feat/vuln list command

[Sypher845]

Note: This is the secoond PR for the isue #723

Description

The PR adds the new harbor vuln list command. A command that displays the list of vulnerabilities along with filtering from the Security Hub.

Command usage

• harbor vuln list (No filters)
  
  The CVE-IDs are hyperlinked to aquasec website (provided by the api)

• harbor vuln list --query "k=v , , , k=[min~max]" : Using query flag based filtering
  

• harbor vuln list (flags based filtering) : Using flags for filtering
  

• harbor vuln list --fixable: Show only fixable vulnerabilities (cli side)
  

• harbor vuln list --exclude : woks oppposite of query flag (cli side)
  

Type of Change

• Bug fix
• New feature
• Refactor
• Documentation update
• Chore / maintenance

[codecov]

Codecov Report

❌ Patch coverage is 0% with 237 lines in your changes missing coverage. Please review.
✅ Project coverage is 7.66%. Comparing base (60ad0bd) to head (013e125).
⚠️ Report is 119 commits behind head on main.

Files with missing lines	Patch %	Lines
pkg/api/vulnerability_handler.go	0.00%	133 Missing ⚠️
cmd/harbor/root/vulnerability/list.go	0.00%	63 Missing ⚠️
pkg/views/vulnerability/list/view.go	0.00%	40 Missing ⚠️
cmd/harbor/root/vulnerability/cmd.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##             main    #748      +/-   ##
=========================================
- Coverage   10.99%   7.66%   -3.33%     
=========================================
  Files         173     272      +99     
  Lines        8671   13406    +4735     
=========================================
+ Hits          953    1027      +74     
- Misses       7612   12266    +4654     
- Partials      106     113       +7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Sypher845]

@NucleoFusion Please take a look

[NucleoFusion]

Instead of --page-size 0 I think a special flag would be better, since its not that user friendly and hard to describe in the help

[Sypher845]

--all flag works?

[NucleoFusion]

Yep

[Sypher845]

@NucleoFusion Ptal :)

[Sypher845]

@NucleoFusion any update on this?

[NucleoFusion]

@NucleoFusion any update on this?

Yeah I will have a look at it.
A little sick currently, mb.

[Sypher845]

No worries, get well soon!

[NucleoFusion]

this look good, but waiting for some clarifications

[NucleoFusion]

@bupd @qcserestipy
Should we have this many flags? would it be better to just have the Q param?
And since I am planning a PR on adding validKeys and usage to the query param about how it works in #731 .

Cause managing the current BuildQuery function takes the flags and just creates the full query, so integrating these two would be a little unintuitive.
And then also another problem is the individual flags are rigid, no support for exact/fuzzy switch, and there are also the Q params rigidity, like the params dont allow/follow 2 exact matching, they only do one. Using the Q would also allow or and and.

[Sypher845]

one thing to note, the SecurityHub API doesn't actually suport the fuzzy match, union and intersection for vuln fields.

[Sypher845]

@NucleoFusion removed the query flag, PTAL

[NucleoFusion]

minor changes, works well