-
Notifications
You must be signed in to change notification settings - Fork 200
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add initial fixed-affected-matching work #1228 #1249
Conversation
Reference: #1228 Signed-off-by: John M. Horan johnmhoran@gmail.com
Reference: #1228 Signed-off-by: John M. Horan <johnmhoran@gmail.com>
Reference: #1228 Signed-off-by: John M. Horan <johnmhoran@gmail.com>
Reference: #1228 Signed-off-by: John M. Horan <johnmhoran@gmail.com>
Reference: #1228 Signed-off-by: John M. Horan <johnmhoran@gmail.com>
Reference: #1228 Signed-off-by: John M. Horan <johnmhoran@gmail.com>
Reference: #1228 Signed-off-by: John M. Horan <johnmhoran@gmail.com>
Reference: #1228 Signed-off-by: John M. Horan <johnmhoran@gmail.com>
Reference: #1228 Signed-off-by: John M. Horan <johnmhoran@gmail.com>
Reference: #1228 Signed-off-by: John M. Horan <johnmhoran@gmail.com>
Reference: #1228 Signed-off-by: John M. Horan <johnmhoran@gmail.com>
Reference: #1228 Signed-off-by: John M. Horan <johnmhoran@gmail.com>
Reference: #1228 Signed-off-by: John M. Horan <johnmhoran@gmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@johnmhoran , thanks +++, some nits for your consideration
Hmmm, I see some failed checks. Looking into it.... |
The two failed tests relate solely to the same set of API tests -- perhaps because I started my Package API updating/refactoring and was interrupted by competing tasks before I could finish and test.
|
e42d095
to
9ec2a6a
Compare
@tdruez @TG1999 I've just finished my final changes -- including @tdruez 's suggestion to change my I expect both of you gentlemen might have additional comments/suggestions, and I look forward to them. Meanwhile, thank you for taking the time to work with me on polishing up this Package UI/API code. 👍 |
….com/nexb/vulnerablecode into 1228-fixed-affected-version-matching
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
@TG1999 I was just looking at your recent commits and see that in 0ec7d6c, you've added two property methods to the Package class in
I could be mistaken, but these look similar to the method @tdruez had suggested I convert to a queryset method because And looking at the current PackageQuerySet() class, I see that it already contains two methods that seem to accomplish the same task as the two new property methods:
Are these two sets of methods actually performing similar but different tasks? |
When I test the methods a bit I see that they are performing different tasks. The new |
@johnmhoran yes, you are right I botched up the docstrings pushing the correct docstrings now |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@johnmhoran a minor nit for you, please ensure all other methods on models are tested as well.
@TG1999 Do you really want me to make sure we have tests for all methods on all models? That sounds like a rather large task unrelated to the work involved in this issue and PR. Please clarify. |
@johnmhoran sorry for the confusion, I meant add tests for all the methods in models added in this PR. |
I see that the |
No this is the different one, the one that added were by me in this commit here 0ec7d6c |
Reference: #1228 Signed-off-by: John M. Horan johnmhoran@gmail.com
vulnerabilities/api.py
Outdated
affected_vulnerabilities = [] | ||
|
||
for vuln in parent_affected_vulnerabilities: | ||
affected_vulnerabilities.append(self.get_vulnerability(vuln)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a good case to use a list comprehension:
affected_vulnerabilities = [
self.get_vulnerability(vuln) for vuln in parent_affected_vulnerabilities
]
Also, what does vuln
stand for? I'm guessing vulnerability
and in that case, get_vulnerability(vulnerability)
is not great.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this @tdruez . Re renaming, when you see terms or functions with names you don't like, if possible please suggest an alternative name that's acceptable so we don't repeat the process of me choosing a different name that you also don't like. ;-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tdruez I can't think of a better naming convention so leaving as is. It's clearly labelled and I don't see a problem. Specific renaming suggestions welcome from anyone and everyone.
|
||
return package_details | ||
|
||
def get_non_vulnerable_versions(self): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing unit test
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Test added yesterday.
|
||
return None, None | ||
|
||
def get_affecting_vulnerabilities(self): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing unit test
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Test added yesterday.
vulnerabilities/models.py
Outdated
""" | ||
Return only packages fixing a vulnerability . | ||
""" | ||
return self.vulnerabilities.all().filter(packagerelatedvulnerability__fix=True) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The all()
is not needed since your apply a filter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Deleted .all()
.
vulnerabilities/models.py
Outdated
""" | ||
Return only packages fixing a vulnerability . | ||
""" | ||
return self.vulnerabilities.all().filter(packagerelatedvulnerability__fix=False) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The all()
is not needed since your apply a filter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Deleted .all()
.
Reference: #1228 Signed-off-by: John M. Horan <johnmhoran@gmail.com>
@johnmhoran Yes, ready to merge. |
Thank you @tdruez . 👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
Reference: #1228