feat: add show more expandable for long descriptions

src/main/resources/freemarker/templates/report.ftl

@@ -1,23 +1,4 @@
-<svg version="1.1" style="display: none" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
-    <symbol viewBox="0 0 10.9793322 13" id="shield-icon">
-        <title>Combined Shape</title>
-        <g id="New-dependencies-view" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-            <g id="Overview" transform="translate(-1207.172757, -938.000000)" fill="#3E8635">
-                <g id="Details-of-dependency-com.github" transform="translate(427.000000, 764.000000)">
-                    <g id="Dependency-1" transform="translate(0.000000, 144.000000)">
-                        <g id="Group-9" transform="translate(780.172757, 24.000000)">
-                            <g id="Group-4" transform="translate(0.000000, 3.200001)">
-                                <g id="Icons/2.-Size-sm/Actions/check" transform="translate(0.000000, 2.799999)">
-                                    <path d="M10.5565789,0 C10.7906249,0 10.9793322,0.181542969 10.9793322,0.40625 L10.9793322,5.74082031 C10.9793322,9.75 6.24081907,13 5.49579296,13 C4.75076684,13 0,9.75 0,5.73955078 L0,0.40625 C0,0.181542969 0.188707272,0 0.422753304,0 Z M8.54277883,3.11782667 L4.7912961,6.89087353 L3.03981338,5.1293244 C2.883609,4.97220683 2.63032812,4.97220683 2.47412375,5.1293244 L1.90844938,5.69826556 C1.75224501,5.85538312 1.75224501,6.11010449 1.90844938,6.26720671 L4.50845797,8.88215991 C4.66464708,9.03927747 4.9179127,9.03927747 5.07413233,8.88217525 L9.67414282,4.25570898 C9.8303472,4.09859141 9.8303472,3.84387004 9.67414282,3.68676782 L9.10846846,3.11782667 C8.95226408,2.96072444 8.6989832,2.96072444 8.54277883,3.11782667 Z" id="Combined-Shape"></path>
-                                </g>
-                            </g>
-                        </g>
-                    </g>
-                </g>
-            </g>
-        </g>
-    </symbol>
-</svg>
+<!DOCTYPE html>
 [#function htmlRef package]
     [#local result = package.name()?replace(".", "")]
     [#local result = result?replace(":","")]
@@ -43,7 +24,6 @@
 [#function vexLink cve]
     [#return body.vexPath + cve + "-Quarkus.json" ]
 [/#function]
-<!DOCTYPE html>
 <html lang="en-us">
 
 <head>

src/test/resources/__files/osvnvd/maven_report.json

@@ -436,7 +436,6 @@
       "aliases": ["GHSA-jjjh-jjxp-wpff"],
       "cveId": "CVE-2022-42003",
       "created": "2024-01-15T21:37:47.413+00:00",
-      "summary": "Uncontrolled Resource Consumption in Jackson-databind",
       "description": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0.",
       "affected": [
         {
@@ -875,7 +874,6 @@
       "aliases": ["GHSA-3fhx-3vvg-2j84"],
       "cveId": "CVE-2023-2974",
       "created": "2024-01-15T21:37:49.155+00:00",
-      "summary": "quarkus-core vulnerable to client driven TLS cipher downgrading",
       "description": "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.",
       "affected": [
         {

src/test/resources/__files/reports/report_all_token.json

@@ -215,7 +215,7 @@
                   "issues": [
                     {
                       "id": "CVE-2023-2974",
-                      "title": "quarkus-core vulnerable to client driven TLS cipher downgrading",
+                      "title": "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.",
                       "source": "osv-nvd",
                       "cvss": {
                         "attackVector": "Network",
@@ -248,7 +248,7 @@
                   ],
                   "highestVulnerability": {
                     "id": "CVE-2023-2974",
-                    "title": "quarkus-core vulnerable to client driven TLS cipher downgrading",
+                    "title": "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.",
                     "source": "osv-nvd",
                     "cvss": {
                       "attackVector": "Network",
@@ -284,7 +284,7 @@
                   "issues": [
                     {
                       "id": "CVE-2022-42003",
-                      "title": "Uncontrolled Resource Consumption in Jackson-databind",
+                      "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0.",
                       "source": "osv-nvd",
                       "cvss": {
                         "attackVector": "Network",
@@ -372,7 +372,7 @@
                   ],
                   "highestVulnerability": {
                     "id": "CVE-2022-42003",
-                    "title": "Uncontrolled Resource Consumption in Jackson-databind",
+                    "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0.",
                     "source": "osv-nvd",
                     "cvss": {
                       "attackVector": "Network",
@@ -403,7 +403,7 @@
               "recommendation": "pkg:maven/io.quarkus/[email protected]?repository_url=https%3A%2F%2Fmaven.repository.redhat.com%2Fga%2F&type=jar",
               "highestVulnerability": {
                 "id": "CVE-2023-2974",
-                "title": "quarkus-core vulnerable to client driven TLS cipher downgrading",
+                "title": "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.",
                 "source": "osv-nvd",
                 "cvss": {
                   "attackVector": "Network",

