Skip to content

Appeng 5540 Enhancement and bug fixes for adding manifest_path and ecosystem fields to agentic logic: #272

Open
gnetanel wants to merge 5 commits into
RHEcosystemAppEng:mainfrom
gnetanel:APPENG-5540_mixed_repo_part_2_to_deliver
Open

Appeng 5540 Enhancement and bug fixes for adding manifest_path and ecosystem fields to agentic logic: #272
gnetanel wants to merge 5 commits into
RHEcosystemAppEng:mainfrom
gnetanel:APPENG-5540_mixed_repo_part_2_to_deliver

Conversation

@gnetanel

Copy link
Copy Markdown
Collaborator

Verify & test the following:

Request include only ecosystem without manifest path
Expected behavior: no autodetection is done, yet - verification is done that expected manifest file exist

Request include only manifest path without ecosystem
Expected behavior: autodetection is done as before, yet - it is done on given path

Manifest Path parameter verification:

Verify that path does not include ".." characters, in case it does, fail the request (prevent attach on other directories on the host)

In case path does not exist fail the request with clear error

Ecosystem parameter verification:

In case manifest file not available for the ecosystem, fail the operation with clear error message. (do not retry finding ecosystem automatically)

In addition resolve the review comment named 'finding 3', 'finding 4' and finding 7' from the original PR that introduced the multi-repo feature.

@vbelouso

vbelouso commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@gnetanel

Copy link
Copy Markdown
Collaborator Author

/test vulnerability-analysis-on-pr

zvigrinberg
zvigrinberg previously approved these changes Jun 30, 2026

@zvigrinberg zvigrinberg left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM Approved.

@zvigrinberg zvigrinberg self-requested a review June 30, 2026 13:09
@zvigrinberg zvigrinberg added the hold Something needs to block this issue from merging label Jun 30, 2026
@zvigrinberg zvigrinberg dismissed their stale review June 30, 2026 13:12

By mistake

@zvigrinberg zvigrinberg left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @gnetanel ,

Please see my comments.

Comment thread uv.lock
Comment thread src/vuln_analysis/functions/cve_clone_and_deps.py
Comment thread src/vuln_analysis/functions/cve_generate_vdbs.py
Comment thread src/vuln_analysis/tools/transitive_code_search.py
Comment thread src/exploit_iq_commons/utils/git_utils.py Outdated
Comment thread src/exploit_iq_commons/utils/transitive_code_searcher_tool.py
@zvigrinberg zvigrinberg removed the hold Something needs to block this issue from merging label Jun 30, 2026
@gnetanel gnetanel force-pushed the APPENG-5540_mixed_repo_part_2_to_deliver branch from 3d6b1e8 to 7b7f679 Compare July 1, 2026 07:02
@gnetanel

gnetanel commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator Author

/test vulnerability-analysis-on-pr

@gnetanel gnetanel force-pushed the APPENG-5540_mixed_repo_part_2_to_deliver branch from 7b7f679 to 4ef3712 Compare July 1, 2026 10:16

@zvigrinberg zvigrinberg left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM Approved.

@gnetanel

gnetanel commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator Author

/test vulnerability-analysis-on-pr

2 similar comments
@zvigrinberg

Copy link
Copy Markdown
Collaborator

/test vulnerability-analysis-on-pr

@gnetanel

gnetanel commented Jul 2, 2026

Copy link
Copy Markdown
Collaborator Author

/test vulnerability-analysis-on-pr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants