Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve GitHub importer #291

Merged
merged 4 commits into from
Dec 18, 2020
Merged

Improve GitHub importer #291

merged 4 commits into from
Dec 18, 2020

Conversation

sbs2001
Copy link
Collaborator

@sbs2001 sbs2001 commented Nov 30, 2020

  • The github importer used to abandon a vulnerability if
    the affected package had invalid name. This PR changes that
    behaviour to instead skip the package and import the vulnerability

  • This commit also enables github importer to import vulnerabilities for python
    and rubygems packages. This is crucial since we can't use safetydb

pombredanne
pombredanne approved these changes Dec 11, 2020
View reviewed changes
Copy link
Collaborator

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks fine, yet having a single class at that package manager level that track the version API and the package URL type in one place

@sbs2001
Copy link
Collaborator Author

sbs2001 commented Dec 17, 2020

@pombredanne correct me if I am wrong. The way I understood your suggestion is

  1. The github ecosystem -> package type conversion code is dupilicated. Once for the actual package type inference and secondly for setting the version api.
  2. To fix this move the package type info in the corresponding version api classes.

@pombredanne
Copy link
Collaborator

@pombredanne correct me if I am wrong. The way I understood your suggestion is
1. The github ecosystem -> package type conversion code is dupilicated. Once for the actual package type inference and secondly for setting the version api.
2. To fix this move the package type info in the corresponding version api classes.

Somehow my comment was truncated!
Yes you got it right

@sbs2001
Minor fixes and improvements in Github Importer
7237b04 
* The github importer used to abandon a vulnerability if
  the affected package had invalid name. This commit changes that
  behaviour to instead  skip the package and import the vulnerability

* This commit also enables github api to import vulnerabilities for python
  and rubygems packages.

Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001
Modify importer_yielder.py to fully utilise github importer
8543776 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001
Improve package type inference in github importer
ceff88d 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001
Avoid duplication of package type inference in github importer
5a9e2b6 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001 sbs2001 merged commit d2dc98d into aboutcode-org:main Dec 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pombredanne pombredanne Awaiting requested review from pombredanne

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sbs2001 @pombredanne