Skip to content

fix: skip UNK-* and Re cves #383

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Oct 30, 2025
Merged

fix: skip UNK-* and Re cves #383

merged 4 commits into from
Oct 30, 2025

Conversation

@DmitriyLewen
Copy link
Contributor

@DmitriyLewen DmitriyLewen commented Oct 30, 2025

Description

This PR fixes an issue in the Photon OS vulnerability data processing by skipping unknown CVE entries (UNK-* and Re prefixed entries) that lack version information. The fix prevents processing of incomplete or placeholder CVE entries
that don't provide meaningful vulnerability information.

Changes Made

  • photon/photon.go:90-105: Added logic in saveCVEPerPkg function to skip CVE entries with UNK-* or Re prefixes when both affected version (AffVer) and resolved version (ResVer) are empty or "NA"
  • photon/photon.go:90,112: Updated function signature to use strongly-typed PhotonCVE parameter instead of generic interface{}
  • photon/testdata/: Added test data for CVE-2025-0725 and UNK-1 entries to validate the filtering logic
  • photon/photon_test.go: Updated test expectations to include the new CVE entry that should be processed

The fix ensures that only meaningful CVE entries with proper version information are processed and stored, while filtering out placeholder or incomplete entries that don't provide actionable vulnerability data.

Examples of these CVEs - aquasecurity/vuln-list@80e4c49#diff-e615c72b692e17b1c1fe08855e258663dd189530fa880d0b7c47a88a4cb7f5d6

Test pipeline run

@DmitriyLewen DmitriyLewen self-assigned this Oct 30, 2025
@DmitriyLewen DmitriyLewen marked this pull request as ready for review October 30, 2025 09:09
Copilot AI reviewed Oct 30, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds filtering logic to skip unknown CVE entries (prefixed with "UNK-" or "Re") that lack version information (both affected and resolved versions are empty or "NA"). The change improves type safety by updating the function signature from interface{} to PhotonCVE, and includes test data for the new filtering behavior.

  • Added skip logic for unknown CVE entries without version information
  • Changed function parameter type from interface{} to PhotonCVE for type safety
  • Added test data for CVE-2025-0725 (valid CVE with NA versions) and UNK-1 (unknown CVE to be filtered)

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
photon/photon.go Implemented filtering logic and improved type safety in saveCVEPerPkg
photon/testdata/cve_data_photon3.0.json Added test entries for UNK-1 and CVE-2025-0725
photon/testdata/golden/CVE-2025-0725.json Added expected output for CVE-2025-0725
photon/photon_test.go Updated test expectations to include CVE-2025-0725 golden file

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@DmitriyLewen DmitriyLewen merged commit b94f157 into aquasecurity:main Oct 30, 2025
2 checks passed
@DmitriyLewen DmitriyLewen deleted the fix/photon-incorrect-cveid branch October 30, 2025 10:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@knqyf263 knqyf263 knqyf263 approved these changes

Assignees

@DmitriyLewen DmitriyLewen

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DmitriyLewen @knqyf263