fix(local): ignore common protocols and .git suffix when checking if an advisory affects a git repository
#2305
Conversation
| // | ||
| // Specifically, common protocols are removed from the start of the url and the | ||
| // ".git" suffix if present | ||
| func NormalizeRepo(repo string) string { |
There was a problem hiding this comment.
OSV.dev is a bit more aggressive when normalizing (removing all schemes, and trimming any possible trailing slashes) but I'm happy to do it more explicitly like you've done here.
I don't think there's any functional difference - I doubt we have any non-http(s)/git URLs in OSV.
There was a problem hiding this comment.
yeah I did it like this because in Go url.Parse returns an error which'd be really awkward to try handle here, so using TrimPrefix lets me avoid that (+ alternatively panicing) 😅
a79711c to
94f3ae7
Compare
94f3ae7 to
840ef6d
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #2305 +/- ##
==========================================
+ Coverage 67.94% 67.95% +0.01%
==========================================
Files 172 172
Lines 12811 12816 +5
==========================================
+ Hits 8704 8709 +5
Misses 3436 3436
Partials 671 671 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This matches the behaviour of the API, as implemented in google/osv.dev#3986 - there is also discussion of potentially normalizing for case but that is currently not being done by us anywhere and something we might only want to do for domains we know are case-insensitive like github.com and gitlab.com.
Resolves #2291