Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Applicability evidence to non-applicable vulnerabilities #497

Open
wants to merge 9 commits into
base: master
Choose a base branch
from

Conversation

dortam888
Copy link
Contributor

@dortam888 dortam888 commented Sep 15, 2024

  • All tests passed. If this feature is not already covered by the tests, I added new tests.
  • I used npm run format for formatting the code before submitting the pull request.

Add Applicability evidence logic to non-applicable vulnerabilities. So far we had applicability evidence only for applicable status. Added the logic that non-applicable will also send API to webview to show.

Linked to webview fix: jfrog/jfrog-ide-webview#63

@attiasas attiasas added improvement Automatically generated release notes safe to test Approve running integration tests on a pull request labels Sep 22, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Sep 22, 2024
Copy link
Contributor

@attiasas attiasas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, check out my comments

src/main/scanLogic/scanRunners/applicabilityScan.ts Outdated Show resolved Hide resolved
src/main/scanLogic/scanRunners/applicabilityScan.ts Outdated Show resolved Hide resolved
src/main/treeDataProviders/utils/analyzerUtils.ts Outdated Show resolved Hide resolved
src/main/treeDataProviders/utils/analyzerUtils.ts Outdated Show resolved Hide resolved
@dortam888 dortam888 added the safe to test Approve running integration tests on a pull request label Oct 7, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 7, 2024
@dortam888 dortam888 added the safe to test Approve running integration tests on a pull request label Oct 7, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 7, 2024
@dortam888 dortam888 added the safe to test Approve running integration tests on a pull request label Oct 7, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 7, 2024
Copy link
Contributor

@attiasas attiasas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add tests cases for CVE that are not applicable/not applicable

src/main/scanLogic/scanRunners/applicabilityScan.ts Outdated Show resolved Hide resolved
@@ -248,9 +251,20 @@ export class AnalyzerUtils {
evidence: evidences
} as IApplicableDetails;
} else {
// Not applicable
// Not Applicable
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if cve is not in applicableCve does not automatic determined as not applicable any more.
You should take it into considerations, when happened on CVE that is undetermined/ not covered?...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently. If a CVE is not in status applicable or not applicable I'll end in line 256 condition and will not assign a value.

@dortam888 dortam888 added the safe to test Approve running integration tests on a pull request label Oct 15, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 15, 2024
@dortam888 dortam888 added the safe to test Approve running integration tests on a pull request label Oct 28, 2024
@github-actions github-actions bot removed the safe to test Approve running integration tests on a pull request label Oct 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
improvement Automatically generated release notes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants