fix(vulnerabilities): coalesce summary and details for description field#3990
fix(vulnerabilities): coalesce summary and details for description field#3990
Conversation
Signed-off-by: anilb <epipav@gmail.com>
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
|
|
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
1 similar comment
|
Your PR title doesn't contain a Jira issue key. Consider adding it for better traceability. Example:
Projects:
Please add a Jira issue key to your PR title. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
| any (v.packageName) as packageName, | ||
| any (v.severity) as severity, | ||
| any (v.summary) as description, | ||
| coalesce(any (v.summary), any (v.details)) as description, |
There was a problem hiding this comment.
coalesce never falls back because column is non-nullable
High Severity
coalesce(any(v.summary), any(v.details)) will never fall back to v.details because the summary column is defined as a non-nullable String with DEFAULT '' in the datasource. The any() aggregate on a non-nullable string column returns '' (not NULL) when the value is empty, and coalesce only substitutes NULL values. The fallback is effectively dead code. Something like nullIf would be needed to convert empty strings to NULL before coalesce can work as intended.
There was a problem hiding this comment.
Pull request overview
This PR updates the Tinybird vulnerabilities_list pipe to populate the description field by falling back to details when summary is missing, improving robustness of vulnerability descriptions in list responses.
Changes:
- Update
descriptionselection to coalescesummaryanddetailsin the vulnerabilities list query.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| any (v.packageName) as packageName, | ||
| any (v.severity) as severity, | ||
| any (v.summary) as description, | ||
| coalesce(any (v.summary), any (v.details)) as description, |
There was a problem hiding this comment.
any() is non-deterministic across rows in the group. Using coalesce(any(v.summary), any(v.details)) can pick summary from one row and details from another, or fall back to details even when a non-null summary exists in a different row within the same (vulnerabilityId, packageName) group. To keep the coalescing per-row and then aggregate consistently, apply coalesce before the aggregate (e.g., aggregate any(coalesce(v.summary, v.details)) or an equivalent deterministic aggregate).
| coalesce(any (v.summary), any (v.details)) as description, | |
| any(coalesce(v.summary, v.details)) as description, |
Note
Low Risk
Low risk query change that only affects the
descriptionfield returned by the vulnerabilities list, improving completeness whensummaryis null/empty. Potential impact is limited to downstream consumers expectingdescriptionto be strictly thesummarytext.Overview
Updates the Tinybird
vulnerabilities_listpipe so thedescriptionfield is now populated viacoalesce(any(v.summary), any(v.details)), falling back todetailswhen a summary is unavailable.This changes the data returned for some vulnerability rows (previously
descriptioncould be null even whendetailsexisted) without altering filtering, grouping, or pagination logic.Written by Cursor Bugbot for commit cce226f. This will update automatically on new commits. Configure here.