Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Fixed_By in API for Packages Endpoint in V2 #1665

Open
TG1999 opened this issue Nov 19, 2024 · 1 comment
Open

Add Fixed_By in API for Packages Endpoint in V2 #1665

TG1999 opened this issue Nov 19, 2024 · 1 comment
Labels
3-next
Milestone
v36.0.0 - 3-next

Comments

@TG1999
Copy link
Contributor

TG1999 commented Nov 19, 2024 

          wrt. https://github.com/aboutcode-org/vulnerablecode/issues/1572#issuecomment-2475578554

... I think we need something a bit different.

We have this today:

    "packages": [
        {
            "purl": "pkg:pypi/[email protected]",
            "affected_by_vulnerabilities": [
                "VCID-486n-st7z-zqhz"
            ],
            "fixing_vulnerabilities": [],
            "next_non_vulnerable_version": "4.3",
            "latest_non_vulnerable_version": "5.2"
        }
    ]

Are we missing a "fixed by" that is just for a vulnerability-package?
May be something like that?

    "packages": [
        {
            "purl": "pkg:pypi/[email protected]",
            "affected_by_vulnerabilities": [
                {
                "vulnerability_id": "VCID-486n-st7z-zqhz",
                "fixed_by_package": "pkg:pypi/[email protected]",
                }
            ],
            "fixing_vulnerabilities": [],
            "next_non_vulnerable_package": "4.3",
            "latest_non_vulnerable_package": "5.2"
        }
    ]

with these definitions:

  • fixed_by_package: a PURL for the first version that is fixing just one vulnerability
  • next_non_vulnerable_package: a PURL for the first version that is non vulnerable to any vulnerability
  • latest_non_vulnerable_package: a PURL for the latest version that is non vulnerable to any vulnerability

Question: would this reintroduce nesting?

Originally posted by @pombredanne in #1572 (comment)
@TG1999 TG1999 changed the title Add Fixed_By in API for Packages Endpoint Add Fixed_By in API for Packages Endpoint in V2 Nov 19, 2024
@TG1999 TG1999 added the 3-next label Nov 19, 2024
@TG1999 TG1999 added this to the v36.0.0 - 3-next milestone Nov 19, 2024
@TG1999
Copy link
Contributor Author

TG1999 commented Nov 20, 2024

Screenshot from 2024-11-20 13-22-32
How does this look @pombredanne @tdruez

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
3-next
Projects
None yet
Milestone
v36.0.0 - 3-next
Development

No branches or pull requests
1 participant
@TG1999