Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for DPKG (Debian) parser #168

Merged
merged 10 commits into from
Feb 20, 2023
Merged

Support for DPKG (Debian) parser #168

merged 10 commits into from
Feb 20, 2023

Conversation

cmaritan
Copy link
Contributor

As discussed in #164 here, this PR adds supports for DPKG parsing.
Structure is similar to APK parser.

@cmaritan cmaritan mentioned this pull request Jan 27, 2023
Closed
@another-rex another-rex requested a review from G-Rath January 31, 2023 23:23
@KoenDG
Copy link

KoenDG commented Feb 2, 2023

Just want to chime in this would be very useful

@G-Rath G-Rath mentioned this pull request Feb 2, 2023
Merged
G-Rath
G-Rath approved these changes Feb 2, 2023
View reviewed changes
Copy link
Collaborator

@G-Rath G-Rath left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good! just got one comment about a doc comment :)

oliverchang
oliverchang reviewed Feb 8, 2023
View reviewed changes
Copy link
Collaborator

@oliverchang oliverchang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the contribution! Apologies for the delay in reviewing this.

@cmaritan
Copy link
Contributor Author

cmaritan commented Feb 8, 2023
edited
Loading

I also realized that my current parser version is "too aggressive" and can lead to potential false positives.
Status: field is ignored but it can also indicate (rarely I think) that a package is not in installed state.
Will skip everything not in installed or "wanted installed" state in PR update.

@cmaritan
Copy link
Contributor Author

cmaritan commented Feb 12, 2023
edited
Loading

Hello @oliverchang , now my PR:

  1. For package Name use Source field if present otherwise use Package value (e.g. sudo package)
  2. For package Version use Source value between parenthesis if present otherwise uses Version field
  3. Skip any package that is in not-installed or config-files states, so we are sure that package is not active in the system

another-rex
another-rex approved these changes Feb 17, 2023
View reviewed changes
Copy link
Collaborator

@another-rex another-rex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just some minor nits.

@cmaritan
Copy link
Contributor Author

Thank you @another-rex , committed suggested changes.

@another-rex another-rex merged commit fb4d2c4 into google:main Feb 20, 2023
@cmaritan cmaritan mentioned this pull request Feb 20, 2023
Merged
oliverchang pushed a commit that referenced this pull request Feb 20, 2023
@cmaritan
Nits - APK installed optimizations (#227)
abaf302 
Hello,

ported to APK installed parser common optimizations already merged for
DPKG in #168.
Additionally, a couple of staticcheck linter errors have been corrected
(I think!).
I saw the comments here:
https://github.com/google/osv-scanner/blob/fb4d2c4d8e4e59961db70121e31870593e045a4e/pkg/osvscanner/osvscanner.go#L39-L43
but after my change both lints and tests are ok so it's not clear to me
if comments are now out of date or if I'm missing something!

Comments have been introduced in #149.

Thank you,
Regards.
@cmaritan cmaritan deleted the dpkg-status branch February 20, 2023 23:07
@KoenDG KoenDG mentioned this pull request Feb 25, 2023
Closed
hayleycd pushed a commit that referenced this pull request Mar 9, 2023
@cmaritan @another-rex
@G-Rath @hayleycd
Support for DPKG (Debian) parser (#168)
bf6ab52 
As discussed in #164
[here](#164 (comment)),
this PR adds supports for DPKG parsing.
Structure is similar to APK parser.

---------

Co-authored-by: Rex P <[email protected]>
Co-authored-by: Gareth Jones <[email protected]>
hayleycd pushed a commit that referenced this pull request Mar 9, 2023
@cmaritan @hayleycd
Nits - APK installed optimizations (#227)
2191000 
Hello,

ported to APK installed parser common optimizations already merged for
DPKG in #168.
Additionally, a couple of staticcheck linter errors have been corrected
(I think!).
I saw the comments here:
https://github.com/google/osv-scanner/blob/fb4d2c4d8e4e59961db70121e31870593e045a4e/pkg/osvscanner/osvscanner.go#L39-L43
but after my change both lints and tests are ok so it's not clear to me
if comments are now out of date or if I'm missing something!

Comments have been introduced in #149.

Thank you,
Regards.
julieqiu pushed a commit to julieqiu/osv-scanner that referenced this pull request May 2, 2023
@cmaritan @another-rex
@G-Rath @julieqiu
Support for DPKG (Debian) parser (google#168)
97dd9df 
As discussed in google#164
[here](google#164 (comment)),
this PR adds supports for DPKG parsing.
Structure is similar to APK parser.

---------

Co-authored-by: Rex P <[email protected]>
Co-authored-by: Gareth Jones <[email protected]>
julieqiu pushed a commit to julieqiu/osv-scanner that referenced this pull request May 2, 2023
@cmaritan @julieqiu
Nits - APK installed optimizations (google#227)
45ef51c 
Hello,

ported to APK installed parser common optimizations already merged for
DPKG in google#168.
Additionally, a couple of staticcheck linter errors have been corrected
(I think!).
I saw the comments here:
https://github.com/google/osv-scanner/blob/fb4d2c4d8e4e59961db70121e31870593e045a4e/pkg/osvscanner/osvscanner.go#L39-L43
but after my change both lints and tests are ok so it's not clear to me
if comments are now out of date or if I'm missing something!

Comments have been introduced in google#149.

Thank you,
Regards.
julieqiu pushed a commit to julieqiu/osv-scanner that referenced this pull request May 2, 2023
@cmaritan @another-rex
@G-Rath @julieqiu
Support for DPKG (Debian) parser (google#168)
78f40a0 
As discussed in google#164
[here](google#164 (comment)),
this PR adds supports for DPKG parsing.
Structure is similar to APK parser.

---------

Co-authored-by: Rex P <[email protected]>
Co-authored-by: Gareth Jones <[email protected]>
julieqiu pushed a commit to julieqiu/osv-scanner that referenced this pull request May 2, 2023
@cmaritan @julieqiu
Nits - APK installed optimizations (google#227)
4c5b160 
Hello,

ported to APK installed parser common optimizations already merged for
DPKG in google#168.
Additionally, a couple of staticcheck linter errors have been corrected
(I think!).
I saw the comments here:
https://github.com/google/osv-scanner/blob/fb4d2c4d8e4e59961db70121e31870593e045a4e/pkg/osvscanner/osvscanner.go#L39-L43
but after my change both lints and tests are ok so it's not clear to me
if comments are now out of date or if I'm missing something!

Comments have been introduced in google#149.

Thank you,
Regards.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oliverchang oliverchang oliverchang left review comments

@G-Rath G-Rath G-Rath approved these changes

@another-rex another-rex another-rex approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@cmaritan @KoenDG @oliverchang @G-Rath @another-rex