Skip to content

vulnerability: fix search payload key + complete extension coverage#293

Merged
maximelb merged 1 commit into
cli-v2from
vulnerability-cli-completeness
May 13, 2026
Merged

vulnerability: fix search payload key + complete extension coverage#293
maximelb merged 1 commit into
cli-v2from
vulnerability-cli-completeness

Conversation

@maximelb
Copy link
Copy Markdown
Contributor

@maximelb maximelb commented May 13, 2026

Summary

  • Bug fix: _build_search was sending {"search": <field>, ...}, but ext-vulnerability-reporting's parseSearchOp reads s["field"] — every --search-* invocation was silently dropped server-side. Switch to {"field": ...} and update the assertion that locked in the wrong shape.
  • Round out coverage of the ext-vulnerability-reporting user-facing actions the CLI didn't yet expose:
    • New flags on existing commands: --include-enrichment, --filter-via-state, --normalized-package-name, --rollup-subpackages.
    • New subcommands:
      • vulnerability cve epss-historyquery_epss_history
      • vulnerability finding resolve / bulk-resolve / list / resetset_finding_resolution, bulk_set_finding_resolution, list_finding_resolutions, reset_asset_findings
      • vulnerability snapshot listquery_daily_snapshots
  • Help text now mentions lc_risk as a valid --sort-by on cve list and host packages (the extension already supports it).

Wire-shape verification

Action names and JSON field names cross-checked against the extension's RequestHandlers map and request struct tags in ext-vulnerability-reporting/ext/extension.go. Reopen semantics confirmed: omitting resolution produces req.Resolution == nil in Go, which materializeFindingResolution treats as reopen.

Test plan

  • Existing 62 vulnerability unit tests still pass after the search-key fix
  • New tests cover every new flag and subcommand (SDK + CLI levels)
  • test_cli_lazy_loading_regression.py snapshot extended with finding and snapshot subgroups
  • Full unit suite passes (3216 passed, 5 skipped; 1 pre-existing unrelated toon_format import error)
  • Smoke-test the new commands against a real org once the extension is rolled out

🤖 Generated with Claude Code

@maximelb @claude
vulnerability: fix search payload key + complete extension coverage
5f31b2c 
The CLI's search dict was sending {"search": <field>, ...} but the
extension's parseSearchOp reads s["field"] — so every --search-* call
was silently dropped server-side. Switch to {"field": ...} and update
the assertion that locked in the wrong shape.

Round out the rest of the surface the extension exposes:

- new flags: --include-enrichment, --filter-via-state on the list
  commands; --normalized-package-name on cve hosts;
  --rollup-subpackages on host packages; --include-enrichment on
  cve get / cve packages
- new subcommands:
  - vuln cve epss-history (query_epss_history)
  - vuln finding resolve / bulk-resolve / list / reset
    (set_finding_resolution, bulk_set_finding_resolution,
    list_finding_resolutions, reset_asset_findings)
  - vuln snapshot list (query_daily_snapshots)
- help text now mentions lc_risk as a valid --sort-by on cve list
  and host packages

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@maximelb maximelb requested a review from dzimine-lc May 13, 2026 03:16
@maximelb maximelb marked this pull request as ready for review May 13, 2026 03:17
@maximelb maximelb merged commit c894dce into cli-v2 May 13, 2026
7 checks passed
@maximelb maximelb deleted the vulnerability-cli-completeness branch May 13, 2026 03:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dzimine-lc dzimine-lc Awaiting requested review from dzimine-lc

Assignees

No one assigned

Labels

to-code-review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@maximelb