Last active
January 7, 2025 07:51
-
-
Save oshoval/c1da49a8c0cb11f135b0d5b2ef6252f7 to your computer and use it in GitHub Desktop.
CVE bumper
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # CNAO package bump helper | |
| # make sure you already have a CNAO with remote upstream, and origin branches | |
| # no untracked files allowed on folder | |
| # ./bumper.sh CVE-2021-38561 golang.org/x/[email protected] release-0.89 | |
| if [ $# -ne 3 ]; then | |
| echo "Syntax: $0 <CVE> <TARGET_PACK> <BR>" | |
| exit 1 | |
| fi | |
| CVE=$1 | |
| TARGET_PACK=$2 | |
| BR=$3 | |
| PACK="${TARGET_PACK/@*}" | |
| git checkout "${BR}" | |
| git pull upstream "$(git symbolic-ref --short HEAD)" | |
| go mod edit -dropreplace="${PACK}" | |
| go mod edit -require="${TARGET_PACK}" | |
| make vendor | |
| git checkout -b "${BR}_${CVE}_$(openssl rand -hex 4)" | |
| git add . | |
| git commit -s -m "$( [ "$BR" == "main" ] && echo "" || echo "[$BR] " )$CVE: Bump $PACK" | |
| git push --set-upstream origin "$(git rev-parse --abbrev-ref HEAD)" |
Author
Sure, but lets do it incremental ?
Once we see a real case for each change, then give it with an example and fix it, wdyt?
One of the reasons we can't add vet (unless we do make vet || true but it means it can fail and sometimes it is wrong),
is that this script is generic, and not all repos have make vet, maybe we can allow custom addons.
Unless we see that all the repos we need have make vet (some doesn't even have make vendor, and i had a better version of this script for that)
Lets consider adding it to CNAO, so whoever want to update it can
Creating a PR for that
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey @oshoval , sometimes bumps require changes in our code, please consider adding make vet to your script to catch these issues.