Write packages and vulnerabilities at the time of import #1280
Conversation
pombredanne
left a comment
pombredanne
left a comment
There was a problem hiding this comment.
Some nits for your consideration.
vulnerabilities/improve_runner.py
Outdated
|
|
||
| def __init__(self, improver_class): | ||
| self.improver_class = improver_class | ||
| def __init__(self, improver_class=None, improver: Improver = None): |
There was a problem hiding this comment.
May be keeping the class design and passing kwargs can work too?
| def __init__(self, improver_class=None, improver: Improver = None): | |
| def __init__(self, improver_class, **kwargs): | |
| self.improver = improver_class(**kwargs) |
vulnerabilities/improve_runner.py
Outdated
| f"Inconsistent summary for {vulnerability!r}. " | ||
| f"Existing: {vulnerability.summary}, provided: {summary}" | ||
| ) | ||
| summary = summary.strip() |
There was a problem hiding this comment.
This may be best in another PR
|
@DennisClark we need your input on this, we use advisories as a screenshot of the status of the advisory at a given point of time. A single advisory goes through many improver processes to draw inferences, what should be the best possible way to get a status on advisory model to know which improvers have already ran through a particular advisory ? |
|
@TG1999 Here are a few thoughts about advisories:
I don't think we necessarily need a "status" on the advisory, since the list of improver_name:improver_date values ought to give us what would be really useful here (what has been run and when). |
|
@DennisClark thanks for these excellent suggestions. |
TG1999
force-pushed
the
write_packages_and_vulns_while_importing
branch
2 times, most recently
from
0fc89ac to
6b4dc69
Compare
TG1999
force-pushed
the
write_packages_and_vulns_while_importing
branch
4 times, most recently
from
e92ab1f to
8234a49
Compare
pombredanne
left a comment
pombredanne
left a comment
There was a problem hiding this comment.
Here are some nits for your consideration
vulnerabilities/migrations/0040_remove_advisory_date_improved_advisory_date_imported.py
Show resolved
Hide resolved
TG1999
force-pushed
the
write_packages_and_vulns_while_importing
branch
from
8234a49 to
1545ea0
Compare
pombredanne
left a comment
pombredanne
left a comment
There was a problem hiding this comment.
Here are a few nits... Either apply now or later!
LGTM otherwise!
vulnerabilities/import_runner.py
Outdated
| logger.info(f"Finished import for {importer_name}. Imported {count} advisories.") | ||
|
|
||
| def do_import(self, advisories) -> None: | ||
| advisory_importer = AdvisoryBasedDefaultImprover(advisories=advisories) |
There was a problem hiding this comment.
We are now using importer ... why still keeping the improver around in names of variables and objects?
vulnerabilities/import_runner.py
Outdated
| ) | ||
| except Exception as e: | ||
| logger.info(f"Failed to process advisory: {advisory!r} with error {e!r}") | ||
| logger.info("Finished improving using %s.", advisory_importer.__class__.qualified_name) |
There was a problem hiding this comment.
| logger.info("Finished improving using %s.", advisory_importer.__class__.qualified_name) | |
| logger.info("Finished importing using %s.", advisory_importer.__class__.qualified_name) |
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
Signed-off-by: Tushar Goel <tushar.goel.dav@gmail.com>
TG1999
force-pushed
the
write_packages_and_vulns_while_importing
branch
from
d74d9fa to
0ef58f2
Compare
3 participants
public instance of VCIO contains more than 35 million advisories ( the volume is so high, due to minor changes in every advisory maybe sometime or the changes in models), which takes a lot of time. If we improve the advisories just after the import this will drop volume hugely.