Last active
January 7, 2025 07:51
-
-
Save oshoval/c1da49a8c0cb11f135b0d5b2ef6252f7 to your computer and use it in GitHub Desktop.
CVE bumper
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # CNAO package bump helper | |
| # make sure you already have a CNAO with remote upstream, and origin branches | |
| # no untracked files allowed on folder | |
| # ./bumper.sh CVE-2021-38561 golang.org/x/[email protected] release-0.89 | |
| if [ $# -ne 3 ]; then | |
| echo "Syntax: $0 <CVE> <TARGET_PACK> <BR>" | |
| exit 1 | |
| fi | |
| CVE=$1 | |
| TARGET_PACK=$2 | |
| BR=$3 | |
| PACK="${TARGET_PACK/@*}" | |
| git checkout "${BR}" | |
| git pull upstream "$(git symbolic-ref --short HEAD)" | |
| go mod edit -dropreplace="${PACK}" | |
| go mod edit -require="${TARGET_PACK}" | |
| make vendor | |
| git checkout -b "${BR}_${CVE}_$(openssl rand -hex 4)" | |
| git add . | |
| git commit -s -m "$( [ "$BR" == "main" ] && echo "" || echo "[$BR] " )$CVE: Bump $PACK" | |
| git push --set-upstream origin "$(git rev-parse --abbrev-ref HEAD)" |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sure, but lets do it incremental ?
Once we see a real case for each change, then give it with an example and fix it, wdyt?
One of the reasons we can't add vet (unless we do
make vet || truebut it means it can fail and sometimes it is wrong),is that this script is generic, and not all repos have
make vet, maybe we can allow custom addons.Unless we see that all the repos we need have
make vet(some doesn't even have make vendor, and i had a better version of this script for that)Lets consider adding it to CNAO, so whoever want to update it can
Creating a PR for that