Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

osv: account for event objects that have multiple streams #1428

Merged
merged 1 commit into from
Nov 12, 2024
Merged

osv: account for event objects that have multiple streams #1428

merged 1 commit into from
Nov 12, 2024
+590 −64

Conversation

crozzy
Copy link
Contributor

@crozzy crozzy commented Oct 18, 2024

It was discovered that some OSV documents can order minor releases in the same affected.ranges object. This meant that only ever counted the last range in a vulnerability. This change gathers range information for the affected product and creates a vulnerability per range.

@crozzy crozzy force-pushed the osv-account-for-multi-events branch 2 times, most recently from d9b0770 to 6fea4d4 Compare October 18, 2024 21:58
@crozzy
Copy link
Contributor Author

crozzy commented Oct 18, 2024

Example ranges from an OSV document.

      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.21.12"
            },
            {
              "introduced": "1.22.0-0"
            },
            {
              "fixed": "1.22.5"
            }
          ]
        }
      ],

@crozzy crozzy marked this pull request as ready for review October 18, 2024 22:04
@crozzy crozzy requested a review from a team as a code owner October 18, 2024 22:04
@crozzy crozzy requested review from RTann and removed request for a team October 18, 2024 22:04
RTann
RTann reviewed Oct 18, 2024
View reviewed changes
@crozzy crozzy force-pushed the osv-account-for-multi-events branch 4 times, most recently from 68cb737 to 364c0ec Compare October 28, 2024 21:11
RTann
RTann reviewed Nov 4, 2024
View reviewed changes
@crozzy crozzy force-pushed the osv-account-for-multi-events branch from 364c0ec to 87af22a Compare November 5, 2024 17:58
@crozzy crozzy requested a review from RTann November 5, 2024 17:59
@crozzy crozzy force-pushed the osv-account-for-multi-events branch from 87af22a to b2da9bb Compare November 5, 2024 18:13
RTann
RTann reviewed Nov 12, 2024
View reviewed changes
@crozzy crozzy force-pushed the osv-account-for-multi-events branch 3 times, most recently from cd14b37 to d71dfca Compare November 12, 2024 17:59
@crozzy crozzy requested a review from RTann November 12, 2024 17:59
@crozzy
osv: account for event objects that have multiple streams
e7094c2 
It was discovered that some OSV documents can order minor releases in
the same affected.ranges object. This meant that only ever counted the
last range in a vulnerability. This change gathers range information for
the affected product and creates a vulnerability per range.

Signed-off-by: crozzy <joseph.crosland@gmail.com>
@crozzy crozzy force-pushed the osv-account-for-multi-events branch from d71dfca to e7094c2 Compare November 12, 2024 22:49
@crozzy crozzy requested a review from RTann November 12, 2024 23:02
@crozzy
Copy link
Contributor Author

crozzy commented Nov 12, 2024

/fast-forward

@github-actions github-actions bot merged commit e7094c2 into quay:main Nov 12, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RTann RTann RTann approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@crozzy @RTann