Improve display of SSVC decision tree in UI using YAML format #2058 #2165
+68
−1
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| # | ||
| # Copyright (c) nexB Inc. and others. All rights reserved. | ||
| # VulnerableCode is a trademark of nexB Inc. | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
| # See http://www.apache.org/licenses/LICENSE-2.0 for the license text. | ||
| # See https://github.com/aboutcode-org/vulnerablecode for support or download. | ||
| # See https://aboutcode.org for more information about nexB OSS projects. | ||
| # | ||
|
|
||
| import saneyaml | ||
| from django import template | ||
|
|
||
| register = template.Library() | ||
|
|
||
|
|
||
| @register.filter(name="to_yaml") | ||
| def to_yaml(value): | ||
| """ | ||
| Convert a Python object (typically SSVC options) to a | ||
| human-readable YAML string. | ||
| """ | ||
| if not value: | ||
| return "" | ||
| try: | ||
| return saneyaml.dump(value).strip() | ||
| except Exception: | ||
| return str(value) | ||
|
Member
There was a problem hiding this comment. Why not keeping the pprint behavior there? And why would there be a case that raises an exception? Is the exception really needed? |
||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| # | ||
| # Copyright (c) nexB Inc. and others. All rights reserved. | ||
| # VulnerableCode is a trademark of nexB Inc. | ||
| # SPDX-License-Identifier: Apache-2.0 | ||
| # See http://www.apache.org/licenses/LICENSE-2.0 for the license text. | ||
| # See https://github.com/aboutcode-org/vulnerablecode for support or download. | ||
| # See https://aboutcode.org for more information about nexB OSS projects. | ||
| # | ||
|
|
||
| from vulnerabilities.templatetags.ssvc_filters import to_yaml | ||
|
|
||
|
|
||
| def test_to_yaml_with_ssvc_options(): | ||
|
Member
There was a problem hiding this comment. These tests are essentially testing the saneyaml library that is already tested. Can you test the tag instead? (I though I question using a filter is what we want here.) |
||
| options = [ | ||
| {"Exploitation": "active"}, | ||
| {"Automatable": "yes"}, | ||
| {"Technical Impact": "total"}, | ||
| {"Mission Prevalence": "essential"}, | ||
| {"Public Well-being Impact": "irreversible"}, | ||
| {"Mission & Well-being": "high"}, | ||
| ] | ||
| result = to_yaml(options) | ||
| assert "Exploitation: active" in result | ||
|
Member
There was a problem hiding this comment. I am not sure this series of asserts has a lot of value. Why not assert at once the whole "result" string? |
||
| assert "Technical Impact: total" in result | ||
| assert "Mission Prevalence: essential" in result | ||
| assert "Public Well-being Impact: irreversible" in result | ||
|
|
||
|
|
||
| def test_to_yaml_with_empty_value(): | ||
| assert to_yaml(None) == "" | ||
| assert to_yaml([]) == "" | ||
| assert to_yaml("") == "" | ||
|
|
||
|
|
||
| def test_to_yaml_with_non_serializable_value(): | ||
| result = to_yaml("plain string") | ||
| assert isinstance(result, str) | ||
|
|
||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this generic? if yes, remove references to SSVC.
Also why not indent? And we have similar code in SCIO https://github.com/aboutcode-org/scancode.io/blob/d6b14acbb94ecfef52b3dbe34c1cd7f5f112e4bf/scanpipe/views.py#L206C5-L206C19 with a different approach. What about using that approach instead? @tdruez FYI