Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update diff output to delineate between changed and unchanged files #726

Merged
merged 14 commits into from
Dec 30, 2024

Conversation

egibs
Copy link
Member

@egibs egibs commented Dec 18, 2024

Closes: #689

This PR adds better context when rendering diffs across the bubbletea, markdown, simple, and terminal renderers.

For example:

$ go run cmd/mal/mal.go diff out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.40/ out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/
├─ 🟡 Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/nn/autobackend.py
│     ≡ collection [MEDIUM]
│       🟡 archives/zip — Works with zip files: zipfile
│     ≡ command & control [MEDIUM]
│       🟡 tool_transfer/os — references multiple operating systems: Darwin, Linux, Windows, https://
│     ≡ data [LOW]
│       🔵 encoding/json_decode — Decodes JSON messages: json.loads
│     ≡ discovery [MEDIUM]
│       🟡 system/platform — system platform identification: platform.system()
│     ≡ execution [MEDIUM]
│       🔵 imports/python — imports python modules:
│          from PIL import Image, from collections import OrderedDict, from pathlib import Path, from ultralytics.engine.exporter im…
│       🟡 remote_commands/code_eval — evaluate code dynamically using eval(): eval(v)
│     ≡ filesystem [MEDIUM]
│       🔵 file/open — opens files: open(
│       🟡 file/read — opens a binary file for read: open(w, "rb")
│     ≡ networking [MEDIUM]
│       🟡 download — download files: Download if not local, downloads import attempt, import attempt_download_asset, nvidia-tensorrt-download
│       🔵 url/embedded — contains embedded HTTPS URLs:
│          https://coral.ai/docs/edgetpu/tflite-python/, https://coral.ai/software/, https://developer.nvidia.com/nvidia-tensorrt-do…
│       🔵 url/parse — Handles URL strings: urllib
│     ≡ operating-system [LOW]
│       🔵 fd/read — reads from a file handle: ParseFromString(f.read(), deserialize_cuda_engine(f.read(), x.read()
│
├─ 🔵 Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/solutions/heatmap.py
│     ≡ execution [LOW]
│       🔵 imports/python — imports python modules:
│          from ultralytics.solutions import Heatmap, from ultralytics.utils.plotting import Annotator, import cv2, import numpy
│
├─ 🟡 Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/engine/predictor.py
│     ≡ command & control [MEDIUM]
│       🟡 tool_transfer/os — references multiple operating systems: Linux, https://, macOS
│     ≡ discovery [MEDIUM]
│       🟡 system/platform — system platform identification: platform.system()
│     ≡ execution [LOW]
│       🔵 imports/python — imports python modules:
│          from pathlib import Path, from ultralytics.cfg import get, from ultralytics.data import load, from ultralytics.data.augme…
│     ≡ filesystem [LOW]
│       🔵 directory/create — creates directories: mkdir
│     ≡ networking [LOW]
│       🔵 url/embedded — contains embedded HTTPS URLs: https://docs.ultralytics.com/modes/predict/, https://youtu.be/LNwODJXcvt4
│     ≡ operating-system [LOW]
│       🔵 fd/multiplex — monitor multiple file descriptors: select
│
├─ 🟡 Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/utils/checks.py
│     ≡ anti-static [LOW]
│       🔵 obfuscation/bitwise — uses bitwise math: 1 << 30
│     ≡ command & control [MEDIUM]
│       🟡 addr/url — contains hardcoded endpoint with a question mark: https://url.com/file.txt?auth, import, requests.get
│       🟡 refs — downloads files: download file
│       🔵 tool_transfer/os — references a specific operating system: Windows, http://, https://
│     ≡ discovery [MEDIUM]
│       🟡 system/platform — system platform identification: platform.platform()
│       🔵 user/USER — Looks up the USER name of the current user: environ, getenv
│     ≡ execution [MEDIUM]
│       🔵 imports/python — imports python modules:
│          from IPython import display, from importlib import metadata, from matplotlib import font, from pathlib import Path, from …
│       🟡 install_additional/pip_install — Installs software using pip from python:
│          pip install --no-cache-dir, pip install -U, pip install command, pip install torchvision
│       🟡 program — execute external program:
│          subprocess.CalledProcessError, FileNotFoundError, ValueError):, subprocess.check_output(f"git -C {path} describe --tags -…
│       🟡 remote_commands/code_eval — evaluate code dynamically using eval(): eval(imgsz)
│     ≡ networking [MEDIUM]
│       🟡 download — download files:
│          download YAML file, download_dir, elif download and file, font locally or download to user, if downloads, safe_download, …
│       🔵 tcp/grpc — Uses the gRPC Remote Procedure Call framework
│       🔵 url/embedded — contains embedded HTTPS URLs:
