Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Severity Level Validation Improvements (CRASM-1057) #747

Open
wants to merge 19 commits into
base: develop
Choose a base branch
from
Open

Severity Level Validation Improvements (CRASM-1057) #747

wants to merge 19 commits into from
+136 −32

Conversation

hawkishpolicy
Copy link
Collaborator

@hawkishpolicy hawkishpolicy commented Dec 27, 2024
edited
Loading

  • Refined and uniformed the grouping and sorting logic of irregular severity levels in the Vulns Bar Chart and All Vulns Table components.

🗣 Description

  • None, null, n/a, undefined, empty strings, and stringified versions of None, Null, N/A, and undefined are now grouped into the N/A category in both the Vulns Bar Chart and All Vulns table.
  • Both components now force Title Case on the severity level strings first then sort and group into their respective categories.
  • Edited the comparator function in the All Vulns tables to sort the severity levels in the correct order from N/A, Low, Medium, High, Critical, Other.
  • Edited the apply_vuln_filters function in filter_helpers.py to return all vulns that meet the requirements for N/A and Other values.
  • Edited the get_stats_count_from_cache function to so that null values returned from the Redis call receive an id of "None" and a value of 1 to ensure proper incrementing.
  • Edited sync_db helpers to populate sample vulnerabilities with numerous irregular severity levels.
  • Edited search_vulnerabilities function so that Regional Admins can only view vulnerabilities in their region.
  • Edited Vulns table to no longer pass in a user's current organization unless they were a Standard user.
  • Edited get_stats_org_ids to allow Standard users to pass in their org id into the stats call.
    • This was causing a 403 error and requiring standard users to refresh the Overview page after returning to it.

💭 Motivation and context

  • Improves sorting and grouping of irregular severity levels.
  • Closes CRASM-1057

🧪 Testing

  • Seeded local DB with irregular values.

📷 Screenshots (if appropriate)

Screenshot 2025-01-16 at 9 48 36 AM Screenshot 2025-01-16 at 9 49 04 AM Screenshot 2025-01-16 at 9 49 19 AM Screenshot 2025-01-16 at 10 42 54 AM Screenshot 2025-01-16 at 10 43 03 AM Screenshot 2025-01-16 at 9 50 37 AM Screenshot 2025-01-16 at 9 50 44 AM Screenshot 2025-01-16 at 9 50 54 AM Screenshot 2025-01-16 at 9 51 00 AM Screenshot 2025-01-16 at 9 51 13 AM Screenshot 2025-01-16 at 9 51 17 AM Screenshot 2025-01-16 at 9 51 33 AM Screenshot 2025-01-16 at 9 51 43 AM Screenshot 2025-01-16 at 9 51 49 AM Screenshot 2025-01-16 at 9 52 01 AM Screenshot 2025-01-16 at 9 52 04 AM

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

✅ Pre-merge checklist

  • Revert dependencies to default branches.
  • Finalize version.

✅ Post-merge checklist

  • Create a release.

@hawkishpolicy
Refined Severity Levels filtering in Bar Chart
3f7de25 
- Ensured N/A severity level in Bar Chart includes all permutations of null, undefined, and empty strings.
- Ensured filtering by severity level in All Vulns table matches the filtering in the Bar Chart.
@hawkishpolicy
Added to-do for N/A values array
e5a8017
@hawkishpolicy
Refined Severity Level sorting and grouping
c562310 
- Null, undefined, empty strings, and stringified versions on Null, N/A, and undefined are now grouped into the N/A category in both the Vulns Bar Chart and All Vulns table.
- Both components now force Title Case on the severity level strings first then sort and group into their respective categories.
- Edited the comporator function in the All Vulns tables to sort the severity levels in the correct order from N/A, Low, Medium, High, Critical, Other.
@hawkishpolicy hawkishpolicy self-assigned this Dec 27, 2024
@hawkishpolicy
Removed unnecessary if statement from Comparator
2da4510 
- Adjusted the number values of the severity levels object to start with 1 instead of 0.
- This removes the need for the long if statement previously used to handle N/A values.
@hawkishpolicy
Removed unused console.logs and variables
cbd704d
@hawkishpolicy
Refactored if statement for N/A values
1afe5c3
@hawkishpolicy
Removed console.logs and unused variables
ffa2013
@hawkishpolicy hawkishpolicy changed the title Severity Level Validation Improvements Severity Level Validation Improvements (CRASM-1057) Jan 8, 2025
@hawkishpolicy
Merge remote-tracking branch 'origin/develop' into Severity-Level-Imp…
d0d6694 
…rovements
@hawkishpolicy
Merge remote-tracking branch 'origin/develop' into Severity-Level-Imp…
8489044 
…rovements
@hawkishpolicy
Irregular Severity Levels Improvements
57b4da5 
- Edited vulnerability filters to return the following:
  - N/A: None, null, n/a, undefined,and empty strings.
  - Low: Case insensitive.
  - Medium: Case insensitive.
  - High: Case insensitive.
  - Critical: Case insensitive.
  - Other: Any other value.
- Edited stats call to return null ids as "None".
- Edited stats call to return null values as 1 so that can increment.
- Edited syncdb_helpers to include a larger list of severity levels on populate.
- Refined sorting and grouping logic in Vulnerabilities and VulnerabilityBarChart to include "None" and undefined severity levels.
@hawkishpolicy
Removed console.logs and prints
096cfe3
@hawkishpolicy
Refactored boolean logic in filter_helpers.py
0bb820b
@hawkishpolicy
Removed commented out code
382d408
@hawkishpolicy hawkishpolicy marked this pull request as ready for review January 13, 2025 22:59
@hawkishpolicy hawkishpolicy marked this pull request as draft January 14, 2025 20:10
@hawkishpolicy hawkishpolicy marked this pull request as ready for review January 15, 2025 22:15
@hawkishpolicy
Removed console.logs
bc76c2f
@hawkishpolicy
Updated import of sanitize in app.ts
185ca6f 
- Update of dompurify necessitated changing require statement to require("dompurify")
@hawkishpolicy
Changes to dompurify import
cacba6d 
- Reverted erroneous previous commit.
- Changed import and usage of dompurify to reflect the lasted version.
@hawkishpolicy
Reverted changes to ResultCard
c6eff3a 
- Wrong feature branch.
@hawkishpolicy
Merge remote-tracking branch 'origin/develop' into Severity-Level-Imp…
1eb0117 
…rovements
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aloftus23 aloftus23 Awaiting requested review from aloftus23 aloftus23 is a code owner

@cduhn17 cduhn17 Awaiting requested review from cduhn17 cduhn17 is a code owner

@Matthew-Grayson Matthew-Grayson Awaiting requested review from Matthew-Grayson Matthew-Grayson is a code owner

@nickviola nickviola Awaiting requested review from nickviola nickviola is a code owner

@rapidray12 rapidray12 Awaiting requested review from rapidray12 rapidray12 is a code owner

@schmelz21 schmelz21 Awaiting requested review from schmelz21 schmelz21 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@hawkishpolicy hawkishpolicy

Labels
backend frontend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@hawkishpolicy