Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add downloadLocation URI validation #3697

Merged
merged 5 commits into from
Mar 6, 2025
Merged

Add downloadLocation URI validation #3697

merged 5 commits into from
Mar 6, 2025
+574 −65

Conversation

stgrace
Copy link
Contributor

@stgrace stgrace commented Feb 28, 2025

Description

Please include a summary of the changes along with any relevant motivation and context,
or link to an issue where this is explained.

Type of change

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • I have added unit tests that cover changed behavior
  • I have tested my code in common scenarios and confirmed there are no regressions
  • I have added comments to my code, particularly in hard-to-understand sections

Sorry, something went wrong.

@stgrace
Add downloadLocation URI validation
Loading
Loading status checks…
beb4bd3 
Signed-off-by: Stef Graces <stefgraces@hotmail.com>
@stgrace
Copy link
Contributor Author

stgrace commented Feb 28, 2025

Attempted same command with changes from issue #3696, which sets it to NOASSERTION because of the validation issue

{
            "name": "@isaacs/cliui",
            "SPDXID": "SPDXRef-Package-npm--isaacs-cliui-7026ea92955de2ad",
            "versionInfo": "8.0.2",
            "supplier": "Person: Ben Coe (ben@npmjs.com)",
            "originator": "Person: Ben Coe (ben@npmjs.com)",
            "downloadLocation": "NOASSERTION",
            "filesAnalyzed": false,
            "sourceInfo": "acquired package info from installed node module manifest file: /usr/local/lib/node_modules/npm/node_modules/@isaacs/cliui/package.json",
            "licenseConcluded": "NOASSERTION",
            "licenseDeclared": "ISC",
            "copyrightText": "NOASSERTION",
            "description": "easily create complex multi-column command-line-interfaces",
            "externalRefs": [
                {
                    "referenceCategory": "SECURITY",
                    "referenceType": "cpe23Type",
                    "referenceLocator": "cpe:2.3:a:\\@isaacs\\/cliui:\\@isaacs\\/cliui:8.0.2:*:*:*:*:*:*:*"
                },
                {
                    "referenceCategory": "PACKAGE-MANAGER",
                    "referenceType": "purl",
                    "referenceLocator": "pkg:npm/%40isaacs/cliui@8.0.2"
                }
            ]
        }

@stgrace
Update function names
Loading
Loading status checks…
d411a32 
Signed-off-by: Stef Graces <stefgraces@hotmail.com>
@stgrace stgrace force-pushed the validate-download-location-uri branch from 546541f to d411a32 Compare February 28, 2025 13:51
kzantow
kzantow previously approved these changes Feb 28, 2025
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thanks very much @stgrace !

@kzantow
Copy link
Contributor

kzantow commented Feb 28, 2025
edited
Loading

Argh, I spoke too soon; it looks like we need some snapshots and other tests updated, but I think the core change here is the right thing. I can help with this, also fine if you'd like to do it.

make lint-fix should help the static analysis issue(s), but the naming it probably won't help with.

@kzantow kzantow dismissed their stale review February 28, 2025 15:50

I may have been hasty to think about the nuance between NONE and NOASSERTION

@stgrace
Fixes for make lint-fix + Changes to when NONE and NOASSERTION in dow…
Loading
Loading status checks…
0227321 
…nloadLocation

Signed-off-by: Stef Graces <stefgraces@hotmail.com>
kzantow
kzantow approved these changes Mar 6, 2025
View reviewed changes
Copy link
Contributor

@kzantow kzantow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this makes a lot of sense, thanks much @stgrace!

@kzantow
Merge remote-tracking branch 'origin/main' into validate-download-loc…

Verified

This commit was signed with the committer’s verified signature.
kzantow Keith Zantow
GPG key ID: 735988DA57708682
Verified
Learn about vigilant mode
Loading
Loading status checks…
26f5332 
…ation-uri
@wagoodman wagoodman enabled auto-merge (squash) March 6, 2025 14:14
@kzantow
chore: disable SA4023 from linting

Verified

This commit was signed with the committer’s verified signature.
kzantow Keith Zantow
GPG key ID: 735988DA57708682
Verified
Learn about vigilant mode
Loading
Loading status checks…
a651ffb 
Signed-off-by: Keith Zantow <kzantow@gmail.com>
@wagoodman wagoodman merged commit 694eec4 into anchore:main Mar 6, 2025
12 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Mar 17, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kzantow kzantow

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Download location is not a valid URI
3 participants
@stgrace @kzantow @wagoodman