fix: add filter to show packages with license violations but no vulnerabilities#2919
Open
summerpan688 wants to merge 5 commits into
Open
fix: add filter to show packages with license violations but no vulnerabilities#2919summerpan688 wants to merge 5 commits into
summerpan688 wants to merge 5 commits into
Conversation
Fixes google#1643. Packages with license violations but no vulnerabilities were always hidden by showAndHideParentSections(), which only checked .vuln-tr rows. This adds a "Show license violations without vulnerabilities" checkbox that reveals these packages on demand, defaulting to off so existing report behavior is unchanged.
…ties Previously, clicking into a package with zero vulnerabilities (e.g. one with only a license violation) showed an empty vuln table, since vuln_table_template.gohtml renders a table with headers regardless of whether RegularVulns/HiddenVulns actually contain any entries. This now shows "No known vulnerabilities for this package." instead, reusing the existing .package-detail-title style.
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #1643
Summary
Packages with license violations but no vulnerabilities were always

hidden in the HTML report, since the filtering logic only checked
.vuln-trrows. This adds a "Show license violations withoutvulnerabilities" filter checkbox (default: off) that reveals these
packages on request.
Also fixed two related issues surfaced during testing:
(a label meant for packages whose vulns were filtered by call
analysis) — now shows "No known vulnerabilities" instead.
vuln table — now shows a placeholder message instead.
Design discussion
See discussion in the issue comment
"Show all packages“ vs. the more scoped "Show license violations without vulnerabilities"
(happy to adjust based on feedback)