Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implementation of .NET packages.config extractor and fixes #357

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Implementation of .NET packages.config extractor and fixes #357

wants to merge 1 commit into from

Conversation

Octaviusss
Copy link
Contributor

Pull request for the .NET packages.config extractor.
Implemented:

Extractor implementation for package.config;
Unit test implementation for extractor:
Integration of the extractor in the main tool;
Fixes from the .NET PR #355.

vpasdf
vpasdf reviewed Dec 19, 2024
View reviewed changes
extractor/filesystem/language/dotnet/packagesconfig/testdata/valid
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

QQ: Are those files always that small? In case they can get more complex, please add a bit more complex case. If not, this is fine

vpasdf
vpasdf requested changes Dec 19, 2024
View reviewed changes
Copy link
Collaborator

@vpasdf vpasdf left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Usually each result type of plugins has their own metadata struct. This is used in some use cases of Scalibr to distinguish result types

So you either add a metadata proto for .net. Then you need to update proto.go and scanresult proto. This is used in some programs to differentiate different result types. It's also recommended to have all necessary information in metadata for matching.

Or you don't, then that change is not required.

@vpasdf vpasdf mentioned this pull request Dec 19, 2024
Open
@Octaviusss
Copy link
Contributor Author

We chose not to introduce a new metadata structure for the .NET extractor because the existing implementation (see .NET packages lock json) already captures the necessary fields required for accurate extraction and matching. The current extractor effectively handles the .NET without the need for additional fields at this time.
So we think that this change is not required.

@Octaviusss Octaviusss requested a review from vpasdf December 19, 2024 16:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vpasdf vpasdf Awaiting requested review from vpasdf

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Octaviusss @vpasdf