Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed bug when using without_vulnerability_details and vulnerability filters #24769

Merged
merged 2 commits into from
Dec 13, 2024
Merged

Fixed bug when using without_vulnerability_details and vulnerability filters #24769

merged 2 commits into from
Dec 13, 2024

Conversation

ksykulev
Copy link
Contributor

@ksykulev ksykulev commented Dec 13, 2024
edited
Loading

#24765

Checklist for submitter

If some of the following don't apply, delete the relevant line.

  • Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
    See Changes files for more information.
  • Added/updated tests

@ksykulev ksykulev requested a review from a team as a code owner December 13, 2024 20:51
@ksykulev ksykulev force-pushed the 24765-version-bugfix branch from a0c0683 to 4a88f50 Compare December 13, 2024 21:00
@ksykulev ksykulev force-pushed the 24765-version-bugfix branch from 4a88f50 to 3e75532 Compare December 13, 2024 21:24
@codecov Codecov
Copy link

codecov bot commented Dec 13, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 57.14286% with 3 lines in your changes missing coverage. Please review.

Project coverage is 63.57%. Comparing base (fb118b6) to head (3483dd3).
Report is 14 commits behind head on main.

Files with missing lines Patch % Lines
server/service/software.go 40.00% 2 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #24769      +/-   ##
==========================================
+ Coverage   54.28%   63.57%   +9.29%     
==========================================
  Files        1601     1601              
  Lines      151676   151716      +40     
  Branches     3952     3952              
==========================================
+ Hits        82334    96451   +14117     
+ Misses      62544    47591   -14953     
- Partials     6798     7674     +876
Flag Coverage Δ
backend 64.37% <57.14%> (+10.14%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@ksykulev ksykulev force-pushed the 24765-version-bugfix branch from 3e75532 to 50b0df4 Compare December 13, 2024 22:06
iansltx
iansltx reviewed Dec 13, 2024
View reviewed changes
Copy link
Member

@iansltx iansltx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Need to wait for Ci to run to confirm we still disallow vuln details for Fleet Free even when without_vulnerability_details=false. Otherwise see nits.

changes/24765-software-versions-bugfix Outdated
@@ -0,0 +1 @@
* Fixed bug when using the `without_vulnerability_details` param along with vulnerability filters in fleet premium.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't do changes files for unreleased bugs

server/datastore/mysql/software.go
@@ -917,7 +917,7 @@ func listSoftwareDB(
DetailsLink: fmt.Sprintf("https://nvd.nist.gov/vuln/detail/%s", cveID),
CreatedAt: *result.CreatedAt,
}
if opts.IncludeCVEScores {
if opts.IncludeCVEScores && !opts.WithoutVulnerabilityDetails {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need !without here still?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately we do, because when we are filtering with a vulnerability opts.IncludeCVEScores will be true, and the json response will be large. However, if we put !opts.WithoutVulnerabilityDetails, it will add all the joins, but the json it has to serialize will still be the smaller version.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it; thx for the clarification!

iansltx
iansltx approved these changes Dec 13, 2024
View reviewed changes
Copy link
Member

@iansltx iansltx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Free to merge as soon as CI is complete/green, and tag me when you have the cherry-pick up.

@ksykulev ksykulev merged commit 4503b2f into main Dec 13, 2024
19 checks passed
@ksykulev ksykulev deleted the 24765-version-bugfix branch December 13, 2024 22:39
ksykulev added a commit that referenced this pull request Dec 13, 2024
@ksykulev
Fixed bug when using without_vulnerability_details and vulnerabilit…
7de466c 
…y filters (#24769)

#24765

# Checklist for submitter

If some of the following don't apply, delete the relevant line.

<!-- Note that API documentation changes are now addressed by the
product design team. -->

- [x] Changes file added for user-visible changes in `changes/`,
`orbit/changes/` or `ee/fleetd-chrome/changes`.
See [Changes
files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/Committing-Changes.md#changes-files)
for more information.
- [x] Added/updated tests
@ksykulev ksykulev mentioned this pull request Dec 13, 2024
Merged
iansltx pushed a commit that referenced this pull request Dec 13, 2024
@ksykulev
Cherry-Pick: Fixed bug when using without_vulnerability_details and…
d4b91e3 
… vulnerability filters (#24774)

issue #24765
original pr #24769
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iansltx iansltx iansltx approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ksykulev @iansltx