feat: add more orderby fields to vulns query

tommytroen · ybelMekk · sindrerh2 · tommytroen · commit 8fd422e60777 · 2025-03-17T15:22:37.000+01:00
* use nodes pattern for list response“

Co-authored-by: ybelmekk &lt;youssef.bel.mekki@nav.no&gt;
Co-authored-by: sindrerh2 &lt;sindre.rodseth.hansen@nav.no&gt;
diff --git a/cmd/cli/main.go b/cmd/cli/main.go
@@ -262,7 +262,7 @@ func listSummaries(ctx context.Context, cmd *cli.Command, c vulnerabilities.Clie
 		tbl := table.New("Workload", "Cluster", "Namespace", "Has SBOM", "Critical", "High", "Medium", "Low", "Unassigned", "RiskScore")
 		tbl.WithHeaderFormatter(headerFmt).WithFirstColumnFormatter(columnFmt)
 
-		for _, n := range resp.WorkloadSummaries {
+		for _, n := range resp.GetNodes() {
 			tbl.AddRow(
 				// kills the layout
 				// n.Workload.GetImageName()+":"+n.GetWorkload().GetImageTag(),
diff --git a/cmd/client/main.go b/cmd/client/main.go
@@ -46,21 +46,6 @@ func main() {
 
 	listVulnz(c)
 
-	err = c.SuppressVulnerability(
-		ctx,
-		"europe-north1-docker.pkg.dev/nais-io/nais/images/dataproduct-apps",
-		"CVE-2020-25658",
-		"pkg:pypi/rsa@4.9",
-		"Not in my code doe",
-		"johnDoe@ali.com",
-		vulnerabilities.SuppressState_NOT_AFFECTED,
-		true,
-	)
-	if err != nil {
-		fmt.Println("YOLO")
-		panic(err)
-	}
-
 	sup, err := c.ListSuppressedVulnerabilities(
 		ctx,
 	)
@@ -165,7 +150,7 @@ func handle(resp *vulnerabilities.ListVulnerabilitySummariesResponse, err error)
 	if err != nil {
 		panic(err)
 	}
-	for _, w := range resp.WorkloadSummaries {
+	for _, w := range resp.Nodes {
 		fmt.Printf("workload: %v\n", w.Workload)
 		fmt.Printf("summary: %v\n", w.VulnerabilitySummary)
 	}
diff --git a/internal/api/grpcvulnerabilities/summary.go b/internal/api/grpcvulnerabilities/summary.go
@@ -67,8 +67,8 @@ func (s *Server) ListVulnerabilitySummaries(ctx context.Context, request *vulner
 	}
 
 	response := &vulnerabilities.ListVulnerabilitySummariesResponse{
-		WorkloadSummaries: ws,
-		PageInfo:          pageInfo,
+		Nodes:    ws,
+		PageInfo: pageInfo,
 	}
 	return response, nil
 }
diff --git a/internal/database/queries/vulnerabilities.sql b/internal/database/queries/vulnerabilities.sql
@@ -220,7 +220,15 @@ WHERE v.image_name = @image_name
 ORDER BY
     CASE WHEN sqlc.narg('order_by') = 'severity_asc' THEN c.severity END ASC,
     CASE WHEN sqlc.narg('order_by') = 'severity_desc' THEN c.severity END DESC,
-    v.id ASC
+    CASE WHEN sqlc.narg('order_by') = 'package_asc' THEN v.package END ASC,
+    CASE WHEN sqlc.narg('order_by') = 'package_desc' THEN v.package END DESC,
+    CASE WHEN sqlc.narg('order_by') = 'cve_id_asc' THEN v.cve_id END ASC,
+    CASE WHEN sqlc.narg('order_by') = 'cve_id_desc' THEN v.cve_id END DESC,
+    CASE WHEN sqlc.narg('order_by') = 'suppressed_asc' THEN COALESCE(sv.suppressed, FALSE) END ASC,
+    CASE WHEN sqlc.narg('order_by') = 'suppressed_desc' THEN COALESCE(sv.suppressed, FALSE) END DESC,
+    CASE WHEN sqlc.narg('order_by') = 'reason_asc' THEN sv.reason END ASC,
+    CASE WHEN sqlc.narg('order_by') = 'reason_desc' THEN sv.reason END DESC,
+    c.severity, v.id ASC
     LIMIT sqlc.arg('limit') OFFSET sqlc.arg('offset')
 ;
 
diff --git a/internal/database/sql/vulnerabilities.sql.go b/internal/database/sql/vulnerabilities.sql.go
diff --git a/pkg/api/vulnerabilities/options.go b/pkg/api/vulnerabilities/options.go
@@ -14,6 +14,10 @@ type OrderByField string
 
 const (
 	OrderBySeverity   OrderByField = "severity"
+	OrderByPackage    OrderByField = "package"
+	OrderByCveId      OrderByField = "cve_id"
+	OrderBySuppressed OrderByField = "suppressed"
+	OrderByReason     OrderByField = "reason"
 	OrderByCluster    OrderByField = "cluster"
 	OrderByNamespace  OrderByField = "namespace"
 	OrderByWorkload   OrderByField = "workload"
@@ -25,16 +29,33 @@ const (
 	OrderByRiskScore  OrderByField = "risk_score"
 )
 
+// Map of valid fields
+var validOrderByFields = map[OrderByField]struct{}{
+	OrderBySeverity:   {},
+	OrderByPackage:    {},
+	OrderByCveId:      {},
+	OrderBySuppressed: {},
+	OrderByReason:     {},
+	OrderByCluster:    {},
+	OrderByNamespace:  {},
+	OrderByWorkload:   {},
+	OrderByCritical:   {},
+	OrderByHigh:       {},
+	OrderByMedium:     {},
+	OrderByLow:        {},
+	OrderByUnassigned: {},
+	OrderByRiskScore:  {},
+}
+
+// String method for OrderByField
 func (o OrderByField) String() string {
 	return string(o)
 }
 
+// IsValid method using a map for efficient lookup
 func (o OrderByField) IsValid() bool {
-	switch o {
-	case OrderBySeverity, OrderByCluster, OrderByNamespace, OrderByWorkload:
-		return true
-	}
-	return false
+	_, exists := validOrderByFields[o]
+	return exists
 }
 
 const DefaultLimit = 50
diff --git a/pkg/api/vulnerabilities/schemas/vulnerabilities.proto b/pkg/api/vulnerabilities/schemas/vulnerabilities.proto
@@ -66,7 +66,7 @@ message ListVulnerabilitySummariesRequest {
 }
 
 message ListVulnerabilitySummariesResponse {
-  repeated WorkloadSummary workload_summaries = 1;
+  repeated WorkloadSummary nodes = 1;
   PageInfo page_info = 2;
 }
 
diff --git a/pkg/api/vulnerabilities/vulnerabilities.pb.go b/pkg/api/vulnerabilities/vulnerabilities.pb.go

Original file line number	Diff line number	Diff line change
`@@ -67,8 +67,8 @@ func (s Server) ListVulnerabilitySummaries(ctx context.Context, request vulner`
`67`	`67`	`}`
`68`	`68`
`69`	`69`	`response := &vulnerabilities.ListVulnerabilitySummariesResponse{`
`70`		`- WorkloadSummaries: ws,`
`71`		`- PageInfo: pageInfo,`
	`70`	`+ Nodes: ws,`
	`71`	`+ PageInfo: pageInfo,`
`72`	`72`	`}`
`73`	`73`	`return response, nil`
`74`	`74`	`}`
Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ message ListVulnerabilitySummariesRequest {`
`66`	`66`	`}`
`67`	`67`
`68`	`68`	`message ListVulnerabilitySummariesResponse {`
`69`		`- repeated WorkloadSummary workload_summaries = 1;`
	`69`	`+ repeated WorkloadSummary nodes = 1;`
`70`	`70`	`PageInfo page_info = 2;`
`71`	`71`	`}`
`72`	`72`