Closed joshbuker closed 1 year ago
I just realized the code I wrote duplicates the package, when it could just append the SEMVER as a second range...
See: https://github.com/cloudsecurityalliance/gsd-database/blob/2dc70098c7265705d44622c81fab8fdf3eb57933/2023/1002xxx/GSD-2023-1002423.json
"affected": [ { "package": { "name": "Kernel", "ecosystem": "Linux" }, "ranges": [ { "type": "GIT", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/", "events": [ { "introduced": "0" }, { "limit": "ebc5e61b60e67cbc14cc54159d567456f7ec5fd8" } ] } ] }, { "package": { "name": "Kernel", "ecosystem": "Linux" }, "ranges": [ { "type": "SEMVER", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/", "events": [ { "introduced": "0" }, { "fixed": "6.2.5" } ] } ] } ]
Should be:
"affected": [ { "package": { "name": "Kernel", "ecosystem": "Linux" }, "ranges": [ { "type": "GIT", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/", "events": [ { "introduced": "0" }, { "limit": "ebc5e61b60e67cbc14cc54159d567456f7ec5fd8" } ] }, { "type": "SEMVER", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/", "events": [ { "introduced": "0" }, { "fixed": "6.2.5" } ] } ] } ]
Offending code: https://github.com/cloudsecurityalliance/gsd-tools/blob/main/gsd-bot/GSD/GSDRepo.py#L269
Should probably look more like:
# Append SEMVER to ranges c["affected"][0]["ranges"].append({ "type": "SEMVER", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/", "events": [{"introduced": issue_data["introduced_version"]}, {"fixed": issue_data["fixed_version"]}] })
Except either check to make sure we're not duplicating, or use [1] = instead of .append() assuming python allows that.
[1] =
.append()
I just realized the code I wrote duplicates the package, when it could just append the SEMVER as a second range...
See: https://github.com/cloudsecurityalliance/gsd-database/blob/2dc70098c7265705d44622c81fab8fdf3eb57933/2023/1002xxx/GSD-2023-1002423.json
Should be:
Offending code: https://github.com/cloudsecurityalliance/gsd-tools/blob/main/gsd-bot/GSD/GSDRepo.py#L269
Should probably look more like:
Except either check to make sure we're not duplicating, or use
[1] =
instead of.append()
assuming python allows that.