Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: report known malware even when not labeled #956

Merged
merged 3 commits into from
Jan 8, 2025
Merged

fix: report known malware even when not labeled #956

merged 3 commits into from
Jan 8, 2025

Conversation

behnazh-w
Copy link
Member

@behnazh-w behnazh-w commented Jan 5, 2025
edited
Loading

Some of the malicious packages are not clearly labeled in the OSV knowledge base. This PR improves the known malware detection in detect_malicious_metadata_check. It also adds a new abstraction for the deps.dev service to improve code reusability.

@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Jan 5, 2025
@behnazh-w behnazh-w force-pushed the behnazh/improve-known-mal-check branch from 6f9d7f4 to 0089979 Compare January 5, 2025 17:26
@behnazh-w behnazh-w marked this pull request as ready for review January 5, 2025 18:07
@behnazh-w behnazh-w requested a review from tromai as a code owner January 5, 2025 18:07
@behnazh-w behnazh-w requested review from art1f1c3R and benmss January 5, 2025 18:07
@behnazh-w behnazh-w force-pushed the behnazh/improve-known-mal-check branch from 0089979 to 20155c3 Compare January 6, 2025 20:21
tromai
tromai approved these changes Jan 6, 2025
View reviewed changes
Copy link
Member

@tromai tromai left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks!

@behnazh-w
fix: report known malware even when not labeled
1adc6f2 
Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
@behnazh-w
chore: address PR feedback
9bdde99 
Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
@behnazh-w
chore: check that the OSV vulnerability ID is not None
60d5ec2 
Signed-off-by: behnazh-w <behnaz.hassanshahi@oracle.com>
@behnazh-w behnazh-w force-pushed the behnazh/improve-known-mal-check branch from 20155c3 to 60d5ec2 Compare January 7, 2025 14:13
@behnazh-w behnazh-w merged commit 7313899 into staging Jan 8, 2025
10 checks passed
@behnazh-w behnazh-w deleted the behnazh/improve-known-mal-check branch February 2, 2025 23:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@benmss benmss benmss approved these changes

@tromai tromai tromai approved these changes

@art1f1c3R art1f1c3R art1f1c3R approved these changes

Assignees
No one assigned
Labels
OCA Verified All contributors have signed the Oracle Contributor Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@behnazh-w @benmss @tromai @art1f1c3R