feat(cve): add compare cves feature for 2 images by laurentiuNiculae · Pull Request #420 · project-zot/zui

laurentiuNiculae · 2024-02-07T11:58:31Z

What type of PR is this?

Which issue does this PR fix:
Closes #2152

What does this PR do / Why do we need it:

If an issue # is not available please add repro steps and logs from IPAMD/CNI showing the issue:

Testing done on this change:

Automation added to e2e:

Will this break upgrades or downgrades. Has updating a running cluster been tested?:

Does this change require updates to the CNI daemonset config files to work?:

Does this PR introduce any user-facing change?:

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

codecov · 2024-02-07T12:01:02Z

Codecov Report

Attention: Patch coverage is 12.99435% with 154 lines in your changes missing coverage. Please review.

Project coverage is 81.73%. Comparing base (0edfe0f) to head (1efbad2).
Report is 19 commits behind head on main.

Files with missing lines	Patch %	Lines
src/components/Tag/Tabs/ImageSelector.jsx	0.80%	123 Missing ⚠️
src/components/Tag/Tabs/CompareImages.jsx	48.71%	20 Missing ⚠️
src/api.js	0.00%	8 Missing and 3 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #420      +/-   ##
==========================================
- Coverage   88.77%   81.73%   -7.05%     
==========================================
  Files          56       58       +2     
  Lines        1720     1894     +174     
  Branches      463      508      +45     
==========================================
+ Hits         1527     1548      +21     
- Misses        182      333     +151     
- Partials       11       13       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

raulkele · 2024-02-18T10:00:12Z

src/api.js

  allVulnerabilitiesForRepo: (name) =>
    `/v2/_zot/ext/search?query={CVEListForImage(image: "${name}"){Tag Page {TotalCount ItemCount} CVEList {Id Title Description Severity Reference PackageList {Name InstalledVersion FixedVersion}}}}`,
+  cveDiffForImages: (minuend = {}, subtrahend = {}, { pageNumber = 1, pageSize = 3 }) => {
+    let imageInput = (img) => {


if the value for the variable doesn't change, please use 'const' for declaration

raulkele · 2024-02-18T10:01:07Z

src/api.js

  },
  allVulnerabilitiesForRepo: (name) =>
    `/v2/_zot/ext/search?query={CVEListForImage(image: "${name}"){Tag Page {TotalCount ItemCount} CVEList {Id Title Description Severity Reference PackageList {Name InstalledVersion FixedVersion}}}}`,
+  cveDiffForImages: (minuend = {}, subtrahend = {}, { pageNumber = 1, pageSize = 3 }) => {


'minuend' and 'subtrahend' don't sound very suggestive of what the parameter represents. Is there a better name we can use perhaps?

I struggled finding a better name, minuend means "from which you subtract" and subtrahend "how much you subtract". These are the most concise terms I know but I agree that they're quite mathematical and unfriendly

Add a comment in the JS code explaining these.

raulkele · 2024-02-18T10:02:27Z

src/api.js

  allVulnerabilitiesForRepo: (name) =>
    `/v2/_zot/ext/search?query={CVEListForImage(image: "${name}"){Tag Page {TotalCount ItemCount} CVEList {Id Title Description Severity Reference PackageList {Name InstalledVersion FixedVersion}}}}`,
+  cveDiffForImages: (minuend = {}, subtrahend = {}, { pageNumber = 1, pageSize = 3 }) => {
+    let imageInput = (img) => {


maybe we will want to reuse this imageInput function in the future for other endpoints. We should declare it outside 'cveDiffForImages'

raulkele · 2024-02-18T10:03:01Z

src/api.js

+      let platform = img.platform ? `, platform: {os: ${img.platform.os}, arch: ${img.platform.arch}}` : '';
+      return `{repo: "${img.repo}", tag: "${img.tag}"${digest}${platform}}`;
+    };
+    let query = `/v2/_zot/ext/search?query={CVEDiffListForImages(minuend: ${imageInput(


no need for the 'query' variable, we can just return the interpolated string directly

raulkele · 2024-02-18T10:04:53Z

src/api.js

    const paginationParam = `requestedPage: {limit:${pageSize} offset:${(pageNumber - 1) * pageSize} sortBy:RELEVANCE}`;
    return `/v2/_zot/ext/search?query={GlobalSearch(${searchParam}, ${paginationParam}) {Images {RepoName Tag}}}`;
  },
+  imageSuggestionsWithPlatforms: ({ searchQuery = '""', pageNumber = 1, pageSize = 15 }) => {


Is there a point for this endpoint? Can we not achieve this already with the 'globalSearch'?

raulkele · 2024-02-18T10:17:04Z

src/components/Tag/Tabs/ImageSelector.jsx

+  const [platform, setPlatform] = useState('');
+  const [suggestionData, setSuggestionData] = useState([]);
+  const [queryParams] = useSearchParams();
+  const search = queryParams.get('search') || '';


similar story, do we want the query string to control the value of this search component?

raulkele · 2024-02-18T10:18:53Z

src/components/Tag/Tabs/ImageSelector.jsx

+    } else {
+      setInputHelpText('Image Selected');
+      setActivePlatformSelection(true);
+      let platforms = getImagePlatforms(event.selectedItem);


doesn't seem like we need this variable

raulkele · 2024-02-18T10:20:19Z

src/components/Tag/Tabs/ImageSelector.jsx

+  };
+
+  const imageSearch = (value) => {
+    let tag = value.split(':')[1];


we can use const here

raulkele · 2024-02-18T10:21:02Z

src/components/Tag/Tabs/ImageSelector.jsx

+        if (suggestionResponse.data.data.GlobalSearch.Images) {
+          const suggestionParsedData = suggestionResponse.data.data.GlobalSearch.Images.map((el) => mapToImage(el));
+          setSuggestionData(suggestionParsedData);
+          setActivePlatformSelection(false);


duplicate 'setActivePlatformSelection'

raulkele · 2024-02-18T10:22:09Z

src/host.js

@@ -1,5 +1,5 @@
 const hostConfig = {
-  auto: true,


we shouldn't include dev settings in the commit

feat(cve): add compare cves feature for 2 images

1efbad2

Signed-off-by: Laurentiu Niculae <niculae.laurentiu1@gmail.com>

raulkele requested changes Feb 18, 2024

View reviewed changes

Conversation

laurentiuNiculae commented Feb 7, 2024

Uh oh!

codecov bot commented Feb 7, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

andaaron Mar 5, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

raulkele Feb 18, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

codecov bot commented Feb 7, 2024 •

edited

Loading

andaaron Mar 5, 2024 •

edited

Loading

raulkele Feb 18, 2024 •

edited

Loading