feat(vulnerabilities): add severity filter to GetVulnerabilitiesQuery

[l1ttps]

No description provided.

[gemini-code-assist]

Summary of Changes

Hello @l1ttps, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a significant enhancement to the vulnerabilities management interface by adding a severity filter. Users can now easily narrow down their view of vulnerabilities based on their criticality, improving the efficiency of security assessment and response workflows. The changes span across both the frontend, with a new interactive filter component, and the backend, with updated API endpoints and service logic to support the new filtering capability.

Highlights

• New Severity Filter UI: A new multi-select dropdown component (SeverityFilter) has been added to the vulnerabilities list page, allowing users to filter vulnerabilities by severity levels (Critical, High, Medium, Low, Info).
• Backend API Extension: The GetVulnerabilitiesQueryDto in the core-api has been extended to accept an optional severity array, enabling the backend to filter vulnerabilities based on the selected severity levels.
• Vulnerabilities Service Logic: The VulnerabilitiesService now incorporates the severity parameter into its database query, dynamically filtering results when severity levels are provided.
• API Type Definition Updates: Generated API types (queries.ts, api.ts) have been updated to include the new severity filter parameter and reflect changes in DataPayloadResult.raw type. Several unused security report related types and hooks were also removed.
• UI Component Refinements: Minor styling adjustments were made to the generic SelectTrigger component and the StatusFilter to ensure visual consistency with the new SeverityFilter.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• console/src/components/ui/select.tsx
  • Standardized import statements and added semicolons for consistency.
  • Updated SelectTrigger, SelectContent, SelectLabel, SelectItem, SelectSeparator, SelectScrollUpButton, and SelectScrollDownButton components with minor formatting changes (e.g., changing double quotes to single quotes for string literals in className and position props, adding semicolons).
• console/src/pages/vulnerabilities/components/severity-filter.tsx
  • Added a new SeverityFilter component for multi-select severity filtering.
  • Defined SEVERITY_OPTIONS with display labels, colors, and corresponding API enum values.
  • Implemented toggleSeverity logic to manage selected severity levels.
  • Designed the filter button to display the count of selected severities and a 'Clear filters' option.
• console/src/pages/vulnerabilities/components/status-filter.tsx
  • Modified the SelectTrigger styling to use a dashed border, smaller text size, and adjusted padding, aligning its appearance with the new SeverityFilter.
• console/src/pages/vulnerabilities/list-vulnerabilitys.tsx
  • Imported VulnerabilitiesControllerGetVulnerabilitiesSeverityItem and the new SeverityFilter component.
  • Introduced a severityFilter state using useState to manage the selected severity levels.
  • Updated the useVulnerabilitiesControllerGetVulnerabilities query to include the severity parameter, passing selected severity levels to the API.
  • Added severityFilter to the dependency array of the vulnerability query to re-fetch data when the filter changes.
  • Implemented handleSeverityFilterChange to update the severity filter state, clear row selections, and reset the current page.
  • Integrated the SeverityFilter component into the toolbar alongside the existing StatusFilter, grouping them within a div for layout.
• console/src/services/apis/gen/queries.ts
  • Added VulnerabilitiesControllerGetVulnerabilitiesSeverityItem enum and type definition.
  • Extended VulnerabilitiesControllerGetVulnerabilitiesParams to include an optional severity array for filtering.
  • Changed the type of DataPayloadResult.raw from string to DataPayloadResultRaw (an object type).
  • Removed various types and associated query/mutation hooks related to SecurityReport (e.g., Top3RiskDto, ExecutiveReportContentDto, SecurityReport, CreateReportDto, UpdateReportDto, and their corresponding controller functions), indicating a cleanup or refactor of report functionality.
• core-api/src/modules/vulnerabilities/dto/get-vulnerability.dto.ts
  • Imported the Severity enum.
  • Added an optional severity property to GetVulnerabilitiesQueryDto, decorated with @ApiProperty, @IsEnum, @IsOptional, and @Transform to handle single or array values for severity filtering.
• core-api/src/modules/vulnerabilities/vulnerabilities.service.ts
  • Destructured the new severity parameter from the GetVulnerabilitiesQueryDto in the getVulnerabilities method.
  • Added a conditional andWhere clause to the TypeORM queryBuilder to filter vulnerabilities by the provided severity levels if any are selected.
• worker/services/core-api/api.ts
  • Changed the type of DataPayloadResult.raw from string to object.
  • Removed several interfaces and enums related to SecurityReport (e.g., Top3RiskDto, ExecutiveReportContentDto, SecurityReport, CreateReportDto, UpdateReportDto, and their corresponding API methods), streamlining the API definitions.
  • Added VulnerabilitiesControllerGetVulnerabilitiesParamsSeverityEnum.
  • Updated the Api.vulnerabilitiesControllerGetVulnerabilities method to include the optional severity parameter in its request definition.

Activity

• l1ttps created this pull request to add a severity filter to the vulnerability listing.
• The changes involve modifications to both the frontend UI components and the backend API and service logic to support the new filtering functionality.
• API type definitions were updated to reflect the new filter parameter and remove deprecated security report related types.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a severity filter for the vulnerabilities list, enhancing the filtering capabilities. A new SeverityFilter component has been created, and the backend has been updated to support filtering by severity.

My review has identified a high-severity bug in the new SeverityFilter component where a click handler is duplicated, causing the filter selection to not work correctly. I've also pointed out a typo in a filename for better maintainability.

Overall, this is a great feature addition. Addressing these points will make it ready for merge.

[gemini-code-assist]

When the checkbox is clicked, the onClick event bubbles up to the parent div, causing toggleSeverity to be called twice (once from onCheckedChange on the Checkbox and once from onClick on the div). This prevents the checkbox from updating its state correctly. To fix this, you can stop the event propagation from the checkbox to its parent.

                <Checkbox
                  checked={isSelected}
                  onCheckedChange={() => toggleSeverity(option.value)}
                  onClick={(e) => e.stopPropagation()}
                  className="border-muted-foreground"
                />

[gemini-code-assist]

There's a typo in this file's name. For consistency and better maintainability, it should be renamed from list-vulnerabilitys.tsx to list-vulnerabilities.tsx.