WIP: Snap CVEs POC #5139
WIP: Snap CVEs POC #5139
Conversation
Demo
Jenkins 
demos.haus 
…input for revisions
There was a problem hiding this comment.
Pull Request Overview
A proof-of-concept UI prototype to display snap vulnerability (CVE) data for publishers, including backend routes, API handlers, styles, and a new React page.
- Added CVE-specific URL rules and a new
get_binariesAPI endpoint - Created SCSS mixin and icon assets for CVE priority indicators
- Implemented a
SnapCvesReact component, navigation tab, and dev tooling
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| webapp/publisher/snaps/views.py | Added /\<snap_name>/cves UI route and remapped API route to get_binaries |
| webapp/publisher/cve/cve_views.py | Introduced get_binaries view to flatten and return binary-focused CVE data |
| static/sass/styles.scss | Imported and applied the snapcraft-cves mixin |
| static/sass/_snapcraft_cves.scss | Defined classes and icon backgrounds for CVE priority levels |
| static/js/publisher/publisher.tsx | Registered SnapCves route and included React Query Devtools |
| static/js/publisher/pages/SnapCves | Added SnapCves component and re-export index file |
| static/js/publisher/hooks/useCves.ts | Added a placeholder hook with hard-coded fetch path |
| static/js/publisher/components/SectionNav/SectionNav.tsx | Extended navigation to include a Vulnerabilities tab for canonical publishers |
| view_func=listing_views.get_listing_snap, | ||
| methods=["GET"], | ||
| ) | ||
| publisher_snaps.add_url_rule( |
There was a problem hiding this comment.
The UI route "/<snap_name>/cves" is wired to listing_views.get_listing_snap, which likely returns the wrong template. Add or point to a dedicated view for the CVE page.
Copilot uses AI. Check for mistakes.
| view_func=listing_views.get_listing_snap, | ||
| methods=["GET"], | ||
| ) | ||
| publisher_snaps.add_url_rule( |
There was a problem hiding this comment.
No backend route is defined for /api/<snap_name>/cves to fetch revision data, but the frontend queries it. Implement or register an endpoint to provide the initial revisions list.
Copilot uses AI. Check for mistakes.
| }); | ||
| }; | ||
|
|
||
| console.table(data); |
There was a problem hiding this comment.
[nitpick] Remove the console.table debug statement before merging to keep the production console clean.
| console.table(data); |
Copilot uses AI. Check for mistakes.
| function useCves() { | ||
| return useQuery({ | ||
| queryKey: ["cves"], | ||
| queryFn: async () => { | ||
| const response = await fetch(`/api/docker/3213/cves`); |
There was a problem hiding this comment.
The fetch path is hard-coded to /api/docker/3213/cves; parameterize or remove this placeholder to avoid confusion and support multiple snaps.
| function useCves() { | |
| return useQuery({ | |
| queryKey: ["cves"], | |
| queryFn: async () => { | |
| const response = await fetch(`/api/docker/3213/cves`); | |
| function useCves(snapId: string) { | |
| return useQuery({ | |
| queryKey: ["cves", snapId], | |
| queryFn: async () => { | |
| const response = await fetch(`/api/docker/${snapId}/cves`); |
Copilot uses AI. Check for mistakes.
| .p-icon--dark-tick { | ||
| @extend %icon; | ||
| } | ||
|
|
There was a problem hiding this comment.
[nitpick] The .p-icon--dark-tick class is extended but no background-image is defined. Either add the asset path or remove the unused selector.
| .p-icon--dark-tick { | |
| @extend %icon; | |
| } |
Copilot uses AI. Check for mistakes.
2 participants
Done
WIP: Proof of concept UI prototype of publishers view on snap vulnerabilities.
How to QA
Testing
Issue / Card
Fixes #
Screenshots