Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Advisory.Ecosystem to support GHC's advisory #213

Merged
merged 7 commits into from
Jul 30, 2024
Merged

Add Advisory.Ecosystem to support GHC's advisory #213

merged 7 commits into from
Jul 30, 2024

Conversation

TristanCacqueray
Copy link
Collaborator

This change adds a new OOB to pass the Ecosystem value from the advisory path.

Fixes #212

@TristanCacqueray
Copy link
Collaborator Author

I am not sure what to do with the advisory schema. Presently, this assumes the GHC component will be set as the affected.package in the front-matter, but perhaps we should also change the schema to support affected.component instead? Though, we don't have the OOB when parsing the advisory...

@TristanCacqueray TristanCacqueray force-pushed the advisory-ecosystem branch 3 times, most recently from 7fd81cc to 1a78489 Compare June 27, 2024 21:17
@TristanCacqueray TristanCacqueray force-pushed the advisory-ecosystem branch 2 times, most recently from 07a8fb6 to aef7bcb Compare July 3, 2024 00:12
@TristanCacqueray TristanCacqueray mentioned this pull request Jul 10, 2024
Open
@TristanCacqueray TristanCacqueray force-pushed the advisory-ecosystem branch 2 times, most recently from 247ca97 to 9087fcb Compare July 20, 2024 03:55
@TristanCacqueray
Copy link
Collaborator Author

Thank you for the review @frasertweedale , I've updated the PR accordingly.

frasertweedale
frasertweedale reviewed Jul 20, 2024
View reviewed changes
Copy link
Collaborator

@frasertweedale frasertweedale left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@TristanCacqueray thank you for the quick turnaround. I have just a couple more small suggestions.

code/hsec-tools/src/Security/Advisories/Format.hs Outdated Show resolved Hide resolved
code/hsec-core/src/Security/Advisories/Core/Advisory.hs Outdated Show resolved Hide resolved
@blackheaven blackheaven mentioned this pull request Jul 21, 2024
Open
@frasertweedale frasertweedale mentioned this pull request Jul 26, 2024
Open
2 tasks
TristanCacqueray and others added 6 commits July 30, 2024 18:19
@TristanCacqueray @frasertweedale
Add Advisory.Ecosystem to support GHC's advisory
2b1ba8d 
This change updates the affected schema to support GHC ecosystem
with the "ghc-component" key.
This change also implements a new OOB attribute to validate that
the advisory path matchs at least one affected.
@TristanCacqueray @frasertweedale
Rebase Advisory.Ecosystem change
88b026b
@TristanCacqueray @frasertweedale
Rename Ecosystem into ComponentIdentifier
8ee041e
@TristanCacqueray @frasertweedale
Add extra GHCComponents
0840d71
@TristanCacqueray @frasertweedale
Make GHCComponent match the command name and improve the error message
0292b2a
@frasertweedale
improve GHCComponent parse errors
2a09d02
@frasertweedale
Copy link
Collaborator

@TristanCacqueray I rebased this PR on latest main (rebase was clean) and pushed one additional commit, which updates the GHCComponent parsing to distinguish these error cases and return a more specific error message:

  • ghc-component is not a TOML text value
  • ghc-comopnent is a TOML text value, but the value is not recognised

If you are happy with these changes, then I think it's good to merge.

@TristanCacqueray
Copy link
Collaborator Author

@frasertweedale looks good to me, thanks!

@frasertweedale frasertweedale merged commit 801740e into haskell:main Jul 30, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frasertweedale frasertweedale frasertweedale left review comments

@blackheaven blackheaven blackheaven approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Handle ghc (non hackage) advisories
3 participants
@TristanCacqueray @frasertweedale @blackheaven