Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(nvd): add support of versionStartExcluding and versionEndExcluding #82

Merged
merged 5 commits into from
Apr 18, 2024
Merged

fix(nvd): add support of versionStartExcluding and versionEndExcluding #82

merged 5 commits into from
Apr 18, 2024
+64 −39

Conversation

DmitriyLewen
Copy link
Contributor

@DmitriyLewen DmitriyLewen commented Apr 17, 2024
edited
Loading

Description

  • Add support of versionStartExcluding and versionEndExcluding fields.
  • Add (including) and (excluding) suffixes for versions.
  • Add update (if used) for versions from CPE

Before:
изображение

After:
изображение

@DmitriyLewen DmitriyLewen marked this pull request as ready for review April 17, 2024 07:58
DmitriyLewen
DmitriyLewen commented Apr 17, 2024
View reviewed changes
docGen/nvd.go Outdated
@@ -481,6 +480,22 @@ func parseVulnerabilityJSONFile(fileName string) (VulnerabilityPost, error) {
}, nil
}

func detectVersion(includeVersion, excludeVersion, itemVersion string) string {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I used NVD logic ((including) and (excluding) suffixes).
Tell me if you see better way.

@DmitriyLewen
Copy link
Contributor Author

@knqyf263 @simar7 Take a look this PR, when you have time, please.

@pjonsson
Copy link

pjonsson commented Apr 18, 2024
edited
Loading

There is still a mismatch for the 0.9.0-beta versions in the nist.gov source and the screenshot in the PR, see the last screenshot from this comment: aquasecurity/vuln-list-update#282 (comment)

Edit: to clarify, I don't believe 0.9.0:beta4 and later is vulnerable.

@DmitriyLewen
Copy link
Contributor Author

DmitriyLewen commented Apr 18, 2024
edited
Loading

Hello @pjonsson
Thanks a lot! I missed update part for versions from CPE.

I updated this in 35c548c

Perhaps you see other problems?

@pjonsson
Copy link

I don't know anything about the code, but the current screenshot in this PR looks like it captures everything from the CVE at nist.gov.

simar7
simar7 approved these changes Apr 18, 2024
View reviewed changes
Copy link
Member

@simar7 simar7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice! lgtm :shipit:

@simar7 simar7 merged commit 9cce08c into aquasecurity:main Apr 18, 2024
2 checks passed
@DmitriyLewen DmitriyLewen mentioned this pull request Apr 19, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simar7 simar7

@knqyf263 knqyf263

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@DmitriyLewen @pjonsson @simar7 @knqyf263