Update Quay Sec UI as per feedback from design team

Fixes #1281
2016-03-09 15:28:21 -05:00 · 2016-03-09 15:28:21 -05:00 · 821b09daaf
commit 821b09daaf
parent c75fcfbd5e
20 changed files with 656 additions and 564 deletions
--- a/static/directives/image-feature-view.html
+++ b/static/directives/image-feature-view.html
@ -16,7 +16,7 @@
  </div>

  <!-- Scanned and has no features -->
-  <div ng-if="securityStatus == 'scanned' && !securityFeatures.length">
+  <div ng-if="securityStatus == 'scanned' && !featuresInfo.features.length">
    <div class="empty" style="margin-top: 20px;">
      <div class="empty-icon">
        <i class="fa ci-package"></i>
@ -29,7 +29,7 @@
  </div>

  <!-- Scanned -->
-  <div ng-if="securityStatus == 'scanned' && securityFeatures.length">
+  <div ng-if="securityStatus == 'scanned' && featuresInfo.features.length">
    <!-- Header -->
    <div class="security-header row">
      <div class="donut-col col-md-3">
@ -42,13 +42,13 @@
      </div>
      <div class="summary-col col-md-9">
        <ul class="summary-list">
-          <li class="title-item">Quay Security Scanner has resolved <strong>{{ securityFeatures.length }}</strong> packages.</li>
-          <li ng-repeat="priority in featureBreakdown">
-            <span ng-if="priority.label != 'None'">
-              <i class="fa ci-package" ng-style="{'color': priority.color}"></i> <strong>{{ priority.value }}</strong> packages with {{ priority.label }}-level vulnerabilities.
+          <li class="title-item">Quay Security Scanner has recognized <strong>{{ featuresInfo.features.length }}</strong> packages.</li>
+          <li ng-repeat="severity in featuresInfo.severityBreakdown">
+            <span class="package-item" ng-if="severity.label != 'None'">
+              <i class="fa ci-package" ng-style="{'color': severity.color}"></i> <strong>{{ severity.value }}</strong> packages with {{ severity.label }}-level vulnerabilities.
            </span>
-            <span ng-if="priority.label == 'None'" style="margin-top: 20px; display: inline-block;">
-              <i class="fa ci-package" ng-style="{'color': priority.color}"></i> <strong>{{ priority.value }}</strong> packages with no vulnerabilities.
+            <span class="package-item" ng-if="severity.label == 'None'" style="margin-top: 20px; display: inline-block;">
+              <i class="fa ci-package" ng-style="{'color': severity.color}"></i> <strong>{{ severity.value }}</strong> packages with no vulnerabilities.
            </span>
          </li>
        </ul>
@ -57,33 +57,33 @@

    <!-- Filter -->
    <span class="co-filter-box">
-      <span class="filter-message" ng-if="options.featureFilter">
-        Showing {{ orderedFeatures.entries.length }} of {{ securityFeatures.length }} packages
+      <span class="filter-message" ng-if="options.filter">
+        Showing {{ orderedFeatures.entries.length }} of {{ featuresInfo.features.length }} packages
      </span>
-      <input class="form-control" type="text" ng-model="options.featureFilter" placeholder="Filter Packages...">
+      <input class="form-control" type="text" ng-model="options.filter" placeholder="Filter Packages...">
    </span>
    <h3>Image Packages</h3>

