Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Surface all OSV schema fields on vulnerability details. #2081

Open
oliverchang opened this issue Mar 27, 2024 · 3 comments · May be fixed by #2132
Open

Surface all OSV schema fields on vulnerability details. #2081

oliverchang opened this issue Mar 27, 2024 · 3 comments · May be fixed by #2132
Assignees
@zahraaalizadeh
Labels
enhancement New feature or request frontend Frontend Infrastructure ui UI bugs/FRs

Comments

@oliverchang
Copy link
Collaborator

Right now the vulnerabilities page is missing rendering of several fields that are part of the OSV JSON.

E.g.
@oliverchang oliverchang added enhancement New feature or request ui UI bugs/FRs frontend Frontend Infrastructure labels Mar 27, 2024
@zahraaalizadeh
Copy link
Collaborator

I'm planning to work on this issue.

@zahraaalizadeh
Copy link
Collaborator

Regarding per-range ecosystem/database_specific, if I understand it correctly, currently the both ecosystem_specific and database_specific are displayed if provided:

osv.dev/gcp/appengine/frontend3/src/templates/vulnerability.html

Lines 133 to 156 in 0f4e0c2

{% if affected['ecosystem_specific'] -%}
<div class="vulnerability-package-subsection mdc-layout-grid__inner">
<h3 class="mdc-layout-grid__cell--span-3">
Ecosystem specific
<a href="https://ossf.github.io/osv-schema/#affectedecosystem_specific-field" target="_blank"
rel="noopener noreferrer"></a>
</h3>
<div class="mdc-layout-grid__cell--span-9">
<pre class="specific">{{ affected['ecosystem_specific'] | display_json }}</pre>
</div>
</div>
{% endif -%}
{% if affected['database_specific'] -%}
<div class="vulnerability-package-subsection mdc-layout-grid__inner">
<h3 class="mdc-layout-grid__cell--span-3">
Database specific
<a href="https://ossf.github.io/osv-schema/#affectedrangesdatabase_specific-field" target="_blank"
rel="noopener noreferrer"></a>
</h3>
<div class="mdc-layout-grid__cell--span-9">
<pre class="specific">{{ affected['database_specific'] | display_json }}</pre>
</div>
</div>
{% endif -%}

Do we need to expose top level database_specific field (https://ossf.github.io/osv-schema/#database_specific-field)?

@zahraaalizadeh zahraaalizadeh linked a pull request Apr 23, 2024 that will close this issue
Open
@another-rex
Copy link
Contributor

Yes, we should expose the top level database specific field, though I'm not sure which entries have a top level database specific field.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zahraaalizadeh zahraaalizadeh

Labels
enhancement New feature or request frontend Frontend Infrastructure ui UI bugs/FRs
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add missing OSV schema fields to vulnerability page ackama/osv.dev
3 participants
@oliverchang @zahraaalizadeh @another-rex