Skip to content

e2e: misc test updates #1234

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 15, 2023
Merged

e2e: misc test updates #1234

merged 2 commits into from
Aug 15, 2023

Conversation

RTann
Copy link
Collaborator

@RTann RTann commented Aug 10, 2023
edited
Loading

anchore-engine:

This image is affected by CVE-2023-4016. The CVE page says "Out of Support" but it's still vulnerable. The id in the OVAL feed is oval:com.redhat.cve:def:20234016, which indicates a vulnerability.

Originally, I was going to add that vulnerability to the list, but the description used some special formatting which seemed annoying to mimic, so I decided to just not check for that vulnerability. Adding this vulnerability did not really add much value anyway

@RTann RTann requested a review from a team August 10, 2023 15:50
@RTann RTann force-pushed the ross/cve-2023-4016 branch from 6f32afe to f0f0054 Compare August 11, 2023 00:09
@ghost
Copy link

ghost commented Aug 11, 2023
edited by ghost
Loading

Images are ready for the commit at 44f45d8.

To use the images, use the tag 2.30.x-36-g44f45d8a0f.

@RTann RTann force-pushed the ross/cve-2023-4016 branch 2 times, most recently from 6afcb1d to 321ed8a Compare August 14, 2023 17:11
@RTann RTann changed the title e2e: account for CVE-2023-4016 e2e: only check specified vulns for anchore-engine Aug 14, 2023
@RTann RTann changed the title e2e: only check specified vulns for anchore-engine e2e: misc test updates Aug 15, 2023
@RTann RTann force-pushed the ross/cve-2023-4016 branch from 321ed8a to 2fe1545 Compare August 15, 2023 00:33
@RTann RTann requested review from jvdm, daynewlee and dcaravel August 15, 2023 17:19
@RTann RTann mentioned this pull request Aug 15, 2023
Merged
jvdm
jvdm approved these changes Aug 15, 2023
View reviewed changes
Copy link
Contributor

@jvdm jvdm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BTW, I think the formatting issue in the description is related to the character being used for quotations below, right?

<description>DOCUMENTATION: The MITRE CVE dictionary describes this issue as: Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.</description>

In “ps“ which can be confused with "ps".

@RTann RTann merged commit 7a32bb9 into master Aug 15, 2023
@RTann RTann deleted the ross/cve-2023-4016 branch August 15, 2023 23:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jvdm jvdm jvdm approved these changes

@daynewlee daynewlee Awaiting requested review from daynewlee

@dcaravel dcaravel Awaiting requested review from dcaravel

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RTann @jvdm