From 598b00f7e8163a3e232adc7efbe292b8702634b3 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Tue, 17 Jun 2025 23:02:11 -0400 Subject: [PATCH 1/2] feat: audit vuln toggle for hide/show aliased findings Signed-off-by: Adam Setch --- src/i18n/locales/de.json | 3 +- src/i18n/locales/en.json | 1 + src/i18n/locales/es.json | 3 +- src/i18n/locales/fr.json | 3 +- src/i18n/locales/hi.json | 3 +- src/i18n/locales/it.json | 3 +- src/i18n/locales/ja.json | 3 +- src/i18n/locales/pl.json | 3 +- src/i18n/locales/pt-BR.json | 3 +- src/i18n/locales/pt.json | 3 +- src/i18n/locales/ru.json | 3 +- src/i18n/locales/uk-UA.json | 3 +- src/i18n/locales/zh.json | 3 +- .../portfolio/projects/ProjectFindings.vue | 85 ++++++++++++++++++- 14 files changed, 109 insertions(+), 13 deletions(-) diff --git a/src/i18n/locales/de.json b/src/i18n/locales/de.json index 311c17a8c..e64e4096d 100644 --- a/src/i18n/locales/de.json +++ b/src/i18n/locales/de.json @@ -913,7 +913,8 @@ "weakness": "Schwäche", "will_not_fix": "Wird nicht repariert", "workaround_available": "Problemumgehung verfügbar", - "x_trust_boundary": "Vertrauensgrenze überschreiten" + "x_trust_boundary": "Vertrauensgrenze überschreiten", + "show_aliased_findings": "Aliased Erkenntnisse zeigen" }, "operator": { "contains_all": "enthält alle", diff --git a/src/i18n/locales/en.json b/src/i18n/locales/en.json index 527fb23f7..92e241dc5 100644 --- a/src/i18n/locales/en.json +++ b/src/i18n/locales/en.json @@ -834,6 +834,7 @@ "service_vulnerabilities": "Service Vulnerabilities", "services": "Services", "severity": "Severity", + "show_aliased_findings": "Show aliased findings", "show_complete_graph": "Show complete graph", "show_flat_view": "Show flat project view", "show_in_dependency_graph": "Show in dependency graph", diff --git a/src/i18n/locales/es.json b/src/i18n/locales/es.json index 072b460b7..8f9c9ddfc 100644 --- a/src/i18n/locales/es.json +++ b/src/i18n/locales/es.json @@ -913,7 +913,8 @@ "weakness": "Debilidad", "will_not_fix": "No se reparara", "workaround_available": "Solución alternativa disponible", - "x_trust_boundary": "Cruzar el límite de confianza" + "x_trust_boundary": "Cruzar el límite de confianza", + "show_aliased_findings": "Mostrar hallazgos alias" }, "operator": { "contains_all": "contiene todo", diff --git a/src/i18n/locales/fr.json b/src/i18n/locales/fr.json index 933d617b3..9a2637696 100644 --- a/src/i18n/locales/fr.json +++ b/src/i18n/locales/fr.json @@ -913,7 +913,8 @@ "weakness": "Faiblesse", "will_not_fix": "Ne sera pas corrigée", "workaround_available": "Solution de contournement disponible", - "x_trust_boundary": "Limte de confiance mutuelle" + "x_trust_boundary": "Limte de confiance mutuelle", + "show_aliased_findings": "Montrer des résultats aliasés" }, "operator": { "contains_all": "contient tous", diff --git a/src/i18n/locales/hi.json b/src/i18n/locales/hi.json index 5c0ef58c8..34ad3b64a 100644 --- a/src/i18n/locales/hi.json +++ b/src/i18n/locales/hi.json @@ -913,7 +913,8 @@ "weakness": "कमजोरी", "will_not_fix": "ठीक नहीं होगा", "workaround_available": "वैकल्पिक उपाय उपलब्ध है", - "x_trust_boundary": "क्रॉस ट्रस्ट सीमा" + "x_trust_boundary": "क्रॉस ट्रस्ट सीमा", + "show_aliased_findings": "अलियास्ड निष्कर्ष दिखाएं" }, "operator": { "contains_all": "इसमें सभी शामिल हैं", diff --git a/src/i18n/locales/it.json b/src/i18n/locales/it.json index f1af39dc8..65df70c53 100644 --- a/src/i18n/locales/it.json +++ b/src/i18n/locales/it.json @@ -913,7 +913,8 @@ "weakness": "Debolezza", "will_not_fix": "Non risolverà", "workaround_available": "Soluzione disponibile", - "x_trust_boundary": "Confine di fiducia incrociata" + "x_trust_boundary": "Confine di fiducia incrociata", + "show_aliased_findings": "Mostra risultati alias" }, "operator": { "contains_all": "contiene tutto", diff --git a/src/i18n/locales/ja.json b/src/i18n/locales/ja.json index 6dbe38318..3dc9313a4 100644 --- a/src/i18n/locales/ja.json +++ b/src/i18n/locales/ja.json @@ -913,7 +913,8 @@ "weakness": "弱点", "will_not_fix": "修正しない", "workaround_available": "回避策あり", - "x_trust_boundary": "信頼境界を越える" + "x_trust_boundary": "信頼境界を越える", + "show_aliased_findings": "エイリアスの調査結果を表示します" }, "operator": { "contains_all": "すべてを含む", diff --git a/src/i18n/locales/pl.json b/src/i18n/locales/pl.json index 2fcb25a1e..0738567b0 100644 --- a/src/i18n/locales/pl.json +++ b/src/i18n/locales/pl.json @@ -913,7 +913,8 @@ "weakness": "Słabość", "will_not_fix": "Nie naprawi", "workaround_available": "Dostępne obejście", - "x_trust_boundary": "Granica zaufania krzyżowego" + "x_trust_boundary": "Granica zaufania krzyżowego", + "show_aliased_findings": "Pokaż aliasowe ustalenia" }, "operator": { "contains_all": "zawiera wszystko", diff --git a/src/i18n/locales/pt-BR.json b/src/i18n/locales/pt-BR.json index 69c9f87f0..605ce7ff5 100644 --- a/src/i18n/locales/pt-BR.json +++ b/src/i18n/locales/pt-BR.json @@ -913,7 +913,8 @@ "weakness": "Fraqueza", "will_not_fix": "Não irá corrigir", "workaround_available": "Solução alternativa disponível", - "x_trust_boundary": "Limite de confiança cruzada" + "x_trust_boundary": "Limite de confiança cruzada", + "show_aliased_findings": "Mostrar descobertas alias" }, "operator": { "contains_all": "contém tudo", diff --git a/src/i18n/locales/pt.json b/src/i18n/locales/pt.json index b2c4ce1fa..5292b635a 100644 --- a/src/i18n/locales/pt.json +++ b/src/i18n/locales/pt.json @@ -913,7 +913,8 @@ "weakness": "Fraqueza", "will_not_fix": "Não irá corrigir", "workaround_available": "Solução alternativa disponível", - "x_trust_boundary": "Limite de confiança cruzada" + "x_trust_boundary": "Limite de confiança cruzada", + "show_aliased_findings": "Mostrar descobertas alias" }, "operator": { "contains_all": "contém tudo", diff --git a/src/i18n/locales/ru.json b/src/i18n/locales/ru.json index da0fc2705..7e4b4cd4b 100644 --- a/src/i18n/locales/ru.json +++ b/src/i18n/locales/ru.json @@ -913,7 +913,8 @@ "weakness": "Слабость", "will_not_fix": "Не будет исправлено", "workaround_available": "Доступно обходное решение", - "x_trust_boundary": "Пересечение границы доверия" + "x_trust_boundary": "Пересечение границы доверия", + "show_aliased_findings": "Показывать псевдонированные выводы" }, "operator": { "contains_all": "содержит все", diff --git a/src/i18n/locales/uk-UA.json b/src/i18n/locales/uk-UA.json index be1993309..e77de3309 100644 --- a/src/i18n/locales/uk-UA.json +++ b/src/i18n/locales/uk-UA.json @@ -913,7 +913,8 @@ "weakness": "Слабкість", "will_not_fix": "Не виправить", "workaround_available": "Доступний обхідний шлях", - "x_trust_boundary": "Перетнути кордон довіри" + "x_trust_boundary": "Перетнути кордон