Skip to content

/ security-wg

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

convert cvss score to number #644

Merged
merged 4 commits into from Apr 19, 2020
Merged

convert cvss score to number #644

merged 4 commits into from Apr 19, 2020

Conversation

@wagdez
Copy link
Contributor

@wagdez wagdez commented Apr 18, 2020
edited

All other jsons has the cvss score as int, except these 2 files which caused an error in external tool I use to parse the jsons
wagdez added 2 commits Apr 18, 2020
@wagdez
Update 18.json
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
f5d3406 
should be int
@wagdez
Update 40.json
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
77e7db9 
Shouldbe int
@wagdez wagdez requested review from mhdawson and vdeturckheim as code owners Apr 18, 2020
@vdeturckheim vdeturckheim requested a review from lirantal Apr 18, 2020
@vdeturckheim
vdeturckheim approved these changes Apr 18, 2020
View changes
@wagdez
Update 18.json
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
c88a201
@vdeturckheim vdeturckheim changed the title convert cvss score to int convert cvss score to number Apr 19, 2020
@nschonni
Copy link
Member

@nschonni nschonni commented Apr 19, 2020

Not sure if these files were already being moved out with #536
@wagdez
Copy link
Contributor Author

@wagdez wagdez commented Apr 19, 2020

@nschonni
Trivy fails when trying to "walk" on the jsons:
error in file walk:\n github.com/aquasecurity/trivy/pkg/scanner/library/node.(*Scanner).walk\n /go/pkg/mod/github.com/aquasecurity/trivy@v0.1.6/pkg/scanner/library/node/advisory.go:106\n - json: invalid number literal, trying to unmarshal "\"4.8 (Medium)\"" into Number"
@lirantal
Copy link
Member

@lirantal lirantal commented Apr 19, 2020

ahh yes, we don't lint those I think, good catch there.
@lirantal
lirantal approved these changes Apr 19, 2020
View changes
@lirantal
Copy link
Member

@lirantal lirantal commented Apr 19, 2020

@wagdez can you also please apply this change to get the build to pass?

diff --git a/tools/vuln_valid/vulnValidate.js b/tools/vuln_valid/vulnValidate.js
index 38000aa..6d6c538 100644
--- a/tools/vuln_valid/vulnValidate.js
+++ b/tools/vuln_valid/vulnValidate.js
@@ -30,7 +30,7 @@ const coreModel = joi.object().keys({
     .optional()
     .isoDate(),
   type: joi.string().optional(),
-  cvss_score: joi.string().optional(),
+  cvss_score: joi.number().optional(),
   cvss: joi.string().optional(),
   reported_by: joi.string().optional()
 });
@lirantal lirantal closed this Apr 19, 2020
@lirantal lirantal reopened this Apr 19, 2020
@lirantal lirantal self-requested a review Apr 19, 2020
@lirantal
lirantal requested changes Apr 19, 2020
View changes
Copy link
Member

@lirantal lirantal left a comment

Need to update the validation logic to accept numbers instead of strings.
@wagdez
Update vulnValidate.js
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
8fa7f47 
validation code
@wagdez
Copy link
Contributor Author

@wagdez wagdez commented Apr 19, 2020

@lirantal Done
@lirantal
Copy link
Member

@lirantal lirantal commented Apr 19, 2020

Great, thank you!
@lirantal lirantal merged commit 3458322 into nodejs:master Apr 19, 2020
1 check passed
1 check passed
Travis CI - Pull Request Build Passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lirantal lirantal

@vdeturckheim vdeturckheim

@mhdawson mhdawson

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants
@wagdez @nschonni @lirantal @vdeturckheim
You can’t perform that action at this time.