src/test/resources/__files/reports/v3/report_all_token.json

@@ -180,7 +180,7 @@
           "issues": [
             {
               "id": "CVE-2023-2974",
-              "title": "quarkus-core vulnerable to client driven TLS cipher downgrading",
+              "title": "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.",
               "source": "osv-nvd",
               "cvss": {
                 "attackVector": "Network",
@@ -210,7 +210,7 @@
           },
           "highestVulnerability": {
             "id": "CVE-2023-2974",
-            "title": "quarkus-core vulnerable to client driven TLS cipher downgrading",
+            "title": "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.",
             "source": "osv-nvd",
             "cvss": {
               "attackVector": "Network",
@@ -236,7 +236,7 @@
           "issues": [
             {
               "id": "CVE-2022-42003",
-              "title": "Uncontrolled Resource Consumption in Jackson-databind",
+              "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0.",
               "source": "osv-nvd",
               "cvss": {
                 "attackVector": "Network",
@@ -308,7 +308,7 @@
           },
           "highestVulnerability": {
             "id": "CVE-2022-42003",
-            "title": "Uncontrolled Resource Consumption in Jackson-databind",
+            "title": "In FasterXML jackson-databind 2.4.0-rc1 until 2.12.7.1 and in 2.13.x before 2.13.4.2 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.2, and 2.14.0.",
             "source": "osv-nvd",
             "cvss": {
               "attackVector": "Network",
@@ -333,7 +333,7 @@
       "recommendation": "pkg:maven/io.quarkus/[email protected]?repository_url=https%3A%2F%2Fmaven.repository.redhat.com%2Fga%2F&type=jar",
       "highestVulnerability": {
         "id": "CVE-2023-2974",
-        "title": "quarkus-core vulnerable to client driven TLS cipher downgrading",
+        "title": "A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.",
         "source": "osv-nvd",
         "cvss": {
           "attackVector": "Network",

ui/package.json

@@ -3,9 +3,9 @@
   "version": "0.1.0",
   "private": true,
   "dependencies": {
-    "@patternfly/react-charts": "^5.0.0",
-    "@patternfly/react-core": "^5.0.0",
-    "@patternfly/react-table": "^5.0.0",
+    "@patternfly/react-charts": "7.3.0-prerelease.1",
+    "@patternfly/react-core": "^5.2.0",
+    "@patternfly/react-table": "^5.2.0",
     "@testing-library/jest-dom": "^5.14.1",
     "@testing-library/react": "^13.0.0",
     "@testing-library/user-event": "^13.2.1",
@@ -19,6 +19,10 @@
     "typescript": "^4.4.2",
     "web-vitals": "^2.1.0"
   },
+  "resolutions": {
+    "@patternfly/react-styles": "^5.2.0",
+    "@patternfly/react-tokens": "^5.2.0"
+  },
   "scripts": {
     "start": "craco start",
     "build": "craco build && yarn copy:js:main && yarn copy:js:vendor && yarn copy:css:main && yarn copy:css:vendor",

ui/src/components/VulnerabilityRow.tsx

@@ -8,6 +8,7 @@ import { usePrivateIssueHelper } from "../hooks/usePrivateDataHelper";
 import { hasRemediations, VulnerabilityItem } from "../api/report";
 import { useAppContext } from '../App';
 import { VulnerabilityIdLink } from './VulnerabilityIdLink';
+import { VulnerabilityTitle } from './VulnerabilityTitle';
 
 interface VulnerabilityRowProps {
   item: VulnerabilityItem;
@@ -42,7 +43,7 @@ export const VulnerabilityRow: React.FC<VulnerabilityRowProps> = ({item, provide
               <p key={index}><VulnerabilityIdLink id={id}/></p>
             ))}
           </Td>
-          <Td>{item.vulnerability.title}</Td>
+          <Td><VulnerabilityTitle title={item.vulnerability.title}/></Td>
           <Td noPadding>
             <VulnerabilitySeverityLabel vulnerability={item.vulnerability}/>
           </Td>

ui/src/components/VulnerabilityTitle.tsx

@@ -0,0 +1,20 @@
+import { ExpandableSection, ExpandableSectionVariant } from '@patternfly/react-core';
+import React from 'react';
+
+export const VulnerabilityTitle = ({ title }: { title: string }) => {
+
+  const [isExpanded, setIsExpanded] = React.useState(false);
+  const onToggle = (_event: React.MouseEvent, isExpanded: boolean) => {
+    setIsExpanded(isExpanded);
+  };
+
+  return (
+    <ExpandableSection
+      variant={ExpandableSectionVariant.truncate}
+      toggleText={isExpanded ? 'Show less' : 'Show more'}
+      onToggle={onToggle}
+      isExpanded={isExpanded}>
+      {title}
+    </ExpandableSection>
+  )
+};