Skip to content

fix vuln classification#1715

Merged
timbastin merged 1 commit intomainfrom
fix-vuln-classification
Feb 17, 2026
Merged

fix vuln classification#1715
timbastin merged 1 commit intomainfrom
fix-vuln-classification

Conversation

@Hubtrick-Git
Copy link
Copy Markdown
Collaborator

@Hubtrick-Git Hubtrick-Git commented Feb 17, 2026

No description provided.

Copilot AI review requested due to automatic review settings February 17, 2026 16:16
@timbastin timbastin merged commit 8958c3e into main Feb 17, 2026
15 of 16 checks passed
@timbastin timbastin deleted the fix-vuln-classification branch February 17, 2026 16:18
Copilot AI reviewed Feb 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adjusts vulnerability classification range filtering to avoid overlapping buckets by making the upper bound exclusive.

Changes:

  • Updated raw_risk_assessment filters from <= ? to < ? across multiple statistics queries.
  • Updated cvss filters from <= ? to < ? across multiple statistics queries.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread database/repositories/statistics_repository.go
JOIN release_items ri ON dv.asset_version_name = ri.asset_version_name AND dv.asset_id = ri.asset_id
JOIN cves c ON dv.cve_id = c.cve
WHERE ri.release_id IN (SELECT id FROM release_tree) AND fe.type IN ? AND c.cvss >= ? AND c.cvss <= ?
WHERE ri.release_id IN (SELECT id FROM release_tree) AND fe.type IN ? AND c.cvss >= ? AND c.cvss < ?
Copy link

Copilot AI Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Switching the upper bound from inclusive (<=) to exclusive (<) will exclude rows where the score equals the upper boundary. This is especially risky for the top bucket (e.g., CVSS can validly be 10.0), which would be dropped if the caller passes 10.0 as the upper bound. Consider keeping the final bucket inclusive (use <= ? for the max-range query) or ensure the caller passes an exclusive sentinel upper bound (e.g., 10.0001 or math.MaxFloat) so boundary values aren’t lost.

Suggested change
WHERE ri.release_id IN (SELECT id FROM release_tree) AND fe.type IN ? AND c.cvss >= ? AND c.cvss < ?
WHERE ri.release_id IN (SELECT id FROM release_tree) AND fe.type IN ? AND c.cvss >= ? AND c.cvss <= ?

Copilot uses AI. Check for mistakes.
Comment thread database/repositories/statistics_repository.go
JOIN artifact_dependency_vulns adv ON dependency_vulns.id = adv.dependency_vuln_id
WHERE
fe.type IN ? AND dependency_vulns.asset_version_name = ? AND dependency_vulns.asset_id = ? AND dependency_vulns.raw_risk_assessment >= ? AND dependency_vulns.raw_risk_assessment <= ?
fe.type IN ? AND dependency_vulns.asset_version_name = ? AND dependency_vulns.asset_id = ? AND dependency_vulns.raw_risk_assessment >= ? AND dependency_vulns.raw_risk_assessment < ?
Copy link

Copilot AI Feb 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The same range predicate pattern (>= ? and < ?) is duplicated across several query blocks in this file (for both raw_risk_assessment and cvss). To reduce the chance of future inconsistencies (like mixed inclusive/exclusive bounds across queries), consider centralizing the range predicate construction (e.g., a small helper/const fragment used by each query builder) and documenting the intended interval semantics (half-open vs closed).

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@timbastin timbastin timbastin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Hubtrick-Git @timbastin