-
Notifications
You must be signed in to change notification settings - Fork 93
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(ghsa): add swift support #233
Conversation
ghsa/ghsa.go
Outdated
// Part Swift packages have `https://` prefix or `.git` suffix | ||
// e.g. https://github.com/github/advisory-database/blob/76f65b0d0fdac39c8b0e834ab03562b5f80d5b27/advisories/github-reviewed/2023/06/GHSA-r6ww-5963-7r95/GHSA-r6ww-5963-7r95.json#L21 | ||
// https://github.com/github/advisory-database/blob/76f65b0d0fdac39c8b0e834ab03562b5f80d5b27/advisories/github-reviewed/2023/07/GHSA-jq43-q8mx-r7mq/GHSA-jq43-q8mx-r7mq.json#L21 | ||
// Trim them to fit the same format | ||
// as in https://github.com/github/advisory-database/blob/76f65b0d0fdac39c8b0e834ab03562b5f80d5b27/advisories/github-reviewed/2023/06/GHSA-qvxg-wjxc-r4gg/GHSA-qvxg-wjxc-r4gg.json#L21 | ||
if ecosystem == Swift { | ||
ghsa.Package.Name = strings.TrimLeft(ghsa.Package.Name, "https://") | ||
ghsa.Package.Name = strings.TrimRight(ghsa.Package.Name, ".git") | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we trim them in trivy-db rather than vuln-list-update? I'd keep the original data as much as possible in vuln-list.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now i only update the directory names (61450fa).
Names in JSON are stored as in GHSA.
vuln-list-update/ghsa/testdata/swift/github.com/grpc/grpc-swift/GHSA-r6ww-5963-7r95.json
Line 6 in 7bb79ee
"Name": "https://github.com/grpc/grpc-swift.git" |
Description
Add swift support.