Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove redundant package-urls from VCIO #1327

Open
TG1999 opened this issue Nov 1, 2023 · 2 comments
Open

Remove redundant package-urls from VCIO #1327

TG1999 opened this issue Nov 1, 2023 · 2 comments
Assignees
@pombredanne @TG1999

Comments

@TG1999
Copy link
Contributor

TG1999 commented Nov 1, 2023
edited
Loading

Currently, we store duplicated package-urls because of the way they are different structurally but similar when constructed as a purl whole, for example:

1st Scenario:

Purl A-
type-"pypi", namespace- "", name - "foo/bar"

Purl B-
type-"pypi", namespace-"foo", name - "bar"

They are structurally different, but their purl will be identical i.e "pkg:pypi/foo/bar"

2nd Scenario:

https://github.com/nexB/vulnerablecode/wiki/WeeklyMeetings#meeting-on-tuesday-2023-10-24-at-1600-utc discussed here in the weekly meeting

The solution for 2nd scenario was discussed in the weekly meeting, but what should be done for 1st scenario ?
@johnmhoran
Copy link
Member

@TG1999 Re the 2d scenario, I don't recall any discussion of how we'll decide which of the duplicates to remove. The difference is not limited to the structure of the qualifiers field -- I seem to recall some duplicates have different fixed-by packages, not all duplicates have identical groups of affected by vulnerabilties, and that might be similar for fixing vulns, don't yet know. So we have some unaddressed gating items.

@TG1999
Copy link
Contributor Author

TG1999 commented Nov 6, 2023

As per my discussion with @pombredanne

  • Take a snapshot of the current database.
  • Iterate on vulnerabilities and delete all the packages for vulnerabilities that have an alias

pombredanne added a commit that referenced this issue Dec 5, 2023
@pombredanne
Migrate qualifiers to plain charfield step 1
5e446b3 
Create qualifiers_temp temp field

Reference: #1327
Signed-off-by: Philippe Ombredanne <[email protected]>
pombredanne added a commit that referenced this issue Dec 5, 2023
@pombredanne
Migrate qualifiers to plain charfield step 2
46fa3d7 
Copy qualifiers to qualifiers_temp

Reference: #1327
Signed-off-by: Philippe Ombredanne <[email protected]>
pombredanne added a commit that referenced this issue Dec 5, 2023
@pombredanne
Migrate qualifiers to plain charfield step 1
141974f 
Create qualifiers_temp temp field

Reference: #1327
Signed-off-by: Philippe Ombredanne <[email protected]>
pombredanne added a commit that referenced this issue Dec 5, 2023
@pombredanne
Migrate qualifiers to plain charfield step 2
e2c879e 
Copy qualifiers to qualifiers_temp

Reference: #1327
Signed-off-by: Philippe Ombredanne <[email protected]>
pombredanne pushed a commit that referenced this issue Dec 5, 2023
@TG1999 @pombredanne
Add qualifiers_temp in unique_together step 3
3a91e8f 
Reference: #1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
pombredanne pushed a commit that referenced this issue Dec 5, 2023
@TG1999 @pombredanne
Remove qualifiers from unique_together step 4
b908979 
Reference: #1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
pombredanne pushed a commit that referenced this issue Dec 5, 2023
@TG1999 @pombredanne
Copy qualifiers_temp to qualifiers step 5
39e5f3c 
Reference: #1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
pombredanne pushed a commit that referenced this issue Dec 5, 2023
@TG1999 @pombredanne
Add qualifiers in unique_together step 6
54731c1 
Reference: #1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
pombredanne pushed a commit that referenced this issue Dec 5, 2023
@TG1999 @pombredanne
Delete qualifiers_temp field and unique_togther step 7
ea81926 
Reference: #1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 pushed a commit that referenced this issue Dec 20, 2023
@pombredanne @TG1999
Migrate qualifiers to plain charfield step 1
43f8b3c 
Create qualifiers_temp temp field

Reference: #1327
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 pushed a commit that referenced this issue Dec 20, 2023
@pombredanne @TG1999
Migrate qualifiers to plain charfield step 2
dfab4b6 
Copy qualifiers to qualifiers_temp

Reference: #1327
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 pushed a commit that referenced this issue Dec 20, 2023
@pombredanne @TG1999
Migrate qualifiers to plain charfield step 1
69f06d4 
Create qualifiers_temp temp field

Reference: #1327
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 pushed a commit that referenced this issue Dec 20, 2023
@pombredanne @TG1999
Migrate qualifiers to plain charfield step 2
a63177a 
Copy qualifiers to qualifiers_temp

Reference: #1327
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 added a commit that referenced this issue Dec 20, 2023
@TG1999
Add qualifiers_temp in unique_together step 3
3a63675 
Reference: #1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 added a commit that referenced this issue Dec 20, 2023
@TG1999
Remove qualifiers from unique_together step 4
f13ec9d 
Reference: #1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 added a commit that referenced this issue Dec 20, 2023
@TG1999
Copy qualifiers_temp to qualifiers step 5
527ded9 
Reference: #1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 added a commit that referenced this issue Dec 20, 2023
@TG1999
Add qualifiers in unique_together step 6
f0510fe 
Reference: #1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 added a commit that referenced this issue Dec 20, 2023
@TG1999
Delete qualifiers_temp field and unique_togther step 7
a870803 
Reference: #1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 pushed a commit to TG1999/vulnerablecode that referenced this issue Dec 26, 2023
@pombredanne @TG1999
Migrate qualifiers to plain charfield step 1
420dfc9 
Create qualifiers_temp temp field

