-
Notifications
You must be signed in to change notification settings - Fork 16
test: unified converter tests #1085
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Changes from all commits
bb5d257
92cf113
bff0f14
a1e619c
e39eff1
c93b021
6c9d6d0
5b6ab00
ae7a98d
5eaee03
df06f6d
d459d27
6ef32e1
39ab67e
489f126
fe2153e
ae03a59
eec0323
3d6c505
5611208
f014c0a
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -322,7 +322,7 @@ func buildRemediationAdvice( | |
| upgradePath[1] == dependencyPath[1] | ||
|
|
||
| // Match Legacy logic: check IsUpgradable | ||
| // IsUpgradable = len(vuln.InitiallyFixedInVersions) > 0 | ||
| // IsUpgradable = len(problem.InitiallyFixedInVersions) > 0 | ||
| // Note: IsPatchable is always false in unified workflow (patches not supported) | ||
| isUpgradable := len(problem.InitiallyFixedInVersions) > 0 | ||
|
|
||
|
|
@@ -333,8 +333,9 @@ func buildRemediationAdvice( | |
| return buildOutdatedDependencyMessage(problem.PackageName, actualVersion, ecosystemStr) | ||
| } | ||
| // Return upgrade message when available | ||
| // Note: if isUpgradable but upgradeMessage is empty, we return empty string | ||
| // but that case should be rare since upgradePath is built from InitiallyFixedInVersions | ||
| // Note: if isUpgradable but upgradeMessage is empty (fix exists but no upgrade path available), | ||
| // we return empty string. This is common for deep transitive dependencies where intermediate | ||
| // packages haven't consumed the fixed version yet. | ||
| return upgradeMessage | ||
| } | ||
|
|
||
|
|
@@ -400,7 +401,7 @@ func extractUpgradePackage(dependencyPath []string, finding *testapi.FindingData | |
| return nil | ||
| } | ||
|
|
||
| if len(dependencyPath) == 0 { | ||
| if len(dependencyPath) < 2 { | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This guard fix is correct — Should fix — the structurally identical twin panic just below is still unguarded. At line 412, — AI review |
||
| return nil | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. [Should Fix] Good fix here — but the identical bug class remains a few lines below at line 412: if len(path) > 0 && path[1].Name == depPathPackageName {
— AI review |
||
| } | ||
| depPathPackageName := strings.Split(dependencyPath[1], "@")[0] | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The change from
len(dependencyPath) == 0tolen(dependencyPath) < 2is a critical improvement. AccessingdependencyPath[1]when the slice has fewer than two elements would lead to a runtime panic. This fix correctly handles cases where the dependency path is empty or contains only a single element, preventing potential crashes.