Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add more metadata #33

Merged
merged 19 commits into from
Sep 28, 2023
Merged

Add more metadata #33

merged 19 commits into from
Sep 28, 2023

Conversation

wtwhite
Copy link
Collaborator

@wtwhite wtwhite commented Sep 28, 2023

Gets most of the way to resolving #24. After this, the only remaining CVE without a corresponding pov-project.json file is CVE-2019-0225, tracked in #32.

@wtwhite
Generated pov-project.json
2f64554
@wtwhite
Add fixVersion
645e153
@wtwhite
Generated pov-project.json for CVE-2016-7051
ddee64e
@wtwhite
Added fixVersion based on the README
9467198
@wtwhite
Generated pov-project.json for CVE-2017-15717
f81293d
@wtwhite
Added fixVersion based on the README
de10f81
@wtwhite
Generated pov-project.json for CVE-2017-18349
9f4ef98
@wtwhite
Add fixVersion based on the README
da63300
@wtwhite
Generated pov-project.json for CVE-2018-10237
a844da4
@wtwhite
Increase vulnerable version in pom.xml to 24.1-jre, and add fixVersio…
850d9b1 
…n, based on `mvn clean test`

fixVersion based on https://nvd.nist.gov/vuln/detail/cve-2018-10237. "-jre" appended based on Guava release naming scheme described at https://github.com/google/guava#adding-guava-to-your-build.
@wtwhite
Generated pov-project.json for CVE-2021-44228
4378802
@wtwhite
Add fixVersion based on the README
7c55d36
@wtwhite
Generated pov-project.json for CVE-2022-38749
f6495a4
@wtwhite
Increase vulnerable version in pom.xml to 1.30, and add fixVersion, b…
7f5aaac 
…ased on `mvn clean test`

fixVersion based on comment at https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open.
@wtwhite
Generated pov-project.json for CVE-2022-42889
a246f30
@wtwhite
Add fixVersion based on https://nvd.nist.gov/vuln/detail/cve-2022-42889
3e5e551 
… and manual confirmation with `mvn clean test`
@wtwhite
Generated pov-project.json for CVE-2022-45688
841469d
@wtwhite
Add fixVersion based on testing next available version at https://cen…
304d38b 
…tral.sonatype.com/artifact/org.json/json/versions with `mvn clean test`
@wtwhite
Remove redundant mvn_clean_test.exitstatus files
4f84981 
Their info is now in `testSignalWhenVulnerable`:
```
wtwhite@wtwhite-vuw-vm:~/code/xshady$ for d in CVE-*; do if [ -e $d/pov-project.json ]; then echo -n `cat $d/mvn_clean_test.exitstatus`' '; grep testSignalWhenVulnerable $d/pov-project.json; fi; done|sort|uniq -c
     13 0   "testSignalWhenVulnerable": "success",
     15 1   "testSignalWhenVulnerable": "failure",
```
@wtwhite wtwhite self-assigned this Sep 28, 2023
@wtwhite wtwhite merged commit 3cc5046 into main Sep 28, 2023
2 checks passed
@wtwhite wtwhite deleted the add-more-metadata branch September 28, 2023 02:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@wtwhite wtwhite

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@wtwhite