-
Notifications
You must be signed in to change notification settings - Fork 49
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Have Package Managers Support a User Provided pre-populated cache or other endpoint. #282
Comments
So the idea for us is that we want to override the existing check. We have our own cosmos db, and our own registry. We have also discussed the idea of using a bloom filter. |
We already support using environment variables to override the default registry endpoints, and support local caching of some results, but extending this would make lookups much faster, especially for typosquatting as the character set or package name length grows. Having a publicly accessible endpoint to rapidly look up multiple packages would be interesting -- I'd rather not generate 1000s of requests when one would do.
Response:
Having a separate
|
Note that the current cache implementation does not cache 404's. For most typo-squatting checks you are going to be querying things that do not exist so most will be a cache miss in the OSSGadget implementation. |
It sounds like they are not implementing the same API surface as the original registry so this likely will not work in this case. |
It sounds like the solution that you might employ would be to have a "CosmosProjevtManager" that you can implement the custom behavior in the ProejctExists method. If the calls to your cache fail to surface anything you could then subinstantiate the correct package manager based on the Purl and call into the default behavior. I believe this is possible with the current implementation of of the lib in #277. |
Sounds good! I will give it a shot once it is published to NuGet, it's hard to tell exactly just from reviewing the code on GitHub. |
Here's a skeleton I worked up that might help. I believe all you have to do below is implement the namespace Microsoft.CST.OpenSource.Shared
{
using System;
using System.Threading.Tasks;
public class CosmosProjectManager : BaseProjectManager
{
public CosmosProjectManager(string destinationDirectory) : base(destinationDirectory)
{
}
public override async Task<bool> PackageExists(PackageURL purl, bool useCache = true)
{
if (await CosmosHas(purl))
{
return true;
}
else
{
BaseProjectManager? manager = ProjectManagerFactory.CreateProjectManager(purl);
if (manager is not null && await manager.PackageExists(purl))
{
return true;
}
}
return false;
}
private async Task<bool> CosmosHas(PackageURL purl)
{
// Your code here
throw new NotImplementedException();
}
}
} And then you can just. using Microsoft.CST.OpenSource.FindSquats.ExtensionMethods;
IEnumerable<PackageURL> urls = { your package URLs to check }
CosmosProjectManager cpm = new("some/path");
foreach(PackageURL targetPackageURL in urls)
{
await foreach (FindPackageSquatResult potentialSquat in cpm.EnumerateSquats(purl))
{
// Process the squat.
}
} |
No description provided.
The text was updated successfully, but these errors were encountered: