Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Associate findings with changes or with new unfixed array #25

Merged
merged 3 commits into from
Apr 9, 2024
Merged

Associate findings with changes or with new unfixed array #25

merged 3 commits into from
Apr 9, 2024
+39 −22

Conversation

drdavella
Copy link
Member

@drdavella drdavella commented Apr 3, 2024
edited
Loading

For diagnostic and storytelling purposes, it is desirable for downstream consumers to know which findings are associated with which changes, and which findings were not fixed, where they were attempted, and for what reason.

This update includes the following modifications:

  • detectionTool no longer contains finding metadata. It is purely for metadata about the tool itself. Eventually we might add other fields like version, date, etc.
  • change now has a fixedFinding property
  • We added a new array to result that represents unfixed findings, which include a reason for being unfixed

@drdavella drdavella marked this pull request as ready for review April 4, 2024 01:26
@drdavella drdavella requested a review from nahsra April 4, 2024 01:26
@drdavella drdavella changed the title Make reason we failed to fix more informative Associate findings with changes or with new unfixed array Apr 5, 2024
drdavella
drdavella commented Apr 5, 2024
View reviewed changes
codetf.schema.json
@@ -177,6 +182,10 @@
"type": "array",
"description": "The package actions that were needed to support changes to the file",
"items": { "$ref": "#/definitions/packageAction" }
},
"finding": {
"$ref": "#/definitions/detector/fixedFinding",
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Still not sure whether this needs to be an array.

nahsra
nahsra approved these changes Apr 8, 2024
View reviewed changes
Copy link
Contributor

@nahsra nahsra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider approving new implementation here!

pixee/codetf-java-bindings#18

@nahsra nahsra mentioned this pull request Apr 8, 2024
Merged
nahsra added a commit to pixee/codemodder-java that referenced this pull request Apr 8, 2024
@nahsra
Report new remediation data in CodeTF (#335)
d827745 
This change populates CodeTF with new remediation metadata specified
[here](pixee/codemodder-specs#25 (review)).
@drdavella drdavella merged commit d54e1e9 into main Apr 9, 2024
2 checks passed
@drdavella drdavella deleted the update-failure-reason branch April 9, 2024 13:32
@drdavella drdavella mentioned this pull request Apr 19, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nahsra nahsra nahsra approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@drdavella @nahsra