Streamline UI views, forms and templates #798

- Use buitin ListView with standard pagination
- More counts and empty logic displays to templates
- Use includes for search boxes and common JS scripts
- Remove search by type. Instead allow using a partial purl with a type
- Format templates to avoid very long lines
- Expand package search to work with all purl attributes including
  non parsing purls. Use case insensitive contains lookup otherwise.
- Expand vulnerability search to use case insensitive contains lookup
  over vcid, aliases, reference ids and summary
- Prefer "VulnerableCode" over "VCIO"

Reference: #798
Signed-off-by: Philippe Ombredanne <[email protected]>

Author: pombredanne

vulnerabilities/forms.py

@@ -23,15 +23,16 @@ def get_known_package_types():
 
 class PackageForm(forms.Form):
 
-    type = forms.ChoiceField(choices=get_known_package_types)
-    name = forms.CharField(
+    package_name = forms.CharField(
         required=False, widget=forms.TextInput(attrs={"placeholder": "Package name or purl"})
     )
 
 
 class VulnerabilityForm(forms.Form):
 
-    vuln_id = forms.CharField(
+    vulnerability_id = forms.CharField(
         required=False,
-        widget=forms.TextInput(attrs={"placeholder": "Vulnerability ID or CVE/GHSA"}),
+        widget=forms.TextInput(
+            attrs={"placeholder": "Vulnerability id or alias such as CVE or GHSA"}
+        ),
     )

vulnerabilities/templates/index.html

@@ -2,160 +2,17 @@
 {% load widget_tweaks %}
 
 {% block title %}
-VCIO Home
+VulnerableCode Home
 {% endblock %}
 
 {% block content %}
-
-{% include 'navbar.html' %}
-
-<section class="section pt-0">
-    <div class="columns">
-        <div class="column is-size-4 has-text-weight-bold">
-            Welcome to VulnerableCode<span class="nexb-orange">.</span>io.
-        </div>
-    </div>
-    <article class='panel is-info'>
-        <div class='panel-heading py-2 is-size-6'>
-            Search for vulnerable packages
-            <div class="dropdown is-hoverable has-text-weight-normal">
-                <div class="dropdown-trigger">
-                    <i class="fa fa-question-circle ml-2"></i>
-                </div>
-                <div class="dropdown-menu dropdown-instructions-width" id="dropdown-menu4" role="menu">
-                    <div class="dropdown-content dropdown-instructions-box-shadow">
-                        <div class="dropdown-item">
-                            <div>
-                                <div>Search for currently known vulnerabilities for a <a href="https://github.com/package-url/purl-spec" target="_blank">Package-URL</a> (aka <span class="inline-code">purl</span>) or a package <span class="inline-code">name</span>.</div>
-                                <ul>
-                                    <li>
-                                        Search by package <span class="inline-code">name</span> -- type the <span class="inline-code">name</span> in the search box and, if relevant to your search, select the package <span class="inline-code">type</span> from the dropdown.
-                                    </li>
-                                    <li>
-                                        Search by <span class="inline-code">purl</span> -- type the <span class="inline-code">purl</span> in the search box. <span class="is-italic">(The <span class="inline-code">type</span> dropdown does not apply to a <span class="inline-code">purl</span> search.)</span>
-                                    </li>
-                                </ul>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-        <div class="panel-block">
-            <div class="pb-3 width-100-pct">
-                <form action="{% url 'package_search' %}" method="get" name="pkg_form" onsubmit="return validatePkgForm()">
-                    <div class="field has-addons mt-3">
-                        <div class="control">
-                            <div class="select">
-                                {{ package_form.type }}
-                            </div>
-                        </div>
-                        <div class="control width-100-pct">
-                            {{ package_form.name|add_class:"input" }}
-                        </div>
-                        <div class="control">
-                            <button class="button is-link" type="submit" id="submit_pkg" name="template" value="index">
-                                Search
-                            </button>
-                        </div>
-                    </div>
-                </form>
-                <div>
-                    {% if package_search %}
-                        <div class="notification search-alert">
-                            <button class=" delete"></button>
-                            {{ package_search }}
-                        </div>
-                    {% endif %}
-                </div>
-            </div>
-        </div>
-    </article>
-
-    <div class="pt-5"></div>
-
-    <article class='panel is-info'>
-        <div class='panel-heading py-2 is-size-6'>
-            Search for vulnerabilities
-            <div class="dropdown is-hoverable has-text-weight-normal">
-                <div class="dropdown-trigger">
-                    <i class="fa fa-question-circle ml-2"></i>
-                </div>
-                <div class="dropdown-menu dropdown-instructions-width" id="dropdown-menu4" role="menu">
-                    <div class="dropdown-content dropdown-instructions-box-shadow">
-                        <div class="dropdown-item">
-                            <div>Search for comprehensive information for a <span class="inline-code">VULCOID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
-                                <ul>
-                                    <li>
-                                        Search for a specific <span class="inline-code">VULCOID</span> (e.g., "VULCOID-1").
-                                    </li>
-                                    <li>
-                                        Search for all <span class="inline-code">VULCOID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
-                                    </li>
-                                    <li>
-                                        Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VULCOID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
-                                    </li>
-                                </ul>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-        <div class="panel-block">
-            <div class="pb-3 width-100-pct">
-                <form action="{% url 'vulnerability_search' %}" method="get" name="vulnerability_form" onsubmit="return validateVulnForm()">
-                    <div class="field has-addons mt-3">
-                        <div class="control width-100-pct">
-                            {% render_field vulnerability_form.vuln_id class="input" %}
-                        </div>
-                        <div class="control">
-                            <button class="button is-link" type="submit" id="submit_vuln">
-                                Search
-                            </button>
-                        </div>
-                    </div>
-                </form>
-                <div>
-                    {% if vuln_search %}
-                        <div class="notification search-alert">
-                            <button class=" delete"></button>
-                            {{ vuln_search }}
-                        </div>
-                    {% endif %}
-                </div>
-            </div>
-        </div>
-    </article>
-</section>
-
+    {% include "navbar.html" %}
+    <section class="section pt-0">
+       {% include "package_search_box.html" %}
+       {% include "vulnerability_search_box.html" %}
+    </section>
 {% endblock %}
 
