-
-
Notifications
You must be signed in to change notification settings - Fork 571
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix: Component get deleted in update for Internal Vuln #4193
Fix: Component get deleted in update for Internal Vuln #4193
Conversation
Signed-off-by: Thomas Schauer-Köckeis <[email protected]>
Again only trivy tests failed. Is there a way of caching the docker container on the machine which runs the workflow? This would help with not always pulling the image for every test run |
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferencesCodacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more Footnotes
|
Thanks @Gepardgame! Could you please add a test to |
I am currently working on it, but have a issue, cause I cannot run the test, cause the Test class starts like this: |
I suggest adding a test to VulnerabilityResourceTest instead, because performing the update via REST API covers the entire use-case and thus gives more assurance than a narrowly-scoped unit test in VulnerabilityQueryManagerTest. |
I found a bug in my implementation, but I don't have time anymore today to fix it. I'm sorry, but will do it tomorrow. |
No problem @Gepardgame, we can release tomorrow, too. Worst case I can pick it up, in that case please let me know what bug you found. |
The bug is that the affectedComponents get duplicated, but without the AffectedVersionAttribution. The original is the same with the AffectedVersionAttribution. In the gui you don't see it, cause it only shows, if there is a AffectedVersionAttribution, but in the spi directly you can see it. |
Thanks, I might take this over then later today. Thanks for working on it! |
Thanks. No Problem. Should I upload the test? It does not work yet, but then you don't need to start from scratch for that. |
skip ci Signed-off-by: Thomas Schauer-Köckeis <[email protected]>
Superseded by #4208 |
Description
Now you can update a internal Vulnerability without getting the affected components deleted.
Addressed Issue
Fixes #4175
Additional Details
N/A
Checklist
- [ ] This PR implements an enhancement, and I have provided tests to verify that it works as intended- [ ] This PR introduces changes to the database model, and I have added corresponding update logic- [ ] This PR introduces new or alters existing behavior, and I have updated the documentation accordingly