fix(ui): render kernel "Fixed in" git-commit hash readably

Tester: the "Fixed in" field showed a raw 40-char git commit hash (7713bd320ed4fc3d08a22...) that overflowed into the FIX badge and looked broken. Linux-kernel CVEs report their fix as an upstream commit hash, not a Debian package version. Added formatFixedVersion(): a hex string (12-64 chars, no version separators) is shown as "upstream commit <short>" with the full hash on hover; real versions render unchanged. Added break-words so nothing overflows the cell.
2026-06-03 15:42:37 +02:00
parent 97cb7915c6
commit 8a614ae5e5
1 changed files with 17 additions and 3 deletions
@@ -21,6 +21,19 @@ interface VulnDetail extends Vulnerability {
    assigned_group_name?: string;
 }

+// Linux-kernel CVEs report their "fix" as an upstream git commit hash
+// (e.g. 7713bd320ed4fc3d08a22...) rather than a Debian package version —
+// raw it looks like garbage in the "Fixed in" cell. Detect a hex hash
+// (no version separators) and show a short, labelled form instead.
+function formatFixedVersion(v?: string | null): string {
+    if (!v) return '';
+    const s = v.trim();
+    if (/^[0-9a-f]{12,64}$/i.test(s) && !/[.:~_+]/.test(s)) {
+        return `upstream commit ${s.slice(0, 12)}`;
+    }
+    return s;
+}
+
 // Refresh button with loading state + ephemeral "done" badge so a
 // click that returns identical EPSS/KEV data still gives the operator
 // visual confirmation the call ran (vs the previous silent UX).
@@ -235,8 +248,9 @@ export default function VulnerabilityDetailPage() {
                                                </div>
                                                <div className="col-span-3">
                                                    <span className="text-[10px] uppercase tracking-wider text-gray-500">Fixed in</span>
-                                                    <p className={`font-bold ${p.has_fix ? 'text-emerald-700' : 'text-gray-400'}`}>
-                                                        {p.fixed_version || (p.has_fix ? '—' : 'not announced')}
+                                                    <p className={`font-bold break-words ${p.has_fix ? 'text-emerald-700' : 'text-gray-400'}`}
+                                                       title={p.fixed_version || ''}>
+                                                        {formatFixedVersion(p.fixed_version) || (p.has_fix ? '—' : 'not announced')}
                                                    </p>
                                                </div>
                                                <div className="col-span-1 text-right">
@@ -269,7 +283,7 @@ export default function VulnerabilityDetailPage() {
                                        {vuln.fixed_version && (
                                            <div>
                                                <span className="text-gray-500">Fixed in:</span>
-                                                <p className="font-bold text-emerald-700">{vuln.fixed_version}</p>
+                                                <p className="font-bold text-emerald-700 break-words" title={vuln.fixed_version}>{formatFixedVersion(vuln.fixed_version)}</p>
                                            </div>
                                        )}
                                    </div>