    <!-- Table -->
    <table class="co-table">
     <thead>
-      <td ng-class="tablePredicateClass('name', options.predicate, options.reverse)">
-        <a href="javascript:void(0)" ng-click="orderBy('name')">Package Name</a>
+      <td ng-class="TableService.tablePredicateClass('name', options.predicate, options.reverse)">
+        <a href="javascript:void(0)" ng-click="TableService.orderBy('name', options)">Package Name</a>
      </td>
      <td class="hidden-xs">
        Package Version
      </td>
-      <td ng-class="tablePredicateClass('score', options.predicate, options.reverse)">
-        <a href="javascript:void(0)" ng-click="orderBy('score')">Vulnerabilities</a>
+      <td ng-class="TableService.tablePredicateClass('score', options.predicate, options.reverse)">
+        <a href="javascript:void(0)" ng-click="TableService.orderBy('score', options)">Vulnerabilities</a>
      </td>
      <td class="hidden-xs hidden-sm hidden-md"
-          ng-class="tablePredicateClass('leftoverScore', options.predicate, options.reverse)"
+          ng-class="TableService.tablePredicateClass('leftoverScore', options.predicate, options.reverse)"
          data-title="Identified vulnerabilities remaining after the package is upgraded to the latest version"
          data-container="body" bs-tooltip>
-        <a href="javascript:void(0)" ng-click="orderBy('leftoverScore')">Remaining after upgrade</a>
+        <a href="javascript:void(0)" ng-click="TableService.orderBy('leftoverScore', options)">Remaining after upgrade</a>
      </td>
-      <td ng-class="tablePredicateClass('fixableScore', options.predicate, options.reverse)">
-        <a href="javascript:void(0)" ng-click="orderBy('fixableScore')"
+      <td ng-class="TableService.tablePredicateClass('fixableScore', options.predicate, options.reverse)">
+        <a href="javascript:void(0)" ng-click="TableService.orderBy('fixableScore', options)"
           data-title="Delta of the severity of vulnerabilities in the package before->after upgrading" data-container="body" bs-tooltip>Upgrade impact</a>
      </td>
      <td class="hidden-xs hidden-sm hidden-md">
@ -104,13 +104,13 @@
              <i class="fa fa-check-circle"></i>None Detected
            </span>
            <span class="vuln-summary" bo-if="feature.vulnCount != 0">
-              <span ng-style="{'color': feature.primarySeverity.color}">
+              <span ng-style="{'color': feature.severityBreakdown[0].color}">
                <i class="fa fa fa-exclamation-triangle"></i>
-                {{ feature.primarySeverity.count }}
-                {{ feature.primarySeverity.title }}
+                {{ feature.primarySeverity.value }}
+                {{ feature.primarySeverity.label }}
              </span>
-              <span bo-if="feature.vulnCount - feature.primarySeverity.count > 0">
-              + {{ feature.vulnCount - feature.primarySeverity.count }} additional
+              <span bo-if="feature.vulnCount - feature.primarySeverity.value > 0">
+              + {{ feature.vulnCount - feature.primarySeverity.value }} additional
              </span>
            </span>
         </td>
@ -118,18 +118,18 @@
            <span class="empty" bo-if="feature.vulnCount == 0">
              (N/A)
            </span>
-            <span class="no-vulns" bo-if="feature.vulnCount != 0 && feature.leftoverBreakdown.length == 0">
+            <span class="no-vulns" bo-if="feature.vulnCount != 0 && feature.leftoverCount == 0">
                <i class="fa fa-arrow-circle-right"></i>
                All identified vulnerabilities fixed
            </span>
-            <span class="vuln-summary" bo-if="feature.vulnCount != 0 && feature.leftoverBreakdown.length != 0">
+            <span class="vuln-summary" bo-if="feature.vulnCount != 0 && feature.leftoverCount != 0">
              <span ng-style="{'color': feature.primaryLeftover.color}">
                <i class="fa fa-arrow-circle-right"></i>
-                {{ feature.primaryLeftover.count }}
-                {{ feature.primaryLeftover.title }}
+                {{ feature.primaryLeftover.value }}
+                {{ feature.primaryLeftover.label }}
              </span>
-              <span bo-if="feature.leftoverCount - feature.primaryLeftover.count > 0">
-              + {{ feature.leftoverCount - feature.primaryLeftover.count }} additional
+              <span bo-if="feature.leftoverCount - feature.primaryLeftover.value > 0">
+              + {{ feature.leftoverCount - feature.primaryLeftover.value }} additional
              </span>
            </span>
         </td>
@ -137,8 +137,11 @@
           <span class="empty" bo-if="feature.vulnCount == 0">
             (N/A)
           </span>
-           <span bo-if="feature.vulnCount > 0">
-             <span class="strength-indicator" value="feature.fixableScore" maximum="highestFixableScore"
+           <span class="empty" bo-if="feature.fixableScore == 0">
+             (No changes)
+           </span>
+           <span bo-if="feature.vulnCount > 0 && feature.fixableScore > 0">
+             <span class="strength-indicator" value="feature.fixableScore" maximum="featuresInfo.highestFixableScore"
                 log-base="2"></span>
           </span>
         </td>
@ -152,7 +155,7 @@
        </tr>
      </tbody>
    </table>
-   <div class="empty" ng-if="securityFeatures.length && !orderedFeatures.entries.length"
+   <div class="empty" ng-if="featuresInfo.features.length && !orderedFeatures.entries.length"
        style="margin-top: 20px;">
    <div class="empty-primary-msg">No matching packages found.</div>
    <div class="empty-secondary-msg">Try expanding your filtering terms.</div>
--- a/static/directives/image-vulnerability-view.html
+++ b/static/directives/image-vulnerability-view.html
@ -16,7 +16,7 @@
  </div>

  <!-- Scanned and has no features -->
-  <div ng-if="securityStatus == 'scanned' && !securityFeatures.length">
+  <div ng-if="securityStatus == 'scanned' && !vulnerabilitiesInfo.features.length">
    <div class="empty" style="margin-top: 20px;">
      <div class="empty-icon">
        <i class="fa fa-bug"></i>
@ -29,10 +29,10 @@
  </div>

  <!-- Scanned and has features -->
-  <div ng-if="securityStatus == 'scanned' && securityFeatures.length">
+  <div ng-if="securityStatus == 'scanned' && vulnerabilitiesInfo.features.length">
    <!-- Header -->
-    <div class="security-header row">
-      <div class="donut-col col-md-3">
+    <div class="security-header">
+      <div class="donut-col">
        <div id="vulnDonutChart" style="position: relative;">
          <svg style="height:250px; width:250px"></svg>
          <span class="donut-icon">
@ -40,51 +40,56 @@
          </span>
        </div>
      </div>
-      <div class="summary-col col-md-9">
-        <ul class="summary-list" ng-if="priorityBreakdown.length">
-          <li class="title-item">Quay Security Scanner has detected <strong>{{ securityVulnerabilities.length }}</strong> vulnerabilities.</li>
+      <div class="summary-col">
+        <ul class="summary-list" ng-if="vulnerabilitiesInfo.severityBreakdown.length">
+          <li class="title-item">Quay Security Scanner has detected <strong>{{ vulnerabilitiesInfo.vulnerabilities.length }}</strong> vulnerabilities.</li>
+          <li class="subtitle-item" ng-if="vulnerabilitiesInfo.fixable.length">
+            Patches are available for <strong>{{ vulnerabilitiesInfo.fixable.length }}</strong> vulnerabilities.
+          </li>

-          <li ng-repeat="priority in priorityBreakdown">
-            <i class="fa fa-exclamation-triangle" ng-style="{'color': priority.color}"></i> <strong>{{ priority.value }}</strong> {{ priority.label }}-level vulnerabilities.
+          <li style="margin-bottom: 30px"></li>
+
+          <li class="severity-item" ng-repeat="severity in vulnerabilitiesInfo.severityBreakdown">
+            <i class="fa fa-exclamation-triangle" ng-style="{'color': severity.color}"></i> <strong>{{ severity.value }}</strong> {{ severity.label }}-level vulnerabilities.
          </li>
        </ul>

-        <div ng-if="!priorityBreakdown.length">
+        <div ng-if="!vulnerabilitiesInfo.severityBreakdown.length">
          Quay Security Scanner has detected no vulnerabilities in this image.
        </div>
      </div>
    </div>

