Refactor Gitimporter using fetchcode by ziadhany · Pull Request #817 · aboutcode-org/vulnerablecode

ziadhany · 2022-08-01T13:52:08Z

Reference: #806
Signed-off-by: ziad ziadhany2016@gmail.com

TG1999 · 2022-09-22T12:05:31Z

@ziadhany , please add logs for gitlab importer.

vulnerabilities/tests/test_data_source.py

ziadhany · 2022-09-24T23:59:57Z

@ziadhany , please add logs for gitlab importer.

Importing data using vulnerabilities.importers.gitlab.GitLabGitImporter
Unknow package type 'conan'
Unknow package type 'conan'
...
Unknow package type 'conan'
Unknow package type 'conan'
Unknow package type 'go'
....
Unknow package type 'go'
Unknow package type 'go'
....
parse_yaml_file: affected_range is not parsable: '(,)' type:'nuget' error: InvalidVersion("'None' is not a valid <class 'univers.versions.NugetVersion'>")
 Traceback (most recent call last):
  File "/home/ziad/PycharmProjects/vulnerablecode/vulnerabilities/importers/gitlab.py", line 223, in parse_gitlab_advisory
    affected_version_range = vrc.from_native(affected_range)
  File "/home/ziad/PycharmProjects/vulnerablecode/venv/lib/python3.10/site-packages/univers/version_range.py", line 616, in from_native
    VersionConstraint(comparator="=", version=cls.version_class(str(lower_bound)))
  File "<attrs generated init univers.versions.NugetVersion>", line 7, in __init__
    self.__attrs_post_init__()
  File "/home/ziad/PycharmProjects/vulnerablecode/venv/lib/python3.10/site-packages/univers/versions.py", line 87, in __attrs_post_init__
    raise InvalidVersion(f"{self.string!r} is not a valid {self.__class__!r}")
univers.versions.InvalidVersion: 'None' is not a valid <class 'univers.versions.NugetVersion'>

parse_yaml_file: affected_range is not parsable: '[4.0.0],(,3.4.0),[4.0.0,4.1.2)' type:'nuget' error: VersionRangeParseError('Ranges overlap: [4.0.0],(,3.4.0),[4.0.0,4.1.2)')
 Traceback (most recent call last):
  File "/home/ziad/PycharmProjects/vulnerablecode/vulnerabilities/importers/gitlab.py", line 223, in parse_gitlab_advisory
    affected_version_range = vrc.from_native(affected_range)
  File "/home/ziad/PycharmProjects/vulnerablecode/venv/lib/python3.10/site-packages/univers/version_range.py", line 605, in from_native
    restrictions = maven.VersionRange(string).restrictions
  File "/home/ziad/PycharmProjects/vulnerablecode/venv/lib/python3.10/site-packages/univers/maven.py", line 226, in __init__
    raise VersionRangeParseError("Ranges overlap: %s" % spec)
univers.maven.VersionRangeParseError: Ranges overlap: [4.0.0],(,3.4.0),[4.0.0,4.1.2)

parse_yaml_file: affected_range is not parsable: '[2.2],[2.1]' type:'nuget' error: VersionRangeParseError('Ranges overlap: [2.2],[2.1]')
 Traceback (most recent call last):
  File "/home/ziad/PycharmProjects/vulnerablecode/vulnerabilities/importers/gitlab.py", line 223, in parse_gitlab_advisory
    affected_version_range = vrc.from_native(affected_range)
  File "/home/ziad/PycharmProjects/vulnerablecode/venv/lib/python3.10/site-packages/univers/version_range.py", line 605, in from_native
    restrictions = maven.VersionRange(string).restrictions
  File "/home/ziad/PycharmProjects/vulnerablecode/venv/lib/python3.10/site-packages/univers/maven.py", line 226, in __init__
    raise VersionRangeParseError("Ranges overlap: %s" % spec)
univers.maven.VersionRangeParseError: Ranges overlap: [2.2],[2.1]
.....

Successfully imported data using vulnerabilities.importers.gitlab.GitLabGitImporter

TG1999 · 2022-09-27T21:04:47Z

vulnerabilities/importers/gitlab.py

-
-
-class GitLabAPIImporter(Importer):
+class GitLabGitImporter(GitImporter):


@ziadhany this will change the qualified name for importer and the databases will still have the old qualified name stored in them, which will now not be recogonised by improver, either write a migration to support this change or do not change the name of importer.

TG1999

LGTM! Thanks

TG1999 · 2022-10-10T14:03:19Z

Please rebase with the latest main

pombredanne

Thanks!
I posted a few comments inline to ensure we do drop tests. Beside these, this looks good.

pombredanne · 2022-10-10T15:53:51Z

vulnerabilities/tests/test_data_source.py

 TEST_DATA = os.path.join(BASE_DIR, "test_data/")


-def load_oval_data():


IMHO this would be best moved to a new test_oval.py

pombredanne · 2022-10-10T15:54:42Z

vulnerabilities/tests/test_data_source.py

-        assert os.path.join(self.repodir, "crates/hyper/RUSTSEC-2020-0008.toml") in updated_files
-
-
-class TestOvalImporter(TestCase):


IMHO this would be best moved to a new test_oval.py and not just deleted

I cannot approve this if we just delete all these tests above.

I have secured oval importer tests in the file itself https://github.com/nexB/vulnerablecode/pull/817/files#diff-eb1cffdadef3eacc470900468af6cce0bdd6ae476bc9ae94ce512863c060f850R40, and just deleted the GitImporter tests that are not related with the latest importers.

pombredanne · 2022-10-10T15:55:48Z

vulnerabilities/tests/test_data_source.py

+    def test_clone_valid(self):
+        with patch.object(GitImporter, "__init__", return_value=None):
+            c = GitImporter(None)
+            c.repo_url = "git+https://github.com/nexB/fetchcode"


Does this do a live clone over the network?

yes, it clones the repository
( I just mock a constructor and then make the Git importer run, so I can test the result )

Co-authored-by: Tushar Goel <tushar.goel.dav@gmail.com> Signed-off-by: ziadhany <ziadhany2016@gmail.com>

pombredanne

LGTM. Thanks!

ziadhany mentioned this pull request Sep 5, 2022

Import data from github advisory-database using osv format #900

Closed

ziadhany force-pushed the git-fetchcode branch from ec88205 to 7ca35b3 Compare September 19, 2022 20:57

TG1999 requested changes Sep 22, 2022

View reviewed changes

vulnerabilities/tests/test_data_source.py Show resolved Hide resolved

ziadhany mentioned this pull request Sep 22, 2022

Plan for merging pull requestes #925

Open

9 tasks

TG1999 reviewed Sep 27, 2022

View reviewed changes

TG1999 approved these changes Oct 10, 2022

View reviewed changes

TG1999 requested a review from pombredanne October 10, 2022 14:03

pombredanne reviewed Oct 10, 2022

View reviewed changes

TG1999 force-pushed the git-fetchcode branch 5 times, most recently from e4ad48a to b8c4b6f Compare October 18, 2022 11:29

Refactor Gitimporter using fetchcode

3632832

Co-authored-by: Tushar Goel <tushar.goel.dav@gmail.com> Signed-off-by: ziadhany <ziadhany2016@gmail.com>

TG1999 force-pushed the git-fetchcode branch from b8c4b6f to 3632832 Compare October 18, 2022 11:32

pombredanne approved these changes Oct 18, 2022

View reviewed changes

pombredanne merged commit 8e8624b into aboutcode-org:main Oct 18, 2022

ziadhany deleted the git-fetchcode branch February 13, 2024 13:26



		class GitLabAPIImporter(Importer):
		class GitLabGitImporter(GitImporter):

		TEST_DATA = os.path.join(BASE_DIR, "test_data/")


		def load_oval_data():

		assert os.path.join(self.repodir, "crates/hyper/RUSTSEC-2020-0008.toml") in updated_files


		class TestOvalImporter(TestCase):

Uh oh!

Conversation

ziadhany commented Aug 1, 2022

Uh oh!

TG1999 commented Sep 22, 2022

Uh oh!

Uh oh!

ziadhany commented Sep 24, 2022

Uh oh!

TG1999 Sep 27, 2022

Choose a reason for hiding this comment

Uh oh!

TG1999 left a comment

Choose a reason for hiding this comment

Uh oh!

TG1999 commented Oct 10, 2022

Uh oh!

pombredanne left a comment

Choose a reason for hiding this comment

Uh oh!

pombredanne Oct 10, 2022

Choose a reason for hiding this comment

Uh oh!

pombredanne Oct 10, 2022

Choose a reason for hiding this comment

Uh oh!

pombredanne Oct 18, 2022

Choose a reason for hiding this comment

Uh oh!

TG1999 Oct 18, 2022

Choose a reason for hiding this comment

Uh oh!

pombredanne Oct 10, 2022

Choose a reason for hiding this comment

Uh oh!

ziadhany Oct 10, 2022

Choose a reason for hiding this comment

Uh oh!

pombredanne left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants