Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ruby: add vuln matching #949

Merged
merged 1 commit into from Jun 9, 2023
Merged

ruby: add vuln matching #949

merged 1 commit into from Jun 9, 2023

Conversation

RTann
Copy link
Contributor

@RTann RTann commented May 24, 2023

Note: Ruby recommends semver, but it is not enforced. I am taking the stance here that we will not support non-semver versions. This is relevant because I did find an example which broke semver: https://osv.dev/vulnerability/GHSA-23f7-99jx-m54r (0.119.0.beta1 is not proper semver. It should be 0.119.0-beta1)

@RTann RTann requested a review from a team as a code owner May 24, 2023 22:10
@RTann RTann requested review from crozzy and removed request for a team May 24, 2023 22:10
@RTann RTann force-pushed the ruby-osv branch 3 times, most recently from ec8b249 to b2172ac Compare May 25, 2023 18:14
@RTann RTann requested review from hdonnay, jvdm and daynewlee May 25, 2023 18:15
daynewlee
daynewlee reviewed May 25, 2023
View reviewed changes
Copy link
Contributor

@daynewlee daynewlee left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It will be nice to have an integration test to run OSV updater and match Ruby CVEs with an index report. But it could be a pain to generate an index report.

@RTann RTann force-pushed the ruby-osv branch 3 times, most recently from c3e61a1 to 3bbc42f Compare June 7, 2023 23:50
@RTann
Copy link
Contributor Author

RTann commented Jun 7, 2023

It will be nice to have an integration test to run OSV updater and match Ruby CVEs with an index report. But it could be a pain to generate an index report.

a little bit of a pain, but worth it. Found some issues which I have since fixed :)

@RTann RTann force-pushed the ruby-osv branch 2 times, most recently from 1098a99 to 95fc869 Compare June 8, 2023 16:58
@RTann RTann requested a review from daynewlee June 8, 2023 17:36
crozzy
crozzy reviewed Jun 8, 2023
View reviewed changes
Copy link
Contributor

@crozzy crozzy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just a couple of comments

ruby/matcher.go Outdated Show resolved Hide resolved
ruby/packagescanner.go Outdated Show resolved Hide resolved
@RTann
ruby: add vuln matching
135cf26 
Signed-off-by: RTann <rtannenb@redhat.com>
@RTann RTann requested a review from crozzy June 8, 2023 22:37
@RTann RTann merged commit 1345c9e into quay:main Jun 9, 2023
6 checks passed
@RTann RTann deleted the ruby-osv branch June 9, 2023 16:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@crozzy crozzy crozzy approved these changes

@hdonnay hdonnay Awaiting requested review from hdonnay

@jvdm jvdm Awaiting requested review from jvdm

@daynewlee daynewlee Awaiting requested review from daynewlee

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@RTann @crozzy @daynewlee