 {% block scripts %}
-<script>
-    document.addEventListener('DOMContentLoaded', () => {
-        (document.querySelectorAll('.notification .delete') || []).forEach(($delete) => {
-            const $notification = $delete.parentNode;
-
-            $delete.addEventListener('click', () => {
-                $notification.parentNode.removeChild($notification);
-            });
-        });
-    });
-
-    function validatePkgForm() {
-        var x = document.forms["pkg_form"]["name"].value;
-        if (x.trim().length == "") {
-            return false;
-        }
-    }
-
-    function validateVulnForm() {
-        var x = document.forms["vulnerability_form"]["vuln_id"].value;
-        if (x.trim().length == "") {
-            return false;
-        }
-    }
-
-</script>
+   {% include "validate_form_scripts.html" %}
 {% endblock %}

vulnerabilities/templates/navbar.html

@@ -26,16 +26,21 @@
                     <div class="dropdown-menu navbar-hover-div" role="menu">
                     <div class="dropdown-content">
                         <div class="dropdown-item about-hover-div">
-                            A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities.
+                            A free and open vulnerabilities database and the packages they impact.
+                            And the tools to aggregate and correlate these vulnerabilities.
                             <ul>
                                 <li>
-                                    Sponsored by NLnet <a href="https://nlnet.nl/project/vulnerabilitydatabase/">https://nlnet.nl/project/vulnerabilitydatabase/</a> for <a href="https://www.aboutcode.org/">https://www.aboutcode.org/</a>
+                                    Sponsored by NLnet <a href="https://nlnet.nl/project/vulnerabilitydatabase/">
+                                    https://nlnet.nl/project/vulnerabilitydatabase/</a> for 
+                                    <a href="https://www.aboutcode.org/">https://www.aboutcode.org/</a>
                                 </li>
                                 <li>
-                                    Chat at <a href="https://gitter.im/aboutcode-org/vulnerablecode">https://gitter.im/aboutcode-org/vulnerablecode</a>
+                                    Chat at <a href="https://gitter.im/aboutcode-org/vulnerablecode">
+                                    https://gitter.im/aboutcode-org/vulnerablecode</a>
                                 </li>
                                 <li>
-                                    Docs at <a href=https://vulnerablecode.readthedocs.org/>https://vulnerablecode.readthedocs.org/</a>
+                                    Docs at <a href=https://vulnerablecode.readthedocs.org/>
+                                    https://vulnerablecode.readthedocs.org/</a>
                                 </li>
                             </ul>
                         </div>

vulnerabilities/templates/package_details.html

@@ -1,72 +1,17 @@
-{% extends 'base.html' %}
+{% extends "base.html" %}
 {% load humanize %}
 {% load widget_tweaks %}
 
 {% block title %}
-VCIO Package Details
+VulnerableCode Package Details
 {% endblock %}
 
 {% block content %}
 
-{% include 'navbar.html' %}
+{% include "navbar.html" %}
 
 <section class="section pt-0">
-    <article class='panel is-info'>
-        <div class='panel-heading py-2 is-size-6'>
-            Search for vulnerable packages
-            <div class="dropdown is-hoverable has-text-weight-normal">
-                <div class="dropdown-trigger">
-                    <i class="fa fa-question-circle ml-2"></i>
-                </div>
-                <div class="dropdown-menu dropdown-instructions-width" id="dropdown-menu4" role="menu">
-                    <div class="dropdown-content dropdown-instructions-box-shadow">
-                        <div class="dropdown-item">
-                            <div>
-                                <div>Search for currently known vulnerabilities for a <a href="https://github.com/package-url/purl-spec" target="_blank">Package-URL</a> (aka <span class="inline-code">purl</span>) or a package <span class="inline-code">name</span>.</div>
-                                <ul>
-                                    <li>
-                                        Search by package <span class="inline-code">name</span> -- type the <span class="inline-code">name</span> in the search box and, if relevant to your search, select the package <span class="inline-code">type</span> from the dropdown.
-                                    </li>
-                                    <li>
-                                        Search by <span class="inline-code">purl</span> -- type the <span class="inline-code">purl</span> in the search box. <span class="is-italic">(The <span class="inline-code">type</span> dropdown does not apply to a <span class="inline-code">purl</span> search.)</span>
-                                    </li>
-                                </ul>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-        <div class="panel-block">
-            <div class="pb-3 width-100-pct">
-                <form action="{% url 'package_search' %}" method="get" name="pkg_form" onsubmit="return validatePkgForm()">
-                    <div class="field has-addons mt-3">
-                        <div class="control">
-                            <div class="select">
-                                {{ package_form.type }}
-                            </div>
-                        </div>
-                        <div class="control width-100-pct">
-                            {{ package_form.name|add_class:"input" }}
-                        </div>
-                        <div class="control">
-                            <button class="button is-link" type="submit" id="submit_pkg" name="template" value="package_details">
-                                Search
-                            </button>
-                        </div>
-                    </div>
-                </form>
-                <div>
-                    {% if package_search %}
-                        <div class="notification search-alert">
-                            <button class=" delete"></button>
-                            {{ package_search }}
-                        </div>
-                    {% endif %}
-                </div>
-            </div>
-        </div>
-    </article>
+   {% include "package_search_box.html"%}
 </section>
 
 {% if package %}
@@ -126,7 +71,7 @@
                             {% for vuln in impacted_vuln %}
                                 <tr>
                                     <td>
-                                        <a href="{% url 'vulnerability_view' vuln.pk %}?vuln_id={{ vuln.vulnerability_id }}" target="_self">{{ vuln.vulnerability_id }}</a>
+                                        <a href="{% url 'vulnerability_view' vuln.pk %}?vulnerability_id={{ vuln.vulnerability_id }}" target="_self">{{ vuln.vulnerability_id }}</a>
                                     </td>
                                     <td>
                                         {{ vuln.summary }}
@@ -147,7 +92,7 @@
                         {% else %}
                             <tr>
                                 <td colspan="3">
-                                    This package is not affected by any vulnerabilities.
+                                    This package is not affected by known vulnerabilities.
                                 </td>
                             </tr>
                         {% endif %}
@@ -178,7 +123,7 @@
                             {% for vuln in resolved_vuln %}
                                 <tr>
                                     <td>
-                                        <a href="{% url 'vulnerability_view' vuln.pk %}?vuln_id={{ vuln.vulnerability_id }}" target="_self">{{ vuln.vulnerability_id }}</a>
+                                        <a href="{% url 'vulnerability_view' vuln.pk %}?vulnerability_id={{ vuln.vulnerability_id }}" target="_self">{{ vuln.vulnerability_id }}</a>
                                     </td>
                                     <td>
                                         {{ vuln.summary }}
@@ -213,23 +158,5 @@
 {% endblock %}
 
 {% block scripts %}
-<script>
-    document.addEventListener('DOMContentLoaded', () => {
-        (document.querySelectorAll('.notification .delete') || []).forEach(($delete) => {
-            const $notification = $delete.parentNode;
-
-            $delete.addEventListener('click', () => {
-                $notification.parentNode.removeChild($notification);
-            });
-        });
-    });
-
-    function validatePkgForm() {
-        var x = document.forms["pkg_form"]["name"].value;
-        if (x.trim().length == "") {
-            return false;
-        }
-    }
-</script>
-
-{% endblock %}
+   {% include "validate_form_scripts.html" %}
+{% endblock %}