migrate current alpine importer to alpine importer-improver model #623
Conversation
TG1999
changed the title
TG1999
changed the title
|
for issue #620 |
|
@TG1999 As the development in this branch is going on and we wanted to move ahead with #476, rebasing/merging this with/from main will likely cause merge conflicts. Please accept the incoming changes for the import statements. |
TG1999
force-pushed
the
migration/alpine_linux
branch
from
7baa3d2
to
cad46c2
Compare
|
@Hritik14 Resolved merge conflicts |
TG1999
force-pushed
the
migration/alpine_linux
branch
2 times, most recently
from
b68f076
to
3360eb3
Compare
TG1999
force-pushed
the
migration/alpine_linux
branch
2 times, most recently
from
50ba90a
to
5ff44fe
Compare
|
@pombredanne @Hritik14 @sbs2001 Please check my current approach for the importer, if this looks good I will proceed with writing tests for this |
vulnerabilities/importer.py
Outdated
| fixed_version: Optional[Version] = None | ||
|
|
||
| def __post_init__(self): | ||
| if self.package.version: | ||
| if self.package.version or not (self.affected_version_range or self.fixed_version): | ||
| raise ValueError |
| return advisories | ||
| # TODO: Handle the CVE-????-????? case | ||
| yield AdvisoryData( | ||
| summary="", |
There was a problem hiding this comment.
Why an empty summary? Is is mandatory?
| ), | ||
| fixed_version=AlpineLinuxVersion(version), | ||
| ) | ||
| for arch in archs |
| yield AdvisoryData( | ||
| summary="", | ||
| references=references, | ||
| affected_packages=[ |
There was a problem hiding this comment.
Create this before in a separate easier to read loop
| ) | ||
| for arch in archs | ||
| ], | ||
| aliases=[vuln_ids[0] if is_cve(vuln_ids[0]) else ""], |
There was a problem hiding this comment.
Do not return a list of aliases with an empty string in it.
vulnerabilities/improvers/default.py
Outdated
| @@ -38,7 +39,7 @@ def get_inferences(self, advisory_data: AdvisoryData) -> Iterable[Inference]: | |||
| ) | |||
|
|
|||
|
|
|||
| def get_exact_purls(affected_package: AffectedPackage) -> (List[PackageURL], PackageURL): | |||
| def get_exact_purls(affected_package: AffectedPackage) -> Tuple[List[PackageURL], PackageURL]: | |||
There was a problem hiding this comment.
Move these changes in a separate PR.
TG1999
force-pushed
the
migration/alpine_linux
branch
from
a9172e4
to
7233a37
Compare
TG1999
force-pushed
the
migration/alpine_linux
branch
from
630e608
to
cb83cee
Compare
TG1999
force-pushed
the
migration/alpine_linux
branch
2 times, most recently
from
7bdea4c
to
4d9b13a
Compare
There was a problem hiding this comment.
Thanks for the PR! I've marked a few things that I'd like you to consider.
Also, In general, there are a lot of asserts. IMO a loud logging mechanism should serve for those asserts than failing entirely and much of the asserts should make their place in the tests.
TG1999
force-pushed
the
migration/alpine_linux
branch
from
4d9b13a
to
5d1952e
Compare
TG1999
force-pushed
the
migration/alpine_linux
branch
from
7171d02
to
a3ade32
Compare
Current alpine importer models need to be refactored to give AdvisoryData instead of Advisory, also add some validation to parse license expression and make affected_version_range optional Add tests to test scraping of webpages and parsing of data Signed-off-by: Tushar Goel <[email protected]>
TG1999
force-pushed
the
migration/alpine_linux
branch
from
a3ade32
to
a69c886
Compare
Signed-off-by: Tushar Goel <[email protected]>
TG1999
force-pushed
the
migration/alpine_linux
branch
from
1fdd165
to
104c760
Compare
Signed-off-by: Tushar Goel [email protected]