Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[nonGallery] Ingest withdrawn data in GitHub GraphQL #8544

Merged
merged 1 commit into from
Jun 10, 2021
Merged

[nonGallery] Ingest withdrawn data in GitHub GraphQL #8544

merged 1 commit into from
Jun 10, 2021

Conversation

drewgillies
Copy link
Contributor

Addresses: #8474

All of the logic exists in the service and UTs for processing the withdrawn field, but it needs to be added to the query.

Note that there are no withdrawn advisories for NuGet packages at this time, but we need this in place.

@drewgillies drewgillies requested a review from a team as a code owner April 23, 2021 08:13
skofman1
skofman1 reviewed Apr 23, 2021
View reviewed changes
src/GitHubVulnerabilities2Db/Collector/AdvisoryQueryService.cs Outdated
nextAdvisory.UpdatedAt = advisory.UpdatedAt;
nextAdvisory.WithdrawnAt = advisory.WithdrawnAt;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will this cause a vulnerability to stop showing up on PackageDetails page? V3 feed?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that's right. It's a deletion in the db.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The deletion in the DB will flow to V3 only if the package edit time gets updated (as far as I know). Will it be?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes--withdrawn advisories (and I've just sanity-tested this) enter the remove side of this block, and any package added to this collection will have its lastedited time updated:

NuGetGallery/src/NuGetGallery.Services/PackageManagement/PackageVulnerabilitiesManagementService.cs

Line 159 in 280f083

packagesToUpdate.UnionWith(vulnerablePackages);

@drewgillies drewgillies merged commit cfa8a13 into dev Jun 10, 2021
@drewgillies drewgillies changed the title Ingest withdrawn data in GitHub GraphQL [nonGallery] Ingest withdrawn data in GitHub GraphQL Jun 10, 2021
@agr agr mentioned this pull request Jun 11, 2021
Closed
21 tasks
@drewgillies drewgillies deleted the dg-ingresswithdrawndata branch September 20, 2022 04:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skofman1 skofman1 skofman1 left review comments

@shishirx34 shishirx34 shishirx34 approved these changes

@agr agr agr approved these changes

@joelverhagen joelverhagen joelverhagen approved these changes

Assignees
No one assigned
Labels
Verified-N/A for Gallery
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@drewgillies @joelverhagen @agr @shishirx34 @skofman1