Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Pre537] Omit or replace patched_versions field during lib/github_advisory_sync.rb run if it was never patched #656

Closed
jasnow opened this issue Jun 26, 2023 · 6 comments
Closed

[Pre537] Omit or replace patched_versions field during lib/github_advisory_sync.rb run if it was never patched #656

jasnow opened this issue Jun 26, 2023 · 6 comments
Assignees
@postmodern
Labels
bug

Comments

@jasnow
Copy link
Contributor

jasnow commented Jun 26, 2023
edited
Loading

Omit or replace patched_versions field during lib/github_advisory_sync.rb run if it was never patched.
Currently, here is the the results of lib/github_advisory_sync.rb script:

gems/arabic-prawn/CVE-2014-2322.yml:patched_versions:
gems/arabic-prawn/CVE-2014-2322.yml-- ">= "

Normally I add a notes: "ever patched" where patched_versions would be if never patched.
@jasnow jasnow changed the title Add conditional json to lib/github_advisory_sync.rb for patched_versions field if it was never patched Omit patched_versions field during lib/github_advisory_sync.rb run if it was never patched Jun 26, 2023
@jasnow jasnow changed the title Omit patched_versions field during lib/github_advisory_sync.rb run if it was never patched Omit or replace patched_versions field during lib/github_advisory_sync.rb run if it was never patched Jun 26, 2023
@jasnow
Copy link
Contributor Author

jasnow commented Jun 26, 2023

Probably overlaps some with #157.

@jasnow jasnow changed the title Omit or replace patched_versions field during lib/github_advisory_sync.rb run if it was never patched [Pre537] Omit or replace patched_versions field during lib/github_advisory_sync.rb run if it was never patched Jun 26, 2023
@postmodern postmodern self-assigned this Jun 26, 2023
@postmodern postmodern added the bug label Jun 26, 2023
@postmodern
Copy link
Member

@jasnow if there's no patched-versions, would you prefer that the patched_versions: be omitted entirely, or left empty?

@jasnow
Copy link
Contributor Author

jasnow commented Jun 27, 2023

@jasnow if there's no patched-versions, would you prefer that the patched_versions: be omitted entirely, or left empty?

My vote for no patched_version: value is to replace it with:

notes: "Never patched"

so the future me will know explicitly that someone checked and did not find a patched version.

@jasnow
Copy link
Contributor Author

jasnow commented Jun 29, 2023

My vote for no patched_version: value is to replace it with:

notes: "Never patched"

Sort of like the way cvss_v3 is implemented:

 "cvss_v3"             => ("<FILL IN IF AVAILABLE>" unless cvss),

@postmodern postmodern mentioned this issue Jun 29, 2023
Merged
@postmodern
Copy link
Member

postmodern commented Jul 1, 2023
edited
Loading

#664 should resolve this.

@jasnow
Copy link
Contributor Author

jasnow commented Jul 1, 2023

#664 should resolve this.

Agree

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@postmodern postmodern

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@postmodern @jasnow