Skip to content

Merging updated codebase #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Pushpit07 merged 47 commits into from
Apr 4, 2021
Merged

Merging updated codebase #1

Pushpit07 merged 47 commits into from
Apr 4, 2021

Conversation

@Pushpit07
Copy link
Owner

@Pushpit07 Pushpit07 commented Apr 4, 2021

No description provided.

savish28 and others added 30 commits March 18, 2021 21:57
@savish28
Sanity Checks for redhat import response
592e846 
Signed-off-by: savish <savishbedi1@gmail.com>
@Hritik14
Make sure vulnerability id is_cve or is_vulcoid
1b06423 
This makes sure that vulnerability id supplied in alpine_linux importer
is either a cve, vulcoid or empty so as to stand on the definition of
vulnerability id.
It could be possible to introduce a validator at the model level for the
same as well using these functions

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@sbs2001
Merge pull request #387 from savish28/Issue#384
3d66b4e 
Sanity Checks for redhat import response
@Hritik14
Use is_cve helper to validate vulnerablitiy id
4d020a7 
Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@Hritik14
Merge branch 'main' into bugfix
54b7707
@dependabot
Bump djangorestframework from 3.11.0 to 3.11.2
f06e1b2 
Bumps [djangorestframework](https://github.com/encode/django-rest-framework) from 3.11.0 to 3.11.2.
- [Release notes](https://github.com/encode/django-rest-framework/releases)
- [Commits](encode/django-rest-framework@3.11.0...3.11.2)

Signed-off-by: dependabot[bot] <support@github.com>
@sbs2001
Merge pull request #389 from Hritik14/bugfix
c689e9d 
Make sure vulnerability id is_cve or is_vulcoid
@sbs2001
Fix various importer errors
d8d07ab 
- Update debian importer's schema validation
- Add tests for msr2019 importer.

Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001
Merge pull request #378 from sbs2001/fix-importer-errors
bfa005e 
Fix various importer errors
@sbs2001
Merge branch 'main' into dependabot/pip/djangorestframework-3.11.2
d440ebd
@dependabot
Bump pyyaml from 5.3.1 to 5.4
da4325b 
Bumps [pyyaml](https://github.com/yaml/pyyaml) from 5.3.1 to 5.4.
- [Release notes](https://github.com/yaml/pyyaml/releases)
- [Changelog](https://github.com/yaml/pyyaml/blob/master/CHANGES)
- [Commits](yaml/pyyaml@5.3.1...5.4)

Signed-off-by: dependabot[bot] <support@github.com>
@sbs2001
Merge pull request #401 from nexB/dependabot/pip/pyyaml-5.4
964e0a8 
Bump pyyaml from 5.3.1 to 5.4
@sbs2001
Update to django 3.0.13
fdd029b 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001
Merge pull request #392 from nexB/dependabot/pip/djangorestframework-…
ec3e800 
…3.11.2

Bump djangorestframework from 3.11.0 to 3.11.2
@dependabot
Bump lxml from 4.6.2 to 4.6.3
4aab987 
Bumps [lxml](https://github.com/lxml/lxml) from 4.6.2 to 4.6.3.
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-4.6.2...lxml-4.6.3)

Signed-off-by: dependabot[bot] <support@github.com>
@sbs2001
Collect more data at NugetVersionApi
adf86fd 
- Now the class handles paginated results
- Added a detailed FIXME comment about an edge case

Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@Hritik14
Add me to AUTHORS
27ceb23 
I hope no review is required :p

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@rolfschr
Update nix deps.
383e87c 
Signed-off-by: Rolf Schröder <rolf.schr@gmail.com>
@sbs2001
Merge branch 'main' into add_me
bdd7adb
@sbs2001
Merge pull request #405 from Hritik14/add_me
3688d89 
Add me to AUTHORS
@tardyp
enable configuration of allowed host
8c22bee 
Signed-off-by: Pierre Tardy <pierre.tardy@renault.com>
@tardyp
import: continue upon failure
e1b6ab9 
If there is an operational error on one of the importer, it is better to still run the other importers

Signed-off-by: Pierre Tardy <pierre.tardy@renault.com>
@tardyp
DEBUG_PROPAGATE_EXCEPTIONS = True
b78cd91 
This allows to print stack traces on the stdout

Best practice would be to integrate with sentry, but at least print the stack trace is helpful when trying to deploy this