довіри", + "show_aliased_findings": "Показати псевдонім висновків" }, "operator": { "contains_all": "містить усе", diff --git a/src/i18n/locales/zh.json b/src/i18n/locales/zh.json index 959658517..e3e9cd536 100644 --- a/src/i18n/locales/zh.json +++ b/src/i18n/locales/zh.json @@ -913,7 +913,8 @@ "weakness": "弱点", "will_not_fix": "不会修复", "workaround_available": "有解决方法", - "x_trust_boundary": "跨越信任边界" + "x_trust_boundary": "跨越信任边界", + "show_aliased_findings": "显示混叠的发现" }, "operator": { "contains_all": "包含全部", diff --git a/src/views/portfolio/projects/ProjectFindings.vue b/src/views/portfolio/projects/ProjectFindings.vue index 604cb8759..a8d4f1095 100644 --- a/src/views/portfolio/projects/ProjectFindings.vue +++ b/src/views/portfolio/projects/ProjectFindings.vue @@ -86,6 +86,17 @@ />{{ $t('message.show_suppressed_findings') }} + + {{ + $t('message.show_aliased_findings') + }} { + // Apply alias filtering if showAliasedFindings is false + if (!this.showAliasedFindings) { + res = this.filterAliasedFindings(res); + } + res.total = xhr.getResponseHeader('X-Total-Count'); + return res; }, url: this.apiUrl(), @@ -505,6 +529,56 @@ export default { this.refreshTable(); }); }, + filterAliasedFindings: function (findings) { + if (!Array.isArray(findings) || findings.length === 0) { + return findings; + } + + const seen = new Set(); + const filtered = []; + + for (const finding of findings) { + const component = finding.component; + const vulnId = finding.vulnerability.vulnId; + const primaryFindingKey = this.componentVulnCompoundKey( + component, + vulnId, + ); + + // Check if the primary finding has already been seen + if (seen.has(primaryFindingKey)) { + continue; + } + + const aliases = common.resolveVulnAliases( + finding.vulnerability.source, + finding.vulnerability.aliases, + ); + + // Check if any of the aliased findings have been seen + const aliasedFindingKeys = aliases.map((alias) => + this.componentVulnCompoundKey(component, alias.vulnId), + ); + const hasSeenAlias = aliasedFindingKeys.some((aliasKey) => + seen.has(aliasKey), + ); + + if (hasSeenAlias) { + continue; + } + + // Add the primary finding and its aliases to the seen set + seen.add(primaryFindingKey); + aliasedFindingKeys.forEach((aliasKey) => seen.add(aliasKey)); + + filtered.push(finding); + } + + return filtered; + }, + componentVulnCompoundKey: function (component, vulnId) { + return `${component.name}:${component.version}:${vulnId}`; + }, refreshTable: function () { this.$refs.table.refresh({ url: this.apiUrl(), @@ -544,6 +618,15 @@ export default { } this.refreshTable(); }, + showAliasedFindings() { + if (localStorage) { + localStorage.setItem( + 'ProjectFindingsShowAliasedFindings', + this.showAliasedFindings.toString(), + ); + } + this.refreshTable(); + }, }, }; From 62abf0ad33554c3e17ba4caec9ec01cce549b7f1 Mon Sep 17 00:00:00 2001 From: Adam Setch Date: Tue, 17 Jun 2025 23:08:08 -0400 Subject: [PATCH 2/2] feat: audit vuln toggle for hide/show aliased findings Signed-off-by: Adam Setch --- src/i18n/locales/de.json | 4 ++-- src/i18n/locales/es.json | 4 ++-- src/i18n/locales/fr.json | 4 ++-- src/i18n/locales/hi.json | 4 ++-- src/i18n/locales/it.json | 4 ++-- src/i18n/locales/ja.json | 4 ++-- src/i18n/locales/pl.json | 4 ++-- src/i18n/locales/pt-BR.json | 4 ++-- src/i18n/locales/pt.json | 4 ++-- src/i18n/locales/ru.json | 4 ++-- src/i18n/locales/uk-UA.json | 4 ++-- src/i18n/locales/zh.json | 4 ++-- 12 files changed, 24 insertions(+), 24 deletions(-) diff --git a/src/i18n/locales/de.json b/src/i18n/locales/de.json index e64e4096d..251ed0cfa 100644 --- a/src/i18n/locales/de.json +++ b/src/i18n/locales/de.json @@ -834,6 +834,7 @@ "service_vulnerabilities": "Dienstschwachstellen", "services": "Services", "severity": "Schweregrad", + "show_aliased_findings": "Aliased Erkenntnisse zeigen", "show_complete_graph": "Vollständige Grafik anzeigen", "show_flat_view": "Flache Projektansicht anzeigen", "show_in_dependency_graph": "Im Abhängigkeitsdiagramm anzeigen", @@ -913,8 +914,7 @@ "weakness": "Schwäche", "will_not_fix": "Wird nicht repariert", "workaround_available": "Problemumgehung verfügbar", - "x_trust_boundary": "Vertrauensgrenze überschreiten", - "show_aliased_findings": "Aliased Erkenntnisse zeigen" + "x_trust_boundary": "Vertrauensgrenze überschreiten" }, "operator": { "contains_all": "enthält alle", diff --git a/src/i18n/locales/es.json b/src/i18n/locales/es.json index 8f9c9ddfc..df3ef276f 100644 --- a/src/i18n/locales/es.json +++ b/src/i18n/locales/es.json @@ -834,6 +834,7 @@ "service_vulnerabilities": "Vulnerabilidades del servicio", "services": "Servicios", "severity": "Gravedad", + "show_aliased_findings": "Mostrar hallazgos alias", "show_complete_graph": "Mostrar gráfico completo", "show_flat_view": "Mostrar vista plana del proyecto", "show_in_dependency_graph": "Mostrar en gráfico de dependencia", @@ -913,8 +914,7 @@ "weakness": "Debilidad", "will_not_fix": "No se reparara", "workaround_available": "Solución alternativa disponible", - "x_trust_boundary": "Cruzar el límite de confianza", - "show_aliased_findings": "Mostrar hallazgos alias" + "x_trust_boundary": "Cruzar el límite de confianza" }, "operator": { "contains_all": "contiene todo", diff --git a/src/i18n/locales/fr.json b/src/i18n/locales/fr.json index 9a2637696..fe5aa71af 100644 --- a/src/i18n/locales/fr.json +++ b/src/i18n/locales/fr.json @@ -834,6 +834,7 @@ "service_vulnerabilities": "Vulnérabilités des services", "services": "Services", "severity": "Criticité", + "show_aliased_findings": "Montrer des résultats aliasés", "show_complete_graph": "Afficher le graph complet", "show_flat_view": "Afficher les projets à plat", "show_in_dependency_graph": "Afficher dans le graph de dépendance", @@ -913,8 +914,7 @@ "weakness": "Faiblesse", "will_not_fix": "Ne sera pas corrigée", "workaround_available": "Solution de contournement disponible", - "x_trust_boundary": "Limte de confiance mutuelle", - "show_aliased_findings": "Montrer des résultats aliasés" + "x_trust_boundary": "Limte de confiance mutuelle" }, "operator": { "contains_all": "contient tous", diff --git a/src/i18n/locales/hi.json b/src/i18n/locales/hi.json index 34ad3b64a..c1495d50c 100644 --- a/src/i18n/locales/hi.json +++ b/src/i18n/locales/hi.json @@ -834,6 +834,7 @@ "service_vulnerabilities": "सेवा की कमज़ोरियाँ", "services": "सेवाएं", "severity": "तीव्रता", + "show_aliased_findings": "अलियास्ड निष्कर्ष दिखाएं", "show_complete_graph": "पूरा ग्राफ़ दिखाएं", "show_flat_view": "फ्लैट प्रोजेक्ट दृश्य दिखाएं", "show_in_dependency_graph": "निर्भरता ग्राफ में दिखाएं", @@ -913,8 +914,7 @@ "weakness": "कमजोरी", "will_not_fix": "ठीक नहीं होगा", "workaround_available": "वैकल्पिक उपाय उपलब्ध है", - "x_trust_boundary": "क्रॉस ट्रस्ट सीमा", - "show_aliased_findings": "अलियास्ड निष्कर्ष दिखाएं" + "x_trust_boundary": "क्रॉस ट्रस्ट सीमा" }, "operator": { "contains_all": "इसमें सभी शामिल हैं", diff --git a/src/i18n/locales/it.json b/src/i18n/locales/it.json index 65df70c53..75a786799 100644 --- a/src/i18n/locales/it.json +++ b/src/i18n/locales/it.json @@ -834,6 +834,7 @@ "service_vulnerabilities": "Vulnerabilità del servizio", "services": "Servizi", "severity": "Gravità", + "show_aliased_findings": "Mostra risultati alias", "show_complete_graph": "Mostra il grafico completo", "show_flat_view": "Mostra la vista piatta del progetto", "show_in_dependency_graph": "Mostra nel grafico delle dipendenze", @@ -913,8 +914,7 @@ "weakness": "Debolezza", "will_not_fix": "Non risolverà", "workaround_available": "Soluzione disponibile", - "x_trust_boundary": "Confine di fiducia incrociata", - "show_aliased_findings": "Mostra risultati alias" + "x_trust_boundary": "Confine di fiducia incrociata" }, "operator": { "contains_all": "contiene tutto", diff --git a/src/i18n/locales/ja.json b/src/i18n/locales/ja.json index 3dc9313a4..85ceaadd8 100644 --- a/src/i18n/locales/ja.json +++ b/src/i18n/locales/ja.json @@ -834,6 +834,7 @@ "service_vulnerabilities": "サービスの脆弱性", "services": "サービス", "severity": "重大度", + "show_aliased_findings": "エイリアスの調査結果を表示します", "show_complete_graph": "完全なグラフを表示", "show_flat_view": "フラットプロジェクトビューを表示", "show_in_dependency_graph": "依存関係グラフに表示", @@ -913,8 +914,7 @@ "weakness": "弱点", "will_not_fix": "修正しない", "workaround_available": "回避策あり", - "x_trust_boundary": "信頼境界を越える", - "show_aliased_findings": "エイリアスの調査結果を表示します" + "x_trust_boundary": "信頼境界を越える" }, "operator": { "contains_all": "すべてを含む", diff --git a/src/i18n/locales/pl.json b/src/i18n/locales/pl.json index 0738567b0..5575fea33 100644 --- a/src/i18n/locales/pl.json +++ b/src/i18n/locales/pl.json @@ -834,6 +834,7 @@ "service_vulnerabilities": "Luki w zabezpieczeniach usług", "services": "Usługi", "severity": "Powaga", + "show_aliased_findings": "Pokaż aliasowe ustalenia", "show_complete_graph": "Pokaż cały wykres", "show_flat_view": "Pokaż płaski widok projektu", "show_in_dependency_graph": "Pokaż na wykresie zależności", @@ -913,8 +914,7 @@ "weakness": "Słabość", "will_not_fix": "Nie naprawi", "workaround_available": "Dostępne obejście", - "x_trust_boundary": "Granica zaufania krzyżowego", - "show_aliased_findings": "Pokaż aliasowe ustalenia" + "x_trust_boundary": "Granica zaufania krzyżowego" }, "operator": { "contains_all": "zawiera wszystko", diff --git a/src/i18n/locales/pt-BR.json b/src/i18n/locales/pt-BR.json index 605ce7ff5..5c3fb3bb3 100644 --- a/src/i18n/locales/pt-BR.json +++ b/src/i18n/locales/pt-BR.json @@ -834,6 +834,7 @@ "service_vulnerabilities": "Vulnerabilidades de serviço", "services": "Serviços", "severity": "Gravidade", + "show_aliased_findings": "Mostrar descobertas alias", "show_complete_graph": "Mostrar gráfico completo", "show_flat_view": "Mostrar visualização plana do projeto", "show_in_dependency_graph": "Mostrar no gráfico de dependência", @@ -913,8 +914,7 @@ "weakness": "Fraqueza", "will_not_fix": "Não irá corrigir", "workaround_available": "Solução alternativa disponível", - "x_trust_boundary": "Limite de confiança cruzada", - "show_aliased_findings": "Mostrar descobertas alias" + "x_trust_boundary": "Limite de confiança cruzada" }, "operator": { "contains_all": "contém tudo", diff --git a/src/i18n/locales/pt.json b/src/i18n/locales/pt.json index 5292b635a..0f6eba166 100644 --- a/src/i18n/locales/pt.json +++ b/src/i18n/locales/pt.json @@ -834,6 +834,7 @@ "service_vulnerabilities": "Vulnerabilidades de serviço", "services": "Serviços", "severity": "Gravidade", + "show_aliased_findings": "Mostrar descobertas alias", "show_complete_graph": "Mostrar gráfico completo", "show_flat_view": "Mostrar visualização plana do projeto", "show_in_dependency_graph": "Mostrar no gráfico de dependência", @@ -913,8 +914,7 @@ "weakness": "Fraqueza", "will_not_fix": "Não irá corrigir", "workaround_available": "Solução alternativa disponível", - "x_trust_boundary": "Limite de confiança cruzada", - "show_aliased_findings": "Mostrar descobertas alias" + "x_trust_boundary": "Limite de confiança cruzada" }, "operator": { "contains_all": "contém tudo", diff --git a/src/i18n/locales/ru.json b/src/i18n/locales/ru.json index 7e4b4cd4b..0e26ba754 100644 --- a/src/i18n/locales/ru.json +++ b/src/i18n/locales/ru.json @@ -834,6 +834,7 @@ "service_vulnerabilities": "Уязвимости сервиса", "services": "Сервисы", "severity": "Степень серьёзности", + "show_aliased_findings": "Показывать псевдонированные выводы", "show_complete_graph": "Показать полный график", "show_flat_view": "Показать плоский вид проекта", "show_in_dependency_graph": "Показать в графе зависимостей", @@ -913,8 +914,7 @@ "weakness": "Слабость", "will_not_fix": "Не будет исправлено", "workaround_available": "Доступно обходное решение", - "x_trust_boundary": "Пересечение границы доверия", - "show_aliased_findings": "Показывать псевдонированные выводы" + "x_trust_boundary": "Пересечение границы доверия" }, "operator": { "contains_all": "содержит все", diff --git a/src/i18n/locales/uk-UA.json b/src/i18n/locales/uk-UA.json index e77de3309..d0965f89d 100644 --- a/src/i18n/locales/uk-UA.json +++ b/src/i18n/locales/uk-UA.json @@ -834,6 +834,7 @@ "service_vulnerabilities": "Уразливості служби", "services": "Послуги", "severity": "Суворість", + "show_aliased_findings": "Показати псевдонім висновків", "show_complete_graph": "Показати повний графік", "show_flat_view": "Показати плоский вигляд проекту", "show_in_dependency_graph": "Показати в графі залежностей", @@ -913,8 +914,7 @@ "weakness": "Слабкість", "will_not_fix": "Не виправить", "workaround_available": "Доступний обхідний шлях", - "x_trust_boundary": "Перетнути кордон довіри", - "show_aliased_findings": "Показати псевдонім висновків" + "x_trust_boundary": "Перетнути кордон довіри" }, "operator": { "contains_all": "містить усе", diff --git a/src/i18n/locales/zh.json b/src/i18n/locales/zh.json index e3e9cd536..50e1f7c79 100644 --- a/src/i18n/locales/zh.json +++ b/src/i18n/locales/zh.json @@ -834,6 +834,7 @@ "service_vulnerabilities": "服务漏洞", "services": "服务", "severity": "严重程度", + "show_aliased_findings": "显示混叠的发现", "show_complete_graph": "显示完整图表", "show_flat_view": "展示单位项目视图", "show_in_dependency_graph": "在依赖图中显示", @@ -913,8 +914,7 @@ "weakness": "弱点", "will_not_fix": "不会修复", "workaround_available": "有解决方法", - "x_trust_boundary": "跨越信任边界", - "show_aliased_findings": "显示混叠的发现" + "x_trust_boundary": "跨越信任边界" }, "operator": { "contains_all": "包含全部",