Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(report): ignore exploits of no-cve-id vulns #906

Merged
merged 1 commit into from
Sep 13, 2019
Merged

fix(report): ignore exploits of no-cve-id vulns #906

merged 1 commit into from
Sep 13, 2019

Conversation

kotakanbe
Copy link
Member

@kotakanbe kotakanbe commented Sep 13, 2019
edited
Loading

What did you implement:

In the current implementation, vuls report fills All exploits with no CVE-ID for the detected no-cve-id vulns. (The query is select * from exploits where cve_id = "")
This is a bug. So, don't fill exploits of no-cve-id vulns.

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

How Has This Been Tested?

./vuls report and then check the attack code is not included in the vulnerability without CVE-ID

Checklist:

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES

@kotakanbe kotakanbe added the bug label Sep 13, 2019
@kotakanbe kotakanbe force-pushed the ignroe-exploit-no-cve-id branch from e43c52b to c54b003 Compare September 13, 2019 03:14
@kotakanbe kotakanbe merged commit 2b02807 into master Sep 13, 2019
@kotakanbe kotakanbe deleted the ignroe-exploit-no-cve-id branch January 31, 2020 23:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@kotakanbe