Signed-off-by: Pierre Tardy <pierre.tardy@renault.com>
@tardyp
Enforce static collection in dockerfile
c2e1b23 
Signed-off-by: Pierre Tardy <pierre.tardy@renault.com>
@tardyp
enable aiohttp client to trust environement for proxy
ca32550 
Signed-off-by: Pierre Tardy <pierre.tardy@renault.com>
@dependabot
Bump pygments from 2.6.1 to 2.7.4
d96fe5b 
Bumps [pygments](https://github.com/pygments/pygments) from 2.6.1 to 2.7.4.
- [Release notes](https://github.com/pygments/pygments/releases)
- [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES)
- [Commits](pygments/pygments@2.6.1...2.7.4)

Signed-off-by: dependabot[bot] <support@github.com>
@sbs2001
Merge pull request #414 from nexB/dependabot/pip/pygments-2.7.4
3f1f493 
Bump pygments from 2.6.1 to 2.7.4
@dependabot
Bump lxml from 4.6.2 to 4.6.3
8b6aae0 
Bumps [lxml](https://github.com/lxml/lxml) from 4.6.2 to 4.6.3.
- [Release notes](https://github.com/lxml/lxml/releases)
- [Changelog](https://github.com/lxml/lxml/blob/master/CHANGES.txt)
- [Commits](lxml/lxml@lxml-4.6.2...lxml-4.6.3)

Signed-off-by: dependabot[bot] <support@github.com>
@Hritik14
Fix istio (#395)
0b7dc3d 
* Fix #394

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@sbs2001
Merge pull request #406 from ngi-nix/dependabot/pip/lxml-4.6.3
ca7bc1f 
Update nix deps.
sbs2001 and others added 17 commits March 30, 2021 13:24
@sbs2001
Merge pull request #411 from tardyp/aiohttpclient
86eef3b 
enable aiohttp client to trust environement for proxy
@sbs2001
Merge pull request #412 from tardyp/continue
97d4da5 
import: continue upon failure
@sbs2001
Merge pull request #413 from tardyp/dockerfile
0af5389 
Misc fixes for deploying vulnerablecode on a container platform
@sbs2001
Merge pull request #404 from tardyp/allowed_hosts
dfb1ab5 
enable configuration of allowed host
@sbs2001
Merge pull request #402 from nexB/dependabot/pip/lxml-4.6.3
35f36a7 
Bump lxml from 4.6.2 to 4.6.3
@sbs2001
Fix bulk api in case purl does not exist
eb52414 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@Hritik14
requests_with_5xx_retry: Retry on 5xx errors
2684f05 
Introduced and used a helper function for retries on 5xx errors. This is
important and some servers like bugzilla.redhat.com return 502 Proxy Error
which was the cause of #398

A ticket has been raised in RedHat here https://redhat.service-now.com/help?id=rh_ticket&table=sc_req_item&sys_id=278239541b1ba010477e43fccd4bcb4a

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@Hritik14
Not all RHSA errata have a CVRF document
aff0065 
This is mentioned in the NOTE of "2.1 List all CVRFs" of
https://access.redhat.com/documentation/en-us/red_hat_security_data_api/1.0/html/red_hat_security_data_api/cvrf

Such a case would lead to a crash before this commit.
Eg: https://access.redhat.com/hydra/rest/securitydata/cvrf/RHSA-2005:835.json
No cvrfdoc would be found in the statement
                    value = rhsa_data["cvrfdoc"]["aggregate_severity"]

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@Hritik14
Remove debugging symbols and black -l 100
b0329fa 
This finally fixes #398

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@Hritik14
Mock requests_session in redhat importer
c90a871 
Previous commits replace the usage of requests.get() altogether with a
custom requests_session which provides better 5xx error handling.
It is now required to mock that object in this test.
IMHO it would make more sense to update this test altogether to use the
real endpoints against some real data.

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@Hritik14
Add unspecified scoring system
dbb8878 
Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@Hritik14
Rename unspecified to generic system
cdaf81e 
Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@sbs2001
Merge pull request #418 from Hritik14/fix_redhat
9634400 
Fix redhat import failure
@sbs2001
Merge pull request #415 from Hritik14/scoring_system
8f9850f 
Add unspecified scoring system
@sbs2001
Add tests for checking upstream data sources
e0bd0f0 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001
Update travis config
60370ee 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001
Merge pull request #365 from sbs2001/test_upstream_data
86424ee 
Add tests to  check upstream data
@Pushpit07 Pushpit07 merged commit 9ee950b into Pushpit07:main Apr 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@Pushpit07 @savish28 @Hritik14 @sbs2001 @rolfschr @tardyp