Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make IgnoredVulns also ignore aliases #300

Merged
merged 16 commits into from
Mar 20, 2023
Merged

Make IgnoredVulns also ignore aliases #300

merged 16 commits into from
Mar 20, 2023

Conversation

michaelkedar
Copy link
Member

@michaelkedar michaelkedar commented Mar 15, 2023
edited
Loading

#281 - Always also ignore aliases of ignored vulnerabilities.

@michaelkedar
Copy link
Member Author

I'm a bit iffy on the style & organisation of the code. Would appreciate feedback/suggestions.

michaelkedar
michaelkedar commented Mar 15, 2023
View reviewed changes
pkg/osvscanner/vulnerability_result_internal_test.go Outdated
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There aren't any test cases actually defined in this file.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I gave up trying to figure out how to put these huge structures into a test at some point, but didn't remove the file.

I'm still not sure how to ergonomically add tests that are actually useful here, maybe we need to break down the functions more and test smaller parts.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not in scope for this PR, but I think we should either add at least one test case, or remove this file so it's clear that this isn't actually being tested.

I feel like a test would be useful to make sure the output structure/order doesn't change, but that'd still require defining the whole models.VulnerabilityResults structure somewhere.

oliverchang
oliverchang reviewed Mar 15, 2023
View reviewed changes
pkg/config/config.go Outdated Show resolved Hide resolved
pkg/osvscanner/vulnerability_result.go Outdated Show resolved Hide resolved
pkg/osvscanner/osvscanner.go Outdated Show resolved Hide resolved
another-rex
another-rex reviewed Mar 15, 2023
View reviewed changes
Copy link
Collaborator

@another-rex another-rex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, mostly looks good to me, added some initial comments.

pkg/osvscanner/osvscanner.go Outdated Show resolved Hide resolved
pkg/osvscanner/vulnerability_result_internal_test.go Outdated
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I gave up trying to figure out how to put these huge structures into a test at some point, but didn't remove the file.

I'm still not sure how to ergonomically add tests that are actually useful here, maybe we need to break down the functions more and test smaller parts.

pkg/config/config.go Outdated Show resolved Hide resolved
another-rex
another-rex reviewed Mar 16, 2023
View reviewed changes
pkg/osvscanner/osvscanner.go Outdated Show resolved Hide resolved
pkg/osvscanner/osvscanner.go Outdated Show resolved Hide resolved
oliverchang
oliverchang reviewed Mar 16, 2023
View reviewed changes
Copy link
Collaborator

@oliverchang oliverchang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice! Can we also write some tests for this?

oliverchang
oliverchang reviewed Mar 17, 2023
View reviewed changes
Copy link
Collaborator

@oliverchang oliverchang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice!!! some minor comments.

pkg/osvscanner/osvscanner_internal_test.go Outdated Show resolved Hide resolved
pkg/osvscanner/osvscanner_internal_test.go Outdated Show resolved Hide resolved
pkg/osvscanner/osvscanner.go Outdated Show resolved Hide resolved
pkg/osvscanner/osvscanner.go Outdated Show resolved Hide resolved
pkg/osvscanner/osvscanner.go Outdated Show resolved Hide resolved
pkg/osvscanner/osvscanner.go Show resolved Hide resolved
pkg/osvscanner/osvscanner.go Show resolved Hide resolved
@michaelkedar michaelkedar merged commit 284a975 into google:main Mar 20, 2023
@michaelkedar michaelkedar mentioned this pull request Mar 20, 2023
Closed
@chenrui333 chenrui333 mentioned this pull request Mar 28, 2023
Merged
julieqiu pushed a commit to julieqiu/osv-scanner that referenced this pull request May 2, 2023
@michaelkedar @julieqiu
Make IgnoredVulns also ignore aliases (google#300)
e714915 
google#281 - Always also ignore aliases of ignored vulnerabilities.
julieqiu pushed a commit to julieqiu/osv-scanner that referenced this pull request May 2, 2023
@michaelkedar @julieqiu
Make IgnoredVulns also ignore aliases (google#300)
bd259fe 
google#281 - Always also ignore aliases of ignored vulnerabilities.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oliverchang oliverchang oliverchang approved these changes

@another-rex another-rex Awaiting requested review from another-rex

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@michaelkedar @oliverchang @another-rex