fix: option to update existing vuln analysis entry with new analysis

Author: taleodor

ui/src/components/CreateVulnAnalysisModal.vue

@@ -104,6 +104,7 @@ import { ref, computed, watch } from 'vue'
 import { NModal, NForm, NFormItem, NInput, NSelect, NButton, NSpace, NTag, NDynamicInput, useNotification, FormInst, FormRules } from 'naive-ui'
 import gql from 'graphql-tag'
 import graphqlClient from '@/utils/graphql'
+import { ANALYSIS_STATE_OPTIONS, ANALYSIS_JUSTIFICATION_OPTIONS } from '@/constants/vulnAnalysis'
 
 interface Props {
     show: boolean
@@ -154,11 +155,6 @@ const formData = ref({
     details: ''
 })
 
-const locationTypeOptions = [
-    { label: 'PURL', value: 'PURL' },
-    { label: 'Code Point', value: 'CODE_POINT' }
-]
-
 const scopeOptions = computed(() => {
     // If availableScopesOnly is provided, filter to only those scopes
     if (props.availableScopesOnly && props.availableScopesOnly.length > 0) {
@@ -190,24 +186,8 @@ const scopeOptions = computed(() => {
     return options
 })
 
-const stateOptions = [
-    { label: 'Exploitable', value: 'EXPLOITABLE' },
-    { label: 'In Triage', value: 'IN_TRIAGE' },
-    { label: 'False Positive', value: 'FALSE_POSITIVE' },
-    { label: 'Not Affected', value: 'NOT_AFFECTED' }
-]
-
-const justificationOptions = [
-    { label: 'Code Not Present', value: 'CODE_NOT_PRESENT' },
-    { label: 'Code Not Reachable', value: 'CODE_NOT_REACHABLE' },
-    { label: 'Requires Configuration', value: 'REQUIRES_CONFIGURATION' },
-    { label: 'Requires Dependency', value: 'REQUIRES_DEPENDENCY' },
-    { label: 'Requires Environment', value: 'REQUIRES_ENVIRONMENT' },
-    { label: 'Protected by Compiler', value: 'PROTECTED_BY_COMPILER' },
-    { label: 'Protected at Runtime', value: 'PROTECTED_AT_RUNTIME' },
-    { label: 'Protected at Perimeter', value: 'PROTECTED_AT_PERIMETER' },
-    { label: 'Protected by Mitigating Control', value: 'PROTECTED_BY_MITIGATING_CONTROL' }
-]
+const stateOptions = ANALYSIS_STATE_OPTIONS
+const justificationOptions = ANALYSIS_JUSTIFICATION_OPTIONS
 
 const rules: FormRules = {
     findingId: [{ required: true, message: 'Finding ID is required', trigger: 'blur' }],
@@ -292,7 +272,7 @@ const handleSubmit = async () => {
         await formRef.value.validate()
         submitting.value = true
         
-        const input = {
+        const input: any = {
             org: props.orgUuid,
             location: formData.value.location,
             locationType: formData.value.locationType,
@@ -302,9 +282,12 @@ const handleSubmit = async () => {
             scope: formData.value.scope,
             scopeUuid: formData.value.scopeUuid,
             state: formData.value.state,
-            justification: formData.value.justification,
             details: formData.value.details || null
         }
+
+        if (formData.value.justification) {
+            input.justification = formData.value.justification
+        }
         
