Skip to content

fix: resolve errors of fuzzing job fuzz_cyclonedx #3822

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
terriko merged 2 commits into from
Feb 15, 2024
Merged

fix: resolve errors of fuzzing job fuzz_cyclonedx #3822

terriko merged 2 commits into from
Feb 15, 2024

Conversation

@inosmeet
Copy link
Contributor

@inosmeet inosmeet commented Feb 15, 2024

@inosmeet
fix: resolve errors of fuzzing job fuzz_cyclonedx
5015ac5 
implemented purl validation to check valid purl strings

Signed-off-by: Meet Soni <meetsoni3017@gmail.com>
@inosmeet
empty commit
f8bd13d
@codecov-commenter
Copy link

codecov-commenter commented Feb 15, 2024

Codecov Report

Attention: 33 lines in your changes are missing coverage. Please review.

Comparison is base (d6cbe40) 75.41% compared to head (f8bd13d) 80.92%.
Report is 21 commits behind head on main.

Files Patch % Lines
cve_bin_tool/extractor.py 55.55% 6 Missing and 2 partials ⚠️
cve_bin_tool/sbom_manager/__init__.py 56.25% 4 Missing and 3 partials ⚠️
cve_bin_tool/sbom_detection.py 76.00% 4 Missing and 2 partials ⚠️
cve_bin_tool/cli.py 78.57% 1 Missing and 2 partials ⚠️
test/utils.py 70.00% 3 Missing ⚠️
cve_bin_tool/output_engine/__init__.py 33.33% 2 Missing ⚠️
cve_bin_tool/util.py 66.66% 2 Missing ⚠️
cve_bin_tool/nvd_api.py 0.00% 1 Missing ⚠️
cve_bin_tool/version_scanner.py 75.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3822      +/-   ##
==========================================
+ Coverage   75.41%   80.92%   +5.51%     
==========================================
  Files         808      809       +1     
  Lines       11983    12064      +81     
  Branches     1598     1616      +18     
==========================================
+ Hits         9037     9763     +726     
+ Misses       2593     1884     -709     
- Partials      353      417      +64
Flag Coverage Δ
longtests 80.38% <71.07%> (+4.97%) ⬆️
win-longtests 78.70% <69.56%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

terriko
terriko approved these changes Feb 15, 2024
View reviewed changes
Copy link
Collaborator

@terriko terriko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for looking into the fuzzing issues! I'm really excited to see those actually finding valid bugs.

I'm a bit worried that the purl validation function may cause problems if the purl string is really long (i.e. regular expression denial of service). We may need to keep an eye on that, especially once we get to the point of fuzzing those purl patterns explicitly. We may need to do some split() action and then check individual pieces and watch for unreasonably large sizes or something if it becomes an issue.

But for now I think this clearly moves us in the right direction and should be merged. So thank you!

@terriko terriko merged commit fd80100 into intel:main Feb 15, 2024
@inosmeet inosmeet deleted the cyclonedx branch February 16, 2024 03:51
@inosmeet inosmeet mentioned this pull request Feb 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@terriko terriko terriko approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@inosmeet @codecov-commenter @terriko