fix: remove max range limit in VulnerabilitiesPerSeverityResolver

Duo Developerrequested to merge
workloads/54ce194b7cb into master

Relates to issue #581178 (closed)

Changes

  • Removed 365-day maximum range limit from VulnerabilitiesPerSeverityResolver
  • Made date parameters truly optional - no default values assigned when dates are not provided
  • Updated resolver logic to only validate date range when both dates are provided
  • Enhanced Elasticsearch filter (VulnerabilityFilters) to handle nil date parameters:
    • Returns all vulnerabilities when no dates provided
    • Supports filtering with only start_date or only end_date
    • Validates date order only when both dates are present
  • Added comprehensive test coverage:
    • Unit tests for querying without dates, with only start_date, and with only end_date
    • Integration tests for vulnerabilitiesPerSeverity without date range arguments

Impact

Users can now query vulnerability data for any time range without being restricted to 365 days, ensuring accurate vulnerability counts in the Security Dashboard across all time ranges.

Edited by Schmil Monderer

Merge request reports