fix(cloud-security): scope Cloud Tests findings to the selected account#3043
Merged
Conversation
Customers with multiple AWS accounts couldn't filter the findings list down to one account — selecting a different account in the connection selector did nothing, the list always showed every account's findings merged. Root cause: the per-section findings filter used `f.providerSlug === providerSlug || f.connectionId === connectionId`. The first clause matches EVERY finding of the provider, so the connection (account) clause never narrowed anything. The selector switched the active connectionId, but the filter ignored it. - Extract `filterFindingsByConnection(findings, connectionId)` and use it for both the findings list and the project-name pills in CloudTestsSection, so the view is scoped strictly to the selected connection (= selected account). Every finding carries a required connectionId and each section renders with the selected connection's id, so this is safe (nothing is hidden). - Test: filterFindingsByConnection scopes to one account and does not leak another account of the same provider (regression guard). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
The connection selector doubles as the account filter, but it had no label, so it wasn't obvious that picking an item scopes the findings to that account. Add a provider-aware label next to it — "Account" for AWS, "Subscription" for Azure, "Connection" for GCP — and use the same term in the placeholder. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Contributor
|
🎉 This PR is included in version 3.72.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Customers with multiple AWS accounts reported they can't filter the Cloud Tests findings list down to a single account — "we still can't filter the list down by account… would be good if the list filtered to the problems with that account when we select it."
It wasn't by design — it's a multi-account filtering bug.
Root cause
CloudTestsSection.tsxscoped findings with:That's an OR, and the first clause (
f.providerSlug === providerSlug) matches every finding of the provider — so the connection (account) clause never narrowed anything. The account selector switched the activeconnectionId, but the filter ignored it, so the list always showed all accounts' findings merged. (Looks like the filter predates multi-account support.)Fix
filterFindingsByConnection(findings, connectionId)and use it for both the findings list and the project-name pills, scoping strictly to the selected connection (= selected account).Findingcarries a requiredconnectionId(types.ts) and each section is rendered with the selected connection's id (ProviderTabs.tsx:163) — so nothing is hidden; the list (and the Passed/Failed/Total stats derived from it) now reflect the selected account.Effect for the customer
Selecting an account in the connection selector now narrows the findings, stats, and "Looking good"/empty states to that account — exactly the per-account focus they asked for.
Tests
finding-filters.test.ts: scopes to one account, and a regression guard that it does not leak another account of the same provider. 4 passing; changed files typecheck clean.Note
This sharpens scoping to one account at a time (matching the existing selector UX). If we later want an explicit "All accounts" aggregate view, that's a follow-up — out of scope here.
🤖 Generated with Claude Code
Summary by cubic
Scopes Cloud Tests findings, stats, and project pills to the selected account. Adds a clear label to the connection selector so it’s obvious it filters by account.
Bug Fixes
filterFindingsByConnection(findings, connectionId)for findings and project-name pills; replaced theproviderSlug || connectionIdlogic with strictconnectionIdscoping.New Features
ProviderTabswith provider-aware terms (“Account” for AWS, “Subscription” for Azure, “Connection” for GCP) and matching placeholder.Written for commit 2d1404e. Summary will update on new commits.