-
Notifications
You must be signed in to change notification settings - Fork 643
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Search DV] Display deprecation and vulnerabilities on search page. (#…
…9440) * deprecation and vulnerabilities display on search page * Properties added to current Deprecations/Vulnerabilities * nit. * tooltip added. * tooltip tests. * fix. * nit. * update deprecated legacy wording. * fix test. * AdvisoryUrl, and AlternatePackage fix. * version range comma index.
- Loading branch information
Showing
18 changed files
with
671 additions
and
69 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,86 @@ | ||
// Copyright (c) .NET Foundation. All rights reserved. | ||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. | ||
|
||
using System; | ||
using System.Collections.Generic; | ||
using System.Linq; | ||
using Newtonsoft.Json.Linq; | ||
using NuGet.Services.Entities; | ||
|
||
namespace NuGetGallery.Helpers | ||
{ | ||
public static class SearchResponseHelper | ||
{ | ||
public static ICollection<PackageDeprecation> GetDeprecationsOrNull(JToken docDeprecation) | ||
{ | ||
PackageDeprecation deprecation = null; | ||
if (docDeprecation != null) | ||
{ | ||
var docReasons = docDeprecation.Value<JArray>("Reasons"); | ||
if (docReasons != null && docReasons.HasValues) | ||
{ | ||
PackageDeprecationStatus status = PackageDeprecationStatus.NotDeprecated; | ||
foreach (var reason in docReasons) | ||
{ | ||
if (Enum.TryParse<PackageDeprecationStatus>(reason.Value<string>(), out var pdStatus)) | ||
{ | ||
status |= pdStatus; | ||
} | ||
} | ||
|
||
var docAlternatePackage = docDeprecation["AlternatePackage"]; | ||
Package alternatePackage = null; | ||
if (docAlternatePackage != null) | ||
{ | ||
var range = docAlternatePackage.Value<string>("Range"); | ||
var id = docAlternatePackage.Value<string>("Id"); | ||
if (!string.IsNullOrEmpty(range) && !string.IsNullOrEmpty(id)) | ||
{ | ||
var version = string.Empty; | ||
var commaIndex = range.IndexOf(","); | ||
if (range.StartsWith("[") && commaIndex > 0) | ||
{ | ||
var startIndex = 1; | ||
version = range.Substring(startIndex, commaIndex - startIndex); | ||
} | ||
|
||
alternatePackage = new Package() | ||
{ | ||
Id = id, | ||
Version = version | ||
}; | ||
} | ||
} | ||
|
||
deprecation = new PackageDeprecation() | ||
{ | ||
CustomMessage = docDeprecation.Value<string>("Message"), | ||
Status = status, | ||
AlternatePackage = alternatePackage | ||
}; | ||
} | ||
} | ||
|
||
return deprecation == null ? null : new List<PackageDeprecation>() { deprecation }; | ||
} | ||
|
||
public static ICollection<VulnerablePackageVersionRange> GetVulnerabilities(JArray docVulnerabilities) | ||
{ | ||
var vulnerabilities = new List<VulnerablePackageVersionRange>(); | ||
if (docVulnerabilities != null) | ||
{ | ||
vulnerabilities = docVulnerabilities.Select(v => new VulnerablePackageVersionRange() | ||
{ | ||
Vulnerability = new PackageVulnerability() | ||
{ | ||
AdvisoryUrl = v.Value<string>("AdvisoryUrl"), | ||
Severity = (PackageVulnerabilitySeverity)v.Value<int>("Severity") | ||
} | ||
}) | ||
.ToList(); | ||
} | ||
|
||
return vulnerabilities; | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
// Copyright (c) .NET Foundation. All rights reserved. | ||
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. | ||
|
||
using System; | ||
using NuGet.Services.Entities; | ||
|
||
namespace NuGetGallery.Helpers | ||
{ | ||
public static class WarningTitleHelper | ||
{ | ||
public static string GetWarningIconTitle( | ||
string version, | ||
PackageDeprecation deprecation, | ||
PackageVulnerabilitySeverity? maxVulnerabilitySeverity) | ||
{ | ||
// We want a tooltip title for the warning icon, which concatenates deprecation and vulnerability information cleanly | ||
var deprecationTitle = ""; | ||
if (deprecation != null) | ||
{ | ||
deprecationTitle = GetDeprecationTitle(version, deprecation.Status); | ||
} | ||
|
||
if (maxVulnerabilitySeverity.HasValue) | ||
{ | ||
var vulnerabilitiesTitle = GetVulnerabilityTitle(version, maxVulnerabilitySeverity.Value); | ||
return string.IsNullOrEmpty(deprecationTitle) | ||
? vulnerabilitiesTitle | ||
: $"{deprecationTitle.TrimEnd('.')}; {vulnerabilitiesTitle}"; | ||
} | ||
|
||
return string.IsNullOrEmpty(deprecationTitle) ? string.Empty : deprecationTitle; | ||
} | ||
|
||
public static string GetVulnerabilityTitle(string version, PackageVulnerabilitySeverity maxVulnerabilitySeverity) | ||
{ | ||
var severity = Enum.GetName(typeof(PackageVulnerabilitySeverity), maxVulnerabilitySeverity)?.ToLowerInvariant() ?? "unknown"; | ||
return $"{version} has at least one vulnerability with {severity} severity."; | ||
} | ||
|
||
public static string GetDeprecationTitle(string version, PackageDeprecationStatus status) | ||
{ | ||
var deprecationTitle = version; | ||
var isLegacy = status.HasFlag(PackageDeprecationStatus.Legacy); | ||
var hasCriticalBugs = status.HasFlag(PackageDeprecationStatus.CriticalBugs); | ||
|
||
if (hasCriticalBugs) | ||
{ | ||
if (isLegacy) | ||
{ | ||
deprecationTitle += " is deprecated because it is no longer maintained and has critical bugs"; | ||
} | ||
else | ||
{ | ||
deprecationTitle += " is deprecated because it has critical bugs"; | ||
} | ||
} | ||
else if (isLegacy) | ||
{ | ||
deprecationTitle += " is deprecated because it is no longer maintained"; | ||
} | ||
else | ||
{ | ||
deprecationTitle += " is deprecated"; | ||
} | ||
|
||
return $"{deprecationTitle}."; | ||
} | ||
} | ||
} |
Oops, something went wrong.