Skip to content

hash:feature - new hash format and handle the future depreciations#996

Merged
wiliansilvazup merged 1 commit into
mainfrom
feature/vulnerability-new-fields
Feb 25, 2022
Merged

hash:feature - new hash format and handle the future depreciations#996
wiliansilvazup merged 1 commit into
mainfrom
feature/vulnerability-new-fields

Conversation

@nathanmartinszup
Copy link
Copy Markdown
Contributor

@nathanmartinszup nathanmartinszup commented Feb 18, 2022
edited
Loading

Currently cli generates very volatile hashes, any commit, description
changes will change the hash, wich is a problem to the vulnerabilities
management. This pull request changes the way that we generate the hash
to use only the code, line and file, this way we expect that the hash
will be more estable. In this pull request we also added a tratative to
handle with the future depreciation of the old hashes that we still
consider valid. So all users should update the oldated hashes, the cli
is going to show a warning with the necessary hashes to update and the
new ones.

Signed-off-by: Nathan Martins nathan.martins@zup.com.br

- What I did

- How to verify it

- Description for the changelog

@nathanmartinszup nathanmartinszup force-pushed the feature/vulnerability-new-fields branch 7 times, most recently from aae8b0d to e0944dc Compare February 22, 2022 11:27
@nathanmartinszup
Copy link
Copy Markdown
Contributor Author

nathanmartinszup commented Feb 22, 2022

Depends on: ZupIT/horusec-devkit#159

@nathanmartinszup nathanmartinszup force-pushed the feature/vulnerability-new-fields branch from e0944dc to 3d92cba Compare February 24, 2022 12:02
@nathanmartinszup nathanmartinszup marked this pull request as ready for review February 24, 2022 12:03
matheusalcantarazup
matheusalcantarazup suggested changes Feb 24, 2022
View reviewed changes
Comment thread internal/controllers/analyzer/analyzer.go Outdated
Comment thread internal/controllers/analyzer/analyzer.go Outdated
Comment thread internal/controllers/printresults/print_results.go Outdated
Comment thread internal/utils/vuln_hash/vuln_hash.go Outdated
@nathanmartinszup nathanmartinszup force-pushed the feature/vulnerability-new-fields branch from 3d92cba to 4d411ef Compare February 24, 2022 14:33
@wiliansilvazup wiliansilvazup mentioned this pull request Feb 24, 2022
Merged
@nathanmartinszup nathanmartinszup force-pushed the feature/vulnerability-new-fields branch from 4d411ef to fb39852 Compare February 24, 2022 19:18
@wiliansilvazup wiliansilvazup added the kind/enhancement This issue is related to a new feature or request label Feb 25, 2022
iancardosozup
iancardosozup reviewed Feb 25, 2022
View reviewed changes
Comment thread internal/controllers/analyzer/analyzer.go Outdated
matheusalcantarazup
matheusalcantarazup suggested changes Feb 25, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@matheusalcantarazup matheusalcantarazup left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Its not clear to me why these changes in some formatters are necessary.

Comment thread internal/controllers/analyzer/analyzer.go Outdated
Comment thread internal/services/formatters/csharp/dotnet_cli/formatter.go
Comment thread internal/services/formatters/csharp/dotnet_cli/formatter.go
@nathanmartinszup
hash:feature - new hash format and handle the future depreciations
e941361 
Currently cli generates very volatile hashes, any commit, description
changes will change the hash, wich is a problem to the vulnerabilities
management. This pull request changes the way that we generate the hash
to use only the code, line and file, this way we expect that the hash
will be more estable. In this pull request we also added a tratative to
handle with the future depreciation of the old hashes that we still
consider valid. So all users should update the oldated hashes, the cli
is going to show a warning with the necessary hashes to update and the
new ones.

Signed-off-by: Nathan Martins <nathan.martins@zup.com.br>
@nathanmartinszup nathanmartinszup force-pushed the feature/vulnerability-new-fields branch from fb39852 to e941361 Compare February 25, 2022 15:11
@wiliansilvazup wiliansilvazup merged commit df2e20c into main Feb 25, 2022
@wiliansilvazup wiliansilvazup deleted the feature/vulnerability-new-fields branch February 25, 2022 16:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lucasbrunozup lucasbrunozup Awaiting requested review from lucasbrunozup

3 more reviewers

@iancardosozup iancardosozup iancardosozup left review comments

@wiliansilvazup wiliansilvazup wiliansilvazup approved these changes

@matheusalcantarazup matheusalcantarazup matheusalcantarazup approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@nathanmartinszup nathanmartinszup

Labels

kind/enhancement This issue is related to a new feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@nathanmartinszup @wiliansilvazup @matheusalcantarazup @iancardosozup