Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid Marshaling of ServerVulnerabilityProperties in SubAssessment #23891

Open
bbernays opened this issue Dec 26, 2024 · 3 comments
Open

Invalid Marshaling of ServerVulnerabilityProperties in SubAssessment #23891

bbernays opened this issue Dec 26, 2024 · 3 comments
Assignees
@jliusan
Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. Mgmt This issue is related to a management-plane library. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention Workflow: This issue is responsible by Azure service team.

Comments

@bbernays
Copy link

Bug Report

The MarshalJSON() function for ServerVulnerabilityProperties the SDK is hardcoding the assessedResourceType as ServerVulnerabilityAssessment when in the sdk the const AssessedResourceTypeServerVulnerability has a value of ServerVulnerability

This means the following code will never return true:

func isTypeServerVulnerability(assessment *armsecurity.SubAssessment) bool {
    additionalType := assessment.Properties.AdditionalData.GetAdditionalData()
    return additionalType.AssessedResourceType == armsecurity.AssessedResourceTypeServerVulnerability
}

This value is also used in this function and will have to be changed as well
@github-actions github-actions bot added customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Dec 26, 2024
@lirenhe lirenhe added the Mgmt This issue is related to a management-plane library. label Dec 30, 2024
@github-actions github-actions bot removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Dec 30, 2024
@jliusan jliusan added the Service Attention Workflow: This issue is responsible by Azure service team. label Jan 2, 2025
@github-actions github-actions bot added the needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team label Jan 2, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 2, 2025

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @ArcturusZhang @lirenhe @tadelesh.

@jliusan
Copy link
Member

jliusan commented Jan 2, 2025
edited by tadelesh
Loading

@bbernays Our SDK is auto-generated from service spec: refer this. It looks like the spec definition is wrong. We need service team to fix the swagger first. If it is urgent, you can open a support ticket directly.

@bbernays
Copy link
Author

bbernays commented Jan 2, 2025

Ok. So the current suggested workround is to not use the armsecurity.AssessedResourceTypeServerVulnerability const but instead just create a local variable to hold the expected value ServerVulnerabilityAssessment?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jliusan jliusan

Labels
customer-reported Issues that are reported by GitHub users external to the Azure organization. Mgmt This issue is related to a management-plane library. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention Workflow: This issue is responsible by Azure service team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jliusan @lirenhe @bbernays