search

google / osv-scanner

Vulnerability scanner written in Go which uses the data provided by https://osv.dev
https://google.github.io/osv-scanner/
Apache License 2.0
6.01k stars 337 forks source link

fix: ensure that `package` exists in `affected` property #1055

Closed G-Rath closed 4 days ago

G-Rath commented 1 week ago

This has always been allowed by the spec but now there's at least one real-world advisory in the Debian database like this which causes it to error.

G-Rath commented 1 week ago

This unbreaks #958

codecov-commenter commented 1 week ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Please upload report for BASE (main@46aee59). Learn more about missing BASE report.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #1055 +/- ## ======================================= Coverage ? 65.30% ======================================= Files ? 150 Lines ? 12525 Branches ? 0 ======================================= Hits ? 8179 Misses ? 3882 Partials ? 464 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.