    <!-- Filter -->
-    <span class="co-filter-box" ng-show="priorityBreakdown.length">
-      <span class="filter-message" ng-if="options.vulnFilter || options.fixableVulns">
-        Showing {{ orderedVulnerabilities.entries.length }} of {{ securityVulnerabilities.length }} Vulnerabilities
+    <span class="co-filter-box with-options" ng-show="vulnerabilitiesInfo.vulnerabilities.length">
+      <span class="filter-message" ng-if="options.filter || options.fixableVulns">
+        Showing {{ orderedVulnerabilities.entries.length }} of {{ vulnerabilitiesInfo.vulnerabilities.length }} Vulnerabilities
      </span>
-      <input class="form-control" type="text" ng-model="options.vulnFilter" placeholder="Filter Vulnerabilities...">
+      <input class="form-control" type="text" ng-model="options.filter" placeholder="Filter Vulnerabilities...">
      <div class="filter-options">
-        <label><input type="checkbox" ng-model="options.fixableVulns">Only display vulnerabilities with fixes</label>
+        <label><input type="checkbox" ng-model="options.fixableVulns">Only show fixable</label>
      </div>
    </span>
    <h3>Image Vulnerabilities</h3>

    <!-- Table -->
-    <div class="empty" ng-if="!securityVulnerabilities.length"
+    <div class="empty" ng-if="!vulnerabilitiesInfo.vulnerabilities.length"
          style="margin-top: 20px;">
      <div class="empty-primary-msg">No vulnerabilities found.</div>
      <div class="empty-secondary-msg">Quay Security Scanner has detected no vulnerabilities in this image.</div>
    </div>

-    <table class="co-table" ng-show="priorityBreakdown.length">
+    <table class="co-table" ng-show="vulnerabilitiesInfo.vulnerabilities.length">
     <thead>
      <td class="caret-col"></td>
-      <td ng-class="tablePredicateClass('name', options.predicate, options.reverse)">
-        <a href="javascript:void(0)" ng-click="orderBy('name')">CVE</a>
+      <td ng-class="TableService.tablePredicateClass('name', options.predicate, options.reverse)">
+        <a href="javascript:void(0)" ng-click="TableService.orderBy('name', options)">CVE</a>
      </td>
-      <td ng-class="tablePredicateClass('score', options.predicate, options.reverse)">
-        <a href="javascript:void(0)" ng-click="orderBy('score')">CVSS / Severity</a>
+      <td ng-class="TableService.tablePredicateClass('score', options.predicate, options.reverse)">
+        <a href="javascript:void(0)" ng-click="TableService.orderBy('score', options)">Severity</a>
      </td>
-      <td class="hidden-xs" ng-class="tablePredicateClass('featureName', options.predicate, options.reverse)">
-        <a href="javascript:void(0)" ng-click="orderBy('featureName')">Package</a>
+      <td class="hidden-xs" ng-class="TableService.tablePredicateClass('featureName', options.predicate, options.reverse)">
+        <a href="javascript:void(0)" ng-click="TableService.orderBy('featureName', options)">Package</a>
      </td>
      <td class="hidden-xs">Current version</td>
      <td class="hidden-xs hidden-sm">Fixed in version</td>
@ -108,17 +113,22 @@
            </a>
         </td>
         <td class="single-col nowrap-col">
-           <span bo-if="vuln.metadata.NVD.CVSSv2.Score">
-              <span class="cvss-text" bo-text="vuln.metadata.NVD.CVSSv2.Score"></span>
-              <span class="cvss"><span bo-style="{'width': (vuln.metadata.NVD.CVSSv2.Score * 10) + '%', 'background-color': getCVSSColor(vuln.metadata.NVD.CVSSv2.Score)}"></span>
+           <span bo-if="vuln.cvssScore && !vuln.scoreDivergence">
+              <span class="cvss-text" bo-text="vuln.cvssScore"></span>
+              <span class="cvss"><span bo-style="{'width': (vuln.cvssScore * 10) + '%', 'background-color': vuln.cvssColor}"></span>
              </span>
           </span>
-           <span bo-if="!vuln.metadata.NVD.CVSSv2.Score">
+           <span bo-if="!vuln.cvssScore || vuln.scoreDivergence" data-title="{{ getSeverityTooltip(vuln) }}" data-container="body" bs-tooltip>
              <span class="vulnerability-priority-view" priority="vuln.severity"></span>
+              <span class="asterisk" ng-if="vuln.scoreDivergence == 'adjusted-lower'" ng-style="{'color': vuln.severityInfo.color}">
+                <i class="fa fa-asterisk"></i>
+              </span>
           </span>
         </td>
         <td class="single-col hidden-xs"><span bo-text="vuln.featureName"></span></td>
-         <td class="single-col hidden-xs hidden-sm"><span bo-text="vuln.introducedInVersion"></span></td>
+         <td class="single-col hidden-xs hidden-sm">
+           <span bo-text="vuln.introducedInVersion"></span>
+         </td>
         <td class="single-col hidden-xs">
            <span class="empty" bo-if="!vuln.fixedInVersion">(None)</span>
            <span class="fixed-in-version" bo-if="vuln.fixedInVersion" bo-text="vuln.fixedInVersion"></span>
@ -137,7 +147,12 @@
              <div class="subtitle">Summary</div>
              <table>
                <tr><td>Package:</td><td><span bo-text="vuln.featureName"></span></td></tr>
-                <tr><td>Introduced in version:</td><td><span bo-text="vuln.introducedInVersion"></span></td></tr>
+                <tr>
+                  <td>Introduced in version:</td>
+                  <td>
+                    <span bo-text="vuln.introducedInVersion"></span>
+                  </td>
+                </tr>
                <tr>
                  <td>Fixed in version:</td>
                  <td>
@ -152,6 +167,15 @@
              </table>
            </div>

+            <div class="severity-note" bo-if="vuln.scoreDivergence">
+              <div class="subtitle">Severity note</div>
+              <span class="description">
+                Note that this vulnerability was originally given a CVSSv2 score of <strong bo-text="vuln.cvssScore"></strong> by NVD but was subsequently reclassified as
+                <span class="vulnerability-priority-view" priority="vuln.severity"></span>
+                by <span bo-text="getDistro(vuln)"></span>
+              </span>
+            </div>
+
            <div class="vectors" bo-if="vuln.metadata.NVD.CVSSv2.Vectors">
              <div class="subtitle">Vectors</div>
              <div class="nvd-vectors-display" vectors="{{ vuln.metadata.NVD.CVSSv2.Vectors }}"></div>
@ -163,7 +187,7 @@
        </tr>
      </tbody>
    </table>
-   <div class="empty" ng-if="securityVulnerabilities.length && !orderedVulnerabilities.entries.length"
+   <div class="empty" ng-if="vulnerabilitiesInfo.vulnerabilities.length && !orderedVulnerabilities.entries.length"
        style="margin-top: 20px;">
    <div class="empty-primary-msg">No matching vulnerabilities found.</div>
    <div class="empty-secondary-msg">Try expanding your filtering terms.</div>
--- a/static/directives/repo-view/repo-panel-tags.html
+++ b/static/directives/repo-view/repo-panel-tags.html
@ -169,7 +169,7 @@
          </span>

          <!-- Vulns -->
-          <span ng-if="getTagVulnerabilities(tag).status == 'scanned' && getTagVulnerabilities(tag).hasVulnerabilities"
+          <span ng-if="getTagVulnerabilities(tag).status == 'scanned' && getTagVulnerabilities(tag).hasFeatures && getTagVulnerabilities(tag).hasVulnerabilities"
                ng-class="getTagVulnerabilities(tag).highestVulnerability.Priority"
                class="has-vulns" bindonce>
              <a class="vuln-link" bo-href-i="/repository/{{ repository.namespace }}/{{ repository.name }}/image/{{ tag.image_id }}?tab=vulnerabilities"
--- a/static/directives/vulnerability-priority-view.html
+++ b/static/directives/vulnerability-priority-view.html
@ -1,4 +1,4 @@
-<span class="vulnerability-priority-view-element" ng-class="priority">
+<span class="vulnerability-priority-view-element" ng-style="{'color': color}">
  <i class="fa fa-exclamation-triangle"></i>
  <span ng-transclude/>
  {{ priority }}