Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Collect xen #464

Merged
merged 34 commits into from
Feb 8, 2022
Merged

Collect xen #464

merged 34 commits into from
Feb 8, 2022

Conversation

Pushpit07
Copy link
Contributor

Fixes #103
Added code to import xen

Tried to make it run by modifying the importer_yielder.py and some other files but couldn't. The code is somewhat similar to the ubuntu_usn importer. Can't figure out why I'm getting an unexpected keyword argument

Screenshot 2021-05-27 at 19 29 54

Copy link
Member

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! this is looking great. One question though: this would only add new references to existing vulnerabilities and this based on the CVE?
Also we need to find out about the license for the data?

Also what could we do about XSA-377 released in a few days/weeks on 2021-06-08 17:00 per https://xenbits.xen.org/xsa/ ? (I guess just waiting may be enough?)

"pk": 17,
"fields": {
"name": "xen",
"license": "",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you know what the license would be?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GPLv2

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Pushpit07

re: GPLv2

if this is it, then state it. Do you have a link to the license info?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Pushpit07
Copy link
Contributor Author

Also what could we do about XSA-377 released in a few days/weeks on 2021-06-08 17:00 per https://xenbits.xen.org/xsa/ ? (I guess just waiting may be enough?)

Yes, we can wait

@pombredanne
Copy link
Member

@Pushpit07 do think you want to finish this?
Other I can close for now and we can reopen later.

@Pushpit07
Copy link
Contributor Author

@Pushpit07 do think you want to finish this?
Other I can close for now and we can reopen later.

Sorry for leaving in between. Will surely finish this. Give me a few days time

@pombredanne
Copy link
Member

Sorry for leaving in between. Will surely finish this. Give me a few days time

That's very nice of you! thank you ++

@pombredanne
Copy link
Member

@Pushpit07 Thanks! Think you missed a signoff on a few commits... do you mind to amend these?

Hritik14 and others added 17 commits July 27, 2021 12:02
helper for istio and mozilla importers

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
also, sort imports

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
Better documentation and more readable function structrue
review: aboutcode-org#443 (review)

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
Internally, the difference between both has faded and updated_advisories
is preferred.

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
Earlier, one batch of advisories was requested from updated_advisories
method of the respective importers. This was inefficient as not all
importers respect batching internally. Eventually, we wish to eliminate
batches as well ( # 338 ).
Now, the updated_advisories method of each importer is expected to
create at least one Advisory object. If it does so, the importer is
marked working.
This brings major performance improvement. It is a necessity to improve
this test as GitHub only allows 6 hrs of workflow time.
Before: ~6hrs, now ~9 minutes

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
Signed-off-by: Shivam Sandbhor <shivam@crowdsec.net>
Use uniform names and prototypes for `fetch` function.
Remove unnecessary checks. Re-use sessions

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
The code for `load_api` was repetitive and used in all subclasses of
VersionAPI, it is better suited in the parent class. `fetch` method is
also now consistent and defined as an abstract method in the base class.
Python ABC is not used as different implementations of `load_api` and
`fetch` are allowed as done in DebianVersionAPI

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
sbs2001 and others added 7 commits July 27, 2021 12:02
Signed-off-by: Shivam Sandbhor <shivam@crowdsec.net>
Signed-off-by: Shivam Sandbhor <shivam@crowdsec.net>
A minor bug was introduced by 775aa1d which was crashing the nginx
importer.

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
Recent time travel heuristics need published date of versions, thus
Version dataclass was created. Some of the importers got bugged by this
new system and were crashing. This fix is a part of # 467

Importers bugged:
	- nginx
	- debian_oval
	- ubuntu

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
Signed-off-by: Pushpit <pushpit07@gmail.com>
Signed-off-by: Pushpit <pushpit07@gmail.com>
…code into collect_xen

Pulling changes

Signed-off-by: Pushpit <pushpit07@gmail.com>

Signing-off
@pombredanne pombredanne added this to the v30.0 milestone Feb 2, 2022
Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@pombredanne
Copy link
Member

@Pushpit07 before we can merge, please just confirm here that your DCO signoff "Signed-off-by: Pushpit pushpit07@gmail.com" applies to all your commits. Thank you!

@Pushpit07
Copy link
Contributor Author

Yes, it does

@pombredanne
Copy link
Member

Yes, it does

@Pushpit07 Thank you ++ , you rock ❤️

Copy link
Member

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Hritik14 I think we should merge and this can be completed afterwards.

@Hritik14
Copy link
Collaborator

Hritik14 commented Feb 8, 2022

@pombredanne Will do after fixing tests here

This is required to merge the PR to main for a clean slate for new
contributions for importer-improver migration

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@Hritik14 Hritik14 merged commit 8d66f64 into aboutcode-org:main Feb 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Collect xen
4 participants