modal, add unknown

Author: avivkeller

apps/site/components/Downloads/EOLModal/index.tsx

@@ -1,9 +1,13 @@
 import { Modal, Title, Content } from '@node-core/ui-components/Common/Modal';
+import classNames from 'classnames';
 import { useTranslations } from 'next-intl';
 import type { FC } from 'react';
 
 import LinkWithArrow from '#site/components/LinkWithArrow';
-import { VulnerabilityChip } from '#site/components/MDX/EOL/VulnerabilityChips';
+import {
+  VulnerabilityChip,
+  SEVERITY_ORDER,
+} from '#site/components/MDX/EOL/VulnerabilityChips';
 import type { Vulnerability } from '#site/next-data/providers/vulnerabilities';
 import type { ModalProps } from '#site/providers/modalProvider';
 import type { NodeRelease } from '#site/types';
@@ -13,88 +17,134 @@ type EOLModalData = {
   vulnerabilities: Array<Vulnerability>;
 };
 
+const VulnerabilitiesTable: FC<{
+  vulnerabilities: Array<Vulnerability>;
+  maxWidth?: string;
+}> = ({ vulnerabilities, maxWidth = 'max-w-2xs' }) => {
+  const t = useTranslations('components.eolModal');
+
+  return (
+    <table className="w-full">
+      <thead>
+        <tr>
+          <th>{t('table.cves')}</th>
+          <th>{t('table.severity')}</th>
+          <th>{t('table.overview')}</th>
+          <th>{t('table.details')}</th>
+        </tr>
+      </thead>
+      <tbody>
+        {vulnerabilities.map((vuln, i) => (
+          <tr key={i}>
+            <td>
+              {vuln.cve.length
+                ? vuln.cve.map(cveId => (
+                    <div key={cveId}>
+                      <LinkWithArrow
+                        href={`https://cve.mitre.org/cgi-bin/cvename.cgi?name=${cveId}`}
+                        target="_blank"
+                        rel="noopener noreferrer"
+                      >
+                        {cveId}
+                      </LinkWithArrow>
+                    </div>
+                  ))
+                : '-'}
+            </td>
+            <td>
+              <VulnerabilityChip severity={vuln.severity} />
+            </td>
+            <td className={classNames(maxWidth, 'truncate')}>
+              {vuln.description || vuln.overview || '-'}
+            </td>
+            <td>
+              {vuln.ref ? (
+                <LinkWithArrow
+                  href={vuln.ref}
+                  target="_blank"
+                  rel="noopener noreferrer"
+                >
+                  {t('blogLinkText')}
+                </LinkWithArrow>
+              ) : (
+                '—'
+              )}
+            </td>
+          </tr>
+        ))}
+      </tbody>
+    </table>
+  );
+};
+
+const UnknownSeveritySection: FC<{
+  vulnerabilities: Array<Vulnerability>;
+  hasKnownVulns: boolean;
+}> = ({ vulnerabilities, hasKnownVulns }) => {
+  const t = useTranslations('components.eolModal');
+
+  if (!vulnerabilities.length) {
+    return null;
+  }
+
+  return (
+    <details open={!hasKnownVulns}>
+      <summary className="cursor-pointer font-semibold">
+        {t('showUnknownSeverities')} ({vulnerabilities.length})
+      </summary>
+      <div className="mt-4">
+        <VulnerabilitiesTable
+          vulnerabilities={vulnerabilities}
+          maxWidth={'max-w-3xs'}
+        />
+      </div>
+    </details>
+  );
+};
+
 const EOLModal: FC<ModalProps> = ({ open, closeModal, data }) => {
   const { release, vulnerabilities } = data as EOLModalData;
   const t = useTranslations('components.eolModal');
 
-  const modalHeadingKey = release.codename ? 'title' : 'titleWithoutCodename';
-
-  const modalHeading = t(modalHeadingKey, {
+  const modalHeading = t(release.codename ? 'title' : 'titleWithoutCodename', {
     version: release.major,
     codename: release.codename ?? '',
   });
 
