-
Notifications
You must be signed in to change notification settings - Fork 642
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Surface vulnerabilities in package detail page
- Loading branch information
1 parent
aeb04b5
commit d31453f
Showing
7 changed files
with
202 additions
and
23 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
54 changes: 54 additions & 0 deletions
54
src/NuGetGallery/Views/Packages/_DisplayPackageVulnerabilities.cshtml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
@model DisplayPackageViewModel | ||
|
||
<div class="vulnerabilities-container"> | ||
<div class="icon-text alert alert-warning"> | ||
<div id="show-vulnerabilities-content-container" class="vulnerabilities-expander" tabindex="0" data-toggle="collapse" data-target="#vulnerabilities-content-container" aria-expanded="false" aria-controls="vulnerabilities-content-container" aria-labelledby="vulnerabilities-container-label" role="button"> | ||
<div class="vulnerabilities-expander" role="button"> | ||
<div class="vulnerabilities-expander-container"> | ||
<i class="vulnerabilities-expander-icon ms-Icon ms-Icon--Warning" aria-hidden="true"></i> | ||
|
||
<div id="vulnerabilities-container-label" class="vulnerabilities-expander-info-right"> | ||
@{ | ||
var maxSeverity = Enum.GetName(typeof(PackageVulnerabilitySeverity), Model.MaxVulnerabilitySeverity).ToLowerInvariant(); | ||
if (Model.CanDisplayPrivateMetadata) | ||
{ | ||
@:This package version has at least one vulnerability with a <span class="vulnerabilities-severity-@maxSeverity">@maxSeverity</span> severity. Please unlist, deprecate, and release a new package with a fix. | ||
} | ||
else | ||
{ | ||
@:This package has at least one <b>vulnerability</b> with <b>@maxSeverity</b> severity. It may lead to specific problems in your project. Try updating the package version. | ||
} | ||
} | ||
</div> | ||
</div> | ||
|
||
<div class="vulnerabilities-expander-container"> | ||
<i id="vulnerabilities-expander-icon-right" class="vulnerabilities-expander-icon vulnerabilities-expander-info-right ms-Icon ms-Icon--ChevronDown" aria-hidden="true"></i> | ||
</div> | ||
</div> | ||
</div> | ||
|
||
<div class="vulnerabilities-content-container collapse" id="vulnerabilities-content-container"> | ||
<b>Details</b> | ||
<table width="100%" class="vulnerabilities-list"> | ||
@{ | ||
foreach (var vulnerability in Model.Vulnerabilities) | ||
{ | ||
var truncatedUrl = vulnerability.AdvisoryUrl; | ||
if (truncatedUrl.Length > 50) | ||
{ | ||
truncatedUrl = truncatedUrl.Substring(0, 47) + "..."; | ||
} | ||
|
||
var vulnerabilitySeverity = Enum.GetName(typeof(PackageVulnerabilitySeverity), vulnerability.Severity).ToLowerInvariant(); | ||
|
||
<tr> | ||
<td>Advisory: <a href="@vulnerability.AdvisoryUrl" target="_blank">@truncatedUrl</a></td> | ||
<td>Severity: <span class="vulnerabilities-severity-@vulnerabilitySeverity">@vulnerabilitySeverity</span></td> | ||
</tr> | ||
} | ||
} | ||
</table> | ||
</div> | ||
</div> | ||
</div> |