         const response = await graphqlClient.mutate({
             mutation: gql`

ui/src/components/UpdateVulnAnalysisModal.vue

@@ -0,0 +1,170 @@
+<template>
+    <n-modal
+        v-model:show="isVisible"
+        title="Update Vulnerability Analysis"
+        preset="dialog"
+        :show-icon="false"
+        style="width: 60%;"
+    >
+        <n-form ref="formRef" :model="formData" :rules="rules">
+            <n-form-item label="Current State" path="state">
+                <n-select
+                    v-model:value="formData.state"
+                    :options="stateOptions"
+                    placeholder="Select analysis state"
+                />
+            </n-form-item>
+
+            <n-form-item label="Justification" path="justification">
+                <n-select
+                    v-model:value="formData.justification"
+                    :options="justificationOptions"
+                    placeholder="Select justification (optional)"
+                    clearable
+                />
+            </n-form-item>
+
+            <n-form-item label="Details" path="details">
+                <n-input
+                    v-model:value="formData.details"
+                    type="textarea"
+                    placeholder="Additional details (optional)"
+                    :rows="3"
+                />
+            </n-form-item>
+        </n-form>
+
+        <template #action>
+            <n-space>
+                <n-button @click="handleCancel">Cancel</n-button>
+                <n-button type="primary" @click="handleSubmit" :loading="submitting">
+                    Update Analysis
+                </n-button>
+            </n-space>
+        </template>
+    </n-modal>
+</template>
+
+<script lang="ts">
+export default {
+    name: 'UpdateVulnAnalysisModal'
+}
+</script>
+
+<script lang="ts" setup>
+import { ref, computed, watch } from 'vue'
+import { NModal, NForm, NFormItem, NSelect, NInput, NButton, NSpace, useNotification, FormInst, FormRules } from 'naive-ui'
+import gql from 'graphql-tag'
+import graphqlClient from '@/utils/graphql'
+import { ANALYSIS_STATE_OPTIONS, ANALYSIS_JUSTIFICATION_OPTIONS } from '@/constants/vulnAnalysis'
+
+interface Props {
+    show: boolean
+    analysisRecord: any
+}
+
+const props = defineProps<Props>()
+
+const emit = defineEmits<{
+    'update:show': [value: boolean]
+    'updated': [analysis: any]
+}>()
+
+const notification = useNotification()
+const formRef = ref<FormInst | null>(null)
+const submitting = ref(false)
+
+const isVisible = computed({
+    get: () => props.show,
+    set: (value: boolean) => emit('update:show', value)
+})
+
+const formData = ref({
+    state: 'IN_TRIAGE',
+    justification: null as string | null,
+    details: ''
+})
+
+const stateOptions = ANALYSIS_STATE_OPTIONS
+const justificationOptions = ANALYSIS_JUSTIFICATION_OPTIONS
+
+const rules: FormRules = {
+    state: [{ required: true, message: 'Analysis state is required', trigger: 'change' }]
+}
+
+// Watch for changes in the analysis record and populate form
+watch(() => props.analysisRecord, (newRecord) => {
+    if (newRecord) {
+        formData.value.state = newRecord.analysisState || 'IN_TRIAGE'
+        formData.value.justification = newRecord.analysisJustification || null
+        formData.value.details = ''
+    }
+}, { immediate: true })
+
+const handleCancel = () => {
+    isVisible.value = false
+}
+
+const handleSubmit = async () => {
+    if (!formRef.value) return
+    
+    try {
+        await formRef.value.validate()
+        submitting.value = true
+        
+        const input: any = {
+            analysisUuid: props.analysisRecord.uuid,
+            state: formData.value.state,
+            details: formData.value.details || null
+        }
+
+        if (formData.value.justification) {
+            input.justification = formData.value.justification
+        }
+        
+        const response = await graphqlClient.mutate({
+            mutation: gql`
+                mutation updateVulnAnalysis($analysis: UpdateVulnAnalysisInput!) {
+                    updateVulnAnalysis(analysis: $analysis) {
+                        uuid
+                        org
+                        location
+                        locationType
+                        findingId
+                        findingAliases
+                        findingType
+                        scope
+                        scopeUuid
+                        analysisState
+                        analysisJustification
+                        analysisHistory {
+                            state
+                            justification
+                            details
+                            createdDate
+                        }
+                    }
+                }
+            `,
+            variables: { analysis: input }
+        })
+        
+        notification.success({
+            content: 'Vulnerability analysis updated successfully',
+            duration: 3000
+        })
+        
+        emit('updated', response.data.updateVulnAnalysis)
+        isVisible.value = false
+    } catch (error: any) {
+        console.error('Error updating vulnerability analysis:', error)
+        notification.error({
+            content: 'Failed to update vulnerability analysis',
+            meta: error.message || 'Unknown error',
+            duration: 5000
+        })
+    } finally {
+        submitting.value = false
+    }
+}
+</script>

ui/src/components/ViewVulnAnalysisModal.vue

@@ -21,6 +21,12 @@
         </n-spin>
     </n-modal>
 
+    <update-vuln-analysis-modal
+        v-model:show="showUpdateAnalysisModal"
+        :analysis-record="selectedAnalysisRecord"
+        @updated="onAnalysisUpdated"
+    />
+    
     <create-vuln-analysis-modal
         v-model:show="showCreateAnalysisModal"
         :finding-row="findingRowData"
@@ -42,10 +48,12 @@ export default {
 
