-
Notifications
You must be signed in to change notification settings - Fork 17.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/vulndb: refactor and test database generation logic #56417
Comments
Change https://go.dev/cl/445338 mentions this issue: |
Change https://go.dev/cl/445339 mentions this issue: |
Change https://go.dev/cl/448840 mentions this issue: |
Move Diff function into its own file, and move code and tests related to OSV generation into their own file. For golang/go#56417 Change-Id: Ia41b3f9068efe543c1a603c34738810c404e6caf Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/448840 Run-TryBot: Tatiana Bradley <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Jonathan Amsterdam <[email protected]> TryBot-Result: Gopher Robot <[email protected]>
Change https://go.dev/cl/448841 mentions this issue: |
Change https://go.dev/cl/449135 mentions this issue: |
Add a new struct, Database, which is an in-memory representation of a Go vulnerability database. Update Load to return this struct. Also adds a test database folder which is used by tests for Load, and can be used in tests for Generate. For golang/go#56417 Change-Id: I62d882722186ee96846b646cf88d4320a4f3a307 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/448841 Reviewed-by: Tatiana Bradley <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Run-TryBot: Tatiana Bradley <[email protected]> Reviewed-by: Damien Neil <[email protected]>
Change https://go.dev/cl/450976 mentions this issue: |
Change https://go.dev/cl/450975 mentions this issue: |
Adds a function, Write, which writes a Database struct to files. This will be used by Generate. Also updates test data to be indented. For golang/go#56417 Change-Id: I639c36b081611a3d1e90d60d3224e2b40bd101ff Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/450975 TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Damien Neil <[email protected]> Run-TryBot: Tatiana Bradley <[email protected]> Reviewed-by: Joedian Reid <[email protected]>
Add a function, New, which generates a new Database struct from a git repo. The git repo must contain a folder "data/osv" with OSV files. Adds integration tests to ensure that the current Generate logic is the same as running New then Write. (Generate will eventually be replaced by these functions.) Test data is updated to allow for testing with respect to a git repo, and to test timestamp logic. For golang/go#56417 Change-Id: Iae88c5bb8d788bcf025af6d9fb700d87b1834455 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/450976 Reviewed-by: Damien Neil <[email protected]> Run-TryBot: Tatiana Bradley <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Tatiana Bradley <[email protected]>
Change https://go.dev/cl/448842 mentions this issue: |
Adds a function, Validate, which checks a Go vulnerability for internal consistency. Also adds a command line tool, "checkdb" which can be used to validate databases. This tool will be used in the deploy script for vulndb. For golang/go#56417 Change-Id: I427eab6b5385d3c858d4a371d90e6e5f54f10812 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/448842 Run-TryBot: Tatiana Bradley <[email protected]> Reviewed-by: Tatiana Bradley <[email protected]> Reviewed-by: Damien Neil <[email protected]> TryBot-Result: Gopher Robot <[email protected]>
Change https://go.dev/cl/452443 mentions this issue: |
Change https://go.dev/cl/451400 mentions this issue: |
Change https://go.dev/cl/452771 mentions this issue: |
Change https://go.dev/cl/452772 mentions this issue: |
Change https://go.dev/cl/453175 mentions this issue: |
Change https://go.dev/cl/453176 mentions this issue: |
Adds a function, Validate, which checks a candidate Go vulnerability database against an existing one, to ensure that both databases are valid, timestamps are consistent and no OSV entries would be deleted. Moves single-database validation logic (previously called Validate) to the Load function, so that Load now loads and checks a database. Also adds a command line tool, "checkdeploy" which calls the new Validate function. This tool will be used in the deploy script for vulndb. For golang/go#56417 Change-Id: Ifa12234376f2a3fd577d96978919b167fcb25f64 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/452443 Reviewed-by: Damien Neil <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Run-TryBot: Tatiana Bradley <[email protected]> Reviewed-by: Jonathan Amsterdam <[email protected]>
Adds tests for Load failure cases, adds more context to error message, and adds an additional failure case. For golang/go#56417 Change-Id: If4927c11f433c931827b262ee65a04f3594a125a Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/453175 Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Jonathan Amsterdam <[email protected]> Run-TryBot: Tatiana Bradley <[email protected]> TryBot-Result: Gopher Robot <[email protected]>
Adds two steps, CopyExisting and Validate to the vulndb deploy script, to ensure that the existing and new databases are valid internally and with respect to each other. Deploy will not proceed if validation fails. For golang/go#56417 Change-Id: I9c522cfb9e3f66f3538d9bc9c89f927692f2c96e Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/452771 Run-TryBot: Tatiana Bradley <[email protected]> Reviewed-by: Jonathan Amsterdam <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Damien Neil <[email protected]>
Change https://go.dev/cl/455315 mentions this issue: |
Adds two steps, CopyExisting and Validate to the vulndb deploy script, to ensure that the existing and new databases are valid internally and with respect to each other. Deploy will not proceed if validation fails. (Reinstates https://go-review.git.corp.google.com/c/vulndb/+/452771 with fix. The bug was a missing "-c" flag in CopyExisting). For golang/go#56417 Change-Id: I0ef8e38a6679225e8b7b02a9b4b39c18a975ba9a Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/455315 TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Jonathan Amsterdam <[email protected]> Run-TryBot: Tatiana Bradley <[email protected]>
Replaces existing Generate logic with refactored New and Write functions, which have the equivalent behavior. For golang/go#56417 Change-Id: Ie01c0c77e93c779c717e89acecb81fc00dd4cfbe Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/453176 TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Jonathan Amsterdam <[email protected]> Run-TryBot: Tatiana Bradley <[email protected]> Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Jenny Rakoczy <[email protected]>
Change https://go.dev/cl/457017 mentions this issue: |
Modify Generate to take in a *git.Repository instead of a directory string, so it can be more easily unit tested. Add a unit test. For golang/go#56417 Change-Id: I3eaa84b41568e9582ac1f16be8c979d7b71d5ad3 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/457017 Run-TryBot: Tatiana Bradley <[email protected]> Reviewed-by: Damien Neil <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Reviewed-by: Than McIntosh <[email protected]>
No description provided.
The text was updated successfully, but these errors were encountered: