Skip to content

fix: show matching rules for reopened vulnerabilities#781

Open
JagadeeshChandra12 wants to merge 1 commit into
l3montree-dev:mainfrom
JagadeeshChandra12:fix-reopened-vuln-label
Open

fix: show matching rules for reopened vulnerabilities#781
JagadeeshChandra12 wants to merge 1 commit into
l3montree-dev:mainfrom
JagadeeshChandra12:fix-reopened-vuln-label

Conversation

@JagadeeshChandra12

@JagadeeshChandra12 JagadeeshChandra12 commented Jun 10, 2026

Copy link
Copy Markdown

Summary

Addresses the label correction portion of issue #2114.

Previously, the vulnerability details page always displayed "Applied Rules" even when a vulnerability had been reopened and the matching VEX rule was no longer applied.

This change introduces helper functions to determine whether a VEX rule is currently applied to a vulnerability and updates the UI to display the correct label:

  • Applied Rules when all matching rules are currently applied.
  • Matching Rules when rules match but are no longer applied (for example, after a vulnerability has been reopened).

Changes

  • Added src/utils/vexRuleHelpers.ts
  • Added src/utils/vexRuleHelpers.test.ts
  • Replaced the hardcoded VEX rules label with a dynamic label in the vulnerability details page

Testing

Added unit tests covering:

  • false positive rule applied
  • accepted rule applied
  • reopened vulnerability (state=open)
  • mixed rule states
  • empty rule lists

Related Issue

Partially addresses #2114 (label correction).

@timbastin

timbastin commented Jun 11, 2026

Copy link
Copy Markdown
Member

Hi @JagadeeshChandra12 thanks a lot for your contribution. I think we should determine if a vex rule is applied to a vulnerability by checking the vuln events. There should be a vuln event, which was created by a vex rule (isCreatedByVexRule - or something like this - as a property of vulnevents.) if we actually find such an event we need to determine what the exact vex rule was for this. We can do that by doing the vulnerability path matching client side and compare the state of the event. What do you think about that?

@seb-kw

seb-kw commented Jun 16, 2026

Copy link
Copy Markdown
Member

Hi @JagadeeshChandra12 thanks a lot for your contribution. I think we should determine if a vex rule is applied to a vulnerability by checking the vuln events. There should be a vuln event, which was created by a vex rule (isCreatedByVexRule - or something like this - as a property of vulnevents.) if we actually find such an event we need to determine what the exact vex rule was for this. We can do that by doing the vulnerability path matching client side and compare the state of the event. What do you think about that?

Hey @JagadeeshChandra12 thank you from my side too - can you provide a status if you will be able to continue on that?

Cheers!

@JagadeeshChandra12

JagadeeshChandra12 commented Jun 16, 2026

Copy link
Copy Markdown
Author

Hi @seb-kw, thanks for the explanation. I understand the approach of checking vulnerability events for one created by a VEX rule and then determining the exact rule through client-side path matching and event state comparison.

I can continue investigating this and will look into the relevant code paths and provide an update soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JagadeeshChandra12 @timbastin @seb-kw