Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Source Package: Add affected feature type to updater #646

Merged
merged 2 commits into from
Oct 18, 2018
Merged

Source Package: Add affected feature type to updater #646

merged 2 commits into from
Oct 18, 2018

Conversation

KeyboardNerd
Copy link
Contributor

@KeyboardNerd KeyboardNerd commented Oct 18, 2018
edited

Each vulnerability is assumed to have a corresponding feature type associated. This PR implements the affected feature type and updated all extensions using that.

Road Map:

  • Update updater to have affected feature type <- Current PR
  • Implement CVRF vulnsrc to verify our design is correct
  • Consider affected feature type when computing if a feature is affected
  • Update feature database model
  • Update vulnerability database model

During these PRs, the master branch won't work properly.

@KeyboardNerd KeyboardNerd changed the title Add affected feature type to updater Source Package: Add affected feature type to updater Oct 18, 2018
jzelinskie
jzelinskie suggested changes Oct 18, 2018
View reviewed changes
Copy link
Contributor

@jzelinskie jzelinskie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just a nitpick

database/affected_feature_type.go
@@ -0,0 +1,9 @@
package database

This comment was marked as resolved.

Sign in to view

@KeyboardNerd
database: Add affected feature type
00fadfc 
Affected feature type is for determining either the source feature or
the binary feature that an vulnerability affects.
@KeyboardNerd
updater: Add vulnsrc affected feature type
2236b0a 
Each vulnerability source has a specific type of feature that it affects

We assume the following:
* Alpine: Binary Package
* Debian: Source Package
* Ubuntu: Source Package
* Oracle OVAL: Binary Package
* RHEL OVAL: Binary Package
@KeyboardNerd KeyboardNerd merged commit 335cb65 into quay:master Oct 18, 2018
@KeyboardNerd KeyboardNerd deleted the spkg/model branch October 18, 2018 20:44
@jzelinskie jzelinskie added kind/design relates to the fundamental design of a component component/database labels Oct 22, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jzelinskie jzelinskie jzelinskie approved these changes

Assignees
No one assigned
Labels
kind/design relates to the fundamental design of a component
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@KeyboardNerd @jzelinskie