│          https://git-scm.com/docs/git-describe., https://github.com/pytorch/vision, https://github.com/ultralytics/assets/releases…
│       🔵 url/parse — Handles URL strings: urllib
│       🟡 url/request — requests resources via URL: import requests, requests.get(f
│
├─ 🟡 Changed (3 added, 0 removed): out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/engine/model.py
│     ≡ execution [LOW]
│       🔵 imports/python — imports python modules
│+    ▲ networking [NONE → MEDIUM]
│+      🟡 download — download files: download_dir
│+      🔵 url/embedded — contains embedded HTTPS URLs:
│+         https://docs.ultralytics.com, https://hub.ultralytics.com/models/MODEL, https://ultralytics.com/images/bus.jpg, https://u…
│+      🔵 url/parse — Handles URL strings: urllib
│
├─ 😈 Changed (5 added, 0 removed): out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/utils/downloads.py
│     ≡ anti-static [LOW]
│       🔵 obfuscation/bitwise — uses bitwise math
│     ≡ collection [MEDIUM]
│       🟡 archives/zip — Works with zip files
│       🔵 code/github_api — access GitHub API
│     ▲ command & control [MEDIUM → HIGH]
│       🟡 addr/url — contains hardcoded endpoint with a question mark
│       🟡 tool_transfer/download — accesses hardcoded archive file endpoint
│+      🛑 tool_transfer/github — downloads program from GitHub blob:
│+         api.github.com/repos/ultralytics/ultralytics/git/blobs/{url}, chmod, curl, headers.get, requests.get, session.get
│       🔵 tool_transfer/os — references a specific operating system
│+      🛑 tool_transfer/python — fetch, stores, chmods, and execute programs: 770
│+    ▲ evasion [NONE → HIGH]
│+      🛑 self_deletion/run_and_delete — fetch, run in background, delete: os.remove(, os.setsid, subprocess.Popen(, subprocess.run(
│     ≡ execution [MEDIUM]
│       🔵 imports/python — imports python modules
│       🟡 program — execute external program
│       🟡 shell/command — execute a shell command
│     ≡ exfiltration [MEDIUM]
│       🟡 stealer/browser — may access cookies
│       🟡 upload — References known file hosting site
│     ▲ filesystem [LOW → HIGH]
│       🔵 directory/create — creates directories
│       🔵 file/delete — deletes files
│       🔵 file/exists — check if a file exists
│       🔵 file/open — opens files
│+      🛑 permission/modify — Makes path group writeable and executable: chmod(path, 0o770)
│     ▲ networking [MEDIUM → HIGH]
│       🟡 download/fetch — Invokes curl
│+      🛑 ip/host_port — hardcoded hostname:port destination with high port: connect.consrensys.com:8080
│       🔵 url/embedded — contains embedded HTTPS URLs
│       🔵 url/parse — Handles URL strings
│       🟡 url/request — requests resources via URL
│     ≡ operating-system [LOW]
│       🔵 fd/write — writes to a file handle
│     ≡ process [MEDIUM]
│       🔵 chdir — changes working directory
│       🟡 multi — uses python multiprocessing
│
├─ 🔵 Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/trackers/utils/matching.py
│     ≡ execution [LOW]
│       🔵 imports/python — imports python modules:
│          from scipy.spatial.distance import cdist, from ultralytics.utils.checks import check, from ultralytics.utils.metrics impo…
│     ≡ networking [LOW]
│       🔵 url/embedded — contains embedded HTTPS URLs:
│          https://docs.scipy.org/doc/scipy/reference/generated/scipy.optimize.linea, https://github.com/gatagat/lap, https://github…
│
├─ 🟡 Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/__init__.py
│     ≡ execution [LOW]
│       🔵 imports/python — imports python modules:
│          from ultralytics.models import NAS, from ultralytics.utils import ASSETS, from ultralytics.utils.checks import check, fro…
│     ≡ networking [MEDIUM]
│       🟡 download — download files: import download
│
├─ 🔵 Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/utils/ops.py
│     ≡ execution [LOW]
│       🔵 imports/python — imports python modules:
│          from .metrics import box, from ultralytics.data.converter import merge, from ultralytics.utils import LOGGER, from ultral…
│     ≡ filesystem [LOW]
│       🔵 file/delete_forcibly — Forcibly deletes files: rm non-maximum suppression
│
├─ 🔵 Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/solutions/queue_management.py
│     ≡ execution [LOW]
│       🔵 imports/python — imports python modules:
│          from ultralytics.solutions.solutions import BaseSolution, from ultralytics.utils.plotting import Annotator
│
├─ 🔵 Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/utils/triton.py
│     ≡ execution [LOW]
│       🔵 imports/python — imports python modules: from typing import List, from urllib.parse import urlsplit, import numpy, import tritonclient
│     ≡ networking [LOW]
│       🔵 tcp/grpc — Uses the gRPC Remote Procedure Call framework
│       🔵 url/parse — Handles URL strings: urllib
│

Markdown example (excerpt):

## Changed (5 added, 0 removed): out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/models/yolo/model.py

### 5 new behaviors

| RISK | KEY | DESCRIPTION | EVIDENCE |
|--|--|--|--|
| +HIGH | **[exec/program/tmpdir](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/program/tmpdir.yara#exec_program_tmpdir)** | runs program from hardcoded temporary path | [safe_run("/tmp/ultralytics_runner")](https://github.com/search?q=safe_run%28%22%2Ftmp%2Fultralytics_runner%22%29&type=code) |
| +MEDIUM | **[c2/tool_transfer/python](https://github.com/chainguard-dev/malcontent/blob/main/rules/c2/tool_transfer/python.yara#py_arch_dropper)** | fetches and executes program based on OS & architecture | [Linux](https://github.com/search?q=Linux&type=code)<br>[arm64](https://github.com/search?q=arm64&type=code)<br>[download](https://github.com/search?q=download&type=code)<br>[platform.machine()](https://github.com/search?q=platform.machine%28%29&type=code)<br>[platform.system()](https://github.com/search?q=platform.system%28%29&type=code)<br>[run](https://github.com/search?q=run&type=code)<br>[x86](https://github.com/search?q=x86&type=code) |
| +MEDIUM | **[discover/system/platform](https://github.com/chainguard-dev/malcontent/blob/main/rules/discover/system/platform.yara#python_platform)** | [system platform identification](https://docs.python.org/3/library/platform.html) | [platform.system()](https://github.com/search?q=platform.system%28%29&type=code) |
| +MEDIUM | **[fs/path/tmp](https://github.com/chainguard-dev/malcontent/blob/main/rules/fs/path/tmp.yara#tmp_path)** | path reference within /tmp | [/tmp/ultralytics_runner](https://github.com/search?q=%2Ftmp%2Fultralytics_runner&type=code) |
| +MEDIUM | **[net/download](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/download/download.yara#download)** | download files | [import safe_download](https://github.com/search?q=import+safe_download&type=code) |

### 1 consistent behavior

| RISK | KEY | DESCRIPTION | EVIDENCE |
|--|--|--|--|
| LOW | [exec/imports/python](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/imports/python.yara#has_import) | imports python modules | [from pathlib import Path](https://github.com/search?q=from+pathlib+import+Path&type=code)<br>[from ultralytics.engine.model import Model](https://github.com/search?q=from+ultralytics.engine.model+import+Model&type=code)<br>[from ultralytics.models import yolo](https://github.com/search?q=from+ultralytics.models+import+yolo&type=code)<br>[from ultralytics.nn.tasks import ClassificationModel](https://github.com/search?q=from+ultralytics.nn.tasks+import+ClassificationModel&type=code)<br>[from ultralytics.utils import ROOT](https://github.com/search?q=from+ultralytics.utils+import+ROOT&type=code)<br>[from ultralytics.utils.downloads import safe](https://github.com/search?q=from+ultralytics.utils.downloads+import+safe&type=code)<br>[import platform](https://github.com/search?q=import+platform&type=code) |

## Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/utils/triton.py

### 3 consistent behaviors

| RISK | KEY | DESCRIPTION | EVIDENCE |
|--|--|--|--|
| LOW | [exec/imports/python](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/imports/python.yara#has_import) | imports python modules | [from typing import List](https://github.com/search?q=from+typing+import+List&type=code)<br>[from urllib.parse import urlsplit](https://github.com/search?q=from+urllib.parse+import+urlsplit&type=code)<br>[import numpy](https://github.com/search?q=import+numpy&type=code)<br>[import tritonclient](https://github.com/search?q=import+tritonclient&type=code) |
| LOW | [net/tcp/grpc](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/tcp/grpc.yara#grpc) | Uses the gRPC Remote Procedure Call framework | [gRPC](https://github.com/search?q=gRPC&type=code) |
| LOW | [net/url/parse](https://github.com/chainguard-dev/malcontent/blob/main/rules/net/url/parse.yara#url_handle) | Handles URL strings | [urllib](https://github.com/search?q=urllib&type=code) |

Simple example:

$ go run cmd/mal/mal.go --format simple diff out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.40/ out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/
*** Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/utils/checks.py
anti-static/obfuscation/bitwise
c2/addr/url
c2/refs
c2/tool_transfer/os
discover/system/platform
discover/user/USER
exec/imports/python
exec/install_additional/pip_install
exec/program
exec/remote_commands/code_eval
net/download
net/tcp/grpc
net/url/embedded
net/url/parse
net/url/request
*** Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/nn/autobackend.py
c2/tool_transfer/os
collect/archives/zip
data/encoding/json_decode
discover/system/platform
exec/imports/python
exec/remote_commands/code_eval
fs/file/open
fs/file/read
net/download
net/url/embedded
net/url/parse
os/fd/read
*** Changed (5 added, 0 removed): out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/utils/downloads.py
anti-static/obfuscation/bitwise
c2/addr/url
c2/tool_transfer/download
+c2/tool_transfer/github
c2/tool_transfer/os
+c2/tool_transfer/python
collect/archives/zip
collect/code/github_api
+evasion/self_deletion/run_and_delete
exec/imports/python
exec/program
exec/shell/command
exfil/stealer/browser
exfil/upload
fs/directory/create
fs/file/delete
fs/file/exists
fs/file/open
+fs/permission/modify
net/download/fetch
+net/ip/host_port
net/url/embedded
net/url/parse
net/url/request
os/fd/write
process/chdir
process/multi
*** Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/trackers/utils/matching.py
exec/imports/python
net/url/embedded
*** Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/utils/triton.py
exec/imports/python
net/tcp/grpc
net/url/parse
*** Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/solutions/queue_management.py
exec/imports/python
*** Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/__init__.py
exec/imports/python
net/download
*** Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/engine/predictor.py
c2/tool_transfer/os
discover/system/platform
exec/imports/python
fs/directory/create
net/url/embedded
os/fd/multiplex
*** Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/solutions/heatmap.py
exec/imports/python
*** Changed (4 added, 2 removed): out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/models/yolo/model.py
+c2/tool_transfer/python
+discover/system/platform
exec/imports/python
+exec/program/tmpdir
+fs/path/tmp
net/download
-net/url/embedded
-net/url/parse
*** Unchanged: out/chainguard-dev/malcontent-samples/python/2024.ultralytics/v8.3.41/utils/ops.py
exec/imports/python
fs/file/delete_forcibly

Interactive example:
CleanShot 2024-12-18 at 10 24 42@2x

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
@egibs egibs requested a review from tstromberg December 18, 2024 16:25
Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
@egibs egibs force-pushed the fix-diff-changed-behavior branch from 23d5151 to ffda68c Compare December 18, 2024 16:57
@tstromberg
Copy link
Collaborator

I think the default diff output should act more like the diff(1) tool, or code review tools that people are used to.

  • Unchanged files should not show up in the output by default
  • Unchanged objectives should not show up in the output by default (the top-level of the rule ID hierarchy)

I'm a little on the fence about Unchanged behaviors, but sometimes the context is helpful within an objective; similarly to how diff(1) or GitHub code reviews show context. Both have allowances for more context if necessary, but it isn't the default.

I would aim for terser output by default, and finding ways to make the output easier to understand without adding bulk. If there are only 2 lines of difference between versions of a file, I feel like we should be able to keep the output to 5 lines or less. Anything more than that adds cognitive overhead.

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
@egibs
Copy link
Member Author

egibs commented Dec 19, 2024

I think the default diff output should act more like the diff(1) tool, or code review tools that people are used to.

* Unchanged files should not show up in the output by default

* Unchanged objectives should not show up in the output by default (the top-level of the rule ID hierarchy)

I'm a little on the fence about Unchanged behaviors, but sometimes the context is helpful within an objective; similarly to how diff(1) or GitHub code reviews show context. Both have allowances for more context if necessary, but it isn't the default.

I would aim for terser output by default, and finding ways to make the output easier to understand without adding bulk. If there are only 2 lines of difference between versions of a file, I feel like we should be able to keep the output to 5 lines or less. Anything more than that adds cognitive overhead.

Tightened up the output in ddee6e6 (#726).

We'll now only report:

  • files that have changed behaviors
  • the behaviors that changed within the files

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
@stevebeattie
Copy link
Member

Generally, this looks good to me.

In testing I do see one weird behavior in the terminal mode, the up/down triangles associated with risk changes don't seem quite consistent, e.g.:

+    ▲ evasion [NONE → MEDIUM]
+      🟡 file/prefix — possible hidden file path: /usr/lib/debug/.dwz
     ≡ execution [LOW]
     ▼ filesystem [LOW → MEDIUM]
+      🟡 path/relative — references and possibly executes relative path: ./epan

I think what's happening is that strings are being compared, rather than the numeric values, and possibly the comparisons have inverted logic; I would have expected the output to look like:

+    ▲ evasion [NONE → MEDIUM]
+      🟡 file/prefix — possible hidden file path: /usr/lib/debug/.dwz
     ≡ execution [LOW] 
     ▲ filesystem [LOW → MEDIUM] 
+      🟡 path/relative — references and possibly executes relative path: ./epan

The following patch applied on top of the branch gives me the second result:

diff --git a/pkg/render/terminal.go b/pkg/render/terminal.go
index d7c510db..8cdf1a25 100644
--- a/pkg/render/terminal.go
+++ b/pkg/render/terminal.go
@@ -291,10 +291,10 @@ func renderFileSummary(_ context.Context, fr *malcontent.FileReport, w io.Writer
 				diff = color.HiGreenString("+")
 			}
 
-			if riskLevel < previousRiskLevel {
+			if riskScore > previousNsRiskScore[ns]{
 				nsIcon = color.HiYellowString("▲")
 			}
-			if riskLevel > previousRiskLevel {
+			if riskScore < previousNsRiskScore[ns]{
 				nsIcon = color.HiGreenString("▼")
 			}
 			if riskLevel == "NONE" {

but I'm not sure I understand the symbols correctly.

@egibs
Copy link
Member Author

egibs commented Dec 30, 2024

Generally, this looks good to me.

In testing I do see one weird behavior in the terminal mode, the up/down triangles associated with risk changes don't seem quite consistent, e.g.:

+    ▲ evasion [NONE → MEDIUM]
+      🟡 file/prefix — possible hidden file path: /usr/lib/debug/.dwz
     ≡ execution [LOW]
     ▼ filesystem [LOW → MEDIUM]
+      🟡 path/relative — references and possibly executes relative path: ./epan

I think what's happening is that strings are being compared, rather than the numeric values, and possibly the comparisons have inverted logic; I would have expected the output to look like:

+    ▲ evasion [NONE → MEDIUM]
+      🟡 file/prefix — possible hidden file path: /usr/lib/debug/.dwz
     ≡ execution [LOW] 
     ▲ filesystem [LOW → MEDIUM] 
+      🟡 path/relative — references and possibly executes relative path: ./epan

The following patch applied on top of the branch gives me the second result:

diff --git a/pkg/render/terminal.go b/pkg/render/terminal.go
index d7c510db..8cdf1a25 100644
--- a/pkg/render/terminal.go
+++ b/pkg/render/terminal.go
@@ -291,10 +291,10 @@ func renderFileSummary(_ context.Context, fr *malcontent.FileReport, w io.Writer
 				diff = color.HiGreenString("+")
 			}
 
-			if riskLevel < previousRiskLevel {
+			if riskScore > previousNsRiskScore[ns]{
 				nsIcon = color.HiYellowString("▲")
 			}
-			if riskLevel > previousRiskLevel {
+			if riskScore < previousNsRiskScore[ns]{
 				nsIcon = color.HiGreenString("▼")
 			}
 			if riskLevel == "NONE" {

but I'm not sure I understand the symbols correctly.

Yep, it looks like this is backward. Good catch!

Signed-off-by: Evan Gibler <20933572+egibs@users.noreply.github.com>
Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
@egibs egibs requested a review from stevebeattie December 30, 2024 17:17
This meant NONE -> MEDIUM would get a different indicator then
LOW -> MEDIUM.

Signed-off-by: Steve Beattie <steve.beattie@chainguard.dev>
@stevebeattie
Copy link
Member

Yep, it looks like this is backward. Good catch!

Thanks, the backward indicators commit addresses part of the issue, but the other part I think is happening is that comparisons are made from the strings values in the riskLevel table, not the numeric scores, so the comparison result is unexpected in some situations.

I created egibs#6 with what I think the fix for this is, and hopefully a clearer explanation.

Thanks!

…ings

terminal.go: when diffiing, compared based on scores, not string values
Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
Copy link
Member

@stevebeattie stevebeattie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for fixing up my formatting mistake, will use make lint going forward.

Everything LGTM, thanks!

@egibs egibs merged commit ca78f0f into chainguard-dev:main Dec 30, 2024
8 checks passed
@egibs egibs deleted the fix-diff-changed-behavior branch January 17, 2025 23:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

diff shows unchanged files as "changed"
3 participants