Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add for known bad CPE field combinations for jenkins package #405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 22, 2021
Merged

Add for known bad CPE field combinations for jenkins package #405

merged 1 commit into from
Apr 22, 2021

Conversation

@wagoodman
Copy link
Contributor

This adds a filter to eliminate guesses that would result in matching jenkins server without having a package name that minimally reflects this.

Additionally updates the jira filter to consider wfn.Any vendor values.

@wagoodman wagoodman added the enhancement New feature or request label Apr 22, 2021
@wagoodman wagoodman requested a review from a team April 22, 2021 19:02
@wagoodman wagoodman self-assigned this Apr 22, 2021
@wagoodman wagoodman force-pushed the add-jenkins-filter branch from a6b630d to 00c3ab4 Compare April 22, 2021 19:03
@github-actions
Copy link

github-actions bot commented Apr 22, 2021
edited
Loading

Benchmark Test Results

Benchmark results from the latest changes vs base branch 
name                                                   time/op
ImagePackageCatalogers/ruby-gemspec-cataloger-2         886µs ± 2%
ImagePackageCatalogers/python-package-cataloger-2      1.20ms ± 2%
ImagePackageCatalogers/javascript-package-cataloger-2   459µs ± 4%
ImagePackageCatalogers/dpkgdb-cataloger-2               442µs ± 3%
ImagePackageCatalogers/rpmdb-cataloger-2                469µs ± 2%
ImagePackageCatalogers/java-cataloger-2                6.08ms ± 2%
ImagePackageCatalogers/apkdb-cataloger-2                667µs ± 5%
ImagePackageCatalogers/go-cataloger-2                   227µs ± 2%
ImagePackageCatalogers/rust-cataloger-2                 364µs ± 2%

name                                                   alloc/op
ImagePackageCatalogers/ruby-gemspec-cataloger-2        97.5kB ± 0%
ImagePackageCatalogers/python-package-cataloger-2       579kB ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2   112kB ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2               115kB ± 0%
ImagePackageCatalogers/rpmdb-cataloger-2                134kB ± 0%
ImagePackageCatalogers/java-cataloger-2                1.78MB ± 0%
ImagePackageCatalogers/apkdb-cataloger-2               1.14MB ± 0%
ImagePackageCatalogers/go-cataloger-2                  48.4kB ± 0%
ImagePackageCatalogers/rust-cataloger-2                88.9kB ± 0%

name                                                   allocs/op
ImagePackageCatalogers/ruby-gemspec-cataloger-2         1.96k ± 0%
ImagePackageCatalogers/python-package-cataloger-2       5.88k ± 0%
ImagePackageCatalogers/javascript-package-cataloger-2   1.93k ± 0%
ImagePackageCatalogers/dpkgdb-cataloger-2               2.37k ± 0%
ImagePackageCatalogers/rpmdb-cataloger-2                3.19k ± 0%
ImagePackageCatalogers/java-cataloger-2                 22.3k ± 0%
ImagePackageCatalogers/apkdb-cataloger-2                1.85k ± 0%
ImagePackageCatalogers/go-cataloger-2                   1.40k ± 0%
ImagePackageCatalogers/rust-cataloger-2                 2.74k ± 0%

@wagoodman wagoodman force-pushed the add-jenkins-filter branch from 00c3ab4 to ae55e5d Compare April 22, 2021 19:29
@wagoodman wagoodman force-pushed the add-jenkins-filter branch from ae55e5d to 18af21d Compare April 22, 2021 19:52
@wagoodman wagoodman enabled auto-merge April 22, 2021 19:52
luhring
luhring approved these changes Apr 22, 2021
View reviewed changes
syft/pkg/cataloger/cpe.go
// jira / atlassian should not apply to clients
if cpe.Vendor == "atlassian" && cpe.Product == "jira" && strings.Contains(p.Name, "client") {
return true
if cpe.Product == "jira" && strings.Contains(strings.ToLower(p.Name), "client") {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Now that we're amassing some nontrivial, specialized rules in our list of filterFn, it would be nice to codify these as named functions that get referenced here in this list. But I'm making this a "nit" due to the context of our CPE implementation future

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agreed with the long term approach, and held off for similar considerations 👍

@wagoodman wagoodman merged commit 1632fdd into main Apr 22, 2021
@wagoodman wagoodman deleted the add-jenkins-filter branch April 22, 2021 19:56
GijsCalis pushed a commit to GijsCalis/syft that referenced this pull request Feb 19, 2024
@wagoodman
Merge pull request anchore#405 from anchore/add-jenkins-filter
1233d43 
Add for known bad CPE field combinations for jenkins package
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@luhring luhring luhring approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@wagoodman wagoodman

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wagoodman @luhring