Add UI for VulnerableCode #230
Conversation
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
The views are now based on PackageRelatedVulnerablity model. Apart from that out of need, the properties vulnerable_to and resolved_to are added to Vulnerability and Package models. Style changes include centering the search bars. Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Use bulma's minified version. Remove inline css to a separate stylesheet custom.css . Delete Unused js. Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
This is done because when running migrations, the function which made db queries was being run hence failing the CI. By passing the function itself instead, this issue is fixed Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
|
@pombredanne Thanks for the kind words. About licenses the bulma.min.css already came with the header. Also this uses jquery and selectize which are fetched via CDN, is that ideal ? Or should we locally host these ? |
Ideally we want to avoid any dependency on a CDN and be self-contained. |
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
In the packagerelatedvulnerability_create.html a subtitle with a hyperlink is added to hint the user to create a vulnerability if the desired vulnerability is not found Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Upon updating, previously user would get a blank screen. This is fixed. Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Add margins and paddings. Get rid of Remove button. Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
| @@ -0,0 +1,14 @@ | |||
| about_resource: bulma.min.css | |||
|
Looking good! can you also included the non-minified JS and CSS? Minified JS is like a binary of sorts. |
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
|
@pombredanne re
Done |
|
|
||
| def get_package_namespaces(): | ||
| pkg_namespaces = [ | ||
| (i.namespace, i.namespace) |
There was a problem hiding this comment.
I am puzzled by the repetition.
There was a problem hiding this comment.
https://docs.djangoproject.com/en/3.1/ref/forms/fields/#django.forms.ChoiceField.choices
Example: For the tuple ("x","1") the user will be able to select "1" in the frontend which will be interpreted as "x" in the backend.
In this case I want the user to select namespace for what it is in the frontend as well as backend. This whole thing is done because I want to use ChoiceField instead of CharField which is provided by the ModelForm.
|
|
||
| def get_package_types(): | ||
| pkg_types = [(i.type, i.type) for i in Package.objects.distinct("type").all()] | ||
| pkg_types.append((None, "package type")) |
There was a problem hiding this comment.
What is "package type" about? I am also puzzled by the repetition (a bit of docstring would help I guess?
There was a problem hiding this comment.
package type is just another choice , which roughly translates into the user not caring about the pkg type of results obtained
There was a problem hiding this comment.
I am still not clear at all why you need that?
There was a problem hiding this comment.
Ah, you mean a placeholder in the UI dropdown?
| author: Dave Gandy | ||
| notes: This is the minified version of Font Awesome. | ||
|
|
||
| license: MIT |
There was a problem hiding this comment.
All our licenses are ScanCode keys and are lowercase (e.g. case does not matter and is always normalized to lower).
Also based on the .LICENSE below it looks like the license may be rather: mit AND ofl-1.1 AND cc-by-4.0 and we would also need the text of each of these too.
There was a problem hiding this comment.
According to https://github.com/FortAwesome/Font-Awesome/tree/v4.7.0#license I'm pretty sure we won't need AND .
Using scancode keys now .
The purpose of selectize was to allow users to select vulnerability and relate it to some package. Selectize allowed users to get some autocomplete and filtering while they searched for the vulnerability. We were already planing to replace selectize js since it is not maintained. Other similar libraries are also not maintained as well(select2). Users don't need autocomplete for vulnerabilities since they would alreay know the CVE id,hence it doesnt add much value as far as UX is considered. A simple text input is used instead. Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
| </div> | ||
| </div> | ||
| {% endblock %} | ||
|
|
There was a problem hiding this comment.
Not sure you need all these empty lines, do you?
|
|
||
| from urllib.parse import urlencode | ||
|
|
||
| from django.core.paginator import Paginator |
There was a problem hiding this comment.
Nit: sort your imports
| from vulnerabilities.views import PackageRelatedVulnerablityDelete | ||
| from vulnerabilities.views import PackageRelatedVulnerablityCreate | ||
| from vulnerabilities.views import HomePage | ||
| from vulnerabilities.views import VulnerabilityReferenceCreate |
There was a problem hiding this comment.
Niit: sort your imports
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
This is based on the models of #219 .
Finally a UI for VulnerableCode !
Uses CSS framework Bulma . Vanilla JS. Fully featured CRUD.
Addresses #218
./
./vulnerabilities/search
/vulnerabilities/search?vuln_id=CVE-2019
/vulnerabilities/23
./packages/search
./packages/21
./packages/create*
vulnerabilities/create