Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for vulnerabilities with no fix #85

Merged
merged 1 commit into from
Oct 3, 2020
Merged

Add support for vulnerabilities with no fix #85

merged 1 commit into from
Oct 3, 2020

Conversation

arnested
Copy link
Member

@arnested arnested commented Oct 2, 2020
edited
Loading

Sometimes there is no (known) fix for a vulnerability.

Before this fix the code would fail in those situations:

Fatal error: Uncaught TypeError: Typed property GitHubSecurityJira\SecurityAlertIssue::$safeVersion must be string, null used in /opt/ghsec-jira/src/SecurityAlertIssue.php:41

@arnested arnested requested a review from a team October 2, 2020 20:35
@arnested arnested force-pushed the no-fix branch 4 times, most recently from 242ab6d to 1f2f529 Compare October 2, 2020 20:58
rasben
rasben previously approved these changes Oct 2, 2020
View reviewed changes
@arnested arnested requested review from rasben and a team and removed request for rasben October 2, 2020 21:42
@arnested arnested dismissed rasben’s stale review October 2, 2020 21:45

I had to rewrite the fix

@arnested
Add support for vulnerabilities with no fix
e230120 
Sometimes there is no (known) fix for a vulnerability.

Before this fix the code would fail in those situations:
```
Fatal error: Uncaught TypeError: Typed property GitHubSecurityJira\SecurityAlertIssue::$safeVersion must be string, null used in /opt/ghsec-jira/src/SecurityAlertIssue.php:41
```
@arnested arnested merged commit 8012e48 into v1.x Oct 3, 2020
@arnested arnested deleted the no-fix branch October 3, 2020 09:06
xendk
xendk reviewed Oct 5, 2020
View reviewed changes
src/SecurityAlertIssue.php
@@ -91,10 +98,13 @@ public function __construct(array $data)
*/
public function uniqueId(): string
{
// If there is no safe version we use the GHSA ID as identifier.
$identifier = $this->safeVersion ?? $this->id;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This means that if a fix becomes available, it'll create a new ticket. Which is good, but shouldn't this side effect be mentioned in a comment?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea: #89.

arnested added a commit that referenced this pull request Oct 5, 2020
@arnested
Improve documentation of #85
a7a5b7b
@arnested arnested mentioned this pull request Oct 5, 2020
Merged
arnested added a commit that referenced this pull request Oct 6, 2020
@arnested
Merge pull request #89 from reload/doc-fix
e44f9f8 
Improve documentation of #85
This was referenced Jul 1, 2022
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xendk xendk xendk left review comments

@rasben rasben rasben approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@arnested @xendk @rasben