Skip to content

Commit

Permalink
fix: sort "introduced 0" events before any other version
Browse files Browse the repository at this point in the history
  • Loading branch information
@G-Rath
G-Rath committed Aug 17, 2023
1 parent fc2b50a commit 0b21c49
Show file tree
Hide file tree
Showing 2 changed files with 47 additions and 0 deletions.
8 changes: 8 additions & 0 deletions pkg/database/osv.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,14 @@ func (ar AffectsRange) containsVersion(pkg internal.PackageDetails) bool {
a := ar.Events[i]
b := ar.Events[j]

if a.Introduced == "0" {
return true
}

if b.Introduced == "0" {
return false
}

return semantic.MustParse(a.version(), pkg.CompareAs).CompareStr(b.version()) < 0
})

Expand Down
39 changes: 39 additions & 0 deletions pkg/database/osv_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,10 @@ func expectIsAffected(t *testing.T, osv database.OSV, version string, expectAffe
}

if osv.IsAffected(pkg) != expectAffected {
if version == "" {
version = "<empty>"
}

if expectAffected {
t.Errorf("Expected OSV to affect package version %s but it did not", version)
} else {
Expand Down Expand Up @@ -516,6 +520,41 @@ func TestOSV_IsAffected_AffectsWithEcosystem_MultipleAffected(t *testing.T) {

// an empty version should always be treated as affected
expectIsAffected(t, osv, "", true)

// zeros with build strings
osv = buildOSVWithAffected(
database.Affected{
// golang.org/x/sys
Package: database.Package{Ecosystem: lockfile.NpmEcosystem, Name: "my-package"},
Ranges: []database.AffectsRange{
buildEcosystemAffectsRange(
database.RangeEvent{Fixed: "0.0.0-20220412211240-33da011f77ad"},
database.RangeEvent{Introduced: "0"},
),
},
},
database.Affected{
// golang.org/x/net
Package: database.Package{Ecosystem: lockfile.NpmEcosystem, Name: "my-package"},
Ranges: []database.AffectsRange{
buildEcosystemAffectsRange(
database.RangeEvent{Introduced: "0.0.0-20180925071336-cf3bd585ca2a"},
database.RangeEvent{Fixed: "0"},
),
},
},
)

for _, v := range []string{"0.0.0", "0.14.0"} {
expectIsAffected(t, osv, v, false)
}

for _, v := range []string{"0.0.0-20180925071336-cf3bd585ca2a"} {
expectIsAffected(t, osv, v, true)
}

// an empty version should always be treated as affected
expectIsAffected(t, osv, "", true)
}

func TestOSV_IsAffected_AffectsWithEcosystem_PipNamesAreNormalised(t *testing.T) {
Expand Down

0 comments on commit 0b21c49

Please sign in to comment.