Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Parse grype report without description #962

Merged
merged 5 commits into from
Oct 19, 2023
Merged

Parse grype report without description #962

merged 5 commits into from
Oct 19, 2023

Conversation

jwigert
Copy link
Contributor

@jwigert jwigert commented Oct 18, 2023

The element "description" is not always available for a "vulnerability" in the JSON generated by Grype. This leads to the error JSONObject["description"] not found.

Example to reproduce (using Grype version 0.71.0 with the vulnerability db built 2023-10-18 01:27:01 +0000 UTC):

docker pull gitea/gitea:1.20.4
grype -o json <image_id> > grype-report-wo-description.json

To resolve this, I implemented a change to the GrypeParser, where the default value "Unknown" is set if "description" is missing.

Testing done

I added a new test GrypeParserWoDescriptionTest.java to verify that a "vulnerability" without "description" can be parsed.

I ran mvn verify, and all tests are green.

Submitter checklist
Beta Give feedback

uhafner
uhafner requested changes Oct 18, 2023
View reviewed changes
Copy link
Member

@uhafner uhafner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your PR. The code looks good, just the test should be moved...

src/test/java/edu/hm/hafner/analysis/parser/GrypeParserWoDescriptionTest.java Outdated Show resolved Hide resolved
SUPPORTED-FORMATS.md Outdated Show resolved Hide resolved
doc/dependency-graph.puml Outdated Show resolved Hide resolved
@uhafner uhafner added the bug Bugs or performance problems label Oct 18, 2023
@codecov
Copy link

codecov bot commented Oct 19, 2023
edited
Loading

Codecov Report

Merging #962 (a63caf7) into main (fe6bee7) will not change coverage.
Report is 1 commits behind head on main.
The diff coverage is 100.00%.

@@            Coverage Diff            @@
##               main     #962   +/-   ##
=========================================
  Coverage     93.07%   93.07%           
  Complexity     2371     2371           
=========================================
  Files           347      347           
  Lines          6588     6588           
  Branches        686      686           
=========================================
  Hits           6132     6132           
  Misses          256      256           
  Partials        200      200
Files Coverage Δ
...ava/edu/hm/hafner/analysis/parser/GrypeParser.java 95.45% <100.00%> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@uhafner
Copy link
Member

uhafner commented Oct 19, 2023

Thanks!

@uhafner uhafner merged commit 98134ef into jenkinsci:main Oct 19, 2023
27 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@uhafner uhafner uhafner approved these changes

Assignees

@uhafner uhafner

Labels
bug Bugs or performance problems
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jwigert @uhafner