query param attack_class renamed to attack_types. Only in-tree consumer is the frontend, updated in the next commit. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replace Dropdowns with searchable multi-select Comboboxes for attack class, converter, operator, and operation filters. The converter Combobox includes a "(No converters)" sentinel option that maps to has_converters=false. A match-mode Switch (ANY|ALL) appears when two or more converters are selected. Adapts AttackHistory.fetchAttacks to send attack_types (repeated), converter_types_match, and has_converters to the API. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…] semantic) Restores the deprecated singular `attack_class` parameter as a forwarder to `attack_classes` and reverts `converter_classes=[]` to its original "no converters" meaning. Library callers see no behavior change; the new `attack_classes`/`has_converters` params remain available for explicit multi/presence filtering. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Multi-select Comboboxes now display "<first> (+N)" instead of always showing the placeholder. Swaps the outcome filter from Dropdown to single-select Combobox so its visible label persists across re-renders triggered by sibling filter changes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…ce label keys - Service layer coerces converter_types=[] to 'no filter'; the 'no converters' intent is expressed via has_converters=False. Keeps route/service/memory semantics consistent. - memory_interface.get_attack_results strips label keys whose value is an empty sequence before emitting the label condition (previously produced a strictly-more-restrictive EXISTS predicate). - Skip the redundant has_converters=True predicate when converter_classes is already non-empty. - Adds unit tests for the empty-sequence/no-identifier branches in the memory and backend service layers. - Fixes two Attack History e2e specs to click the Combobox input (Fluent v9 multiselect doesn't open the listbox on wrapper click). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Fluent v9 multiselect Combobox renders items as role=menuitemcheckbox, not role=option. Update attack-class and operator filter tests to query the correct role. - Update the mockHistoryAPIs handler to read the renamed attack_types (plural, repeatable) query param and to group repeated label keys into OR-sets (matches the route's real semantic). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR upgrades the Attack History filtering UX to searchable multi-select controls and updates the backend /attacks filtering contract and memory-layer semantics to support multi-value filtering (including converter presence and match-mode).
Changes:
- Frontend: migrate history filters from single-select Dropdowns to multi-select Comboboxes, add
(No converters)sentinel andMatch any | Match alltoggle behavior, and update request serialization (attack_types,has_converters,converter_types_match). - Backend: rename query param
attack_type→attack_types(repeatable), addhas_convertersandconverter_types_matchwiring, and expand memory filtering to supportattack_classesand OR-within-label-key semantics. - Tests: add/adjust unit + e2e tests covering new filter semantics, query parsing, and UI behavior.
Reviewed changes
Copilot reviewed 16 out of 17 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| uv.lock | Bumps local editable pyrit dev version. |
| pyrit/memory/memory_interface.py | Adds plural attack_classes, has_converters, label OR-within-key semantics, and deprecates singular attack_class. |
| pyrit/memory/sqlite_memory.py | Implements label OR-within-key filtering for SQLite JSON labels. |
| pyrit/memory/azure_sql_memory.py | Implements label OR-within-key filtering for Azure SQL JSON labels. |
| pyrit/backend/services/attack_service.py | Wires new filter params; adds converter match-mode behavior with optional Python-side filtering. |
| pyrit/backend/routes/attacks.py | Updates /attacks query contract (attack_types, converter_types_match, has_converters) and label grouping. |
| tests/unit/memory/test_azure_sql_memory.py | Adds tests for Azure SQL label condition bind-param behavior. |
| tests/unit/memory/memory_interface/test_interface_attack_results.py | Adds tests for new memory filter semantics (labels OR, attack_classes, has_converters, back-compat). |
| tests/unit/backend/test_attack_service.py | Adds service-layer tests for forwarding/coercion and converter match-mode behavior. |
| tests/unit/backend/test_api_routes.py | Adds route parsing/forwarding tests for repeated params and new query fields. |
| frontend/src/services/api.ts | Updates listAttacks param types and keeps repeated-array query serialization. |
| frontend/src/components/History/historyFilters.ts | Updates filter state model for multi-select + new converter semantics. |
| frontend/src/components/History/HistoryFiltersBar.tsx | Migrates UI controls to multiselect Comboboxes + sentinel + match-mode toggle. |
| frontend/src/components/History/HistoryFiltersBar.test.tsx | Updates/extends UI unit tests for multi-select and new converter behavior. |
| frontend/src/components/History/AttackHistory.tsx | Updates API request construction for new filter shape and params. |
| frontend/src/components/History/AttackHistory.test.tsx | Updates/extends integration tests to validate API forwarding. |
| frontend/e2e/history.spec.ts | Updates e2e tests for multiselect Combobox roles and new query param name. |
- Validate label keys against [A-Za-z0-9_.-]+ allowlist in
MemoryInterface.get_attack_results before interpolation into backend
JSON-path expressions, preventing SQL injection via crafted label keys
(e.g. Azure SQL's text(f\$.{key}) fragment).
- Make multi-select Attack History filters actually searchable: extract
a SearchableMultiCombobox helper that tracks open + search state,
filters options by typed text, and shows the formatted 'name (+N)'
summary only while the popover is closed. Apply the same pattern
inline to the converter filter (keeps its sentinel OptionGroup).
- Strip empty strings from ?attack_types= query param for symmetry with
?converter_types=, and clarify the route-layer comment now that the
service coerces [] to None.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Replaces the single dynamic Switch label (which mutated between 'Match any' and 'Match all') with always-visible 'ANY' and 'ALL' text flanking the Switch, preceded by a 'Converters:' prefix that anchors the toggle to the converter filter it governs. Active side is emphasized via bold + stronger foreground so the current state is readable at a glance without mental translation. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Migrates the Attack History view's Fluent UI Dropdowns to searchable multi-select Comboboxes and expands backend filter semantics to support the new UX. Resolves ADO 7834.
User-visible changes
(+N)suffix when more than one is selected.(No converters)option, mutually exclusive with picking specific converters.Match any | Match allSwitch controls whether an attack must use any or all of them.REST contract change
GET /attacksquery paramattack_classis renamed toattack_types(repeated, list-valued) to align with the multi-select UI and the already-existingGET /attack-optionsresponse field. The only in-tree consumer is the frontend, updated in this PR.Memory layer additions (non-breaking)
MemoryInterface.get_attack_resultsgains a newattack_classes: Sequence[str]param for OR-matched multi-filtering, plushas_converters: bool | Nonefor explicit presence/absence filtering. The oldattack_class: strparam is preserved as a deprecated forwarder, andconverter_classes=[]keeps its original "no converters" semantic.Tests and Documentation
Tests added
attack_classesmulti-match,has_converters=True/False, back-compat of singularattack_class, and theValueErrorwhen both singular and plural are passed.has_convertersforwarding, match-mode combinations,attack_typeslist handling.attack_types,converter_types_matchany/all,has_converterswiring.has_convertersAPI forwarding, conditionalconverter_types_matchemission, multi-select display formatting, outcome filter label persistence.Documentation: updated relevant docstrings, but no changes to other documentation