 <script lang="ts" setup>
 import { ref, computed, watch, h } from 'vue'
-import { NModal, NSpin, NDataTable, NTag, NSpace, NButton, useNotification, DataTableColumns } from 'naive-ui'
+import { NModal, NSpin, NDataTable, NTag, NSpace, NButton, NIcon, useNotification, DataTableColumns } from 'naive-ui'
 import gql from 'graphql-tag'
 import graphqlClient from '@/utils/graphql'
 import CreateVulnAnalysisModal from './CreateVulnAnalysisModal.vue'
+import UpdateVulnAnalysisModal from './UpdateVulnAnalysisModal.vue'
+import { Edit } from '@vicons/tabler'
 
 interface Props {
     show: boolean
@@ -76,6 +84,8 @@ const notification = useNotification()
 const loading = ref(false)
 const analysisRecords = ref<any[]>([])
 const showCreateAnalysisModal = ref(false)
+const showUpdateAnalysisModal = ref(false)
+const selectedAnalysisRecord = ref<any>(null)
 
 const isVisible = computed({
     get: () => props.show,
@@ -139,6 +149,11 @@ const handleAddScope = () => {
     showCreateAnalysisModal.value = true
 }
 
+const handleEditAnalysis = (record: any) => {
+    selectedAnalysisRecord.value = record
+    showUpdateAnalysisModal.value = true
+}
+
 const onAnalysisCreated = async () => {
     notification.success({
         content: 'Vulnerability analysis created successfully',
@@ -148,6 +163,15 @@ const onAnalysisCreated = async () => {
     await fetchAnalysisRecords()
 }
 
+const onAnalysisUpdated = async () => {
+    notification.success({
+        content: 'Vulnerability analysis updated successfully',
+        duration: 3000
+    })
+    // Refresh the analysis records
+    await fetchAnalysisRecords()
+}
+
 const columns: DataTableColumns<any> = [
     {
         title: 'Scope',
@@ -233,6 +257,21 @@ const columns: DataTableColumns<any> = [
                 })
             })
         }
+    },
+    {
+        title: 'Actions',
+        key: 'actions',
+        width: 80,
+        render: (row: any) => {
+            const editIcon = h(NIcon, {
+                title: 'Edit Analysis',
+                class: 'icons clickable',
+                size: 25,
+                onClick: () => handleEditAnalysis(row)
+            }, { default: () => h(Edit) })
+            
+            return h('div', {}, [editIcon])
+        }
     }
 ]
 

ui/src/constants/vulnAnalysis.ts

@@ -0,0 +1,19 @@
+export const ANALYSIS_STATE_OPTIONS = [
+    { label: 'Exploitable', value: 'EXPLOITABLE' },
+    { label: 'In Triage', value: 'IN_TRIAGE' },
+    { label: 'False Positive', value: 'FALSE_POSITIVE' },
+    { label: 'Not Affected', value: 'NOT_AFFECTED' }
+]
+
+export const ANALYSIS_JUSTIFICATION_OPTIONS = [
+    { label: 'N/A', value: '' },
+    { label: 'Code Not Present', value: 'CODE_NOT_PRESENT' },
+    { label: 'Code Not Reachable', value: 'CODE_NOT_REACHABLE' },
+    { label: 'Requires Configuration', value: 'REQUIRES_CONFIGURATION' },
+    { label: 'Requires Dependency', value: 'REQUIRES_DEPENDENCY' },
+    { label: 'Requires Environment', value: 'REQUIRES_ENVIRONMENT' },
+    { label: 'Protected by Compiler', value: 'PROTECTED_BY_COMPILER' },
+    { label: 'Protected at Runtime', value: 'PROTECTED_AT_RUNTIME' },
+    { label: 'Protected at Perimeter', value: 'PROTECTED_AT_PERIMETER' },
+    { label: 'Protected by Mitigating Control', value: 'PROTECTED_BY_MITIGATING_CONTROL' }
+]