Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Discrepancy between vex.Open and vex.Parse #55

Open
knqyf263 opened this issue Aug 30, 2023 · 2 comments
Open

Discrepancy between vex.Open and vex.Parse #55

knqyf263 opened this issue Aug 30, 2023 · 2 comments

Comments

@knqyf263
Copy link
Contributor

vex.Parse assums the latest version.

go-vex/pkg/vex/functions_files.go

Lines 33 to 40 in eb8ba79

// Parse parses an OpenVEX document in the latest version from the data byte array.
func Parse(data []byte) (*VEX, error) {
vexDoc := &VEX{}
if err := json.Unmarshal(data, vexDoc); err != nil {
return nil, fmt.Errorf("%s: %w", errMsgParse, err)
}
return vexDoc, nil
}

vex.Open autodetects the version.

go-vex/pkg/vex/functions_files.go

Lines 96 to 100 in eb8ba79

if documentContextLocator == ContextLocator() {
return Parse(data)
} else if documentContextLocator != "" {
version := strings.TrimPrefix(documentContextLocator, Context)
version = strings.TrimPrefix(version, "/")

At first, I tried vex.Open, and my VEX file didn't work because the @context in the file was "https://openvex.dev/ns/ even though the file content was compatible with v0.2.0. Then, Open fell back into v0.0.1.

But after I switched to vex.Parse, it suddenly worked. I was a bit surprised they behaved differently. Is it possible to change both to the same behavior? I'd like to know the reason if it is intentional. If you agree to the change, I can open a PR.
@puerco
Copy link
Member

puerco commented Aug 31, 2023

Yes this is the intended behavior, the documentation could use some help but I think it explains it:

func Parse(data []byte) (*VEX, error)
Parse parses an OpenVEX document in the latest version from the data byte array.

func Open(path string) (*VEX, error)
Open tries to autodetect the vex format and open it

To try to understand better, here is the current status:

  • Open is the universal opener for any openvex version or even other formats such as CSAF.
  • Load() and Parse() are equivalents for files and byte arrays respectively.

What you need is a vex.Parse() equivalent that understands any OpenVEX version?

@knqyf263
Copy link
Contributor Author

knqyf263 commented Sep 7, 2023

I'm sorry for the late reply.

Yes this is the intended behavior, the documentation could use some help but I think it explains it:

Yes, I saw the comments, but I didn't understand why they differ. Loading from bytes or a file should be the same, no?

What you need is a vex.Parse() equivalent that understands any OpenVEX version?

Right. For example, we're trying to consume VEX in OCI registries. Different OpenVEX versions may have been uploaded there. It is better to parse it in memory with Parse() rather than downloading the content to a local file and parsing the file with Open().

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@knqyf263 @puerco