-
Notifications
You must be signed in to change notification settings - Fork 210
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Collect xen #464
Collect xen #464
Conversation
Pulling changes
Signed-off-by: Pushpit <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! this is looking great. One question though: this would only add new references to existing vulnerabilities and this based on the CVE?
Also we need to find out about the license for the data?
Also what could we do about XSA-377
released in a few days/weeks on 2021-06-08 17:00
per https://xenbits.xen.org/xsa/ ? (I guess just waiting may be enough?)
"pk": 17, | ||
"fields": { | ||
"name": "xen", | ||
"license": "", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you know what the license would be?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
GPLv2
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we can wait |
@Pushpit07 do think you want to finish this? |
Sorry for leaving in between. Will surely finish this. Give me a few days time |
That's very nice of you! thank you ++ |
Signed-off-by: Pushpit <[email protected]>
@Pushpit07 Thanks! Think you missed a signoff on a few commits... do you mind to amend these? |
helper for istio and mozilla importers Signed-off-by: Hritik Vijay <[email protected]>
Signed-off-by: Hritik Vijay <[email protected]>
also, sort imports Signed-off-by: Hritik Vijay <[email protected]>
Signed-off-by: Hritik Vijay <[email protected]>
Better documentation and more readable function structrue review: aboutcode-org#443 (review) Signed-off-by: Hritik Vijay <[email protected]>
Signed-off-by: Hritik Vijay <[email protected]>
Internally, the difference between both has faded and updated_advisories is preferred. Signed-off-by: Hritik Vijay <[email protected]>
Earlier, one batch of advisories was requested from updated_advisories method of the respective importers. This was inefficient as not all importers respect batching internally. Eventually, we wish to eliminate batches as well ( # 338 ). Now, the updated_advisories method of each importer is expected to create at least one Advisory object. If it does so, the importer is marked working. This brings major performance improvement. It is a necessity to improve this test as GitHub only allows 6 hrs of workflow time. Before: ~6hrs, now ~9 minutes Signed-off-by: Hritik Vijay <[email protected]>
Signed-off-by: GitHub <[email protected]>
Signed-off-by: Shivam Sandbhor <[email protected]>
Signed-off-by: Shivam Sandbhor <[email protected]>
Signed-off-by: Shivam Sandbhor <[email protected]>
Signed-off-by: Shivam Sandbhor <[email protected]>
Signed-off-by: Shivam Sandbhor <[email protected]>
Signed-off-by: Shivam Sandbhor <[email protected]>
Use uniform names and prototypes for `fetch` function. Remove unnecessary checks. Re-use sessions Signed-off-by: Hritik Vijay <[email protected]>
The code for `load_api` was repetitive and used in all subclasses of VersionAPI, it is better suited in the parent class. `fetch` method is also now consistent and defined as an abstract method in the base class. Python ABC is not used as different implementations of `load_api` and `fetch` are allowed as done in DebianVersionAPI Signed-off-by: Hritik Vijay <[email protected]>
Signed-off-by: Shivam Sandbhor <[email protected]>
Signed-off-by: Shivam Sandbhor <[email protected]>
A minor bug was introduced by 775aa1d which was crashing the nginx importer. Signed-off-by: Hritik Vijay <[email protected]>
Recent time travel heuristics need published date of versions, thus Version dataclass was created. Some of the importers got bugged by this new system and were crashing. This fix is a part of # 467 Importers bugged: - nginx - debian_oval - ubuntu Signed-off-by: Hritik Vijay <[email protected]>
Signed-off-by: Pushpit <[email protected]>
Signed-off-by: Pushpit <[email protected]>
…code into collect_xen Pulling changes Signed-off-by: Pushpit <[email protected]> Signing-off
Signed-off-by: Hritik Vijay <[email protected]>
@Pushpit07 before we can merge, please just confirm here that your DCO signoff "Signed-off-by: Pushpit [email protected]" applies to all your commits. Thank you! |
Yes, it does |
@Pushpit07 Thank you ++ , you rock ❤️ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Hritik14 I think we should merge and this can be completed afterwards.
@pombredanne Will do after fixing tests here |
This is required to merge the PR to main for a clean slate for new contributions for importer-improver migration Signed-off-by: Hritik Vijay <[email protected]>
Fixes #103
Added code to import xen
Tried to make it run by modifying the
importer_yielder.py
and some other files but couldn't. The code is somewhat similar to theubuntu_usn
importer. Can't figure out why I'm getting an unexpected keyword argument