Skip to content

Singles: Working level step toward unaffected_versions field automation in support of #649 #670

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 8 commits into from
Closed

Singles: Working level step toward unaffected_versions field automation in support of #649 #670

wants to merge 8 commits into from

Conversation

jasnow
Copy link
Contributor

@jasnow jasnow commented Jul 2, 2023
edited
Loading

Singles: Working level step toward unaffected_versions: field automation in support of #649.

  • Mostly used code from patched_versions automation.
  • Now output: based on vulnerableVersionRange input.
  • Now connected with the patched_versions values.
  • See TODO:'s for remaining known work.

"Singles" means a [single line, single range] for GHSA vulnerableVersionRange input.
See #949 for draft roadmap.

@jasnow jasnow changed the title Tiny step toward unaffected_versions field automation in support of #649 [WIP] Working level step toward unaffected_versions field automation in support of #649 Jul 2, 2023
@jasnow jasnow changed the title [WIP] Working level step toward unaffected_versions field automation in support of #649 Singles: Working level step toward unaffected_versions field automation in support of #649 Jul 3, 2023
@jasnow
Copy link
Contributor Author

jasnow commented Jul 4, 2023

Ready for merge. Check out Roadmap in #649 for more details.

postmodern
postmodern requested changes Jul 4, 2023
View reviewed changes
Copy link
Member

@postmodern postmodern left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After looking over the algorithm, four things I'd like to do:

  1. Generate the correct unaffected_versions, instead of generating pseudo-data which is then meant to be edited.
  2. Simplify the logic. I think all we have to do is check if the first vulnerableVersionRange starts with <= vs. >/>=. If the first vulnerableVersionRange starts with > or >=, that means all versions below that version range are not vulnerable, thus unaffected. You could then derive the unaffected version range from the first vulnerableVersionRange by "inverting" the version range operator (ex: > X.Y.Z -> <= X.Y.Z, >= X.Y.Z -> < X.Y.Z).
  3. Avoid using abbreviated method/variable names for readability. fpv or vers can be confusing to someone who's reading the code for the first time and hasn't yet learned the terminology.
  4. Remove debugging puts statements and commented out code.

@jasnow
Copy link
Contributor Author

jasnow commented Jul 5, 2023

After looking over the algorithm, four things I'd like to do:

  1. Generate the correct unaffected_versions, instead of generating pseudo-data which is then meant to be edited.
  2. Simplify the logic. I think all we have to do is check if the first vulnerableVersionRange starts with <= vs. >/>=. If the first vulnerableVersionRange starts with > or >=, that means all versions below that version range are not vulnerable, thus unaffected. You could then derive the unaffected version range from the first vulnerableVersionRange by "inverting" the version range operator (ex: > X.Y.Z -> <= X.Y.Z, >= X.Y.Z -> < X.Y.Z).
  3. Avoid using abbreviated method/variable names for readability. fpv or vers can be confusing to someone who's reading the code for the first time and hasn't yet learned the terminology.
  4. Remove debugging puts statements and commented out code.

Your way of solving this problem will be better.

@jasnow jasnow closed this Jul 5, 2023
@jasnow jasnow deleted the unaffected_versions-tiny-step-07-02 branch July 5, 2023 11:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@postmodern postmodern postmodern requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jasnow @postmodern