Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dump importer_yielder in favor of IMPORTER_REGISTRY and drop Etags #600

Merged
merged 10 commits into from
Feb 7, 2022
Merged

Dump importer_yielder in favor of IMPORTER_REGISTRY and drop Etags #600

merged 10 commits into from
Feb 7, 2022

Conversation

Hritik14
Copy link
Collaborator

@Hritik14 Hritik14 commented Jan 26, 2022
edited
Loading

The name DataSource and Importer are majorly used interchangeably. This needs to be fixed in a different PR.

pombredanne
pombredanne requested changes Jan 27, 2022
View reviewed changes
Copy link
Collaborator

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! I have a few suggestions and ... Could you add tests?

vulnerabilities/data_source.py Outdated Show resolved Hide resolved
vulnerabilities/data_source.py Outdated Show resolved Hide resolved
vulnerabilities/import_runner.py Outdated Show resolved Hide resolved
vulnerabilities/import_runner.py Show resolved Hide resolved
vulnerabilities/import_runner.py Outdated Show resolved Hide resolved
vulnerabilities/management/commands/import.py Outdated Show resolved Hide resolved
vulnerabilities/management/commands/import.py Show resolved Hide resolved
vulnerabilities/management/commands/import.py Outdated Show resolved Hide resolved
vulnerabilities/management/commands/improve.py Outdated Show resolved Hide resolved
vulnerabilities/models.py Show resolved Hide resolved
@Hritik14 Hritik14 added this to the v30.0 milestone Feb 2, 2022
@Hritik14 Hritik14 force-pushed the migration/importer_yielder branch 5 times, most recently from 89cdfee to 058b9a8 Compare February 5, 2022 21:44
@Hritik14
Dump importer_yielder in favor of IMPORTER_REGISTRY
7c3d7a8 
IMPORTER_REGISTRY is neater and does not do any magical string -> object
conversion. The registry looks more in sync with improvers.
Fixes: aboutcode-org#501

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@Hritik14
Remove etags
12c842e 
Etags are meant for transient usage in browsers and are not meant for
any long term usage.
Fixes: aboutcode-org#321

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@Hritik14
Refactor importer/improver registry
744259b 
Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@Hritik14
Bulk rename DataSource -> Importer
f7f843a 
The name DataSource and Importer were majorly used interchangeably
although they represent the same concept.
Also, the importers now require a mandatory ``spdx_license_expression``
to run

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@Hritik14
Add dummy license to nginx importer
cf836e2 
Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@Hritik14
IMPORTER_REGISTRY -> IMPORTERS_REGISTRY
5dc1281 
Same for improvers
IMPROVER_REGISTRY -> IMPROVERS_REGISTRY

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@Hritik14
Improve documentation/text
b1f204a 
Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@Hritik14
Add tests
d7bc7b4 
Tests for:
	* manage.py import command
	* manage.py improve command
	* import_runner

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
@Hritik14
Use custom classproperty for python 3.8 compatibility
c62f81f 
We can use @classmethod and @Property together in python 3.9. Not so in
3.8

Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
pombredanne
pombredanne requested changes Feb 7, 2022
View reviewed changes
Copy link
Collaborator

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks... see a few final nits for your consideration.

vulnerabilities/import_runner.py Outdated Show resolved Hide resolved
vulnerabilities/importer.py Outdated Show resolved Hide resolved
vulnerabilities/importer.py Outdated Show resolved Hide resolved
vulnerabilities/importer.py Outdated Show resolved Hide resolved
vulnerabilities/importer.py

# TODO: Needs rewrite
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May be an issue to track may work better?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be a part of #597

vulnerabilities/improver.py Outdated Show resolved Hide resolved
vulnerabilities/tests/test_import_runner.py


def test_ImportRunner_existing_package_and_new_vulnerability(db):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this test be kept somehow? to valid that we never will allow twice the same set of imported data?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is done here
https://github.com/nexB/vulnerablecode/blob/c62f81f84c272686be972acebe15e2d2d6246e85/vulnerabilities/tests/test_import_runner.py#L80-L86

vulnerabilities/tests/test_import_runner.py
assert vuln_refs[0].url == "https://example.com/with/more/info/CVE-2020-13371337"


def test_ImportRunner_new_package_version_affected_by_existing_vulnerability(db):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMHO this may be need to be kept

vulnerabilities/tests/test_import_runner.py
assert impacted_package.vulnerability.vulnerability_id == "CVE-2020-13371337"


# def test_ImportRunner_fixed_package_version_is_added(db):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this test have been of value? and need to be kept?

vulnerabilities/tests/test_import_runner.py
# assert resolved_package.vulnerability.vulnerability_id == "CVE-2020-13371337"


def test_ImportRunner_updated_vulnerability(db):
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IMHO this may be need to be kept, moved to improvers?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All of these will be moved to improvers. Importers cannot test relationships. It will be a part of a new PR. Tracked in: #612

@Hritik14 @pombredanne
Resolve a few final nits
45cdaf5 
Signed-off-by: Hritik Vijay <hritikxx8@gmail.com>
Co-authored-by: Philippe Ombredanne <pombredanne@gmail.com>
pombredanne
pombredanne approved these changes Feb 7, 2022
View reviewed changes
Copy link
Collaborator

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 👍

@pombredanne pombredanne merged commit 4ebaa48 into aboutcode-org:main Feb 7, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pombredanne pombredanne pombredanne approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v30.0
Development

Successfully merging this pull request may close these issues.

Consistent naming of Importer instead of DataSource refactor importer_yielder.py Disable Etag
2 participants
@Hritik14 @pombredanne