Skip to content

Adapt rust importer to new advisory format #281

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sbs2001 merged 10 commits into from
Dec 15, 2020
Merged

Adapt rust importer to new advisory format #281

sbs2001 merged 10 commits into from
Dec 15, 2020

Conversation

@sbs2001
Copy link
Collaborator

@sbs2001 sbs2001 commented Nov 21, 2020

Rust advisory db has moved on from using plain toml to using markdown + toml 'front matter' .
This PR enables the current rust importer to import data from the new format.

@sbs2001
Copy link
Collaborator Author

sbs2001 commented Nov 21, 2020

Fixes #280

pombredanne
pombredanne requested changes Nov 21, 2020
View reviewed changes
Copy link
Member

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!
See some comments inline. Also try to avoid the big test files. Testting the opening of a zip file is rather trivial. One the other hand having a few test markdown as text files would make sense.

+515 KB vulnerabilities/tests/test_data/advisory-db.zip
+365 KB (170%) vulnerabilities/tests/test_data/rust-advisory-db.zip

@sbs2001
Copy link
Collaborator Author

sbs2001 commented Nov 22, 2020

@pombredanne about zip files :

Those are compressed git repositories. I tried trimming these but I was getting mysterious bugs and just gave up on that. We have rust-advisory-db.zip and advisory-db.zip instead of a single rust-advisory-db.zip because the tests in test_data_source.py require the old kind of rust-advisory-db.

@pombredanne
Copy link
Member

pombredanne commented Nov 23, 2020

re:

Those are compressed git repositories. I tried trimming these but I was getting mysterious bugs and just gave up on that.

IMHO we should be able to create smaller zip with fewer files. How did you do this?

We have rust-advisory-db.zip and advisory-db.zip instead of a single rust-advisory-db.zip because the tests in test_data_source.py require the old kind of rust-advisory-db.

Then may be renaming these to have a clearer name would help.

@sbs2001 sbs2001 requested a review from pombredanne November 23, 2020 15:27
pombredanne
pombredanne reviewed Nov 23, 2020
View reviewed changes
vulnerabilities/importers/rust.py Outdated
from urllib.request import urlopen

import pytoml as toml
import toml
Copy link
Member

@pombredanne pombredanne Nov 23, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: sort the imports

pombredanne
pombredanne reviewed Nov 23, 2020
View reviewed changes
pombredanne
pombredanne approved these changes Dec 11, 2020
View reviewed changes
Copy link
Member

@pombredanne pombredanne left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made a small suggestion for your consideration. LGTM otherwise!
Thank you

@sbs2001
Adapt rust importer to import data from new data format.
ab6e28a 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001
Upgrade tests for new rustsecdb format
f579eb2 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001
Update requirements.txt
3a7c41a 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001
Fix codestyle
d14115c 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001
Simplify rust importer's load_toml_from_md method by using regex
3ec655f 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001
Add more tests for rust importer
23d7095 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001
Break load_toml_from_md into smaller methods
d14e7c2 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001
Sort imports in rust importer
8248f56 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001
Add comment to explain how tmp rust advisories are handled
3e7ac65 
Signed-off-by: Shivam Sandbhor <shivam.sandbhor@gmail.com>
@sbs2001 sbs2001 merged commit d886469 into aboutcode-org:main Dec 15, 2020
@sbs2001 sbs2001 mentioned this pull request Dec 17, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pombredanne pombredanne pombredanne approved these changes

+1 more reviewer

@tarcieri tarcieri tarcieri left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sbs2001 @pombredanne @tarcieri