You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue is just a rough note about various scenarios our import code needs to handle. Should be translated to automated tests eventually.
both new
a new vulnerability has been found.
the data source emits a package (with impacted and resolved versions) and a vulnerability which both do not exist in the database yet.
the expected outcome is (bulk inserted) new entries for packages and vulnerabilities
new package, existing vulnerability
an existing vulnerability has been found to impact a package that was previously considered unaffected.
the data source emits a new package (with impacted and resolved versions) for a vulnerability that already exists in the database.
the expected outcome is (bulk inserted) new entries for packages linked to the existing vulnerability
existing package, existing vulnerability, fixed version is new
a vulnerability and an affected package version are known and a new version with a fix has been published.
the data source emits a new (fixed) version for an already existing package and an already existing vulnerability.
the expected outcome is a (bulk inserted) new entry in Package for the new version and a new entry in ResolvedPackage linking it to the existing vulnerability.
existing package, existing vulnerability, more info about vulnerability
an existing security advisory is updated with more information; the vulnerability got a more detailed description.
the data source emits a package (with impacted and resolved versions) and a vulnerability that both already exist in the database.
th expected outcome is an update to the stored vulnerability, adding the detailed description.
CVE ID added to existing advisory
an existing advisory is updated with a newly issued CVE ID for the vulnerability.
tricky...
The text was updated successfully, but these errors were encountered:
This issue is just a rough note about various scenarios our import code needs to handle. Should be translated to automated tests eventually.
both new
a new vulnerability has been found.
the data source emits a package (with impacted and resolved versions) and a vulnerability which both do not exist in the database yet.
the expected outcome is (bulk inserted) new entries for packages and vulnerabilities
new package, existing vulnerability
an existing vulnerability has been found to impact a package that was previously considered unaffected.
the data source emits a new package (with impacted and resolved versions) for a vulnerability that already exists in the database.
the expected outcome is (bulk inserted) new entries for packages linked to the existing vulnerability
existing package, existing vulnerability, fixed version is new
a vulnerability and an affected package version are known and a new version with a fix has been published.
the data source emits a new (fixed) version for an already existing package and an already existing vulnerability.
the expected outcome is a (bulk inserted) new entry in Package for the new version and a new entry in ResolvedPackage linking it to the existing vulnerability.
existing package, existing vulnerability, more info about vulnerability
an existing security advisory is updated with more information; the vulnerability got a more detailed description.
the data source emits a package (with impacted and resolved versions) and a vulnerability that both already exist in the database.
th expected outcome is an update to the stored vulnerability, adding the detailed description.
CVE ID added to existing advisory
an existing advisory is updated with a newly issued CVE ID for the vulnerability.
tricky...
The text was updated successfully, but these errors were encountered: