Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cli: fix breaking change on vulnerability hashes #678

Merged
merged 1 commit into from
Oct 18, 2021

Conversation

matheusalcantarazup
Copy link
Contributor

@matheusalcantarazup matheusalcantarazup commented Oct 14, 2021

- What I did
On pr #636 we add the rule id on description of vulnerability, but the
Details of vulnerability is used to generate the vulnerability hash, so
adding the rule id on details generate a different hash which cause a
breaking change. So this commit remove the rule id prefix from Details
field of Vulnerability and also add a workaround to users that is
already using the new hash as a false positive and risk accept.
To support the two ways of hashing the vulnerability a new field was
added on Vulnerability struct that represents the breaking way, so we
generate the two hashes of vulnerability and when we set the
vulnerability to false positive/risk accept according to config file we
use the two hashes to match.

Fixes #680

Signed-off-by: Matheus Alcantara matheus.alcantara@zup.com.br

- How to verify it

- Description for the changelog

@matheusalcantarazup matheusalcantarazup marked this pull request as draft October 14, 2021 20:52
@matheusalcantarazup matheusalcantarazup force-pushed the fix-breaking-change branch 3 times, most recently from 0e044e0 to 092e490 Compare October 15, 2021 18:49
@matheusalcantarazup
Copy link
Contributor Author

The pr 113 from devkit is required to build this pr

@matheusalcantarazup matheusalcantarazup marked this pull request as ready for review October 15, 2021 18:55
@wiliansilvazup wiliansilvazup changed the base branch from main to release/v2.6 October 15, 2021 18:58
@wiliansilvazup wiliansilvazup changed the base branch from release/v2.6 to main October 15, 2021 18:58
On pr #636 we add the rule id on description of vulnerability, but the
Details of vulnerability is used to generate the vulnerability hash, so
adding the rule id on details generate a different hash which cause a
breaking change. So this commit remove the rule id prefix from Details
field of Vulnerability and also add a workaround to users that is
already using the new hash as a false positive and risk accept.
To support the two ways of hashing the vulnerability a new field was
added on Vulnerability struct that represents the breaking way, so we
generate the two hashes of vulnerability and when we set the
vulnerability to false positive/risk accept according to config file we
use the two hashes to match.

Fixes #680

Signed-off-by: Matheus Alcantara <matheus.alcantara@zup.com.br>
@matheusalcantarazup matheusalcantarazup merged commit 778869a into main Oct 18, 2021
@matheusalcantarazup matheusalcantarazup deleted the fix-breaking-change branch October 18, 2021 11:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

cli: version 2.6 generating different vulnerability hashes from 2.5
3 participants