Closed kevin-paladin closed 1 week ago
The recent changes enhance the AssetTypeGroupedVulnerabilitiesRule
by refining the handling of CVE ID and URL extraction within the getVMVulnerabilityDetails
method to manage null or empty values better. Corresponding test cases in AssetTypeGroupedVulnerabilitiesRuleTest
were updated to ensure coverage of these scenarios, including new test data with an empty CVE ID.
File Path | Change Summary |
---|---|
jobs/pacman-awsrules/src/main/java/com/tmobile/cloud/awsrules/ec2/AssetTypeGroupedVulnerabilitiesRule.java |
Added import for com.google.common.base.Strings and updated getVMVulnerabilityDetails to handle null or empty CVE IDs and URLs. |
jobs/pacman-awsrules/src/test/java/com/tmobile/cloud/awsrules/ec2/AssetTypeGroupedVulnerabilitiesRuleTest.java |
Modified test data to include a new vulnerability with an empty CVE ID, updated titles, and URLs to match the new test scenarios. |
In the code, a change we see,
Handling nulls with glee,
CVEs now clear and bright,
Empty strings no longer a plight.
Tests updated, strong and sure,
Our code is now secure.
Hopping forward, bugs we fight,
In the realm of code, we bring the light.
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
Description
When the CVE id is missing, use cveUrl instead of trying to form the URL to the CVE database.
This allows the UI to display a URL - currently, no URL text is present, though a URL does exist which goes nowhere useful.
This can be seen with the 'Weak LAN Manager hashing permitted" vulnerability.
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
The associated test has been updated to include this scenario.
Checklist:
Summary by CodeRabbit
Bug Fixes
Tests