Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

🐛 fix special character in search query to fix fuzzing check #1241

Merged
merged 3 commits into from
Nov 15, 2021

Conversation

asraa
Copy link
Contributor

@asraa asraa commented Nov 11, 2021

Signed-off-by: Asra Ali [email protected]

  • Please check if the PR fulfills these requirements
  • What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)
  • Fixes a bug where special character / was causeing a false negative on the fuzzing query that queries for repositories
    By github search API docs:
You can't use the following wildcard characters as part of your search query: . , : ; / \ ` ' " = * ! ? # $ & + ^ | ~ < > ( ) { } [ ] @. The search will simply ignore these symbols.

https://docs.github.com/en/search-github/searching-on-github/searching-code#considerations-for-code-search

  • What is the current behavior? (You can also link to an open issue here)
    The "Fuzzing" check doesn't seem to always work correctly #1231

  • What is the new behavior (if this is a feature change)?
    Successfully detects fuzzing for the repos

  • Does this PR introduce a breaking change? (What changes might users need to make in their application due to this PR?)

  • Other information:

@asraa
Copy link
Contributor Author

asraa commented Nov 11, 2021

I don't think any of the special characters are relevant for repository searches, but if you think it makes sense to replace all of those, let me know!

@laurentsimon laurentsimon self-requested a review November 11, 2021 16:54
@@ -59,7 +59,7 @@ func (handler *searchHandler) buildQuery(request clients.SearchRequest) (string,
}
var queryBuilder strings.Builder
if _, err := queryBuilder.WriteString(
fmt.Sprintf("%s repo:%s/%s", request.Query, handler.owner, handler.repo)); err != nil {
fmt.Sprintf("%s repo:%s/%s", strings.ReplaceAll(request.Query, "/", " "), handler.owner, handler.repo)); err != nil {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why was there a / in the query that caused the issue? I thought org and repo did not have if they had been extracted properly from owner/repo?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, for fuzzing we check if the URI is in a project.yaml.

e.g. we search for github.com/util-linux/util-linux in the main_repo field of the YAML https://github.com/google/oss-fuzz/blob/56b840aad7907d69ad0de08a9339ba7e18a03514/projects/util-linux/project.yaml#L17

go.mod Outdated
@@ -40,71 +38,6 @@ require (
gotest.tools v2.2.0+incompatible
)

require (
cloud.google.com/go v0.94.1 // indirect
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it normal all of the below dependencies are removed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmmm somehow that showed up in my go mod tidy.

Copy link
Contributor

@azeemshaikh38 azeemshaikh38 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the quick turnaround @asraa !

clients/githubrepo/search.go Show resolved Hide resolved
go.mod Outdated
@@ -4,9 +4,7 @@ go 1.17

require (
cloud.google.com/go/bigquery v1.24.0
cloud.google.com/go/monitoring v0.1.0 // indirect
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are these go.mod changes expected?

@azeemshaikh38
Copy link
Contributor

I don't think any of the special characters are relevant for repository searches, but if you think it makes sense to replace all of those, let me know!

+1. I think its ok for this PR. But maybe just leave a comment so we know this could be a potential issue.

@evverx
Copy link
Contributor

evverx commented Nov 11, 2021

Thanks! I can confirm that now both util-linux and selinux are fuzzed according to scorecard.

(on a somewhat unrelated note It seems the "Fuzzing" check doesn't take disabled projects (where disabled is set to true) like https://github.com/google/oss-fuzz/blob/master/projects/influxdb/project.yaml into account. It has nothing to with this PR though)

Signed-off-by: Asra Ali <[email protected]>
@asraa
Copy link
Contributor Author

asraa commented Nov 11, 2021

(on a somewhat unrelated note It seems the "Fuzzing" check doesn't take disabled projects (where disabled is set to true) like https://github.com/google/oss-fuzz/blob/master/projects/influxdb/project.yaml into account. It has nothing to with this PR though)

Ooh right! Should we open an issue about this? I suppose we could search for the right project.yaml and then check for a disabled line.

@evverx
Copy link
Contributor

evverx commented Nov 11, 2021

@asraa I'll try to open a new issue once I figure out why scorecard says that influxdb is fuzzed while libra isn't even though they're both disabled on OSS-Fuzz.

@evverx
Copy link
Contributor

evverx commented Nov 11, 2021

Looks like libra triggered another corner case. It was renamed to "diem" but the "project.yaml" file wasn't changed accordingly so scorecard somehow looks for diem/diem instead of libra/libra. Basically it seems scorecard can't handle redirects so if for example karelzak/util-linux is looked for it redirects to util-linux/util-linux and because google/oss-fuzz#6800 was merged it automagically works but if the project.yaml file hadn't been changed scorecard would say that the project isn't fuzzed. I'll try to open another issue then

@asraa
Copy link
Contributor Author

asraa commented Nov 15, 2021

ping? anything else to do here? other issues with the fuzzing check have open issues now

@azeemshaikh38
Copy link
Contributor

azeemshaikh38 commented Nov 15, 2021

ping? anything else to do here? other issues with the fuzzing check have open issues now

Nothing from my side. Looks good to submit. Auto-merge is on.

@azeemshaikh38 azeemshaikh38 enabled auto-merge (squash) November 15, 2021 16:36
@laurentsimon
Copy link
Contributor

Looks like libra triggered another corner case. It was renamed to "diem" but the "project.yaml" file wasn't changed accordingly so scorecard somehow looks for diem/diem instead of libra/libra. Basically it seems scorecard can't handle redirects so if for example karelzak/util-linux is looked for it redirects to util-linux/util-linux and because google/oss-fuzz#6800 was merged it automagically works but if the project.yaml file hadn't been changed scorecard would say that the project isn't fuzzed. I'll try to open another issue then

yes, please!

@laurentsimon
Copy link
Contributor

ping? anything else to do here? other issues with the fuzzing check have open issues now

Nothing from my side. Looks good to submit.

LGTM too. Thanks @asraa !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants