Skip to content

x/vulndb: bad GitHub data breaks GHSA query #52550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
jba opened this issue Apr 25, 2022 · 3 comments
Closed

x/vulndb: bad GitHub data breaks GHSA query #52550

jba opened this issue Apr 25, 2022 · 3 comments
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Milestone
Unreleased

Comments

@jba
Copy link
Contributor

jba commented Apr 25, 2022

The worker's GitHub Security Advisory update process is broken, because there is a bad piece of data in GitHub that causes the GraphSQL query we're running to fail. I filed https://support.github.com/ticket/personal/0/1599280 with GitHub. Meanwhile, I commented out the Severity field in the query.
@jba jba added the NeedsFix The path to resolution is known, but the work has not been done. label Apr 25, 2022
@jba jba self-assigned this Apr 25, 2022
@gopherbot gopherbot added this to the Unreleased milestone Apr 25, 2022
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/402134 mentions this issue: internal/ghsa: remove Vulnerability.Severity from query

gopherbot pushed a commit to golang/vulndb that referenced this issue Apr 25, 2022
@jba
internal/ghsa: remove Vulnerability.Severity from query
2d5ffad 
The GitHub API fails on the Severity field of a particular Security Advisory.
See https://support.github.com/ticket/personal/0/1599280 for details.
Until that is fixed, comment out the Severity field from the query.
That field is a string, so the result will be that some GHSAs in our DB
will have the empty string for their severity. We can always backfill
those later if necessary.

Updates golang/go#52550.

Change-Id: I7df0f8e5cd35a1962cc6ca43c8d9efe1348cc003
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/402134
Run-TryBot: Jonathan Amsterdam <jba@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
@jba
Copy link
Contributor Author

jba commented Apr 27, 2022

GitHub fixed their problem.

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/402614 mentions this issue: internal/ghsa: uncomment Severity

@rsc rsc unassigned jba Jun 22, 2022
@julieqiu julieqiu added the vulncheck or vulndb Issues for the x/vuln or x/vulndb repo label Sep 8, 2022
@golang golang locked and limited conversation to collaborators Sep 8, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsFix The path to resolution is known, but the work has not been done. vulncheck or vulndb Issues for the x/vuln or x/vulndb repo
Projects
Go Security
Status: No status
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@julieqiu @gopherbot @jba