Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Allow hyphen in version string #3021

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
willmurphyscode merged 1 commit into from
Oct 28, 2025
Merged

Allow hyphen in version string #3021

willmurphyscode merged 1 commit into from
Oct 28, 2025

Conversation

@willmurphyscode
Copy link
Contributor

@willmurphyscode willmurphyscode commented Oct 28, 2025

Previously, @ and : were allowed between the id and the version on --distro, but not '-'. However, - is in the PURLs in the distro parameter, and it surprises people when they cannot pass it to --distro. Also, consolidate and unit test the function that parses distro hint strings.

before:

❯ grype db search --pkg curl --distro debian-11
[0000] ERROR unable to get affected packages for any: OS not present
❯ grype "pkg:deb/[email protected]" --distro debian-11
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
No vulnerabilities found

after:

❯ go run ./cmd/grype db search --pkg curl --distro debian-11
VULNERABILITY     PACKAGE  ECOSYSTEM  NAMESPACE                VERSION CONSTRAINT
CVE-2003-1605     curl     deb        debian:distro:debian:11  < 7.10.7-1
CVE-2005-0490     curl     deb        debian:distro:debian:11  < 7.13.0-2
CVE-2005-3185     curl     deb        debian:distro:debian:11  < 7.15.0-1
... snip
❯ go run ./cmd/grype "pkg:deb/[email protected]" --distro debian-11
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]
   ├── by severity: 2 critical, 13 high, 20 medium, 4 low, 1 negligible
NAME     INSTALLED  FIXED IN          TYPE  VULNERABILITY   SEVERITY    EPSS           RISK
openssl  1.1.1      1.1.1n-0+deb11u4  deb   CVE-2023-0286   High        88.8% (99th)   66.1
openssl  1.1.1      1.1.1n-0+deb11u5  deb   CVE-2023-2650   Medium      88.2% (99th)   50.7
... snip ...

@willmurphyscode
Allow hyphen in version string
d2fcf6d 
Previously, @ and : were allowed between the id and the version on
--distro, but not '-'. However, - is in the PURLs in the distro
parameter, and it surprises people when they cannot pass it to --distro.
Also, consolidate and unit test the function that parses distro hint
strings.

Signed-off-by: Will Murphy <[email protected]>
kzantow
kzantow approved these changes Oct 28, 2025
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM -- unifying parsing here is 👍

@willmurphyscode willmurphyscode added the enhancement New feature or request label Oct 28, 2025
@willmurphyscode willmurphyscode moved this to In Review in OSS Oct 28, 2025
@willmurphyscode willmurphyscode merged commit f4e97aa into main Oct 28, 2025
12 checks passed
@willmurphyscode willmurphyscode deleted the hyphen-in-distro-option branch October 28, 2025 15:30
@github-project-automation github-project-automation bot moved this from In Review to Done in OSS Oct 28, 2025
@BrewTestBot BrewTestBot mentioned this pull request Nov 3, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kzantow kzantow kzantow approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

OSS
Archived in project

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@willmurphyscode @kzantow