Merge branch 'master' into script

cuixq · web-flow · commit f83327fb6fd1 · 2025-09-19T11:40:17.000+10:00
diff --git a/gcp/website/frontend3/src/styles.scss b/gcp/website/frontend3/src/styles.scss
@@ -999,7 +999,7 @@ dl.vulnerability-details,
       }
     }
 
-.ecosystem-content-panel {
+    .ecosystem-content-panel {
       position: relative;
       padding: 8px 0 16px 16px;
 
@@ -1014,6 +1014,28 @@ dl.vulnerability-details,
         background: #555;
       }
     }
+
+    $last-ecosystem-border-offset: 12px;
+    $last-ecosystem-border-gap: 8px;
+    $last-ecosystem-border-thickness: 1px;
+
+    .ecosystem-content-panel--last {
+      padding-bottom: $last-ecosystem-border-offset + $last-ecosystem-border-gap;
+
+      &::before {
+        bottom: $last-ecosystem-border-offset + $last-ecosystem-border-thickness;
+      }
+
+      &::after {
+        content: '';
+        position: absolute;
+        left: 0;
+        right: 0;
+        bottom: $last-ecosystem-border-offset;
+        height: $last-ecosystem-border-thickness;
+        background: $osv-grey-600;
+      }
+    }
     
     .package-accordion {
       position: relative;
@@ -1031,6 +1053,14 @@ dl.vulnerability-details,
       }
     }
 
+    .package-accordion--last {
+      margin-bottom: 0;
+
+      .package-details-card {
+        margin-bottom: $last-ecosystem-border-gap;
+      }
+    }
+
     .package-accordion h3.package-name-title {
       font-family: $osv-heading-font-family;
       font-size: 1.1rem;
diff --git a/gcp/website/frontend3/src/templates/vulnerability.html b/gcp/website/frontend3/src/templates/vulnerability.html
@@ -179,12 +179,13 @@ <h2 class="title">Affected packages</h2>
     {% set ecosystems = vulnerability.affected | group_by_ecosystem %}
   <spicy-sections class="vulnerability-packages force-collapse">
     {% for ecosystem_name, packages in ecosystems.items() -%}
+      {% set is_last_ecosystem = loop.last %}
       <h2 class="package-header">
         <span class="vuln-ecosystem spicy-sections-workaround">{{ ecosystem_name }}</span>
       </h2>
-      <div class="ecosystem-content-panel">
+      <div class="ecosystem-content-panel{% if is_last_ecosystem %} ecosystem-content-panel--last{% endif %}">
         {% for affected in packages -%}
-          <spicy-sections class="package-accordion">
+          <spicy-sections class="package-accordion{% if is_last_ecosystem and loop.last %} package-accordion--last{% endif %}">
             <h3 class="package-name-title">
               {% if 'package' in affected %}{{ affected.package.name }}{% else %}{{ vulnerability.repo | strip_scheme }}{% endif %}
             </h3>
@@ -603,4 +604,4 @@ <h3 class="mdc-layout-grid__cell--span-3">
     setupExpandibleList('.expandible-list', 'li');
   });
 </script>
-{% endblock -%}
+{% endblock -%}
diff --git a/vulnfeeds/cmd/combine-to-osv/main.go b/vulnfeeds/cmd/combine-to-osv/main.go
@@ -24,6 +24,7 @@ const (
 	defaultCVEListPath    = "."
 
 	alpineEcosystem          = "Alpine"
+	debianEcosystem          = "Debian"
 	alpineSecurityTrackerURL = "https://security.alpinelinux.org/vuln"
 )
 
@@ -166,6 +167,10 @@ func combineIntoOSV(loadedCves map[cves.CVEID]cves.Vulnerability, allParts map[c
 
 		addedAlpineURL := false
 		for _, pkgInfo := range allParts[cveID] {
+			// skip debian parts, but still write out the CVEs.
+			if strings.HasPrefix(pkgInfo.Ecosystem, debianEcosystem) {
+				continue
+			}
 			convertedCve.AddPkgInfo(pkgInfo)
 			if strings.HasPrefix(pkgInfo.Ecosystem, alpineEcosystem) && !addedAlpineURL {
 				addReference(string(cveID), alpineEcosystem, convertedCve)
diff --git a/vulnfeeds/cmd/combine-to-osv/main_test.go b/vulnfeeds/cmd/combine-to-osv/main_test.go
@@ -38,7 +38,7 @@ func loadTestData2(cveName string) cves.Vulnerability {
 
 func TestLoadParts(t *testing.T) {
 	allParts, _ := loadParts("../../test_data/parts")
-	expectedPartCount := 15
+	expectedPartCount := 14
 	actualPartCount := len(allParts)
 
 	if actualPartCount != expectedPartCount {
@@ -86,15 +86,14 @@ func TestLoadParts(t *testing.T) {
 
 func TestCombineIntoOSV(t *testing.T) {
 	cveStuff := map[cves.CVEID]cves.Vulnerability{
-		"CVE-2022-33745":   loadTestData2("CVE-2022-33745"),
-		"CVE-2022-32746":   loadTestData2("CVE-2022-32746"),
-		"CVE-2018-1000500": loadTestData2("CVE-2018-1000500"),
+		"CVE-2022-33745": loadTestData2("CVE-2022-33745"),
+		"CVE-2022-32746": loadTestData2("CVE-2022-32746"),
 	}
 	allParts, cveModifiedTime := loadParts("../../test_data/parts")
 
 	combinedOSV := combineIntoOSV(cveStuff, allParts, "", cveModifiedTime)
 
-	expectedCombined := 3
+	expectedCombined := 2
 	actualCombined := len(combinedOSV)
 
 	if actualCombined != expectedCombined {
@@ -107,13 +106,6 @@ func TestCombineIntoOSV(t *testing.T) {
 
 		found := false
 		switch cve {
-		case "CVE-2018-1000500":
-			for _, reference := range combinedOSV[cve].References {
-				if reference.Type == "ADVISORY" &&
-					reference.URL == "https://security-tracker.debian.org/tracker/CVE-2018-1000500" {
-					t.Errorf("Found unexpected Debian advisory URL for %s", cve)
-				}
-			}
 		case "CVE-2022-33745":
 			for _, reference := range combinedOSV[cve].References {
 				if reference.Type == "ADVISORY" &&
@@ -129,7 +121,7 @@ func TestCombineIntoOSV(t *testing.T) {
 				}
 			}
 		}
-		if !found && cve != "CVE-2018-1000500" {
+		if !found {
 			t.Errorf("%s doesn't have all expected references", cve)
 		}
 	}
diff --git a/vulnfeeds/test_data/parts/debian/CVE-2018-1000500.debian.json b/vulnfeeds/test_data/parts/debian/CVE-2018-1000500.debian.json
