Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to autolink to CVEs #3674

Open
fa7ad opened this issue Oct 14, 2024 · 0 comments
Open

Ability to autolink to CVEs #3674

fa7ad opened this issue Oct 14, 2024 · 0 comments
Labels
feature New feature or request
Milestone
Shortlist

Comments

@fa7ad
Copy link

fa7ad commented Oct 14, 2024
edited
Loading

Hi, I'd like to be able to use the Autolink feature for linking to the CVE dictionary, like this:

Image

I tried using the existing feature with this setting

    {
      "prefix": "CVE-",
      "url": "https://www.cve.org/CVERecord?id=CVE-<num>"
    }

However, this seems to only link to the first part (CVE-2024)
Image

Right now, my work around is to use a massive configuration like this:

Expand 
  "gitlens.autolinks": [
    {
      "prefix": "CVE-2024-",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-<num>"
    },
    {
      "prefix": "CVE-2023-",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-<num>"
    },
    {
      "prefix": "CVE-2022-",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-<num>"
    },
    {
      "prefix": "CVE-2021-",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-<num>"
    },
    {
      "prefix": "CVE-2020-",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-<num>"
    },
    {
      "prefix": "CVE-2019-",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-<num>"
    },
    {
      "prefix": "CVE-2018-",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-<num>"
    },
    {
      "prefix": "CVE-2017-",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-<num>"
    },
    {
      "prefix": "CVE-2016-",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-<num>"
    },
    {
      "prefix": "CVE-2015-",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-<num>"
    },
    {
      "prefix": "CVE-2014-",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-<num>"
    },
    {
      "prefix": "CVE-2013-",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-<num>"
    },
    {
      "prefix": "CVE-2012-",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-<num>"
    },
    {
      "prefix": "CVE-2011-",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-<num>"
    },
    {
      "prefix": "CVE-2010-",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-<num>"
    }
  ]
But given CVEs extend well beyond 2010, the configuration would be truly huge to cover all possible years and would only grow. Plus this seems to me like a massive hack to achieve something that should be (in my opinion) better supported.

I also tried enabling the alphanumeric option to true, but that doesn't seem to capture the dashes either.

One possible solution would be to allow regular expressions or some other pattern based rules, but builtin support for CVEs would work just as well if you're apprehensive about adding regex support.
@fa7ad fa7ad added feature New feature or request triage Needs to be looked at labels Oct 14, 2024
@eamodio eamodio removed the triage Needs to be looked at label Oct 15, 2024
@eamodio eamodio added this to the Shortlist milestone Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature New feature or request
Projects
None yet
Milestone
Shortlist
Development

No branches or pull requests
2 participants
@eamodio @fa7ad