Skip to content

Add Gitlab datasource #883

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pombredanne merged 0 commits into from
Nov 19, 2022
Merged

Add Gitlab datasource #883

pombredanne merged 0 commits into from
Nov 19, 2022

Conversation

@keshav-space
Copy link
Member

@keshav-space keshav-space commented Aug 26, 2022

closes #836

@keshav-space keshav-space added the VulnTotal Tool for cross-validating vulnerability label Aug 26, 2022
@keshav-space keshav-space self-assigned this Aug 26, 2022
@keshav-space keshav-space changed the title Gitlab datasource Add Gitlab datasource Aug 26, 2022
@keshav-space keshav-space linked an issue Aug 26, 2022 that may be closed by this pull request
Add GitLab DataSource #836
Closed
@keshav-space keshav-space force-pushed the gitlab_datasource branch 4 times, most recently from cd1ee0b to 06265f6 Compare August 28, 2022 09:51
TG1999
TG1999 requested changes Sep 5, 2022
View reviewed changes
vulntotal/datasources/gitlab.py
os.remove(response.location)


def clear_download(location):
Copy link
Contributor

@TG1999 TG1999 Sep 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add docstring

vulntotal/datasources/gitlab.py
return f"{ecosystem}/{package_name}"


def download_subtree(package_slug: str, speculative_execution=False):
Copy link
Contributor

@TG1999 TG1999 Sep 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add docstring

vulntotal/datasources/gitlab.py
}


def get_package_slug(purl):
Copy link
Contributor

@TG1999 TG1999 Sep 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add docstring

vulntotal/datasources/gitlab.py
shutil.rmtree(location)


def get_casesensitive_slug(path, package_slug):
Copy link
Contributor

@TG1999 TG1999 Sep 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add docstring

vulntotal/datasources/gitlab.py

while hasnext:
response = requests.post(url, json=payload).json()
paginated_tree = response[0]["data"]["project"]["repository"]["paginatedTree"]
Copy link
Contributor

@TG1999 TG1999 Sep 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check get_item

Copy link
Member Author

@keshav-space keshav-space Sep 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

well, that won't work here.

>>> from vulnerabilities.utils import get_item
>>> data = [
...   {
...     "data": {
...       "project": {
...         "repository": {
...           "paginatedTree": {
...             "pageInfo": {
...               "endCursor": "e1d88bf61d8f6e2d39bdae52121d2c19e0a86ea6",
...               "startCursor": "",
...               "hasNextPage": True
...             },
...             "nodes": [
...               {
...                 "trees": {
...                   "nodes": [
...                     {
...                       "flatPath": "pypi/AccessControl"
...                     },
...                     {
...                       "flatPath": "pypi/Acqusition"
...                     },
...                     {
...                       "flatPath": "pypi/Beaker"
...                     }
...                   ]
...                 }
...               }
...             ]
...           }
...         }
...       }
...     }
...   }
... ]
>>> get_item(data, 0, 'data', 'project', 'repository', 'paginatedTree')
dictionary must be of type `dict

Copy link
Contributor

@TG1999 TG1999 Sep 6, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I meant this

Suggested change
paginated_tree = response[0]["data"]["project"]["repository"]["paginatedTree"]
assert len(response) > 0
data = response[0]
paginated_tree = get_item(data, "data", "project", "repository", "paginatedTree")

You are not checking if the item you are accesing exists in the dictionary or not

vulntotal/datasources/gitlab.py
paginated_tree = response[0]["data"]["project"]["repository"]["paginatedTree"]

for slug in paginated_tree["nodes"][0]["trees"]["nodes"]:
if slug["flatPath"].lower() == package_slug.lower():
Copy link
Contributor

@TG1999 TG1999 Sep 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check get_item

Copy link
Member Author

@keshav-space keshav-space Sep 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/nexB/vulnerablecode/pull/883#discussion_r963588542

Copy link
Contributor

@TG1999 TG1999 Sep 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Check my comment above for same.

vulntotal/datasources/gitlab.py


def parse_interesting_advisories(location, version, delete_download=False) -> Iterable[VendorData]:
path = Path(location)
Copy link
Contributor

@TG1999 TG1999 Sep 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add docstring

vulntotal/datasources/gitlab.py
if package_slug.lower().startswith(slug["flatPath"].lower()):
return get_gitlab_style_slug(slug["flatPath"], package_slug)

payload[0]["variables"]["nextPageCursor"] = paginated_tree["pageInfo"]["endCursor"]
Copy link
Contributor

@TG1999 TG1999 Sep 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check get_item

Copy link
Member Author

@keshav-space keshav-space Sep 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/nexB/vulnerablecode/pull/883#discussion_r963588542

Copy link
Contributor

@TG1999 TG1999 Sep 6, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Check my comment above for same.

@TG1999
Copy link
Contributor

TG1999 commented Sep 5, 2022

Add doctsrings for all the functions and also add doctests/ unit tests for functions which have not been tested at all

@keshav-space keshav-space mentioned this pull request Oct 12, 2022
Closed
9 tasks
@pombredanne pombredanne merged commit 3664c3e into aboutcode-org:vulntotal Nov 19, 2022
@keshav-space keshav-space deleted the gitlab_datasource branch January 10, 2023 11:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@TG1999 TG1999 TG1999 requested changes

@pombredanne pombredanne Awaiting requested review from pombredanne

@Hritik14 Hritik14 Awaiting requested review from Hritik14

@sbs2001 sbs2001 Awaiting requested review from sbs2001

Assignees

@keshav-space keshav-space

Labels

VulnTotal Tool for cross-validating vulnerability

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add GitLab DataSource

3 participants

@keshav-space @TG1999 @pombredanne