Write packages and vulnerabilities at the time of import #1280
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pombredanne
requested changes
Aug 30, 2023
vulnerabilities/improve_runner.py
Outdated
| @@ -36,11 +37,18 @@ class ImproveRunner: | |||
| improver and parsing the returned Inferences into proper database fields | |||
| """ | |||
|
|
|||
| def __init__(self, improver_class): | |||
| self.improver_class = improver_class | |||
| def __init__(self, improver_class=None, improver: Improver = None): | |||
There was a problem hiding this comment.
May be keeping the class design and passing kwargs can work too?
Suggested change
| def __init__(self, improver_class=None, improver: Improver = None): | |
| def __init__(self, improver_class, **kwargs): | |
| self.improver = improver_class(**kwargs) |
vulnerabilities/improve_runner.py
Outdated
| f"Inconsistent summary for {vulnerability!r}. " | ||
| f"Existing: {vulnerability.summary}, provided: {summary}" | ||
| ) | ||
| summary = summary.strip() |
There was a problem hiding this comment.
This may be best in another PR
|
@DennisClark we need your input on this, we use advisories as a screenshot of the status of the advisory at a given point of time. A single advisory goes through many improver processes to draw inferences, what should be the best possible way to get a status on advisory model to know which improvers have already ran through a particular advisory ? |
|
@TG1999 Here are a few thoughts about advisories:
I don't think we necessarily need a "status" on the advisory, since the list of improver_name:improver_date values ought to give us what would be really useful here (what has been run and when). |
|
@DennisClark thanks for these excellent suggestions. |
TG1999
force-pushed
the
write_packages_and_vulns_while_importing
branch
2 times, most recently
from
0fc89ac
to
6b4dc69
Compare
TG1999
force-pushed
the
write_packages_and_vulns_while_importing
branch
4 times, most recently
from
e92ab1f
to
8234a49
Compare
pombredanne
requested changes
Sep 12, 2023
vulnerabilities/migrations/0040_remove_advisory_date_improved_advisory_date_imported.py
Show resolved
Hide resolved
TG1999
force-pushed
the
write_packages_and_vulns_while_importing
branch
from
8234a49
to
1545ea0
Compare
pombredanne
reviewed
Sep 21, 2023
vulnerabilities/import_runner.py
Outdated
| logger.info(f"Finished import for {importer_name}. Imported {count} advisories.") | ||
|
|
||
| def do_import(self, advisories) -> None: | ||
| advisory_importer = AdvisoryBasedDefaultImprover(advisories=advisories) |
There was a problem hiding this comment.
We are now using importer ... why still keeping the improver around in names of variables and objects?
vulnerabilities/import_runner.py
Outdated
| ) | ||
| except Exception as e: | ||
| logger.info(f"Failed to process advisory: {advisory!r} with error {e!r}") | ||
| logger.info("Finished improving using %s.", advisory_importer.__class__.qualified_name) |
There was a problem hiding this comment.
Suggested change
| logger.info("Finished improving using %s.", advisory_importer.__class__.qualified_name) | |
| logger.info("Finished importing using %s.", advisory_importer.__class__.qualified_name) |
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
TG1999
force-pushed
the
write_packages_and_vulns_while_importing
branch
from
d74d9fa
to
0ef58f2
Compare
This was referenced Sep 22, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
public instance of VCIO contains more than 35 million advisories ( the volume is so high, due to minor changes in every advisory maybe sometime or the changes in models), which takes a lot of time. If we improve the advisories just after the import this will drop volume hugely.