Apply rules to annotate candidates (in addition to the ML part of the filter-rank module) #150
Comments
|
The initial work is done in the context of the following pull request: #149 |
|
Another rule could be something like:
|
copernico
changed the title
|
Another obvious one:
NOTE: this is not conclusive per-se (some advisories point to commits that contain changelog changes, not the actual code fixes...) |
|
As for the naming: I guess we could settle on calling these just "rules" (implying "manually-defined", or "handcrafted"), |
|
Hi @Riruk, any progress on this issue? |
|
Hi @copernico, I was a bit busy last week with a paper. It's submitted now, so I will come back to working on the prospector tool from tomorrow |
|
What about adding a rule "contains text in commit message"? |
The "text" would be a keyword extracted from the advisory? If so, yes, definitely a useful rule. |
|
Work continues in #161 |
|
I think we need to elaborate on the representation of the results to be shown to the user before proceeding. Examples: commit X1 from repository R
Note: the reasons are human readable, but are constructed automatically based on the candidate features and annotations. |
|
One point I'm not quite sure how to handle is the conceptual distinction between the above annotations and the features computed with the extract_* functions. In some sense, they look the same. Maybe, the annotations are what the user will see...? |
copernico
changed the title
|
Work continues in #175 |
We could use the hard-coded rules to identify some commits relevant to security fixes.
For example: if a commit message says that this commit is a fix for a particular CVE, then it is a very strong candidate for the commit to be related to the vulnerability fix.
I will create a PR for the implementation part and I propose to have this issue to discuss possible hard-coded rules that we could create.
The text was updated successfully, but these errors were encountered: