Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixing issue #373 related to modified-files argument #375

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

SimoneScalco
Copy link

Fix for issue #373 related to the usage of modified files.

The usage of modified-files generated an AttributeError when creating an advisory record in build_advisory_record(...).
This easy fix changes the datamodel/advisory.py file. More specifically, it was necessary to change this part of the code:

...
if modified_files and len(modified_files) > 0:
    advisory_record.files.update(set(modified_files.split(",")))
...

Since modified_files is already a set at that point of the code, I changed it to:

...
if modified_files and len(modified_files) > 0:
    advisory_record.files.update(modified_files)
...

I checked other parts of the source code in which modified_files is used. Consequently, I also changed the type annotation related to modified_files in build_advisory_record(...).
As an example, I tested again several different samples. For instance, for CVE-2021-40690 (the same sample posted in the issue) I tested again the following command:

python cli/main.py CVE-2021-40690 --repository https://github.com/apache/santuario-xml-security-java --use-nvd --version-interval 2.2.2:2.2.3 --modified-files KeyInfo,KeyReferenceInfo,RetrievalMethod --use-backend=never --filter-extensions=java

After the fix Prospector correctly processes the modified-files argument and provides a report (the report includes all the files that have been specified manually):

Initialization   [OK]
Processing advisory   [OK]
Git repository cloning   [OK]
  Fixing commit found in the advisory references

Candidate filtering
   [OK]

Processing commits: 100%|███████████████████████████████████████████████████████████████████████████████████████████████| 12/12 [00:03<00:00,  3.07commit/s]
  [OK]
Candidate analysis   [OK]
[OK]
Generating report
   Report saved in prospector-report   [OK]
  Execution time: 19.010s

@cla-assistant
Copy link

cla-assistant bot commented Jul 16, 2023

CLA assistant check
All committers have signed the CLA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants