From 24bcbac87780184183ac9ea717f234bda06e2808 Mon Sep 17 00:00:00 2001 From: Carlos Feria <2582866+carlosthe19916@users.noreply.github.com> Date: Mon, 25 Nov 2024 13:00:57 +0100 Subject: [PATCH] fix: sbom details-vulnerability tab-render "affected dependencies" --- .../sbom-details/vulnerabilities-by-sbom.tsx | 98 ++++++++++++++----- 1 file changed, 75 insertions(+), 23 deletions(-) diff --git a/client/src/app/pages/sbom-details/vulnerabilities-by-sbom.tsx b/client/src/app/pages/sbom-details/vulnerabilities-by-sbom.tsx index a4ce952b..990a5a51 100644 --- a/client/src/app/pages/sbom-details/vulnerabilities-by-sbom.tsx +++ b/client/src/app/pages/sbom-details/vulnerabilities-by-sbom.tsx @@ -30,7 +30,12 @@ import { import { getSeverityPriority } from "@app/api/model-utils"; import { VulnerabilityStatus } from "@app/api/models"; -import { SbomAdvisory, SbomPackage, SbomStatus } from "@app/client"; +import { + PurlSummary, + SbomAdvisory, + SbomPackage, + SbomStatus, +} from "@app/client"; import { LoadingWrapper } from "@app/components/LoadingWrapper"; import { PackageQualifiers } from "@app/components/PackageQualifiers"; import { SbomVulnerabilitiesDonutChart } from "@app/components/SbomVulnerabilitiesDonutChart"; @@ -328,29 +333,76 @@ export const VulnerabilitiesBySbom: React.FC = ({ {item.summary.allPackages - .flatMap((item) => item.purl) + .flatMap((item) => { + // Workaround against https://github.com/trustification/trustify/issues/1043 + // Some packages do not have purl neither ID. So we render only the parent name meanwhile + type EnrichedPurlSummary = { + parentName: string; + purlSummary?: PurlSummary; + }; + + const hasNoPurlsButOnlyName = + item.name && item.purl.length == 0; + + if (hasNoPurlsButOnlyName) { + const result: EnrichedPurlSummary = { + parentName: item.name, + }; + return [result]; + } else { + return item.purl.map((i) => { + const result: EnrichedPurlSummary = + { + ...i, + parentName: item.name, + }; + return result; + }); + } + }) .map((purl, index) => { - const decomposedPurl = decomposePurl( - purl.purl - ); - return ( - - {decomposedPurl?.type} - {decomposedPurl?.namespace} - {decomposedPurl?.name} - {decomposedPurl?.version} - {decomposedPurl?.path} - - {decomposedPurl?.qualifiers && ( - - )} - - - ); + if (purl.purlSummary) { + const decomposedPurl = decomposePurl( + purl.purlSummary.purl + ); + return ( + + {decomposedPurl?.type} + + {decomposedPurl?.namespace} + + + + {decomposedPurl?.name} + + + {decomposedPurl?.version} + {decomposedPurl?.path} + + {decomposedPurl?.qualifiers && ( + + )} + + + ); + } else { + return ( + + + + {purl.parentName} + + + + + ); + } })}