Reference: aboutcode-org#1327
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 pushed a commit to TG1999/vulnerablecode that referenced this issue Dec 26, 2023
@pombredanne @TG1999
Migrate qualifiers to plain charfield step 2
39d52c8 
Copy qualifiers to qualifiers_temp

Reference: aboutcode-org#1327
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 pushed a commit to TG1999/vulnerablecode that referenced this issue Dec 26, 2023
@pombredanne @TG1999
Migrate qualifiers to plain charfield step 1
ce49cc2 
Create qualifiers_temp temp field

Reference: aboutcode-org#1327
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 pushed a commit to TG1999/vulnerablecode that referenced this issue Dec 26, 2023
@pombredanne @TG1999
Migrate qualifiers to plain charfield step 2
f796919 
Copy qualifiers to qualifiers_temp

Reference: aboutcode-org#1327
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 added a commit to TG1999/vulnerablecode that referenced this issue Dec 26, 2023
@TG1999
Add qualifiers_temp in unique_together step 3
b8e7839 
Reference: aboutcode-org#1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 added a commit to TG1999/vulnerablecode that referenced this issue Dec 26, 2023
@TG1999
Remove qualifiers from unique_together step 4
923ebd7 
Reference: aboutcode-org#1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 added a commit to TG1999/vulnerablecode that referenced this issue Dec 26, 2023
@TG1999
Copy qualifiers_temp to qualifiers step 5
14ee730 
Reference: aboutcode-org#1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 added a commit to TG1999/vulnerablecode that referenced this issue Dec 26, 2023
@TG1999
Add qualifiers in unique_together step 6
329629e 
Reference: aboutcode-org#1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
TG1999 added a commit to TG1999/vulnerablecode that referenced this issue Dec 26, 2023
@TG1999
Delete qualifiers_temp field and unique_togther step 7
d269276 
Reference: aboutcode-org#1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>
@pombredanne pombredanne mentioned this issue Dec 28, 2023
Merged
TG1999 added a commit that referenced this issue Dec 29, 2023
@TG1999 @pombredanne
Package purl model updates (#1368)
5932722 
* Add missing migration for vulnerability.status

Signed-off-by: Philippe Ombredanne <[email protected]>

* Migrate qualifiers to plain charfield step 1

Create qualifiers_temp temp field

Reference: #1327
Signed-off-by: Philippe Ombredanne <[email protected]>

* Migrate qualifiers to plain charfield step 2

Copy qualifiers to qualifiers_temp

Reference: #1327
Signed-off-by: Philippe Ombredanne <[email protected]>

* Add qualifiers_temp in unique_together step 3

Signed-off-by: Tushar Goel <[email protected]>

* Remove qualifiers from qunique_together step 4

Signed-off-by: Tushar Goel <[email protected]>

* Copy qualifiers_temp to qualifiers step 5

Signed-off-by: Tushar Goel <[email protected]>

* Add qualifiers in unique_together step 6

Signed-off-by: Tushar Goel <[email protected]>

* Delete qualifiers_temp and remove it from unique_togther step 7

Signed-off-by: Tushar Goel <[email protected]>

* Formatting changes

Signed-off-by: Tushar Goel <[email protected]>

* Correct the 0045 migration

Signed-off-by: Tushar Goel <[email protected]>

* Migrate qualifiers to plain charfield step 1

Create qualifiers_temp temp field

Reference: #1327
Signed-off-by: Philippe Ombredanne <[email protected]>

* Migrate qualifiers to plain charfield step 2

Copy qualifiers to qualifiers_temp

Reference: #1327
Signed-off-by: Philippe Ombredanne <[email protected]>

* Add qualifiers_temp in unique_together step 3

Reference: #1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>

* Remove qualifiers from unique_together step 4

Reference: #1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>

* Copy qualifiers_temp to qualifiers step 5

Reference: #1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>

* Add qualifiers in unique_together step 6

Reference: #1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>

* Delete qualifiers_temp field and unique_togther step 7

Reference: #1327
Signed-off-by: Tushar Goel <[email protected]>
Signed-off-by: Philippe Ombredanne <[email protected]>

* Format models.py

Signed-off-by: Tushar Goel <[email protected]>

* Remove dupe Packages from qualifiers

Signed-off-by: Philippe Ombredanne <[email protected]>

* Remove dupe Packages from ns/name

Signed-off-by: Philippe Ombredanne <[email protected]>

* Correct migrations and add tests

Signed-off-by: Tushar Goel <[email protected]>

* Fix tests

Signed-off-by: Tushar Goel <[email protected]>

* Update tests

Signed-off-by: Tushar Goel <[email protected]>

* Fix tests

Signed-off-by: Tushar Goel <[email protected]>

* Remove tests for warts

Signed-off-by: Tushar Goel <[email protected]>

* Add changelog

Signed-off-by: Tushar Goel <[email protected]>

* Update PR according to recent changes

Signed-off-by: Tushar Goel <[email protected]>

* Update tests

Signed-off-by: Tushar Goel <[email protected]>

* Address review comments

Signed-off-by: Tushar Goel <[email protected]>

---------

Signed-off-by: Philippe Ombredanne <[email protected]>
Signed-off-by: Tushar Goel <[email protected]>
Co-authored-by: Philippe Ombredanne <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pombredanne pombredanne

@TG1999 TG1999

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pombredanne @johnmhoran @TG1999