Skip to content

Attempt to generate patched_versions from GHSA firstPatchedVersion. #641

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jun 24, 2023
Merged

Attempt to generate patched_versions from GHSA firstPatchedVersion. #641

merged 3 commits into from
Jun 24, 2023

Conversation

postmodern
Copy link
Member

Attempt to automatically generate the patched_versions from the GHSA vulnerabilities/firstPatchedVersion/identiifer information.

@postmodern postmodern self-assigned this Jun 20, 2023
@postmodern
Copy link
Member Author

@jasnow since I don't have the GitHub sync OAuth token setup locally, could you test this branch and see if it can correctly generate patched_versions for new GHSA advisories?

@jasnow
Copy link
Contributor

jasnow commented Jun 20, 2023

  • Added comma at end of line 379: "patched_versions" => patched_versions_for(package).
  • Working on this:
NoMethodError: undefined method `[]' for nil:NilClass

         first_patched_versions << v['firstPatchedVersion']['identifier']

@postmodern
Copy link
Member Author

@jasnow interesting, looks like not all vulnerabilities have firstPatchedVersion key, which makes sense since some vulnerabilities will be unpatched.

@jasnow
Copy link
Contributor

jasnow commented Jun 21, 2023

Noticed that you use double quotes were used inside "[]"s elsewhere in the script.

@jasnow
Copy link
Contributor

jasnow commented Jun 21, 2023
edited
Loading

I will start testing this PR today. Here are some of my test cases: https://gist.github.com/jasnow/7c99f4d9e8b838293ba407af373141af

Probably need a supported grammar for "unaffected_versions:" and "patched_versions:" and
what the expected outputs are for more complex test cases in my gist.

@jasnow
Copy link
Contributor

jasnow commented Jun 21, 2023
edited
Loading

Results of 1st gist testcase (after post-processing): https://gist.github.com/jasnow/000dd1ee3c8eedd6b78bb7b7dab51cdb

  • Related: Lost unaffected_versions value

Extra

I will stop at the 1st gist testcase for now.

@postmodern postmodern force-pushed the generate_patched_versions branch from baf6af0 to 88412f1 Compare June 22, 2023 18:07
@jasnow jasnow mentioned this pull request Jun 24, 2023
Closed
@postmodern postmodern marked this pull request as ready for review June 24, 2023 20:56
@postmodern postmodern merged commit 27364c2 into master Jun 24, 2023
@postmodern postmodern deleted the generate_patched_versions branch July 6, 2023 04:11
@jasnow jasnow mentioned this pull request Jul 10, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@postmodern postmodern

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@postmodern @jasnow