Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(azure): support of multiple criterion #313

Merged
merged 3 commits into from
Nov 15, 2024
Merged

fix(azure): support of multiple criterion #313

merged 3 commits into from
Nov 15, 2024

Conversation

DmitriyLewen
Copy link
Contributor

@DmitriyLewen DmitriyLewen commented Nov 14, 2024
edited
Loading

Description

We need to save all criterion for definition.
e.g. :

<criteria operator="AND">
  <criterion comment="Package golang is earlier than 1.20.7-1, affected by CVE-2023-29409" test_ref="oval:com.microsoft.azurelinux:tst:52881000"/>
  <criterion comment="Package golang is greater than 0.0.0, affected by CVE-2023-29409" test_ref="oval:com.microsoft.azurelinux:tst:52881003"/>
</criteria>

Test GH actions run - https://github.com/DmitriyLewen/vuln-list-update/actions/runs/11832818656/job/32970285972

Changes

These changes affect only definitions/<year>/*.json files.

Before(https://github.com/aquasecurity/vuln-list/blob/b9a2b63e2a5e1c1db6dd31af38460eb2b666dcd2/azure/3.0/definitions/2023/52881-2.json#L23-L26):

  "Criteria": {
    "Operator": "AND",
    "Criterion": {
      "Comment": "Package golang is greater than 0.0.0, affected by CVE-2023-29409",
      "TestRef": "oval:com.microsoft.azurelinux:tst:52881003"
    }
  }

After(https://github.com/DmitriyLewen/vuln-list/blob/96b886e4e225b3fe02d0bda1f0cebd72d68f4b9a/azure/3.0/definitions/2023/52881-2.json#L23-L31):

  "Criteria": {
    "Operator": "AND",
    "Criterion": [
      {
        "Comment": "Package golang is earlier than 1.20.7-1, affected by CVE-2023-29409",
        "TestRef": "oval:com.microsoft.azurelinux:tst:52881000"
      },
      {
        "Comment": "Package golang is greater than 0.0.0, affected by CVE-2023-29409",
        "TestRef": "oval:com.microsoft.azurelinux:tst:52881003"
      }
    ]
  }

Related Issues:

@DmitriyLewen DmitriyLewen self-assigned this Nov 14, 2024
@DmitriyLewen DmitriyLewen changed the title Fix azure/multiple criterias fix(azure): support of multiple criterion Nov 14, 2024
This was referenced Nov 14, 2024
Merged
Closed
@tonaim tonaim self-requested a review November 15, 2024 08:08
@knqyf263 knqyf263 merged commit 98e256b into aquasecurity:main Nov 15, 2024
2 checks passed
@DmitriyLewen DmitriyLewen deleted the fix-azure/multiple-criterias branch November 15, 2024 13:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tonaim tonaim tonaim approved these changes

Assignees

@DmitriyLewen DmitriyLewen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DmitriyLewen @tonaim @knqyf263