New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Default to UNKNOWN in java version checker #1637
Conversation
cve_bin_tool/version_scanner.py
Outdated
@@ -236,6 +236,11 @@ def run_java_checker(self, filename: str) -> Iterator[ScanInfo]: | |||
version = root.find(schema + "version").text | |||
if version is None and parent is not None: | |||
version = parent.find(schema + "version").text | |||
|
|||
# If all else fails, set version to UNKNOWN |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Alienmaster pointed out that saying "else" here can make it confusing when there is no actual code else
involved. English is confusing as always. I'm going to go ahead and try to change the comment to something clearer.
cve_bin_tool/version_scanner.py
Outdated
@@ -236,6 +236,11 @@ def run_java_checker(self, filename: str) -> Iterator[ScanInfo]: | |||
version = root.find(schema + "version").text | |||
if version is None and parent is not None: | |||
version = parent.find(schema + "version").text | |||
|
|||
# If all else fails, set version to UNKNOWN |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Alienmaster pointed out that saying "else" here can make it confusing when there is no actual code else
involved. English is confusing as always. I'm going to go ahead and try to change the comment to something clearer.
Codecov Report
@@ Coverage Diff @@
## main #1637 +/- ##
==========================================
- Coverage 78.49% 78.33% -0.17%
==========================================
Files 291 291
Lines 5975 5995 +20
Branches 980 983 +3
==========================================
+ Hits 4690 4696 +6
- Misses 1072 1082 +10
- Partials 213 217 +4
Flags with carried forward coverage won't be shown. Click here to find out more.
📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more |
Static analysis says we can still sometimes wind up with version set to None in the java version parser. Set it explicitly to "UNKNOWN" to match the other checkers.
cc @anthonyharrison who might want to review this