Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix querying by commit integration test more #2146

Merged
merged 1 commit into from
Apr 30, 2024
Merged

Fix querying by commit integration test more #2146

merged 1 commit into from
Apr 30, 2024

Conversation

andrewpollock
Copy link
Contributor

The additional matching CVE has now been rejected, and the text of the description has changed. I suspect we haven't seen the last of this yet, as a rejected CVE should be resulting in a withdrawn OSV record...

(I'm investigating why that isn't the case, but want to unbreak the test)

@andrewpollock
Fix querying by commit integration test more
fade772 
The additional matching CVE has now been rejected, and the text of the
description has changed. I suspect we haven't seen the last of this yet,
as a rejected CVE should be resulting in a withdrawn OSV record...
@andrewpollock andrewpollock enabled auto-merge (squash) April 30, 2024 23:50
@andrewpollock
Copy link
Contributor Author

I confused disputed CVEs with rejected ones.

osv.dev/vulnfeeds/cmd/combine-to-osv/main.go

Lines 119 to 128 in aad1acb

if len(cveList) > 0 {
// Best-effort attempt to mark a disputed CVE as withdrawn.
modified, err := vulns.CVEIsDisputed(convertedCve, cveList)
if err != nil {
Logger.Warnf("Unable to determine CVE dispute status of %s: %v", convertedCve.ID, err)
}
if err == nil && modified != "" {
convertedCve.Withdrawn = modified
}
}
withdraws disputed CVEs.

I think we also need to be reflecting rejected ones as withdrawn. I'll file an issue for this.

@andrewpollock andrewpollock merged commit c737cd0 into google:master Apr 30, 2024
11 checks passed
@andrewpollock andrewpollock mentioned this pull request Apr 30, 2024
Open
@andrewpollock andrewpollock deleted the fix_integration_test_more branch May 23, 2024 04:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oliverchang oliverchang oliverchang approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@andrewpollock @oliverchang