Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix various minor bugs in vulnerability policy evaluation #503

Merged
merged 3 commits into from
Dec 21, 2023
Merged

Fix various minor bugs in vulnerability policy evaluation #503

merged 3 commits into from
Dec 21, 2023

Conversation

nscuro
Copy link
Member

@nscuro nscuro commented Dec 20, 2023

Description

Fix various minor bugs in vulnerability policy evaluation:

  • Determining whether a field needs to be loaded from the database failed for Protobuf fields which are repeated and non-empty
  • Converting VulnerabilityAliases to policy Protobufs failed because alias objects were not detached from the persistence context
  • Synchronized VulnerabilityAliases did not end up getting passed to the policy evaluator, which in case a policy tried to access aliases triggered, necessitated a database query to load them prior to evaluation

I also refactored VulnerabilityScanResultProcessorTest to use an actual VulnerabilityPolicyEvaluator instead of a mocked one. Mocking it made it impossible to test the end-to-end process properly.

Addressed Issue

N/A

Additional Details

N/A

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have added corresponding update logic
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@nscuro nscuro added the defect Something isn't working label Dec 20, 2023
mehab
mehab approved these changes Dec 21, 2023
View reviewed changes
Copy link
Collaborator

@mehab mehab left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@VithikaS VithikaS merged commit 327b4a5 into main Dec 21, 2023
6 checks passed
@VithikaS VithikaS deleted the vuln-policy-fixes-2 branch December 21, 2023 09:48
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jan 20, 2024
@nscuro nscuro added this to the 5.3.0 milestone Feb 7, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@VithikaS VithikaS VithikaS approved these changes

@mehab mehab mehab approved these changes

Assignees
No one assigned
Labels
defect Something isn't working
Projects
None yet
Milestone
5.3.0
Development

Successfully merging this pull request may close these issues.
3 participants
@nscuro @mehab @VithikaS