This is an automated email from the ASF dual-hosted git repository. arm pushed a commit to branch previous_sbom_results in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
commit 0218edb964686933c4ac693f38ae49090268a0e9 Author: Alastair McFarlane <[email protected]> AuthorDate: Tue Dec 23 15:11:33 2025 +0000 Show change from previous severity and change defaults for previous license info --- atr/get/sbom.py | 31 +++++++++++++++++++++++-------- atr/models/results.py | 4 ++-- atr/static/css/bootstrap.custom.css | 4 ++++ atr/static/css/bootstrap.custom.css.map | 2 +- bootstrap/source/custom.scss | 4 ++++ 5 files changed, 34 insertions(+), 11 deletions(-) diff --git a/atr/get/sbom.py b/atr/get/sbom.py index cac2d72..67de48e 100644 --- a/atr/get/sbom.py +++ b/atr/get/sbom.py @@ -22,6 +22,7 @@ from typing import TYPE_CHECKING, Any import asfquart.base as base import cmarkgfm +import htpy import markupsafe import atr.blueprints.get as get @@ -438,22 +439,27 @@ def _vulnerability_component_details_osv( vuln_modified = vuln.modified or "Unknown" vuln_severity = _extract_vulnerability_severity(vuln) - try: - sev_index = severities.index(vuln_severity) - except ValueError: - sev_index = 99 - worst = min(worst, sev_index) + worst = _update_worst_severity(severities, vuln_severity, worst) if previous_vulns is not None: - if vuln_id not in previous_vulns or previous_vulns[vuln_id] != vuln_severity: + if (vuln_id not in previous_vulns) or previous_vulns[vuln_id] != vuln_severity: is_new = True new = new + 1 vuln_header = [htm.a(href=vuln_primary_ref.get("url", ""), target="_blank")[htm.strong(".me-2")[vuln_id]]] style = f".badge.me-2{_severity_to_style(vuln_severity)}" vuln_header.append(htm.span(style)[vuln_severity]) - if is_new: - vuln_header.append(htm.span(".badge.bg-info.text-light")["new"]) + + if (previous_vulns is not None) and is_new: + if vuln_id in previous_vulns: # If it's there, the sev must have changed + vuln_header.append(htpy.i(".bi.bi-arrow-left.me-2")) + vuln_header.append( + htm.span(f".badge{_severity_to_style(previous_vulns[vuln_id])}.text-strike")[ + previous_vulns[vuln_id] + ] + ) + else: + vuln_header.append(htm.span(".badge.bg-info.text-light")["new"]) details = markupsafe.Markup(cmarkgfm.github_flavored_markdown_to_html(vuln.details)) vuln_div = htm.div(".ms-3.mb-3.border-start.border-warning.border-3.ps-3")[ @@ -479,6 +485,15 @@ def _vulnerability_component_details_osv( return new +def _update_worst_severity(severities: list[str], vuln_severity: str, worst: int) -> int: + try: + sev_index = severities.index(vuln_severity) + except ValueError: + sev_index = 99 + worst = min(worst, sev_index) + return worst + + def _vulnerability_scan_button(block: htm.Block) -> None: block.p["You can perform a new vulnerability scan."] diff --git a/atr/models/results.py b/atr/models/results.py index 2a2e6a1..5b3ee02 100644 --- a/atr/models/results.py +++ b/atr/models/results.py @@ -145,10 +145,10 @@ class SBOMToolScore(schema.Strict): default=None, strict=False, description="Vulnerabilities found in the SBOM" ) prev_license_warnings: list[str] | None = schema.Field( - default=[], strict=False, description="License warnings from previous release" + default=None, strict=False, description="License warnings from previous release" ) prev_license_errors: list[str] | None = schema.Field( - default=[], strict=False, description="License errors from previous release" + default=None, strict=False, description="License errors from previous release" ) prev_vulnerabilities: list[str] | None = schema.Field( default=None, strict=False, description="Vulnerabilities from previous release" diff --git a/atr/static/css/bootstrap.custom.css b/atr/static/css/bootstrap.custom.css index 02d10a2..fd413b2 100644 --- a/atr/static/css/bootstrap.custom.css +++ b/atr/static/css/bootstrap.custom.css @@ -11849,4 +11849,8 @@ small, .small, .text-muted { cursor: pointer; } +.text-strike { + text-decoration: line-through; +} + /*# sourceMappingURL=bootstrap.custom.css.map */ diff --git a/atr/static/css/bootstrap.custom.css.map b/atr/static/css/bootstrap.custom.css.map index 37776be..a764b52 100644 --- a/atr/static/css/bootstrap.custom.css.map +++ b/atr/static/css/bootstrap.custom.css.map @@ -1 +1 @@ -{"version":3,"sourceRoot":"","sources":["../node_modules/bootstrap/scss/_root.scss","../node_modules/bootstrap/scss/vendor/_rfs.scss","../node_modules/bootstrap/scss/mixins/_color-mode.scss","../scss/reboot-shim.scss","../node_modules/bootstrap/scss/_accordion.scss","../node_modules/bootstrap/scss/mixins/_border-radius.scss","../node_modules/bootstrap/scss/mixins/_transition.scss","../node_modules/bootstrap/scss/_alert.scss","../node_modules/bootstrap/scss/_variables.scss","../node_modul [...] \ No newline at end of file +{"version":3,"sourceRoot":"","sources":["../node_modules/bootstrap/scss/_root.scss","../node_modules/bootstrap/scss/vendor/_rfs.scss","../node_modules/bootstrap/scss/mixins/_color-mode.scss","../scss/reboot-shim.scss","../node_modules/bootstrap/scss/_accordion.scss","../node_modules/bootstrap/scss/mixins/_border-radius.scss","../node_modules/bootstrap/scss/mixins/_transition.scss","../node_modules/bootstrap/scss/_alert.scss","../node_modules/bootstrap/scss/_variables.scss","../node_modul [...] \ No newline at end of file diff --git a/bootstrap/source/custom.scss b/bootstrap/source/custom.scss index a3d90d6..9a40292 100644 --- a/bootstrap/source/custom.scss +++ b/bootstrap/source/custom.scss @@ -156,3 +156,7 @@ small, .text-muted { .nav-link { cursor: pointer; } + +.text-strike { + text-decoration: line-through; +} --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
