feat: add show more expandable for long descriptions

Signed-off-by: Ruben Romero Montes <[email protected]>

Author: ruromero

src/main/resources/freemarker/templates/generated/main.js

@@ -436,7 +436,6 @@
       "aliases": ["GHSA-jjjh-jjxp-wpff"],
       "cveId": "CVE-2022-42003",
       "created": "2024-01-15T21:37:47.413+00:00",
-      "summary": "Uncontrolled Resource Consumption in Jackson-databind",
       "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0.",
       "affected": [
         {
@@ -875,7 +874,6 @@
       "aliases": ["GHSA-3fhx-3vvg-2j84"],
       "cveId": "CVE-2023-2974",
       "created": "2024-01-15T21:37:49.155+00:00",
-      "summary": "quarkus-core vulnerable to client driven TLS cipher downgrading",
       "description": "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.",
       "affected": [
         {

src/main/resources/freemarker/templates/generated/vendor.css

@@ -215,7 +215,7 @@
                   "issues": [
                     {
                       "id": "CVE-2023-2974",
-                      "title": "quarkus-core vulnerable to client driven TLS cipher downgrading",
+                      "title": "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.",
                       "source": "osv-nvd",
                       "cvss": {
                         "attackVector": "Network",
@@ -248,7 +248,7 @@
                   ],
                   "highestVulnerability": {
                     "id": "CVE-2023-2974",
-                    "title": "quarkus-core vulnerable to client driven TLS cipher downgrading",
+                    "title": "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.",
                     "source": "osv-nvd",
                     "cvss": {
                       "attackVector": "Network",
@@ -284,7 +284,7 @@
                   "issues": [
                     {
                       "id": "CVE-2022-42003",
-                      "title": "Uncontrolled Resource Consumption in Jackson-databind",
+                      "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0.",
                       "source": "osv-nvd",
                       "cvss": {
                         "attackVector": "Network",
@@ -372,7 +372,7 @@
                   ],
                   "highestVulnerability": {
                     "id": "CVE-2022-42003",
-                    "title": "Uncontrolled Resource Consumption in Jackson-databind",
+                    "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0.",
                     "source": "osv-nvd",
                     "cvss": {
                       "attackVector": "Network",
@@ -403,7 +403,7 @@
               "recommendation": "pkg:maven/io.quarkus/[email protected]?repository_url=https%3A%2F%2Fmaven.repository.redhat.com%2Fga%2F&type=jar",
               "highestVulnerability": {
                 "id": "CVE-2023-2974",
-                "title": "quarkus-core vulnerable to client driven TLS cipher downgrading",
+                "title": "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.",
                 "source": "osv-nvd",
                 "cvss": {
                   "attackVector": "Network",

src/main/resources/freemarker/templates/generated/vendor.js

@@ -180,7 +180,7 @@
           "issues": [
             {
               "id": "CVE-2023-2974",
-              "title": "quarkus-core vulnerable to client driven TLS cipher downgrading",
+              "title": "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.",
               "source": "osv-nvd",
               "cvss": {
                 "attackVector": "Network",
@@ -210,7 +210,7 @@
           },
           "highestVulnerability": {
             "id": "CVE-2023-2974",
-            "title": "quarkus-core vulnerable to client driven TLS cipher downgrading",
+            "title": "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.",
             "source": "osv-nvd",
             "cvss": {
               "attackVector": "Network",
@@ -236,7 +236,7 @@
           "issues": [
             {
               "id": "CVE-2022-42003",
-              "title": "Uncontrolled Resource Consumption in Jackson-databind",
+              "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0.",
               "source": "osv-nvd",
               "cvss": {
                 "attackVector": "Network",
@@ -308,7 +308,7 @@
           },
           "highestVulnerability": {
             "id": "CVE-2022-42003",
-            "title": "Uncontrolled Resource Consumption in Jackson-databind",
+            "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0.",
             "source": "osv-nvd",
             "cvss": {
               "attackVector": "Network",
@@ -333,7 +333,7 @@
       "recommendation": "pkg:maven/io.quarkus/[email protected]?repository_url=https%3A%2F%2Fmaven.repository.redhat.com%2Fga%2F&type=jar",
       "highestVulnerability": {
         "id": "CVE-2023-2974",
-        "title": "quarkus-core vulnerable to client driven TLS cipher downgrading",
+        "title": "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.",
         "source": "osv-nvd",
         "cvss": {
           "attackVector": "Network",

src/test/resources/__files/osvnvd/maven_report.json

@@ -8,6 +8,7 @@ import { usePrivateIssueHelper } from "../hooks/usePrivateDataHelper";
 import { hasRemediations, VulnerabilityItem } from "../api/report";
 import { useAppContext } from '../App';
 import { VulnerabilityIdLink } from './VulnerabilityIdLink';
+import { VulnerabilityTitle } from './VulnerabilityTitle';
 
 interface VulnerabilityRowProps {
   item: VulnerabilityItem;
@@ -42,7 +43,7 @@ export const VulnerabilityRow: React.FC<VulnerabilityRowProps> = ({item, provide
               <p key={index}><VulnerabilityIdLink id={id}/></p>
             ))}
           </Td>
-          <Td>{item.vulnerability.title}</Td>
+          <Td><VulnerabilityTitle title={item.vulnerability.title}/></Td>
           <Td noPadding>
             <VulnerabilitySeverityLabel vulnerability={item.vulnerability}/>
           </Td>

src/test/resources/__files/reports/report_all_token.json

@@ -0,0 +1,25 @@
+import { Button, Truncate } from '@patternfly/react-core';
+import React from 'react';
+
+export const VulnerabilityTitle = ({ title }: { title: string }) => {
+
+  const [isExpanded, setIsExpanded] = React.useState(false);
+
+  if(title.length < 100) {
+    return <p>{title}</p>;
+  }
+  if(isExpanded) {
+    return (
+      <>
+        <p>{title}</p>
+        <Button variant='link' isInline onClick={() => setIsExpanded(!isExpanded)}>Show less</Button>
+      </>
+    )
+  }
+  return (
+    <>
+      <Truncate content={title}/>
+      <Button variant='link' isInline onClick={() => setIsExpanded(!isExpanded)}>Show more</Button>
+    </>
+  );
+};