-  const actualVulnerabilities = vulnerabilities.filter(
-    vuln => vuln.severity !== 'unknown'
+  const [knownVulns, unknownVulns] = vulnerabilities.reduce(
+    (acc, vuln) => {
+      acc[vuln.severity === 'unknown' ? 1 : 0].push(vuln);
+      return acc;
+    },
+    [[], []] as [Array<Vulnerability>, Array<Vulnerability>]
+  );
+
+  knownVulns.sort(
+    (a, b) =>
+      SEVERITY_ORDER.indexOf(a.severity) - SEVERITY_ORDER.indexOf(b.severity)
   );
 
+  const hasKnownVulns = knownVulns.length > 0;
+  const hasAnyVulns = hasKnownVulns || unknownVulns.length > 0;
+
   return (
     <Modal open={open} onOpenChange={closeModal}>
       <Title>{modalHeading}</Title>
-
       <Content>
-        {actualVulnerabilities.length > 0 ? (
-          <>
-            <p className="m-1">
-              {t('vulnerabilitiesMessage', {
-                count: actualVulnerabilities.length,
-              })}
-            </p>
-
-            <table>
-              <thead>
-                <tr>
-                  <th>{t('table.cves')}</th>
-                  <th>{t('table.severity')}</th>
-                  <th>{t('table.overview')}</th>
-                  <th>{t('table.details')}</th>
-                </tr>
-              </thead>
-              <tbody>
-                {actualVulnerabilities.map((vuln, index) => (
-                  <tr key={index}>
-                    <td>
-                      {vuln.cve.length > 0
-                        ? vuln.cve.map(cveId => (
-                            <div key={cveId}>
-                              <LinkWithArrow
-                                href={`https://cve.mitre.org/cgi-bin/cvename.cgi?name=${cveId}`}
-                                target="_blank"
-                                rel="noopener noreferrer"
-                              >
-                                {cveId}
-                              </LinkWithArrow>
-                            </div>
-                          ))
-                        : '-'}
-                    </td>
-                    <td>
-                      <VulnerabilityChip severity={vuln.severity} />
-                    </td>
-                    <td className="max-w-xs truncate">
-                      {vuln.description || vuln.overview || '-'}
-                    </td>
-                    <td>
-                      {vuln.ref ? (
-                        <LinkWithArrow
-                          href={vuln.ref}
-                          target="_blank"
-                          rel="noopener noreferrer"
-                        >
-                          {t('blogLinkText')}
-                        </LinkWithArrow>
-                      ) : (
-                        '—'
-                      )}
-                    </td>
-                  </tr>
-                ))}
-              </tbody>
-            </table>
-          </>
-        ) : (
-          <p className="m-1">{t('noVulnerabilitiesMessage')}</p>
+        {vulnerabilities.length > 0 && (
+          <p className="m-1">
+            {t('vulnerabilitiesMessage', { count: vulnerabilities.length })}
+          </p>
         )}
+
+        {hasKnownVulns && <VulnerabilitiesTable vulnerabilities={knownVulns} />}
+
+        <UnknownSeveritySection
+          vulnerabilities={unknownVulns}
+          hasKnownVulns={hasKnownVulns}
+        />
+
+        {!hasAnyVulns && <p className="m-1">{t('noVulnerabilitiesMessage')}</p>}
       </Content>
     </Modal>
   );

apps/site/components/MDX/EOL/VulnerabilityChips.tsx

@@ -13,7 +13,7 @@ const SEVERITY_CONFIG = {
   critical: { label: 'Critical', kind: 'error' },
 } as const;
 
-const SEVERITY_ORDER = (
+export const SEVERITY_ORDER = (
   Object.keys(SEVERITY_CONFIG) as Array<keyof typeof SEVERITY_CONFIG>
 )
   // Remove 'unknown'

packages/i18n/src/locales/en.json

@@ -177,6 +177,7 @@
       "vulnerabilitiesMessage": "There are {count}+ known vulnerabilities associated with this Node.js release. Please review their severity and details to understand the potential impact.",
       "noVulnerabilitiesMessage": "There are no known vulnerabilities for this release, but that does not guarantee it is secure. Older or unsupported versions may still contain undiscovered vulnerabilities. We recommend upgrading to a supported release for continued security and stability.",
       "blogLinkText": "Blog",
+      "showUnknownSeverities": "Show vulnerabilities of unknown severity",
       "table": {
         "cves": "CVE(s)",
         "severity": "Severity",