Skip to content

test: Add future year CVE antipattern for testing #14922

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Parent: Abadawi/multi spec radar
wants to merge 7 commits into
base: abadawi/multi-spec-radar
Choose a base branch
from
Open

test: Add future year CVE antipattern for testing #14922

wants to merge 7 commits into from

Conversation

@abadawi591
Copy link
Contributor

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

  • The toolchain has been rebuilt successfully (or no changes were made to it)
  • The toolchain/worker package manifests are up-to-date
  • Any updated packages successfully build (or no packages were changed)
  • Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
  • Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
  • All package sources are available
  • cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
  • LICENSE-MAP files are up-to-date (./LICENSES-AND-NOTICES/SPECS/data/licenses.json, ./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md, ./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)
  • All source files have up-to-date hashes in the *.signatures.json files
  • sudo make go-tidy-all and sudo make go-test-coverage pass
  • Documentation has been updated to match any changes to the build system
  • Ready to merge
Summary

What does the PR accomplish, why was it needed?

Change Log
  • Change
  • Change
  • Change
Does this affect the toolchain?

YES/NO

Associated issues
  • #xxxx
Links to CVEs
Test Methodology
  • Pipeline build id: xxxx

@abadawi591 abadawi591 requested a review from a team as a code owner October 24, 2025 16:11
@abadawi591 abadawi591 force-pushed the test/antipattern branch 2 times, most recently from 2d2dc49 to 9205e9f Compare October 24, 2025 16:30
@abadawi591
Copy link
Contributor Author

📊 Interactive HTML Report

🔗 CLICK HERE to open the Interactive HTML Report

The report will open in a new tab automatically

Features:

  • 🎯 Interactive anti-pattern detection results
  • 🔐 GitHub OAuth sign-in for authenticated challenges
  • 💬 Submit feedback and challenges directly from the report
  • 📊 Comprehensive analysis with severity indicators

🔴 CVE Spec File Check - FAILED

Overall Severity: 🔴 ERROR
Generated: 2025-10-24 16:33:45 UTC

📋 Executive Summary

Metric Count
Total Spec Files Analyzed 1
Specs with Errors 🔴 1
Specs with Warnings ⚠️ 0
Total Issues Found 7

📦 Package Analysis Details

🔴 nginx - ERROR
  • Spec File: SPECS/nginx/nginx.spec
  • Status: 🔴 ERROR
  • Issues: 7 errors, 0 warnings
🐛 Anti-Patterns Detected (Click to collapse)

🔴 missing-patch-file (ERROR) - 2 occurrence(s)

  1. Patch file 'CVE-2050-12345.patch' referenced in spec but not found in directory
  2. Patch file 'CVE-2060-99999.patch' referenced in spec but not found in directory

🔴 future-dated-cve (ERROR) - 2 occurrence(s)

  1. CVE CVE-2050-12345 appears to be from the future (year 2050)
  2. CVE CVE-2060-99999 appears to be from the future (year 2060)

🔴 missing-cve-in-changelog (ERROR) - 3 occurrence(s)

  1. CVE-2025-23419 is referenced in the spec file but not mentioned in any changelog entry
  2. CVE-2050-12345 is referenced in the spec file but not mentioned in any changelog entry
  3. CVE-2060-99999 is referenced in the spec file but not mentioned in any changelog entry
Recommended Actions for nginx (Click to collapse)
  • Add CVE-2025-23419 to a changelog entry
  • Add CVE-2050-12345 to a changelog entry
  • Add CVE-2060-99999 to a changelog entry
  • Add the missing patch file or update the Patch reference
  • Check if the CVE year is correct

✅ All Recommended Actions

Complete checklist of all actions needed across all packages

nginx

  • Add CVE-2025-23419 to a changelog entry
  • Add CVE-2050-12345 to a changelog entry
  • Add CVE-2060-99999 to a changelog entry
  • Add the missing patch file or update the Patch reference
  • Check if the CVE year is correct

🤖 Automated CVE Spec File Check | Azure Linux PR Pipeline

@abadawi591 abadawi591 added the radar-issues-detected RADAR detected issues. See feedback and GitHub comment for details. label Oct 24, 2025
@abadawi591
Copy link
Contributor Author

🟢 Challenge Submitted by @abadawi591

Finding: nginx-missing-patch-file-0 in SPECS/nginx/nginx.spec
Challenge Type: False Alarm
Submitted by: @abadawi591 ([email protected])

Feedback:

this is not correct. AI analysis is wrong here because ABC and XYZ.

Challenge ID: ch-001 • Submitted on 2025-10-24 at 16:39 UTC
This challenge will be reviewed by the team.

@abadawi591 abadawi591 added the radar-acknowledged RADAR: PR author/reviewer has provided feedback on findings label Oct 24, 2025
@abadawi591
Copy link
Contributor Author

📊 Interactive HTML Report

🔗 CLICK HERE to open the Interactive HTML Report

The report will open in a new tab automatically

Features:

  • 🎯 Interactive anti-pattern detection results
  • 🔐 GitHub OAuth sign-in for authenticated challenges
  • 💬 Submit feedback and challenges directly from the report
  • 📊 Comprehensive analysis with severity indicators

🔴 CVE Spec File Check - FAILED

Overall Severity: 🔴 ERROR
Generated: 2025-10-24 17:01:24 UTC

📋 Executive Summary

Metric Count
Total Spec Files Analyzed 1
Specs with Errors 🔴 1
Specs with Warnings ⚠️ 0
Total Issues Found 10

📦 Package Analysis Details

🔴 nginx - ERROR
  • Spec File: SPECS/nginx/nginx.spec
  • Status: 🔴 ERROR
  • Issues: 10 errors, 0 warnings
🐛 Anti-Patterns Detected (Click to collapse)

🔴 missing-patch-file (ERROR) - 3 occurrence(s)

  1. Patch file 'CVE-2050-12345.patch' referenced in spec but not found in directory
  2. Patch file 'CVE-2060-99999.patch' referenced in spec but not found in directory
  3. Patch file 'CVE-2070-11111.patch' referenced in spec but not found in directory

🔴 future-dated-cve (ERROR) - 3 occurrence(s)

  1. CVE CVE-2050-12345 appears to be from the future (year 2050)
  2. CVE CVE-2060-99999 appears to be from the future (year 2060)
  3. CVE CVE-2070-11111 appears to be from the future (year 2070)

🔴 missing-cve-in-changelog (ERROR) - 4 occurrence(s)

  1. CVE-2070-11111 is referenced in the spec file but not mentioned in any changelog entry
  2. CVE-2050-12345 is referenced in the spec file but not mentioned in any changelog entry
  3. CVE-2025-23419 is referenced in the spec file but not mentioned in any changelog entry
  4. CVE-2060-99999 is referenced in the spec file but not mentioned in any changelog entry
Recommended Actions for nginx (Click to collapse)
  • Add CVE-2025-23419 to a changelog entry
  • Add CVE-2050-12345 to a changelog entry
  • Add CVE-2060-99999 to a changelog entry
  • Add CVE-2070-11111 to a changelog entry
  • Add the missing patch file or update the Patch reference
  • Check if the CVE year is correct

✅ All Recommended Actions

Complete checklist of all actions needed across all packages

nginx

  • Add CVE-2025-23419 to a changelog entry
  • Add CVE-2050-12345 to a changelog entry
  • Add CVE-2060-99999 to a changelog entry
  • Add CVE-2070-11111 to a changelog entry
  • Add the missing patch file or update the Patch reference
  • Check if the CVE year is correct

🤖 Automated CVE Spec File Check | Azure Linux PR Pipeline

@abadawi591
Copy link
Contributor Author

📊 Interactive HTML Report

🔗 CLICK HERE to open the Interactive HTML Report

The report will open in a new tab automatically

Features:

  • 🎯 Interactive anti-pattern detection results
  • 🔐 GitHub OAuth sign-in for authenticated challenges
  • 💬 Submit feedback and challenges directly from the report
  • 📊 Comprehensive analysis with severity indicators

🔴 CVE Spec File Check - FAILED

Overall Severity: 🔴 ERROR
Generated: 2025-10-24 19:15:04 UTC

📋 Executive Summary

Metric Count
Total Spec Files Analyzed 1
Specs with Errors 🔴 1
Specs with Warnings ⚠️ 0
Total Issues Found 4

📦 Package Analysis Details

🔴 nginx - ERROR
  • Spec File: SPECS/nginx/nginx.spec
  • Status: 🔴 ERROR
  • Issues: 4 errors, 0 warnings
🐛 Anti-Patterns Detected (Click to collapse)

🔴 missing-patch-file (ERROR) - 1 occurrence(s)

  1. Patch file 'CVE-2082-99999.patch' referenced in spec but not found in directory

🔴 future-dated-cve (ERROR) - 1 occurrence(s)

  1. CVE CVE-2082-99999 appears to be from the future (year 2082)

🔴 missing-cve-in-changelog (ERROR) - 2 occurrence(s)

  1. CVE-2025-23419 is referenced in the spec file but not mentioned in any changelog entry
  2. CVE-2082-99999 is referenced in the spec file but not mentioned in any changelog entry
Recommended Actions for nginx (Click to collapse)
  • Add CVE-2025-23419 to a changelog entry
  • Add CVE-2082-99999 to a changelog entry
  • Add the missing patch file or update the Patch reference
  • Check if the CVE year is correct

✅ All Recommended Actions

Complete checklist of all actions needed across all packages

nginx

  • Add CVE-2025-23419 to a changelog entry
  • Add CVE-2082-99999 to a changelog entry
  • Add the missing patch file or update the Patch reference
  • Check if the CVE year is correct

🤖 Automated CVE Spec File Check | Azure Linux PR Pipeline

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Packaging radar-acknowledged RADAR: PR author/reviewer has provided feedback on findings radar-issues-detected RADAR detected issues. See feedback and GitHub comment for details.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@abadawi591