Merge pull request #894 from nexB/798-refine-ui-improved

Improve UI

Author: pombredanne

vulnerabilities/forms.py

@@ -10,37 +10,29 @@
 from django import forms
 
 from vulnerabilities.models import Package
-from vulnerabilities.models import PackageRelatedVulnerability
-from vulnerabilities.models import Vulnerability
 
 
-def get_package_types():
+def get_known_package_types():
+    """
+    Return a list of known package types.
+    """
     pkg_types = [(i.type, i.type) for i in Package.objects.distinct("type").all()]
     pkg_types.append((None, "Any type"))
     return pkg_types
 
 
-def get_package_namespaces():
-    pkg_namespaces = [
-        (i.namespace, i.namespace)
-        for i in Package.objects.distinct("namespace").all()
-        if i.namespace
-    ]
-    pkg_namespaces.append((None, "package namespace"))
-    return pkg_namespaces
-
-
 class PackageForm(forms.Form):
 
-    type = forms.ChoiceField(choices=get_package_types)
-    name = forms.CharField(
+    package_name = forms.CharField(
         required=False, widget=forms.TextInput(attrs={"placeholder": "Package name or purl"})
     )
 
 
-class CVEForm(forms.Form):
+class VulnerabilityForm(forms.Form):
 
-    vuln_id = forms.CharField(
+    vulnerability_id = forms.CharField(
         required=False,
-        widget=forms.TextInput(attrs={"placeholder": "Vulnerability ID or CVE/GHSA"}),
+        widget=forms.TextInput(
+            attrs={"placeholder": "Vulnerability id or alias such as CVE or GHSA"}
+        ),
     )

vulnerabilities/models.py

@@ -10,7 +10,6 @@
 import hashlib
 import json
 import logging
-import uuid
 
 from django.conf import settings
 from django.core.exceptions import ValidationError
@@ -59,6 +58,11 @@ class Vulnerability(models.Model):
         through="PackageRelatedVulnerability",
     )
 
+    @property
+    def severities(self):
+        for reference in self.references.all():
+            yield from VulnerabilitySeverity.objects.filter(reference=reference.id)
+
     def save(self, *args, **kwargs):
         super().save(*args, **kwargs)
         if not self.vulnerability_id:
@@ -113,10 +117,6 @@ class VulnerabilityReference(models.Model):
         blank=True,
     )
 
-    @property
-    def severities(self):
-        return VulnerabilitySeverity.objects.filter(reference=self.id)
-
     class Meta:
         unique_together = (
             "url",

vulnerabilities/templates/index.html

@@ -2,160 +2,17 @@
 {% load widget_tweaks %}
 
 {% block title %}
-VCIO Home
+VulnerableCode Home
 {% endblock %}
 
 {% block content %}
-
-{% include 'navbar.html' %}
-
-<section class="section pt-0">
-    <div class="columns">
-        <div class="column is-size-4 has-text-weight-bold">
-            Welcome to VulnerableCode<span class="nexb-orange">.</span>io.
-        </div>
-    </div>
-    <article class='panel is-info'>
-        <div class='panel-heading py-2 is-size-6'>
-            Search for vulnerable packages
-            <div class="dropdown is-hoverable has-text-weight-normal">
-                <div class="dropdown-trigger">
-                    <i class="fa fa-question-circle ml-2"></i>
-                </div>
-                <div class="dropdown-menu dropdown-instructions-width" id="dropdown-menu4" role="menu">
-                    <div class="dropdown-content dropdown-instructions-box-shadow">
-                        <div class="dropdown-item">
-                            <div>
-                                <div>Search for currently known vulnerabilities for a <a href="https://github.com/package-url/purl-spec" target="_blank">Package-URL</a> (aka <span class="inline-code">purl</span>) or a package <span class="inline-code">name</span>.</div>
-                                <ul>
-                                    <li>
-                                        Search by package <span class="inline-code">name</span> -- type the <span class="inline-code">name</span> in the search box and, if relevant to your search, select the package <span class="inline-code">type</span> from the dropdown.
-                                    </li>
-                                    <li>
-                                        Search by <span class="inline-code">purl</span> -- type the <span class="inline-code">purl</span> in the search box. <span class="is-italic">(The <span class="inline-code">type</span> dropdown does not apply to a <span class="inline-code">purl</span> search.)</span>
-                                    </li>
-                                </ul>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-        <div class="panel-block">
-            <div class="pb-3 width-100-pct">
-                <form action="{% url 'package_search' %}" method="get" name="pkg_form" onsubmit="return validatePkgForm()">
-                    <div class="field has-addons mt-3">
-                        <div class="control">
-                            <div class="select">
-                                {{ package_form.type }}
-                            </div>
-                        </div>
-                        <div class="control width-100-pct">
-                            {{ package_form.name|add_class:"input" }}
-                        </div>
-                        <div class="control">
-                            <button class="button is-link" type="submit" id="submit_pkg" name="template" value="index">
-                                Search
-                            </button>
-                        </div>
-                    </div>
-                </form>
-                <div>
-                    {% if package_search %}
-                        <div class="notification search-alert">
-                            <button class=" delete"></button>
-                            {{ package_search }}
-                        </div>
-                    {% endif %}
-                </div>
-            </div>
-        </div>
-    </article>
-
-    <div class="pt-5"></div>
-
-    <article class='panel is-info'>
-        <div class='panel-heading py-2 is-size-6'>
-            Search for vulnerabilities
-            <div class="dropdown is-hoverable has-text-weight-normal">
-                <div class="dropdown-trigger">
-                    <i class="fa fa-question-circle ml-2"></i>
-                </div>
-                <div class="dropdown-menu dropdown-instructions-width" id="dropdown-menu4" role="menu">
-                    <div class="dropdown-content dropdown-instructions-box-shadow">
-                        <div class="dropdown-item">
-                            <div>Search for comprehensive information for a <span class="inline-code">VULCOID</span> (VulnerableCode Database ID). <span class="is-italic">(Only the first of these methods requires that the input be all uppercase.)</span>
-                                <ul>
-                                    <li>
-                                        Search for a specific <span class="inline-code">VULCOID</span> (e.g., "VULCOID-1").
-                                    </li>
-                                    <li>
-                                        Search for all <span class="inline-code">VULCOID</span>s that are associated with a specific <span class="inline-code">CVE</span> (e.g., "CVE-2009-3898") or <span class="inline-code">GHSA</span> (e.g., "GHSA-2qrg-x229-3v8q").
-                                    </li>
-                                    <li>
-                                        Search for "CVE" or "GHSA" -- this will return all <span class="inline-code">VULCOID</span>s that are associated with one or more <span class="inline-code">CVE</span>s or <span class="inline-code">GHSA</span>s, respectively.
-                                    </li>
-                                </ul>
-                            </div>
-                        </div>
-                    </div>
-                </div>
-            </div>
-        </div>
-        <div class="panel-block">
-            <div class="pb-3 width-100-pct">
-                <form action="{% url 'vulnerability_search' %}" method="get" name="vuln_form" onsubmit="return validateVulnForm()">
-                    <div class="field has-addons mt-3">
-                        <div class="control width-100-pct">
-                            {% render_field vuln_form.vuln_id class="input" %}
-                        </div>
-                        <div class="control">
-                            <button class="button is-link" type="submit" id="submit_vuln">
-                                Search
-                            </button>
-                        </div>
-                    </div>
-                </form>
-                <div>
-                    {% if vuln_search %}
-                        <div class="notification search-alert">
-                            <button class=" delete"></button>
-                            {{ vuln_search }}
-                        </div>
-                    {% endif %}
-                </div>
-            </div>
-        </div>
-    </article>
-</section>
-
+    {% include "navbar.html" %}
+    <section class="section pt-0">
+       {% include "package_search_box.html" %}
+       {% include "vulnerability_search_box.html" %}
+    </section>
 {% endblock %}
 
 {% block scripts %}
-<script>
-    document.addEventListener('DOMContentLoaded', () => {
-        (document.querySelectorAll('.notification .delete') || []).forEach(($delete) => {
-            const $notification = $delete.parentNode;
-
-            $delete.addEventListener('click', () => {
-                $notification.parentNode.removeChild($notification);
-            });
-        });
-    });
-
-    function validatePkgForm() {
-        var x = document.forms["pkg_form"]["name"].value;
-        if (x.trim().length == "") {
-            return false;
-        }
-    }
-
-    function validateVulnForm() {
-        var x = document.forms["vuln_form"]["vuln_id"].value;
-        if (x.trim().length == "") {
-            return false;
-        }
-    }
-
-</script>
+   {% include "validate_form_scripts.html" %}
 {% endblock %}

vulnerabilities/templates/navbar.html

@@ -26,16 +26,21 @@
                     <div class="dropdown-menu navbar-hover-div" role="menu">
                     <div class="dropdown-content">
                         <div class="dropdown-item about-hover-div">
-                            A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities.
+                            A free and open vulnerabilities database and the packages they impact.
+                            And the tools to aggregate and correlate these vulnerabilities.
                             <ul>
                                 <li>
-                                    Sponsored by NLnet <a href="https://nlnet.nl/project/vulnerabilitydatabase/">https://nlnet.nl/project/vulnerabilitydatabase/</a> for <a href="https://www.aboutcode.org/">https://www.aboutcode.org/</a>
+                                    Sponsored by NLnet <a href="https://nlnet.nl/project/vulnerabilitydatabase/">
+                                    https://nlnet.nl/project/vulnerabilitydatabase/</a> for
+                                    <a href="https://www.aboutcode.org/">https://www.aboutcode.org/</a>
                                 </li>
                                 <li>
-                                    Chat at <a href="https://gitter.im/aboutcode-org/vulnerablecode">https://gitter.im/aboutcode-org/vulnerablecode</a>
+                                    Chat at <a href="https://gitter.im/aboutcode-org/vulnerablecode">
+                                    https://gitter.im/aboutcode-org/vulnerablecode</a>
                                 </li>
                                 <li>
-                                    Docs at <a href=https://vulnerablecode.readthedocs.org/>https://vulnerablecode.readthedocs.org/</a>
+                                    Docs at <a href=https://vulnerablecode.readthedocs.org/>
+                                    https://vulnerablecode.readthedocs.org/</a>
                                 </li>
                             </ul>
                         </div>