Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

VCIO-next: Do not report ghost package as a fix for vulnerability #1679

Merged
merged 7 commits into from
Dec 3, 2024
Merged

VCIO-next: Do not report ghost package as a fix for vulnerability #1679

merged 7 commits into from
Dec 3, 2024

Conversation

keshav-space
Copy link
Member

@keshav-space keshav-space commented Nov 20, 2024
edited
Loading

UI: Package Details

Before After
Screenshot from 2024-11-20 16-02-29 Screenshot from 2024-11-20 16-02-57

UI: Vulnerability Details

Before After
Screenshot from 2024-11-20 18-18-02 Screenshot from 2024-11-20 18-18-29

UI: Package Details with Latest/Next non-vulnerable

Before After
Screenshot from 2024-11-22 13-29-56 Screenshot from 2024-11-22 13-30-10

APIv1: /api/vulnerabilities

Before After
Screenshot from 2024-11-20 18-23-45 Screenshot from 2024-11-20 18-24-25

APIv1: /api/packages

Before After
Screenshot from 2024-11-20 18-25-04 Screenshot from 2024-11-20 18-25-21

APIv2: /api/v2/packages with latest/next non-vulnerable

Before After
Screenshot from 2024-11-22 13-25-50 Screenshot from 2024-11-22 13-28-33

APIv2: /api/v2/packages with ghost fixing_vulnerabilities

Before After
Screenshot from 2024-11-22 13-31-25 Screenshot from 2024-11-22 13-34-41

@keshav-space keshav-space requested a review from TG1999 November 22, 2024 14:45
@keshav-space keshav-space added this to the v36.0.0 - 3-next milestone Nov 27, 2024
@keshav-space
Do not report ghost packages as fix for vulnerabilities in UI
ae4abd8 
Signed-off-by: Keshav Priyadarshi <[email protected]>
@keshav-space
Prefetch severities and exploits in VulnerabilityDetails
7ff2a0f 
Signed-off-by: Keshav Priyadarshi <[email protected]>
@keshav-space
Do not report ghost packages as fix for vulnerabilities in APIv1
7fe3a7e 
Signed-off-by: Keshav Priyadarshi <[email protected]>
@keshav-space
Prefetch related in VulnerabilityViewSet
a5a5845 
Signed-off-by: Keshav Priyadarshi <[email protected]>
@keshav-space
Do not report ghost packages as fix for vulnerabilities in APIv2
d695d97 
Signed-off-by: Keshav Priyadarshi <[email protected]>
@keshav-space
Do not report ghost package as latest/next non-vulnerable version
6a51750 
Signed-off-by: Keshav Priyadarshi <[email protected]>
@keshav-space
Test API with ghost packages
650df4c 
Signed-off-by: Keshav Priyadarshi <[email protected]>
TG1999
TG1999 approved these changes Dec 3, 2024
View reviewed changes
Copy link
Contributor

@TG1999 TG1999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@TG1999 TG1999 merged commit c21bf1f into main Dec 3, 2024
10 checks passed
@keshav-space keshav-space deleted the 1650-ghost-cant-fix branch December 3, 2024 16:20
@pombredanne pombredanne changed the title Do not report ghost package as a fix for vulnerability VCIO-next: Do not report ghost package as a fix for vulnerability Dec 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TG1999 TG1999 TG1999 approved these changes

Assignees
No one assigned
Labels
3-next
Projects
04-VulnerableCode Data Quality and next
Status: Done
Milestone
v36.0.0 - 3-next
Development

Successfully merging this pull request may close these issues.

"Ghost" package should not be reported as a fix for vulnerability
2 participants
@keshav-space @TG1999